Slashdot Mirror
Worst Bug or Shortcomings in a Standard?
Alastair asks: "Just curious what the Slashdot crowd thinks are the worst bugs ever to creep into a standard? For mine, the various security vulnerabilities in WEP would make the grade. Also perhaps the lack of a protocol field in HDLC, and which most implementations added in a non-compatible way. I'm thinking here about bugs which result in partial or total irrelevance of the standard itself, as opposed to just a lack of interest in adopting it."
'Nuff said.
Stop the world; I need to get off.
I love WEP. I see nothing wrong with it at all. It's so secure...
I wish there was a way to install programs common accross all versions of linux.
/tmp or the installer will dump core. After the installer is done, edit /etc/X11/XF86Config and add a section called "GL" and put "driver nv" in it. Make sure you have the latest version of X and Linux kernel 2.6 or else X will segfault when you start. OK, run the Quake 3 installer and make sure you set the proper group and setuid permissions on quake3.bin. If you want sound, look here [link to another obscure web site], which is a short HOWTO on how to get sound in Quake 3. That's all there is to it!"
Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".
Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:
User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in
User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"
So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.
This is stupid, but it bugs me that we're stuck with "Referer" in HTTP.
Standards are very unclear when you have to encode utf-8 'subject' header. Looks like there is no distinction between bytes and characters. I had to write automatic UTF-8 mailer last year. There were many, many issues with UTF-8 headers in different MUA. Especially with mix of english and non-neglish words in 'Subject'. Finally we decided to send two separate messages in two different 8-bit encodings.
Most people don't call it a "bug" but I do; the operator overloading of '+', '+=' and '=' in the Java specification's String class.
Why is this a bug? Because the creators of the standard explicitely denounce operator overloading yet they do it anyway for this exception. Operator overloading is explicitely not possible in Java... except this one time.
If it is so incredibly useful in this particular case that they would bend the specification for it, can't they understand that it would be useful for other classes (ie. Matrix classes or even the standard Number classes) too?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Mirc file transfer sends data in packets, and waits for an ack for each packet.
Over tcp.
TCP of course already does this, and this just makes sending files very very slow. It should have just sent it as a single stream.
It should have been female connectors with only one pinout (e.g DCE) on all equipment supporting RS232, and all RS232 cables should be crossed (null modems).
Instead we have a complete mess with male and female connectors, straight and crossed cables. Is pin 2 receive or transmit? Dohhh.
Why female connectors on boxes? Male connectors are more fragile. If the pins break, replace (or repair) the cable. The female connector on the box is OK.
Luckily, RS232 are dying ;-)
RFC1925
That's not a bug/shortcoming in a specification. That's a bug/shortcoming in an application.
Funnily enough, I thought of sending XHTML as text/html when this story popped up. There is a problem with the specification.
The latest RFC for text/html claims that the XHTML 1.0 specification defines a profile that is compatible with HTML, and that you are allowed to label this as text/html.
The first shortcoming is that it doesn't bother mentioning this "profile" by name. Most people take it to mean Appendix C.
Here's the kicker though: Appendix C XHTML is not compatible with HTML. No form of XHTML is. XHTML can be compatible with most HTML user-agents, but only because most HTML user-agents don't fully support HTML.
You see, HTML allows an SGML short cut. Instead of writing, say, <h1>My Heading</h1>, you can write <h1/My Heading/, and it will mean the same thing. Or at least it should.
Only a few user-agents implement this though. Emacs/W3. The W3C validator. A couple of search engines. The rest, including every browser you are likely to have heard of, uniformly ignore this part of the specification.
Here lies the trouble. XHTML uses a slash inside a tag to mean something completely different - that it is an empty element. The HTML for a a meta element might be <meta name="author" content="foo">.
Since HTML, based on SGML, expects a fairly smart parser that can figure out from context and the document type where an element ends, this can be an empty element without explicitly marking it as such or using an end tag.
XHTML, on the other hand, had a design goal of allowing parsers to be a bit more stupid. One of the results of this was that you have to explicitly mark empty elements with a slash as the last character inside a tag. So the XHTML equivalent of the above HTML is <meta name="author" content="foo" />.
Of course, because they used a slash, instead of practically any other character, this made XHTML fundamentally incompatible with HTML. Because if you read the XHTML version as if it were HTML, it means <meta name="author" content="foo">>. Note the trailing >.
