Archive for March, 2007

Is computer Science Dead?

Tuesday, March 13th, 2007

Mainstream media are still keen to swallow the line that “real soon now” computer specialists will be redundant because fourth generation languages are so clever that clever people are not needed any more.

This fatuous pap by Neil McBride from De Montfort University (Rated by the Guardian’s University Guide as the 83rd best University in all of England) gives them the sound bites they need.

“Now vastly complex applications for businesses, for science and for leisure can be developed using sophisticated high-level tools and components.” he prattles. “Computer science curricula are old, stale and increasing irrelevant.”

Towards the end of his article it all becomes clear. “Here at De Montfort I run an ICT degree, which does not assume that programming is an essential skill. The degree focuses on delivering IT services in organisations, on taking a holistic view of computing in organisations, and on holistic thinking.”

I have never grasped the point of that kind of course. So you cater to people who want an IT career, but don’t have the core skills of the discipline? Why on earth do these people want to work in IT? Is there not some occupation they could find where they might be capable of grasping the essential skills?

He loves the car/software analogy. “Like cars, a limited number of people are interested in their construction, more live by supporting and maintaining them; most of us accept them as a black box, whose workings are of no interest but which confer status, freedom and convenience.”
Sure, the car industry needs many, many black box buyers, a moderate number of mechanics, a few engineers and designers, and very few theoretical purists. All industries, including computing do.

How many fresh graduates do you think the automotive industry need who take “a holistic view of” cars, but think understanding how an engine works is not “an essential skill”? Not very many I’ll wager.

The death of computer science is not just a fairy tale, it is also an enduring fairy tale. I am in the process of moving house, and cracked opened an old books on its way to the bin. Understanding Computer Science Advanced Concepts by Ray Bradley, Hutchinson Education, 1987 was a high school text book. He refers to the then current computers (late 1980s) as the fourth generation of computers. I don’t think that terminology has endured.

Under a heading “The Future” he writes “The development of the fifth generation machines promises to be the most significant yet. This is because of a fundamental re-think in the basic design of the machine. For example it should be possible to communicate with the machine in a natural language such as English. […] It should be possible for users to define their problems to the machine and for the machine to then develop the programs to solve them.”

That is not exactly how I recall computing in the 1990s panning out.

The death of computer science was a fairy tale in 1987, and 20 years later it is still a fairy tale. More powerful computers are not replacing programmers any more than calculators are replacing accountants or power tools are replacing carpenters.

What is considered a hard problem in computing changes over time but each era still has its hard problems that need smart people with a deep understanding of the fundamentals to solve.

Neil McBride

I ♥ register_globals

Tuesday, March 13th, 2007

I am aware that there are some things so shocking that you are not supposed to say them in polite company “Hitler had some good ideas”, “Tori Spelling is really pretty” or “I think I look really good in a beret” are all ideas so confronting that they are best kept to yourself regardless of how strongly you believe them.

I have a similarly shocking sentiment that I feel I have to share.

I really like register_globals in PHP.

There, I’ve said it. I can go away and order my I register_globals shirt now.

I (heart) register_globals

Sure, choosing to mingle untrusted user data and internal variables is a bad idea. Sure, if you are too lazy to initialise important variables with a starting value it gives you one extra way to shoot yourself in the foot. Sure, polluting global scope with form variables is going to be a mess in a larger app.

There remains something to be said for simple, elegant, readable ways to shoot yourself in the foot. PHP, like any reasonably complete programming language provides a whole host of other ways, so removing one is not particularly useful.

I used to teach PHP to beginners as a first programming language. I have introduced a few thousand complete novices to programming via PHP.

With register_globals on, this example is a short step from the “Hello World!” example:

<?php
if($name)
{
 echo "Hello $name";
}
else
{
 echo
  '<form>
   Enter your name: <input type="text" name="name">
   <input type="submit">
  </form>';
}
?>

It flows nicely from a “Hello World!” example. It can introduce variables and control structure if you did not provide an even softer introduction to them. It can be turned into an example with a practical use without making the code more complex.

This version may not look very different to you:

<?php
if($_REQUEST['name'])
{
 echo "Hello {$_REQUEST['name']}";
}
else
{
 echo
  '<form>
   Enter your name: <input type="text" name="name">
   <input type="submit">
  </form>';
}
?>

To an experienced eye, the two versions are almost identical. The second requires a little more typing, but nothing to get excited over.

