.::output >> /dev/null::.

Mac OS X hacked under 30 minutes: ZDNet Australia: News: Security:

"Gaining root access to a Mac is 'easy pickings,' according to an individual who won an OS X hacking challenge last month by gaining root control of a machine using an unpublished security vulnerability."

(Via Mac OS X web server security competition over in six hours.)

What does that article show? Does it show that Macs are not as secure as most people think they are? Somewhat true especially if the owner is trying to be idiotic and enables ports and announces it to everyone. Does it show that all Mac users should go get themselves an antivirus suite? Probably not. McAfee and Symantec are leaping for joy now from all the publicity they are receiving and will probably try to get as many people as they can to buy their products. Does this mean that I can no longer boast to my friends that the Mac is the most secure platform in the world? Probably but then again, to claim that your machine is the most secure and announcing it to the world is probably asking for trouble anyway. There are various other ways to exploit a machine more effectively: social engineering comes to mind.

The lesson from all this is that every operating system out there has its set of vulnerabilities. Period. Some, like < insert the stereotypical example here > are probably more vulnerable to everything else just because it has been configured that way. Some are going to be more secure because they were designed with security in mind. So, if really great security matters to you, you should probably not be using any of the common operating systems anyway.

In a sense, OSX is still great because it protects most users from things that most common users will suffer from. Whether or not this is because of the small OS X user base will still have to be determined. Though highly controversial, there is this article that says Mac users are slightly more intelligent than their PC-counterparts. So in a sense, Mac users might have better security just because they don't do stupid things. Not doing stupid things is always a good idea.

The best attitude to take with security is to NOT take it for granted.

Incidentally, Rixstep has some articles on some holes in OS X that should be addressed immediately. Here is one

How to Do What You Love:

"The test of whether people love what they do is whether they'd do it even if they weren't paid for it-- even if they had to work at another job to make a living. How many corporate lawyers would do their current work if they had to do it for free, in their spare time, and take day jobs as waiters to support themselves?"
...
It's hard to find work you love; it must be, if so few do. So don't underestimate this task. And don't feel bad if you haven't succeeded yet. In fact, if you admit to yourself that you're discontented, you're a step ahead of most people, who are still in denial. If you're surrounded by colleagues who claim to enjoy work that you find contemptible, odds are they're lying to themselves. Not necessarily, but probably.

One thing that I am 100% sure: I would definitely love to study new programming languages all day and toy around with all their advanced features. I wonder what kind of job or research area this would lead to? Playing around with languages is fun, but it is even more fun when you have a real problem to solve that just fits particularly well with that language. For instance, doing low level embedded systems programming just fits nicely with what C is for. Also, for doing quick programs to sieve through all the prime numbers, nothing beats Ruby or Python.

I guess the perfect job for me to do would be one where we will be using all the different kinds of programming languages and creating a complete system with them. I guess that is why I am so against the idea of using just one kind of language to do everything. Or to say it more clearly, I hate it when what you have to do is just so tied down to a particular programming language or technology. In fact, if you think that there is indeed a grand unified programming language/tool/technology out there, then you are most probably subscribing to the Golden Hammer anti-pattern.

As Graham says, the first step to knowing what you love to do might be to actually discover what you do not like and quickly move away from it. Sticking around with something you do not like will not make you like it in the long run. However, it will probably, at best, render you neutral about something. And when you are neutral about something, that is the worst scenario possible. Not only do you not hate it anymore that you are going to change it, but you also do not love it enough to use it properly. And then you begin to become another common office drone. Kathy Sierra did make another post about sticking on the fence as the zone of mediocrity

So for me, to actually know what you hate or love to do for that matter is to make sure that you have some opinion on it. Hating it is good because you can eliminate it from your list of things you want to do (or maybe just push it back to the very far end for consideration later). Loving it is good since you can quickly bring it to the front of the queue for further evaluation. Not having an opinion for things is bad since it makes you another herd follower.