HTML user-agents that implement the shortcut will break when they encounter XHTML that is labelled as text/html. This could have been avoided by simply picking a different character to signify empty elements. Of course, because neither of the two biggest browsers ever bothered to implement this part of HTML (Mozilla still doesn't, for everybody who claims it is "standards compliant" [sic]), nobody much cares - niche browsers can go screw themselves, right?
Somebody else mentioned the Referer misspelling, but another problem I dislike in HTTP is that language tags don't generalise. For instance, if your browser sends Accept-Language: en-US;q=1.0, de;q=0.5 to signify that the user prefers American English, but can make do with German, according to the specification, a server with English (note: English, not American English) and German resources is supposed to supply the German resource to the user.
Of course, Internet Explorer and Safari come preconfigured with en-US without en as a fallback, which means that anybody who is content negiotiating can either follow the specification and be broken for these clients, or follow Internet Explorer and Safari, and be broken for any client that follows the specification.
Another problem I dislike is that of underscores in CSS 2. CSS 2 doesn't allow unescaped underscores in selectors. CSS 2 does allow unescaped underscores in selectors.
What's that? I've just contradicted myself? Not me - the CSS 2 specification. The W3C sneaked in a change to CSS under the guise of "errata". This results in people getting an error when they try and validate their CSS that contains un
Sure a well defined markup language is nice but really, people seem to loose all rational sense when it comes to XML - It cannot be used in a project without the project becomming "XML"? Scripting languages have been capable of processing all manner of free form text files in the past but somehow XML is necessary for interoperation? Why do people somehow think that XML encapsulated data will be small and quick to parse and are then suprised when it isn't? Why are they so fucking proud when their server can generate some trivial number of XML packets per second? What nutjob actually thought XML is easy to read? And what is the difference between a node an an attribute? Really?
I compare modern linux (slackware 10) to windows 98 because that's what I can get on my budget.
I am trolling
It's not a huge problem to avoid, but unless you're draconian about using standard safe time math routines, it'll bite you .. eventually .. when you least expect it .. at a customer site running Martian Standard Time at local midnight. (Which will still be a bad hour for you to get a call no matter where it is.)
And all because someone thought it would be pretty nifty to use floating point. Don't they teach the inherent dangers of round off or truncation errors in school these days? (And before someone automatically jumps on MS, with all the UNIX standards, what are you using? Is it safe?)
One line blog. I hear that they're called Twitters now.
A current example would be packing VC-1 into both Blu-ray and HD DVD.
Though software patents are currently only a problem in the U.S., I'd still say that they threat of stealth patents would be the worst bug. Proprietary material shouldn't get through the standards process.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
My wall sockets have little security either. At most there's a fuse, breaker or penny for protection. No user authentication or load request handshaking and management. It's shocking.
One line blog. I hear that they're called Twitters now.
The overloading of the bit-shift operators > for streams in C++. Kludge city! And C++'s templates don't exactly come out smelling of roses either.
Grab.
IMAP should be a powerful idea in principle but it looks like it has been implemented by people who haven't had much experience with programming concurrent systems. I've learn about this the hard way while writing an IMAP server.
Using IMAP it should be possible for several clients to connect to the same account simultaneously. Changes made by one are reflected in the others as they happen, since the server sends updates describing these changes. Think model-view-controller. (Some clients ignore these updates, but that's another problem.) This is great in theory, but I'll mention two ways in which it's broken.
First, each client connection can receive updates for only one mailbox at a time. There is no fundamental reason why this has to be, but that's how IMAP works. So you can't be notified when new messages arrive in mailboxes other than the one you're viewing. Clients have to poll to work around this.
Second, messages have message numbers and these change when a mailbox is expunged. But there is a race condition: if one client expunges and another fetches, the second may get the message as numbered before or after the expunge. There is no way to work around this apart from disabling expunge.
The conclusion that I came to in the end was that for something as complex as what IMAP is trying to be it would be much better to build a standard on top of an abstraction layer like CORBA. CORBA provides an efficient binary over-the-wire protocol, rather than the ASCII of IMAP, and has been developed by people who really understand the concurrency issues inherent in the problem.
Reversable cables? Come on that is so unnessecary! And making them wide and flat come on!
:(
Plus the whole master/slave system is kinda fun.
Basically it's the only thing a novice couldn't figure out on their own when doing an install
It was a de facto standard to use two digits to encode the year, which caused a lot of fun a few years ago.
With the space available on a CD, they should have allowed space for Artist / Album / Songname / etc on the disk itself.
