My experience of the use of flash these days tends to revolve around it's use for either animated elements on a site, such as an welcome banner on a homepage, [...] I think these are all perfectly valid uses of the plugin and don't have any negative effect on usability.
I rest my case. You don't think that flashing banners have a "negative effect"?
My only complaint about Flash in and of itself (any technology can be abused)
Some technologies lend themselves to abuse.
is that it's closed source, so we are at the mercy of Adobe.
And further, were Flash to become really popular, Adobe's control of the format could give them control of the web.
An Adobe dominated web is not in-principle any better than a Microsoft dominated one.
But here we're talking "long term benefit to civilization" vs. "oohh, lookit the funny pictures!". I wonder who'll win?
A few Linux users refusing to use flash is going to make fk all difference to Adobe.
I think you're underestimating how annoying Real People find most Flash stuff.
You need to actually do useability studies to find out if flashing up a site was
a good idea, but for some reason everyone (still!) relies on the web designer's
assurance that it's whizzy super keeno.
Myself, I think making your web browser act like a television was always an ill-conceived idea.
Flash is here to stay for now, it's too well entrenched.
Uh huh. When was the last time you saw a "Java" site?
Well, the Mozilla folks have also thought about the problem. And they came up with a solution. The policy is that changes make the thing not the thing.
And this is a broken policy, but the brokeness of it will not be apparent to someone like yourself until your nose is rubbed in it 3-5 years from now, so I suppose I'll just shut-up and wait for it to happen.
Everyone must have policies that parallel Debian? Is that the short version of your argument here Bruce?
Acutally, no. His point was that the Debian guys, in this instance, appear to have thought through the problem of allowing people to do modified versions that are recognizeable related to the original, and yet will not be confused with the original.
Notably my installation of Knoppix says Debian all over it (e.g. the login screen), and yet there's no way I'd be confused that it's a pure-Debian installation.
The trouble is you appear to be yet another person complaining about Debian causing the problem by being inflexible. One can just as easily argue that MozCo is causing the problem by being inflexible, and suddenly deciding to throw their weight around a bit via trademark restrictions. Also, if Debian weren't "inflexible" in the way that they are, no one would care about Debian -- there are plenty of other more "pragmatic" distros out there... Debian on the other hand is slowly but surely taking over the Linux universe via "Debian-based" distros like Ubuntu and Knoppix, and one of the reasons this is happening is Debian's policy.
And Mozilla.org has had a policy in place for years too. You ship X or you don't. The policy is now being more strictly enforced. You ship Firefox, or you dont. Trademark law being what is is, you go after the big targets first. RedHat and Novell have managed to comply with option #1, Debian has chosen to use option #2. And complain about it.
Actually, Debian isn't doing a lot of complaining that I've noticed.
Myself, I would guess that the original deal they struck with Mozilla was quite enough to protect the "Firefox" trademark, but hey I'm not a lawyer and all that.
What I do know is that in the past, whenever I've heard a corporation pulling that kind of excuse ("but we're legally required to behave like swine!") I've always concluded that it was bullshit.
My personal opinion is that it's a recipie for disaster to have linux users running firefox as sudo all the time just in case MozCo wants to do an update. If someone turns up an unpatched browser exploit, then they've got access to your whole box, instead of just your account. Unix permissions are intended to act as a barrier against this sort of problem.
So whether you rely on the Debian method of distributing security updates, or the Mozilla method; the right way to do it is going to be something that requires an extra step.
Exactly. Debian would never tolerate another entity modifying its software and re-releasing it as "Debian." Mozilla and Debian are the same in this regard, so it's puzzling why people insist that there's a conflict or difference between the two organizations. If Debian were the browser vendor and Mozilla the Linux vendor, Debian would be doing exactly the same thing.
I'm posting this at the moment using a laptop with a hard drive installation of Knoppix. When I boot it up, I get a log-in dialog box that says "Welcom to Debian". The default desktop background is a Debian swirl.
Anyway you look it it, the Debian guys do not seem to be causing trouble with their trademarks.
Oh, and by the way, the Debian Swirl we all know is not trademarked. They've got a trademarked graphic, but they don't use it in the distribution, because that would cause problems for people wanting to do Debian-based distributions; because you see, they're not really hypocrites: they understand what free software is about, and are happy to see people do modified versions of it.
