YA[Programming]T :: Interview? That's an MVC thing, right?

InfidelInfidel HereticRegistered User regular
Welcome to the Programming Thread, where people gather to share stories, lend a shoulder to cry on, and discuss how many bits would a woodchuck chuck if a woodchuck could chuck bits.

Where the arguments cycle over and over again!

padevnet.png

What is PAdev.net?

It is a project started up by this thread to support PA developers. A discussion about shared hosting turns into an idea to have hosting and a community to support those working on hobby programs and web services and what not.

Some things require a dedicated VPS but the bar of entry isn't that low. The cost is not extravagant but the know-how required to manage one is daunting for many. PAdev.net provides a share of hosting and support, a $5 monthly fee nets you a shell account on the hub server and the expertise of your peers.

Community members looking to help out can request an account for the website, where all members can create and maintain guides and share project updates. There is no cost to have a community account, just contact an administrator. Also available are [email protected] email accounts or forwarders.

Current administrators: @Infidel


Some writeups on various languages from the pros and such:
Jasconius wrote: »
Language: Python
Framework: Django
Purpose: Developing web applications rapidly

Django was created by a couple of nerds working for the newspaper industry, and they needed to solve the problem of having two practically identical sites (representing two newspapers owned by the same company) that had the ability to share content and generally be controlled from a central location. Thus Django, a flexible web framework that is different enough from Rails to be worth talking about.

Django is a batteries included framework that spends a lot of time trying to solve little things that are typically left to the gem community with Rails. The end result is a uniformly styled and extremely well documented web framework that can get you rolling pretty fast and is still easy enough to extend.

I've been using it for my new job and I've had very few complaints overall.
ASimPerson wrote: »
Language: C
Framework: Aahahahaha
Purpose: My job

Summary: C and its descendants (C++/Java/C#/etc.) are the most popular programming languages in the world. (As co-inventor Dennis Ritchie supposedly said, "C is quirky, flawed, and an enormous success.") The web browser you're using, the OS, most of your applications, most embedded software, the software on your router, the software on your ISP's router, the software on your game console, etc., were all written in C (well, or in C++).

For my job, I write in straight C. No libraries, no frameworks, no C++, no nothin'. C is a programming language for Real Men (tm), which means that there's no memory management and you're free to crash your program in various horrific ways. The trade-off for this is speed and size, attributes which give C its staying power - though proper C is losing favor as an application development language to C++, C#, and the like, it has found a second life in embedded applications and other small devices. I also think there's a certain elegance to the syntax - it's a language from an era when you didn't have a lot of memory, so statements are terse and lack the cruft of some more modern languages (*cough*C++*cough*). And best of all, no right minded C programmer would use LongVariableNamesLikeThis.

There's no shortage of manuals and documentation for the various incarnations of C, but the best reference is still from the source: The C Programming Language, by Kernighan and Ritchie. This book is so ubiquitous and standard that it's known simply as K&R in the field.
Nightslyr wrote: »
Language: C#
Framework: ASP.NET MVC 2 (soon to jump up to 3)
Purpose: Web Development

ASP.NET MVC is Microsoft's answer to the slew of MVC frameworks already available for a variety of open source languages - Rails for Ruby, Django (is that actually a MVC framework?) for Python, and Zend, Code Igniter, and Kohana for PHP. It's a nice addition because, well, web forms suck for the web, and it follows the same basic overall design methodology as everyone else. It's now in its 3rd version, with a completely new view engine - Razor - which is actually pretty cool. I like where Microsoft is going with MVC.

There are a ton of free resources and tutorials available to get started. Like everything else, MVC is fairly simple to learn but difficult to master. It can be as complex as you want it to be.

Personally, I'm having some growing pains getting myself up to the next level/tier in my own skill development. Learning TDD, IoC, Domain Driven Design, etc. I understand the basics, but I'm still learning OOP in general and both C# and ASP.NET, so piling the more advanced (to me) stuff on top of it has been slow going.

Still, I like it more than PHP.
ecco wrote: »
Language: Verilog
Framework: None
Purpose: Low level development

If you thought assembly language was low level, try Verilog or any of the other HDL languages on for size. Verilog is designed to describe how bits change every clock cycle. And not just one bit either, but potentially every bit available in the device that you are developing for.

