Smalltalk Tidbits, Industry Rants

Sobig is still growing, and some analysts think the worst could be early next week - as vacationers come back to the office. Oh, happy day...

Thomas Gagne has some interesting observations about the differences in exception handling in Smalltalk and Java:

I was recently reading about Exceptions in Java and discovered they aren't resumable. You can't pick-up from where an exception was thrown. I began wondering how this might be possible in Java, but it would require a change to Java's syntax--or the language. Why?

Java doesn't support code blocks as objects. New functionality can't be introduced to blocks of code without changing the language itself. try/catch/finally is implemented as part of the language and not as a feature of an object.

Also, because Java as statically typed it would be nearly impossible to resume with a new value anyway since the "throw" command would have to be able to return a value--but since throw is a command it doesn't return values--and even if it did it would have to return the amorphous "object" which would then require down casting to be made useful. Even then it may be impossible to resume processing with an alternative primitive value.

So Java programs have to run while{}s outside their try{}catch{}s to correct something--which makes the granularity of what can be retried fairly large. Meaning, if there are side effects inside try{} they will either need to be reexecutable without additional (bad) effects or whatever they did will require undoing (or inoculation) inside the catch{}.

In Smalltalk, however, interesting features can be added to blocks and exceptions because they're objects, and object's behavior can be extended without subclassing and is possible in the first place because they aren't "final" nor closed in the base library.

Smalltalk is even neater now than it was a few weeks ago.

The Register shows us that the XML buzz has gone to absurd extremes - now they are ttalking about XML machines - you know, as in Von Neumann machines. Pass the popcorn; silly season has definitely arrived....

The Register explains why my email is arriving so late (last night, I got much of email after 8 pm) - the Sobig.F virus, already bigger than klez, love bug, etc. MS could do us a favor and pull Outlook when they pull Outlook Express....

Spotted in Loosely Coupled weblog - Sterling Ball went from being a Microsoft backer to an MS free shoop - because of the heavy hand of the BSA. There's a great summary at the end of this article, with some thoughts to ponder by all software vendors:

But as Moore points out, one day the tornado stops and you end up on Main Street. The transition from undisputed 100-pound gorilla to brand-conscious, user-friendly market leader is a tricky one, and not every business gets it right. Main Street is there for Microsoft and the rest of the traditional software industry to lose, and one of the key vulnerabilities is the mistrust customers feel around software licensing and upgrade policies. If other vendors can add attractive branding and bundling to the open-source licensing model of Linux and related products, they'll be well placed to exploit that vulnerability. Already, Microsoft and the BSA have lost a key battle for customer hearts and minds on Main Street in San Luis Obispo

Go read the whole article

Ted Leung has some interesting language notes - Java and a bunch of other things - this morning. Have a look

The last two days I've been off on a rant about Windows security. Well, it's not all peaches and cream over in Unix-ville either - check out the Sans/FBI list of top vulnerabilities. I got hit by a linux worm two years ago, and I've had to patch ssh is anticipation of a problem. On the other hand, my linux box hasn't lost track of the network randomly like my box did last night and my wife's box used to (until we switched her from dhcp to a static ip). In any event, you can't be all complacent just by not running Windows....

Chris Brumme talks about security and MS code. Most of the article is pretty good, and very honest - as with discipline in a clasroom, it's hard to tighten up after a long period of laxness. Still, this bit tweaked me:

Unfortunately, this stuff is still way too difficult. It's a simple fact that only a small percentage of developers can write thread-safe free-threaded code. And they can only do it part of the time. The state of the art for writing 100% secure code requires that same sort of super-human attention to detail. And a hacker only needs to find a single exploitable vulnerability.

I do think that managed code can avoid many of the security pitfalls waiting in unmanaged code. Buffer overruns are far less likely. Our strong-name binding can guarantee that you call who you think you are calling. Verifiable type safety and automatic lifetime management eliminate a large number of vulnerabilities that can often be used to mount security attacks. Consideration of the entire managed stack makes simple luring attacks less likely. Automatic flow of stack evidence prevents simple asynchronous luring attacks from succeeding. And so on.