Objects and Dynamic Languages:

"José Antonio Ortega Ruiz has a lot of good things to say about Smalltalk, and about some of the prototype/multi-dispatch children spawned from it - Self and Slate in particular. It's a long read, but a good read."

There is a lot of stuff in that post. Enough to keep me occupied for at least a month of experimenting. Two new programming languages which are interesting enough in their own respect have been presented. I downloaded Self first to try it out. It looks like Sun has abandoned the project but the contents are still available at the website. I had not have the chance to try Slate yet.

Both Self and Slate come with their own "living" environment which is akin to what Smalltalk has to offer. I can say that Squeak's interface is actually slightly better than what Self has to offer for now. But then again, people actually develop stuff on Squeak and Self seems to be more of a research language so the improvements might have been made by the contributors. And, though I am uncertain why, Self actually has an installer for OS X albeit being optimized for the PowerPC, which means that it probably will not run on Intel Macs.

However, to actually use a language requires some real applications for it. It was easy to actually learn Ruby because there is already a lot of libraries written for it. Not to mention the buzz that Rails generated for it. However for smaller languages such as these, actually writing a real application might be troublesome. Something like Ruby Quiz might be useful.

A while back, I thought of learning Io as well. Io, Self and Slate are all prototype based languages so there really isn't going to be too much difference in which I choose to learn. However, I might be entirely wrong. The difference could be as great as Java and Ruby.

Either way, prototype languages are something interesting to know about. I might also take a look into aspect-oriented programming and see how that compares.

There is nothing much I can say about prototype based languages except they do seem to fill in the niche for more complex systems that depend on multiple objects to determine behavior. There should be a use for prototype based languages in the future once the industry absorbs it. After all, it took quite a while before object-oriented programming became a buzzword among everyone.

Another point I wanted to make in this post: go subscribe to Smalltalk Tidbits, Industry Rants. The author really makes it a point to update the blog at least daily and presents rather interesting articles. And, unsurprisingly, the blog is powered off Smalltalk.

EducationGuardian.co.uk | Research | Bored meetings:

"1. The more meetings one has to attend, the greater the negative effects; and
2. The more time one spends in meetings, the greater the negative effects"

(Via Meetings considered harmful.)

The main reason is probably when someone is not prepared. Most of the time, if the main speaker is prepared then it is not too bad. As least the main speaker is trying to impart some useful information to the few that are listening to him. But when the speaker is not prepared, then trouble comes. Either some jack ass starts to hijack the meeting by trying to talk a lot to make himself look good. Or the meeting begins to head off tangentially in all sorts of direction.

Also, when you are not prepared for the meeting (like most of the time, especially if it is an ad hoc meeting during one of your busiest days) you are not able to participate at all in it. Most meetings either tell you the things you already know or the things that you will never need to know. Even if it does tell you the things you need to know, you are probably going to forget it unless you write it down somewhere. So, what's the point? Much better to keep it short, and let people know where they can obtain the information for themselves in black and white.

So, is it OK for a long meeting if everyone is prepared for the meeting? Definitely not. If everyone is prepared for the meeting, then it is more appropriate to keep it really short. I especially hate it when the meeting can be shortened but because there is this weekly schedule that says that the meeting is supposed to be an hour long, some moron begins talking crap at the end to make it so. It is definitely OK and highly encouraged to end a meeting early.

Most of the time, no matter what you are doing, if you can maintain daily (not hourly, mind you) communications with the other person it should be much better than meetings. If you need something from someone, then just ask the person directly; there is no point in getting everyone else involved. If more than one person has asked you the same question, write up an FAQ and put it somewhere.

Bottom line: effective communication with the right people is better than trying to get everyone involved in a meeting. Also, ample preparation from everyone is a must for a successive meeting. Finally, when it comes to meetings, shorter is always better.

And what should you do with all the spare time you gain from avoiding meetings? Spend it working during the day and sleeping at night. Which brings me to my other resolution, get enough sleep at night.

Reuse is vastly overrated:

"Context beats consistency. Reuse only works well when the particular instances are so similar that you're willing to trade the small differences for the increased productivity. That's often the case for infrastructure, such as Rails, but rarely the case for business logic, such as authentication and modules and components in general."