This allows for massive parallelism - the sheer number of calculations per clock cycle can easily exceed both general purpose processors and DSPs.

It can also drive men insane.

I see square waves everywhere.
Phyphor wrote: »
Language: Lua
Framework: Custom
Purpose: Embeddable scripting

Lua is a neat little language. It is a dynamic, prototype-based language with relatively simple syntax (LL(1) ho!). There are primitive types (bools, numbers, strings, functions, nil), but the only structure for composition is the table, an associative array. Primitive types (except functions) are coerced to other primitive types as needed for operations. Functions are first class objects and it has closures.

Objects are created through special tables known as metatables, which define common operations and allow tables to take on characteristics of a class of objects, in effect allowing single inheritance.

The language is implemented in C and is designed to integrate easily with a host application. The API allows the host application to perform any operation the language can (and more). Lua can freely call functions provided by the host identically to native Lua functions and the host can create special object types that act as any other Lua object.

I mostly use it as a way to get scripting support into C, not as a standalone language, so I don't really know of any frameworks. I use a custom one to provide limited visibility of C++ classes to the scripts.

Oh and someone wrote a JIT compiler
lazerbeard wrote: »
Language: C++
Framework: Proprietary
Purpose: Video game tools/graphics

If you want to make AAA games on a console. You're probably going to end up working with C++, if you like it or not. With 512 megs of shared memory, multiple fiddly "special processing units", people clamoring over sending 64 players' worth of data over a network at an even pace and other wonderful things, performance down to the bit really does matter. Not to mention that the API (and compiler) is written for C++, so you're not getting away from it if you want to work on console games unless you're using XNA. C++ is the tacticool gun of programming languages. If you can do it, you can probably find a way to do it in C++, then you can probably find a way to hack it so that it only uses 10 bits at a time to do it.

Honestly, I don't spend the entirety of my time in this nether realm of pure data as I'm a tools programmer by trade. In a day I'll go between C++, C#, python and back again. Each language has its own sets of advantages and disadvantages, of the three I'd honestly say C# is the most "fun" to work with. C++ still wins out for me, just for being extremely versatile, while keeping performance high. I think the other thing I like about C++ is that the performance cost of anything is laid bare much more in the other languages I work with. Because you are tasked with moving around the bits other languages abstract away, I always feel the performance cost of code I write is much more impressed upon me when I write it in C++. When looking at performance in other langages, I often consider how it would effect performance had I tried the same trick, as underneath the hood the process is most likely similar.
tallus wrote: »
Language: PHP
Framework: Custom
Purpose: Web development

Although slightly outshone by the relatively new Ruby on Rails, PHP is still a solid choice for Web development. An engine is available for pretty much every web server (Apache and IIS being the major ones of course), it's easy to learn if you come from any kind of c type background and it offers some really neat features if you dig deep enough. Recent releases (5.3 I think) offer true namespacing to add to the plethora of object orientated features already present (if you like that kind of thing). One of the best things about PHP though is that, because it's so widely adopted there's literally tons of tutorials, documentation and samples out there to get you going.


Language: VB (classic)
Framework: Ha, I wish
Purpose: Legacy application development

Yeah I know. I use VB in my day job since I have to maintain a ton of applications written in it. It's slow as hell, the IDE sucks and I really have nothing good to say about it. For all its flaws .Net is a massive improvement on Microsoft's legacy development environments. I did manage to find a plugin for the VB IDE that allows tabbed documents, full screen editing and some other nifty features. I'll see if I can find it if anyone is interested.

Language: Javascript
Framework: jQuery (and jQuery mobile)
Purpose: Web application front end development

Javascript has been around for donkey's years and is pretty much universally supported in modern web browsers. It allows you to do a ton of useful / cool stuff with pages once they're pushed down to the client. jQuery is a briliant javascript framework that offers some amazing features. The core of jQuery revolves aorund 'selectors', basically filters you can use to select any element (or group of elements) on a page before applying code / styles to them. There's also some nifty binding functions, to add functionality to elements after they're rendered and ooooh, all sorts of other things. One of the best things about jQuery (and something that sets it apart from other frameworks) is its support for plugins. There's thousands of plugins available for just about anything you can think of, and they make jQuery into (in my opinion) the best tool in any web designers toolkit. jQuery mobile is an addition to jQuery to enable the building of mobile applications in a consistent manner across just about any mobile platform.

