Worst Bug or Shortcomings in a Standard?

Alastair asks: "Just curious what the Slashdot crowd thinks are the worst bugs ever to creep into a standard? For mine, the various security vulnerabilities in WEP would make the grade. Also perhaps the lack of a protocol field in HDLC, and which most implementations added in a non-compatible way. I'm thinking here about bugs which result in partial or total irrelevance of the standard itself, as opposed to just a lack of interest in adopting it."

SMTP has no sender authentication.

[OneDeeTenTee]

'Nuff said.

Re:SMTP has no sender authentication.

[Homology]

'Nuff said.

Not really. SMTP was designed a long time ago where there was little need for sender authentication. At that time the "Internet" (ARPAnet) was much smaller and friendlier than todays predatory Internet. Few at that time could imagine what Internat has become today. No need to blame those designers for lack of sender authentication.

Now, the design of WEP is an entirely different matter. It was very well known that a design process of a new encryption protocoll should be public, but the designers decided to do this in secret. This was a bad decision going agains best practices.

Re:SMTP has no sender authentication.

[squiggleslash]

Why should it have had?

SMTP is merely a transport system. Authentication, if wanted, was supposed to be part of the bodies of email messages according to whatever standard a user wanted.

SMTP's lack of sender authentication is a modern-day fetish of the anti-spam crowd, and that anti-spam crowd only wants it because back when ISPs were deciding between giving users dedicated IP addresses or dynamically providing them, a debate that raged in the mid-nineties, they ended up going for the relatively anonymous dynamic IP addresses for the most part, which meant it became impossible to track email back to its original sender. Everything we've seen since with the explosion in spam and the more and more extreme methods of dealing with it really goes back to the fact that we no longer can associate an abusive user with an IP address.

SMTP was designed at a time when the entire internet was peer to peer. In the process of turning it into a consumer product, many decisions have been made that while understandable (dynamic IP was seen as easier to maintain, roaming became seamless and efficient) nonetheless sat uneasily with how the Internet had been built thus far.

Re:SMTP has no sender authentication.

[AndroidCat]

Who certifies that your authentication is authentic? ICANN, Verisign, Network Solutions, .. Microsoft?

The idea that the "anti-spam crowd" is a unified body is .. interesting. I'm sure that that being told that an idea was discussed years ago and rejected might be annoying, but have you really looked at the various trade-offs that were discussed then?

Re:SMTP has no sender authentication.

[squiggleslash]

Who certifies that your authentication is authentic? ICANN, Verisign, Network Solutions, .. Microsoft?

Depends. That's up to you. Back in the mid-nineties, there were various proposals and I think the major issue was the politics surrounding encryption (an indirect issue, but PGP was both an authentication system and encryption system) and the RSA patent more than disagreement on how it could work. PGP in particular used a pretty reasonable system that allowed you to create what boiled down to trusted networks. You'd certify your friends. Friends could certify each other. Get a key, see it's signed by people you know, and you can be pretty sure it's genuine.

It was a nice system but network and real politics really ensured it didn't take off. You had patents. You had paranoid government agencies enforcing export controls on encryption protocols. You had commercial enterprises making email clients who didn't want to enter that particular can of worms if they could get away with it.

The idea that the "anti-spam crowd" is a unified body is .. interesting. I'm sure that that being told that an idea was discussed years ago and rejected might be annoying, but have you really looked at the various trade-offs that were discussed then?

I think you're trying to find things to take issue with. Nobody ever suggested the anti-spam crowd is unified. If I were to say that only Dogs are particularly interested in peeing on lamp-posts, would you claim that this is unfair because you know a lot of dogs that do not do that kind of thing?

I also did explain the tradeoffs, in brief, in the whole accountable static IPs vs easy to administer and efficient with roaming dynamic IPs debate. (I could add paranoia over the supposed world wide shortage of IP addresses, but I don't think that was ever as big an issue as people maintained. If it had been, we'd be on IPv6 by now.)

Re:SMTP has no sender authentication.

[NateTech]

One could argue that there's been plenty of time to fix SMTP and thrash through any competing standards by now.

Meanwhile various fixes for WEP are already in-place and available.

It's not a Bug it's a feature

[shoma-san]

I love WEP. I see nothing wrong with it at all. It's so secure...

Re:It's not a Bug it's a feature

[Kizzle]

Damn you just missed your chance to get all that useful funny karma. Simply cut the last few letters off of the word "secure" and delete the dots and you would of been HILARIOUS!!!1

Re:It's not a Bug it's a feature

[Short+Circuit]

You mean, Trusted, right?

Re:It's not a Bug it's a feature

[Kizzle]

omg my gramar is teh sux!

Linux Installation

I wish there was a way to install programs common accross all versions of linux.

Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".

Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:

User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in /tmp or the installer will dump core. After the installer is done, edit /etc/X11/XF86Config and add a section called "GL" and put "driver nv" in it. Make sure you have the latest version of X and Linux kernel 2.6 or else X will segfault when you start. OK, run the Quake 3 installer and make sure you set the proper group and setuid permissions on quake3.bin. If you want sound, look here [link to another obscure web site], which is a short HOWTO on how to get sound in Quake 3. That's all there is to it!"

User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"

So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.

Re:Linux Installation

[m50d]

But the complicated instructions are usually because linux people giving advice make less assumptions. I ended up writing a paragraph on installing ut2003 for linux when in fact the process is exactly the same as for windows. Well, OK, one operation harder if you have autorun turned on for windows, but that's a security feature of linux that's worth the extra effort imo. Ditto with chmod +xing a downloaded binary.

Re:Linux Installation

[lachlan76]

Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".

And where does that setup icon come from? I don't see an icon on windows that can download almost any program, compile it, and install it automatically.

I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"

You do realise that you're comparing the quake 3 install process to downloading video drivers and configuring X.org, right?

Re:Linux Installation

[dpilot]

Just "emerge quake3"

Actually, I *almost* agree with you. The real problem is that Windows Wizards work most of the time. But when they don't, they work against you - even worse than not being there. They get in your way and make it hard to do things manually.

I began preparing to leave RedHat when RH8.1 never happened, and they went staight to RH9. After looking for a while, and evaluating various distributions on their maintainability, etc, I came to a different realization: For home use, this is supposed to be a hobby. What the heck am I doing looking at maintainability as a prime criteria, when I should be looking at fun and the learning experience?

So I ended up going with Gentoo. But far from being merely 133t, I find it incredibly maintainable, and I have never had such an easy time installing more, and more varied, software on any system. That includes Linux and Windows. I'll agree that Gentoo is still too intense for a novice, but with a little experience it brings a LOT to the table.

Re:Linux Installation

[slittle]

And where does that setup icon come from? I don't see an icon on windows that can download almost any program, compile it, and install it automatically.

Anywhere.

Unlike Windows, it's rather rare to find a Linux software package that includes everything it needs to run. Generally, you're fucked for anything not under package management.

Personally, I anything I compile manually I do statically, and shove under /opt. The Unix way (spraying shit all over the filesystem) is just too much fucking work. Good thing Debian has an awesome collection of software to start with, or I'd be fucked.

You do realise that you're comparing the quake 3 install process to downloading video drivers and configuring X.org, right?

Installing video drivers in Windows is the same. Insert CD, click OK, reboot. Ooh, and here's the cool bit: if it (Windows GUI system) can't figure out WTF you're running, it drops back to 640x480 VGA. It never fails to at least start. EVAR. Unlike X, if you so much as sneeze on the same continent it'll refuse to start.

Just another reason why none of my Linux machines (3) even have X installed...

Re:Linux Installation

[ClioCJS]

1) The setup icon is on the quake3 cd, one of few icons in the root dir.

2) With autorun enabled you don't even need to locate the icon.

3) Quake3 doesn't support soundblaster pro for redhat 6.2, so I had to wipe it and play under windows. End of saga.

Re:Linux Installation

[mopslik]

double-clicking an icon that says "setup".

And how this is different than double-clicking an RPM?

Re:Linux Installation

[Stevyn]

I agree with you. I've been using computers for about 10 years or so and went through about ever version of Windows. Eventually I got good at finding and installing software. The difficult part for finding software in windows seemed to be finding the place on the Internet to download it. Once I found the installer, it almost always was just a matter of double-clicking on it and the installer would do the rest.

Now with gentoo that I've been using since July, it's just a matter of searching for it on portage, "emerge application," and it's magically there. Yeah, it takes longer because of compiling, but it's time spent by the computer and not me.

I've found it easier to get software using if you look at the whole process. But these solutions always seem to be distro specific and not compatible with every modern linux distro, as in modern windows versions. So yeah, it is easier to install software once you get over the hurdles of installing Gentoo, but that required a lot of reading and dicking around beforehand.

I would still like some standard package manager that would work seamlessly across all distros.

Re:Linux Installation

[Phleg]

Not this tripe again.

Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".

I'll give you a hint. "apt-get" is just a tool. Likewise for "emerge". Better frontends can exist for them. As an example, Debian provides dselect and aptitude at the command line. More importantly, there's an entry in the GNOME 2 System Tools menu for the "Synaptic Package Manager". Sure enough, it's a nice, easily-understandible graphical interface for finding installing programs.

Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues.

And likewise, your examples are ludicrous. When people say that software for Linux is generally easier to install than software for Windows, most people aren't referring to compiling from source. 99.999% of what anyone needs is provided as a package for the distribution, and is easily installed via whatever frontend you choose to use (remember Synaptic?).

Re:Linux Installation

[wayne606]

Take your pick:
Linux: everything is moderately hard
Windows: 95% of the time it's easy, 5% it's impossible

Re:Linux Installation

[mattyrobinson69]

also, porthole - a front end for emerge (gentoo). Its in portage.

Re:Linux Installation

[slittle]

Doesn't that require the source tree to have ./Debian control files?

Re:Linux Installation

[Bluetrust25]

It's amazing that nobody's backing you up on this.

None of the people responding to your post get it that Linux is a fucking nightmare to get anything installed on.

Whoooosh.

Re:Linux Installation

[man_ls]

This is one of the more insightful posts I've ever seen.

If I had mod points, you'd get all of them.

Re:Linux Installation

[Cyn]

I call bullshit.

Anyone can release a .deb and stick it on the web and someone can apt-get install it, or dpkg -i install it. Just like with a .exe.

Show me a 12-yr old kid who can post a setup.exe into windows update and get it 'officially recognized' blah blah and I'll show you that you just found a new virus.

This "problem" you point out is a feature - eyes have seen and said "yes, this is worthwhile stuff" and put it out there.

I don't see how "fiddling with dpkg to install a plain .deb" is different than "fiddling with the cursor to install a plain .exe" - I don't run a desktop or nautilus, but I'd wager if I did I could just double-click .debs and get prompted for install/etc. If I can't - well, then I clearly don't have shit for motivation if I can't be bothered to run a simple 'dpkg -i'.

Re:Linux Installation

[Zorilla]

I dual boot. I usually find it's the other way around. I need the hundreds of megs to install Quake 3 under Windows and I only need a few MB for the binaries under Linux. I usually just symlink the pak files to the ones under my Windows partition.

Re:Linux Installation

[Jonathan+the+Nerd]

None of the people responding to your post get it that Linux is a fucking nightmare to get anything installed on.

Maybe because we're all using versions of our favorite distros that were released in the 21st century. I'm partial to Debian and Gentoo, but most of the others have nice and friendly software installation too.