Yes, threaded code is hard. But, it would have been a lot easier had MS gotten a clue years ago and stopped using C and C++. We are going to be suffering from vulnerabilities for years because of that

Michael Lucas-Smith (co-author, with Dave Murphy of TypeLess) - now has a blog powered by Cincom Smalltalk. Subscribe to his feed here

Ted Leung ponders buying a new iBook, and asks himself this about MS software: So why am I waffling? I must be crazy. We all must be. Yeah, pretty much what I was thinking when I wrote this.

You might recall this post from a few weeks ago where I made the point that - late in the season especially - the Yankees get more serious, and harder to beat, while the Red Sox tend to engage in full choke mode. While the Curse of the Bambino may not be real the Sox players sure play as if it is. Here are a couple of stories that illustrate what I'm talking about:

• Yanks win, Sox reel (NY Times)
• Sox fret about number 2 starter

The Yankees have opened up a 6 1/2 game lead (7 in the loss column). The Boston sports writers are starting to fret, and the Sox have stopped hitting. It must be the pennant stretch :)

With blaster and sobig raging, this is the last thing we need:

Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could completely overshadow last week's events. On 23 July Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page.

So we could be in for another exciting round of duck and patch. You know what? I'm seeing a lot of hype about the wonders of Longhorn and the criticality of the PDC from Scoble - here's some unsolicited feedback:

As recently as 2 months ago, I never would have considered a Mac, and Linux as a full desktop replacement just seemed too painful. Now I'm pretty well convinced. I'll be in the market for a new PC soon, and I will be looking very seriously at the Mac platform. Why? Because it's built on top of a stable OS, and the incidence of utter stupidity in application integration at the expense of security (recall that NT 4 pushed much of the graphics code into ring zero of the OS to enable better game performance, for instance) at Apple. I don't care how many new features you put into Longhorn, or how much cooler you think your database is. The bottom line is, your platform sucks. It's insecure, and simply unacceptable in terms of business risk. I wish I could get our IT group to see that; 2-3 infected (Blaster) systems yesterday knocked Cincom's websites off the air for hours. That's a huge cost, and it's being incurred because of sloppy, stupid crap in Redmond.

You've lost my trust; it's going to be a long hard road for you to get it back. And it's not just me - ComputerWorld's editorial page is starting to question MS as a realistic default choice.

The slammer worm whacks a nuke plant:

The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.

The breach did not post a safety hazard. The troubled plant had been offline since February 2002, when workers discovered a 6 x 5in hole in the plant's reactor head. Moreover, the monitoring system, called a Safety Parameter Display System, had a redundant analog backup that was unaffected by the worm. But at least one expert says the case illustrates a growing cybersecurity problem in the nuclear power industry, where interconnection between plant and corporate networks is becoming more common, and is permitted by federal safety regulations.

I sincerely hope that someone got canned over that...

If you doubt that the forces of entropy are on the upswing out there, have a look at this Wired article:

The recent deluge of worms and viruses, including Tuesday's bombardment by the latest variant of the Sobig virus, may be a result of last week's Blaster worm tweaking adolescent egos, according to security experts. The same experts also slammed Microsoft and end users for the parts each played in the latest dramas.

Blaster's "success" probably encouraged other malicious coders to devote the weekend to working on their own evil little creations, said Chris Belthoff, senior security analyst antivirus firm Sophos

That explains why the network experience is starting to suck for an awful lot of us - it probably explains the numerous small outages I'm seeing with my cable service. I had a tech out yesterday, and he found that my signal strength was just fine - and had no good explanation for why I'm getting periodic disconnections. Whatever the problem is, it's further up the lines - possibly Comcast's network getting hit with the email being sent by all the worms out there... who knows.

Related to all this is an interesting editorial in ComputerWorld this week, where their editor quotes a university's IT coordinator

Among the many IT professionals watching this wormy nightmare unfold was Carl Ness, distributed information systems coordinator at Clarke College in Dubuque, Iowa. He e-mailed me with a straightforward but difficult question: Why?

