But even with transactions, it's the kind of decision you need to make all the time.
Take the classic storefront. The price of an item shouldn't change between the "look over your order" and the "submit order" function. Depending on the business rules, the price may or may not change while it sits in your shopping cart during a single session. But I definitely don't care if an unselected item changes price on you between sessions. And I also probably don't care if the item description changes slightly even while the item sits in your cart.
"Don't care" sounds like a loaded term, but all it means is that the piece of information is volatile or atomic. On slashdot, let's say the DB goes down as I'm changing my userinfo. It just doesn't matter if my slashboxes change while my thread prefs didn't. If each piece of information is atomic in nature, then there's no reason for a transaction to group them together.
It's not being lax, it's just identifying your business rules correctly.
I'm not sure what the original poster meant by "enterprise", but the choice should really be based on your needs. Sure, some apps need SPs and transactions, and some really don't.
Take slashdot. I've never looked at the code, the DB needs are pretty simple. Keep track of the user names and passwords, and keep track of the threads and subjects. There's no real complicated joins or formatting required.
And data integrity, vis a vis transactions, just isn't important. Is somebody changing the moderation score on a topic while somebody else is accessing that topic? Who cares? So the moderation score of the thread won't match up. This isn't your checking account, the top line doesn't need to be consistent with the bottom line.
Lots of apps, even in the enterprise, fit MySQL's problem domain, and lots do not. Everyone compares MySQL to PostGres, but it's a bad comparison. If you need transactions or SPs, then you really need them, and using MySQL and trying to emulate these features in code is a very bad idea. If MySQL fits your needs, then it's blindingly fast and the best tool for the job. If those aren't your needs though, then you need something different.
PHP vs. Perl: I've seen both types of projects go to pieces. The problem with PHP is that you start with a lot of HTML and a little code, which makes PHP seem perfect, but over time you wind up with lots of code that isn't organized at all because it's embedded in all your HTML pages, which makes the code very hard to maintain.
Perl, of course, has the opposite problem. You start with a simple database app with very little formatting, which makes a mod_perl script perfect for the job, but over time you start to add bells and whistles to the user interface until you again wind up with your code and HTML totally interspersed, which again makes maintenance very difficult.
I'd love to see a really good book on code organization for the web. It's a very complex subject, and I generally feel like most of us are constantly re-inventing the wheel.
I've solved the sound problem on the one machine in my apartment that never goes off. I disconnected the power supply fan.
Yep. It wasn't intentional, originally, the fan broke and I just never got around to replacing it. But now I've had this K7 running almost continuously (i.e., 24/7) for two years without a problem, without a fan, and with virtually no sound.
Sure, I expect the CPU to blow out at some point, or maybe lose some memory, but at this point the whole thing's been pretty cost-effective.
The analogy is actually more apt than you'd think.
The.doc file format is fairly well documented, as these things go, although there are some proprietary aspects, like the VBA streams. It's not that tough to open up a Word doc in your own program and parse the file correctly.
The tough part comes when you actually want to display the document. Now all sorts of little details that aren't in the file format but are idiosyncrancies of MS Word pop up. And, as anyone who's used Office extensively knows, Word will display the document differently depending on which version you're using, what printer you have connected, phases of the moon, etc.
Parsing and display are two different things. While half a million apps can parse HTML, no two of them seem to display it in quite the same way. The question here is a bit like pointing out that no browser displays things like (IE|Netscape). Well, no they don't, but that has nothing to do with an inability to reverse engineer the file format.
How should your email client decide what is harmful and what is not? Wouldn't that be the job of Anti-Virus software?
It's not Harmful the client should know about, it's just Executable, and that's not really all that tough. Sure, it's a tiny bit tougher when we're dealing with script files rather than binaries, but there's absolutely no reason the mail client can't know about these. I can seeing missing something like.py if somebody has installed python, but c'mon,.vbs? (I haven't used outlook in years, does the program recognize.vbs as executable and run it anyway, or does it appear to outlook to be a document file for the VBScript interpreter?)
And more importantly, in the corporate environment, there's no excuse for not letting the administrator set these things. I should be able to configure outlook to totally ignore certain types of attachments; if the user is advanced enough to change that setting, fine, but the innocent will be protected.
Whether or not there is a good reason to execute code (or any other executable attachments) from within your browser depends on your environment.
I don't see this, I really don't. Why should users need to execute emailed files? Self-extracting archives? Bad idea. I can agree with you here about the web browser, but not email. I can even agree about home usage, but we're talking about a corporate environment here.
But the nixes don't have the ease of use and UI
Agreed, I'm anything but a unix bigot here. But this thread started with a typical "blame the (L)user" attitude for an error that I strongly feel should be placed on the mail admin and on the software. The employee got an unsolicited resume, reading it should not be a harmful act.
And that's what really annoyed me about it, I hate this attitude. It's like forcing people to change passwords every 2 weeks "to enhance security", and then complaining because the "stupid users" are writing their passwords down on post-its. Well, of course they are. Who can remember 26 different passwords a year?
Here I admit I'm a bit confused. I can think of several ways that I can examine a program to see what it is without running it, but not a single way for an average user to do it.
They should be able to just click on it. If the mailer doesn't show it then it was harmful and should be deleted. And if you (not *you*, but the administrator) haven't configured your mail clients so that users can safely read their e-mail, (and there's lots of view-only software out there for Word processing files) then don't go complaining about stupid (L)users when something goes wrong.