(Via Loud Thinking.)

This is kind of interesting since David actually mentioned this somewhere along in the Snakes and Rubies event video.

So unless you are creating a library/framework I suspect that there is really no need to make your classes/function general enough that you are going to be able to use in the not-so distant future when you really do not even know what to expect.

Why Ruby Shouldn’t Be Your Next Programming Language (Maybe):

"For example, consider a developer just starting his programming career. The first language he learns is C. The benefit he receives is 100%. Prior to learning C he lacked the vocabulary necessary to reason about computing and develop programs. In a few years he decides to pick up Java. He learns about OOP, distributed systems, and garbage collection. The benefit for learning Java is let's say 50%. He didn't learn as much as his first exposure to programming but he still learned a number of new concepts. He then dabbles in Linux and decides to learn Perl. His benefit for learning Perl is 25%. He still learned a few new ideas and reinforced existing concepts but not as much as when he learned Java nor nearly as much as when he first learned C. Finally he decides to investigate all this Ruby On Rails hype so he picks up Ruby. He learns a few new concepts and gains exposure to a fully dynamic programming environment. His benefit for learning Ruby is 12.5%. And so the progression goes for each new Algol-based language."

(Via Digg.)

My point from the article above: if you learn programming languages from the same family of languages, you are not going to gain much of a paradigm shift in terms of programming. According to the article above, the syntax and semantics of C/ Java/ Perl are similar enough that you can easily pick up one language from another. While I might not necessarily agree with the examples above, I strongly agree that learning C++ and then Java will not make you a better programmer. It just gives you another programming language under your belt, not some new programming methodology under your belt. It's the same with Java and C#. The two languages (at least the current version of C# since future versions will have some nifty features such as closures and LINQ that will distinguish it from Java) are so similar that the only added benefit you gain from learning the other is the number of libraries available at your disposal.

When I first saw Perl, I was really impressed that you could easily construct an array without all the useless typing of " " by using something like %w{Alpha Bravo Charlie}. The idea of creating the %w to actually return an array of strings was a shortcut to me. That means that somewhere out there, someone else thought that it was a complete waste of time to have to do something type something out like this {"Alpha", "Bravo", "Charlie"}; Notice all the useless " ", ',' and ';' Now, some of you might argue that my IDE takes care of that for me. But why? Why not make it part of the language? Are you worried that some people are not able to comprehend such syntax? So, for such people, you decide to limit your language?

Language Trickery and EJB:

"In any case, I've been getting the impression that many Java programmers become uncomfortable when people start talking about features offered by other languages. Not just the Java engineer on the mailing list today, but lots of Java programmers. The majority, maybe."

So, is it safe to claim that some languages out there are better? That those who actually know those languages are better than your average self-proclaimed programmers? I think so. Read on.

The Perils of JavaSchools - Joel on Software:

"Instead what I'd like to claim is that Java is not, generally, a hard enough programming language that it can be used to discriminate between great programmers and mediocre programmers. It may be a fine language to work in, but that's not today's topic. I would even go so far as to say that the fact that Java is not hard enough is a feature, not a bug, but it does have this one problem."

In the article above, Spolsky points out how some schools are substituting Java as the default programming language for all courses. While there is nothing wrong with Java per se, Java does hide somethings that computer scientists should know about: low-level bit manipulation and memory addressing. Want to do bit-twiddling in Java? It is going to be harder to actually implement it than to understand what bit-twiddling is all about. (Funny anecdote: I made this same stupid mistake. I wanted to represent a byte in Java. What did I do? I created a class for Byte? What the heck was I thinking? Do you realize that a byte takes up 8 bits in memory but a class takes up so so much more??!!) Want to know about how your machine implements the Von Neumman model of computers (data and code are both inside computer memory)? Err, that is going to be hard too since Java does not really let you deal with memory addresses.

