Youry's Blog

Youry's Blog

Archive for the ‘Uncategorized’ Category

The end of software engineering and the last methodologist

leave a comment »

The end of software engineering and the last methodologist

Copy from Bertrand Meyer’s technology+ blog

(Reposted from the CACM blog [*].)

Software engineering was never a popular subject. It started out as “programming methodology”, evoking the image of bearded middle-aged men telling you with a Dutch, Swiss-German or Oxford accent to repent and mend your ways. Consumed (to paraphrase Mark Twain) by the haunting fear that someone, somewhere, might actually enjoy coding.

That was long ago. With a few exceptions including one mentioned below, to the extent that anyone still studies programming methodology, it’s in the agile world, where the decisive argument is often “I always say…”. (Example from a consultant’s page:  “I always tell teams: `I’d like a [user] story to be small, to fit in one iteration but that isn’t always the way.’“) Dijkstra did appeal to gut feeling but he backed it through strong conceptual arguments.

The field of software engineering, of which programming methodology is today just a small part, has enormously expanded in both depth and width. Conferences such as ICSE and ESEC still attract a good crowd, the journals are buzzing, the researchers are as enthusiastic as ever about their work, but… am I the only one to sense frustration? It is not clear that anyone outside of the community is interested. The world seems to view software engineering as something that everyone in IT knows because we all develop software or manage people who develop software. In the 2017 survey of CS faculty hiring in the U.S., software engineering accounted, in top-100 Ph.D.-granting universities, for 3% of hires! (In schools that stop at the master’s level, the figure is 6%; not insignificant, but not impressive either given that these institutions largely train future software engineers.) From an academic career perspective, the place to go is obviously  “Artificial Intelligence, Data Mining, and Machine Learning”, which in those top-100 universities got 23% of hires.

Nothing against our AI colleagues; I always felt “AI winter” was an over-reaction [1], and they are entitled to their spring. Does it mean software engineering now has to go into a winter of its own? That is crazy. Software engineering is more important than ever. The recent Atlantic  “software apocalypse” article (stronger on problems than solutions) is just the latest alarm-sounding survey. Or, for just one recent example, see the satellite loss in Russia [2] (juicy quote, which you can use the next time you teach a class about the challenges of software testing: this revealed a hidden problem in the algorithm, which was not uncovered in decades of successful launches of the Soyuz-Frigate bundle).

Such cases, by the way, illustrate what I would call the software professor’s dilemma, much more interesting in my opinion than the bizarre ethical brain-teasers (you see what I mean, trolley levers and the like) on which people in philosophy departments spend their days: is it ethical for a professor of software engineering, every morning upon waking up, to go to in the hope that a major software-induced disaster has occurred,  finally legitimizing the profession? The answer is simple: no, that is not ethical. Still, if you have witnessed the actual state of ordinary software development, it is scary to think about (although not to wish for) all the catastrophes-in-waiting that you suspect are lying out there just waiting for the right circumstances .

So yes, software engineering is more relevant than ever, and so is programming methodology. (Personal disclosure: I think of myself as the very model of a modern methodologist [3], without a beard or a Dutch accent, but trying to carry, on today’s IT scene, the torch of the seminal work of the 1970s and 80s.)

What counts, though, is not what the world needs; it is what the world believes it needs. The world does not seem to think it needs much software engineering. Even when software causes a catastrophe, we see headlines for a day or two, and then nothing. Radio silence. I have argued to the point of nausea, including at least four times in this blog (five now), for a simple rule that would require a public auditing of any such event; to quote myself: airline transportation did not become safer by accident but by accidents. Such admonitions fall on deaf ears. As another sign of waning interest, many people including me learned much of what they understand of software engineering through the ACM Risks Forum, long a unique source of technical information on software troubles. The Forum still thrives, and still occasionally reports about software engineering issues, but most of the traffic is about privacy and security (with a particular fondness for libertarian rants against any reasonable privacy rule that the EU passes). Important topics indeed, but where do we go for in-depth information about what goes wrong with software?

Yet another case in point is the evolution of programming languages. Language creation is abuzz again with all kinds of fancy new entrants. I can think of one example (TypeScript) in which the driving force is a software engineering goal: making Web programs safer, more scalable and more manageable by bringing some discipline into the JavaScript world. But that is the exception. The arguments for many of the new languages tend to be how clever they are and what expressive new constructs they introduce. Great. We need new ideas. They would be even more convincing if they addressed the old, boring problems of software engineering: correctness, robustness, extendibility, reusability.