I also do C# and Android development, but can't really think of anything interesting to say about them right now.
Language: F#/C#
Framework: .Net 4.0 Runtime
Purpose: HFT/Non-HFT systems

With Visual Studio 2010, F#, an ML-variant functional language, is now part of the .Net language family. It has full interop capabilities with any existing .Net assemblies and any other .Net languages are capable of loading .Net assemblies written in F# (with a couple of minor issues to watch out for). It's a full functional language and is best when you program it like a functional language and not ML with classes. There's some good resources out there on F#. I've done a couple of larger scale server applications with it and starting to move on to version 2.0 on a few of them. I also mix in C# when needed for things like COM-interop and certain client APIs.

Language: Clojure
Framework: JVM
Purpose: Large-scale data spelunking

Clojure is a neat little functional language that runs in the JVM. Very LISPy, with a heavy emphasis on macros. I mainly use it with Cascading/Hadoop to slam through the massive data sets and extract the various data of interest.

I also putter around with the CUDA/CULA stuff and data parallel Haskell when I have time.
seabass wrote: »
Language: OCaml / C++ / Fortran
Framework: Lisp converted to Ocaml handed To grad students
Purpose: Combinatorial Optimization, Automated Planning, Robot Path finding, other research topics

OCaml is, like F#, an ML-variant with objects. It's particularly nice because it isn't terribly pedantic and lets you mix imperative programming with functional code wherever you feel it's expedient to do so. It's got a full object system which I've never extensively used, but I hear it's nice. You can run the code in an interactive interpreter, or you can compile native binaries which are relatively quick for a language which manages your memory for you.

The big drawback is that we don't have a concurrent garbage collector yet, so while we have threads, they don't behave the way you would want them to. You can work around it by doing any concurrency you'd like at the process level with pipes or something like MPI.
Language: Ruby
Framework: Rails
Purpose: Developing web applications

Ruby on Rails (RoR or often just called 'Rails') is a web application framework with a practical slant. While most frameworks present themselves as a sort of toolbox, Rails goes a step further by favoring convention over configuration. Instead of configuring how the tools interact with each other yourself, Rails infers what you mean to do from a few naming conventions in your class, method, table and path names. If it gets in the way, you can always define what name it should look for instead yourself.

Rails uses the model-view-controller (MVC) architectural pattern to separate the concerns in your code. On the controller side, it favors RESTful style url method coupling. On the model side, it provides an object oriented representation of your database tables. For the views, it provides a templating engine called ERB (I prefer HAML though).

One of the best things of Rails is the developer community. A lot of Rails developers blog about their experiences or post their problems on Stack Overflow. There also is a sort of package manager/repository for Ruby libraries called RubyGems that helps you install, update and resolve dependencies. For configuring what gems you use in your Rails project, you should use Bundler (which is baked into Rails 3). Most gems can be found on github for easy forking.

I can heartily recommend Rails to everyone looking for an easy to use web application framework. It's as easy as "sudo apt-get install rails && rails new ~/myproject".
Infidel wrote: »
Language: SQL
Framework: None
Purpose: Manipulating your datas

SQL is ubiquitous and often taken for granted. Whether you're a Java or C or Access or PHP or what-have-you developer, you'll often be dealing with another language, being SQL. Some might have frameworks that abstract and/or obscure the SQL, but it's almost always there. The complexity required of your SQL can vary, and for a lot of projects it is relatively simple. Understanding SQL at a non-trivial level however will help you understand how computers work with large datasets, which will aid you in how you design and interact with your data even if you don't actually write any SQL directly.

