Good For Interchange / Bad For Applications
on
Why XML Doesn't Suck
·
· Score: 3, Insightful
Most of his (excellent) points have to do with exchanging data between applications (with long-term storage being essentially a special case of that). And he's right -- for those, XML is a huge win, and we should all bow down and worship at its feet.
However, because XML is such a huge buzzword now, people are proposing (or insisting on) using it as a format at the heart of complicated applications. Where anyone would have said 'Use a database' a few years ago.
In doing so, people are losing sight of the essential beauty of the relational data model. With a RDBM, you, the programmer, have tremendous flexibility about *how* you view your data. This is a huge win inside of an application. XML forces you to commit to one specific view of your data. Yes, if that data needs to live forever and yes, if that data needs to get sent to someone else, than by all means, store it in an XML file. But if you need to *do* something with that data, you're going to be much happier with a relational db.
We've all heard the speculation that Microsoft is paying people to read/. and fill its discussions with pro-M$ comments. I always thought this
sounded kind of paranoid, but...
Call me crazy, but it looks like our friend
marauder404 is one of said
M$oft employees. Take a look at his list of comments. Not only are almost
all of them supporting The Beast, but they do so in the sort of marketing
weaselese that only people working in PR produce.
Honestly, I felt the same way -- I didn't think it was the next big
thing at all. But after seeing some pictures and doing a lot of reading,
I'm convinced that it's worth a second look. It may not be for me, but I'm
definitely going to check it out.(1)
and
1. Don't knock it till you've tried it. I'm still somewhat skeptical,
but I took some time to research it and hope to use one soon.(2)
Doesn't that prose remind you a bit of the debunked Switch campaign from a
few weeks back? And, he's not skeptical at all -- he echoes back the most
ludicrous claims of M$:
I also hope that the handwriting recognition is fast enough to keep up
with me -- I hear that it scans 133 times per second and makes several
guesses at what you're trying to write and anticipates. When it misses
(something like 5 out of every 10,000), it'll present some options.(3)
Funny, I hear (from David Pogue at the NYTimes), that the handwriting
recognition makes plenty of errors and that "Each mistaken
transcription, botched punctuation mark and improperly capitalized word
forces you into an excruciating spasm of touch-screen microsurgery." And
what kind of BS is "it scans 133 times per second"? I don't even know what
that means.
My fave is when he asks for our sympathy for the M$oft execs who were
demoing them tablets and had 25% of them fail:
Ever have a system problem while trying to demo something? You
downplay it, any way you can. I saw one poor guy struggle for twenty
minutes trying to get something to work in front of 1,500 people.(4)
Oh, right, it's natural to think of M$oft execs as the "poor guy", and we
should all put ourselves in their shoes.
Other totals:
6 subtly pro-M$ comments in the "Open Source More Expensive In the
Long Run?" story
1 pro-IE comment in "Mozilla: The Good And The Bad"
The following absolute beauty in the "Microsoft Anti-Trust Rulings
Due Tomorrow" discussion:
You're basically saying Microsoft is behaving like every other major
company in corporate America and like thousands of other organizations --
trying to buy some influence. No need to single out Microsoft for having
done this -- there are many others that are just as guilty or
worse. Welcome to American politics. 5
He also tosses in a few non-M$ related comments here and there, but the
trend is clear.
So, what to do about this? Well, I thought I should mention it in this
comment. And, hey, maybe I'm wrong. Maybe he just really likes M$ and
happens to talk like one of their PR people. He has every right to do so.
But everyone reading his opinions should consider the distinct possibility
that he is getting paid to write here on our beloved/.
In case you thought that Microsoft was serious about trying to make their products more secure, check this baby out:
'When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation regarding security. "The fact that I even mentioned the Message Queuing thing bothers me," he said.'
I love that! 'It pains me to admit that our software is dangerously broken, because we're trying really, really hard to convince people that the reputation we have for foisting dangerously broken software on them is totally unfounded.'
I guess if there were trying to work on their actual security, rather than just the reputation, they might act a bit differently (like, by publishing their API's and then working with the security community to get them safe).
As programmers, we are in the position to actually understand the issues
raised by the DMCA and by this suit. We can see how the various industries
involved have extended the rights of a copyright holder in such a way as to
destroy fundamental free speech rights protected by the Constitution. This
is not simply a matter of copyright. It is a matter of free speech.
Society as a whole stands to lose, and they simply don't understand.
RMS paints a grim picture in The Right to
Read. How sure can we be that he's wrong?
We have a responsibility. We must educate others. We must take some of
the profits we make in a market which values our skills and contribute to
the Electronic Frontier Foundation.