Would they be annoyed at someone shipping a Debian-based distro that they still call Debian? I don't know: I've never heard of such a case. If people make big changes, generally they want credit for having made big changes... the exactly parallel case to this current flap would have to be relatively small tweaks that are barely noticeable.
how do you feel about patch policies? This apparently started out as a trademarked graphic problem, and then MoCo decided to expand it, and demand rights of approval of every Debian patch.
Sorry, but you're wrong. The patch approval thing was there from
the start. Read the bug [debian.org]. From the initial
description: "calling the browser Firefox requires the same
approvals as are required for using the logo and other artwork".
I'm sorry, but I don't think you can read very well.
Bug #354622,
posted 27 Feb 2006, says that the previously agreed on compromise
(using the name without the logos) is no good anymore. (Try re-reading
the very sentence you quoted).
Bug #354622,
posted 20 Sep 2006, then includes the requirement:
"All changes the distributor wishes to make to the source code must be
provided as discrete patches, along with a description of why the change
is required"
What would happen if every open source software group
demanded that the Debian Security team seek their approval on
every move they make?
You need to understand that "Firefox" is a brand which ordinary
end users are starting to recognize.
Okay. I'm turning on the understanding... Hm. Nothing is changing
in my worldview. Perhaps I understood this already.
Most packages in debian are not.
Ah, I get it. Firefox is hot and Debian needs to bend over and kiss their toes.
Look, when a security issue comes up in an old version of Firefox
which is no longer supported by mozilla, why can't debian just
work with upstream to produce one fix which all distros can take
advantage of, and which can be checked into mozilla.org CVS?
I would be very surprised if they don't kick patches back upstream.
Debian maintains Firefox code long after Mozilla has abandoned it.
The idea of letting a vulnerability sit in "stable" while
waiting for bureacratic approval from upstream does not sit well.
Just because MoCo no longer pays people to work on a specific
branch doesn't mean Debian or others can't get patches checked
in. This has happened in the past where Sun or IBM (IIRC) took
over old branches that were abandoned by Mozilla.
Presuming this is all correct, it doesn't change the problem: Seeking prior approval before they get to patch
their own distro...
I'm having a little trouble following the logic of your posting here, so these comments may or may not apply to what you're saying:
People I respect like the BSD license (which is much like the MIT as I remember it) better than the GPL, but historically BSD licensed projects really have run into problems, notably the great unix wars of the 80s that ended up with Microsoft the winner.
BSD licensed code is prone to proprietary forks, which subdivide the community even more so than this name change. The GPL was an extremely clever social hack to try to prevent this sort of problem.
You make an interesting point that Mozilla Corp may have been legally overreaching in claiming right of approval of code patches. At the very least, if that's legal under the MPL, I would think it should no longer be regarded as an Open Source/Free Software license.
I'm confused about why the Debian maintainers decided to try and use the Firefox name in the first place when they're not supposed to,
Apparently they had an agreement (unofficial or otherwise) that what they were doing was okay with the Mozilla guys.
Getting fussy about trademarks is a new thing with the Mozilla Corporation.
Anyone that needs to recognize it mostly just clicks on the internet icon (thingy). Anyone else can just look and will find it.
Do you know of any Linux distros that actually put an "Internet" icon on the desktop? I haven't seen this in my recent installations of Kubuntu and Knoppix. It would seem like a no-brainer as far as "useability" goes: make it easy for people
to find the web browser, you know?
Oddly enough, Mac OSX doesn't seem to do this either... I was helping a computer illiterate person with her new Mac laptop recently. She couldn't figure out how to launch a web browser. There's a band of gigantic flashy graphics going across the screen, but if any of those launch a browser, I couldn't find it. I had to go browsing around on the hard drive, and when I saw "safari" I recognized that as a web browser, but there's no way a total beginner would know that. And that's the famed Easy To Use macintosh, no less.
flippin debian, too much politics, not enough releasing.
One more time: it's the Mozilla Corporation that suddenly decided to get fussy about this.
They also then suddenly required changes in the way Debian handles it's patches. You want
Debian to ship faster, and also deal with additional proceedural hassles, and accomodate changes like
this (somehow) at the last minute?