"Why aren't people, especially at the chief executive level, asking: 'Why are we still using this stuff?' " Ness wanted to know. "If these problems were at this level for any other operating system, executives would have demanded that it be ripped out and replaced."

A longtime Novell and Unix user, Ness has 33 servers in production at the 1,200-student college, and only half a dozen of those run Windows. Yet he finds it maddening that disruptions like the Blaster worm are becoming business as usual. "We should not accept the phrase, 'Well, it's Microsoft, we just have to put up with it,' " Ness said, contending that IT pros need to push their managers harder to consider alternatives to Microsoft. Where is the tipping point for your company? How much more business disruption can you sustain?

Very good questions. If a home appliance worked this badly, would you buy that brand again? What about a car? So why are we so complacent about Windows? Heck, if the open source Linux seems scary, take Infoworld's advice and take a serious look at the new Macs - Unix based, rock solid - and easy to use and administer. IMHO, it's time for users to take IT to task for this crap.

Is Outlook Express dead or undead? Looks like hot potato politics inside of Microsoft - will anyone actually be sad to see this nasty little virus attractor die?

Eric Burke reports some issues with Windows update - an update keeps showing as available. While we haven't seen that problem here, my wife's system (XP Home) has had some real issues with update. At some point last year, update broke her dhcp client. After each reboot, the machine was blissfully unaware of the net - running the network wizard always worked. Tiring of this, we set it up as a static IP, and that worked fine for months. When yet another worm/security issue came up, we used update again to patch - and the damn update mechanism did the following:

• Told us the machine needed to be rebooted
• Helpfully reset networking (w/o telling us!) to dhcp
• Returned us to the no network on boot state

So we reset networking to static, rebooted, and got a clean connection. We are now very wary of Windows Update - there's really no good reason for the property setting changes it did.

Computer Business Review has a story about SCO suing end users of Linux:

SCO Group Inc is preparing to take a Linux user to court to speed up the legal process in its claim Unix code has been illegally copied into Linux, and also encourage Linux users to take out a license for its intellectual property.

The company has signed one large customer up to its Intellectual Property License for Linux, but faces opposition from many more who believe SCO must prove its claims in a court of law before they will hand over the $700 per CPU for the license.

Speaking at SCO's Forum event in Las Vegas, president and CEO Darl McBride said SCO preparing to speed-up the legal process and convince the skeptics. "We are prepared to have this heard on a quicker basis in a customer environment if that's what it takes to quicken it up," he said.

This should roil the waters and make people even happier with SCO. The story so far:

• SCO sued IBM
• IBM sued SCO back
• The validity of the GPL may well get tested in court
• The whole field of throw patent violations at Open Source is awaiting validation

And we can all thank SCO for this big pile of fun. Swell

Tim Bray notes that a lot of things seem to be inaccessible today. I have been having the same problem, but thought it was my ISP. Maybe not....

Looks like our IT group got on top of the worm problem, and the CST sites are back up. I'm wondering if this came into corporate via a remote user through VPN; the remote people aren't necessarily up to date on port blocks and patches, and VPN opens an interesting vulnerability. I haven't examined VPN software in any depth, but I have to believe that the VPN server can block ports...

I've felt like this about customer service - during my ReplayTV extravaganza, for instance. This is one of the things that makes me wonder about the whole outsourcing trend - the people you get on the phone have virtually no power. Realistically, the phone support people in-house never had tons of power either, but there were two things they had going for them:

• They worked directly for the vendor in question, so they had some stake in the vendor's success. Meaning, the liklihood that they actually cared was higher
• There was at least some chance that they actually knew some of the developers/engineers/whatever. Or managers in those groups. In other words, they could use personal contacts to gain some soft power

Now look at what the remote phone support people have. No tie to the company. No personal relationships to leverage. No real power - either soft or hard - instead, just an inflexible set of rules to follow. IMHO, this is one of the reasons that tech support is bad, and getting worse. There are real cost savings in outsourcing this stuff - but the soft costs incurred by having a powerless remote staff that doesn't care are potentially huge.