Now, I'm all in favor of applying the inflammatory "privacy" epithet to
this case (way to go, Michael!), but there are a few things which you
should clear up:
Assume a paper (call it "Paper"), has purchased a story from a freelancer.
The Paper obtains right to publish it as part of an issue of the paper.
They also obtain the right to include the work in online or CD versions of
the paper. There is absolutely no debate about this. These are considered
alternate versions of the paper (akin to a morning and evening edition).
The current case does not test that at all.
What is in dispute is the Paper's ability to sell that article to an
online database (read: Lexis/Nexis), where it will be collated with
thousands of other articles, and become searchable by author, by subject,
etc.
The freelancers claim that this is not simply an "alternate version" of the
original newspaper issue, but is in fact an entirely new product.
I believe they make a reasonable argument.
BTW, the publishers are trying to scare the court into denying the
freelancer's their copyrights by claiming that, if the decision goes
against the publishers, they will be forced to remove huge amounts of
material from the online archives, which will cause grave damages to
scholarship. This seems like absolute hooey to me -- if there is a market
for those articles, a means will be found to sell them, and for the profits
to go to the authors.
Just to point out that when they say "compulsory", they don't mean they're going to take the songs away from the record labels, but rather that they'll force them to use a particular kind of license, which happens to be called "compulsory".
Check out JWZ's explanation of all this (which was linked to from Slashdot awhile ago):
When reading about this stuff, you'll come across two terms, ``compulsory license'' (also known
as a ``statutory license'') and ``voluntary license'' (also known as a ``negotiated license''.) A
compulsory license is one where the license fee is fixed: you pay the fee, you get the license, no
muss, no fuss. The reason it's called ``compulsory'' is that the licensor has no choice but to grant
you the license if you pay the fee. A voluntary license is one where you negotiate the terms of the
license on a case by case basis, and they don't have to grant you the license at all if they don't feel
like it. So generally, ``compulsory licenses'' are much easier to deal with.
A "compulsory" license would simply remove the record labels' ability to use their copyright power to control distribution (by not licensing to companies with alternative distribution methods). This is their big fear, since their monopoly on distribution ensures them obscene profits.
Surprise, surprise, lots of people on Slashdot seem to be missing the key
to Shneier's argument about digital signatures: it's all about whether or
not they would stand up in court.
A bunch of programmers read about digital signatures and they think "Great,
here's a way to verify that a specific person signed a specific document.
How cool." (And it is very cool, don't get me wrong). Then Shneier comes
along and points out the problems with using these digital signatures to
replace the role of physical signatures in our current legal system (they
won't stand up to court challenge, because it's so easy to claim that the
computer was compromised or the key stolen).
He's right. His point is about the legal system, not about the
philosophical issue about how to verify that someone actually signed
something. Sure physical signatures don't do that, but that doesn't
matter. They work well in our legal system. He argues that digital sigs
won't.
So everyone should stop making such a todo about how he's being
solipsistic, or techophobic or whatever. He's talking about legal
issues.
Peoople shouldn't moderate stuff up just because it's long:
my opinion on written signatures vs digital signatures is that, in the end,
they both rely on a bsic concept: trust in the sytem.
Yeah, and Shneier is talking about how the "system" works: with a
physical signature, you're trusting that someone hasn't forged/copied it,
which is something you can at least try to verify in a courtroom (and
having it notarized is even more useful in that way). With a digital sig,
you're trusting that no one has compromised the signing computer, which is
going to be totally impossible to verify in the courtroom. This is a key
difference in the two "systems", as Shneier explains.
Digital signatures trust that the computer is reliable, and that no one
else has access to the signature. Digital signatures can be copied.
What does this mean? They can be "copied"? A digital signature, by
definition, is attached to a single document. So "copying" it is
meaningless/impossible. In contrast a physical signature can be copied and
placed on a different document.
But, so can written signatures. The articles states that a written
signature guarantees contact between the signer and the document. What
about forgery?
The article also mentions that public notaries are often used for important
documents. Public notaries are people too; they can be bribed.
As Shneier talks about in Secrets & Lies, it's not about making a
system which can't be tricked/hacked/broken/etc. It's about minimizing the
risks of that, so that you can conduct communication and business
meaningfully. Despite your claim that it's all a matter of trust in the
"system", Shneier makes a very clear distinction between physical
signatures, which, though they can be forged and copied, have a reasonable
chance of standing up in court, especially if they've been notarized.
Of course, you could trick this system, but it is difficult enough
to do that that the system works most of the time. In contrast, it's not
clear if a digital sig would ever stand up in court, because you
could always claim that your computer was compromised, which is not the
kind of thing the court can rule on.
And then there is a meaningless rant about how everything can be
broken, making incorrect assumptions about Quantum Computing (which would
only render Public Key algorithms unusable -- it would just require longer
keys for Symmetric algorithms).