And even if they could,"ILOVEYOU" has certainly shown us that they'll run it anyway, "Just to see what it does".
Oh, don't get me started on MS Word, I've fought with MS over that for almost a decade now. It would have been so incredibly simple to make Word safe in the corporate environment, and they simply refused to do it. Check out this page for a fun story of dealing with MS.
No offence (well, hell, take offense), but did you even read the post I responded to? It was specifically about email, and it was from somebody in tech support telling a user not to even read email from somebody he/she didn't know.
Assumptions are exactly the problem. They're assuming that the attachment in the message they recieve (or the file that they downlod in THIS case.) is not harmful, and happily clicking away on it.
I disagree, I really do. There's nothing wrong with clicking on an attachment, or at least there shouldn't be. If it's harmful, then my mailreader shouldn't run it. It's that simple. I should be able to read text documents or view pictures from my mail reader, there's no good reason to execute code from there. And if I need to do this, make me be explicit about it, by piping the file to a specific command.
*nix isn't without sin here. Shell archives were a terrible idea, and they've rightly become quite rare. And any *nix mailreader that executed a.shar file merely because I clicked on it would be broken as designed.
As far as Tech Support goes, do you think that they should just disallow access to run any programs on a computer at all?
No, they should disallow the ability to run executable code directly from the mail reader. When somebody says to me "I received an unknown email", I should be able to say "Click on it and see what it is. No harm can come of that." My mailer sure as hell shouldn't execute a file just because it had a.pl extension, especially if the mailer didn't even show me the extensions by default.
I never said it was harmless, I said the poster may deem it harmless.
Whether it is or is not harmless is up to Mattel, just as it is Linus' decision as to what usages of the trademark "Linux" within the computer industry are harmless or not.
Mattel doesn't get to decide whether it is trademark infringement or not, but it does get to decide when the infringement is great enough to be harmful. If I start calling another operating system "Linux", it's up to Linus to decide when to stop me.
I agree with the user in this situation. I should be able to open any e-mail I receive, and my mail reader sure as hell shouldn't be executing any code in that email without asking me first.
I receive unsolicited e-mail all the time, and I feel free to open it in mutt, because I know that embedded executables are not going to be run.
The user in this situation is absolutely correct. They're running under the assumption that just *looking* at an email should never be dangerous. They're assuming not only that a nobody would write a mail reader stupid enough to execute code without asking, but that if anybody did happen to write such a stupid program, the tech support department where they work would never allow such a program to be loaded on everybody's machine.
In a sane world, that would be a good assumption...
Part of the kick of virus writers seems to be the enjoyment of watching your own code destroy peoples machines. And that's just gotten tremendously simple since MS has opened up half the world's computers.
Think back to Robert Morris. Now that was a hack, and took signficant skill. Nowadays, every two-bit script kiddie can tear mail servers up after half a day of perusing a book on VBS.
Propagation is simple these days because everybody's got e-mail and the apps and OS they're using are tremendously easy to infect.
No, the first big MS Word virus, way back in 95 or so, was exactly like this. It caused no damage, it just propagated itself to try to make people aware of the huge security hole in Word. The payload said something like "Now I think I've proved my point".
MS ignored it of course, and even released a new version of Word about a year later that opened the hole even further. Melissa, et. al. followed long after that.
Explain how the reference to thebarbies "obviously" is a reference to the doll?????
From the description provided: a non-business all-girl video game clan site, and the graphics on the site itself are highly suggestive of the Barbie doll image.
This is pretty clearcut trademark infringement. Nobody's fooled by it. And, more importantly to Mattel, there is a great chance of erroneous attribution. At a quick glance, I had no idea if that was a Mattel site. It looked like it might be.
I'm not going to defend the digitaldivas theft of trademark, but Microsoft didn't build on the audience that the original divas had, they just stole the name. The grand majority of MS's audience had never heard of the divas. Frankly, I've only barely heard of them.
TheBarbies site though is clearly using the name of Barbie as a eye-catcher. Virtually every young girl who comes to the site (and that's their intended audience) will think of the Barbie doll. It's set up that way. That may sound harmless to you, but it's illegal.
Let's see if I've got the SlashDot view on trademark correct.
The DigitalDivas should be able to stop Microsoft from using the term Digital Diva, even though their usage is very different, it's a fairly generic term, and virtually nobody thought that 'Digital Diva' was a reference to the prior group.
But Mattel is evil for objecting to the use of "TheBarbies" to refer to an online group for young girls, even though the reference to the doll is obvious to everybody.
C'mon, get real. It's simple theft of trademark. This guy's using the popularity of the Barbie doll to push his own.com site, nobody here seriously thinks the name was just accidental, do they?
Had TheBarbies.com been a site about barbecuing, then he'd have a point, but this is simple trademark theft. The nature of the original trademark has a direct connection to the new business.
If I bought www.quake.com to create a site about earthquakes, that's my right. But if I put up a gaming site, id software has every right to object to the theft of their trademarked name. And that's the way it should be.
The lack of a reasonable office suite alternative is what kills the Microsoft-less office idea right now. Everyone points out that many people could switch right now, but that's the problem. Sure, the secretaries who write a letter or two a day could switch tommorrow, but so what?
If you work for a large company, somewhere in the bowels of the company is a publishing department with thousands of boilerplate Word documents they use constantly. Sure, StarOffice may convert them pretty well, but that translates into thousands of hours of cleanup work.