Via Scoble I found this link to one of the Longhorn developer's blogs. This worries me:

Second, Windows is too hard to use. I actually think all computers are probably too hard to use, but I never worked product support for any other ones. Just doing simple things is hard because there is too much noise. Because Windows is a multipurpose operating system (as opposed to something like the XBox or your VCR) there are hundreds of options and checkboxes etc. Happily, in our work on Longhorn I know that we are working hard to make this easier - but this experience really brought this home.

Why does that worry me? Because everytime someone tells me that they are going to make the OS easier to use, I think of various easy to use applications I'm familiar with - like the video editing atrocity that my wife has been trying to work with. That software tries to 'help' you by managing its own files and managing its own file names - and by not exposing you to the file system. Maybe Longhorn won't do any of that, but every time I hear someone tell me how easy they are going to make things, I wonder just how stupid the end result will be...

Wired News has a story about Dean presidential campaign sending out a spam message. The interesting thing about this is that the campaign - via their use of a blog and meetups has gotten a reputation as being very tech savvy. Well, this shows how easy it is to trip from one side of the respect baar to the other via a simple mistake:

Matthew Gross, head of Internet communications for Dean for America, confirmed that the organization had indeed authorized sending the message, but he noted that it was only intended to reach subscribers who had specifically asked to receive campaign information. Instead, it ended up reaching many recipients who had never even visited the Dean website.

"We had contracted with two vendors for our mailings, under the assurance that they would only use opt-in lists," said Gross. "When we found out that the messages were mailed to people not on our lists, we discontinued our relationship with the vendors."

Simple mistake, and one I bet a lot of companies make as well. It's potentially costly, because spam really irritates a lot of people. Not something a campaign - political, or corporate (marketing) wants or needs to make.

As I write this, the blog is offline - as is the entire Cincom corporate site. Word is that the MSBlaster virus got loose at corporate and is wreaking havoc. So no website today. In the meantime, I'll be doing some offline posting. Ahh, the joys of a Windows based network infrastructure....

Dan Kaley writes an obituary for Smalltalk - based on the release of VAST NC. Fascinating. Does he know that IBM released that over a year ago? Does he realize that VisualWorks has been available for NC download since 1997? Heck, if you think no serious work is going into Smalltalk, just grab VWNC 3.0 from the VW Wiki, then download the latest from the Cincom site. Now, after taking a look, explain to me how Smalltalk is dead. Yeesh. Next time, do a google search and follow some of the links instead of just reposting some of the tinfoil hat theories from the slashdot crowd. Hat tip to Steve Hunter for pointing this silliness out to me.

CNET News shows SCO continuing to lay it on thick:

Sontag also said thousands of lines of Unix have made their way into Linux in the form of derivative works that should have been bound by SCO licensing agreements that require licensees to keep the code secret. The company said several enterprise features of Linux--the NUMA (nonuniform memory access, RCU (read-copy update), SMP (symmetrical multiprocessing), schedulers, JFS (journal file system) and XFS (extended file system) portions--all include copied code. The company broke out the number of lines of code that had been directly copied from each. It said, for example, that more than 829,000 lines of SMP code had been duplicated in Linux.

Next up - SCO claiming that breathing was their proprietary idea...

VWNC has been out for years now, and VAST NC has been around or at least a year (maybe longer). Slashdot just noticed.

We refinanced our mortgage today, and boy, was it confusing. We were concerned over how much money they wanted up front for the escrow account, and called them on it. After a flurry of phone calls, they dropped the amount nearly in half - the fun part was that the aggregate accounting amount (refunded to us) kept going down as well. We got an explanation that I thought held some water, but I still left the whole experience feeling like I got stiffed somewhere. On the bright side, even with more money going into the principal each month, the monthly bill came down nicely. I guess my question is, do the documents for these things really need to be so complex?

The Register reports that MS' fix for the feared Blaster DDOS attack made some people think MS switched the update service to Linux:

What actually happened, as we mentioned earlier, was that Microsoft removed the redirect from windowsupdate.com to windowsupdate.microsoft.com, thus cunningly frustrating the worm, which was written with a view to performing a denial of service operation on the former, but not the latter. The BRS approach to security, which owes much to the theory that viruses don't come out at night, is one we particularly like, as it's cheap and approximately 50 per cent effective, but the move did not make Windows Update unavailable as such.