And then...
As of yet, only one encryption method has been proven to work flawlessly,
and it's not even encryption: it was the translation of English into Navajo
during World War II.
One-time pads are provably unbreakable. They're just not very useful,
because of the difficulty of distributing pads.
...until you've gotten your hands on the DVD and seen it with subtitles and the with the original vocal talent. The American vocal talent sucked (especially Major Kusanagi), which crippled the movie. With the original voices, it's an incredible film.
Am I the only person who finds themselves wildly swinging back and forth
between sort of fevered anticpation of this series and totally cynical
distrust? I keep on having conversations with myself along the lines of
"This could be so cool!... It it doesn't totally suck".
Plus side: Peter Jackson is pretty cool. Dead Alive is an incredibly
funny, incredibly gross movie. Heavenly Creatures was good. Some of the
casting sounds good. The One Ring preview was good.
Minus Side: Is it even conceivable that they won't fsck it up? I mean, how
can it compare with the depth, the atmosphere, the brilliance of what is
unquestionably the greatest fantasy series of all time?
The scary part is that, with the current set up of the DMCA, companies can
get web hosts to remove criticism simply by threatening them (and, because
of the way the DMCA is structured, it's overwhelmingly in the interests of
the hosting provider to remove the pages in question). There is no need to
go to court, no formal process.
Even if you think @Home is correct in this case, it is absolutely
horrifying that the law has been set up to default to allowing companies to
silence their critics. I mean, we have a Court System. This is why we
have it. If @Home sued to have those pages removed, and their case was
reviewed in a public court of law, and the judge decided that they were
within their rights to request that the material be removed, that would be
one thing. I might disagree with the law, but the process makes sense, and
it has natural checks to prevent abuse (public opinion, presumably
impartial judiciary, etc.)
I find it very scary that the system has been set up to make it so easy for
a company to get pages removed, without any public review.
Okay, the Hack Furby challenge is totally brilliant, but I have to mention
that this isn't just any Peter van der Linden, but the Peter van der
Linden, who wrote
Expert C Programming: Deep C Secrets
Which is one of the best and funniest books on C that I have ever read.
I mean, it actually made me laugh out loud many times.
"If I were stranded on a desert island and could only take one data
structure with me, it would be the hash table."
I couldn't recommend it more highly.
Keep your Amazon-boycott-conscience clear and consider buying it at
Fatbrain.
I just want to remind everyone that, even if CyberPatrol did vet every site
by hand, it would still be censorship, and therefore still be a Bad Thing (IMHO).
If the Government contracts to someone to do their Censorship for them,
it's often much, much worse: the company can be much more secretive about
what they censor ("Trade Secrets! Trade Secrets!"), and we can't hold them
to the same strict first ammendment standards that the courts hold the
government to.
As a huge wave of RMS-bashing gathers on the seas of Slashdot, I have to
say that I find him, once again, pretty inspiring. He challenges us all to
think about what we do in moral terms. This is such a rare thing to
do that people often don't even understand what he's talking about. But
think about it -- he says: Decide what to do based on what you think is
right or wrong. Here is the decision that I have made. Here is why I have
made it.
Who else talks that way? Not -- "Here is a way that will benefit
you the most..." or "Here is a thing to do which will protect you from
something you fear" or "Here is a way to get back at someone you resent."
But instead: "Decide what you think is the right way".
Check out DSL report at
http://www.dslreports.com. A very, very useful site that covers a lot of the issues raised by this story from lots of different angles.
Why would Amazon waste its time trying to sue another online vendor over one-click shopping? total waste of money and very bad brand image PR (which is, after all, Amazon's #1 asset).
I wish I could agree with you, but, in fact, this is precisely what Amazon did -- they sued Barnesandnoble.com (and got a restraining order issued against them) in the height of last year's holiday buying season. I'd have a lot more sympathy for Bezos's point of view if he hadn't gone on the offensive with his patent. As it is, I feel that I have to continue with the boycott.
I've used Dynamo extensively for the last 1.5 years, and I can recommend against it with absolute assurance. It forces you into a slow and unproductive development cycle, it's byzantinely complex, and it's not very reliable. As many of the posts have suggested, you're really going to need to do the basics:
- Improve your db - Cache the living heck out of everything - Buy more memory - Buy more machines - Etc.
And guess what, Dynamo doesn't help you do any of those.
Marketing != Truth
If you want to write server-side Java (not a bad choice), go with Apache's JServ for absolute sure. It is delightful.
First off, I find the spite towards Rob's comment a little bizarre. Sure, it's a touch hyperbolic, but JK can be truly inspiring, and there's nothing wrong with enthusiasm.