My point was that Mozilla Corp. is, in essence, just a legal entity set up by the Mozilla project for administrative purposes, similar to what the GNOME Foundation is for GNOME, and the other examples I listed. I just don't understand why you think that being incorporated makes Mozilla's legal entity more inherently evil than for example the GNOME Foundation.
The Mozilla Corp has changed the deal they had going with Debian twice during this dispute.
They're behaving in a capricious and high-handed way, that the Mozilla group did not. It's at least
a teneable hypothesis that there's something dangerous about using a "Corporation" like this -- it's not
just a legal entity, it's a culture that's grown up around this type of entity.
You understand there may be no difference between a "Corporation" and a "Foundation" but it's name,
but the name difference alone could create different behavior, by attracting different people and/or encouraging
different attitudes.
but for me, software freedom is about code, not graphics.
I'm glad you weren't in charge of writing the Bill of Rights, the first ammedment would look a lot different.
On another front: how do you feel about patch policies? This apparently started out as a trademarked graphic problem,
and then MoCo decided to expand it, and demand rights of approval of every Debian patch.
What would happen if every open source software group demanded that the Debian Security team seek their approval on every move they make?
Mozilla says its guidelines are clear: the use of the Firefox name is permitted only if accompanied by its logo, icons, and other artwork.
And Mozilla Corp is changing the deal that they had with the Debian group, and changing it in a hurry without much warning.
FINE. Ive been a debian user for many years - giving people permission to change the logo and mess with it is like changing my name on programs that I write. Leave my name on it and leave the logo ALONE.
And guess what? Now Firefox won't have the logo or the name on it. That was a great move on MoCo's part wasn't it?
why not spend this time trying to get the next release out sooner than worrying about logos?!?!?
It was Mozilla's Corporations decision to suddenly start worrying about logos. They also then suddenly started worrying about patch policies. And you think Debian has the problems here?
Someone around here has a sig that says something like, "letting a programmer name your product is like making a marketer program it." Never before has it been demonstrated so clearly. (Well, to be fair, at least the browser isn't Gimped.)
You're missing one or two points here. This is intentional nose-thumbing. The Debian team have reason to be annoyed at the Mozilla Corporation; and if they're so intent on protecting their good name, they can henceforth be known as "iceweasel".
It is, by the way, not beyond the realm of possibility that MoCo will regret this move. At present they think of their main "market" as Windows users, but in another five years or so, most of their users may be on a linux distro derived from Debian such as Ubuntu.
Oh, and by the way... if you ask marketers what the latest and greatest brands are of the modern era, they come up with things like "google" and "yahoo", and *surprise*: marketing people did not invent these names.
Except for mathematicians and programmers, most think of "random" in a *very* different way from its technical definition. To most humans, saying that a particular sequence is "random" means *guaranteeing* certain things about it. Among them: the same element does not occur back-to-back, EVER, even if there are only a few elements total to choose from.
Yes exactly. I think the lesson here is that you should never use a
mathematically random algorithm for esthetic purposes. If you're trying to
get something to seem "mixed-up" to a user, you need to simulate a world where
the "gambler's fallacy" is not a fallacy: you need a "randomization" function
that has memory, and is weighted against "streaks".
I wrote a CPAN module called
Text::Capitalize
that includes a function called "scramble_case" that works this way (for when you
want capitalization with a "wEiRDly sCRaMbLeD aPpEaREncE").
If certain elements stand out from the others in some significant way, they can neither occur first nor last. (For instance, if test questions are being drawn from a question bank, neither the easiest nor the hardest question should be first or last; if it is, people will say the order was not random.)
That's an interesting way of formulating the principle. For my "scramble_case" I weighted the probability against getting a capitalized first letter, because that looks Too Normal.
I could go on and on, but what it really amounts to is that when most people say "random" they mean "carefully arranged in a thoroughly mixed-up order". This is almost the *opposite* of what a mathematician or computer programmer thinks the word "random" means.
This, by the way, is esentially the conclusion that Stephen Levy comes to... this isn't a bad article at all,
though it's a bit verbose, and doesn't get down to the point until two-thirds of the way through.
(Which probably makes it Pulitzer Prize material).
Like it says at the bottom of a big page of information when I
click on your name: "Subscribers can view entire comment history
for all users"
It doesn't appear all that hard to manually look for users with
inactive histories.
