August, 2008
You are looking at posts that were written in the month of August in the year 2008.
Categories
Recent Comments
Recent Posts
Archives
- October 2009
- September 2009
- July 2009
- June 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
Don’t Work on the Wrong Machine
Posted on August 28th, 2008 by Chris.
Categories: Business/The Software Industry, Chris, Programming.
Fred Brooks: Build one to throw away
My version: Build every one to throw away.
Fred Brooks’ classic The Mythical Man-Month made this observation developing a new piece of software – inevitably, many of the problems that will need to be solved won’t be known until you try to solve them. The first try will incorporate many feelings of should-have and would-have that will be fixed on the second try.
This is much like a journeyman craftsman building his or her first bench, or planting their first garden. The first try is a learning experience. There is no way around this, nor should there be – learning is often best by doing. The valuable asset is the experience of the builder, not the product.
But we don’t live in the Middle Ages, the age of guilds. We live in the post-Industrial Age. Factory owners don’t consider hoarding all the toys or cars or electronics they produce as an asset. Henry Ford’s genius was to redesign not just the golden eggs, but the machine that lays them.
As programmers, we are not working on a code base. We are working on a machine that produces code. The machine is made up of us, our experiences, the tools we build to make code (which can be made out of code themselves!). This is where results come from, and we should spend our time tuning this machine by producing more, not protecting what we have.
Does this mean that we should throw out old code? By no means! Old code is one of the most efficient resources we have for producing new code. But every process of manufacture in the past has been made into a more automatic and refined process. How could we consider ourselves any different?
Does this mean that we should code like crap? By no means! As was once said, “If you write the first one to throw out, you will end up throwing out the second one as well.” The point is, write good code, but be willing to write new code – the point is to make not good code, but a good code factory.
How to pwn 98% of the net
Posted on August 27th, 2008 by Tim.
Categories: General/Misc..
I’m a 1337 hax0r. Don’t believe me? I’ll prove it.
Step 1: Rent some space in a carrier hotel
Step 2: Steal an IP using BGP (Border Gateway Protocol). This is not an exploit! This is how BGP is MEANT to work!
Step 3: Make sure the IP you steal is of a well known update server (for instance: java.sun.com)
Step 4: Spoof an upgrade package with a trojan of your own design.
Step 5: …
Step 6: Profit!
This is a blended attack that would clearly be EXTREMELY successful. This exploit is independent of operating system. The reason this attack works is because many software developers make the faulty assumption that the IP addreses and domain names can be trusted. Not to pick on Sun, they’re not the only ones to get this wrong. Apple, Sun, and Winzip are just a few of the larger companies that have products vulnerable to this exploit. There are likely hundreds of smaller companies vulnerable as well.
The fix is really not difficult. Don’t trust an untrusted protocol. Use SSL. Verify those certificates. And for the love of all that is holy, use certificate signing on update packages!
Oh, and who actually gets this right? Microsoft. Guess SDL works after all.
The Tower of Babel Part Two: Science Again!
Posted on August 25th, 2008 by Chris.
Categories: Chris, Philosophy.
I was previously discussing a rather simple but unconventional idea: If Christianity has flaws that atheists reject, why not redesign Christianity (or any other religion) to correct for those flaws?
The last time we discussed this, the subject was the problem of suffering on earth. This time, we will address the question of science and religion.
The Two Ways of Working
Posted on August 23rd, 2008 by Chris.
Categories: Business/The Software Industry, Chris.
- If you know what you want to produce exactly (a car, toaster, etc.) and have a precise plan that you can follow to produce it, you can hire and evaluate people by spreadsheet and monitor their efficiency.
- If what you want to produce is unknown (a strategic plan, a new product line), but know the sort of person you want to produce it, you can’t hire or evaluate by quantity. Instead, you need to create the right conditions for people and hope that they produce it themselves, as they will do, in the right conditions.