Test Yourself - Joel on Software:

"By the time I got to Penn for my first year of college, I thought I was already a pretty good programmer. Completely self-taught, I had written two major systems in Turbo Pascal ... one of them was a complete inventory system for a small factory, while the other scheduled all the production at one of Israel's largest bakeries. It took me until the midterm exams to realize I wasn't as smart as I thought. I completely screwed up some questions, because I still didn't get pointers and I still didn't get recursion. Never one to hold a grudge, I share those midterm questions with you... see if you can do better than I did freshman year."

They are basic concepts that anyone claiming to be a computer science student should know. At this point, it might be best to remind you that computer science student != normal programmer. Go take the test and see if you agree. No matter what language you program in, you should be able to see the subtle requirements of each question.

• A normal programmer is someone who churns out programs (they might or might not be great; for instance as an extreme example, you could print 1 2.... in a loop, or you could do it by typing each line out by yourself). A computer science should be someone who can look at a problem and propose different solutions. A computer scientist knows the term polymorphism not only as a buzzword but as a high-level concept that can be used to create better programs.
• A programmer might be proficient in one (or maybe two languages) but a computer scientist knows about the techniques of each language so that he or she does not program in that language but programs into that language. Just because your language does not support blocks or closures, does not mean that you cannot fake it to make your programs simpler.
• A programmer will switch to a different framework/language capriciously, believing that it is the limitation of the framework/language that the task at hand cannot be accomplished. A computer scientist knows that all programming languages are Turing equivalent and what you can do in one, you can do in another. It just how hard it is to actually do it. It is not impossible, maybe just harder.
• (I could not resist). A programmer is someone who depends on the IDE to tell them what to do since the programming language of their choice has so many libraries and functions that they need. All they have to do is find them. While they do try to avoid doing so, computer scientists are able to whip up a quick algorithm that accomplishes the same task good enough without wasting time hunting down the documentation on how to use those libraries or functions in the first place.

See, I told you that this was not another Ruby vs. Java article. It was just pure coincidence that my examples included Ruby and Java. I don't really care if you learn Ruby or Java but I advocate that if you are serious about programming, you had better learn C (or assembly language, but C is low level enough), then some object-oriented programming language (does not really matter if they are pure or semi) and maybe pick up a functional language from the Lisp family to actually be able to think differently.

With those skills, you can be sure that no matter what new programming language they throw your way, you would be able to pick it up easily. And you would be in a better position to justify what new language is worth learning and what it not going to make much of a difference to your programming style.

Related readings: Beating the averages by Paul Graham and How to be a Hacker by Eric Raymond.

Good and Bad Procrastination:

"There are three variants of procrastination, depending on what you do instead of working on something: you could work on (a) nothing, (b) something less important, or (c) something more important. That last type, I'd argue, is good procrastination."

Graham argues that putting off less important things to accomplish your greatest goal is justifiable. In fact, he believes that is how successful people function: they put off mundane errands and concentrate on their greatest issue at hand. How would you classify something as mundane or important? Graham provides the answer in the form of three questions:

1. What are the most important problems you have now?
2. Are you working on them?
3. Why not?

On the other hand, I have a less rigid belief: that procrastination is fine if you know what you are doing. The hard part is knowing if you actually know what you are doing.

Procrastinate: delay or postpone action; put off doing something.

Surprisingly, everyone has something that we have been putting off. You know you have to do it sooner or later but you just do not want to do it. So, sometimes it keeps nagging you at the back of your head; other times you just completely forget about it until it about due.

While that might sound like a bad thing, it might not be that bad. True, you will probably feel the stress if you put off something big until the last minute. But most of the time, no one will even notice the difference if you do it early or late. In fact, I have seen many situations where last minute solutions are on par with those that have been planned carefully from the beginning. For instance, as a teaching assistant, I have seen students put together a final project in less than 48 hours before the deadline. And their work is nothing short of spectacular.

We live in a society that favors productivity. Everyone expects something from you. They want you to reply their e-mail as soon as possible. They want you to give a reply instantly. By giving them your reply as soon as possible, you make their lives easier but you do not necessarily make your life easier.

