I like your explanation about layered solutions to security, +1.
"Do you trust your chipsets?"
Certainly not. I do believe that the recent tiny bytes sequences in any TCP (UDP ?) packet that can lock Intel ethernet cards is actually a backdoor allowing the state to perform DoS at will. I do also believe Huawei and ZTE are state-sponsored espionage companies (I've certainly seen weird things like a keylogger inside a 3G Huawei USB device sold I bought in Europe).
But I do believe that even if I'm, say, a Debian or OpenBSD dev working on OpenSSL it's amazingly complicated for the chipset to modify source code and be able to make to the DVCS unnoticed. I also think that as long as the source code isn't corrupted there are ways to create non-backdoored builds.
It's the same thing with program provers that can verify that certain piece of code are guaranteed to be free of buffer overrun/overflow: what proves that the compiler itself hasn't been tampered with? But still... With DVCSes and many eyeballs I'm not that much concerned about the compilers typically used nowadays to be tampered with.
The Intel ethernet controller lockup seems like a really bad candidate for an intentional backdoor. It's way too easy to trigger by accident (a single byte with the right value in the right place!) and yet way too hard to trigger intentionally (a slightly different value immunizes the controller).
Surely an actual backdoor would require something a little harder to stumble over by accident, and wouldn't have a trivial disable code.
Tinfoil hat time... Does anyone ever reverse gcc binaries to verify? I mean it seems that many eyeballs on the source code actually provides a negative effect to people examining the binaries, because why do it when the source is right there?
I love Emacs. I use it all the time. But the default shortcuts are the most stupid thing ever. That Control-x (C-x in Emacs lingua) is insanity at its best: due to the stupid non-symmetric layout of typical staggered keyboards 'x' in itself is one the hardest key to type (the equivalent with the right hand is way easier : '>' on a QWERTY keyboard). I'm a touch-typist and to hit 'x' I need to move my whole hand a bit. To hit '>' I just need to move on finger. I blame this on the fact that keyboard are using a staggered layout instead of a matrix or symmetric layout but whatever.
Then Control. Zomg. Control has to be accessed with the left pinky if you're a touch-typist: some very touch-typist friendly keyboards like the HHKB Pro 2 don't even botter with a right control key.
So to hit "C-x" you're supposed to use the two leftmost fingers of your left hand: this alone has to be one of the most RSI inducing keyboard shortcut ever.
But in Emacs everything is configurable. So I'm using "C-," to replace "C-x" and "M-," to replace "M-x".
It shall never cease to amaze me (in a very sad way) that when people "copy Emacs", the first thing they copy are the Emacs shortcuts. The Emacs shortcuts are the lamest thing ever in Emacs.
I love Emacs but I hate its default shortcuts. Emacs is not about its shortcuts: Emacs is about tailoring it to your needs by using Lisp.
I'm also wondering why that constant loss of energy in editors which shall never produce anything close to what one million lines of elisp code are providing. I'd much rather see that energy spend on creating a bridge for the Go-completion facility in Emacs, the real thing.
Please. I don't even bother compiling my .el to .elc and I've got a shitload of modes and a gigantic .emacs file (which I should split btw).
Emacs, from the scratch, takes two seconds to fully load, including all the modes and my solarized color theme etc. I'm not talking about always running an Emacs server to which you can connect in a split second: no, I'm talking about a cold start.
It's 2013 and that's on a Core i5 3450s with 4 GB of RAM. Hardly a speed/memory demon.
If I was motivated I'd compile all my .el to .elc and always run emacs in server/daemon mode to connect lightweight windows to it but why bother!? The friggin' entire thing launches in two seconds!
Regarding the "Emacs is big", I know the joke was funny when people, 20 years ago, were writing that Emacs meant "Eight Megabytes And Constantly Swapping" but in this day and age where most devs are using IntelliJ IDEA, Eclipse or other super-fat IDEs, you have to admit that Emacs is really in the "very very very lightweight camp".
Yes, you need lot of elisp scripts: and preferrably as much as possible written by yourself, because this means you're tailoring your editor to your needs, not the other way around.
