HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zefix

no profile record

comments

zefix
·3 tahun yang lalu·discuss
C does not have exceptions...
zefix
·3 tahun yang lalu·discuss
No.

We need to stop compromising.

Yes, there is a lot of old code.

No, I can't do it all on my own.

But we can do it as a profession. Refuse to take jobs, nag managers, refuse to by hardware that only supports C, etc.

If construction was as ridiculous our fiels, we'd still use asbestos.
zefix
·3 tahun yang lalu·discuss
Well said: The point is to make a proper effort to make the tools we use better.

Humans will always make errors. Let's stop denying that and start fixing the mess we are making.
zefix
·3 tahun yang lalu·discuss
Honestly #4 applies as much as ever. - At least in most regards.

The thing is: The 'security researchers' which I've had contact with focus mostly on hacking and memory corruption attacks.

The thing is: This is a solved problem by now!

And yet, instead of teaching students to avoid the horrible tools, which cause those problems, they keep on teaching how to penetrate and fix.

It's maddening.
zefix
·4 tahun yang lalu·discuss
And we need to stop pretending we do.
zefix
·4 tahun yang lalu·discuss
The alternative is to not have (most of them) at all.

The reality is that 99.5% of users have perhaps 10 or 20 actual usecases/requrements. - You named a few of the most prominent ones. These need to be supported (e.g. with flags) and documented properly. Everything else is excess can be removed.

The problem with this is: You need to find out what users want to do. But many software projects are just too lazy and push all the effort downstream.
zefix
·4 tahun yang lalu·discuss
> Well it's either flags, or a config file

Actually: No. Well, at least not in the ridiculous way that Chrome or Firefox do it. Command line options or config files are both fine - when used in moderation.

The problem here (at least in part) is that it is extremely easy for devs to just add a configuration option. But it is much harder to think about whether a user would actually ever want to change the setting, if it had a good default value.

In fact, I think maybe about 20 command line options would cover 99.9% of all usecases for chrome. - And it would be so much more understandable. - Both for the actual developers and the users.

I absolutely despise it when a software product pushes effort downstream this way.

---

Note: I fully understand that in Chrome these flags at least partially leak out of their "trunk-driven development". - But this is no excuse: In no way should the development environment leak out into a released product this way! - And it would be exceptionally easy to stop this too: Just disable all development flags in the release build.
zefix
·4 tahun yang lalu·discuss
Why do you think that?

If anything bigger buisnesses have more ressources to avoid taxes. - Thus having everyone pay the same would lead to large companies paying more than they do now and small companies would be barely affected.
zefix
·4 tahun yang lalu·discuss
zefix
·4 tahun yang lalu·discuss
If it is a larger-profile German or European webpage, contacting c't / heise investigativ would probably be a good idea.

They are the largest German computer magazine, and have a great track record in getting companies to change bad practices and respecting consumer rights. I also consider them trustworthy w.r.t. not inadvertently leaking the problem.

They have a secure contact form under https://www.heise.de/investigativ/
zefix
·4 tahun yang lalu·discuss
And in yet another surprise to absolutely no one...