I guess the most important thing for whatever you are doing (or not doing) is to realize it yourself. For instance, if I am going to laze around, I should be aware that lazing around is something that I really want to do. If I am going to put off doing something, then I make sure that I know that I am putting it off. If you realize that you are putting something off, and it is your choice then you will not feel that nagging feeling in your head. You realize that you are in control. You know exactly when you are going to do it. Even if it is going to be two hours before it is due.

What I am trying to say: procrastinate under controlled situations. Controlled stress is a good motivator for you to succeed. In fact, controlled stress is better than trying to force yourself to do something when you are not ready to do it. Now, when I am ready to do that important errand, everything else less important just gets put off. Of course, this is definitely not good for productivity since you have to put off more errands just to get the current thing done.

So, to iterate on Graham's arguments: there will be times when you definitely will procrastinate. And when you do, realize that no one expects you to do everything. Prioritize the stuff that you need to do, and not be too rigid in doing them. There will be a lot of things that you have to do, but you really do not feel like doing. Procrastination does not mean that you will not do the task at hand, it means that you are merely delaying it. As long as it gets done before it is due, it is fine (most of the time, unless you really care about making an impression on someone).

In a real-time system, it does not really matter if you get the task done five minutes before or one hour before. What is important is that you meet the required deadline. I think that is how it is with real life tasks as well. Some things can be put off since they have an indefinite wait time; they are non-critical tasks. Some things have to be done quickly: the critical tasks.

Now, all you have to do is realize which tasks are critical and which are not. Graham believes that the critical tasks are tasks that will help you leave your mark in society. Instead, I think they are tasks that you will feel good after doing them. If you do all the critical tasks only, then you will never have time to savor the less critical ones. Want to try to do both the critical and non-critical ones and achieve a 100% output? Don't bother, there is a reason that they are called non-critical tasks; because delaying them indefinitely will not kill anyone.

In short, stick with Graham's arguments, but change the priority of stuff around once in a while. As long as critical tasks get done, you are fine.

What Languages Fix:

"Cobol: Fortran is scary."
"Basic: Fortran is scary."
"APL: Fortran isn't good enough at manipulating arrays."

Seems like most of the other languages created that try to make Fortran less scary are not too successful nowadays. Well Visual Basic is still OK, but it isn't really the Basic language that it was.

The entire list of programming languages and what they try to fix is available from the link above. Kelleher really presents an interesting view to why programming languages were created. In fact, I think, if it were not because assembly language is so cryptic for most people, we would not even end up with C...C++...Java....C#....(what other C variant language?)

del.icio.us: y.ah.oo!:

"We're proud to announce that del.icio.us has joined the Yahoo! family"

Together with its previous acquisition of Flickr, Yahoo seems to be trying to get into the whole hip web-savvy user tools thing. After all, all hip bloggers use flickr for photos and del.icio.us for their bookmarks. And don't forget those tags. Hmmm... maybe they are going to go buy up 43things.com soon.

Either Yahoo wants to jump in and get some of the share from this set of hip users, or they just really ran out of ideas of their own and are cashing in on what other people are doing. Not a bad call based on previous opinions on this matter by Joe and Anil.

O'Reilly Network: What Is Web 2.0:

"The question is particularly urgent because the Web 2.0 meme has become so widespread that companies are now pasting it on as a marketing buzzword, with no real understanding of just what it means. The question is particularly difficult because many of those buzzword-addicted startups are definitely not Web 2.0, while some of the applications we identified as Web 2.0, like Napster and BitTorrent, are not even properly web applications."

The next time a company claims that it's "Web 2.0," test their features against the list above. The more points they score, the more they are worthy of the name. Remember, though, that excellence in one area may be more telling than some small steps in all seven.