None of this makes software engineering less important, or diminishes in the least the passion of those of us who have devoted our careers to the field. But it is time to don our coats and hats: winter is upon us.


[1] AI was my first love, thanks to Jean-Claude Simon at Polytechnique/Paris VI and John McCarthy at Stanford.

[2] Thanks to Nikolay Shilov for alerting me to this information. The text is in Russian but running it through a Web translation engine (maybe this link will work) will give the essentials.

[3] This time borrowing a phrase from James Noble.

[*] I am reposting these CACM blog articles rather than just putting a link, even though as a software engineer I do not like copy-paste. This is my practice so far, and it might change since it raises obvious criticism, but here are the reasons: (A) The audiences for the two blogs are, as experience shows, largely disjoint. (B) I like this site to contain a record of all my blog articles, regardless of what happens to other sites. (C) I can use my preferred style conventions.


Written by youryblog

January 25, 2018 at 4:01 PM

Why can’t you find a job with a Stanford computer science PhD?

leave a comment »


To many of my older colleagues, the idea that you possibly couldn’t find a job with a good degree, let alone a PhD, is unthinkable. And what about a promising young graduate in Computer Science from Stanford University? What if he has a PhD? He may not be able to secure an academic job, but industry recruiters will be all over him (or her). Surely!

The truth is maybe harsher.

Chand John wrote a touching article recounting his personal experience. No doubt, he expected to easily land a good industry job. At least, that is what his professors expected. Yet it took him a year to get a job. He was dismissed by most employers:

Despite having programmed computers since age 8, I was rejected from about 20 programming jobs. (…) my experience writing code at a university, even on a product with 47,000 unique downloads, didn’t count as coding “experience”.

There is a hidden assumption on campus that academic jobs are hard to get, but industry jobs are easy. Many computer science professors assume that they and their students could easily land a job at Google or any other tech company nearby. Along with this belief goes the fact that whatever happens on campus is years ahead, and much more sophisticated, than what industry does. The story goes like this: government funds professors who have the ideas, they get their students to develop these ideas… and eventually these ideas end up getting picked up by industry when students get industry jobs. The story goes back to Vannevar Bush.

There is a problem however: this story does not match the facts. Employers do not recruit graduate students to get access to the work they did on campus. When a graduate student is recruited, he will be very lucky if his new employer has more than a passing interest in what he did on campus. It is not just employer reluctance: very few students could take what they learned as a graduate student and launch a business or a consulting venture.

The truth is that if you are fresh out of school, you will be the one doing most of the learning in industry. Even someone with a PhD can expect to be an apprentice for many years.

Also, let us be honest: the software produced on campus is rarely good. It is often made of untested, undocumented, and barely functioning prototypes. I have no doubt that Chand John wrote beautiful and maintainable software while at the university. However, I understand the skepticism of employers who hear “I wrote code as a student”. It is simply not a great reference. They hear “I wrote software for fun”.

So, people like Chand John end up with prize-winning research that is of little interest to anyone in industry. They wrote code on campus, but employers think “Oh! God! They will have to unlearn everything and start from scratch”. Is it any surprise that they are not offered the top programming jobs?

Of course, it is not entirely fair to say that Chand John couldn’t easily get an industry job. He does not tell us how selective he was. I am asked routinely by people from industry about clever graduate students. Presumably, what he couldn’t get easily is an interesting job. A job that would allow him to pay his student debts and offer him an intellectual challenge.

These jobs are scarce, both in industry and in academia.

Update: It looks like Chand works for Honda Research in what must be a desirable position.

Source: The idea for this post came to me from a G+ post by Suresh Venkatasubramanian.

Written by youryblog

January 17, 2015 at 6:39 PM

Posted in Uncategorized

CVS server on CENTOS

leave a comment »

updated from Set Up CVS Server on Linux (some mistakes and some problems found)

Assumption: server:   client:
Goal: user mike can use the CVS on (assumption: mike has an account as “mike” on

At the first we need to create users:

in MS Excel

useradd -c <comment> <username> -G cvs

=CONCATENATE(“useradd -c “,LOWER(LEFT(RIGHT(B7,LEN(B7)-FIND(“,”,B7)-1),1)&(LEFT(B7,FIND(“,”,B7)-1))))

change password

=CONCATENATE(“echo “,CHAR(34),LOWER(LEFT(RIGHT(B7,LEN(B7)-FIND(“,”,B7)-1),1)&(LEFT(B7,FIND(“,”,B7)-1))),”:”,E7,CHAR(34),” | chpasswd”)