Second: Slashdot may or may not have a good UI, but it certainly enjoys a monopoly position.
Are you insane? Do you understand cause and effect in any way? Slashdot is extraordinarily usable, Slashdot is very popular, Slashdot therefore is able to afford adds. To suggest that the causality flows in the other direction is laughable.
I loved that JK touted Slashdot's incredible usability, as witnessed by its incredbile popularity. And that he then made a very insightful point about it being usable for experts and usable for programmers, in particular. This is just the sort of thing which leads me to value JK's writing so much.
First off, I think Jon Katz is commiting his classic blunder of confusing developments in technology with a "revolution".
I read the New York Times every morning, and I find it packed with good writing, informed debate, and outstanding design. I found it completely hilarious that Katz suggested that papers have somehow missed out on the "Graphic Revolution", when nine out of ten websites are virtually unusable because of all the f**ing graphics which the designers pack in there. Memo to world: Pretty Graphics != Good Design.
Newspapers as news organizations seem pretty vital to American discourse right now. Possibly the actual way they deliver the news will change, but, frankly, computer display technology is going to have to get a lot better for that to happen. Even the most interesting things on the web are hard for me to read at any length, because of the massive eye strain. And I, for one, have not moved my computer monitor onto my breakfast table just yet.
But even that is only a small part of the story. Newspaper organizations do an extraordinarily complex job: collecting news, writing it up, editing it, filtering it, etc. They may do that well or poorly, but that job will still have to be done. As much as I love Slashdot, and as much as I talk to everyone I know about it being a new way for news to be distributed and commented on (and even sometimes created), I am very clear on the fact that Slashdot thrives because it exists in the midst of a landscape which is filled with "traditional" news outlets. It's the fact that Slashdot can refer readers to the "full story" elsewhere which makes the whole enterprise work.
Possibly, it would be interesting to consider some of these questions in terms of what people are looking to get from the news. For example, people want to know What Has Happened. Who won a primary? What price did Microsoft close at? What was the score in that baseball game last night? Television and the internet are excellent at answering these questions. However, people also want to understand the ramifications of those events in more depth: What does this mean for the next primary? What is the status of the Microsoft court case? How is the season going for the Red Sox overall? Currently, newspapers are my (and I suspect, many people's) preferred means of getting this sort of analysis of events as they happen. From a broader view, people want to step back and see these events in context of a longer story: What is it like being on the campaign trail? What is the history of Microsoft's monopolistic behavior? Will the Red Sox ever break The Curse? Magazines seem to answer these questions well.
I have to disagree strongly with this idea: "we can't really rely on legalism to protect Open Source software."
The rest of the comment talks about the programmer view of Open Source -- it's better for all of us, basically. The problem with that is that business people do not think that way. They will always be operating for their short-term goals, and they will always be seeing the attractive possibilities of making a lot of money off of closing up the source.
The GPL works tremendously well to keep that in check. Even if we don't see it in court, think about how well it has worked up to now to dissuade business people from taking the source and closing it off. Even if a business thought they might get away with selling GPL'd code against the terms of the license, they'd be running an enormous risk. If they lost that suit, the damages could be enormous. So most businesses don't bother with that risk -- instead, they buy something already closed with a license they can work with and they sell that.
In contrast, take the original BSD code -- something which many programmers think of as "Open" but which is not protected by the GPL. What happened when Unix vendors in the 80's got their hands on it? They all took it, extended it and promptly closed it off.
Whatever else you can say about RMS, I think the GPL is a beautiful thing -- precisely because it gives a precise legal formulation of the author's intentions (if those aren't your intentions, fine, don't use the GPL).
To me this seems like a bit of "The Big Lie" of propietary software in general (and NT in particular). "We know what you need to do, and our software does it". If that was true, I would be willing to pay the price (and even get locked into something propietary once in a while).
However, my consistent experience with propietary software is that, in fact, it doesn't really meet your needs, once your needs have any complexity. At that point, you start trying to adapt it, but you're crippled both because you don't have access to the source, and, more fundamentally, because the authors of the software never intended anyone to extend it.
Re:Everything is Censorship! The sky is falling!
on
Dirty Domains
·
· Score: 1
It's one thing that you're not "supposed to" say "Eat shit and die" (because our society disapproves of it), it's another for the government to enforce that. The problem with censorship is that you are giving the government the right to choose what is appropriate, which is a very dangerous move. I absolutely agree that certain things "shouldn't be said", but I think it is a disaster to set up a group which has legal power to make people adhere to that.
To me, that is what the First Ammendment is all about -- all speech is protected, not just what someone considers "important" or "decent".
People have been taking about writing to Members of the European Parliament -- what can a U.S. citizen do? Is there a Bertelsmann U.S. company to whom we can express our displeasure?