In the absence of windowsupdate.com the first stop of incoming requests was the Akamai caching service which Microsoft uses. This runs on Linux, hence Netcraft report a Linux host, but behind this the Microsoft servers were still operational, hence the report of Microsoft IIS running on Linux. So Microsoft isn't running Windows Update on Linux, and although it's using a service provider that runs on Linux, those services are still fielding back to Windows 2003 servers, clear?

Now, watch the various USENET groups and blogs report "Windows Update on Linux" as fact....

The Register tells us about an IT security who got sent to the big house - after trying to notify consumers about a problem. Admittedly, he used questionable methods to do this; but jail time?

About six months later, according to defensive filings, McDanel discovered that Tornado had never fixed the vulnerability he discovered. Using the moniker "Secret Squirrel" he sent a single email to about 5600 of Tornado's customers over the course of three days, staggering the release each day to prevent flooding Tornado's email servers.

The email told Tornado's customers about the vulnerability, and directed them to his own website for information about it.

So what did Tornado? First, they scrambled to delete their own customer's emails (without their permission) to prevent them from learning about the vulnerability. Then they took other steps to conceal the hole. Ultimately, the fixed the vulnerability, and upgraded their general security.

For his efforts, McDanel was arrested, tried, convicted and sentenced to 16 months in the federal pokey, which he has now served. He has appealed his conviction to the federal Ninth Circuit Court of Appeals.

If that stands, watch reports to CERT and Bugtraq drop like stones in the pond.

Casinos up the ante in the battle against card counters - with an application that tracks cards and bets at the table, looking for anomalies:

MindPlay works by placing a set of 14 digital cameras around a specially built blackjack table tray. The optical equipment registers every card in play by reading special invisible ink printed on them.

But that isn't the only trick up MindPlay's sleeve. It can recognize the differences between a player's drink, a napkin, an ashtray, a stack of chips being held by a player and a pile of chips in play, Soltys said. And it tracks the location and value of chips by comparing 3-D models of them in a database to all objects on the table.

It will be interesting to see where that will go.

Wired News has a story about RSS - it's a light brush over the topic - but shows that syndicated content is starting to get wider interest

Charles Miller curses RedHat and RPM. I've had issues running RPM updates myself.

I recently got a request for a simpler feed for the public Store - someone using Trillian to read RSS had trouble with the 2.0 feed. I've added a new feed - there's now an RSS 0.92 feed and the same RSS 2.0 feed. Enjoy!

I got three games of Puerto Rico in last night - and it must have been my night, because I won all three. The first two were close, but I really dominated the last game. I played a money/building game all three games, but the last one played very differently. In the first two, I bought the Factory early, and made sure to produce 4 different goods (first game) or all 5 goods (second game). I didn't really worry about losing goods to the ocean. Those games played within 2 points, and in the first, I just barely beat out the shipping strategy (corn). The third game was odd. I had almost saved enough to get the Factory again, when one of the players - producing only corn at that point - bought the last one (he later said that yes, it was to stop me from getting it). So I stopped diversifying, stayed with indigo, tobacco, and coffee - and bought a Large Market. By the end of the game, I had more victory chips than the other guys, and two big buildings. That was a fun game. I doubt I'll win three straight next time out though.

Don Park thinks spam is killing email, and he may be right:

I used to feel comfortable with reliability of e-mails.  When I send something to somebody, I felt reasonably sure that it will be delivered and read.  That is no longer true today even with wide use of spam filters.  When I send an e-mail now, I no longer feel sure of it being read by the receipient.

He goes on to discuss the ins and outs of how he classifies email that makes it through his filters; suffice to say that the volume is still high enough that a lot gets blown away with barrely a glance.