Somewhere else there's an accounting department with huge excel sheets that nobody really understands. The guy who wrote the macros left three years ago, and now who's going to convert all that stuff?
Worse, switch to what? That's the real problem. StarOffice might lead today, but does anyone here really believe that an OpenSource alternative won't win the Linux market in a few years? What company is going to spend tons of money on conversion and training, just to see Sun orphan the product?
But which product to use? Everybody downplays the GUI fork, but will both gnome and kde be going strong in five years, or will one of them command most of the development effort? And what happens if you guess wrong?
For a small office, the possibility to go without MS right now is real, but most large companies would be crazy to attempt it.
I've had BA DSL for about six months now in NYC, and it work, well, OK is about the best I can say. It does go down periodically, but for me at least that's only been about a day or two a month of lost service. Not great, but not horrendous.
The best advice I can give though is simple: when it goes down, DO NOT ask tech support to fix it unless you are absolutely sure it's not a problem in your entire area (and don't take the tech's word for this, they're often wrong). The support staff is much more likely to break things than fix them. Just sit tight, and wait for the real techs to fix the problem.
If you demand action from the phone support, they'll do something idiotic like delete your profile. Ideally, you're much better off if the phone support people don't even know you exist. If they touch it, they'll break it.
You know, I used to consider myself a first amendment absolutist, but some of a viewpoints I hear about this whole library issue are a bit over the top.
First, whatever happened to compromise? In most libraries, there's a kid's section and a general section, and even two varieties of library cards. With parental consent, a child can access the general selection. Why not apply the same thing to the computer section?
And if people don't want to accidentally see porn, let them put blocking software on one of the machines. Simple solution.
I may not like the fact that some people want to censor their children's (or their own) intake of information in bizarre ways, but I allow that they have a reasonable right to it, as long as that right doesn't interfere with others.
And if both groups can be accomodated (and I don't see why that's a problem here), then accomodate them.
I may not like the views of the fundamentalist right, but I'm willing to accept that they have a right to them. The real issue is whether their desires for censorship can be reconciled with other's right to access information freely. It's the job of a library to try to accomodate the public. If it's easy to do (as it is here), why not do it?
Demonizing the opposition is a favorite tactic of the fundamentalist right. It's more than a little sad to see supposed free speech advocates playing the same game.
Agreed, totally. Etoy.com does own its own name. Etoys.com would have stolen it given the chance, but thankfully the courts ruled for justice (a nice change).
Umm, no they didn't. Etoys dropped the suit in the face of public pressure, the courts did nothing but grant the injunction AGAINST etoy.
No ruling for justice here. The US courts maintain their current status of "money talks".
Actually, there's another side to some of these views
People setup computers alone: true. Nope. People at home setup computers alone, but in the workplace a great number of people do not, and that's a huge market. What then becomes important is automated setups and the ability to keep users from breaking things; Linux excels at these.
The big leap in Linux desktops is going to come when medium-size companies decide that per-seat licensing for Windows is absurd just to give everyone e-mail and web access.
Learning new applications is hard: true Yes, but notice that in the last 10 years the MS market has gone from DOS to Windows to Win95, significantly different interfaces. And everyone's gone along. More importantly, MS has established a standard of changing to enforce upgrades, forcing people to change when they don't want to. Eliminating that is a big win for everybody.
Open source still requires good project management: very very true. Well, yes, but the point that's being missed here is that MS, the monopoly-holder on the desktop, has terrible project management. OS's arrive years late and incredibly buggy; MSOffice has traditionally added features to attract new users while ignoring the features that current users want and need. Marketing runs the show on many many desktop products.
Now, there's an area of software where marketing input is very important, but there's also places where marketing influence does nothing but hurt quality. There's a lot more to be said on this subject, obviously, but the answer isn't simple on either side.
Humility is a virtue: true. Oh, true enough, but the 'Net isn't virtuous. Complaining about flames is nice and everything, but it's never really accomplished anything. Filtering input is always going to be a high priority.
Excuse my ignorance on this subject, but does that mean you can mirror my site even without my permission?
Yes. Or rather, the only thing stopping me is copyright. And this issue is specifically about what types of things can be copyrighted.
the single source for taking your data is the web. And the courts have ruled that info as published on the web can be copyrighted already.
Can be. But not necessarily. That's what the issue is. What can, or can not be copyrighted.
But legally it is a valid one -- witness the successful suit against deep linking.
Which was a real bad decision IMHO. And that's why relying on the courts is a bad idea.
you're a major company with the resources to legally bury me?
Then you're screwed. Unless you have laws that are crystal clear as to content and copyright. So clear that the lawyers can't find some backwoods judge someplace to screw you over.
I think competition, adequate security, and the courts
The courts??? Once this reaches the supreme court, I might agree with you a bit. But until then, relying on the courts just means that the side with the most lawyers wins. Witness DeCSS.
We could have beaten the Digital Millenium act. We really could have. But too many people were sitting on the sidelines with their "Information wants to be free" banners hoping that the courts would save us like they did with CDA.
I don't see how any more laws are needed. It's already against the law to pirate software (which is what virtually all databases are anyway). So for the database manufacturers to refer to the "data collections" as copyrightable seems disingenious to me.
Databases are NOT software. Copying the contents of your/var/log/mysql directory is NOT protected by software law; likewise if I wget your website and mirror it, the software you use to maintain your database is irrelevant.