Relational algebra and key theory is useful stuff for "thinking about it right" when it comes to schemas and queries. Also keep in mind that while SQL is a standard, every database system has a point where it diverges from the standard. When you start dealing with very complex queries or procedural code and triggers etc., you'll see very different syntax and often different approaches altogether due to vendor support of features available. For example, Microsoft SQL Server uses Transact-SQL (T-SQL), Oracle uses PL/SQL, and while both are the common system found in the business world and accomplishing the same objectives they are very different beasts to the developer. Methods and tricks for one are not always the best or feasible for the other, and you often rely on tricks to attain the performance demanded by the project.

In a rather different scope, web sites and services tend to use other systems, such as MySQL and PostgreSQL. The focus here is usually less on procedural code and more on efficient SQL-standard queries. The scale of the project might be trivially small where any design works to massive commerce sites that sell a hojillion products and track customer trends. Most people here will not be dealing with that, but many of us will have some sort of SQL database backend which we need to write queries for. Non-standard SQL is avoided as much as possible typically, in order to avoid vendor lock-in. This is the dangerous realm of SQL injection attacks which are one of the most common mistakes made by novice developers who need to use a database for persisting their data on their web site but don't have much experience or exposure. Sanitize your inputs and use parameterized queries! :^:

OrokosPA.png
Play D&D 4e? :: Check out Orokos and upload your Character Builder sheet! :: Orokos Dice Roller
The PhalLounge :: Chat board for Critical Failures IRC! :: #CriticalFailures and #mafia on irc.slashnet.org
Infidel on
«134567100

Posts

  • InfidelInfidel Heretic Registered User regular
    That page count totally snuck up on me, I swear man.

    OrokosPA.png
    Play D&D 4e? :: Check out Orokos and upload your Character Builder sheet! :: Orokos Dice Roller
    The PhalLounge :: Chat board for Critical Failures IRC! :: #CriticalFailures and #mafia on irc.slashnet.org
  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    Too much chatting, not enough coding!

  • FremFrem Registered User regular
    Is anyone familiar with any JRuby-compatible gems that can (a) generate an Adobe FDF file, (b) merge it with a PDF, and (c) flatten the PDF? Even Adobe's (now unsupported) FDF Toolkit doesn't appear to do the merging part.

    Not that I mind hacking together (and probably open sourcing) an FDF generation gem and offloading steps (b) and (c) onto PdfTk. Just wondering if there was another way. I found the iText library, but AGPLing my entire app is unfeasible, and the commercial license appears to be of the "email us what you want to do and how much money you have" variety, which scares me somewhat.

  • urahonkyurahonky Dayton, OHRegistered User regular
    edited May 2012
    Too much.

    urahonky on
  • urahonkyurahonky Dayton, OHRegistered User regular
    edited May 2012
    Just in case...

    urahonky on
  • iTunesIsEviliTunesIsEvil Registered User regular
    So, I was testing something yesterday at the end of the day at work with my co-workers, and I found out that I am the only dev running Windows 7 (out of 5 of us) that has left UAC enabled.

    It is hard to test things that relate to UAC when I'm the only one with a machine with it enabled, guys. Jeeez.

    Yes, we devs mostly do our own testing. No, its not a great idea. Yes, we are a darn small shop and do not have dedicated test people.
    :cry:

  • SaerisSaeris Borb Enthusiast flapflapflapflapRegistered User regular
    I don't understand turning off UAC. It's not onerous at all, at least not in Windows 7. Maybe turn it off when you're installing everything after formatting, since that could get aggravating, but after that short period of time you really don't have to enter a password often.

    I think I have to type an admin password maybe once a week, and it takes all of five seconds. I understand being lazy -- I'm super lazy! -- but come on. Five seconds. Once a week. It's a pretty good tradeoff, folks.

    borb_sig.png
  • bowenbowen How you doin'? Registered User regular
    urahonky wrote: »
    Why does your job keep on having you chase your tail?

    It's always silly pipe dreams that won't deliver anything useful.

    This is a contract from Boeing that they asked us to do. It's going to be tough but I have until April of next year to figure it out. If anything I'm going to enjoy learning new things!

