The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
"Look, it doesn't really matter, because by the time anyone finds out that it's not great code it won't matter because then those people will just have to deal with it anyways. But, if you make noise, upper level management will think something is wrong in my group and then they might start looking more closely at me and my life is good right now. And that's what matters...my life being easy."
a C# developer who pooh-poohs Java without ever having tried it
When the C# developer has tried Java he will still pooh-pooh it though
Erik's blog on the expert beginner was in The Insider a while back. The problem is that the more you know the better you know what you don't know. That's why the good people are modest, while the people who know just a little bit shout the hardest.
To be fair some of the Microsoft classes can be difficult to use. After a few months battling my way through problem with the configuration classes, I really regretted my decision to use those MS classes.
In future, I might roll my own or find an alternative. My point being, is that we all will have bad experiences that influence our future decisions. In time, you may forget what those reasons were and just stick to the libraries and patterns you're familiar with.
Arguing over performance was the wrong argument to have. You should have really dug into the statement 'weren't any good.
When I was a system engineer with Sperry-UNIVAC back in the day, one of the account reps told us a story about an IT manager that he swore was true.
A client IT director was complaining about the slowness of printing reports from one of our small mainframe machines. As most of these directors did not want to spend the monies to upgrade to the far faster printers, this particular account rep suggested that the director put the disk drive units on their third floor, the mainframe unit on the second and the printer on the first. This way the electrons would be going down and as a result, much faster to the printer.
About a month later when the account rep visited the account for a regular checkup-call he found the director immersed in blue-prints for the reconstruction of the IT department. Asked what the director was doing he told the account rep that he had gotten permission to start rebuilding the IT areas to implement the account rep's previous month's suggestion for faster printing...
Our profession is just littered with stories of such stupidity, which are more often than not completely true. The reason for this is that the quality of technical management in our field tends to be quite low despite all the hype about how they consistently try to hire the best and brightest. In short, most such management are irrational, incompetents who barely have the ability to reason beyond what the company expects of them.
They in turn hire buffoons who the original poster of this thread described.
Rational, technical personnel who understand this perpetuation of irrationality in our field slowly go insane over the many years we attempt to deal with such people in during our career.
It is no wonder that our profession is such a mess?
Sr. Software Engineer
Black Falcon Software, Inc.
I will never forget the expression of the account rep's face when he told us that story. He said the day that he went into that company and found out what was going on he was incredulous to the point of shock that someone could be so stupid as to actually believe what he had told them...
Sr. Software Engineer
Black Falcon Software, Inc.
I think what you describe here can be hypothetically (partially) explained by the "Dunning-Kruger" research: [^]; however, I suspect there are other dimensions to the dynamic of your interactions, as well, such as: maintenance of "face" by the nominally senior role-holder who feels challenged by you, technically.
Without more information on context, like where, when, public/private, who else was present, etc., useless to speculate more.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
We have a large corporate client that is asking for our Windows 10 software (network service) and Windows mobile 6.5 hardware/software to be Penetration (PEN) tested. Does anyone out there have any experience in this area?
1. Recommend a vendor to provide PEN-testing 2. Suggest what it might cost to PEN-Test a Windows application and/or a device 3. Have suggestions to avoid hazards in going down this unknown road?
We are being given results back from Qualys w.r.t. how our system performs. Anyone have experience with them?
What you really want is a Vulnerability Assessment, which may or may not include a pen test. If they're insisting on that, it's fine, but a pen test alone will only give you specific details, not an actual overview of system vulnerabilities (and therefore a road map as to how to fix it).
Just make sure it's an established security consultant (if they've been in business less than a year, move on) and that they hold a certain level of certification (SANS, CISSP, etc). Any consultant or service worth their salt should be able to provide references.
If the client has a specific parameter for who they want, or what accreditation they hold, and they're really that big of a client, it's likely best to follow their model.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli