Slashdot Mirror

You seem to be asking one question and giving a specific example of another.

The question you ask is what to do when our ideals conflict with the real world. In that case, if you value your ideals highly enough, you quit your job. Consider the ACM Code of Ethics as an example. If you cannot uphold its ideals, you should, ethically, discontinue your job. The same goes here. If you cannot consionably do this (i.e., the very concept of a filter is wrong in your sight) then don't do the job!

The question you seem to be asking by your example is how to design this filter so that it doesn't violate your standards of censorship (i.e., porn is not allowed, but anything else, in general, is). I am not well equipped to answer this question, though I would suggest you consider designs that function on the basis of individual site / page rejection, rather than some sort of content heuristic. In general, the former seem to be much better than the latter, though they depend on a great deal of input into determining excluded sites.

There existed at least one such service, CrossingGuard, which seems now to have been discontinued. I cannot speak to its effectiveness, however, so I'm willing to be shouted down on this one point. :-)

Also, take a look at this paper on NextGen. NextGen is a superset of GJ and hopefully a release will be coming soon.

A couple of examples of what NextGen adds to GJ:

- ability to write expression "new T(...)" where T is a type variable.

- ability to write expression "instanceof T" where T is a type variable

GJ and NextGen's implementations of genericity are much better than C++ because they allow for sound typing and code reuse. I use GJ at work, and I am currently working on a tool to generate HTML documentation for GJ source code, a javadoc-like tool which we are calling, uh, gjdoc. It will fix some issues I had with pizzadoc's generated HTML. The first release (0.5, forthcoming) will not support cross-referencing other classes (e.g., via hyperlinks in method argument lists or return types), but it will document GJ source and support the important tags like @param, @return, and, of course, @author. I'm planning on developing linking in the second release. The issue with links is when documenters provided unqualified names: the search for a qualified name from a simple name is outlined in detail in the Java language spec, and it requires a good amount of code.

Anyway, try GJ out. You might like it.

> Mike

"But open source guarantees security!" someone says. "A thousand eyes looking at the code..."

um, no. Uberhacker Ken Thompson says why.

Seriously, if there were a backdoor in a stable piece of software (one that was well-programmed and never gave anyone trouble,) how soon would it be discovered? Backdoors can be hidden very well (see previous link.)

What really needs to be done away with is the inability to install software as non-root. What *I* want is to be able to do "make install" as NON-root, and have it go into the appropriate directories. That, I think would be a reasonable level of security.

I was hoping for something a little more interesting, maybe like Jakob Nielsen's Anti-Mac Interface . The so-called "next generation" Nautilus interface is just a hackjob of the Windows Explorer. Why is this company worth $11 million in VC funding?

They will never be a "better Windows than Windows". OS/2 tried and failed. Then again this might not be surprising, if you consider that these are the people who created the horrible General Magic PDA interface.

or maybe these screenshots are just a cover-up for the really cool stuff their developing... :-)

SIGCSE has a bunch of resources that you might check out:

SIGCSE homepage

We should state at the outset that we are devoted fans of the Macintosh human interface and frequent users of Macintosh computers. Our purpose is not to argue that the Macintosh human interface guidelines are bad principles, but rather to explore alternative approaches to computer interfaces. The Anti-Mac interface is not intended to be hostile to the Macintosh, only different. In fact, human interface designers at Apple and elsewhere have already incorporated some of the Anti-Mac features into the Macintosh desktop and applications. The Macintosh was designed to be "the computer for the rest of us" and succeeded well enough that it became, as Alan Kay once said, "the first personal computer good enough to be criticized."

In this article, we explore the types of interfaces that could result if we violate each of the Macintosh human interface design principles.

$ cat < /dev/mouse

I'm really interested in new work on user interfaces. I don't
like the idea of hiding what programs are doing that comes with the
desktop metaphor, and by extension to almost all GUIs, but on the
other hand, I wouldn't go back to text-only, mouse-free, console
experience. So I use my machine in an unprincipled mess of GUI and
CLI. Consistency isn't so important, but surely there has to be a
better way...

If you really believe you can trust a program just because you've read the source code, I strongly urge you to read Ken Thompson's article Reflections on Trusting Trust. In it, he shows that you can't trust any program on your system unless you wrote the assembler, linker, loader and compiler yourself. In machine code.

$ cat < /dev/mouse

Not only does this mean my kids will get to play all the great games I grew up on, but it also looks like this is the first step towards Vernor Vinge's idea of a massive database of source code which could be used and modified in the future to really do anything we wanted. (He explains this a bit better in his novel 'A Deepness in the Sky').

