Somehow or other the Firefox community has convinced itself that scanning add-ons for vulnerabilities and malware is a good idea. Luckily Dan Stillman the developer of Zotero called them out on it pointing out that it is just Security Theater.
Firefox has always had lots of really large extensions, but by deciding that they must be signed and reviewed, the Firefox community has just committed itself to a LOT of extra work reviewing the extensions. Hence the dumb idea of scanning to see if there is anything malicious in it. Now that is an arms race that is going to be lost. The guys in the AdBlock game know that, a continual game of whack a mole. Actively developed extensions like Zotero really lose out because a manual review of a large codebase takes a long time, and scanning is insufficient (as the above link describes, it is easy to create an add-on that passes scanning and does nasty things).
AT LAST, SIR TERRY, WE MUST WALK TOGETHER.
Some quotes from Terry Pratchett
- The whole of life is just like watching a film. Only it’s as though you always get in ten minutes after the big picture has started, and no-one will tell you the plot, so you have to work it out all yourself from the clues.
- The presence of those seeking the truth is infinitely to be preferred to the presence of those who think they’ve found it.
- It’s still magic even if you know how it’s done.
- There are times in life when people must know when not to let go. Balloons are designed to teach small children this.
- YOU HAVE TO START OUT LEARNING TO BELIEVE THE LITTLE LIES.
- The truth may be out there, but the lies are inside your head.
- Goodness is about what you do. Not who you pray to.
- I have no use for people who have learned the limits of the possible.
Many software developers do not seem to understand the basics of our craft. Recently I’ve seen
- SQL queries that were massively more complex than they needed to be - that when simplified, without any database changes ran more than 10 times faster
- Client server applications that issue nearly 1000 SQL queries while refreshing what is supposed to be an interactive screen - the end result being that the poor user has to wait 5 to 10 seconds for the screen to refresh after conceptually simple actions
- Supposedly secure web applications that sent Active Directory usernames and passwords in cleartext across HTTP connections
- Code that created connections to external resources but forgot to free them - made for a very effective rate limiting mechanism since the external resource freed unused handles about an hour after they were last used
There have been lots more examples, but most of them fall into the category of being unbelievable if you were not a direct witness to the utter ignorance of the basics of software development that brought them to my attention.
Maybe it is time that we started to focus on the basics of the craft of coding before we get too far into creating overly complex systems that nobody can understand or fix.
As usual, The Codist is slightly controversial and bluntly states that What Programmers Want is Less Stupid and More Programming.
So no matter what you do the best programmers will motivate themselves if you give them challenging code to write or problems to solve, and keep the stupid as far away as you can. Give them a work environment that makes this possible and consistent. Manage them with this understanding. Rewards are nice but the ultimate motivator is still opportunity.
In the end Andrew comes down to the Free Game theory of programmer motivation that was first popularized in Tracy Kidder’s book The Soul of a New Machine, but that does not detract from the overall thrust that you have to keep the stupid away from your developers.
Just noticed that CNC machines are getting to be cheap as well. A sample guide to CNC machines looks at how they can be used in conjunction with moulding techniques to fabricate moulds for plastic parts as well as produce metal parts.
These CNC machines are not quite as cheap as the 3D printers, but they are in the ballpark - plus if you create the moulds correctly, can be used to scale up small scale manufacturing of plastic parts much better than you could with a 3D printer.
Looks like we are starting to live in what could be called Interesting Times.
Although Moore’s Law still seems to be holding out a bit longer, individually the cores in CPUs are not that much faster than they used to be. We have been stuck near 3GHz for nearly 10 years now, and a common occurrence on servers and laptops now is to see a process taking 100% of the available core but overall the machine is running at 25% or 16% loading (depending on whether it is a 4 or 8 core machine). In order to get processes to run faster we are going to have to learn how to program with multicore CPUs in mind.
Peak Oil seems to have occurred in the 2004-2007 timeframe, so the days of cheap fuel are behind us. In Canada fuel is still cheap, but $1/L is not something we have seen for a while. How society handles the transition to $2/L is going to be interesting. The effect of higher prices will have a double impact with the expected wild fluctuations in price that many analysts in the Peak Oil field are predicting. It is amusing however to watch local dealers having to do massive truck sales at the end of each year to get rid of their excess inventory of gas guzzling vehicles.
As we track towards 400ppm CO2 the thought that maybe Global Warming would be nice in a country with cold winters is turning out to be mistaken. A better term would have been Anthropogenic Climate Change and the changes that are resulting in more extreme weather with a tendency to more arid conditions on the western edge of the prairies is beginning to make things interesting.
The convergence of computers, open source and manufacturing will be having ramifications soon. The Maker Faire phenomenon of 3D printers and low cost CNC machines has been very instructive and soon may become disruptive when the costs of these technologies falls further. Already a 3D printer can be obtained for $1,000 with a resolution that rivals that of commercial machines that cost 30X more. A good bet would be that this is likely to have a bigger impact than did the arrival of low cost microcomputers that lead to the PC era and subsequently our current Internet era.
Recently Jim Bird had to point out that Source Code is an Asset, Not a Liability. Unfortunately it means that there are people in the software development community that are not aware of the literature - specifically Howard Baetjer Jr.’s Software as Capital.
Don’t normally link to Dave winer, but his The bosses do everything better is priceless…
When he looked at the code he must have been shocked to find something complex and intricate. Why isn’t the source code as simple as the software? Hah. When you figure that out let me know.
Seems strange to be linking to an article in Slate …
The mainstream media thrives on simple solutions. It has no idea whatsoever of how to report on a story that isn’t about easy fixes so much as it is about anguished human frustration and fear. The media prides itself on its ability to tell you how to clear your clutter, regrout your shower, or purge your closet of anything that makes you look fat—in 24 minutes or less. It is bound to be flummoxed by a protest that offers up no happy endings.
Definitely no easy fixes when three slow moving changes are coming together - concentration of wealth, climate change and peak oil – it is as if we are running into the Limits to Growth