I actually don't use a spam filer; instead, I have filters for all my mail lists and people I expectmail from, and that all gets organized into folders. What's left in inbox is almost all spam, and gets manually deleted without a lot of detailed scanning. This is dangerous though - as the Product Manager for Cincom Smalltalk, I get a fair number of mails from people I don't know and have never met - more than once I've had to scan back through the trash for mails I deleted. I don't have any faith at all in digital signatures; I'me sure the spammers will find a way through that as well. Email, once a highly useful tool for communication, is getting more and more like regular mail every day...

Over at Artima, Bill Venners continues his tradition of asking dumb questions (his last effort was an interview of these idiots. Today, I see that's he's gone back to not understanding dynamic typing:

Bill Venners: In you book you say, "It is always beneficial to detect programming errors as quickly as possible." I've met people who don't feel that way: people from the Smalltalk community, people who like Python, and so on. These people feel that all those compile time errors get in the way of their productivity. They feel more productive in a weakly typed environment, where more problems must be discovered at runtime. These people feel that their weakly-typed language of choice gives them as much robustness, but more quickly, than strongly-typed languages such as Java.

Josh Bloch: I quibble with the fact that they are getting as much robustness. I suppose the extreme example of that is shell scripts, which are interpreted. There is no compile time. You can code anything you want. And I think anyone who has used shell scripts has seen them blow up in the field. In fact, people don't expect them to run on all inputs. If you take a shell script, try to do something fancy with it, and it doesn't work, you say "Oh well, I guess it doesn't handle that." And you play around with the inputs and try to find something it does handle.

That's right guys, we just throw crap at the system until it works. You can code anything you want in the popular languages with manifest typing as well - witness void * in C, and casting in general. Test first doesn't mean that you just keep hacking until it works. In fact, my experience is that the hack it until it works mindset is far, far more common in the world inhabited by the curly brace crowd than it is by the Smalltalk (or Lisp, or Python) crowd. Based on this little interplay, it looks like Josh Bloch:

• Has never actually used a dynamic language - or
• Didn't understand what he saw if he tried using one

Hey guys - let me know the next time you see a buffer overflow exploit in Smalltalk, Python, or Lisp. And by the way, Smalltalk and Python are strongly typed. For weak typing, look at C or C++

Scoble writes about security:

The problem is, at some point you'd have to ship new products. Our investors demand that too (new products are where new revenues come from). And, then, you'd be shipping new code with potential new vulnerabilities. Any code that does something interesting is a potential security problem. Think about that for a minute.

For instance, Microsoft just shipped OneNote. It doesn't have an API. Why? Because of security issues. But, it really limits the functionality of the app. I'd love to have Radio UserLand talk to OneNote, so I could use OneNote for blogging. I can't do that today because of security concerns.

Two things come to mind

• Security is in some sense a trade-off with aapplication integration (as alluded to above. In the past - mostly to please customers, IMHO - MS has rated interop higher than security (see MS Office, COM, DDE, etc)
• If MS had been using a managed environment for these apps, it would be far less of a problem. Buffer overflows just aren't an issue when I integrate plugins into BottomFeeder, for instance

However, it's not simply a matter of MS hosting stuff on top of the CLR from here on out either. There's a huge pile of legacy applications, and most of them aren't Microsoft's code. This is going to be an issue as long as people continue to use C and C++ for application development - and not only on Windows. As Linux popularity grows, start watching that platform for interesting buffer overflow issues more frequently...

Spotted in Matt Croydon::postneo:

MS: We'll show that worm that we can beat it.  Let's take our site down.

Worm: Mission accomplished.

About the size of it....

Interesting speculation on the power outage yesterday.

I posted on outsourcing doubts last week. Well, I'm not the only one thinking these thoughts; Cringely has a few ideas as well:

And this leads us to why many development efforts of western companies in India don't work out. The problem with Indian software development is typically two-fold. In one sense, the Indian developers can't relate very well to the foreign end-users (us), and that can lead to problems. But far worse is a problem that is almost the opposite: The Indian coders are treated as just that -- coders -- with all architectural decisions being made 12,000 miles away. There is virtually no input to the architects from the coders because none is sought. That means problems that ought to be noticed early -- and probably are, but in India, not the U.S. -- are noticed too late.

One solution is to allow the Indians greater autonomy, but I think the best solution is to make the architects, whomever they are, live with the coders -- something that is literally NEVER done.