• Speech. See Portico for a real commercial product with pervasive use of a speech UI (if only the smarts were on my Newton....)
• Agents. Lots of work being done on how to make "smarter" user interfaces. Just do a query on any big search engine. Brenda Laurel's seminal Computers as Theater is a prime example.
• Information visualization, some of which is 3D but Edward Tufte's books are a well-known exception.
• CSCW, aka Computer-Supported Collaborative Work, including shared whiteboards and the like.
• Not to mention video conferencing, the web itself, video games, etc.

Completely new paradigms are also being worked on - Ken Perlin's Pad is one good example, as is David Gelertner's Lifestreams.

PDA intercases, at least the better ones, are also an area of active research. WinCE is mostly a scaled-down WIMP UI, but the Newton is not. The Newton makes pervasive use of gestures (and not just handwriting - even cut, copy, and paste), as well as sound, animation, and a lack of anything resembling a desktop, "saving" files, or even files at all at the user level.

General references to UI research include Ben Schneiderman's textbook (good for learning just how complex the field is) and Baecker et al's collection (which has some of the recent results) and the pages of SIGCHI, the ACM's Special Interest Group for Computer-Human Interaction.

• Speech. See Portico for a real commercial product with pervasive use of a speech UI (if only the smarts were on my Newton....)
• Agents. Lots of work being done on how to make "smarter" user interfaces. Just do a query on any big search engine. Brenda Laurel's seminal Computers as Theater is a prime example.
• Information visualization, some of which is 3D but Edward Tufte's books are a well-known exception.
• CSCW, aka Computer-Supported Collaborative Work, including shared whiteboards and the like.
• Not to mention video conferencing, the web itself, video games, etc.

Completely new paradigms are also being worked on - Ken Perlin's Pad is one good example, as is David Gelertner's Lifestreams.

PDA intercases, at least the better ones, are also an area of active research. WinCE is mostly a scaled-down WIMP UI, but the Newton is not. The Newton makes pervasive use of gestures (and not just handwriting - even cut, copy, and paste), as well as sound, animation, and a lack of anything resembling a desktop, "saving" files, or even files at all at the user level.

General references to UI research include Ben Schneiderman's textbook (good for learning just how complex the field is) and Baecker et al's collection (which has some of the recent results) and the pages of SIGCHI, the ACM's Special Interest Group for Computer-Human Interaction.

• Speech. See Portico for a real commercial product with pervasive use of a speech UI (if only the smarts were on my Newton....)
• Agents. Lots of work being done on how to make "smarter" user interfaces. Just do a query on any big search engine. Brenda Laurel's seminal Computers as Theater is a prime example.
• Information visualization, some of which is 3D but Edward Tufte's books are a well-known exception.
• CSCW, aka Computer-Supported Collaborative Work, including shared whiteboards and the like.
• Not to mention video conferencing, the web itself, video games, etc.

Completely new paradigms are also being worked on - Ken Perlin's Pad is one good example, as is David Gelertner's Lifestreams.

PDA intercases, at least the better ones, are also an area of active research. WinCE is mostly a scaled-down WIMP UI, but the Newton is not. The Newton makes pervasive use of gestures (and not just handwriting - even cut, copy, and paste), as well as sound, animation, and a lack of anything resembling a desktop, "saving" files, or even files at all at the user level.

General references to UI research include Ben Schneiderman's textbook (good for learning just how complex the field is) and Baecker et al's collection (which has some of the recent results) and the pages of SIGCHI, the ACM's Special Interest Group for Computer-Human Interaction.

There are lots of market reasons why a non-WIMP mainstream user interface is unlikey to emerge. Essentially, the WIMP interface works well enough for doing productivity-style applications with a screen, mouse, and keyboard.

Future interfaces will come when they are needed to support future capabilities. Look for new input/output technologies and new form-factors to usher in radical changes - speech input/output, vision, etc., will reshape the user experience in the next decade. In addition, expect that future user interfaces will have an increased recognition of the social and emotional functions that our computing devices are being asked to serve. (and no, I am not talking about Bob...)

- davevr
-====
Open Source Virtual World's Toolkit! ==> http://www.vworlds.org

Some counterproof: The Anti-Mac (by Gentner and Nielsen, so you'd better listen!)

There are some great innovation going on when it comes to user interface design. I work as a researcher in sweden and here a lot of people are working on new hand healed devises and how to make new user interfaces for small screens(mostly because Ericson and Nokia are nordic, two of the leading cell phone manufacturers in the world). So a lot is happening in that area.