Two seconds? Is this a joke? My browser starts faster than that. Often it takes me less than two seconds to open a file, make a minor edit, save it, exit, and recompile.
The number of times I've implemented something by convention due to the lack of this construct... One common use case is that I like "value objects" -- an AccountId class vs. just a String or an Integer. I usually implement them using some sort of internment internally -- WeakHashmap, Guava Interner, etc. When reading from a wire format and using value objects, one must presume the existence of a fromString(String key), fromInt, etc. method. I'd love to state explicitly that all ValueObjects have particular, generic-ified static constructors. Much cleaner. And, it avoids the cliche Java programmer shame of implementing AbstractValueObjectFactory, etc. Some static state, if isolated and properly managed, makes life easier.
"...add a new parameter, set a default and it does it across the entire codebase."
OK but why exactly does a new parameter with a default need to be repeated at different places across the codebase? Because you're using Java and Java is incredibly verbose and requires you to do crazy stuff and you end up with a super-complected codebase where instead of passing messages around you're actually telling objects "do this", "do that" and then when you have one parameter to a method you're in a world of hurt (because that method is used from different parts of your spaghetti codebase).
In Clojure, for example, you'd simply pass the parameters in an associative array (a map) and, even better, when you're constantly passing through the same set of parameter you'd simply wrap the method + its common parameters in a higher-order function and then you pass that higher-order function order. This makes for incredibly shorter codebases and incredibly easier refactoring.
Don't get me wrong: at 75% off during doomsday I did buy my IntelliJ IDEA licence but you're foolish if you think that the "text editor" part of IntelliJ is anywhere near close what vim or Emacs do offer you.
Also what's really great about Emacs is that you can add functionalities yourself to the "editor". Wanna run unit tests automatically and see the result in another frame/window/buffer? That's trivial to write.
No later than yesterday I missed IntelliJ's "goto declaration..." feature. I wrote a quick defun in elisp that had... Seven lines of code and did 90% of the job. Sure people are going to hard that it's for those 10% cases where my script doesn't work that IntelliJ really shines but that's not the point. The point is that you can program Emacs to suit your way of working.
You adapt vim / Emacs to yourself. With Eclipse / IntelliJ you have to adapt yourself to the IDE.
"when your tools are oriented toward making huge balls of mud and your philosophy is oriented toward making huge balls of mud, you will make huge balls of mud"
New sig for me on forums ; )
Paraphrasing Rich Hickey: everytime you're using a "pattern" and have your IDE generate code for that pattern for you, then it means: "I have run out of language" : )
"Have any of you overcome this after > 10 years of bad habits? How did you do it?"
I had a secretary handing my arse to me... So after ten years of bad habits I decided to learn the proper way. She showed me the basics (which are really super trivial: it's so easy that a five minutes YouTube video about how to touch-type should get you started) and then... Practice. Practice. And practice.
And I did buy a split keyboard (warning, there are two schools concerning where the '6' is located and there are even very rare split keyboard who very intelligently did put the '6' on both the left and the right part of the keyboard, so that everyone's happy : )
Buying a split keyboard kinda helps.
After three months I was back at the speed I was before. Then I started typing faster.
It's not so much about the speed: it's about the economy of hand and fingers movement too. I'm sure it's better from an RSI standpoint.
You need to force yourself and keep your eyes on the goal: become faster than before.
Don't mind the obstacles: the very beginning is going to be the most painful.
Buy a real keyboard too: my keyboard / chair / monitor are my physical tools which I use all the time. I spent $$$ on them.
Now the issue is that a good split keyboard is very expensive. ANSI Cherry MX 5000 go for about $500, split IBM Model M15 will settle you a good $1000 to $1500, etc.
Junk like the split MS ergo 4000 have a nice shape but are, sadly, using super shitty rubber dome keyboard.
If you spend your life typing on a laptop then you're destroying your fingers' joints with the ultra-low profile scissor switches.
I'm using a HHKB Pro 2 on my workstation and I hook it to my laptop. Topre switches. Amazing stuff for about $300.
Now that I know how to touch-type I don't really care about my keyboard being split or not.