    What the shit does Boeing want with this?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SaerisSaeris Borb Enthusiast flapflapflapflapRegistered User regular
    edited May 2012
    On a different note entirely, the authors of the HTML5 spec really draw from a variety of places for their example markup:
    Sometimes, a user has to select one or more items. This example shows such an interface.
    <p>Select the songs from that you would like on your Act II Mix Tape:</p>
    <select multiple required name="act2">
     <option value="s1">It Sucks to Be Me (Reprise)
     <option value="s2">There is Life Outside Your Apartment
     <option value="s3">The More You Ruv Someone
     <option value="s4">Schadenfreude
     <option value="s5">I Wish I Could Go Back to College
     <option value="s6">The Money Song
     <option value="s7">School for Monsters
     <option value="s8">The Money Song (Reprise)
     <option value="s9">There's a Fine, Fine Line (Reprise)
     <option value="s10">What Do You Do With a B.A. in English? (Reprise)
     <option value="s11">For Now
    </select>
    

    Saeris on
    borb_sig.png
  • iTunesIsEviliTunesIsEvil Registered User regular
    Saeris wrote: »
    I don't understand turning off UAC. It's not onerous at all, at least not in Windows 7. Maybe turn it off when you're installing everything after formatting, since that could get aggravating, but after that short period of time you really don't have to enter a password often.

    I think I have to type an admin password maybe once a week, and it takes all of five seconds. I understand being lazy -- I'm super lazy! -- but come on. Five seconds. Once a week. It's a pretty good tradeoff, folks.

    Well, we've got a bunch of people that love storing their projects/code right off of the root of C: (e.g. C:\Code\) so, you know, that's really important to them apparently. It's so very hard to get to your user folder, right? :P

  • urahonkyurahonky Dayton, OHRegistered User regular
    edited May 2012
    *deleted*

    urahonky on
  • urahonkyurahonky Dayton, OHRegistered User regular
    Saeris wrote: »
    I don't understand turning off UAC. It's not onerous at all, at least not in Windows 7. Maybe turn it off when you're installing everything after formatting, since that could get aggravating, but after that short period of time you really don't have to enter a password often.

    I think I have to type an admin password maybe once a week, and it takes all of five seconds. I understand being lazy -- I'm super lazy! -- but come on. Five seconds. Once a week. It's a pretty good tradeoff, folks.

    Well, we've got a bunch of people that love storing their projects/code right off of the root of C: (e.g. C:\Code\) so, you know, that's really important to them apparently. It's so very hard to get to your user folder, right? :P

    Why not use Documents or something? Not trolling, just curious. I would think that UAC on is more important than putting your code to the C:\ folder.

  • iTunesIsEviliTunesIsEvil Registered User regular
    edited May 2012
    What I keep hearing when honky explains his projects to us is: "my employer really knows how to milk federal contracts/federally-contracted companies." 'Cause some of this stuff is just silly.

    Completely identical UI elements across multiple OS's? We can do that! (or take all your money trying anyway...)
    Hunt down evilbadcode through the hardware, via out speshul PCIE card? Suuuuuuuure! (how much do you have to spend on this project again?)

    iTunesIsEvil on
  • Monkey Ball WarriorMonkey Ball Warrior A collection of mediocre hats Seattle, WARegistered User regular
    edited May 2012
    UAC is fantastically annoying, and is basically security theater.

    That being said, I'd probably never turn it off on a work machine.

    Monkey Ball Warrior on
    "I resent the entire notion of a body as an ante and then raise you a generalized dissatisfaction with physicality itself" -- Tycho
  • FremFrem Registered User regular
    Saeris wrote: »
    I don't understand turning off UAC. It's not onerous at all, at least not in Windows 7. Maybe turn it off when you're installing everything after formatting, since that could get aggravating, but after that short period of time you really don't have to enter a password often.

    I think I have to type an admin password maybe once a week, and it takes all of five seconds. I understand being lazy -- I'm super lazy! -- but come on. Five seconds. Once a week. It's a pretty good tradeoff, folks.

    Well, we've got a bunch of people that love storing their projects/code right off of the root of C: (e.g. C:\Code\) so, you know, that's really important to them apparently. It's so very hard to get to your user folder, right? :P

    I use a c:\dev\ directory for assorted development tools so that my $PATH isn't ridiculous to look at, so I sort of sympathize. Except that it takes all of twenty seconds to set user permissions on the folder and never think about it again.