A god place to look for innovation is ACM chi (computer human interaction), a org where you can find a lot of fun stuff. A lot of the research that is going on is about how to integrate computers in to our life's, so that you don't need to interact whit them directly, they them self should be context sensitive to their environment and respond to your needs and filter out the information you need. this is usually called "augmented reality"

So what about regular user interfaces? well in my opinion there is way to little innovation when it comes to computer applications and the open source community has not been as innovative as one would think, but i what to give one link to Alias|Wavefront. If you look at there hi-end cad/animation software you will find so much of innovation that will make you hate most of our common software's interfaces

Eskil

• Squeak, a Smalltalk-based language/OS/IDE/VM developed by Disney. Specifically, try to find stuff about Morphic there; it was born in Self, a prototype-based (classless) relative of Smalltalk, but it's been adopted officially as Squeak's UI system. It's pretty innovative, taking the approach of representing all objects graphically on screen through the notion of "morphs".
  
• ETH Oberon, another integrated language/OS hybrid, with a very different UI with some interesting ideas.
  
• Gentner and Nielsen's amazing article The Anti-Mac, which, by starting out with the goal of violating all the reasoning behind Apple's Human Interface Design Guidelines, ends up with a very interesting - and very implementable in the near future - UI design for high-performance workstations.
  

• zoomable UIs (Pad++)
• two-handed user interfaces (e.g. toolglasses and magic lenses)
• smarter desktops(e.g. Apple Data Detectors, LiveDoc, CyberDesk)

If you're a computer user, you need to read The Forum on Risks to the Public in Computer and Related Systems, available on the web at http://catless.ncl.ac.uk/Risks/ on on the Usenet news as comp.risks

The Risks forum is part of the ACM Committee on Computers and Public Policy.

You should make a special effort to read Risks if you:

• Program computers
• Make policy decisions involving computers (managers, government etc.)
• Depend on computers for your life or safety (do you fly on airplanes?)
• Operate computers in situations where they affect life or safety

USS Yorktown dead in water after divide by zero

The Navy got rid of its more robust warship operating systems and replaced them with Windows NT. As a result of this, when a sailor typed a "0" in a data entry field, the whole shipboard network went down and the proud Yorktown had to be towed back into port.

Security concerns, viruses and the like are discussed extensively in Risks.

Do you use Microsoft Word on Mac or Windows? Do you use it to type confidential documents? Consider this post from a fellow who received a contract from an attorney in Word format:

The scary MSWord residue feature

I recently received a legal document as part of a personal negotiation that I am doing. The document was e-mailed to me in MSWord format. As I was showing it to my lawyer (who happens to be my wife), we decided to put our thoughts inline using the track changes feature of word. After selecting Tools, and Track Changes, we clicked on "Highlight changes in document" and voila, suddenly a whole bunch of red appeared on the screen. We looked at it closely and realized that everything in red represented changes in the document that my counterpart's lawyer had written.

We got a good look at the previous version of the contract, as well as a bunch of comments and justifications that the lawyer wrote to his client. It was an eye opening experience. It appears that instead of selecting "Accept all changes" before sending it to me, the other party to the contract simply turned off the highlighting to the track changes feature.

This is obviously a case of an unsophisticated person misusing a feature. However, it is very dangerous. Lawyers send word documents around all the time, and many of them do not really understand all the features that they use, nor should they have to. I imagine that I was not the first person to see some behind the scenes conversation in an important word document, that I was never intended to see.

New HDTV signal shuts down Baylor heart monitors

On 26 Feb 1998, WFAA TV (Channel 8) in Dallas turned on their new digital HDTV signal. As a result, 12 heart monitors stopped working in a Baylor University Medical Center heart surgery recovery unit; they happened to be on the same frequency. The monitors were made in the mid-1980s, and were slated for replacement. [But the patients weren't?] In the interim, WFAA has stopped transmitting -- because there are no commercial receivers yet anyway. [Source: * Dallas Morning News*, 5 Mar 1998. PGN Abstracting]

It has ISBN 020155805X and you can purchase it online from:

• http://www.fatbrain.com
• http://www.barnesandnoble.com
• http://www.amazon.com
• http://www.chapters.ca - in Canada

Mike

Tilting at Windmills for a Better Tomorrow

The disappointing thing about cases like this is that the software professionals who write these programs apparently don't consider ethical behavior to be a priority.

The ACM and the IEEE consider user privacy to be so important that it appears in their joint Software Engineering Code of Ethics and Professional Practice in a number of places, to wit:

3.12. Work to develop software and related documents that respect the privacy of those who will be affected by that software.

3.13. Be careful to use only accurate data derived by ethical and lawful means, and use it only in ways properly authorized.