Or, should we be trying to spread this word to U.S. media outlets?
I've been using a proprietary Java app server for about a year now (Dynamo from Art Technology Group), and I've had mixed luck with it. It supports a bunch of useful web-oriented stuff quite well, but it's overly complex, and the proprietary nature has caused a lot of problems.
As I've looked around for other possibilities (Open Source preferred, proprietary considered), I've started to ask the question above: what exactly do we expect an App Server to do?
If you read the marketing materials and press releases, all app servers seem to do everything. However, my sense is that each product is trying to solve one particular problem, and, if you get something which doesn't solve your problem, it's going to be painful to use (at best).
For example, for the database-backed, community-oriented site (like this one, say), what do you need from an app server? My personal vote: - Fast but flexible HTML templating - Database Connection Pooling - Possibly, session management (possibly not) What else? From my experiences with Dynamo, I feel very strongly that you want your app server to support close to the minimal feature set you need, because that will make it simpler, which will make it stable (and easier to use, and all sorts of other good things).
For commerce, you'd need some other things. I haven't built a commerce site. What other things would those be, anyone who has?
Sometimes I think having an App Server for a database-backed web site is setting up a big, complex piece of technology simply to get around the CGI process-spawning performance hit. This seems to me like a Bad Idea, which is why I'm wondering: What are we looking for from an app server?
Incidentally, this site, which was written by a small group (of how many?), serves an incredible number of pages, supports all kinds of collaborative trafficking of information, and is just in general an example of what The Web Should Be, doesn't have an app server at all -- unless you consider Apache and mod_perl to be an app server, which I'd be perfectly willing to do.
Slashdot Mirror
Most of his (excellent) points have to do with exchanging data between applications (with long-term storage being essentially a special case of that). And he's right -- for those, XML is a huge win, and we should all bow down and worship at its feet.
However, because XML is such a huge buzzword now, people are proposing (or insisting on) using it as a format at the heart of complicated applications. Where anyone would have said 'Use a database' a few years ago.
In doing so, people are losing sight of the essential beauty of the relational data model. With a RDBM, you, the programmer, have tremendous flexibility about *how* you view your data. This is a huge win inside of an application. XML forces you to commit to one specific view of your data. Yes, if that data needs to live forever and yes, if that data needs to get sent to someone else, than by all means, store it in an XML file. But if you need to *do* something with that data, you're going to be much happier with a relational db.
-Dan
Call me crazy, but it looks like our friend marauder404 is one of said M$oft employees. Take a look at his list of comments. Not only are almost all of them supporting The Beast, but they do so in the sort of marketing weaselese that only people working in PR produce.
7 Comments in the Microsoft Hypes XP Tablets story, all pro-M$, including such gems as:
Honestly, I felt the same way -- I didn't think it was the next big thing at all. But after seeing some pictures and doing a lot of reading, I'm convinced that it's worth a second look. It may not be for me, but I'm definitely going to check it out. (1)
and
1. Don't knock it till you've tried it. I'm still somewhat skeptical, but I took some time to research it and hope to use one soon. (2)
Doesn't that prose remind you a bit of the debunked Switch campaign from a few weeks back? And, he's not skeptical at all -- he echoes back the most ludicrous claims of M$:
I also hope that the handwriting recognition is fast enough to keep up with me -- I hear that it scans 133 times per second and makes several guesses at what you're trying to write and anticipates. When it misses (something like 5 out of every 10,000), it'll present some options. (3)
Funny, I hear (from David Pogue at the NYTimes), that the handwriting recognition makes plenty of errors and that "Each mistaken transcription, botched punctuation mark and improperly capitalized word forces you into an excruciating spasm of touch-screen microsurgery." And what kind of BS is "it scans 133 times per second"? I don't even know what that means.
My fave is when he asks for our sympathy for the M$oft execs who were demoing them tablets and had 25% of them fail:
Ever have a system problem while trying to demo something? You downplay it, any way you can. I saw one poor guy struggle for twenty minutes trying to get something to work in front of 1,500 people. (4)
Oh, right, it's natural to think of M$oft execs as the "poor guy", and we should all put ourselves in their shoes.
Other totals:
You're basically saying Microsoft is behaving like every other major company in corporate America and like thousands of other organizations -- trying to buy some influence. No need to single out Microsoft for having done this -- there are many others that are just as guilty or worse. Welcome to American politics. 5
He also tosses in a few non-M$ related comments here and there, but the trend is clear.
So, what to do about this? Well, I thought I should mention it in this comment. And, hey, maybe I'm wrong. Maybe he just really likes M$ and happens to talk like one of their PR people. He has every right to do so. But everyone reading his opinions should consider the distinct possibility that he is getting paid to write here on our beloved /.