Good point. But then, you're talking about looking at comment
histories, and there are many people who read slashdot but don't
bother to post. There's no "last login was" message in the user
info page.
A good chunk of Friend and Foe listings for low numbered users
are likely to be for other low numbered users, making it easy to
look for whole blocks of possible inactives.
Hm. I didn't realize it was difficult to look up someone by
number, but I guess it is. The "Search" feature doesn't give you
a way to do it.
In any case, the "Friend and Foe" feature is relatively new, so you
won't get a lot of links to inactive accounts that way.
Then it's likely some of those accounts will have easy to guess
dictionary form passwords.
Correct, but then running a dictionary on an account name should
set off alarms at slashdot. You're not suggesting that our Slash
Masters could have over-looked such an obvious move, are you?
User logs and what threads the user commented in may show areas
of interest to make password guessing more feasable.
Um.... I know what you're talking about, but I think you're reaching.
They don't just need access to one or two accounts, they need at
least a few dozen they can use in a semi-disposable way.
I have no idea whether it has actually happened.
If you like, you can take a look at this story:
Was the 2004 Election Stolen?
In particular, look at the comments from these guys:
Chacham (981)
porkchop_d_clown (39923)
They both engage in peculiarly stupid non sequitor
attacks... they don't hold up to even a few minutes scrutiny, but
they might give you the superficial feeling that someone out
there has an objection.
I find it likely that early members were somewhat more oriented
to the political extremes than now, but that's more likely to
include some who were extreme right wingsers [...]
Your 'rover boys' could be uber-geeks and 'low brow' republicans,
the two aren't as exclusive as you may think.
I don't think you get what I mean when I say "low brow". I mean
someone who has trouble coming up with any sort of argument...
in other words, they're either really dumb, or just faking it.
After I get through with this speculative answer though, I'm
running a few searches. First terms will be "Looking to purchase"
and "low numbered slashdot accounts", with refinements from
there. [...]
I'd look at good old fashioned social engineering like this before assuming cracking.
Well sure, I've heard of at least one three-digit account that
got sold on ebay. But how many accounts do you think you
could come up with that way?
(In any case, don't go too crazy on the paranoia on this
one: the standard advice on dealing with agent
provacateurs is to just take them at face value... the only
thing worse than a bunch of provacateurs is holding witch
hunts for provacateurs.)
Slashdot Mirror
For some people, internet addiction is an improvement.
An Adobe dominated web is not in-principle any better than a Microsoft dominated one.
But here we're talking "long term benefit to civilization" vs. "oohh, lookit the funny pictures!". I wonder who'll win?
Myself, I think making your web browser act like a television was always an ill-conceived idea.
Uh huh. When was the last time you saw a "Java" site?No kidding it's not what they did or said. If it was Florida's problem, why did they interfere at all?
Notably my installation of Knoppix says Debian all over it (e.g. the login screen), and yet there's no way I'd be confused that it's a pure-Debian installation.
The trouble is you appear to be yet another person complaining about Debian causing the problem by being inflexible. One can just as easily argue that MozCo is causing the problem by being inflexible, and suddenly deciding to throw their weight around a bit via trademark restrictions. Also, if Debian weren't "inflexible" in the way that they are, no one would care about Debian -- there are plenty of other more "pragmatic" distros out there... Debian on the other hand is slowly but surely taking over the Linux universe via "Debian-based" distros like Ubuntu and Knoppix, and one of the reasons this is happening is Debian's policy.
"Oh all this Free Software in-fighting is so shameful! (Here, let me stir the pot a little more...)"
Myself, I would guess that the original deal they struck with Mozilla was quite enough to protect the "Firefox" trademark, but hey I'm not a lawyer and all that.
What I do know is that in the past, whenever I've heard a corporation pulling that kind of excuse ("but we're legally required to behave like swine!") I've always concluded that it was bullshit.
So whether you rely on the Debian method of distributing security updates, or the Mozilla method; the right way to do it is going to be something that requires an extra step.
Anyway you look it it, the Debian guys do not seem to be causing trouble with their trademarks.
Oh, and by the way, the Debian Swirl we all know is not trademarked. They've got a trademarked graphic, but they don't use it in the distribution, because that would cause problems for people wanting to do Debian-based distributions; because you see, they're not really hypocrites: they understand what free software is about, and are happy to see people do modified versions of it.