Very, very true. In fact, this sort of outsourcing takes us back to the worst days of early IT - the requirements get tossed over the wall to a bunch of people that are hard to communicate with, and the finished application gets thrown back some time later. There's a pretty good consensus out there that this process didn't work well with IT groups that communicated badly; it's not clear to me why a repeat performance with remote developers will work out better. I'll say it again - if outsourcing is a good idea for developers, why not for the marketing department? Or C level managers? The offshore replacements will certainly be cheaper. What's that you say? That the managers need to communicate more directly? Hmmmm. That's different from developers how?

In case you were wondering, whales do actually fart:

Spotted via Al Hoang

Joshua Marinacci confuses weak typing and dynamic typing. Smalltalk - for instance - is strongly, but dynamically typed. You can't get a type error of the sort you can see in a weakly typed language - like C++. In Smalltalk, if an object doesn't understand a message, you get a well understood exception. In C++, you can get an actual attempt to execute, followed by an ugly crash. Here's an example of his confusion:

I've seen lots of arguments on the merits of weak typing. It encourages flexiblity. It lets me write code faster. I don't worry about the details until later. I can do cool runtime tricks.

I don't buy it. I use a strongly typed language because the code it produces is more robust. Typing solves a slew of common programming errors all at once. It ensures that my code will always do exactly what I mean, no more and no less.

And yet... I can see the advantages of weak typing too. Java is a better prototyping language than C++ but it's no where near the speed of Perl for whipping up something quick.

Except.... C++ is weakly typed. With Casting, you get the worst of all possible worlds - the strictures of manifest typing, along with the runtime's utter inability to cope with a missent message. He continues to miss the point:

Why do we have strong typing anyway? I can only think of two things. First is performance. If you better specify what you want then the compiler can make faster code. The second is for people. The computer doesn't really care if this string really contains a number. It's all just bits in the end. The typing is for you, the programmer. To help you avoid mistakes. To express what you want the code to do to another programmer. It could be someone using your API, or someone modifying your code, or even yourself hacking on your own code in the future. Typing is a more detailed expression of what you want. But creating that expression can be time consuming and constraining.

Odd then, that Smalltalkers almost never run across the sort of typing error he touts as one of the two top reasons for having manifest typing, isn't it? 50% of his argument is crap, because that kind of error just doesn't happen that often. As to performance - the words premature optimization come to mind.

Spotted in Cook Computing - I guess I'm not the only one wondering about closures in C# (see this post from this morning).

How to turn the power on quickly, courtesy of Scotty and Mr. Spock....

Sun's Ulander says Mad Hatter will be safer than Windows:

When asked how he knows it is not as vulnerable to viruses, Ulander explained it would have fewer holes to exploits due to the fact it is built on top of Linux.

"How [Microsoft] built their OS makes it fairly easy to exploit," said Ulander. "Virus writers can script to their macro environment."

I realize that this is mostly just marketing speak - however, Ulander may as well have painted a target on his back. Once MadHatter ships, the black hats out there are going to take that statement as a challenge...

Just what we need on the east coast - a repeat of the sniper madness from last summer. I saw a few reports on this two days ago, but the blackout coverage has just swamped the story. However, the possible death toll from this now stands at 4. All in West Virginia so far, but that's not all that far away from the parts of Maryland and Virginia where last year's sniper attacks took place. Watch for this to splash the news once the blackout story recedes....

When the user asks why did they even bother writing it?. The Pixela ImageMixer software is just horrid. The author or authors of this atrocity should get out of software and into something simple - like, say, ditch digging - now. Stop them before they code again! I've posted on this crap before - this morning, the problem seems to be getting video from the camera to the PC (XP Home) so that we can burn a VCD. Suggestions on better software welcome....

The NY Times (registration required) has a story on a possible source of the problem - northern Ohio:

William Museler, president of the New York Independent System Operator, which manages the state's electric grid, said "huge'' power fluctuations originating from a Midwest power plant started the downfall of the grid at 4:11 p.m. Thursday. He said the power swings became so large that the Ontario system could not sustain them, and the problem migrated to New York.