There are other protections: I can put copyright notices on my web pages,
You've missed the point. What if you don't have the copyright to the info on those pages? For example, if you compiled a list of Thai food restaurants in all the cities in the US, should you be able to copyright that list? You can't copyright any individual item on that list, because the information isn't yours, but should somebody else be allowed to simply copy your work?
disallow queries that do not originate from within a given site structure, etc.
In other words, copy protection. But in a lot of situations that's not valid, and as Lessig pointed out, copy protection has its own problems. As you quoted in your reply: Privatizing information through contract, encryption, and similar devices may carry greater individual and social costs than would a copyright system
The right to copyright "database facts" would seem to imply that if I create and a database of scientific facts, for example, I am somehow entitled to enforce my right to be the whole source of publishing that information
Most of the new laws are pretty clear on this: you don't get a monopoly on the information, but nobody else can simply copy the entire set of information from you. In other words, if I go out and compile the same information, I'm free to publish it. But I can't simply copy your list.
This is a subtle, and important issue. And guidelines need to be drawn, because fuzzy guidelines are lawyer food and hurt everybody.
Can I copy the freshmeat database and mirror it on my site? Why not? It's just a database of facts. Nothing on Freshmeat originates with them. How about Dejanews? Now certainly I'm allowed to archive Usenet, but am I allowed to simply copy the work that Dejanews has done?
The worst thing we can do here is make knee jerk responses (Information should be free!) to complex questions, because then the process simply passes us by. Certainly databases deserve some copyright protection: the question is how the protection should be worded, and personally I'd like to see people who are knowledgable about the Net involved in the process.
I would, except that the link you provided didn't reference a study. The InternetWorld "study" was purely anecdotal. I'd be interested in seeing the studies you're referring to though.
But I'm not denying that most banner ad campaigns are failures - so are most e-commerce companies. That doesn't mean there's no market there; just that it's brand new and most companies don't use it correctly.
For example, why are movie companies suddenly pouring money into web ad research? Two words: "Blair Witch". And more importantly, there's more to web advertising than the banner ad idea. Free ISPs are one attempt, for example.
Sure,click-through is low, but what's the click-thru rate on TV advertising? Basically zero. Few TV ads elicit an immediate response, but they manage to put the name of the product in your head.
The real question is "how much do people notice those ads?" and studies on that are still inconclusive. For some unknown reason, early INet pundits thought that Web ads would be like infomercials, where you immediately call the 800 number (or click through) and order the product.
But they aren't like that, and nobody should ever have thought they would be. Banner ads are more like billboards; they put the idea and name of the product in the back of your head.
This idea of click-through has kept web ads restricted to web companies for the most part. But that's changing. We're already seeing significant web advertising budgets coming from the motion picture industry; there's a good chance other industries will follow.
BTW, simpsons free ISP does more than just try to get banner ad money. It also advertises the Simpsons quite effectively.
PS. Kinda hard to believe nobody patented the idea of ad-supported ISPs,isn't it?
The combination of LZW and a digital computer is certainly a technological advance, and under the concepts of granting patents for such advances there is a strong argument that such an implementation should be patentable.
I don't believe that the combination of LZW and a digital computer is a technical advance over the LZW algorithm itself, and I don't believe you can reasonably argue that it is.
If you disagree, let me ask you this. If unisys didn't discover LZW, if they simply found it in a textbook, should they have been allowed the patent?
The new law of tribology is not patentable, but a new lubricant designed to make use of it certainly is. Even if the lubricant is the only possible practical use of this law.
Exactly. But what is software, and more specifically a single algorithm in software. Is it like a developing a chemical or building a machine? Or is it like re-writing the algorithm in a different language? I believe the latter, as do most programmers, and I think the courts got this one wrong. In other words, I honestly don't think of software as a "physical context", or more specifically not a single physical context.
Anyway, I think you misunderstood the "implementation using a abacus" analogy. The courts would have said that the abacus was not a new context for the algorithm. Abacuses rather are general purpose tools for performing algorithms. Stating that "we performed this algorithm on an abacus", or "we performed this algorithm on a computer" means nothing more than "we discovered this algorithm".
How is this really any different to granting a patent on a piece of computing hardware that uses an algorithm in a new manner?
Because you've granted the patent not to *a* piece of computing hardware, but to *all* pieces of computing hardware for all applications. Because a computer is no more an "application of an algorithm" than a pencil is. A computer program *is* the algorithm.
Let me put that another way. Give me a new natural law in tribology. First I type the process into my computer so I don't forget it, then I go out and use that process to build a better car engine. I can patent that. Now give me an natural mathematical algorithm. First I type it into my computer so I don't forget it, then... Wait, I'm done. I haven't "applied" it anywhere. I just wrote it down in algorithmic symbols (like fortran, or C).
And the truth is that this is being more and more understood by the courts, and the precedent is forcing them to simply accept patents for business processes and algorithms. The State Street case pretty much came out and said that.
You may think this distinction is trivial, but in the case of patent law it is very important.
Which is why, of course, I think that current patent law is in error. I thought I made that point clear.
algorithm is still an abstract concept that can be described free of any hardware context and that can be implemented on an abacus, by pencil and paper, on a Babbage machine
And nobody would ever have dreamed of granting a patent to an algorithm's "implementation on an abacus", or "implementation using a pencil". A Von Neumann computing system is simply a general purpose tool, and should be considered just like an abacus for these purposes.