To a complete beginner though, the second is a couple of large leaps away from the first. To understand the second version, somebody has to understand arrays, and PHP string interpolation. Both of these are important topics that they will have to come to in their first few hours of programming, but without register_globals, they stand in the way of even the most trivial dynamic examples.

I miss being able to assume register_globals as default behaviour. It made the initial learning curve far less steep. It made little examples cleaner and more readable. Like most safety measures, it does not really protect people who are determined to get themselves into trouble anyway. People who don’t understand the reasons behind it just run extract() or some code of their own to pull incoming variables out anyway. The user submitted comments in the manual used to be full of sample code for doing exactly that.

Oh, but just a side note to all beret wearing white supremacist Tori spelling fans, just because I am willing to speak up for one unpopular cause does not mean I am interested in yours. Sorry.

Melbourne PHP Users’ Group - March 8th

Wednesday, March 7th, 2007

On Thursday, I will be speaking at PHP Melbourne. My talk is titled PHP Considered Harmful. In case you are wondering though, it does not mean I have had a falling out with PHP. I have spent 10 years talking about what’s great in PHP and I need to vent occasionally. Come along if you are nearby. If not, and I am not strung up by an angry mob, I might redo the talk in another hemisphere later in the year.

The other speaker is Chris Burgess on Building Secure Web Applications.

His blurb:

This presentation expands on a presentation given at the Open Source Developers’ Conference in December 2006 titled “Web Application Security - Tools, Techniques, Tips and Tricks”. I will explore some of the original material for those who were unable to attend, taking a look at the plethora of Open Source tools that can greatly assist developers and testers of web applications. In addition to this, I will discuss techniques that can be used to harden web applications.

I Admire Honesty in Corporate Communication - The AU PS3 price is “Obscene”

Tuesday, March 6th, 2007

Australians are generally subjected to some degree of price gouging when a product has one official importer. Only the degree of gouging varies. I buy my laptops from Japan, because by the time an ultralight makes it to Australia at least six months later it has lower specs and a much higher price tag.

The PS3 will launch Australia at AU$999 for the 60GB model. That is a significant, but not remarkable premium on the US or Japanese price. For comparison it is about US$700 plus tax. US price is US$600. Japanese price is US$520. So Australians will pay about 17% more than Americans and about 35% more than the Japanese. (at today’s rates from oanda.com).

Sony Computer Entertainment Australia’s Managing Director Michael Ephraim naturally has to claim that the price of the PS3 is justified. To point out that he is also doing it tough, he points out that he pays an obscene premium for his BMW in Australia.

In an interview with Jason Hill, he says “If you look at any other products it’s the same. I drive a BMW and I pay a price that is completely obscene - 80 per cent higher compared to the US.”

When you look at it like that, a 35% premium on the PS3 is quite restrained I suppose. Well at least if you ignore the fact that in Australia cars over $57K are subject to luxury car tax of 25% in addition to normal GST. If his hypothetical BMW cost AU$200K, then about AU$50K would be tax. His 80% premium means it costs the equivalent of AU$111K in the US. The Australian price of AU$150K plus tax is then an “obscene” 35% premium over the US price.

I’m with Michael . I don’t know how BMW Australia can live with themselves.

It reminds me of a speaker I heard once suggesting more people take up polo. “Many people,” he said, “think polo is only a rich man’s sport, but it is no more expensive than many other hobbies like sailing or motor racing”. He did not actually compare the price of polo to playing video games but that was back in the days of the original PlayStation, so it might not have compared so favourably.

Every Blog Should Have at Least One Post With Erotic in The Title

Sunday, March 4th, 2007

I love seeing what people type into search engines. You might need to work at a search engine, or subscribe to some sort of search intelligence service to see the true depth and breadth of what your fellow man is searching the internet for, but if you have some risqué terms in your blog you will get a small taste test if you have any sort of analytics running.

Since I put up my Java Programmers Are The Erotic Furries of Programming hierarchy, my referrer logs have been amusing me a great deal. I can’t help but think that people coming from a google search for “erotic” are in for a letdown when they get here. But some make me wonder even more.