I'll have to read up on split keyboards a little more. It might be the push I need to stop for good. Practice seems to be the answer, but it is just too hard to remember when I'm typing a large amount.
That would be the world backward: it's like when IntelliJ or Eclipse do offer Emacs shortcuts (Emacs shortcuts being the stupidest things ever invented --and this comes as a long time Emacs user), completely missing the point.
BUT there's light at the end of the tunnel: there's eclim (eclim.org), which allows you to use vim (the real one) as the text editor for Eclipse. Or if you want you can run Eclipse in headless mode and then have vim transparently contact the (local) eclim server and suggest you, right in your vim, the autocompletion hints from Eclipse etc.
This is a good sentiment, and we should have the pride to create quality at all times...
But the appeal of the quote comes from that magic word "professional," and the respect, autonomy, and pay associated with it. Promising that the Respect and Pay Fairy will anoint you a Professional once you become the very best FactoryBeanListenerObject builder in the bowels of Enterprise doesn't tell the whole story.
The word has suffered the same fate C.S. Lewis ascribed to "gentlemen" and "Christian"
"When a word ceases to be a term of description and becomes merely a term of praise, it no longer tells you facts about the object: it only tells you about the speaker’s attitude to that object. (A ‘nice’ meal only means a meal the speaker likes.) A gentleman, once it has been spiritualised and refined out of its old coarse, objective sense, means hardly more than a man whom the speaker likes. As a result, gentleman is now a useless word."
For more on this topic, I highly recommend michaelochurch's November essay on what a true profession of programming might look like.
that special Java/C# + ORM / (N)Hibernate + XML + SQL kind of development hell.
There isn't necessarily anything inherently wrong with Java, C#, ORMs, XML, or SQL. All are pretty useful ways to solve certain classes of problems, taken on their own.
That said, there are definitely "development hell" projects that feature all of those things, but I believe you can have "development hell" in any language, using any libraries, and any persistence technology.
And anyway, if you think writing C# or Java code is bad, trying writing RPG/400[1] using SEU[2] on an AS/400[3] sometime. That stuff'll leave you shuddering and sweating in your sleep, and walking around with a blank stare on your face, drooling and mumblng "Ia! Cthulhu Fthagn! Ph'nglui mglw'nfah Cthulhu R'lyeh wgah'nagl fhtagn, %!@ ^^&!@(, (#!^H NOCARRIER".
Oh, yeah, no doubt. It's fun to make fun of mainframes, and IBM, etc., but the reality is that they invented a ton of ideas that are only just now migrating into the commodity hardware/software world, and/or consumer devices.
Developers in general would probably be well served to do a better job of acknowledging our own history and maintaining more awareness/context regarding what has come before.
Interesting... then why are there entire systems of thought in management theory centered around motivating people to work?
It's a warm and fuzzy quote, but humans don't work this way. If we're not sufficiently motivated, no force on earth is going to allow us to do our "best job".
A good manager knows this situation and can help their team through it. Sadly, there really aren't many good managers out there at all.
+1 nice sentiment. I'll have to get "A professional is someone who can do his best job even when he doesn't feel like it" laser etched on the top of my screen
"Do you trust your chipsets?"
Certainly not. I do believe that the recent tiny bytes sequences in any TCP (UDP ?) packet that can lock Intel ethernet cards is actually a backdoor allowing the state to perform DoS at will. I do also believe Huawei and ZTE are state-sponsored espionage companies (I've certainly seen weird things like a keylogger inside a 3G Huawei USB device sold I bought in Europe).
But I do believe that even if I'm, say, a Debian or OpenBSD dev working on OpenSSL it's amazingly complicated for the chipset to modify source code and be able to make to the DVCS unnoticed. I also think that as long as the source code isn't corrupted there are ways to create non-backdoored builds.
It's the same thing with program provers that can verify that certain piece of code are guaranteed to be free of buffer overrun/overflow: what proves that the compiler itself hasn't been tampered with? But still... With DVCSes and many eyeballs I'm not that much concerned about the compilers typically used nowadays to be tampered with.