Furthermore, management (i.e. Mattel) is admonished to:

5.11. Not ask a software engineer to do anything inconsistent with this Code.

5.12. Not punish anyone for expressing ethical concerns about a project.

So why do products like this keep appearing? I realize that just because something's unethical doesn't make it illegal, but still... it's dismaying, to say the least.

Ken Thompson managed to get an early Unix that came with source code to allow logins to anyone supplying a certain password without leaving any traces in the source code !
Read all the scary details in his ACM Turing Award speech Reflections on Trusting Trust.

There was an excellent paper at CHI 2000 this year that you might want to check out. Here's my bastardization of the abstract:

The device consists of a cube-shaped box with three perpendicular rodsd passing through the center and buttons on the top for additional control. ... Pushing and pulling the rods specifies constrained motion along the corresponding axes. Embedded within the device is a six degree of freedom tracking sensor, which allows the rods to be continually aligned wit ha coordinate system located in a virtual world.

Umm... since when is Open Source = security?? Somebody has already posted this link on a previous story already. It describes a kind of trojan that not even source code auditing can prevent.

But of course, seeing that slashdotters never bother to do their research (in spite of habitually telling newbies to RTFM), here comes my obligatory Slashdotter response poll :-P

Poll: Most typical response to this article:

1. See? It's right in your face and you still won't admit that Open Source is flawed! M$ forever!
2. What?? Open-source != security? Oh no!!! My world... collapsing!!
3. PGP is eVil! Down with PGP! Everybody use GnuPG! We all know that the GPL makes it secure! (huh?)
4. *ahem* *cough* umm..., yeah, IIRC, IANAL AFAIK, but *ahem* yeah, this doesn't prove anything, you see, open source is always right, *ahem* this is just a special case, blah blah *ahem* ok please gimme my daily dose of karma.
5. For your information, Signal11 ... (hmm, anyone know if the moron who posts this to every other article is a spam-bot?)

People at XEROX PARC during the 70's were doing great research teaching Smalltalk to kids. If you interested in teaching kids how to program, you must see this video. The video shows ten year olds writing useful programs.

The Apple Advanced Technology Group did impressive work with Common Lisp in education during the 90's.

Although it's a snap to get started in LISP, and I love the language personally, LISP becomes subtle and arcane quite quickly, at least in my experience with Commmon LISP (Scheme is, I'm sure, much easier). For example, try explaining how defmacro works to a kid, and see how far you get!

Well, defmacro provides fewer traps and much more expressive power than the C macro facility. defmacro may not be suitable for a child's first exposure to programming, but you can do a lot in Lisp without it.

The Apple R&D department had a lot of luck using Lisp to teach programming to kids.

You're correct, of course. What I meant to say was that if an algorithm with a polynomial runtime exists for a problem, then the problem can't be NP.

Can it?

We didn't go nearly as in-depth as I would have liked, so please understand that I'm approaching the discussion with an "interested amateur" point of view.

On a side note, my exposure to this kind of theory prompted me to join the ACM's SIGACT. That is, the Special Interest Group on Algorithms and Computation Theory. It's a great place to be if you like this stuff.

You're correct, of course. What I meant to say was that if an algorithm with a polynomial runtime exists for a problem, then the problem can't be NP.

Can it?

We didn't go nearly as in-depth as I would have liked, so please understand that I'm approaching the discussion with an "interested amateur" point of view.

On a side note, my exposure to this kind of theory prompted me to join the ACM's SIGACT. That is, the Special Interest Group on Algorithms and Computation Theory. It's a great place to be if you like this stuff.

I read about a similar idea from one of the Unix gurus before (I don't remember exactly who it was, unfortunately). Basically, the article talks about how even source code is not a guarantee that you are safe.

I believe that the UNIX guru in question is Ken Thompson. His article Reflections on Trusting Trust is quite interesting.

Regards,
DeanT

--

Adamic and Huberman (2) 99. L. Adamic and B. Huberman. Scaling behavior on the World Wide Web, Technical comment on Barabasi and Albert 99.

Aiello, Chung, and Lu 00. W. Aiello, F. Chung and L. Lu. A random graph model for massive graphs, ACM Symposium on the Theory and Computing 2000.

Albert, Jeong, and Barabasi 99. R. Albert, H. Jeong, and A.-L. Barabasi. Diameter of the World Wide Web, Nature 401:130-131, Sep 1999.

Barabasi and Albert 99. A. Barabasi and R. Albert. Emergence of scaling in random networks, Science, 286(509), 1999.

Barford et. al. 99. P. Barford, A. Bestavros, A. Bradley, and M. E. Crovella. Changes in Web client access patterns: Characteristics and caching implications, in World Wide Web, Special Issue on Characterization and Performance Evaluation, 2:15-28, 1999.