  • iTunesIsEviliTunesIsEvil Registered User regular
    edited May 2012
    Unless you've only used a Windows XP or lower environment your entire life (so, Administrator-level privileges), or you run as root constantly on *nix systems, I have no idea how UAC can be described as "fantastically annoying."

    The only time it's yelled at me is if I'm installing software, or putting some files in places where a normal user should not be putting files (Program Files, C:\). OS X makes me supply a password when installing/updating software. Linux makes me sudo/gksu when I want to install/update/move things into OS-owned places.

    I really don't get why people find it so annoying, and more-so than the "supply your password to do this administrative function" equivalents in other OS's.

    @urahonky because these people are incredibly lazy and/or set in their ways. "I've always stored my code/projects in C:\Code\." "Its so much more typing to go to %USERPROFILE%\Code." Or "I don't want to use the mouse to navigate to my home folder in Explorer." It's basically programmers being programmers and wanting total control over their little fiefdoms. These people also hate Ubuntu because root is not enabled by default, so they have to use the "sudo" command.

    iTunesIsEvil on
  • urahonkyurahonky Dayton, OHRegistered User regular
    I can understand and respect that.

    Also you guys can make fun of me but this project sounds like it's going to be a lot of fun (and even more difficult) so I'm happy. :)

  • EtheaEthea Registered User regular
    What I keep hearing when honky explains his projects to us is: "my employer really knows how to milk federal contracts/federally-contracted companies." 'Cause some of this stuff is just silly.

    Completely identical UI elements across multiple OS's? We can do that! (or take all your money trying anyway...)
    Hunt down evilbadcode through the hardware, via out speshul PCIE card? Suuuuuuuure! (how much do you have to spend on this project again?)

    The funding if it is a federal contract comes in in stages, with each stage lasting roughly a single year, you than need to have the required deliverable to continue.
    I work on some SBIR funded projects, and the amount of funding we get isn't out of line compared to the expectation of work.

  • jackaljackal Registered User regular
    I like UAC. I run on a limited account and I haven't had to any of the 'Run As' bullcrap that had to be done in XP. For example, EVE client needs to update, it starts, I get UAC prompt, put in the password for the Admin account, and it just works. It doesn't protect my limited account from malicious codes, but nothing can (well I guess stuff like DEP can and has, but that's another story).

  • EtheaEthea Registered User regular
    Saeris wrote: »
    I don't understand turning off UAC. It's not onerous at all, at least not in Windows 7. Maybe turn it off when you're installing everything after formatting, since that could get aggravating, but after that short period of time you really don't have to enter a password often.

    I think I have to type an admin password maybe once a week, and it takes all of five seconds. I understand being lazy -- I'm super lazy! -- but come on. Five seconds. Once a week. It's a pretty good tradeoff, folks.

    Well, we've got a bunch of people that love storing their projects/code right off of the root of C: (e.g. C:\Code\) so, you know, that's really important to them apparently. It's so very hard to get to your user folder, right? :P

    It should be noted that numerous build programs have issues with deeply nested directory structures on windows because of character limits when doing some command line execution ( see http://blogs.msdn.com/b/oldnewthing/archive/2003/12/10/56028.aspx ). This generally happens when using absolute paths and linking to lots of libraries.

    While this issue can be solved by writing the options to a file, some programs don't use this approach.

  • bowenbowen How you doin'? Registered User regular
    What I keep hearing when honky explains his projects to us is: "my employer really knows how to milk federal contracts/federally-contracted companies." 'Cause some of this stuff is just silly.

    Completely identical UI elements across multiple OS's? We can do that! (or take all your money trying anyway...)
    Hunt down evilbadcode through the hardware, via out speshul PCIE card? Suuuuuuuure! (how much do you have to spend on this project again?)

    That's how it works with federal contracts unfortunately.

    Boeing is dumb though. Malware targeted at boeing's BIOS on their PCs?

    Seems the quickest way to prevent that is a firewall, realtime antivirus scanning socks + web, and TCP rules to prevent anything getting out.

    Maybe I'm just old fashioned, but, a few grand of prevention is worth millions of cure. How would you even target that? Call up an operator and get them to log into your website and attack them maliciously? Nah someone's going to compromise a system because of bad security or keeping passwords on their email or something.