Maybe now the Canadian authorities will stop blaming non-existant lightning, or fires that didn't happen. Of course, the speculation about Ohio could easily be off as well; we really don't know anything useful yet.

This article from Steven Den Beste lays out the whys and wherefores pretty well.

The Register reports that the GNU serrvers have been owned by crackers since March:

Crackers owned the primary file servers of the GNU Project from mid-March until two weeks ago, the Free Software Foundation admitted this week.

The attack raises concerns about whether malicious code could have been inserted in the software available for download, including Linux.

Wow. Ok, all you people who have a faith based notion that open source is automatically safer than proprietary code - here's the counter-example. What this shows is everyone has to monitor their systems and keep up to date on security patches...

Scoble talks about Anderss Hejlsberg. Here's something to assk him - what about closures? I asked him that at OOPSLA last year, and he squirmed - and then mumbled something about "not wanting to pay the cost". I'd be interested in a real answer someday...

Have a look at this page from Siemens:

PSE has experts with excellent Smalltalk know-how (both in the programming language as such and in the programming systems being commonly used today) and develops object-oriented software also in Smalltalk (beside other object-oriented programming languages). We like to use Smalltalk for prototyping and for software with high-end portability requirements.

The northeast blackout started while I was out dealing with our drainage situation. Here are the links, courtesy of Matt Croyden:

• CNN
• Washington Post
• BBC

Thank goodness I'm not trying to fly today...

Linux Today points outt an interesting development - SCO will argue in its suit against IBM that the GPL is invalid:

"SCO will attempt to win its $3 billion case against IBM by arguing that the General Public Licence (GPL) is invalid.

"That's what a pleader at legal practice Boies Schiller and Flexner is telling the Wall Street Journal today...

"But according to today's WSJ, quoting lawyer Mark Heise, the GPL is pre-empted by US federal copyright law..."

Confused yet? Read the full story here. Looks like the prediction that the GPL will be tested was correct. Most people seem to think that SCO will not succeed iin this money grab - but they could leave a trail of legal wreckage even in defeat.

Ted Leung makes a really good point about how companies get - and lose - business:

Companies don't get it anymore. You respect me. I learn to trust you. When I trust you, I keep buying from you. If I really trust you, I go out of my way to buy from you. I recommend you to my friends. But if you don't respect me? I had a telemarketer persistently call me about fixing my unbroken auto glass. I finally told him, "I know your company's name very well now. I'll be sure that I go anywhere except to you when my auto glass needs fixing". I told a Qwest telemarketer I wasn't interested. She climbed down my throat, asking me angrily "Didn't I want to save money?". I told her that if it meant having to deal with her, that I'd rather pay more. These companies are doing themselves a world of hurt, and they don't even know it.

I agree with that - and it goes beyond companies. There are charities - ones that do honest to goodness good work - that have completely turned me off with their phone solicitations. When you are asking me to help out and do a good deed, here's a hint - don't hint that I'm stingy if I don't give. Drives me nuts. Here's another example - late last year, for the first time ever, I made a donation to a political party (never mind which one - in this regard, I doubt it matters). Ever since then, there's been a steady stream of junk mail asking me to give more. I suspect that the postage alone for the solicitations has gotten to be more than I donated! That's irritating, but about a month ago, I got a new one - a letter stating that I "must not care anymore" and was "letting the other side win" - because I hadn't given more! Yeesh, in what Universe will that make me feel like donating again? Hot tip - if you want my money, don't berate me for not giving more! Who does the market research for these people anyway? Whoever it is, they need to go, and they need to go now.

I posted on the cold Atlantic phenomenon a week ago, and now this morning I see this report on the melting of arctic (North Pole) ice. Most reports I've seen on the cold water blame upwelling - an event where wind currents and other things combine to force deep water to the surface. These reports have also mentioned that a flow of cold, fresh water from an arctic melt could cause such a cold water event - and muck with the gulf stream. We better hope the gulf flow isn't being changed - because a shift could make the US east coast much cooler, and make Northern Europe's climate more like that of Canada....