Bharat et. al. 98. K. Bharat, A. Broder, M. Henzinger, P. Kumar, and S. Venkatasubramanian. The connectivity server: fast access to linkage information on the web, Proc. 7th WWW, 1998.

Bharat and Henzinger 98. K. Bharat, and M. Henzinger. Improved algorithms for topic distillation in hyperlinked environments, Proc. 21st SIGIR, 1998.

Brin and Page 98. S. Brin, and L. Page. The anatomy of a large scale hypertextual web search engine, Proc. 7th WWW, 1998.

Butafogo and Schniederman 91. R. A. Butafogo and B. Schneiderman. Identifying aggregates in hypertext structures, Proc. 3rd ACM Conference on Hypertext, 1991.

Carriere and Kazman 97. J. Carriere, and R. Kazman. WebQuery: Searching and visualizing the Web through connectivity , Proc. 6th WWW, 1997.

Chakrabarti et. al. (1) 98. S. Chakrabarti, B. Dom, D. Gibson, J. Kleinberg, P. Raghavan, and S. Rajagopalan. Automatic resource compilation by analyzing hyperlink structure and associated text, Proc. 7th WWW, 1998.

Chakrabarti et. al. (2) 98. S. Chakrabarti, B. Dom, D. Gibson, S. Ravi Kumar, P. Raghavan, S. Rajagopalan, and A. Tomkins. Experiments in topic distillation, Proc. ACM SIGIR workshop on Hypertext Information Retrieval on the Web, 1998.

Chakrabarti, Gibson, and McCurley 99. S. Chakrabarti, D. Gibson, and K. McCurley.Surfing the Web backwards, Proc. 8th WWW, 1999.

Cho and Garcia-Molina 2000 J. Cho, H. Garcia-Molina Synchronizing a database to Improve Freshness . To appear in 2000 ACM International Conference on Management of Data (SIGMOD), May 2000.

Faloutsos, Faloutsos, and Faloutsos 99. M. Faloutsos, P. Faloutsos, and C. Faloutsos. On power law relationships of the internet topology, ACM SIGCOMM, 1999.

Glassman 94. S. Glassman. A caching relay for the world wide web , Proc. 1st WWW, 1994.
Harary 75. F. Harary. Graph Theory, Addison Wesley, 1975.

Huberman et. al. 98. B. Huberman, P. Pirolli, J. Pitkow, and R. Lukose. Strong regularities in World Wide Web surfing, Science, 280:95-97, 1998.

Kleinberg 98. J. Kleinberg. Authoritative sources in a hyperlinked environment, Proc. 9th ACM-SIAM SODA, 1998.

Kumar et. al. (1) 99. R. Kumar, P. Raghavan, S. Rajagopalan, and A. Tomkins. Trawling the Web for cyber communities, Proc. 8th WWW , Apr 1999.

Kumar et. al. (2) 99. R. Kumar, P. Raghavan, S. Rajagopalan, and A. Tomkins. Extracting large scale knowledge bases from the Web, Proc. VLDB, Jul 1999.

Lukose and Huberman 98. R. M. Lukose and B. Huberman. Surfing as a real option, Proc. 1st International Conference on Information and Computation Economies, 1998.

Martindale and Konopka 96. C. Martindale and A K Konopka. Oligonucleotide frequencies in DNA follow a Yule distribution, Computer & Chemistry, 20(1):35-38, 1996.

Mendelzon, Mihaila, and Milo 97. A. Mendelzon, G. Mihaila, and T. Milo. Querying the World Wide Web, Journal of Digital Libraries 1(1), pp. 68-88, 1997.

Mendelzon and Wood 95. A. Mendelzon and P. Wood. Finding regular simple paths in graph databases, SIAM J. Comp. 24(6):1235-1258, 1995.

Pareto 1897. V Pareto. Cours d'economie politique, Rouge, Lausanne et Paris, 1897.

Pirolli, Pitkow, and Rao 96. P. Pirolli, J. Pitkow, and R. Rao. Silk from a sow's ear: Extracting usable structures from the Web , Proc. ACM SIGCHI, 1996.

Pitkow and Pirolli 97. J. Pitkow and P. Pirolli. Life, death, and lawfulness on the electronic frontier, Proc. ACM SIGCHI, 1997.

Simon 55. H.A. Simon. On a class of stew distribution functions, Biometrika, 42:425-440, 1955.

White and McCain 89. H.D. White and K.W. McCain, Bibliometrics, in: Ann. Rev. Info. Sci. and Technology, Elsevier, 1989, pp. 119-186.