-Dan
'When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation regarding security. "The fact that I even mentioned the Message Queuing thing bothers me," he said.'
I love that! 'It pains me to admit that our software is dangerously broken, because we're trying really, really hard to convince people that the reputation we have for foisting dangerously broken software on them is totally unfounded.'
I guess if there were trying to work on their actual security, rather than just the reputation, they might act a bit differently (like, by publishing their API's and then working with the security community to get them safe).
-Dan
RMS paints a grim picture in The Right to Read. How sure can we be that he's wrong?
We have a responsibility. We must educate others. We must take some of the profits we make in a market which values our skills and contribute to the Electronic Frontier Foundation.
-Dan
What about AOLServer, which was released under the GPL (I believe), thanks to a lot of work by Philip Greenspun and the folks at Ars Digita?
-Dan
Now, I'm all in favor of applying the inflammatory "privacy" epithet to this case (way to go, Michael!), but there are a few things which you should clear up:
Assume a paper (call it "Paper"), has purchased a story from a freelancer.
The Paper obtains right to publish it as part of an issue of the paper. They also obtain the right to include the work in online or CD versions of the paper. There is absolutely no debate about this. These are considered alternate versions of the paper (akin to a morning and evening edition).
The current case does not test that at all.
What is in dispute is the Paper's ability to sell that article to an online database (read: Lexis/Nexis), where it will be collated with thousands of other articles, and become searchable by author, by subject, etc.
The freelancers claim that this is not simply an "alternate version" of the original newspaper issue, but is in fact an entirely new product.
I believe they make a reasonable argument.
BTW, the publishers are trying to scare the court into denying the freelancer's their copyrights by claiming that, if the decision goes against the publishers, they will be forced to remove huge amounts of material from the online archives, which will cause grave damages to scholarship. This seems like absolute hooey to me -- if there is a market for those articles, a means will be found to sell them, and for the profits to go to the authors.
-Dan
Check out JWZ's explanation of all this (which was linked to from Slashdot awhile ago):
When reading about this stuff, you'll come across two terms, ``compulsory license'' (also known as a ``statutory license'') and ``voluntary license'' (also known as a ``negotiated license''.) A compulsory license is one where the license fee is fixed: you pay the fee, you get the license, no muss, no fuss. The reason it's called ``compulsory'' is that the licensor has no choice but to grant you the license if you pay the fee. A voluntary license is one where you negotiate the terms of the license on a case by case basis, and they don't have to grant you the license at all if they don't feel like it. So generally, ``compulsory licenses'' are much easier to deal with.
A "compulsory" license would simply remove the record labels' ability to use their copyright power to control distribution (by not licensing to companies with alternative distribution methods). This is their big fear, since their monopoly on distribution ensures them obscene profits.
-Dan
A bunch of programmers read about digital signatures and they think "Great, here's a way to verify that a specific person signed a specific document. How cool." (And it is very cool, don't get me wrong). Then Shneier comes along and points out the problems with using these digital signatures to replace the role of physical signatures in our current legal system (they won't stand up to court challenge, because it's so easy to claim that the computer was compromised or the key stolen).
He's right. His point is about the legal system, not about the philosophical issue about how to verify that someone actually signed something. Sure physical signatures don't do that, but that doesn't matter. They work well in our legal system. He argues that digital sigs won't.
So everyone should stop making such a todo about how he's being solipsistic, or techophobic or whatever. He's talking about legal issues.
-Dan
my opinion on written signatures vs digital signatures is that, in the end, they both rely on a bsic concept: trust in the sytem.
Yeah, and Shneier is talking about how the "system" works: with a physical signature, you're trusting that someone hasn't forged/copied it, which is something you can at least try to verify in a courtroom (and having it notarized is even more useful in that way). With a digital sig, you're trusting that no one has compromised the signing computer, which is going to be totally impossible to verify in the courtroom. This is a key difference in the two "systems", as Shneier explains.
Digital signatures trust that the computer is reliable, and that no one else has access to the signature. Digital signatures can be copied.
What does this mean? They can be "copied"? A digital signature, by definition, is attached to a single document. So "copying" it is meaningless/impossible. In contrast a physical signature can be copied and placed on a different document.
But, so can written signatures. The articles states that a written signature guarantees contact between the signer and the document. What about forgery?
The article also mentions that public notaries are often used for important documents. Public notaries are people too; they can be bribed.
As Shneier talks about in Secrets & Lies, it's not about making a system which can't be tricked/hacked/broken/etc. It's about minimizing the risks of that, so that you can conduct communication and business meaningfully. Despite your claim that it's all a matter of trust in the "system", Shneier makes a very clear distinction between physical signatures, which, though they can be forged and copied, have a reasonable chance of standing up in court, especially if they've been notarized. Of course, you could trick this system, but it is difficult enough to do that that the system works most of the time. In contrast, it's not clear if a digital sig would ever stand up in court, because you could always claim that your computer was compromised, which is not the kind of thing the court can rule on.