The reason I had to write this post was because I just snorted coffee over my laptop after finding somebody searched for “javascript for furries”. Although some other phrases are intriguing, “geek monkeys”, “erotic java” and “erotic nerds”, did not induce an involuntary snort.

I am tempted to start including deliberate weirdy bait in posts, just so I can see if people are out there searching for “hot girls in hot tinfoil hats” or “Is it wrong to want to have sex with my cousin if she is also my sister”, but taking the randomness out of if would probably spoil the fun.

I have to credit anybody who made it here searching for “erotic” with being dedicated to the cause though. According to Google Webmaster Tools, a page on my site is the 156th result Google presents for that search. Having clicked through 15 pages of results to find this, I really hope some of the other nearby results were more suitable. Though I think dedication is a fine trait in a pervert. I have no time for those fair weather perverts who would have stopped after the 10th page of results.

For future reference, this is a Java Programmer:
Java Programmer
(from: http://faq.javaranch.com/view?ActiveStaff)

This is a furry.
Furries
(from http://pressedfur.coolfreepages.com/press/sex2k/ [NSFW])

While I will grant you that there are some striking similarities between the two groups, I think given practice you will learn to look for the subtle differences that set them apart and be able to differentiate the two groups.

Digg’s Kevin Rose Has an Account on User/Submitter?

Saturday, March 3rd, 2007

If you missed it, User/Submitter is a paid service allowing people to buy diggs.

They are very upfront about their business model. Submitters (people who want stories promoted) pay $20 plus $1 per digg. Users (digg users who’s second job as a WoW gold farmer is getting tedious) get paid about 17c per digg. So buying 100 diggs costs $120, and in theory nearly $17 of that gets paid out to diggers, there is a $20 payout minimum, so the chances of many people diligently digging away and making 120 paid diggs before their account gets noticed and shut off seems unlikely. In either case, it is nice profit margin while they can get away with it.

Digg unsurprisingly don’t seem to be fans. Poking around, I can see accounts are being disabled. One of mine got disabled, but that might be a bad example because I was not very subtle. Commenting on stories that I dugg that I had dugg them for 17c is probably more blatant than most. Result:
disabled

Looking at other accounts with suspicious behaviour though I see a few of these:
invalid

Privacy is not particularly well guarded at User/Submitter. If you want to know if a digg user name is registered there, then try to register it. An interesting username to try is kevinrose.

Kevin Rose On User/Submitter

Of course, the experiment is somewhat flawed. You can only check once, and while a negative result is definitive, a positive result might just mean that somebody else performed the same experiment before you. Rumours of Digg’s demise might be popular, but I don’t think Kevin yet needs a side job paying 17c per click.

Suspicious behaviour though is not hard to find. Here are a list of Digg stories that received paid Diggs in the last few hours.
http://digg.com/videos/people/Backflipping_Midget_Chased_by_Cops
http://digg.com/offbeat_news/Russian_wrestling_gone_amazing
http://digg.com/gadgets/The_ULTIMATE_domain_search_tool
http://digg.com/world_news/Photo_essay_Unexploded_bombs_are_everywhere_in_Iraq
http://digg.com/tech_news/Lenovo_Recalls_209_000_Notebook_Batteries
http://digg.com/2008_us_elections/Who_Else_Wants_to_Bash_Bush_Now
http://digg.com/videos/educational/Blind_Turkish_Book_Reviewer_The_Alchemist
http://digg.com/gadgets/Nikon_D40_Review_Good_Camera_at_a_Great_Value

Unsurprisingly, there are a number of the same users digging many of them.

What a social site should do about abuse is a harder problem. Any competitive environment is bound to get people gaming or abusing the system. I am not sure that disabling accounts is the best solution though. If I was a 3rd world subsistence gold farmer sitting in an internet cafe clicking links for a few cents a time and my account got disabled I would just create a new one that needs to be detected and disabled. If my account silently got flagged as a source of worthless diggs, and just ignored in calculations, then I would merrily continue clicking away and over time nearly all bought diggs would be worthless because they would mostly be being paid out to account that have already been detected.

Publicly disabling accounts is good for maintaining the appearance of transparency, but longer term, allowing abusive users individual sandboxes to play in lets them waste time without affecting others. In a system where reregistering under another alias is painless, disabling accounts is not a very effective deterrent.