Yule 44. G.U. Yule. Statistical Study of Literary Vocabulary, Cambridge University Press, 1944.

Zipf 49. G.K. Zipf. Human Behavior and the Principle of Least Effort, Addison-Wesley, 1949.
___

A brief quote from the intro: "At Stanford University, Paul Asante and Brian Reid had begun work on the W window system as an alternative to VGTS for the V system. Both VGTS and W allow network-transparent access to the display, using the synchronous V communication mechanism" [(c) ACM 1986]. More references:
P Asente, W Referece Manual, Internal document, Dept. of Comp. Science, Stanford Univ., 1984 KA Lantz, WI Nowicki, Structured Graphics for Distributed Systems, ACM Trans on Graphics, 3(1), Jan. 1984, pp 23-51
W Nowicki, Partitioning of Function in a Distributed Graphics System, PhD Thesis, Dept of Comp Science, Stanford Univ, 1985
D Cheriton, The V Kernel: A Software Base for Distributed Systems, IEEE Software, 1(2), April 1983, pp 19-42

I also found some surprising references, such as the one with James Gosling (of Java fame), in his youth (while a student at CMU):
J Gosling, D Rosenthal, A Window-Manager for Bitmapped Displays in Unix, in Methodology of Window-Managers, FRA Hopgood etal Eds, Springer-Verlag, NY, 1986
J Morris, M Satyanarayanan, M Conner, J Howard, D Rosenthal, F Donelson Smith, Andrew: A Distributed Personal Computing Environment, CACM, 29(3), Mar. 1986, pp 184-201
Andrew was a windowing system developed independently at CMU at about the same time X and Athena were being developed at MIT. Eventually, X dominated and an emulation layer was written for Andrew, to be able to run it's UI on top of X. ;-)

A number of these are available online from ACMs DL. Otherwise, a trip to the library will probably provide you with more info than you need to know! ;-)

Technicians/Engineers/Programmers are badly in need of codified ethics. Does anyone know anywhere on the Net where this is discussed? Or proposals for what a code of ethics would contain?

The ACM already created a Code of Professional Conduct in 1966 (no link, sorry), which has been revised a couple of times. The current version can be found on http://www.acm.org/constitution/code.html

YDD

Now, I think I'll ask Jason's mom (who I know) for his address so I can return the picture, and also every tape of theirs that I own. I think it's really sick for a band who's perhaps the most famous in its genre to start whining about revenue lost to Napster. I mean, who can even find "kill em all" anymore? Why not trade it around?

But, even if they want to whine about that, it's their legal right. It disgusts me, but they're entitled, I guess. But to attack universities, which are non-profit organizations, even when they're ivy league, is just wrong. And moreover, this is an oblique attack on a freakin' tool, which is just as easily used for good as harm.

Yes, I know about the ratio of legal-to-illegal stuff traded on Napster. But it is a significant, if misguided, statement by thousands of people that they're sick of the markup the RIAA would have them pay. And instead of reaching out to their fans, Metallica -- who are all millionaires, BTW -- has decided to pitch a fit about a few thousand dollars in lost revenue.

So, maybe I can get one of their home addresses, and while I think it'd be irresponsible to spread that around the internet, I don't feel bad about sending a letter or two there. Anyone else want to send back your tapes/CDs to tell 'em how you feel? Give me a buzz!

The ACM have a very interesting (if old) article arguing that there has been no real innovation in UI design since the WIMP was introduced.

They postualte on what could be acheived if we we violate each of the Macintosh human interface design principles and start again from scratch ?(They choose the MAC as Windoze, Motif etc are based to a large extend on those guidelines)

If you'd read an elengant discourse on the subject, you'd find that without scripting, or similar, you've doomed the user to do multiple, repetitive tasks. Have you ever had to rename 50 files before? That's either a lot of time clicking, typing, and clicking again in an interface (such as the Macintosh's finder, or Windows Explorer), or a few seconds writing a shell script (once you get the hang of shell scripts, of course).

If your interface can't free the user form the original hard work you intended to eliminate (the whole reason to use a GUI in the first place), you're back on square 0. True, a newbie won't know about it, but when they do need it -- it's there.
---

Yes: Thompson's Turing Award speech.

Now, I think I'll ask Jason's mom (who I know) for his address so I can return the picture, and also every tape of theirs that I own. I think it's really sick for a band who's perhaps the most famous in its genre to start whining about revenue lost to Napster. I mean, who can even find "kill em all" anymore? Why not trade it around?

But, even if they want to whine about that, it's their legal right. It disgusts me, but they're entitled, I guess. But to attack universities, which are non-profit organizations, even when they're ivy league, is just wrong. And moreover, this is an oblique attack on a freakin' tool, which is just as easily used for good as harm.