1. install cvs and xinetd on the server
$yum install cvs
$yum install xinetd

NOTE: check whether cvs (or xinetd) has been installed:
$rpm -qa | grep cvs

2. set up cvs group and user on the server:
$groupadd cvs
$useradd -g cvs -G cvs -d /home/cvsroot cvsroot
$passwd cvsroot # set up password for cvsroot

Add mike to the cvs group:
$usermod -G mike cvs

Check whether mike is in the cvs group:
$groups mike

3. change owner of /home/cvsroot if necessary, chmod for /home/cvsroot:
$chown -R cvsroot:cvs /home/cvsroot
$chmod -R 775 /home/cvsroot

4. initialize cvs:
(login as cvsroot)
$cd /home/cvsroot
$cvs -d /home/cvsroot init  # full path is required
$chmod 644 /home/cvsroot/CVSROOT/config

5. create file for CVS self-startup, as xinetd type
(login as root)
$cd /etc/xinetd.d
$cp cvs cvspserver
$vim cvspserver  # do the following modifications:

# default: off
# description: The CVS service can record the history of your source \
#              files. CVS stores all the versions of a file in a single \
#              file in a clever way that only stores the differences \
#              between versions.
service cvspserver
disable                 = no             # modify
port                       = 2401
socket_type       = stream
protocol               = tcp
wait                       = no
user                       = root
passenv               = PATH
server                   = /usr/bin/cvs
env                         = HOME=/home/cvsroot    # modify
server_args        = -f –allow-root=/home/cvsroot pserver    # modify

6. add CVS as a service:
$vim /etc/services

Add two lines if not in the file:
cvspserver 2401/tcp #pserver cvs service
cvspserver 2401/udp #pserver cvs service

7. restart xinetd:
$/etc/init.d/xinetd restart

8. check if cvspserver has started
$netstat -l |grep cvspserver

should return:
tcp   0    0            *:cvspserver           *:*               LISTEN

9. manage users
$cp /etc/shadow /home/cvsroot/CVSROOT/passwd   # owner of passwd should be cvsroot:cvs
($cd /home/cvsroot/CVSROOT)
$chmod 644 passwd

modify passwd, delete all lines except users cvsroot and mike (you can keep some lines if needed)
for every line, delete all the content after the second “:”, and append cvsroot to that “:”

10. on client, log in to the CVS server:
$cvs login

11. on client, import a project /home/mike/myproject onto CVS server:
$cd /home/mike/myproject
$cvs import -m “my project” myproject mike start

12. errors:
1) As follows:
[ ~]$ cvs -d login
Logging in to
CVS password:
cvs [login aborted]: unrecognized auth response from localhost: cvs pserver: cannot open /home/cvsroot/CVSROOT/config: Permission denied

Solution: turn off SELinux on
Turn it off now:
$setenforce 0

Turn it off after next restart:
$vim /etc/selinux/config
modify SELINUX=enforcing to

2) As follows:
[ ~]$ cvs login
Logging in to
CVS password:
cvs [login aborted]: connect to []:2401 failed: No route to host

Solution: turn off firewall on, or allow 2401 port in the firewall
Turn off firewall now:
service iptables stop

Turn off firewall after next restart:
$chkconfig iptables off   # or $/sbin/chkconfig –level 2345 iptables off

Check firewall status:
$/etc/init.d/iptables status

NOTE: This method applies on Fedora 12 for CVS server

[5]  (CVS 常用操作 Howto)

Written by youryblog

September 28, 2013 at 5:20 PM

Posted in Uncategorized

Businesses Worry About Christmas Day Attacks by By Fahmida Y. Rashid December 24, 2012 –

leave a comment »

“In an online survey of 270 security and IT professionals, about 57 percent said their companies may be more vulnerable to security attacks during major holidays such as Christmas or New Year’s. Breaking down by job function found that 61 percent of security professionals were concerned, compared to 54 percent of business stakeholders. The survey, which was conducted between Nov. 8 and Nov. 19, was commissioned by nCircle and conducted by Dimensional Research.”,2817,2413540,00.asp

good to know

Written by youryblog

January 1, 2013 at 2:13 PM

Posted in Uncategorized

Tagged with