    Jesus christ I can't even fathom the amount of money going into this project, it must be in the hundred millions and I am in the wrong damned field.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • bowenbowen How you doin'? Registered User regular
    UAC is the best thing Windows did, tbh.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • urahonkyurahonky Dayton, OHRegistered User regular
    edited May 2012
    Eh, probably too much.

    urahonky on
  • bowenbowen How you doin'? Registered User regular
    edited May 2012
    How would you know something is hardware malware without knowing the state of the hardware when it's first installed?

    Again, hardware malware still can't "dial out" through preventative measures. They're overthinking the problem. I think hardware malware in this sense is software malware that's figured out a way to get into the boot sequence or something to that effect, if it were designed from the gate to be malicious there'd be no way you could tell, or you'd have no idea.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • urahonkyurahonky Dayton, OHRegistered User regular
    Sorry, had to go through and remove my comments. I think that I may have talked too much... I'll have to leave it at that for now. :(

  • jackaljackal Registered User regular
    If it's actually a problem it seems like the type of things they should be throwing out grants for PhDs to research.

  • EtheaEthea Registered User regular
    edited May 2012
    bowen wrote: »
    What I keep hearing when honky explains his projects to us is: "my employer really knows how to milk federal contracts/federally-contracted companies." 'Cause some of this stuff is just silly.

    Completely identical UI elements across multiple OS's? We can do that! (or take all your money trying anyway...)
    Hunt down evilbadcode through the hardware, via out speshul PCIE card? Suuuuuuuure! (how much do you have to spend on this project again?)

    That's how it works with federal contracts unfortunately.

    Boeing is dumb though. Malware targeted at boeing's BIOS on their PCs?

    Seems the quickest way to prevent that is a firewall, realtime antivirus scanning socks + web, and TCP rules to prevent anything getting out.

    Maybe I'm just old fashioned, but, a few grand of prevention is worth millions of cure. How would you even target that? Call up an operator and get them to log into your website and attack them maliciously? Nah someone's going to compromise a system because of bad security or keeping passwords on their email or something.

    Jesus christ I can't even fathom the amount of money going into this project, it must be in the hundred millions and I am in the wrong damned field.

    Depending on the style of the project, this could have a fairly small budget. If they are collaborating with a university and a private contractor it could be just a couple of million over a couple years to research the viability. Now if they are past the research phase and think this is possible...
    jackal wrote: »
    If it's actually a problem it seems like the type of things they should be throwing out grants for PhDs to research.
    My initial reaction was that this had to be a research project between universities and the government. They do this style of impossible research all the time,
    see DARPA.

    Ethea on
  • urahonkyurahonky Dayton, OHRegistered User regular
    jackal wrote: »
    If it's actually a problem it seems like the type of things they should be throwing out grants for PhDs to research.

    Oh I'm sure they have. And I'm sure whatever we build will probably be expanded upon in the future.

  • urahonkyurahonky Dayton, OHRegistered User regular
    Ethea wrote: »
    Depending on the style of the project, this could have a fairly small budget. If they are collaborating with a university and a private contractor it could be just a couple of million over a couple years to research the viability. Now if they are past the research phase and think this is possible...

    No idea the funding. Sorry.

  • bowenbowen How you doin'? Registered User regular
    jackal wrote: »
    If it's actually a problem it seems like the type of things they should be throwing out grants for PhDs to research.

    Yeah that seems oddly specific. "Oh hey we don't trust our equipment manufacturers in Asia... so let's hire some contractor to develop a solution to find hardware faults that don't meet specification."

    Seems like maybe you should avoid Asian equipment manufacturers and make sure this equipment can't dial home or something. Or whatever the malware is supposed to do. Corrupt files? I can't see where this is a good thing for any party.

    I guess I should stop talking about it though. Just makes me do the jackie chan wtf are you thinking face when they company keeps coming up with these ideas.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • iTunesIsEviliTunesIsEvil Registered User regular
    Ethea wrote: »
    It should be noted that numerous build programs have issues with deeply nested directory structures on windows because of character limits when doing some command line execution ( see http://blogs.msdn.com/b/oldnewthing/archive/2003/12/10/56028.aspx ). This generally happens when using absolute paths and linking to lots of libraries.