Beyond basing a standard for managing stateful telecommunications sessions on a protocol for stateless bulk data transport, the most blatant silliness in the SIP standard was the original "Alert-Info" header. The Alert-Info header allowed the calling party to specify the ring tone/sound by listing a URL that the receiving device would automatically attempt to fetch and play without waiting on the recipient user to allow/disallow it.
Others:
List of Evil SIP ideas
Oh, and never updating the SIP version string despite syntax changes in the standard is evil.
Linking college computers to military base computers is *exactly* the situation in which I would think you'd want security ...
NFS is inherently flawed in it's transaction acknowledgement and retry behavior.
Back before M$ had Linux to kick around, there was the UNIX-Haters Handbook. I worked at Apollo/HP with a UNIX-Hater zealot. He enlightened me on the serious flaws in NFS, which I had experienced first-hand on a few occasions.
A quote from the book: (page 287)
So even though NFS builds its reputation on being a "stateless" file system, it's all a big lie. The server is filled with state--a whole disk worth. Every single process on the client has state. It's only the NFS protocol that is stateless. And every single gross hack that's become part of the NFS "standard" is an attempt to cover up that lie, gloss it over, and try to make it seem that it isn't so bad.
"No matter where you go, there you are." -- Buckaroo Banzai
The Socket class is astonishingly broken
.Net does.
.Net throws and exception if you try to Select() on a list of more than about 30 sockets.
IPAddresses are frequently imported/exported at Longs - 8 bytes with a sign bit
Port numbers are 4 byte signed integers.
Sure, Java doesn't have a signed int or long but
Now they introduced a way to get the IP address as an array of bytes, so that you can support IPv6, problem is the constructor that takes a byte array will only accept a 16 byte address, not a 4 byte one for us IPv4 users. On top of this they've deprecated the only other method that can get you an ip address in binary format.
So if you want to serialize an IP address you have to either get it as a Long and cast it to an unsigned int - this generates all sorts of compiler warnings, so forget about clean compiles. Or you can get the address as a byte array and then on reception you have to turn it into an unsigned long.
Oh yeah, there's no documentation on what the environment does about the endianess of IP addresses converted into longs.
Now... we''ve also got the alarmingly bad Select() method which requires you to build lists of the sockets you're interested in and then proceeds to prune these to only leave the ones where activity has happened. Problem is that you can't reuse these lists so you need to construct them every time so you end up spending more CPU on building lists than you do on simply scanning the list of open sockets. Not that it matters,
Another retarded design decision is the implementatino of non-blocking IO and EAGAIN, they decided that this should be implemented as an exception. And we all know how fast exceptions are.
Grrrrrrrrr
I could go on and on.
See the HTML 4.0 recommendation. I literally hit something when I first read this back in '97 (yes, I sometimes read standards documents and RFC's for fun
Remember that HTML is a markup language, and see above where the W3C intentionally took away contextual information from the document.
Keep in mind this was *after* the release of CSS1 (Cascading Style Sheets, level 1 W3C Recommendation 17 Dec 1996 vs. HTML 4.0 Specification W3C Recommendation 18-Dec-1997)
99% of websites on the planet have something you could consider a "menu", or "tabs" of some kind. Wouldn't it be nice if we had a particular tag for that, like "<menu>"? (we do
Nowadays, lots of people are linking to other people (a <dir>ectory) of people with blogrolls, wouldn't it be nice to wrap those in a <dir> list and style them separately, without using arbitrary <ul class="blah"> tags? Or perhaps a list of files available for download (<dir>), or a list of (perhaps) emails in a web mailing client.
Not that there's anything preventing use of ad-hoc class tags to achieve the same effect, but there is semantic information (especially in <menu>) that can be put to good use when standardized like this. Everybody complains about screen-readers, wrap / auto-skip anything in a menu tag. Make a special button that pops up (or reads) anything in a <menu>. Grr. The web could have been just a tiny bit better without that move by the W3C.
--Robert
Plenty of stupid stuff in SQL.
Why a different format for update and insert?
update table set field1=value1,field2=value2 where rowid=x
vs
insert into table (field1,field2) values (value1,value2).
--
I don't know about "worst" but could the SQL standard be partly to blame for why porting data from one DB to another is hard in most cases...
e.g. not covering stuff that most people find useful or even vital? And thus letting Oracle etc each define their own ways of doing things.
Yes, XML has been overhyped. Yes, it is used in many places where it's not appropriate. But it's completely unfair to tar an entire language and suite of associated technologies because of the way it's abused. Is Flash an inferior product because there are idiots who put loud, bloated Flash intros on their websites when a nice compact CSS-based splash page would do?