However, since you have only a patent on the implementation, and not the algorithm, I am free to make an improvement in the algorithm, and then use it in any way I wish - and thus escape your patent.
Sorry, but that's simply incorrect. If I make an improvement to LZW or RSA (and this has been done), I still can't use it in a software program. Counter-examples are welcome.
Computers are our main tools for computing algorithms. To grant a patent to the implementation of an algorithm on a ubiquitous general algorithmic device is tantamount to granting a patent on the algorithm itself. Yes, I think the courts really screwed up here.
When calculators were first introduced to the public, nobody thought they could patent the idea of "square roots implemented on a hand-held electronic device", or "using electronic calculators in a store to sum purchases". But that's exactly the kind of thing we're seeing now.
Slashdot Mirror
Take the classic storefront. The price of an item shouldn't change between the "look over your order" and the "submit order" function. Depending on the business rules, the price may or may not change while it sits in your shopping cart during a single session. But I definitely don't care if an unselected item changes price on you between sessions. And I also probably don't care if the item description changes slightly even while the item sits in your cart.
"Don't care" sounds like a loaded term, but all it means is that the piece of information is volatile or atomic. On slashdot, let's say the DB goes down as I'm changing my userinfo. It just doesn't matter if my slashboxes change while my thread prefs didn't. If each piece of information is atomic in nature, then there's no reason for a transaction to group them together.
It's not being lax, it's just identifying your business rules correctly.
I'm not sure what the original poster meant by "enterprise", but the choice should really be based on your needs. Sure, some apps need SPs and transactions, and some really don't.
Take slashdot. I've never looked at the code, the DB needs are pretty simple. Keep track of the user names and passwords, and keep track of the threads and subjects. There's no real complicated joins or formatting required.
And data integrity, vis a vis transactions, just isn't important. Is somebody changing the moderation score on a topic while somebody else is accessing that topic? Who cares? So the moderation score of the thread won't match up. This isn't your checking account, the top line doesn't need to be consistent with the bottom line.
Lots of apps, even in the enterprise, fit MySQL's problem domain, and lots do not. Everyone compares MySQL to PostGres, but it's a bad comparison. If you need transactions or SPs, then you really need them, and using MySQL and trying to emulate these features in code is a very bad idea. If MySQL fits your needs, then it's blindingly fast and the best tool for the job. If those aren't your needs though, then you need something different.
PHP vs. Perl: I've seen both types of projects go to pieces. The problem with PHP is that you start with a lot of HTML and a little code, which makes PHP seem perfect, but over time you wind up with lots of code that isn't organized at all because it's embedded in all your HTML pages, which makes the code very hard to maintain.
Perl, of course, has the opposite problem. You start with a simple database app with very little formatting, which makes a mod_perl script perfect for the job, but over time you start to add bells and whistles to the user interface until you again wind up with your code and HTML totally interspersed, which again makes maintenance very difficult.
I'd love to see a really good book on code organization for the web. It's a very complex subject, and I generally feel like most of us are constantly re-inventing the wheel.
Oops, K6.
I've solved the sound problem on the one machine in my apartment that never goes off. I disconnected the power supply fan.
Yep. It wasn't intentional, originally, the fan broke and I just never got around to replacing it. But now I've had this K7 running almost continuously (i.e., 24/7) for two years without a problem, without a fan, and with virtually no sound.
Sure, I expect the CPU to blow out at some point, or maybe lose some memory, but at this point the whole thing's been pretty cost-effective.
The analogy is actually more apt than you'd think.
.doc file format is fairly well documented, as these things go, although there are some proprietary aspects, like the VBA streams. It's not that tough to open up a Word doc in your own program and parse the file correctly.
The
The tough part comes when you actually want to display the document. Now all sorts of little details that aren't in the file format but are idiosyncrancies of MS Word pop up. And, as anyone who's used Office extensively knows, Word will display the document differently depending on which version you're using, what printer you have connected, phases of the moon, etc.
Parsing and display are two different things. While half a million apps can parse HTML, no two of them seem to display it in quite the same way. The question here is a bit like pointing out that no browser displays things like (IE|Netscape). Well, no they don't, but that has nothing to do with an inability to reverse engineer the file format.
It's not Harmful the client should know about, it's just Executable, and that's not really all that tough. Sure, it's a tiny bit tougher when we're dealing with script files rather than binaries, but there's absolutely no reason the mail client can't know about these. I can seeing missing something like .py if somebody has installed python, but c'mon, .vbs? (I haven't used outlook in years, does the program recognize .vbs as executable and run it anyway, or does it appear to outlook to be a document file for the VBScript interpreter?)
And more importantly, in the corporate environment, there's no excuse for not letting the administrator set these things. I should be able to configure outlook to totally ignore certain types of attachments; if the user is advanced enough to change that setting, fine, but the innocent will be protected.
Whether or not there is a good reason to execute code (or any other executable attachments) from within your browser depends on your environment.
I don't see this, I really don't. Why should users need to execute emailed files? Self-extracting archives? Bad idea. I can agree with you here about the web browser, but not email. I can even agree about home usage, but we're talking about a corporate environment here.
But the nixes don't have the ease of use and UI
Agreed, I'm anything but a unix bigot here. But this thread started with a typical "blame the (L)user" attitude for an error that I strongly feel should be placed on the mail admin and on the software. The employee got an unsolicited resume, reading it should not be a harmful act.