Yes, I know about the ratio of legal-to-illegal stuff traded on Napster. But it is a significant, if misguided, statement by thousands of people that they're sick of the markup the RIAA would have them pay. And instead of reaching out to their fans, Metallica -- who are all millionaires, BTW -- has decided to pitch a fit about a few thousand dollars in lost revenue.

So, maybe I can get one of their home addresses, and while I think it'd be irresponsible to spread that around the internet, I don't feel bad about sending a letter or two there. Anyone else want to send back your tapes/CDs to tell 'em how you feel? Give me a buzz!

(As usual, because I have the bad luck of reading Slashdot in my time zone, my comment is hardly going to get read, let alone moderated. Oh well.)

I'm surprised nobody seems to remember Ken Thompson's ACM A. M. Turing Award reception speech, “Reflections on Trusting Trust”. If you haven't read that classic essay, you definitely should.

As mentioned in the Jargon File (which ESR surely knows about because he's the current editor of the Jargon File), Ken Thompson planted a Back Door in the login program of the first versions of Unix by planting another back door in the compiler itself. The back door was visible nowhere, neither in the sources of the compiler nor in those of the login program, and yet it was there all the same.

The moral of this is not that it might happen, but that it is possible. You've got to start trusting someone, somewhere. How do you know, after all, that Intel has not planted back doors in your microchip's microcode? Even if you could see the chip's complete source code (and you certainly cannot), the back door may be in the software that compiles the source code to the actual plans. (And even if you can see the complete plans and have a mammoth brain that can understand them, you can never be sure that there is no back door in the laws of physics.:-)

It would be quite possible, in Ken Thompson style, for a Linux distribution, say, RedHat, to put a back door in the version of gcc they use so that, even though they redistribute all the source, and pristine source at that, and even though the compiler bootstraps correctly, yet various binary programs are compiled with back doors in them. (Note that I'm not suggesting they could tamper with the binaries: that would be noticed sooner or later. Ken Thompson's trick is far more devious.)

You cannot bootstrap everything down to the hardware level, not even to the assembler level. And even if you do bootstrap everything, detecting the presence of a back door in the source is equivalent to the halting problem. Consequently, there is plenty of room for back doors even in an Open Source world.

The last thing I want to do is defend Microsoft. I don't use their products, so I frankly don't care how many back doors they might have planted. Nor do I want to advocate security through obfuscation, because that is the one thing that has never wored and never will. But I just want to say that security will never work if you don't start trusting at some point. Microsoft may have failed this trust, now or in other numerous occasions. But for ESR to say that there is no such need in the case of Open Source software is simply wrong.

(As usual, because I have the bad luck of reading Slashdot in my time zone, my comment is hardly going to get read, let alone moderated. Oh well.)

I'm surprised nobody seems to remember Ken Thompson's ACM A. M. Turing Award reception speech, “Reflections on Trusting Trust”. If you haven't read that classic essay, you definitely should.

As mentioned in the Jargon File (which ESR surely knows about because he's the current editor of the Jargon File), Ken Thompson planted a Back Door in the login program of the first versions of Unix by planting another back door in the compiler itself. The back door was visible nowhere, neither in the sources of the compiler nor in those of the login program, and yet it was there all the same.

The moral of this is not that it might happen, but that it is possible. You've got to start trusting someone, somewhere. How do you know, after all, that Intel has not planted back doors in your microchip's microcode? Even if you could see the chip's complete source code (and you certainly cannot), the back door may be in the software that compiles the source code to the actual plans. (And even if you can see the complete plans and have a mammoth brain that can understand them, you can never be sure that there is no back door in the laws of physics.:-)

It would be quite possible, in Ken Thompson style, for a Linux distribution, say, RedHat, to put a back door in the version of gcc they use so that, even though they redistribute all the source, and pristine source at that, and even though the compiler bootstraps correctly, yet various binary programs are compiled with back doors in them. (Note that I'm not suggesting they could tamper with the binaries: that would be noticed sooner or later. Ken Thompson's trick is far more devious.)

You cannot bootstrap everything down to the hardware level, not even to the assembler level. And even if you do bootstrap everything, detecting the presence of a back door in the source is equivalent to the halting problem. Consequently, there is plenty of room for back doors even in an Open Source world.

The last thing I want to do is defend Microsoft. I don't use their products, so I frankly don't care how many back doors they might have planted. Nor do I want to advocate security through obfuscation, because that is the one thing that has never wored and never will. But I just want to say that security will never work if you don't start trusting at some point. Microsoft may have failed this trust, now or in other numerous occasions. But for ESR to say that there is no such need in the case of Open Source software is simply wrong.

Theres been a very famous back door in OSS software,
one that was not visible by reading the source.
It involved a compiler, and someone with a lot
of spare time.

Basically it goes like this: You take a compiler,
detect when your compiling login and insert a
back door into login. You also detect when your
compiling the compiler and add the code back.
Read about it here

Never may sound like a pretty strong claim. But it's true. Because back doors (unlike some other kinds of security bugs) tend to stand out like a sore thumb in source code. They're hard to conceal, easy to spot and disable -- *if you have access to the source code*.

While it's true that Open Source is more (WAY more) secure than non-open, it's not a panacea. And making claims that it IS only invite people to try (and make the fall that much harder when it comes).

But don't take my word for it, go read the Thompson paper on inserting self-reproducing malicious code into a compiler. He proves that, even with the source code you can never be 100% sure of what a program is actually doing.
--

APL and LISP are Very High Level "applicative/functional" programming languages. They are too high level to be translated into machine language (with current technology). For this reason, they are interpreted--as is done with Java; hence they tend to execute relatively slowly.

Whether or not the world would be a better place with more extensive use of languages such as APL and LISP is moot. The point that should be made (I believe) is that (i) there is a lot to be learned from the experiences with APL and LISP and (ii) those experiences seem to be overlooked nowadays.

I could give many examples to illustrate this point. Most such, though, have already been stated many times in the academic literature. For example, J. Backus (referred to by Dr. Pollack), in his 1977 Turing Award lecture, outlined the advantages of applicative languages. And K. E. Iverson (inventor APL), in his 1979 Turing Award lecture, outlined how high level languages can be a "tool of thought", i.e. an aid to programmers' thinking. (Turing Award lectures are published annually in the Communications of the ACM.)

In fact, though, APL and LISP are not just programming languages. Each is a programming environment (which includes a language). Users of LISP, for example, have what appears to be a LISP machine--i.e. a virtual LISP computer. This machine does everything. From the users' perspective, there isn't a separate operating system. This means that the user only needs to learn about one thing: LISP.

The contrast with more common programming environments is large. For example, a C (or C++) programmer also typically learns some Unix. C and Unix, though, are entirely separate things. And they don't really mix (e.g. a C program that executes Unix commands). Which is why Perl was created. Which adds a third layer of complexity to the programming environment. Which raises the skill level required for programmers and the complexity of software.

I think that this is wrong--that the correct approach is to (re)design things so that the programming environment is "monolingual". Java might be considered as something in this direction.

Although APL and LISP have been around for decades, the recognition of the benefits provided by monolingual programming environments generally seems to be more recent. Some early work is by J. Heering & P. Klint, "Towards Monolingual Programming Environments", ACM TOPLAS, 7: 183-213 [1985].

I found it interesting that someone researching what might be tomorrow's most important and advanced technology appears almost a bit nostaligic for old largely-forgotten programming environments. Maybe he had a reason.

• ACM Supporting Work Group SIG
• LUSENET / Lusenet98
• InfoPlace Document Organizer
• GROUP.lounge (a thesis in progress)

Those who think open source is a security guarantee, even if you compile your downloads, should remember Ken Thompson's sublime hack:

Reflections on Trusting Trust

His conclusion: The moral is obvious. You can't trust code that you did not totally create yourself... No amount of source-level verification or scrutiny will protect you from using untrusted code.

Sure, that should be possible. As long as you can recompile your programs to make sure they don't have any virii,and can compile your compiler to make sure it doesn't have any virii, and your original compiler doesn't automagically modify a compiler when it is being compiled, so that the new compiler will patch programs being compiled so as to leave security holes.

But yes, I can imagine changing the loader to check for some signature. Just means you have to be careful who you trust.

Also, the place where you store your key cannot be accessible to programs (say write it down, and type it in every time you want to sign something)

The IEEE and ACM are two organizations that get involved in public policy matters. The IEEE has the Computer Society for people interested in computer hardware and software.

but I haven't seen much UI innovation recently

That's because you didn't go look for it.

Morphic
Native Oberon
Bricks
Merlin
Photon

There's more...

Well... not so hard to imagine. Remeber Ken Thompson's CC hack? (slashdot rated it 3rd in the Top 10 Hacks Of All Time thread).

I think that in this day and age, "I just work here" has ceased to be an adequate excuse.

The ACM has a code of ethics and professional conduct. You can take a look here

I think that in this day and age, "I just work here" has ceased to be an adequate excuse.

The ACM has a code of ethics and professional conduct. You can take a look here