And then there is a meaningless rant about how everything can be broken, making incorrect assumptions about Quantum Computing (which would only render Public Key algorithms unusable -- it would just require longer keys for Symmetric algorithms).
And then...
As of yet, only one encryption method has been proven to work flawlessly, and it's not even encryption: it was the translation of English into Navajo during World War II.
One-time pads are provably unbreakable. They're just not very useful, because of the difficulty of distributing pads.
Jeesh...
-Dan
-Dan
Plus side: Peter Jackson is pretty cool. Dead Alive is an incredibly funny, incredibly gross movie. Heavenly Creatures was good. Some of the casting sounds good. The One Ring preview was good.
Minus Side: Is it even conceivable that they won't fsck it up? I mean, how can it compare with the depth, the atmosphere, the brilliance of what is unquestionably the greatest fantasy series of all time?
Anyone else?
-Dan
Even if you think @Home is correct in this case, it is absolutely horrifying that the law has been set up to default to allowing companies to silence their critics. I mean, we have a Court System. This is why we have it. If @Home sued to have those pages removed, and their case was reviewed in a public court of law, and the judge decided that they were within their rights to request that the material be removed, that would be one thing. I might disagree with the law, but the process makes sense, and it has natural checks to prevent abuse (public opinion, presumably impartial judiciary, etc.)
I find it very scary that the system has been set up to make it so easy for a company to get pages removed, without any public review.
-Dan
Expert C Programming: Deep C Secrets
Which is one of the best and funniest books on C that I have ever read. I mean, it actually made me laugh out loud many times.
"If I were stranded on a desert island and could only take one data structure with me, it would be the hash table."
I couldn't recommend it more highly.
Keep your Amazon-boycott-conscience clear and consider buying it at Fatbrain.
-Dan
If the Government contracts to someone to do their Censorship for them, it's often much, much worse: the company can be much more secretive about what they censor ("Trade Secrets! Trade Secrets!"), and we can't hold them to the same strict first ammendment standards that the courts hold the government to.
-Dan Milstein
Who else talks that way? Not -- "Here is a way that will benefit you the most..." or "Here is a thing to do which will protect you from something you fear" or "Here is a way to get back at someone you resent."
But instead: "Decide what you think is the right way".
I find that pretty exhilirating. -Dan Milstein
Check out DSL report at http://www.dslreports.com. A very, very useful site that covers a lot of the issues raised by this story from lots of different angles.
I wish I could agree with you, but, in fact, this is precisely what Amazon did -- they sued Barnesandnoble.com (and got a restraining order issued against them) in the height of last year's holiday buying season. I'd have a lot more sympathy for Bezos's point of view if he hadn't gone on the offensive with his patent. As it is, I feel that I have to continue with the boycott.
I've used Dynamo extensively for the last 1.5 years, and I can recommend against it with absolute assurance. It forces you into a slow and unproductive development cycle, it's byzantinely complex, and it's not very reliable. As many of the posts have suggested, you're really going to need to do the basics:
- Improve your db
- Cache the living heck out of everything
- Buy more memory
- Buy more machines
- Etc.
And guess what, Dynamo doesn't help you do any of those.
Marketing != Truth
If you want to write server-side Java (not a bad choice), go with Apache's JServ for absolute sure. It is delightful.
Second:
Slashdot may or may not have a good UI, but it certainly enjoys a monopoly position.
Are you insane? Do you understand cause and effect in any way? Slashdot is extraordinarily usable, Slashdot is very popular, Slashdot therefore is able to afford adds. To suggest that the causality flows in the other direction is laughable.
I loved that JK touted Slashdot's incredible usability, as witnessed by its incredbile popularity. And that he then made a very insightful point about it being usable for experts and usable for programmers, in particular. This is just the sort of thing which leads me to value JK's writing so much.
I read the New York Times every morning, and I find it packed with good writing, informed debate, and outstanding design. I found it completely hilarious that Katz suggested that papers have somehow missed out on the "Graphic Revolution", when nine out of ten websites are virtually unusable because of all the f**ing graphics which the designers pack in there. Memo to world: Pretty Graphics != Good Design.
Newspapers as news organizations seem pretty vital to American discourse right now. Possibly the actual way they deliver the news will change, but, frankly, computer display technology is going to have to get a lot better for that to happen. Even the most interesting things on the web are hard for me to read at any length, because of the massive eye strain. And I, for one, have not moved my computer monitor onto my breakfast table just yet.