And that's what really annoyed me about it, I hate this attitude. It's like forcing people to change passwords every 2 weeks "to enhance security", and then complaining because the "stupid users" are writing their passwords down on post-its. Well, of course they are. Who can remember 26 different passwords a year?
Here I admit I'm a bit confused. I can think of several ways that I can examine a program to see what it is without running it, but not a single way for an average user to do it.
They should be able to just click on it. If the mailer doesn't show it then it was harmful and should be deleted. And if you (not *you*, but the administrator) haven't configured your mail clients so that users can safely read their e-mail, (and there's lots of view-only software out there for Word processing files) then don't go complaining about stupid (L)users when something goes wrong.
And even if they could,"ILOVEYOU" has certainly shown us that they'll run it anyway, "Just to see what it does".
Oh, don't get me started on MS Word, I've fought with MS over that for almost a decade now. It would have been so incredibly simple to make Word safe in the corporate environment, and they simply refused to do it. Check out this page for a fun story of dealing with MS.
No offence (well, hell, take offense), but did you even read the post I responded to? It was specifically about email, and it was from somebody in tech support telling a user not to even read email from somebody he/she didn't know.
Assumptions are exactly the problem. They're assuming that the attachment in the message they recieve (or the file that they downlod in THIS case.) is not harmful, and happily clicking away on it.
I disagree, I really do. There's nothing wrong with clicking on an attachment, or at least there shouldn't be. If it's harmful, then my mailreader shouldn't run it. It's that simple. I should be able to read text documents or view pictures from my mail reader, there's no good reason to execute code from there. And if I need to do this, make me be explicit about it, by piping the file to a specific command.
*nix isn't without sin here. Shell archives were a terrible idea, and they've rightly become quite rare. And any *nix mailreader that executed a .shar file merely because I clicked on it would be broken as designed.
As far as Tech Support goes, do you think that they should just disallow access to run any programs on a computer at all?
No, they should disallow the ability to run executable code directly from the mail reader. When somebody says to me "I received an unknown email", I should be able to say "Click on it and see what it is. No harm can come of that." My mailer sure as hell shouldn't execute a file just because it had a .pl extension, especially if the mailer didn't even show me the extensions by default.
I never said it was harmless, I said the poster may deem it harmless.
Whether it is or is not harmless is up to Mattel, just as it is Linus' decision as to what usages of the trademark "Linux" within the computer industry are harmless or not.
Mattel doesn't get to decide whether it is trademark infringement or not, but it does get to decide when the infringement is great enough to be harmful. If I start calling another operating system "Linux", it's up to Linus to decide when to stop me.
And I have no problem with that.
I agree with the user in this situation. I should be able to open any e-mail I receive, and my mail reader sure as hell shouldn't be executing any code in that email without asking me first.
I receive unsolicited e-mail all the time, and I feel free to open it in mutt, because I know that embedded executables are not going to be run.
The user in this situation is absolutely correct. They're running under the assumption that just *looking* at an email should never be dangerous. They're assuming not only that a nobody would write a mail reader stupid enough to execute code without asking, but that if anybody did happen to write such a stupid program, the tech support department where they work would never allow such a program to be loaded on everybody's machine.
In a sane world, that would be a good assumption...
Part of the kick of virus writers seems to be the enjoyment of watching your own code destroy peoples machines. And that's just gotten tremendously simple since MS has opened up half the world's computers.
Think back to Robert Morris. Now that was a hack, and took signficant skill. Nowadays, every two-bit script kiddie can tear mail servers up after half a day of perusing a book on VBS.
Propagation is simple these days because everybody's got e-mail and the apps and OS they're using are tremendously easy to infect.
No, the first big MS Word virus, way back in 95 or so, was exactly like this. It caused no damage, it just propagated itself to try to make people aware of the huge security hole in Word. The payload said something like "Now I think I've proved my point".
MS ignored it of course, and even released a new version of Word about a year later that opened the hole even further. Melissa, et. al. followed long after that.
From the description provided:
a non-business all-girl video game clan site,
and the graphics on the site itself are highly suggestive of the Barbie doll image.
This is pretty clearcut trademark infringement. Nobody's fooled by it. And, more importantly to Mattel, there is a great chance of erroneous attribution. At a quick glance, I had no idea if that was a Mattel site. It looked like it might be.
I'm not going to defend the digitaldivas theft of trademark, but Microsoft didn't build on the audience that the original divas had, they just stole the name. The grand majority of MS's audience had never heard of the divas. Frankly, I've only barely heard of them.
TheBarbies site though is clearly using the name of Barbie as a eye-catcher. Virtually every young girl who comes to the site (and that's their intended audience) will think of the Barbie doll. It's set up that way. That may sound harmless to you, but it's illegal.
Let's see if I've got the SlashDot view on trademark correct.
.com site, nobody here seriously thinks the name was just accidental, do they?
The DigitalDivas should be able to stop Microsoft from using the term Digital Diva, even though their usage is very different, it's a fairly generic term, and virtually nobody thought that 'Digital Diva' was a reference to the prior group.
But Mattel is evil for objecting to the use of "TheBarbies" to refer to an online group for young girls, even though the reference to the doll is obvious to everybody.
C'mon, get real. It's simple theft of trademark. This guy's using the popularity of the Barbie doll to push his own
Had TheBarbies.com been a site about barbecuing, then he'd have a point, but this is simple trademark theft. The nature of the original trademark has a direct connection to the new business.