Even after reading the article, I still do not get what web 2.0 is exactly but the article does tell of what it should/ would be. In fact the article also does not strive to define what web 2.0 is, only giving examples to contrast what is known as the older web 1.0 and what is now considered to be web 2.0 stuff. Maybe web 2.0 is nothing more than a hodgepodge of technology all loosely linked together. In fact, it is the loose ability to be interconnected that makes web 2.0 so powerful (and prone to abuse). The ability to harness everything else around and shape it as you please, if you have the skills for it (this is what the article means when it says "Users add value"). In short, I think it is the ability to manipulate and interact with different information from across the web. By manipulate, I mean do something to it (filter only the things I want, display it in a certain way) and by interact I mean adding my own thoughts about the information. I hope the last two sentences managed to avoid using too many buzzwords.

Of course, in case you have not noticed, web 2.0 also brings with it a whole new myriad of distractions! Don't believe me? Go to a site like digg.com or even 43things.com. Look at the amount of information flowing there with all the user ratings, comments, user pictures, etc. There is a lot of information on one page. Some of the comments are long enough to be considered web articles. It makes you wonder how this people get the time to write all that. And if that were not enough, digg's contents refreshes almost every hour.

Besides distractions, web 2.0 also brings with it a whole sleuth of personal information issues. There are now so many nifty sites out there that require you to register to get special custom commands. Want to rate a comment of provide feedback on the aforementioned digg.com? Register first. Want to add to your own list of things to accomplish at 43things.com? Register first. And within your user profile, you can even include links to your web blog or flickr account. And now everyone gets to see what you write about and what pictures you have. Consider what happens once the hype about a particular site has died down. You stop visiting it. But you will probably forget to remove your information from the site. And thus your public information is still available there. Ever thought of that possibility?

What about information overload? We are talking about tons and tons of links from one page to the other. From digg.com you can easily click a link to post the current topic to your web blog. This is really nifty and all. But try clicking on some of those blogs. Some of them do provide better insight into the issue at hand. But most of them are just echoing the contents of the topic verbatim on their web blog. Why? If they just want to show that they have stumbled across this topic or want to remember this topic, there is a better way to do this: bookmarks! Or, the uber-cool thing now is to use del.icio.us. Or, even better, go ahead and tag this with 10 over tags. Yup, 9 out of which you will probably never ever remember.

Since we are on the topic of tags, what is the big deal with tags actually? Do they actually help you find information that you need quickly? I have been using them and found them to be really ineffective compared to a simple text based search. For me, tags are more of a way for people to explore things. Consider a tag for "fish" at flickr. There are so many things that can be tagged as fish. Would you really want to go through all of them? Try it. At this moment, searching for "fish" has returned over 42373 pictures. And how many of them are actually about angel fish. In a way, tags force you to guess the keyword that you or someone else used.

Even as I write this, I know that there is probably something better that I should be doing instead of going on and on about web 2.0. But fortunately for me, I do enjoy writing and reading what I wrote, so with web 2.0 or not, I will still continue writing.

So I am not against web 2.0 or anything. Although I feel that in its inchoate state, there is a lot of possibility for misuse. Some of these things might sound cool now but many of those who embrace these technologies now are just there for the sake of sounding cool. Once the hype dies down, most people will just forget all about it. Remember the personal home page craze a few years back? Boy, I was really into it. Even set up a personal home page with pretty much nothing interesting on it. I was updating it so frequently almost everyday and checking the web stats. But after a few months, the whole thing just died down since there was practically nothing else to talk about myself there. No doubt, web blogs offer more opportunity for content since you do not have to talk about yourself anymore. Instead, now you get to talk about other things that, for all practical purposes, do not concern you.

By the way, my short excursion into personal home pages did teach me a few important lessons: how to use HTML, javascript, DHTML and flash. So, it was not all that bad for me.

Blake Ross, founder of the Firefox project, recently come here to UIUC for the annual ACM Reflections conference. And in his presentation, he made this very cogent point: not everyone cares about RSS feed and all that fun stuff. People like us who bother reading blogs, subscribing to RSS feeds and are poised to pounce on the latest internet buzzword are actually just a small niche of the users out there. Only recently have most people come to appreciate the web, Google and e-mail. It will probably take them about a decade to come to the level of web 2.0. And by that time, web 3.0 would have surely surfaced.