On a slightly different subject, what about maintainability of software installations? Here's how it goes on Windows:

• There's a critical vulnerability in IE! No problem, Windows Update automatically downloads and installs the patch for me.
• There's a critical vulnerability in Office! No problem-- uh, wait, Office isn't covered by Windows Update. Guess I have to go to Microsoft's web site and download the fix myself.
• There's a critical vulnerability in Adobe Acrobat! Hm, looks like I have to go to Adobe's site to get the patch. And I won't even find out about the patch unless I hear about it somewhere, because Windows Update won't tell me.
• There's a bugfix available for Neverwinter Nights! Unless I read the forums or regularly check the web site, I'll never hear about it.

Whereas, here's the situation on Linux:

• There's a critical vulnerability in Firefox! No problem, just do "apt-get update" or "emerge sync" or whatever my distro's equivalent is. It downloads new versions and updates and installs them for me. And not just for Firefox -- for every program that the package manager knows about (which is usually a whole lot of programs). There, now my system is entirely up to date. If I don't feel like doing that manually, I can just put it in a cron job. There, now I'm perpetually updated on everything.

You can keep Windows if you want to. I think I'll stick with Linux.

"Referer"

[typhoonius]

This is stupid, but it bugs me that we're stuck with "Referer" in HTTP.

Re:"Referer"

[Ithika]

Hell yeah; it just... gets under your skin that doesn't it? ;)

Re:"Referer"

[AndroidCat]

*sigh*, another sad victim of Referer Madness.

Re:"Referer"

[identity0]

Well, at least that doesn't really affect code.

How about all the 'bugs' in the English language itself? For example, the counting system. There are often occasions where you have to code up incremental counters, and the effort to make them grammatically correct in English is such a chore most people never bother.

When you're counting something, for example days, you need to put a suffix on the number like '1st, 2nd, 3rd'. Suffixes by itself wouldn't be so bad, but the way it's determined is quite wierd. It goes 1st, 2nd, 3rd, 4th, then from 4th to 20th it's all 'th', but then becomes 21st, 22nd, 23rd, and the same for the 30s, 40s, and so on even tough the teens were all 'th'. In Japanese, you write it without suffixes, and even without plural forms, making it much easier to code incremental counts.

And what about the teens themselves, anyway? Why don't you just write it as ten-one, ten-two, ten-three, like you do for twenties and beyond? That's how it's done for Japanese, and I find it much simpler. I know German also has the concept of 'teens', does anyone know why they're treated differently in western languages?

Re:"Referer"

The "teens" are a relict of the old way to count (fourteen = four-and-ten), the way it still is in German and partly also in the Scandinavian languages. (26 = sechsundzwanzig (German) = seks og tyve (Norwegian, old) = tjue-seks (Norwegian, new) = twenty-six)

twelve = (old English) twa leofan which basically means two-ten
eleven = end leofan

Re:"Referer"

[Haeleth]

When you're counting something, for example days, you need to put a suffix on the number like '1st, 2nd, 3rd'. Suffixes by itself wouldn't be so bad, but the way it's determined is quite wierd. . . . In Japanese, you write it without suffixes, and even without plural forms, making it much easier to code incremental counts.

Sure, Japanese is so logical.

Let's consider the days of the month. "One" is "ichi", and "day" is "hi", so we put them together and get "tsuitachi". Then for the second, "two" is "ni", so we put that together with "hi" and naturally that produces "futsuka". Observe the transparency and regularity. Could Spock himself have come up with a more logical system?

And what about the teens themselves, anyway? Why don't you just write it as ten-one, ten-two, ten-three, like you do for twenties and beyond? That's how it's done for Japanese, and I find it much simpler.

Er, what did you think "fourteen" was, other than "four-ten"?

Sorry, but Japanese is no more logical than English. And numbers are one of the worst features of Japanese, not the best. (Did you forget about counters? You know, where you count books by the volume, pens by the book, and rabbits by the wing?)

Re:"Referer"

[identity0]

Okay, I think some people may not have understood what I was talking about originally. Imagine yourself writing a counter program in English, and all the special exceptions you would need to use to get the suffix right, not to mention the spelling.

..."One" is "ichi", and "day" is "hi", so we put them together and get "tsuitachi". Then for the second, "two" is "ni", so we put that together with "hi" and naturally that produces "futsuka"...

... And you missed the point. I may have confused you because of my second complaint, which was different than my first. The problem you point out is that if you were to pronounce them it would be pretty wierd because Japanese has more than one pronounciation of each number. However, if you were coding up a program to write them out, you wouldn't need to worry about it, as you would just write the kanji. I've never seen them written out phonetically, because you just need to write the character for the number, then the character for 'day'. The problems I pointed out in English would appear no matter what, because you *have* to write it out like that for it to be correct in English.

Er, what did you think "fourteen" was, other than "four-ten"?

If "fourteen" = 14, then does "fourtwenty" = 24? Why do the teens ave diffent syntax from twenties and thirties? It should be ten-four, not fourteen.

Again, imagine yourself writing a program that needs to output a number as text. In English, you need to write special exceptions for the teens when spelling them out, and special exceptions for the 1st, 2nd, and 3rd of each set of ten, except for the teens. That is if you can even change the suffixes - many times, I will just see "(number)th" written, so it ouputs stuff like "23th" or "2th".

The US Missile Shield

[WaZiX]

The bug being that it can be rendered useless with a couple k.

UTF-8 email headers

[dimss]

Standards are very unclear when you have to encode utf-8 'subject' header. Looks like there is no distinction between bytes and characters. I had to write automatic UTF-8 mailer last year. There were many, many issues with UTF-8 headers in different MUA. Especially with mix of english and non-neglish words in 'Subject'. Finally we decided to send two separate messages in two different 8-bit encodings.

Re:UTF-8 email headers

[dodobh]

Email headers are required to be 7 bit ASCII. See RFC 2821.

Re:UTF-8 email headers

[dimss]

Of course, I know it. The problem is that MIME-encoding (Base64 or QP) of UTF-8 is tricky...

No Timestamps in MIDI.

[torpor]

I know, I know, 31.25kb is too slow, but damn I wish MIDI had timestamps, from the get-go .. be perfect, otherwise.

Re:No Timestamps in MIDI.

[kauppi]

Considering the time MIDI standard was created this is not a bug. And even nowadays, MIDI doesn't need timestamps.

I wish cars could fly, beer would be free and Santa Claus would really exist (and his reindeers could fly).

Re:No Timestamps in MIDI.

[SmittyTheBold]

Hey now, just 'cause Santa doesn't exist doesn't mean his reindeer can't fly.

Re:No Timestamps in MIDI.

[AndroidCat]

I used to wonder how MS could possibly have an exploit in MIDI code. Then I found out how much junk has been retro-shoveled into that "standard" over the years. Yikes!

How about beer that's free as in speech not as in beer? Umm.

TCP, SMTP, POP3, HTTP, ...

[keesh]

Really, any of the traditional protocols that have little or no concept of security.

Re:TCP, SMTP, POP3, HTTP, ...

[Creepy+Crawler]

Your point? These protocols were made years ago, back when the internet was a bunch of colleges and .mil bases.

If there was a mean or stupid user, you personally went over to meet them, and had a "friendly chat" before you rip his lungs out.

However, these days, there's billions of people on the internet, with many millions wanting to cause problems for others.

I dunno, I think POP, ftp, telnet and such had its purpose.. perhaps not now.

Re:TCP, SMTP, POP3, HTTP, ...

[GuyWithLag]

TCP is too low-level for security considerations.

SMTP was designed at a time when every connected computer had a sysadmin that was legally responsible for it.

POP has POP over SSL; while there is the option to use STARTTLS, I haven't used a POP server yet that used this.

HTTP... What't the problem with HTTP?

Re:TCP, SMTP, POP3, HTTP, ...

[RFC959]

Is there STARTTLS for POP? *google* I'll be, so there is. I've set up TLS for SMTP, but that's it.

Anyway, while I agree with your comment in general, I think we have to address exactly what kind of security we're talking about. TLS is fine for what it is - it's just that what it is is fairly limited. Perhaps one of the weaknesses of a protocol stack model is that you have to implement security for each level at each level. For example, TLS will prevent eavesdropping on your SMTP conversation, but it doesn't authenticate senders within the conversation. Personally, I don't regard the lack of security awareness in these protocols as "bugs". "Shortcomings", maybe, but if you look at the life of standards, you'll see that it's much easier for a standard to be adopted if it's simple, practical, decentralized, and has little competition. Most of the standards we've mentioned fit those criteria at the time of their introduction, and adding security features would probably have impaired their simplicity and hurt their adoption.

Re:TCP, SMTP, POP3, HTTP, ...

[AndroidCat]

My wall sockets have little security either. At most there's a fuse, breaker or penny for protection. No user authentication or load request handshaking and management. It's shocking.

Re:TCP, SMTP, POP3, HTTP, ...

[magefile]

Linking college computers to military base computers is *exactly* the situation in which I would think you'd want security ...

Re:TCP, SMTP, POP3, HTTP, ...

[SupremeTaco]

Hogwash!! TCP is the most sec%$82d . .. .

Re:TCP, SMTP, POP3, HTTP, ...

[mattj452]

IPsec works underneath the TCP layer, so I would hardly say it's too low level ;)

Java

[mwvdlee]

Most people don't call it a "bug" but I do; the operator overloading of '+', '+=' and '=' in the Java specification's String class.

Why is this a bug? Because the creators of the standard explicitely denounce operator overloading yet they do it anyway for this exception. Operator overloading is explicitely not possible in Java... except this one time.

If it is so incredibly useful in this particular case that they would bend the specification for it, can't they understand that it would be useful for other classes (ie. Matrix classes or even the standard Number classes) too?

Re:Java

[stromthurman]

I agree with this whole-heartedly. While I've gotten away from operator overloading on account of using Java, it bothers me every time I'm allowed to do a "this" + "sucks" and have it resolve to an object. I think the idea behind not providing operator overloading was to remove ambiguity, because some people might make arbitrary choices about how two different objects are combined with an operator that may not be intuitive to other developers. While that reasoning seems ok, consider what's happened instead. They wanted to prevent lines like:
Date d = new Date() + 5;

So, now what we get is this instead:
MyDate d = new MyDate();
d.add(5);

Is it really any clearer to someone who's not going to dig through MyDate.java (provided it is available) what this is doing versus the previous example?
I think Sun effed up on this choice.

Re:Java

[geminidomino]

What about rewriting the MyDate constructor so that if it's passed an integer value, it initializes the object already modified?

i.e. MyDate d= new MyDate(-2);

Sorry... offtopic, I know. I really didn't miss your point. Damned programmer's mind...

I'll be going now...

Me.leave("topic");

Re:Java

[stromthurman]

If we assume MyDate is a subclass of Date, and that it relies on Date's constructors, we should get a Date object that represents 2 milliseconds before the Epoch (Jan 1, 1970 00:00:00 GMT). Of course, how I know this is because of the javadoc documentation, so if we assume the programmer creating MyDate uses javadoc to indicate what .add(-5) does to MyDate, everything's still right as rain. However, they could just as easily do the same with the +/-* operators, and then everything is again, just as nice.

PS: Love the sig ;)

Re:Java

[91degrees]

I think the idea behind not providing operator overloading was to remove ambiguity, because some people might make arbitrary choices about how two different objects are combined with an operator that may not be intuitive to other developers.

If that's really the reason, then it was a really bad decision. this should be handled by coding standards. Not the language.

Re:Java

[stromthurman]

Exactly. Removing a feature will not drastically improve coding practices. For instance, a bad programmer may do funny things with a '+' operator that confuse the rest of us, but they can just as easily do bad things like name a member function .doSomething( ... ), which is just as unclear within the code.

Re:Java

[AndroidCat]

What are they using at the heart of that to hold the date/time value? (See my rant elsewhere about MS's use of floating point and time math errors.)

Re:Java

[Hard_Code]

"Is it really any clearer to someone who's not going to dig through MyDate.java (provided it is available) what this is doing versus the previous example?"

uh, YEAH

What is 5? Five *what*? Milliseconds, minutes, dates, months, years? Date at this point is deprecated except as a container of an abstract point-in-time millisecond value. Calendar classes should be used to manipulate time. Maybe that was a bad example, but the point is, when the mathematical symbols are not necessarily clear, it is much better to have methods that actually self-document at least by their name.

d.addMillis(5);

etc.

(calculating dates is far from trivial at least for gregorian calendars and involves lots of subtle rules, so no it's not just as straightforward as mathematical 'add')

Re:Java

[stromthurman]

I'm pretty sure it's a long, but I could be wrong.

Re:Java

[stromthurman]

Right, but the point was, if there are people who make poor choices in operators for overloading, there are people who make poor choices in functional naming in the same way. I just used Date here because I happened to be working with one when I wrote the original post. The ultimate point is that "bad form" practices, such as unclear operator usage, or poorly named member functions, are affected only in a small way by forbidding operator overloading.

Re:Java

[SunFan]

Would you rather still use strdup, strcmp, and strcat? Yuk. Overloading is generally a big ball of confusion, but, for strings, an exception can be made. Strings are so common and at the core of our programming experience that giving them special treatment is just fine, IMO.

For other cases, like matrix arithmetic or numbers, using class methods is better. In the general case of overloading, there are just too many cases where there's more than one way to "add" or "divide" something, and a verbose function name is just clearer (for a good API design, that is).

Re:Java

[topham]

I almost choked when I found the option to allow, or not illegal dates.

For instance, you can tell it to access 02/31/2005 as a valid date. Actually, you have to modify the flag so it doesn't accept dates like that. (this was several years ago, probably depricated by now).

While I can understand the appeal of allowing arbitrary, but invalid dates (for unusual circumstances) it should NOT be the default for the class.

Re:Java

[Lehk228]

what's wrong with using functions as they are meant to be used, hell I hate operator overloading in c++ because it takes something that means one thing 99.9% of the time and sometimes makes it mean something completely arbitrary.

Re:Java

[mwvdlee]

I wholeheartedly agree with you, Java should not be using operator overloading at all! (or allow operator overloading everywhere, anything but the hacked solution they chose).

Re:Java

[mwvdlee]

So what does this do?

String a = "12";
a += "3";

We all know what it does but it could just as well have produced either "122" (concatenate), "15" (add numerical values) or "42" (add aligned values), or add the hexadecimal values or some hashes or whatever.

Operator overloading a String is just as logical or illogical as having i.e.

Integer a = new Integer(1);
a += 2;

Re:Java

[mwvdlee]

Strings are so common and at the core of our programming experience that giving them special treatment is just fine

Would you say a String is more common than an Integer or a Boolean? They should have made the String into a primitive type then (such as int and char or arrays) instead of a class.

p.s. How many ways are there to add matrixes? I mean; ways which all give different but correct results?

Re:Java

[mwvdlee]

Just a small note; many people would say that things such as Operator overloading is just eye candy because you can just as well use functions.

Functions are eye candy too! In fact, everything but pure machine code is eye candy. Eye candy is there to make the lives of programmers easier so what's wrong with eye candy?

Re:Java

[mwvdlee]

And these fancy algorithms can't be implemented in a method? (operators are just methods)

mirc

[JohnFluxx]

Mirc file transfer sends data in packets, and waits for an ack for each packet.

Over tcp.

TCP of course already does this, and this just makes sending files very very slow. It should have just sent it as a single stream.

Re:mirc

[Firehawke]

Is that mIRC or DCC in general? Do other clients do this as well? I'm not versed in the DCC protocol as that's a seperate RFC I haven't gotten to yet, but if that's across DCC's RFC, that's a braindead protocol design.

Re:mirc

[JohnFluxx]

The anonymous coward is totally correct. The mirc guys were on crack.

There is no official dcc protocol as such, only a reversed engineered one from mirc.

The anon is also right in that client ignore the wait before the ack. This is often does as an option, since there are still old mirc clients out there that need the ACK.
This is what "fast dcc" option does in most irc clients.

Re:mirc

[JohnFluxx]

Mirc has trouble with large packets unfortunetly. It has a maximum of 8kb, and even at that it frequently screws up the files.

DCE and DTE i RS232

[geirt]

It should have been female connectors with only one pinout (e.g DCE) on all equipment supporting RS232, and all RS232 cables should be crossed (null modems).

Instead we have a complete mess with male and female connectors, straight and crossed cables. Is pin 2 receive or transmit? Dohhh.

Why female connectors on boxes? Male connectors are more fragile. If the pins break, replace (or repair) the cable. The female connector on the box is OK.

Luckily, RS232 are dying ;-)

Re:DCE and DTE i RS232

[slittle]

Luckily, RS232 are dying ;-)

Nooo!!

**hugs USR Couriers**

Don't you listen to that Bad Man...

Re:DCE and DTE i RS232

[AndroidCat]

Blame the IBM PC for putting male connectors on the equipment rather than the cable. (So that there'd be a difference between the female DB-25 for the parallel printer port.)

Re:DCE and DTE i RS232

[cow-orker]

Luckily, RS232 are dying ;-)

Yeah, but Ethernet repeated the same mistake and is sure to stay for a while.

Re:DCE and DTE i RS232

[AndroidCat]

How can you get it wrong with a coax cable? (Or do you mean that new fangled RJ-45 thing that some call Ethernet.)

Re:DCE and DTE i RS232

Yeah, but Ethernet repeated the same mistake and is sure to stay for a while.

Luckily most of the current ethernet chipsets support auto-detection of crossover. I wont buy a switch that doesn't.

Re:DCE and DTE i RS232

[geirt]

Luckily, RS232 is dying ;-)

Yeah, but Ethernet repeated the same mistake and is sure to stay for a while.

The Gigabit ethernet spec have fixed that mistake since all GigE equipment is auto MDI/MDIX

Re:DCE and DTE i RS232

[ShawnD]

PCs are non-standard since all RS232 equipment should have female connectors. I think PCs went male to avoid confussion with the paralell port.

BTW DTE/DCE makes sense when you look at what it was designed for - connecting a dumb terminal to a dumb modem.

Re:DCE and DTE i RS232

[Garak]

The RS-232 or EIA/TIA-232 as its know today has alot of shortcommings beyound the DCE -> DTE cabling mess. It has to be the worst standard ever!

They didn't use ballanced cabling which limits the distance and the bandwidth big time. RS-422 and 485 both use ballenced cables and signals and can go up to 4000feet at 115,200 baud while RS-232 can only go 50feet at 19,200 baud.

Re:DCE and DTE i RS232

[ClosedSource]

The problem is that RS232 is (was) being used for things it was not designed for. It was never meant to be a general purpose serial communications standard.

Re:DCE and DTE i RS232

[ClosedSource]

Note that RS-422 has a higher number than RS-232. Technology improves over time and you can't judge designs across generations. RS-232 was first created in 1960 and wasn't bad for its time.

Re:DCE and DTE i RS232

[SunFan]

I think PCs went male to avoid confussion with the paralell port.

So they wanted to save money on the PC end (eh, just make it all DB25), yet they still came up with an entirely different plug for the printer itself? Was this just so they could make money selling specialized printer cables instead of everyone using a unversal 25-wire cable?

Re:DCE and DTE i RS232

[SunFan]

RS-232 was first created in 1960 and wasn't bad for its time.

Wow, talk about a good ROI!

Re:DCE and DTE i RS232

[Bios_Hakr]

RS-232 may seem to be dying, but it's far from gone. Just about any telecom system that needs to be configured is interfaced through a 232 serial port. Not to mention there's tons of stuff still using RS-530 and RS-449.

While it may seem confusing to a relative outsider, RS-232 is beautiful to thoes working in the WAN/campus portions of the IT field.

232 is usually DCE if it's female; DTE if it's male. A straight-through cable will fit most people's needs. If you enter into the world of crossover cables, then things like control leads and timing need to be examined on a case by case basis. Sure, you may pick up a cable at Radio Shack that works, but not always.

In any event, working around rs-232 for 10+ years has given me a ton of respect for the people who designed it. It's as simple as can be yet powerful enough to still be implemented to this day.

Re:DCE and DTE i RS232

[Cmdr+TECO]

You might screw the tap in too far off the mark. (Assuming you didn't mean that new-fangled 10base2.)

(And while we're on the subject of Ethernet and standards that suck, how about that slide lock on the connector?)

Re:DCE and DTE i RS232

[Ashtead]

PCs are non-standard since all RS232 equipment should have female connectors.

No. According to that standard, the Data Terminal Equipment (computers and terminals) should have male connectors and the Data Communications Equipment, which basically means all kinds of modems, should have female connectors. However, many other manufacturers put female connectors on their equipment, for whatever reasons. Perhaps they considered them DCEs since these cables usually would have dumb terminal DTEs (with male connectors) at their far ends, and thus all cables could be made male-female straight-through, making them as simple and versatile as mains extension cords. Or maybe because the female connectors were slightly less fragile. Some old PC cards even had jumpers to change their configuration from the default DTE to DCE, just to confuse the matter further.

I think PCs went male to avoid confussion with the paralell port.

Very likely. The paralell port has TTL-voltage levels, 0V to 5V, whereas the serial port uses signals that can extend as far as +15 and -15V. The TTL chips sitting behind the paralell port would not stand these larger voltages, and everyone would have had a lot more hardware failures on their parallell port cards from plugging in serial-cables into them. Not everyone used more rugged chips than the 74LS240-series of the originals.

BTW DTE/DCE makes sense when you look at what it was designed for - connecting a dumb terminal to a dumb modem.

And connecting terminals to modems was the original scope of this standard. The naming of the serial-port devices on various OSes as COMX or /dev/ttyX or /dev/cuaX also reflects this old standard usage. There were teletypes, sometimes behind a pair of modems (tty), call-out connections (cua) or just some unspecified communications kit (COM) expected to be found at the other ends of those cables.

It just so happened that the serial protocol with its relatively few wires, also seemed a good choice for connecting other kinds of equipment, notably printers and plotters. After all, an old-fashioned teletype was really a kind of printer. The problem was that not all the handshake and status lines for a modem would be relevant for the printer, and everyone came up with their own idea of which ones were to be used and which ones weren't.

It isn't so much the standard, as its reappropriation outside its scope. It would have been a lot easier if there had been more guidance amongst the choices and options (male/female connectors, all the status and handshake lines: most of the 25 pins in the connector were actually assigned to some more or less obscure function)

Re:MSIE & XHTML

[Shinglor]

Just switch based on the accept header, it's not much of a problem. IE's lack of CSS support is the main problem.

Re:MSIE & XHTML

That's not a bug/shortcoming in a specification. That's a bug/shortcoming in an application.

Funnily enough, I thought of sending XHTML as text/html when this story popped up. There is a problem with the specification.

The latest RFC for text/html claims that the XHTML 1.0 specification defines a profile that is compatible with HTML, and that you are allowed to label this as text/html.

The first shortcoming is that it doesn't bother mentioning this "profile" by name. Most people take it to mean Appendix C.

Here's the kicker though: Appendix C XHTML is not compatible with HTML. No form of XHTML is. XHTML can be compatible with most HTML user-agents, but only because most HTML user-agents don't fully support HTML.

You see, HTML allows an SGML short cut. Instead of writing, say, <h1>My Heading</h1>, you can write <h1/My Heading/, and it will mean the same thing. Or at least it should.

Only a few user-agents implement this though. Emacs/W3. The W3C validator. A couple of search engines. The rest, including every browser you are likely to have heard of, uniformly ignore this part of the specification.

Here lies the trouble. XHTML uses a slash inside a tag to mean something completely different - that it is an empty element. The HTML for a a meta element might be <meta name="author" content="foo">.

Since HTML, based on SGML, expects a fairly smart parser that can figure out from context and the document type where an element ends, this can be an empty element without explicitly marking it as such or using an end tag.

XHTML, on the other hand, had a design goal of allowing parsers to be a bit more stupid. One of the results of this was that you have to explicitly mark empty elements with a slash as the last character inside a tag. So the XHTML equivalent of the above HTML is <meta name="author" content="foo" />.

Of course, because they used a slash, instead of practically any other character, this made XHTML fundamentally incompatible with HTML. Because if you read the XHTML version as if it were HTML, it means <meta name="author" content="foo">>. Note the trailing >.

HTML user-agents that implement the shortcut will break when they encounter XHTML that is labelled as text/html. This could have been avoided by simply picking a different character to signify empty elements. Of course, because neither of the two biggest browsers ever bothered to implement this part of HTML (Mozilla still doesn't, for everybody who claims it is "standards compliant" [sic]), nobody much cares - niche browsers can go screw themselves, right?

Somebody else mentioned the Referer misspelling, but another problem I dislike in HTTP is that language tags don't generalise. For instance, if your browser sends Accept-Language: en-US;q=1.0, de;q=0.5 to signify that the user prefers American English, but can make do with German, according to the specification, a server with English (note: English, not American English) and German resources is supposed to supply the German resource to the user.

Of course, Internet Explorer and Safari come preconfigured with en-US without en as a fallback, which means that anybody who is content negiotiating can either follow the specification and be broken for these clients, or follow Internet Explorer and Safari, and be broken for any client that follows the specification.

Another problem I dislike is that of underscores in CSS 2. CSS 2 doesn't allow unescaped underscores in selectors. CSS 2 does allow unescaped underscores in selectors.

What's that? I've just contradicted myself? Not me - the CSS 2 specification. The W3C sneaked in a change to CSS under the guise of "errata". This results in people getting an error when they try and validate their CSS that contains un

Re:MSIE & XHTML

[Lord+Prox]

Whew...

Soooo.... do you feel any better now?

Telecine'd DVD movies

[wowbagger]

I wish the creators of DVD had required players to support converting from 24 frames per second non-interlaced to 60 fields per second interlaced on the fly, rather than the current standard of the movie being converted when the disk is mastered.

When I am watching a DVD on my computer, it is trivial for my monitor to switch to 72Hz refresh, and show each movie frame for 3 refreshes, rather than getting all the interlace artifacts. It would also have improved the compression of the DVD for a given quality.

Re:Telecine'd DVD movies

[GreatDrok]

I wish the creators of DVD had required players to support converting from 24 frames per second non-interlaced to 60 fields per second interlaced on the fly, rather than the current standard of the movie being converted when the disk is mastered.

What are you talking about? Movies are mastered to DVD at 24fps and the player does indeed perform the 3/2 pulldown process to produce the 60 fields per second NTSC TV requires. Progressive scan DVD players can directly output the 24fps non-interlaced image to a suitable TV/projection system which gets rid of any nasty judder.

You shouldn't be seeing interlace artefacts when playing DVD on a computer unless the original source material was interlaced such as live TV recordings.

Re:Telecine'd DVD movies

[Alan+Shutko]

Actually, the DVDs do indeed have 60fps interlaced video. Progressive scan DVD players have to reverse the process to get back to the 24fps. That's why some progressive scan players produce better results than others....

Check out http://www.hometheaterhifi.com/volume_7_4/dvd-benc hmark-part-5-progressive-10-2000.html for one explanation.

Re:Telecine'd DVD movies

[GreatDrok]

I think you are misreading this.

DVDs sourced from 24 frames/ps film are encoded at 24 frames/ps 480 scanline progressive and converted to 60 fields/ps NTSC by the player. Material shot on standard NTSC video is sourced at 60 fields 480 scanlines interlaced and the player can just play that back. However, a progressive player while able to show 24fps 480p material nicely has a harder time with 480i material as it has to deinterlace it and the quality of the deinterlacer is going to affect the quality of the picture. However, the vast majority of DVD material is 480p and a progressive player will look fine with it.

MPEG encoding interlace material is less efficient than encoding progressive and that is why film sourced material is encoded as 24fps 480p. Only if the source was originally 480i is it encoded with interlacing.

I remember seeing an article very similar to the one you pointed at back in the days of LaserDisc (I still have a large collection) and it was accurate for LD which was recorded as interlaced NTSC video with 3:2 pulldown. I have a deinterlacer that returns a 480p signal to my projector from 480i LD and it substantially improves the picture.

Re:Telecine'd DVD movies

[iantri]

Kind of.

NTSC material from film on DVD can either be hard telecined (i.e. the source is interlaced, no inverse telecine has performed) or 24p with the appropriate flags set in the MPEG file.

24p material is indicated using a standard, repeating pattern of toggling on and off the top field first and repeat first field flags. A regular DVD player will simply follow these instructions, producing 3:2 output.

A progressive player will see the pattern of flags and know that the video is 24p, outputting it as such. The video is encoded as 24 whole frames per second -- it is simply flagged so that the DVD player outputs 29.97fps.

Now the difference in progressive players comes into effect when you are talking about playing back material that has been hard telecined -- television shows shot on film are a good example, since they tend to be edited on video -- some have a far better inverse telecine filter than others.

serial RJ45 connectors

[UnderAttack]

A lot of equipment uses RJ45 connectors to provide serial connections (e.g. terminal servers). But they all use different pin outs. Sometimes even different models for the same manufacturer need different adapters.

Re:serial RJ45 connectors

[ShawnD]

Also the number of different, incompatible, interfaces that use the RJ45 connector. On one router I have seen: Serial, Ethernet, ISDN, T1 (Technically RJ48), Voice (E&M) and Token Ring. Some ISDN lines provide power that can nicely burn some resistors off of an Ethernet interface.

BTW My annoyance is connector mis-naming. RJ45 originaly was the name for a specific type of analog phone line. When did it become a general term for 8 pin modular connector?

Re:serial RJ45 connectors

[lachlan76]

So the bug in the standard is the lack of a standard?

XML. For existing at all.

[baadfood]

Sure a well defined markup language is nice but really, people seem to loose all rational sense when it comes to XML - It cannot be used in a project without the project becomming "XML"? Scripting languages have been capable of processing all manner of free form text files in the past but somehow XML is necessary for interoperation? Why do people somehow think that XML encapsulated data will be small and quick to parse and are then suprised when it isn't? Why are they so fucking proud when their server can generate some trivial number of XML packets per second? What nutjob actually thought XML is easy to read? And what is the difference between a node an an attribute? Really?

Re:XML. For existing at all.

Sure a well defined markup language is nice but really, people seem to loose all rational sense when it comes to XML

So in other words, there isn't a problem with the standard at all?

Scripting languages have been capable of processing all manner of free form text files in the past

And you've got to write a new parser for every new format.

somehow XML is necessary for interoperation?

Necessary? No. The best option? Usually.

Why do people somehow think that XML encapsulated data will be small and quick to parse

I see people claiming that XML is easy to parse, on account of every major language having at least one XML parser already available for free.

I do not see people claim that using XML results in small documents (except where the other format under consideration is unusually large). I do not see people claiming that XML results in quicker parsing (except in relation to SGML).

I often see people claiming that XML doesn't perform very well directly after they use the wrong tool for the job (e.g. DOM vs SAX).

Why are they so fucking proud when their server can generate some trivial number of XML packets per second?

There's no such thing as an "XML packet".

What nutjob actually thought XML is easy to read?

XML, for documents and config files, is very easy to read. It's only when you use XML for things it is unsuited for that it becomes difficult to read.

And what is the difference between a node an an attribute?

Generally speaking, nodes contain content and attributes contain metadata. There are grey areas because what people consider to be "content" and "metadta" has grey areas.

Re:XML. For existing at all.

[doofusclam]

Damn right. I put my CV forward for a new job last week, the recruitment 'pimp' got back to me and said, although the CV was ideal, I needed to put XML on at least 3 previous jobs? Why? It's not like learning to use it takes any more than a couple of days, what with the different parsers and such, and therefore I just left it off my CV.

The way I felt was that it's a marginal skill, and having to put it on my cv 3 times to placate some idiot in the HR department annoyed me.

What is it about people that makes them think XML is not only complex, but also the universal panacea to all programming ills?

Re:XML. For existing at all.

[doofusclam]

Good point.

The stupid thing is, I do have (most) of these, but they've been picked up on by HR types who deign them to be more important than they are. I know people who work there already and they wouldn't know anything about XML bar the MSXML parser.

So in that job it's an irrelevance, but the HR eejits still insist I plaster it loudly and proudly on my CV.

Re:XML. For existing at all.

Config file in XML:

<?xml .... ?>
<config>
<connections>
<connection>
<type>mysql</type>
<host>foo.bar.com</host>
<username>bob</username>
<password>2sekret4u</password>
</connection>
<connection>
<type>mysql</type>
<host>db.host.com</host>
<username>jane</username>
<password>flower</password>
</connection>
</connections>
</config>

Config file in (example) YAML:

connections:
- type: mysql
host: foo.bar.com
username: bob
password: 2sekret4u
- type: mysql
host: db.host.com
username: jane
password: flower

Which is easier to read? to type from scratch? to quickly edit (add another connection entry for instance)? And this is just a *simple* example. Ever work with an Ant build file? *shiver*

XML is almost always the wrong solution. Not that it isn't useful for some things, but I'd rather never see XML again than have to deal with systems like the above.

Re:XML. For existing at all.

[SunFan]

And what is the difference between a node an an attribute? Really?

There is an arbitrary guideline for when to use a node and when to use an attribute. I believe this is what they call "best practices." That's how inane XML is.

Re:XML. For existing at all.

What XML gets you is a single, formalised syntax with very clear, precise rules about what characters are allowed where, how to escape special characters, and so on.

Oh. That.

You're allowed to write, say,

foo&#000a;

but not

beep&#0007;

But since it's useful to do -- the alternatives being to add a non-human-readable encoding layer, or an additional application-specific escape convention -- some software does it anyway. And then more anal-retentive software chokes.

This is solved once.

Where "solved" means "it's not going to be fixed".

Ceterum censeo, XML delenda est.

Re:XML. For existing at all.

In my experience though, the tedious work in passing data between machines has always been in marshalling that data into problem relevant data structures, whether it be an array, a struct, a class or whatever, and XML does not solve this problem.

You are 100% correct, sir! My opinion is that XML was invented to sell books on XML.

Re:XML. For existing at all.

[Brandybuck]

Any simple and standard text-based markup language for data encoding with several free parsers available would probably have been just as overhyped as XML.

Numerous other formats performing the same role as XML exist, but they never got the hype because they either weren't a standard, didn't have available parsers, weren't simple, etc., etc.

What nutjob actually thought XML is easy to read?

I think it's easy to read! It's a hell of a lot easier to read than RTF, Postscript. Or consider Sendmail configuration files. Ick! While not as readable as traditional dot.ini files, it's a heck of a lot more flexible.

If you can read HTML you can read XML.

And what is the difference between a node an an attribute?

What's the difference between a person and a trait? It's the same difference. Traits describe people, and attributes describe nodes. Think of nodes as nouns and attributes as adjectives. If a node is the name of an image file, then the attributes could be the image format, size, description, etc.

Of course, like natural language, distinctions can be difficult to make. Is an email address a node or an attribute? But don't sweat stuff like this, because no one cares.

Re:XML. For existing at all.

[Brandybuck]

How is the name of an image file not an attribute?

In the case of images, mostly likely it *would* be. I was just using it as an example. There are a myriad uses for XML. I most often use it for application data storage. In this case the the XML represents structured data, and not a structured document. Most structured document schemas (XHTML, DocBook) place the image file name as an attribute, but there is no reason this is mandatory.

XML is extremely flexible. There are no rules on how you must structure your data. Equating nodes to nouns and attributes to adjectives is only a suggestion. For some domains it will work, for others it will not.

The person doing the programming cares.

But other people are not going to care. That was my point. If you're the programmer, don't sweat this stuff, because other people who don't have to write it won't care. Not unless they're anally retentive.

XML is extremely flexible. That means you get to make up most of your own rules as you go along. I know one developer who won't use any attributes at all.

Re:XML. For existing at all.

[farnz]

A couple of questions on the YAML version:

• How does the parser distinguish random whitespace after the colon from fields that begin with whitespace?
• How do I extend the syntax to cover MySQL over both IP and domain sockets? In XML, I'd add an attribute to the "type" element, allowing for a default (omitted) meaning "any", and providing an enumerated list of available connection types.

Re:XML. For existing at all.

[Frank+T.+Lofaro+Jr.]

If you don't know which to use, use nodes. XML didn't really need attributes, except to allow HTML compatibility. You can live without attributes if you are writing your own XML-based documents.

They are functionally equivalent in many ways, you can use one or the other, but nodes are cleaner.

<connection>
<protocol>tcp</protocol>
<ip>127.0.0.1</ip>
<port>80</port>
</connection>

and

<connection protocol="tcp" ip="127.0.0.1" port="80" />

mean the same thing, and I think some parsers will let you treat them as the same transparently (I am not 100% sure on this point).

Re:XML. For existing at all.

[Cyn]

And what is the difference between a node an an attribute? Really?

One's a container and one's a property. If you're adding some value to an XML file - and you think it does or will ever have other properties - or its parent will ever have more than 1 of it - then it's a node. Otherwise, it's an attribute. Some people like to make everything a node to be safe - that's fine, XML is bloated anyway :)

But it does serve a purpose, specifically because it is a standard and got the hype it needed to be recognized and accepted.

nodes and attributes are just like nodes and leaves in traditional tree structures.

Re:LOL AT TEH WINDOZE AHAEAHEA IS TEH FUNNAY

[m50d]

I compare modern linux (slackware 10) to windows 98 because that's what I can get on my budget.

Use of floating point for date/time

[AndroidCat]

Microsoft, in their infinite wizzbang, uses a floating point representation for date/time in their OLE types, with the date (days from x) in the integer and time in the fraction. That's fine until you have to do math like timezone conversions. If you convert a local time to GMT then to someplace else and back, frequently your time is now off by 0.0000000001 seconds. That adds excitement to comparing two times, especially when only one has been converted to and from.

It's not a huge problem to avoid, but unless you're draconian about using standard safe time math routines, it'll bite you .. eventually .. when you least expect it .. at a customer site running Martian Standard Time at local midnight. (Which will still be a bad hour for you to get a call no matter where it is.)

And all because someone thought it would be pretty nifty to use floating point. Don't they teach the inherent dangers of round off or truncation errors in school these days? (And before someone automatically jumps on MS, with all the UNIX standards, what are you using? Is it safe?)

Re:Use of floating point for date/time

[|<amikaze]

Don't they teach the inherent dangers of round off or truncation errors in school these days? (And before someone automatically jumps on MS, with all the UNIX standards, what are you using? Is it safe?)

We had to learn this one the hard way. We were in the regional ACM programming contest, and our solution worked perfectly on our local machine with the test data, but would return incorrect results on the marking machine. We ended up spending a ridiculous amount of time debugging it, which was hard, since we got the right answers :). Turns out there was a slightly different floating point process on the other end, and we had made the poor assumption that sqrt(x)*sqrt(x) == x. Sadly, 4.9999999999973 != 5.

Lesson learned.

Re:Use of floating point for date/time

[codemachine]

I heard about that problem, since my university hosted part of the Mountain region's ACM programming contest.

I think the Linux machines here and the Solaris machines at other sites returned different results, due to the differences in the architectures and their math libraries.

Re:Use of floating point for date/time

[hughk]

Use of floats for date and time really quite reasonable as generally you are interested in a the value of a mantissa (i.e., that ten digits or whatever is normally enough to always give the resolution that you need), however all times should be normalised (to UTC, Stardate or whatever) before they are stored or used. Local times shouldn't exist outside data presentation layers. Rounding errors on time are really not so much an issue, rounding errors on money, now there is a problem!

OTOH, I started when there was a lot of software floating point around and then you really wanted to use integers where possible in calculations.

Re:Use of floating point for date/time

[|<amikaze]

I've got a feeling that what you heard about was my problem exactly. usask? The problem was definitely at the Rocky Mountain ACM.

Submarine patents

[SgtChaireBourne]

Submarine patents and other proprietary gimmicks, are bad.

A current example would be packing VC-1 into both Blu-ray and HD DVD.

Though software patents are currently only a problem in the U.S., I'd still say that they threat of stealth patents would be the worst bug. Proprietary material shouldn't get through the standards process.

DNS and service entries

[hackstraw]

DNS's MX entry is excellent, I wish it existed for other services as well.

Re:DNS and service entries

[outcast36]

Ask and you shall receive. Behold SRV

Re:DNS and service entries

[hackstraw]

Excellent. I believe that I may have heard or seen the SRV RFC before. Now I did a quick search and saw plenty of references to that RFC, but none (besides a dead openldap thread) that talked about using it.

Is SRV implemented in current DNS servers? Does the resolv library and/or any applications actually use this handy spec?

Re:DNS and service entries

[smatthew]

Microsoft Active Directory makes use of SRV records to let clients know where the domain controllers are. So a client can issue a DNS query for SRV records for ad.foobar.org and they'll find out the IP addresses of all the domain controllers for "ad.foobar.org"

Re:LOL AT TEH WINDOZE AHAEAHEA IS TEH FUNNAY

[WaZiX]

The inbred fuckwits who criticize Microsofts Monopoly

Well anyone who did economy would critisize Microsofts Monopoly... Monopoly is bad for the customer, declines the economy's well-being and puts a hold on innovation. Its funn that while most So Called Socialist European countries are getting rid of their governemental monopolies to give the consumer best prices and best service, Big American companies are either cultivating monopoly by Oligopoly or are a monopoly of its own.

I do agree however taht on a purely economic perspective, patents are undeniably necessary, because commercial companies would have no interest in researching new technology if its new discovery could directly profit its concurrent.

However if you think that microsoft is innovating, your putting your finger into your eye, let me explain:

Microsoft through its immense market share has made the business of Operating System a market with a very high economy of scales (economie d'echelles in french, not sure thats how you say it in english), and the only reason it perfects its operating system is to maintian this type of market. Indeed, by investing in technology and making sure of dependency Microsoft establishes Strategic Barriers at the entry of the market, thi means that even if a company was ready to put the effort to introduce a new commercial Operating System onto the market, the revenues it would generate would not cover its costs in either the short or long term, this means that the OS market is almost bullet proof to new commercial OSs.

Now to linux and other Free Operating Systems, its different strategy in terms of costs and benefits (almost no cost in development since most the work is voluntary,no real plan for profit at least from the developping of the kernel point of view and allowing companies to freely use the kernel to in turn allow them to make profit hence inducing very few costs of development of the kernel and other applications) allows for competitors to enter the market, and hence try and detrone Microsoft.

Now the whole concept of the Free Software and the only way it can work is based on the motivation of its community, without it theres no way enough "free" resources can be accumulated to be able to enter the market.

If you really believe that this motivation is bad, then not only are you a fool (because in term this same motivation will increase your well-being) but you also have no insight in economy whatsoever.

To Conclude: Just Shut up will you?

Re:DCE and DTE in RS232

You can't do this in general because RS232 is not symetrical. All of those modem control pins - "ring indicator", for example - have one explicit direction.

Of course we don't often use those pins any more, and the ones we do use (two data and two handshaking signals) are symetrical, so for that subset the proposal [one pinout, all cables cross over] is sensible. I think that there may even be another unused standard along those lines (RS4xx?).

C++

[Grab]

The overloading of the bit-shift operators > for streams in C++. Kludge city! And C++'s templates don't exactly come out smelling of roses either.

Grab.

Re:C++

[leifw]

Is there any implementation of templates or generics that you would hold up as satifyingly aromatic?

Re:C++

[HeghmoH]

If you don't restrict your answer to C-based languages, Lisp macros are pretty damned nifty. Why use a different language for compile-time code generation and run-time code execution when you can just use the same language for everything?

IMAP

IMAP should be a powerful idea in principle but it looks like it has been implemented by people who haven't had much experience with programming concurrent systems. I've learn about this the hard way while writing an IMAP server.

Using IMAP it should be possible for several clients to connect to the same account simultaneously. Changes made by one are reflected in the others as they happen, since the server sends updates describing these changes. Think model-view-controller. (Some clients ignore these updates, but that's another problem.) This is great in theory, but I'll mention two ways in which it's broken.

First, each client connection can receive updates for only one mailbox at a time. There is no fundamental reason why this has to be, but that's how IMAP works. So you can't be notified when new messages arrive in mailboxes other than the one you're viewing. Clients have to poll to work around this.

Second, messages have message numbers and these change when a mailbox is expunged. But there is a race condition: if one client expunges and another fetches, the second may get the message as numbered before or after the expunge. There is no way to work around this apart from disabling expunge.

The conclusion that I came to in the end was that for something as complex as what IMAP is trying to be it would be much better to build a standard on top of an abstraction layer like CORBA. CORBA provides an efficient binary over-the-wire protocol, rather than the ASCII of IMAP, and has been developed by people who really understand the concurrency issues inherent in the problem.

EIDE

[Deliveranc3]

Reversable cables? Come on that is so unnessecary! And making them wide and flat come on!

Plus the whole master/slave system is kinda fun.

Basically it's the only thing a novice couldn't figure out on their own when doing an install :(

Re:EIDE

[50000BTU_barbecue]

Master / slave just means device 0 and device 1. I don't know why they chose those words, but they mean nothing, really.

Re:EIDE

[codemachine]

True, but many novices can't get things to work b/c of bad jumper settings.

I do think he's right that EIDE is normally biggest gotcha for the budding do-it-yourself PC hardware person. Either the cable is the wrong way, or the jumpers are wrong, yet it all appears to be plugged in just fine. Thankfully SATA will get rid of these problems.

Those old AT power supplies with 2 different identically shaped plugs were also a brilliant way to screw up a system. ATX's single, non-reversable plug is much better.

Re:EIDE

[Ironsides]

Master/Slave actually does have some meaning in IDE. The master device actually has priority over the slave device when it comes to sending/recieving data. The origin of Master/Slave comes from when one device controlled another (still used today, especially in broadcast) and they continued it into computers because essentially the Master can prevent the Slave from doing something if it needs to do something.

Dont' forget DVD CSS and Y2K

[scruffy]

CSS was supposed to copy protect DVDs, but didn't, both because of poor encryption and because it doesn't prevent a bit-for-bit copy.

It was a de facto standard to use two digits to encode the year, which caused a lot of fun a few years ago.

Re:Dont' forget DVD CSS and Y2K

[yamla]

CSS was never meant to prevent copying of the DVD, at least not from people who really understood it. It was meant to prevent unlicensed DVD players from playing back DVD content. Basically, it was meant to enforce licensing payments for any manufacturers of DVD players.

It did that pretty well.

It was marketed as copy-protection but in reality, it was always intended as playback prevention.

Java

[rlp]

No unsigned byte primitive. Grrrrrrr!! Also, the way Java handles date / time. Starting with mostly-deprecated util Date object, then abstract Calendar object AND GregorianCalendar object. Unless of course you're accessing a database, and then you need the SQL Date object, not to be confused with the util Date object. And don't forget the TimeZone, SimpleTimeZone, DateFormat, and SimpleDateFormat objects.

IPsec

[graf0z]

The pristine IPsec protocol family lacked two key features: the ability to pass NAT and TLS/SSL-alike hybrid authentication. If these features would have been built into IPsec and its implementations ten years ago, network layer encryption would be far more used and crappy stuff like PPTP would never have raised its ugly head. (i know this does not hold the abstract's requirements for "shortcomings", but i think the internet would look different today without it)

The NAT problem got resolved by UDP encapsulation ("NAT-T" = NAT traversal, after years of being a draft finally published 5 days ago as RFC) got implemented by most vpn software during the past two years (= too late).

Hybrid auth means: peer A ("the server") authenticates itself to peer B ("the client") through asymmetric methods (like an RSA keypair and a X.509v3 cert). Peer B chooses a random symmetric session key and encrypts it for A, this sets up an encrypted tunnel. Inside this tunnel, B authenticates itself to A using simpler techniques like challenge-response or even clear passwords. Allmost all personalized TLS/SSL protected services (https, pop3s, imaps, ...) work this way: Servers has a cert, client has a password. Easy to admin, easy to deploy, easy to rollout.

But with IPsec/IKE/ISAKMP you have to choose between shared secrets (bah!) or rolling out keypairs to all peers. And like all other protocols requiring all peers to be part of a PKI (PGP, S/MIME, SSL+certs on both sides) this slowed down propagation strongly.

There is an IETF draft "A Hybrid Authentication Mode for IKE" which is adopted my more and more implementations right now (= far too late). Cisco is now pushing it because of the failure of their own "group password scheme" (of course they name it differently: "Mutual Group Authentication").

Man, why did they wait so long?

/graf0z.

Album/Track information on CDs

[JoeD]

With the space available on a CD, they should have allowed space for Artist / Album / Songname / etc on the disk itself.

Re:Album/Track information on CDs

[belg4mit]

They do, CD Text is almost never used though.

Session Initiation Protocol

[Bookwyrm]

Beyond basing a standard for managing stateful telecommunications sessions on a protocol for stateless bulk data transport, the most blatant silliness in the SIP standard was the original "Alert-Info" header. The Alert-Info header allowed the calling party to specify the ring tone/sound by listing a URL that the receiving device would automatically attempt to fetch and play without waiting on the recipient user to allow/disallow it.

Others:
List of Evil SIP ideas

Oh, and never updating the SIP version string despite syntax changes in the standard is evil.

POSIX and Leap Seconds

[Detritus]

The standard insists on requiring broken behavior from new implementations to preserve compatibility with old software. Not a good idea when precision timing is becoming increasingly important.

COPY AND PASTE! INCOMING MEME!

[RMH101]

can we all copy and paste this? store it away. whenever we get the 12 year old "windose $uckors!" kid, paste it. repeatedly.

One Tag

[sharkey]

'Nuff said.

Re:One Tag

[mopslik]

Never fear! Now you can accomplish the same annoying effect using CSS.

NFS

[tedgyz]

NFS is inherently flawed in it's transaction acknowledgement and retry behavior.

Back before M$ had Linux to kick around, there was the UNIX-Haters Handbook. I worked at Apollo/HP with a UNIX-Hater zealot. He enlightened me on the serious flaws in NFS, which I had experienced first-hand on a few occasions.

A quote from the book: (page 287)
So even though NFS builds its reputation on being a "stateless" file system, it's all a big lie. The server is filled with state--a whole disk worth. Every single process on the client has state. It's only the NFS protocol that is stateless. And every single gross hack that's become part of the NFS "standard" is an attempt to cover up that lie, gloss it over, and try to make it seem that it isn't so bad.

Networking in .Net / Mono

[szyzyg]

The Socket class is astonishingly broken
IPAddresses are frequently imported/exported at Longs - 8 bytes with a sign bit
Port numbers are 4 byte signed integers.

Sure, Java doesn't have a signed int or long but .Net does.

Now they introduced a way to get the IP address as an array of bytes, so that you can support IPv6, problem is the constructor that takes a byte array will only accept a 16 byte address, not a 4 byte one for us IPv4 users. On top of this they've deprecated the only other method that can get you an ip address in binary format.

So if you want to serialize an IP address you have to either get it as a Long and cast it to an unsigned int - this generates all sorts of compiler warnings, so forget about clean compiles. Or you can get the address as a byte array and then on reception you have to turn it into an unsigned long.

Oh yeah, there's no documentation on what the environment does about the endianess of IP addresses converted into longs.

Now... we''ve also got the alarmingly bad Select() method which requires you to build lists of the sockets you're interested in and then proceeds to prune these to only leave the ones where activity has happened. Problem is that you can't reuse these lists so you need to construct them every time so you end up spending more CPU on building lists than you do on simply scanning the list of open sockets. Not that it matters, .Net throws and exception if you try to Select() on a list of more than about 30 sockets.

Another retarded design decision is the implementatino of non-blocking IO and EAGAIN, they decided that this should be implemented as an exception. And we all know how fast exceptions are.

Grrrrrrrrr

I could go on and on.

Re:Networking in .Net / Mono

[ianezz]

Now... we''ve also got the alarmingly bad Select() method

Which is strange, because (by your description) it has exactly the same shortcomings of the old *NIX select(2) system call (that's why poll(2) is there). One would expect that people designing a library in the 21st century knew better than this.

.doc

[4of12]

An unambiguous description of the One True Way to properly render .doc Always, Anywhere.

It's in the protocol

[illuvata]

source

Data is sent in packets, rather than dumped in a stream manner. This allows the DCC SEND connection to survive where an FTP connection might fail. The size of the packets is up to the client, and may be set by the user. Smaller packets result in a higher probability of survival over bad links. The recipient should acknowledge each packet by transmitting the total number of bytes received as an unsigned, 4 byte integer in network byte order. The sender should not continue to transmit until the recipient has acknowledged all data already transmitted. Additionally, the sender should not close the connection until the last byte has been acknowledged by the recipient.

Re:It's in the protocol

[HeghmoH]

The thing that's hilarious is that there's no mechanism for recovery or resend specified. So even if somehow TCP failed in its duties and the ACK actually conveyed useful information, how would the transfer recover? Extreme dain bramage if I ever saw it.

Try being as fair as you want us to be.

[SanityInAnarchy]

Most of the time, it is actually as simple as Windows, or simpler. It's when you have problems that you need to talk to a zealot/guru, who will help you out with your individual problem, as opposed to a howto, which deals with every possible issue.

Remember, too, that it's a good idea to have video drivers installed properly anyway, as most distros will encourage you to do, even when doing flat things like surfing Slashdot. Ever try Windows _before_ you download the nvidia drivers? My Linux will do higher resolutions a lot more readily with the generic VESA drivers than Windows will. And forget sound. Creative won't even give you a driver except on its original installation cd, whereas almost all soundblasters are supported out-of-the-box by Linux.

For example:

User: "How do I get Quake 3 to run in Linux?"
Guru: "Linux is a kernel. What distro are you using?"
User: (for the sake of argument) "Gentoo."
Guru: "emerge quake3"
User: "This looks like it will take awhile. Can I update my whole system, and then install quake3, without having to come back in between?"
Guru: "emerge sync && emerge -uD world && emerge quake3"
User: "It says I don't have my video drivers installed. How do I do that?"
Guru: "emerge nvidia-kernel nvidia-glx nvidia-settings && opengl-update && nvidia-settings && echo nvidia >> /etc/modules.autoload.d/kernel-2.6"
User: "That's a long line to type, can I cut and paste from this chat?"
Guru: "Sure, hilight the line, then middle-click inside a commandline."
User: "Ok, now what?"
Guru: "You'll have to restart your X display. It'll probably work to do ctrl+alt+backspace."

Now, try Windows. Assuming you can even get a Windows guru to help you. Linux communities are quite open these days; try irc.freenode.net#gentoo

User: "How do I get Quake3 to run in Windows?"
Guru: "Put the CD in the drive."
User: "It says I don't have my video drivers installed. How do I do that?"
Guru: "Go to nvidia.com and look around. You'll find them, eventually."
User: "Ok, now what?"
Guru: "You'll probably have to reboot the computer."
User: "Whoops! It says it doesn't work with my version of Windows. How do I upgrade and then have it automatically install?"
Guru: "You can't. You'll have to send a check to Microsoft for at least four, more likely ten or twenty times the cost of Quake 3."
User: "Screw this! I want it for free!"
Guru: "Try Linux."

And let's remember -- if you got someone to install Linux for you, or you bought a computer with Linux pre-installed, it's a lot more fair of a comparison. There's still the fact of having to download and install it, as opposed to having it already on a CD, but "apt-get install" or "emerge" is still fine, especially because both have good graphical frontends. AFAIK, Windows doesn't have anything comparable to a package management system -- remember last time you installed some Windows thing that didn't come with an uninstaller?

But you are right. To break the popularity of Windows, Linux will have to be significantly better, because Microsoft has billions of dollars to spend.

Re:Try being as fair as you want us to be.

[Zorilla]

Nice slant there. You assume the nvidia kernel module install works perfectly when in reality it's quite tricky (at least in my experience with Debian) and also assume that there is such a thing as an NVIDIA driver that doesn't work with a particular version of Windows (we're not talking about anything before 95). People don't just download the wrong version of the driver and say, "screw this" when it doesn't work.

Both setups are probably of equal difficulty in reality, with the Linux install being a little bit more difficult because you have to manually copy the full version resources off of the Quake III CD.

deprecated by w3c

[Ramses0]

This is by far the most egregious intentional hobbling of a standard by retarded people (the W3C). Ever since they deprecated the elements (and to a lesser extent: ) in a Markup Language, I have lost faith in their ability to properly evolve a standard.

See the HTML 4.0 recommendation. I literally hit something when I first read this back in '97 (yes, I sometimes read standards documents and RFC's for fun :^). It's also referenced in the original ('97) release.

The DIR element was designed to be used for creating multicolumn directory lists. The MENU element was designed to be used for single column menu lists. Both elements have the same structure as UL, just different rendering. In practice, a user agent will render a DIR or MENU list exactly as a UL list.

We strongly recommend using UL instead of these elements.

Remember that HTML is a markup language, and see above where the W3C intentionally took away contextual information from the document.

Keep in mind this was *after* the release of CSS1 (Cascading Style Sheets, level 1 W3C Recommendation 17 Dec 1996 vs. HTML 4.0 Specification W3C Recommendation 18-Dec-1997)

99% of websites on the planet have something you could consider a "menu", or "tabs" of some kind. Wouldn't it be nice if we had a particular tag for that, like "<menu>"? (we do ... or we did).

Nowadays, lots of people are linking to other people (a <dir>ectory) of people with blogrolls, wouldn't it be nice to wrap those in a <dir> list and style them separately, without using arbitrary <ul class="blah"> tags? Or perhaps a list of files available for download (<dir>), or a list of (perhaps) emails in a web mailing client.

Not that there's anything preventing use of ad-hoc class tags to achieve the same effect, but there is semantic information (especially in <menu>) that can be put to good use when standardized like this. Everybody complains about screen-readers, wrap / auto-skip anything in a menu tag. Make a special button that pops up (or reads) anything in a <menu>. Grr. The web could have been just a tiny bit better without that move by the W3C.

--Robert

HTTP Header Comments

[Crutcher]

The HTTP protocol defines header comments, which are only valid on a few header fields. There are some increadible problems with them.

1. Comments are recursive.
2. Comments break the header continuation model used elsewhere for continued values.

This means that HTTP headers must make semantic decisions about the header type they are working with in order to properly perform their lexical parsing. It might not seem like much, but it's a sublte stone bitch.

W3C DOM

[brunes69]

When you compare the standard W3C Dom to the one implimented by IE (and partially by Mozilla), you will find that the standard is sorely lacking.

Properties such as offset(Left|Top|Height|Width) to discover the rendered position of an element are non-existant. The ability to capture context menu events is non-existant. And don't even get me started on the event model.

People may hate how IE co-opted everything, but their DOM APIs are one thing MS got *right* - the IE DOM API is far more flexable and powerful than the W3C standard.

Re:W3C DOM

[elemental23]

The ability to capture context menu events is non-existant.

And good thing, too.

Context menus are part of my computer UI, not a part of your web site. Web sites should never be able to change client UI elements. This includes CSS styling of scrollbars (which is thankfully IE-only) and mouse pointers (which, unfortunately, isn't).

Anything within the window area is yours. Anything outside of that, including controls that may appear to be inside the window (eg, scrollbars, cursors, menus, etc) is mine.

Re:W3C DOM

[brunes69]

Nonsense.

HTML is not just the WWW anymore. I need to capture context menu events in web applications I work on *all the time*. Thankfully, both Mozilla and Safari implement IE's contextmenu event, so the apps can be cross-platform in this respect.

Try thinking out of the box - there are a lot more applications that run on the browser nowadays than websites. The browser is now a platform. The W3C is not adapting to that reality quickly enough.

Re:W3C DOM

[elemental23]

In my experience, most web application developers could use a good course or two on usability and interface design. After that, you may not be so eager to interfere with the normal, expected behavior of your users' browsers.

Re:W3C DOM

[brunes69]

I totally disagree, and I think it is you who needs a course on interface design. . Because in a web application, the user is not using a browser. They are not surfing a web site. They are using an application. The platform the application is running on (the browser), is irrelevant.

For example - I have a web application that presents a list view of items. Looks nearly exactly like a standard windows list view widget. Suppose I right-click on an item. What does the user expect here? Surely not a popup that says "Back", "Reload" etc - I right-clicked on the list item - the context is the list item. Therefore the context menu should reflect actions that can be performed on that item.

There is a reason it is called the context menu - because it is supposed to be context sensitive. When the context is no longer web browsing, the developer should be able to provide a new menu.

SQL

[TheLink]

Plenty of stupid stuff in SQL.

Why a different format for update and insert?

update table set field1=value1,field2=value2 where rowid=x

vs

insert into table (field1,field2) values (value1,value2).

--
I don't know about "worst" but could the SQL standard be partly to blame for why porting data from one DB to another is hard in most cases...

e.g. not covering stuff that most people find useful or even vital? And thus letting Oracle etc each define their own ways of doing things.

POSIX advisory file locking...

[MrHim]

int main()
{
int fd, fd2;
struct flock fl;

fd = open(TEST_FILE, O_RDONLY);

if (fd < 0)
perror("open failed");

bzero(&fl, sizeof(fl));

fl.l_type = F_RDLCK;
fl.l_whence = SEEK_SET;
fl.l_len = 1;

if (fcntl(fd, F_SETLK, &fl) < 0)
perror("lock failed");

/* fd is now locked, whoohoo!!! */

fd2 = open(TEST_FILE, O_WRONLY);

if (fd2 < 0)
perror("open failed");

/* fd is now @^%$#ing unlocked!!!! For the love of God, why!?!?!? */

return EXIT_FAILURE;
}

Why are Slashdot readers such XML bigots?

[Creosote]

Slashdot moderation is usually fair except when the topic is XML, in which case outrageous, trollish, and uninformed comments that would be shot down in any other topic area are judged "interesting" or "informative".

Yes, XML has been overhyped. Yes, it is used in many places where it's not appropriate. But it's completely unfair to tar an entire language and suite of associated technologies because of the way it's abused. Is Flash an inferior product because there are idiots who put loud, bloated Flash intros on their websites when a nice compact CSS-based splash page would do?

A lot of people (notably on Slashdot) have the notion that when it comes to data XML is verbose and redundant with existing data formats and programming languages, and that when it comes to text XML is overkill because good ol' ASCII is all you need. Well, if the only things in the world that ever needed archiving, searching, and retrieval were highly structured data and Usenet news posts those would be defensible opinions. But those aren't the only things in the world. There is a huge, huge amount of content that consists of heterogenous mixtures of strictly typed data, free-form data, and text in various languages (including the languages of mathematics, of music, of graphics...). As of 2005, there's no better format with which to store it and process it than XML.

Do a Google search on /'digital library' XML/ or try /XML site:loc.gov/ for example. And if you ever talk to anyone who's done serious programming for the kind of projects you'll find mentioned there, you'll discover they have skills that incommensurate with those of the people who put "XML" on their resume because they once used xsltproc to generate simple HTML output from a simple XSLT stylesheet. And believe it or not, some hiring officials are able to tell the difference. (Speaking as one who spent a good chunk of the last couple months looking at code samples submitted by applicants for one of those positions.)

Sorry, but I've had it with knee-jerk XML bashing.

SQL !!!

Many years ago Edgar Codd presented up a complete model for storing data: the relational model. It was complete and sound, which no other data model is. It is based on predicate logic (to give meaning to the data) and set theory. You can store any kind of data in a relational database.

To implement the relational model you just have to implement a number of set operators and relational operators (project, join, etc), and you have to enforce arbitrary constraints on the data.

Much like arithmetic (add, subtract, multiply), all you have to do is implement these concepts in a computer and you'd have a system that works very much like the model describes.

Yet, somehow, the standard that emerged, SQL, seems to be from an alien planet, bearing only fleeting similarity to the relational model.

Example: If you're working with *sets*, you should use set notation. Not "SELECT * FROM Customer", but just "Customer". Not "SELECT * FROM Customer JOIN CustomerDetails ON Customer.id = CustomerDetails.id" but "Customer JOIN CustomerDetails".

Example: SQL doesn't enforce the idea that relations are sets. So it allows columns with the same name, it allows positional specification of columns (ORDER BY 2 is allowed, but not the same as ORDER BY 1+1 by the way), it allows *duplicate rows*!! Argh. The relational model requires all rows to have a candidate key.

Example: SQL doesn't allow you to compare query results. You can't say "give me a list of customers who purchased every book by author X" without bending over backwards. In a relational expression, you can just say, roughly, "Customers WHERE (Customer JOIN Purchases) = (Books WHERE Author = 'Joe')".. notice that the first "=" is comparing two SETS.

Example: SQL has NULLs. Anybody who has worked with an SQL database knows exactly what a pain NULLs are. Quick, why does COUNT(*) count NULLs but SUM(*) doesn't? I don't know either. Certainly has nothing to do with the relational model. And to add insult to injury, SQL makes NULLable columns the default.

Example: SQL differentiates between views and tables. You can't usually update a view. However the relational model says, you should be able to interchange views and tables completely. This means the most powerful abstraction feature of the relational model is completely missing! It's like programming in a language without subroutines or functions. (Yes some DBs allow a limited subset of updateable views, and some allow you to specify your own SQL triggers to update them, but that's not exactly the same as having the DB *infer* the constraints and rules itself for any view).

Example: SQL doesn't allow arbitrary relational expressions. In fact there is a special name for nested expressions in SQL: "subselects" or "subqueries". As if this is something special. How often to do you use parenthesis in your math statements "2 * (a+4)". If math was SQL, that would be "OPERATE ON (OPERATE ON a WITH 4 USING ADD) WITH 2 USING MULTIPLY" or some nonsense.

Example: SQL makes it difficult to create new types. So objects have to be "decomposed" into columns, and we have to have junk like "ORM layers" whose purpose is to splatter and unsplatter objects over and over again, instead of just being able to say "Customers" and getting a list of objects directly.

The list goes ON AND ON. When people talk about the limitations of the relational model, they are talking about the limitations of SQL!

So, yeah, SQL is the big suck. I don't know why other parts of programming have so much innovation (how many programming languages are there? Programming paradigms?), but SQL is stuck in this bizarro backwards world.

Please, if any open source programmers out there want to make something really useful, please create a truly relational database system! Just pick up any DB textbook and implement what you read, it's all there waiting for somebody to *do* it!!! I know it will happen someday....

Re:SQL !!!

[justinb1]

Example: SQL differentiates between views and tables. You can't usually update a view. However the relational model says, you should be able to interchange views and tables completely. This means the most powerful abstraction feature of the relational model is completely missing! It's like programming in a language without subroutines or functions. (Yes some DBs allow a limited subset of updateable views, and some allow you to specify your own SQL triggers to update them, but that's not exactly the same as having the DB *infer* the constraints and rules itself for any view).

CREATE VIEW vw_CantUpdateMe
as

SELECT CustomerID, SUM(TransactionCharge) as TransactionTotal
FROM CustomerTransactions
GROUP BY CustomerID

go

UPDATE vw_CantUpdateMe
SET TransactionTotal = 496.95
WHERE CustomerID = 12

What exactly should happen in the mythically perfect updatable views universe?

XML design flaws:

[Frans+Faase]

Apart from the lexical syntax being used XML, which is not very easy to parse at all, it has several design flaws, such as there are:

• No explicit distinction between different kind of values, e.g. booleans, numbers and strings.
• No explicit distinction between sets and lists.
• No explicit distinction between identifying and non-identifying properties.
• No explicit mechanism for defining internal references.
• Does not allows complete typing of the values, instead of through an external defined schema.

Re:XML design flaws:

[Frans+Faase]

No. Although I have to admit that the syntax of LISP is much easier to parse than XML and that it is basically the same. LISP is also a little more compact than XML.

But using LISP instead of XML syntax would not solve any of the mentioned problems.

Re:XML design flaws:

[Frans+Faase]

It's easier to parse than virtually anything else whatsoever. Why? Because 99% of programmers don't parse it. They use a pre-existing XML parser.

Yes, that is true. But those parser are complex, and each increasement in complexity also has an impact on parsing speed.

XML Schema and NG have already solved this.

The fact is that XML Schema is hardly used by any one. It could have been in the XML standard, but because XML comes from a domain where people work with textual documents, nobody thought about the fact that you might want to have a proper representation for other datatypes, such as integers, times, dates. With little effort it could have been put in XML. Please remember that this topic is about design flaws. Things that could have been done correctly in the first place, but where not done properly.

Why is this a problem?

There is an essential difference between sets and lists. One implies an ordering, the other not. XML is claiming to be a self explainatory representation of data. Because XML does not make this distinction, it is a flaw.

ID does this

There can be more than one identifying property. Another flaw of XML is that it does that you often have the choice between representing data as contents or as attributes. There is a logical distinction between contents and attributes, but the problem is that the kind of values that you can represent in attributes are rather limited. This means that you have to revert to using additional tags for representing "complex" attributes. BTW, I never knew that the ID attribute had some special meaning. And I can also not know of any XML parser that do anything special with this.

IDREF and IDREFS does this.

Again this is not commonly used. And again it is a after the fact fix of a design flaw. It is almost always a design flaw when certain "names" are given a special meaning and semantic.

Re:XML design flaws:

[davegaramond]

It's easier to parse than virtually anything else whatsoever. Why? Because 99% of programmers don't parse it. They use a pre-existing XML parser.

Well, if we don't care so much having to write our own parser, why not choose a nicer, easier-to-type format instead?

When I think about it, XML scores pretty badly ("C or D student") as a data storage (or one would argue, also as markup) format.

* EASY TO PARSE: not really

* COMPACT: no

* EASY TO TYPE: no (too much to type and all those angle brackets...)

* EASY TO READ: not the easiest for the eye

* FEATURE-RICH: no (no builtin datatypes, no syntax for intradocument references, no macro, no directives/flags, etc.)

No wonder people hate XML so much...

SNMP V2

[Muad'Dave]

My goodness, what a mess! 'Nuff said.

Perl's 2/3 digit year

[fuzzy12345]

Remember that Perl bit that returned the number of years since 1900? Back when everyone used Perl for Internet stuff, they could count on that being a two digit number. Seeing stuff on the net dated 1/12/105 - that slays me!

Re:Perl's 2/3 digit year

[danpritts]

it's not perl - it's the C library.

man 3 localtime

MIME & Quoted Printable

[Frodo420024]

At least that's the only time I've heard Linus suggest to go out shoot anyone :)

Linus in Flame Mode

Re:LOL AT TEH WINDOZE AHAEAHEA IS TEH FUNNAY

[sebFlyte]

*applauds* Slightly lacking in subtlety, but i think that's needed.

TIME_WAIT in TCP

[Harry+Balls]

One cannot, while remaining TCP standard compliant, continue to initiate (with SYN) and terminate (with FIN) tens of thousands of [short] TCP connections to the same destination without either:
1. slowing down to a crawl because all available ephemeral source ports are already in TIME_WAIT state (and thus not available for the new connection)
or
2. "reaping" such source ports that are in TIME_WAIT state prematurely, thereby violating the TIME_WAIT mandate of the TCP standard.

With faster and faster network cards (think 10 Gigabit) now readily available, this issue is getting worse and worse.

Most manufacturers choose to workaround number 2, by the way, undoubtedly in order not to jeopardize benchmarks.

Having 32 bit port numbers in TCP would alleviate this problem somewhat, at the expense of memory (all these 4-tuples in TIME_WAIT state obviously occupy memory). But this argument is moot, since port numbers are just 16 bits.

(Why would you want to continuously open short connections to the same host over and over again? Think two back-to-back application level firewalls. Think eCommerce credit card authorization. There are many situations where this may be necessary.)

HTML.... well, sort of

[jeffkjo1]

Just curious what the Slashdot crowd thinks are the worst bugs ever to creep into a standard?

Having survived the great Revision '4.0' Browser wars, I have to say the worst 'bugs' ever were the proprietary extensions that crepts into Netscape and IE. It made it so difficult to design any sort of advanced page without all sorts of duplicate (albeight slightly different) code to satisfy both browsers.

VLANs

[macdaddy]

No authentication or encryption in the 802.1Q standard. Ya'll can think Cisco for this fuckup. There were a number of pre-standard VLAN-like implementations back in the day. Most had authentication and encryption between 802.1Q switches and routers. Cisco's didn't however. It didn't have jack. However they put their pre-standard implementation on every single device they made and by default embraced a ground up approach to the use of VLANs, their VLANs. Unfortunately Cisco's implementation became so wide-spread that the IEEE 802.1Q working group ratifying any other VLAN implementation other than one compatible with Cisco's would lead to the creation of a standard that the majority of the market would ignore. The majority ran Cisco hardware and did anything Cisco told them. That's what I call a monopoly (or was a monopoly). Not all the competing standards died right away. Enterasys' (Cabletron's) pre-standard implementation called SecureFast thrived for years due to its widespread use within its userbase. It had so many features that netadms needed quite badly that they were willing to go with a homogenous Enterasys environment to get it. Cisco screwed the pooch and we netadms have been stuck paying the price since, what, December 2000 IIRC? Thanks Cisco.

That's more the lack of a standard

[pjc50]

There is no standard (as in, made by a standards group) way of installing software either on Linux or Windows. In the case of Windows, you have the de facto standard of InstallShield.

And on modern linux distros it can almost be as simple as on Windows, provided the software is shipped as an RPM. Open CD, doubleclick the package, enter root password, done.

YAML vs XML (Re:XML. For existing at all.)

[davegaramond]

If you are typing it from scratch, you'll want a quick way to check the syntax. AKA validation.

YAML parser will validate your YAML documents, much like an XML parser validate XML documents. And additionally you can quickly check the syntax with your _eyes_, since YAML uses indentation.

YAML also has builtin datatypes, so when you load it, you will automatically get a data structure of strings, numbers, symbols, etc. instead of just strings for all values. And thus you save time by not having to cast datatypes.

Basically, I've ditched XML and used YAML for all my config files and I've never been happier.

FTP, Telnet, HTTP

[Ancient_Hacker]

FTP:

• Passwords in the clear!
• No standard file listing format, so you have to be a human or very clever code to extract the file names.
• Requests that get out of sync with replies.
• Using separate connections for cmds and data, and random ones at that.
• No directory transfer cmd.

Telnet:

• The wonderfully flexible and broken option negotiations, which took several RFC's to describe the various race conditions therein, and the recommended kludges for avoiding or exiting same.
• The various bizarre modes to support totally obsolete comm protocols.
• The lack of recognition by the RFC's of ANSI or VT-100 formatting, both de-facto standards.

HTTP:

• The bizarre decision to have the client speak first, as if the client wouldnt want to know what the server is capable of.
• The bizarre and perhaps unwritten rules about what to do with missing HTTP/version info.
• The AFAIK unwritten rules about what to do with partial push data.
• Not HTTP, but the whole JavaScript mess. Undeclared variables, a good thing?

Re: FTP, Telnet, HTTP

[Ironsides]

FTP: Thats why they invented SSH

USB

[FrankSchwab]

I can't believe no one's mentioned this, even after the RS-232 thread above...

After 40 years of screwing around with RS-232 (different combinations of Male, Female, 9, 25, DTR, DSR), a committee has a chance to define a new computer-to-peripheral interface...

And they design one with two different connectors ( A and B), with male and female ends, and with a master-slave physical and logical architecture. And, the connectors do not work if you try to plug them in upside down.

So, I have to have (again!) an entire zoo of USB cables and adapters to connect things. I own: 0. Standard A-B cables
1. An A-A USB cable for connecting my Archos MP3 player
2. An A(Female) to A(Male) extension cable
3. An A to mini-B cable to connect my Camera
About the only thing I don't have is a B-B cable.

Would it have been so hard to create a hermaphroditic, small connector that autonegotiated master/slave at connection time? That connected no matter what orientation the connector was in (think headphone jack)?

Re:USB

[danpritts]

while we're picking on USB let's remember my two favorites.

1) the connectors don't have a positive lock mechanism

2) A connectors are just as wide as RJ-45 connectors and you can, in fact, plug one in to an ethernet jack. and it seems right since there is no positive lock. but strangely enough it doesn't work.

Re:USB

[Ironsides]

1) There is actually 4 different connectors for USB (A,B, mini, micro). Each with M/F ends. Not sure why they have both A and B, but the reason for mini and micro is for really small devices that can't fit a larger (A/B) port on (mp3 players) and they aren't for permanent connections like the larger ones are used for (printers). As for the hermaphroditic connector like a headphone jack? Thats cause the headphone plug is the only design (round cylinder) that that works for. And past 4 pins, you really need a different plug for it to work efficiently and in a small space. Also, I personally find the headphone jaks realtively easy to break compared to others. Finally, the reason for not having them reversable is that that would be a pain from the point of determining which side was for sending data and recieving. Lets remember that USB was invented before 1997 and computers were a lot less powerful.

Will admot that a better design like the Fire Wire "notch" would have been better, thugh.

Thanks all for an excellent discussion

[ar]

Summary Here

802.11 self-interference

[TheClassic]

Wi-fi traffic jam http://ask.slashdot.org/article.pl?sid=05/01/11/15 7239&tid=193&tid=222&tid=4

MPG2

[Ironsides]

MPEG-2 and Dolby are both proprietary. VC-1 is nothing new when it comes to proprietary codecs becoming a standard.

P.S. MPEG-2 is used as the encoding format for the current DVD video.

Re:LOL AT TEH WINDOZE AHAEAHEA IS TEH FUNNAY

[Ironsides]

Monopoly is bad for the customer, declines the economy's well-being and puts a hold on innovation.

I would disagree with this simply from the example of AT&T. They were innovating like crazy at bell labs where they were pumping all the money into and kept a very high quality of service for the phones. The only problem they had was the prices they had to charge for long distance phones. This was caused by the local governments not letting them charge the cost of local calls and so they had to make up the money on long distance fees. As I understand it, if AT&T had stayed together we would have ALL (everyone) had DSL in the 1980's and probably fibre by now.

Monopolies are only a problem when the people running them get lazy and decide to stop doing things. AT&T never did while it was intact because they kept funding bell labs.

Amen

[angedinoir]

I know you're not supposed to post this, but a-fuckin-men. This voices the reason why I gave up linux and went back to windows.

PNG not supporting animation

[fyngyrz]

One of the key ideas behind PNG was to replace GIF. But the PNG developers blew it by not specifying in the same kind of animation capabilities that Netscape's mutated GIF -- which was really the standard -- offered. It didn't kill PNG, but it sure as heck crippled acceptance severely. And that was a darned shame. Opportunity lost on several levels.

And the mega-uber-bandaid MNG -- you don't want to get me started on what a mess that whole screwup was and is.

Re:LOL AT TEH WINDOZE AHAEAHEA IS TEH FUNNAY

[agent]

Is that a threat?
You should get out side and do some physical activity.
Peace.