A lot of people (notably on Slashdot) have the notion that when it comes to data XML is verbose and redundant with existing data formats and programming languages, and that when it comes to text XML is overkill because good ol' ASCII is all you need. Well, if the only things in the world that ever needed archiving, searching, and retrieval were highly structured data and Usenet news posts those would be defensible opinions. But those aren't the only things in the world. There is a huge, huge amount of content that consists of heterogenous mixtures of strictly typed data, free-form data, and text in various languages (including the languages of mathematics, of music, of graphics...). As of 2005, there's no better format with which to store it and process it than XML.
Do a Google search on /'digital library' XML/ or try /XML site:loc.gov/ for example. And if you ever talk to anyone who's done serious programming for the kind of projects you'll find mentioned there, you'll discover they have skills that incommensurate with those of the people who put "XML" on their resume because they once used xsltproc to generate simple HTML output from a simple XSLT stylesheet. And believe it or not, some hiring officials are able to tell the difference. (Speaking as one who spent a good chunk of the last couple months looking at code samples submitted by applicants for one of those positions.)
Sorry, but I've had it with knee-jerk XML bashing.
Many years ago Edgar Codd presented up a complete model for storing data: the relational model. It was complete and sound, which no other data model is. It is based on predicate logic (to give meaning to the data) and set theory. You can store any kind of data in a relational database.
To implement the relational model you just have to implement a number of set operators and relational operators (project, join, etc), and you have to enforce arbitrary constraints on the data.
Much like arithmetic (add, subtract, multiply), all you have to do is implement these concepts in a computer and you'd have a system that works very much like the model describes.
Yet, somehow, the standard that emerged, SQL, seems to be from an alien planet, bearing only fleeting similarity to the relational model.
Example: If you're working with *sets*, you should use set notation. Not "SELECT * FROM Customer", but just "Customer". Not "SELECT * FROM Customer JOIN CustomerDetails ON Customer.id = CustomerDetails.id" but "Customer JOIN CustomerDetails".
Example: SQL doesn't enforce the idea that relations are sets. So it allows columns with the same name, it allows positional specification of columns (ORDER BY 2 is allowed, but not the same as ORDER BY 1+1 by the way), it allows *duplicate rows*!! Argh. The relational model requires all rows to have a candidate key.
Example: SQL doesn't allow you to compare query results. You can't say "give me a list of customers who purchased every book by author X" without bending over backwards. In a relational expression, you can just say, roughly, "Customers WHERE (Customer JOIN Purchases) = (Books WHERE Author = 'Joe')".. notice that the first "=" is comparing two SETS.
Example: SQL has NULLs. Anybody who has worked with an SQL database knows exactly what a pain NULLs are. Quick, why does COUNT(*) count NULLs but SUM(*) doesn't? I don't know either. Certainly has nothing to do with the relational model. And to add insult to injury, SQL makes NULLable columns the default.
Example: SQL differentiates between views and tables. You can't usually update a view. However the relational model says, you should be able to interchange views and tables completely. This means the most powerful abstraction feature of the relational model is completely missing! It's like programming in a language without subroutines or functions. (Yes some DBs allow a limited subset of updateable views, and some allow you to specify your own SQL triggers to update them, but that's not exactly the same as having the DB *infer* the constraints and rules itself for any view).
Example: SQL doesn't allow arbitrary relational expressions. In fact there is a special name for nested expressions in SQL: "subselects" or "subqueries". As if this is something special. How often to do you use parenthesis in your math statements "2 * (a+4)". If math was SQL, that would be "OPERATE ON (OPERATE ON a WITH 4 USING ADD) WITH 2 USING MULTIPLY" or some nonsense.
Example: SQL makes it difficult to create new types. So objects have to be "decomposed" into columns, and we have to have junk like "ORM layers" whose purpose is to splatter and unsplatter objects over and over again, instead of just being able to say "Customers" and getting a list of objects directly.
The list goes ON AND ON. When people talk about the limitations of the relational model, they are talking about the limitations of SQL!
So, yeah, SQL is the big suck. I don't know why other parts of programming have so much innovation (how many programming languages are there? Programming paradigms?), but SQL is stuck in this bizarro backwards world.
Please, if any open source programmers out there want to make something really useful, please create a truly relational database system! Just pick up any DB textbook and implement what you read, it's all there waiting for somebody to *do* it!!! I know it will happen someday....