If I bought www.quake.com to create a site about earthquakes, that's my right. But if I put up a gaming site, id software has every right to object to the theft of their trademarked name. And that's the way it should be.
For a small office, the possibility to go without MS right now is real, but most large companies would be crazy to attempt it.
I've had BA DSL for about six months now in NYC, and it work, well, OK is about the best I can say. It does go down periodically, but for me at least that's only been about a day or two a month of lost service. Not great, but not horrendous.
The best advice I can give though is simple: when it goes down, DO NOT ask tech support to fix it unless you are absolutely sure it's not a problem in your entire area (and don't take the tech's word for this, they're often wrong). The support staff is much more likely to break things than fix them. Just sit tight, and wait for the real techs to fix the problem.
If you demand action from the phone support, they'll do something idiotic like delete your profile. Ideally, you're much better off if the phone support people don't even know you exist. If they touch it, they'll break it.
Umm, which makes it the perfect analogy, doesn't it?
What exactly is your point again????
You know, I used to consider myself a first amendment absolutist, but some of a viewpoints I hear about this whole library issue are a bit over the top.
First, whatever happened to compromise? In most libraries, there's a kid's section and a general section, and even two varieties of library cards. With parental consent, a child can access the general selection. Why not apply the same thing to the computer section?
And if people don't want to accidentally see porn, let them put blocking software on one of the machines. Simple solution.
I may not like the fact that some people want to censor their children's (or their own) intake of information in bizarre ways, but I allow that they have a reasonable right to it, as long as that right doesn't interfere with others.
And if both groups can be accomodated (and I don't see why that's a problem here), then accomodate them.
I may not like the views of the fundamentalist right, but I'm willing to accept that they have a right to them. The real issue is whether their desires for censorship can be reconciled with other's right to access information freely. It's the job of a library to try to accomodate the public. If it's easy to do (as it is here), why not do it?
Demonizing the opposition is a favorite tactic of the fundamentalist right. It's more than a little sad to see supposed free speech advocates playing the same game.
Umm, no they didn't. Etoys dropped the suit in the face of public pressure, the courts did nothing but grant the injunction AGAINST etoy.
No ruling for justice here. The US courts maintain their current status of "money talks".
People setup computers alone: true. Nope. People at home setup computers alone, but in the workplace a great number of people do not, and that's a huge market. What then becomes important is automated setups and the ability to keep users from breaking things; Linux excels at these.
The big leap in Linux desktops is going to come when medium-size companies decide that per-seat licensing for Windows is absurd just to give everyone e-mail and web access.
Learning new applications is hard: true Yes, but notice that in the last 10 years the MS market has gone from DOS to Windows to Win95, significantly different interfaces. And everyone's gone along. More importantly, MS has established a standard of changing to enforce upgrades, forcing people to change when they don't want to. Eliminating that is a big win for everybody.
Open source still requires good project management: very very true. Well, yes, but the point that's being missed here is that MS, the monopoly-holder on the desktop, has terrible project management. OS's arrive years late and incredibly buggy; MSOffice has traditionally added features to attract new users while ignoring the features that current users want and need. Marketing runs the show on many many desktop products.
Now, there's an area of software where marketing input is very important, but there's also places where marketing influence does nothing but hurt quality. There's a lot more to be said on this subject, obviously, but the answer isn't simple on either side.
Humility is a virtue: true. Oh, true enough, but the 'Net isn't virtuous. Complaining about flames is nice and everything, but it's never really accomplished anything. Filtering input is always going to be a high priority.
Yes. Or rather, the only thing stopping me is copyright. And this issue is specifically about what types of things can be copyrighted.
the single source for taking your data is the web. And the courts have ruled that info as published on the web can be copyrighted already.
Can be. But not necessarily. That's what the issue is. What can, or can not be copyrighted.
But legally it is a valid one -- witness the successful suit against deep linking.
Which was a real bad decision IMHO. And that's why relying on the courts is a bad idea.
you're a major company with the resources to legally bury me?
Then you're screwed. Unless you have laws that are crystal clear as to content and copyright. So clear that the lawyers can't find some backwoods judge someplace to screw you over.
I think competition, adequate security, and the courts
The courts??? Once this reaches the supreme court, I might agree with you a bit. But until then, relying on the courts just means that the side with the most lawyers wins. Witness DeCSS.
We could have beaten the Digital Millenium act. We really could have. But too many people were sitting on the sidelines with their "Information wants to be free" banners hoping that the courts would save us like they did with CDA.
I don't see how any more laws are needed. It's already against the law to pirate software (which is what virtually all databases are anyway). So for the database manufacturers to refer to the "data collections" as copyrightable seems disingenious to me.
Databases are NOT software. Copying the contents of your /var/log/mysql directory is NOT protected by software law; likewise if I wget your website and mirror it, the software you use to maintain your database is irrelevant.
There are other protections: I can put copyright notices on my web pages,
You've missed the point. What if you don't have the copyright to the info on those pages? For example, if you compiled a list of Thai food restaurants in all the cities in the US, should you be able to copyright that list? You can't copyright any individual item on that list, because the information isn't yours, but should somebody else be allowed to simply copy your work?
disallow queries that do not originate from within a given site structure, etc.
