|
This past November, a group of researchers found some serious vulnerabilities in an encryption protocol that I, and probably most of you, use regularly. The group alerted the vendor, who is currently working to update the protocol and patch the vulnerabilities. The news will probably go public in the middle of February, unless the vendor successfully pleads for more time to finish their security patch. Until then, I've agreed not to talk about the specifics. Ab vg vfa'g. Jryy, tbbq rapelcgvba vf, V thrff.
|
|
|
|
|
No it isn't. Well, good encryption is, I guess.
|
|
|
|
|
Wise words. Wise words, indeed
TTFN - Kent
|
|
|
|
|
|
Hear! Hear!
Haven't I railed against that culture here on CP several times in the past? And of course had others scoff in response, something about reinventing the wheel I think.
A developer's first thought upon meeting a challenge (something the standard library or framework doesn't have) should not be "where can I find something that does that?", but instead "can I do that myself?" If you can't do it yourself, fine, look for something ready-made*, but you have to remember that eventually you may find yourself in a situation where no one has gone before and you will have to do it yourself. Will you have allowed your development skills to atrophy? Or will your skills still be sharp from frequent use in many challenging situations? Be a developer!
* And read the code! Learn from it! Don't just use it; can you take the technique and develop a better or more suitable solution?
|
|
|
|
|
Oh, they do that on CP too?!
Well, I personally suffer from what should I bother learn this 10 class API when I could write my own class to do it!!
In fact everybody like my IoC / ServiceProvider / MEF clone here at work!
(under less than 739 lines of code)
|
|
|
|
|
You should write an article on CP about it!
Decrease the belief in God, and you increase the numbers of those who wish to play at being God by being “society’s supervisors,” who deny the existence of divine standards, but are very serious about imposing their own standards on society.-Neal A. Maxwell
You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun
|
|
|
|
|
PIEBALDconsult wrote: A developer's first thought upon meeting a challenge (something the standard library or framework doesn't have) should not be "where can I find something that does that?", but instead "can I do that myself?" Have to disagree here I'm afraid. If the problem is trivial then yes, that's a good attitude. If, however, it's going to take you six months to implement and you are writing this for a commercial product then you should probably look to the ready made version that ticks all the boxes as far as the functionality you need.
This space for rent
|
|
|
|
|
Definitely with you on this one Pete. Hopefully there is happy middle ground between 10 line "packages" and 20000 line frameworks somewhere.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Agreed, but I have to wonder why so many projects took this on as a dependency:
module.exports = leftpad;
function leftpad (str, len, ch) {
str = String(str);
var i = -1;
if (!ch && ch !== 0) ch = ' ';
len = len - str.length;
while (++i < len) {
str = ch + str;
}
return str;
}
TTFN - Kent
|
|
|
|
|
Because... because... it's javascript.
|
|
|
|
|
They didn't. Most of those guys took a dependency on Babel-core, a rather large library. Babel-core took a dependency on a small package called line-numbers that, of all things, auto-numbers lines of text, keeping them aligned. line-numbers is the one who took a dependency on left-pad.
|
|
|
|
|
But at the end, someone took a dependency on a glorified function call.
I'm not blaming the people at the top (gulp, Babel-core, etc.), but the guy that decided, "I'm just not up for writing 10 lines of code today, I'll trust this guy to never break this."
TTFN - Kent
|
|
|
|
|
True, but at the end of the day, it's only one guy who made that mistake. The guy who wrote line-numbers. But then, line-numbers itself is only 35 lines of code. Add in the aforementioned 17 and now he has a 52 line package. Is that small enough to inline, or not? And how many lines does it take? That's really where I was coming from. Yes you can point to this one guy in this one situation, but in reality, there is no good answer. Because if we decide that 52 line libraries are OK, then what happens when the maintainer for line-numbers decides to melt down and yank his library? Babel-core and gulp are still hosed.
NPM needs to do the same thing that every other package manager does: You can only "un-publish" insofar as it hides your package from searches and new dependencies. Packages that had an existing dependency still keep that, and can still access your now-hidden package.
|
|
|
|
|
Vark111 wrote: NPM needs to do the same thing that every other package manager does: You can only "un-publish" insofar as it hides your package from searches and new dependencies. Packages that had an existing dependency still keep that, and can still access your now-hidden package. Completely agree. It's the only way this house of cards Can be sustained.
Just saw this: Your “just” considered harmful — Medium[^] come through my RSS this morning. IMO it's yet another example of a potential problem with the current "share everything/trust people not to be jerks" model.
TTFN - Kent
|
|
|
|
|
It also amazes me that there are 52 forks of this, um, "code."
Really? People needed to fork this code to tweak it for their own use?
I wouldn't even bother to search for a package that does leftpad. But then again, I use C#, which, oh look, already has a String.LeftPad()[^] method. Maybe people ought to start using real programming languages.
The open source programming community really has gone to hell in a handbasket.
[edit]Need proof? Just look at the various implementation suggestions on SO[^] [/edit]
Marc
|
|
|
|
|
How many are real forks vs I-clicked-the-wrong-button-in-githubs?
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
That's why the internet is so slow. Every web site is using 100's of javascript libraries and this is for websites that are basically just static text and images.
|
|
|
|
|
Peter Verhas asks a seemingly innocent question during a technical interview, and gets an answer that is not wrong, but doesn’t really fit. "You hire what you interview for" <- I'm wearing this on a shirt for my next interview
|
|
|
|
|
Right on!
A simple "no" is the wrong answer here, and even when it is, never give a one-word answer, explain why, and while you're doing that, you may realize that there is a way around.
And it's a stoopid question, shows lack of understanding on the interviewer's part. Plus, why ask what you think is a yes/no question? Better to ask, "how might a static method in a class call a non-static method of the same class?"
|
|
|
|
|
That may be too insulting to the HR folks.
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Looks like Internet Person B is reading too much into Internet Person A's post.
A writes that he got an answer R to a simple question Q that was correct but not what A expected - but still the candidate C didn't make it.
B concludes - apparently incorrectly - that C didn't make it *because* of the unexpectedness of R. B might further be preoccupied by the general notion of *asking questions* which B seems to either mix up with "not writing code" (incorrect) or considers useless in general (debatable).
So as A asks, what's the morale of the story? Different, seemingly contradicting answer can be both correct. Acing one answer doesn't save the interview. Internet B is pretty prejudiced about the rights and wrongs of the interview process.
|
|
|
|
|
As with any such article, we can only go by what is written, and we therefore cannot infer any additional information.
Quote: But then again: the answer from one candidate this time was: yes. And he even started to explain that it may happen that the static method has access to an instance. It may get an instance as a method argument and through that reference, it can call an instance method. That person was right. But then.....
Quote: It did not, however, change the fact that he did not know Java well enough, but as a matter of fact in this very specific question, she was right. No other mention is made that other pertinent questions were asked, or what the rest of the interview consisted of. We therefore cannot infer any other information. We have to go on what was written here in the article. In which case, the candidate was rejected because they didn't give the expected answer.
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|
|
Dominic Burford wrote: No other mention is made that other pertinent questions were asked, or what the rest of the interview consisted of
Which shouldn't make us assume that no other question happened.
|
|
|
|
|
Nice try lol but the assumption is made by the person who adds or infers information which was not originally mentioned. In this case there is no mention made of any other questions so it is an assumption to speculate that any others were asked
"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare
Home | LinkedIn | Google+ | Twitter
|
|
|
|