Would they be annoyed at someone shipping a Debian-based distro that they still call Debian? I don't know: I've never heard of such a case. If people make big changes, generally they want credit for having made big changes... the exactly parallel case to this current flap would have to be relatively small tweaks that are barely noticeable.
Bug #354622, posted 27 Feb 2006, says that the previously agreed on compromise (using the name without the logos) is no good anymore. (Try re-reading the very sentence you quoted).
Bug #354622, posted 20 Sep 2006, then includes the requirement: "All changes the distributor wishes to make to the source code must be provided as discrete patches, along with a description of why the change is required"
Okay. I'm turning on the understanding... Hm. Nothing is changing in my worldview. Perhaps I understood this already.Ah, I get it. Firefox is hot and Debian needs to bend over and kiss their toes.
- I would be very surprised if they don't kick patches back upstream.
- Debian maintains Firefox code long after Mozilla has abandoned it.
- The idea of letting a vulnerability sit in "stable" while
waiting for bureacratic approval from upstream does not sit well.
Presuming this is all correct, it doesn't change the problem: Seeking prior approval before they get to patch their own distro...Oddly enough, Mac OSX doesn't seem to do this either... I was helping a computer illiterate person with her new Mac laptop recently. She couldn't figure out how to launch a web browser. There's a band of gigantic flashy graphics going across the screen, but if any of those launch a browser, I couldn't find it. I had to go browsing around on the hard drive, and when I saw "safari" I recognized that as a web browser, but there's no way a total beginner would know that. And that's the famed Easy To Use macintosh, no less.
You understand there may be no difference between a "Corporation" and a "Foundation" but it's name, but the name difference alone could create different behavior, by attracting different people and/or encouraging different attitudes.
On another front: how do you feel about patch policies? This apparently started out as a trademarked graphic problem, and then MoCo decided to expand it, and demand rights of approval of every Debian patch.
What would happen if every open source software group demanded that the Debian Security team seek their approval on every move they make?
It is, by the way, not beyond the realm of possibility that MoCo will regret this move. At present they think of their main "market" as Windows users, but in another five years or so, most of their users may be on a linux distro derived from Debian such as Ubuntu.
Oh, and by the way... if you ask marketers what the latest and greatest brands are of the modern era, they come up with things like "google" and "yahoo", and *surprise*: marketing people did not invent these names.
I wrote a CPAN module called Text::Capitalize that includes a function called "scramble_case" that works this way (for when you want capitalization with a "wEiRDly sCRaMbLeD aPpEaREncE").
That's an interesting way of formulating the principle. For my "scramble_case" I weighted the probability against getting a capitalized first letter, because that looks Too Normal. This, by the way, is esentially the conclusion that Stephen Levy comes to... this isn't a bad article at all, though it's a bit verbose, and doesn't get down to the point until two-thirds of the way through. (Which probably makes it Pulitzer Prize material).Hm. I didn't realize it was difficult to look up someone by number, but I guess it is. The "Search" feature doesn't give you a way to do it.
In any case, the "Friend and Foe" feature is relatively new, so you won't get a lot of links to inactive accounts that way.
Correct, but then running a dictionary on an account name should set off alarms at slashdot. You're not suggesting that our Slash Masters could have over-looked such an obvious move, are you?Um.... I know what you're talking about, but I think you're reaching. They don't just need access to one or two accounts, they need at least a few dozen they can use in a semi-disposable way.
If you like, you can take a look at this story: Was the 2004 Election Stolen? In particular, look at the comments from these guys:
-
Chacham (981)
-
porkchop_d_clown (39923)
They both engage in peculiarly stupid non sequitor attacks... they don't hold up to even a few minutes scrutiny, but they might give you the superficial feeling that someone out there has an objection.I don't think you get what I mean when I say "low brow". I mean someone who has trouble coming up with any sort of argument... in other words, they're either really dumb, or just faking it.
Well sure, I've heard of at least one three-digit account that got sold on ebay. But how many accounts do you think you could come up with that way?
(In any case, don't go too crazy on the paranoia on this one: the standard advice on dealing with agent provacateurs is to just take them at face value... the only thing worse than a bunch of provacateurs is holding witch hunts for provacateurs.)