In other words, copy protection. But in a lot of situations that's not valid, and as Lessig pointed out, copy protection has its own problems. As you quoted in your reply:
Privatizing information through contract, encryption, and similar devices may carry greater individual and social costs than would a copyright system
The right to copyright "database facts" would seem to imply that if I create and a database of scientific facts, for example, I am somehow entitled to enforce my right to be the whole source of publishing that information
Most of the new laws are pretty clear on this: you don't get a monopoly on the information, but nobody else can simply copy the entire set of information from you. In other words, if I go out and compile the same information, I'm free to publish it. But I can't simply copy your list.
This is a subtle, and important issue. And guidelines need to be drawn, because fuzzy guidelines are lawyer food and hurt everybody.
Can I copy the freshmeat database and mirror it on my site? Why not? It's just a database of facts. Nothing on Freshmeat originates with them. How about Dejanews? Now certainly I'm allowed to archive Usenet, but am I allowed to simply copy the work that Dejanews has done?
The worst thing we can do here is make knee jerk responses (Information should be free!) to complex questions, because then the process simply passes us by. Certainly databases deserve some copyright protection: the question is how the protection should be worded, and personally I'd like to see people who are knowledgable about the Net involved in the process.
I would, except that the link you provided didn't reference a study. The InternetWorld "study" was purely anecdotal. I'd be interested in seeing the studies you're referring to though.
But I'm not denying that most banner ad campaigns are failures - so are most e-commerce companies. That doesn't mean there's no market there; just that it's brand new and most companies don't use it correctly.
For example, why are movie companies suddenly pouring money into web ad research? Two words: "Blair Witch". And more importantly, there's more to web advertising than the banner ad idea. Free ISPs are one attempt, for example.
Sure,click-through is low, but what's the click-thru rate on TV advertising? Basically zero. Few TV ads elicit an immediate response, but they manage to put the name of the product in your head.
The real question is "how much do people notice those ads?" and studies on that are still inconclusive. For some unknown reason, early INet pundits thought that Web ads would be like infomercials, where you immediately call the 800 number (or click through) and order the product.
But they aren't like that, and nobody should ever have thought they would be. Banner ads are more like billboards; they put the idea and name of the product in the back of your head.
This idea of click-through has kept web ads restricted to web companies for the most part. But that's changing. We're already seeing significant web advertising budgets coming from the motion picture industry; there's a good chance other industries will follow.
BTW, simpsons free ISP does more than just try to get banner ad money. It also advertises the Simpsons quite effectively.
PS. Kinda hard to believe nobody patented the idea of ad-supported ISPs,isn't it?
I don't believe that the combination of LZW and a digital computer is a technical advance over the LZW algorithm itself, and I don't believe you can reasonably argue that it is.
If you disagree, let me ask you this. If unisys didn't discover LZW, if they simply found it in a textbook, should they have been allowed the patent?
The new law of tribology is not patentable, but a new lubricant designed to make use of it certainly is. Even if the lubricant is the only possible practical use of this law.
Exactly. But what is software, and more specifically a single algorithm in software. Is it like a developing a chemical or building a machine? Or is it like re-writing the algorithm in a different language? I believe the latter, as do most programmers, and I think the courts got this one wrong. In other words, I honestly don't think of software as a "physical context", or more specifically not a single physical context.
Anyway, I think you misunderstood the "implementation using a abacus" analogy. The courts would have said that the abacus was not a new context for the algorithm. Abacuses rather are general purpose tools for performing algorithms. Stating that "we performed this algorithm on an abacus", or "we performed this algorithm on a computer" means nothing more than "we discovered this algorithm".
How is this really any different to granting a patent on a piece of computing hardware that uses an algorithm in a new manner?
Because you've granted the patent not to *a* piece of computing hardware, but to *all* pieces of computing hardware for all applications. Because a computer is no more an "application of an algorithm" than a pencil is. A computer program *is* the algorithm.
Let me put that another way. Give me a new natural law in tribology. First I type the process into my computer so I don't forget it, then I go out and use that process to build a better car engine. I can patent that. Now give me an natural mathematical algorithm. First I type it into my computer so I don't forget it, then... Wait, I'm done. I haven't "applied" it anywhere. I just wrote it down in algorithmic symbols (like fortran, or C).
And the truth is that this is being more and more understood by the courts, and the precedent is forcing them to simply accept patents for business processes and algorithms. The State Street case pretty much came out and said that.
Which is why, of course, I think that current patent law is in error. I thought I made that point clear.
algorithm is still an abstract concept that can be described free of any hardware context and that can be implemented on an abacus, by pencil and paper, on a Babbage machine
And nobody would ever have dreamed of granting a patent to an algorithm's "implementation on an abacus", or "implementation using a pencil". A Von Neumann computing system is simply a general purpose tool, and should be considered just like an abacus for these purposes.
However, since you have only a patent on the implementation, and not the algorithm, I am free to make an improvement in the algorithm, and then use it in any way I wish - and thus escape your patent.
Sorry, but that's simply incorrect. If I make an improvement to LZW or RSA (and this has been done), I still can't use it in a software program. Counter-examples are welcome.
Computers are our main tools for computing algorithms. To grant a patent to the implementation of an algorithm on a ubiquitous general algorithmic device is tantamount to granting a patent on the algorithm itself. Yes, I think the courts really screwed up here.
When calculators were first introduced to the public, nobody thought they could patent the idea of "square roots implemented on a hand-held electronic device", or "using electronic calculators in a store to sum purchases". But that's exactly the kind of thing we're seeing now.