First of all, thank you for making and sharing this. I have a few technical questions, if I may.
Does Bearer perform data-flow analysis? If so:
1. Is the analysis inter-procedural?
2. Is it sound? (Does it only report findings that it’s absolutely certain in but missing others; or does it report all possible findings even if some of them report false positives)
3. How are sources and sinks of information specified?
4. I see it supports JavaScript and Ruby. Any plans on adding other languages? Is the current analysis implementation amenable to adding support for other languages?
5. What’s the analysis behavior around dynamic language constructs (e.g. eval)?
6. What’s the analysis behavior around missing symbols/dependencies?
Thanks for your questions. Yes we do perform dataflow analysis:
1. Not yet but we are exploring ways to support that
2. The analysis part is sound. False +ves (mainly) come from limitations with what you can specify in the rule language. We're working on this however.
3. We don't make that distinction in the rules language currently. Sensitive data detection (which is built-in) is effectively treated as a source. But we need to allow rules to specify sources. I don't think the limitation matters to finding issues, but more to how well they are reported (you effectively only get the sinks reported at the moment).
4. We plan to add other languages but are mindful of the balance of depth vs breadth of support. Is there a particular language you'd like to see support for?
5. There is no support for these currently unfortunately.
6. As it's intra-procedural, we take quite a basic approach to these (with some special cases in the engine). In terms of dataflow, we treat unknown function calls as identity functions (assume the output is somehow influenced by all the inputs). Obviously this is not ideal in terms of false +ves, but we need to work on inter-procedural support first to do a good job of this. In terms of type analysis, we will try to infer unknown types locally from field/property access.
I've been using it for a while. It's been the most convenient solution, and worth the price. Before that I used a 3rd party Send-To-Kindle bookmarklet, and Instapaper via Calibre in the past.
Pros:
+ QR-codes at the end of articles to go back to them
+ Clean configuration
+ Scheduled delivery
+ Reliable
Cons:
- Often misses images and, sometimes, even text from the original page. To be fair, I have found to be the problem of every web->ebook converter out there.
- It says it supports Kindle Back Issues, but they don't seem to work for Crofflr ebooks even on a top-of-the-line (Oasis) Kindle.
Matter of taste:
~ I'd prefer for every article to be in a separate book so I can read out-of-order, and delete and bookmark them separately. But the navigation interface within the single book (issue) is very nice.
Does the library export data from the web service or from the device itself? Also, do you know if the device can be prevented from syncing with the cloud?
PS: Thank you for your contributions. I've looked into 3rd party open source sync libraries for activity trackers before, and the state was dire.
I assume you are looking at the table on slide 7. I think that is the percentage of all who completed relative to those who started it, so whether many CS undergrads go intro industry (which is most likely the case) or not is irrelevant. However, I can offer anecdotes from my experience (recent PhD in CS). First, it is usually easy to find good jobs in the industry while you are doing your PhD. I think half of students in my department that did machine learning and computer vision didn't finish their PhD and went off to work at Google and the likes. It is very tempting, because the hours in a PhD program are long, stress is high and money is never good. And many CS PhD end up working in the industry anyway. Second, writing a lot of code isn't necessary if you're doing pure theory --- but even then you might be making small prototypes or using proof assistants, so a no-programming research in CS is rare. Whether you need to master many new skills depends on your background and what you want to do for your dissertation.
To clarify on going to industry... If you are a top student with a bachelors in a field like Physics or Biology - there's aren't as many post-undergrad options as the top CS student. Therefore, the top Physics and Biology majors are more likely to head to grad school. Those top students are more likely to finish on time.
Again - just a hypothesis.
I think your point about mid-Phd CS folks having options is stronger. If you're 2 years into a Biology Phd program, your options are limited. If you're 2 years into a CS Phd program, the sky is the limit.
I hear you on CS theory. My impression during undergrad was that the grads were doing a lot of programming in the coursework, and many beyond.
Depends on the publisher. Both ACM and IEEE allow publishing a copy on your website, don't know about Springer or Elsevier. Most authors in CS that I know publish copies as soon as they are accepted for publication.
> * Publicly recommend to all scientific boards that the hiring process should judge applicants by the merit of their publications, not by their journal's ranking.
Unfortunately, that's just not practical. Science has become (always been?) so hyper-specialized that adequately judging impact of publications outside your speciality, let alone your field, has become very hard, unless it's a Huge Deal, in which case nobody would care to gather the board for the hire. (I'm talking about Computer Science, no idea about other fields.) Basically, you need to follow the current state-of-the-art to adequately judge the novelty, importance and merit of the paper. You might have a person from that field on the board, but that's unlikely -- departments usually try to diversify the range of research directions in their hiring decisions.
But, suppose, you require the board to carefully review all the publications on their own merit anyway. Suppose that reviewing one paper thoroughly takes at least 4 hours --- more, if you don't know anything about the area. And, say, an average applicant has 20 papers. You need at least 80 hours to judge the merit of one candidate's publications. Considering that hiring committees consist of professors, who are often already overloaded with teaching, research and administration, it's simply unrealistic to require them to spend so much time on one candidate.