But even that is only a small part of the story. Newspaper organizations do an extraordinarily complex job: collecting news, writing it up, editing it, filtering it, etc. They may do that well or poorly, but that job will still have to be done. As much as I love Slashdot, and as much as I talk to everyone I know about it being a new way for news to be distributed and commented on (and even sometimes created), I am very clear on the fact that Slashdot thrives because it exists in the midst of a landscape which is filled with "traditional" news outlets. It's the fact that Slashdot can refer readers to the "full story" elsewhere which makes the whole enterprise work.
Possibly, it would be interesting to consider some of these questions in terms of what people are looking to get from the news. For example, people want to know What Has Happened. Who won a primary? What price did Microsoft close at? What was the score in that baseball game last night? Television and the internet are excellent at answering these questions. However, people also want to understand the ramifications of those events in more depth: What does this mean for the next primary? What is the status of the Microsoft court case? How is the season going for the Red Sox overall? Currently, newspapers are my (and I suspect, many people's) preferred means of getting this sort of analysis of events as they happen. From a broader view, people want to step back and see these events in context of a longer story: What is it like being on the campaign trail? What is the history of Microsoft's monopolistic behavior? Will the Red Sox ever break The Curse? Magazines seem to answer these questions well.
The rest of the comment talks about the programmer view of Open Source -- it's better for all of us, basically. The problem with that is that business people do not think that way. They will always be operating for their short-term goals, and they will always be seeing the attractive possibilities of making a lot of money off of closing up the source.
The GPL works tremendously well to keep that in check. Even if we don't see it in court, think about how well it has worked up to now to dissuade business people from taking the source and closing it off. Even if a business thought they might get away with selling GPL'd code against the terms of the license, they'd be running an enormous risk. If they lost that suit, the damages could be enormous. So most businesses don't bother with that risk -- instead, they buy something already closed with a license they can work with and they sell that.
In contrast, take the original BSD code -- something which many programmers think of as "Open" but which is not protected by the GPL. What happened when Unix vendors in the 80's got their hands on it? They all took it, extended it and promptly closed it off.
Whatever else you can say about RMS, I think the GPL is a beautiful thing -- precisely because it gives a precise legal formulation of the author's intentions (if those aren't your intentions, fine, don't use the GPL).
However, my consistent experience with propietary software is that, in fact, it doesn't really meet your needs, once your needs have any complexity. At that point, you start trying to adapt it, but you're crippled both because you don't have access to the source, and, more fundamentally, because the authors of the software never intended anyone to extend it.
It's one thing that you're not "supposed to" say "Eat shit and die" (because our society disapproves of it), it's another for the government to enforce that. The problem with censorship is that you are giving the government the right to choose what is appropriate, which is a very dangerous move. I absolutely agree that certain things "shouldn't be said", but I think it is a disaster to set up a group which has legal power to make people adhere to that.
To me, that is what the First Ammendment is all about -- all speech is protected, not just what someone considers "important" or "decent".
People have been taking about writing to Members of the European Parliament -- what can a U.S. citizen do? Is there a Bertelsmann U.S. company to whom we can express our displeasure?
Or, should we be trying to spread this word to U.S. media outlets?
-Dan
I've been using a proprietary Java app server for about a year now (Dynamo from Art Technology Group), and I've had mixed luck with it. It supports a bunch of useful web-oriented stuff quite well, but it's overly complex, and the proprietary nature has caused a lot of problems.
As I've looked around for other possibilities (Open Source preferred, proprietary considered), I've started to ask the question above: what exactly do we expect an App Server to do?
If you read the marketing materials and press releases, all app servers seem to do everything. However, my sense is that each product is trying to solve one particular problem, and, if you get something which doesn't solve your problem, it's going to be painful to use (at best).
For example, for the database-backed, community-oriented site (like this one, say), what do you need from an app server?
My personal vote:
- Fast but flexible HTML templating
- Database Connection Pooling
- Possibly, session management (possibly not)
What else? From my experiences with Dynamo, I feel very strongly that you want your app server to support close to the minimal feature set you need, because that will make it simpler, which will make it stable (and easier to use, and all sorts of other good things).
For commerce, you'd need some other things. I haven't built a commerce site. What other things would those be, anyone who has?
Sometimes I think having an App Server for a database-backed web site is setting up a big, complex piece of technology simply to get around the CGI process-spawning performance hit. This seems to me like a Bad Idea, which is why I'm wondering:
What are we looking for from an app server?
Incidentally, this site, which was written by a small group (of how many?), serves an incredible number of pages, supports all kinds of collaborative trafficking of information, and is just in general an example of what The Web Should Be, doesn't have an app server at all -- unless you consider Apache and mod_perl to be an app server, which I'd be perfectly willing to do.