    While this issue can be solved by writing the options to a file, some programs don't use this approach.

    As very true as that limitation is, Ethea, that's not what I'm talking about, and is (barring something REALLY odd) in no way applicable here. These are really-simple .NET solutions/projects (1 project per solution, small stand-alone db<==>client apps) in our developers' "Code" directories. Plus, I would assume that any large-scale, complicated build that exceeds CreateProcess's maximum command-line length of 32k characters is not going to be happening on an individual developer's PC as a general rule. Something that complicated most likely happens on a build/CI server.

    Maybe other people do run into this on their dev machines, maybe where you work where you seem to work with large-ass, complicated projects doing very complicated things and linking against some very interesting stuffs, but it does not happen in this small shop, so it makes almost 0-sense for our devs to be turning off UAC because it might prompt them for a password once a week. This is "no, it's my computer, I'm the boss, waaaaaah!"

  • bowenbowen How you doin'? Registered User regular
    You'd think so Ethea, but it appears this is a private industry rather than government so it makes it even more wtf.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • urahonkyurahonky Dayton, OHRegistered User regular
    bowen wrote: »
    You'd think so Ethea, but it appears this is a private industry rather than government so it makes it even more wtf.

    Having re-read the proposal: Boeing is our contractor (or we are, no idea the difference). The customer is going to be gommerment.

  • EtheaEthea Registered User regular
    urahonky wrote: »
    bowen wrote: »
    You'd think so Ethea, but it appears this is a private industry rather than government so it makes it even more wtf.

    Having re-read the proposal: Boeing is our contractor (or we are, no idea the difference). The customer is going to be gommerment.

    You are most likely a subcontractor of Boeing. Subcontractors are brought on to provide certain expertise or abilities that the primary contractor doesn't have. So for example the primary contractor might have all the PHD researchers but nobody to implement the research, so they bring a coding firm that has a good track record at delivering products at a cheap rate.

  • EtheaEthea Registered User regular
    Ethea wrote: »
    It should be noted that numerous build programs have issues with deeply nested directory structures on windows because of character limits when doing some command line execution ( see http://blogs.msdn.com/b/oldnewthing/archive/2003/12/10/56028.aspx ). This generally happens when using absolute paths and linking to lots of libraries.

    While this issue can be solved by writing the options to a file, some programs don't use this approach.

    As very true as that limitation is, Ethea, that's not what I'm talking about, and is (barring something REALLY odd) in no way applicable here. These are really-simple .NET solutions/projects (1 project per solution, small stand-alone db<==>client apps) in our developers' "Code" directories. Plus, I would assume that any large-scale, complicated build that exceeds CreateProcess's maximum command-line length of 32k characters is not going to be happening on an individual developer's PC as a general rule. Something that complicated most likely happens on a build/CI server.

    Maybe other people do run into this on their dev machines, maybe where you work where you seem to work with large-ass, complicated projects doing very complicated things and linking against some very interesting stuffs, but it does not happen in this small shop, so it makes almost 0-sense for our devs to be turning off UAC because it might prompt them for a password once a week. This is "no, it's my computer, I'm the boss, waaaaaah!"

    I should remember we are the anomaly and build massive C/C++ projects that are composed of hundreds of libraries all the time.

  • JasconiusJasconius sword criminal mad onlineRegistered User regular
    php is not welcome

    php must end

  • bowenbowen How you doin'? Registered User regular
    :rotate: could make the same case for Java

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • urahonkyurahonky Dayton, OHRegistered User regular
    Then you wouldn't be able to listen to my anecdotal stories bowen. :(

  • bowenbowen How you doin'? Registered User regular
    Very soon I expect to hear some integrated circuit stories that will make me :rotate: so hard.

    With your luck it'll be something that supports like c73 or some insane spec.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • urahonkyurahonky Dayton, OHRegistered User regular
    Well we have a dedicated hardware team. I'm just supporting them on the software side of things. But it wouldn't surprise me either.

This discussion has been closed.