Journal and conference rankings are helpful, because the ranking usually correlates with the quality of the peer review (though, recently, there have been some embarrassing examples to the contrary). So, the hiring committees can and do make use of rankings and citation counts as a proxy measure for the quality and merit of the candidates' publications. That might not be very thorough, but, at least, it scales.
Rephrasing the gist of your argument: The professors are overloaded, so they cannot do a thorough job when they are on a hiring committee. Therefore, we should use the existing structures that make it trivial to rank applicants, with the unfortunate consequence of us supporting the closed-access journals of today.
My biggest disagreement is with the "Therefore" implication, and allow me to illustrate why.
As a PhD student, I am also obligated to teach (T.A., mostly). The hiring process we mentioned completely ignores teaching skills, and at my uni there is very little negative feedback if you do a "modest but not very good" job.
Therefore, some PhD students actually do not think too hard about their teaching, and just reuse exercises that were given last year, so they can do other things (research). Not all PhD students do this, mind you, but it is clearly a good strategy if you want to get hired.
You can use the same argument you just made to say: "The students are overloaded (they are), therefore we should be okay with them doing a sloppy job when teaching." But is it something that you can actually agree with? In my opinion, we should come back from the other way: The teaching has to be good, so we have to give the students enough time to prepare and not overload them, so they do a good job at whatever we assign to them.
And this argument translates to the professors' case as well, at least for me. The hiring process has to be fair, and the research has to be free, so we should give enough incentive to the professors on the scientific board to spend enough time so they do a thorough job. Or maybe invent new ways of ranking, so that we do not depend on the closed-access journals of old. Either way, we should not give up open-access research just for this triviality.
> As a PhD student [..]. The hiring process we mentioned completely ignores teaching skills [...]
As a PhD student myself, I have observed the hiring process at my department many times. Here teaching experience counts, and teaching skills are evaluated: the candidate has to give a talk, which is used to evaluate how well the person can teach. I'm pretty sure it's the same in other universities.
Also, if you're interviewing for a teaching professor position, then you have to give a mock lecture with actual students in attendance.
I sympathize with your ideals about how things should be, but at some point one needs to accept the reality. There's no way to magically find time in professors' time for a review of papers "out of the left field". There aren't any incentives for that, and I don't imagine any universities investing extra money into that. I mean, most professors aren't formally paid for administrative tasks, unless they hold some kind of official title (Department Director, Dean etc.). What they're paid for is research and teaching.
One relatively easy way to fix that would be to publish reviews along with the papers. While you and I would both agree that many reviews are rubbish, many others still are quite insightful and can serve a more expressive indicator of quality than journal/conference ranking and citation count.
Not the parent poster, but I have custom agendas too. The two I use the most are "Today" and "Weekly review". "Today" has the ordinary day agenda block, but sprinkled with habits tracking, as well as the separate list of NEXT actions, sorted by priority and complexity. The view is structured to answer the "What should I be doing right now?" very quickly.
The "Weekly review" is made for a (slightly tweaked) GTD review. It allows me to review all the finished tasks in one plays, which I archive or refile for future reference (this is to mitigate the downside of mixing TODOs with notes --- you might lose important info when you archive a DONE task). Next block reviews the tasks where I'm waiting on something or someone. I can update their status and close them if whatever I was waiting on has happened. Then there are new tasks from my inbox (org-capture) that I refile and assign priorities/schedules/deadlines too. Then there is the agenda for the next week, so I have a chance to plan my work and schedule more tasks if I have the capacity. Then there is the review of all the NEXT actions. Then there are the SOMEDAY tasks, which I review and occasionally promote to TODOs or NEXT actions.
I'm also tinkering with agenda views that give longer term perspective for project planning. However, I'm already running into the limitations of agenda views.
Most of it is inspired by Bernt Hansen's (cited by the OP) and Sacha Chua's configs, though they are doing even more sophisticated stuff at times.
I've been meaning to do an agenda view for weekly reviews for awhile, but my master view works well enough. What I'd really like is an agenda view that approximates a burn down chart and gives me a suggested velocity for next week (or some arbitrary period of time) based on the difference between my effort estimates and actual clocked-in time. A task aging view would also be nice to remind me about tasks on my list that have been idle for awhile so I can update them.
But alas, this is the beauty and curse of org mode. I could do this, but will the time investment really make me that much more productive? Maybe, but maybe not.
Does Bearer perform data-flow analysis? If so:
1. Is the analysis inter-procedural?
2. Is it sound? (Does it only report findings that it’s absolutely certain in but missing others; or does it report all possible findings even if some of them report false positives)
3. How are sources and sinks of information specified?
4. I see it supports JavaScript and Ruby. Any plans on adding other languages? Is the current analysis implementation amenable to adding support for other languages?
5. What’s the analysis behavior around dynamic language constructs (e.g. eval)?
6. What’s the analysis behavior around missing symbols/dependencies?