Then, instead of naming my mail groups like "mail.foo.bar", I name them like (yearly-gnus ".foo.bar"). This helps separate the old junk from the really old junk.
Without action to raise public awareness, people will think laws are being passed to "protect intellectual property" rather than to take away constitutional rights for the convenience of industry.
Why do I ask here? Because I want an answer before I talk to others and sound ignorant. I'm not just posting on slashdot. I handed out flyers and got petition signatures in Boston today. Having an answer to my question would help me talk about the DMCA more intelligently.
Question for people who've actually read the DMCA. If I sell house door locks and don't tell people that I have a master key for all their houses, can I sue anyone who squeals for violating the DMCA? After all, there are books, videos, and other copyrighted materials in people's houses, so such knowledge could be used for copyright violation. Could someone who's actually looked at the DMCA give a pointer to the relevant part?
I see this as yet another example of the mistaken idea that
HTML-like tags make a language more user-friendly. Glossing over the
difference between server-side code and client-side markup will only
lead to confusion in the long run.
People need to understand that server-side templating systems (in
the sense that includes PHP, JSP, BRL; not the limited
WebMacro/Velocity definition of template), work by a sort of editorial
process. I choose a syntax that acknowledges that editorial process.
Take the first example from the BOA tutorial. What's server-side
instructions and what's client side markup? If you're not familiar
with HTML it might be hard to tell the difference.
<setvar name=a value=1>
<strong>this is a strong <insert name=a></strong>
In contrast, the following code makes it clear what is literal HTML
(what the browser will get), and what is an editorial instruction.
[(define a 1)]
<strong>this is a strong [a]</strong>
Other advantages of square-bracket syntax:
The performance penalty of doing a table lookup for every HTML tag
is eliminated.
If you misspell setvar, BOA sends the tag literally; a beginner
will need some time to figure out what happened. If you misspell
define, BRL will send an error message; it's obvious what happened.
More conciseness; less typing.
The syntax makes sense even in non-SGML markup, e.g. LaTeX.
ESR argues against something that was never asserted: that developers should be prohibited by law from choosing proprietary licences. If he had taken the trouble to actually understand what was written, he would see that the only point was correctness of terminology. When you choose a license, you are exercising power over licensees. You tell them what they can/can't do. That's what a license is for: to impose rules on others.
Stallman and Kuhn readily admit in their article that everyone who releases software is forced (by copyright law) to exercise this power. What they object to is taking this power and including it in a list of freedoms which formerly had nothing to do with exercising power over others.
Maybe the word "freedom" just has ESR overly confused. We certainly don't need Tim O'Reilly to cloud the word's meaning even further.
Don't take my word about hazardous hotfixes. Do your own google search on "hotfix causes problems" and see for yourself. I imagine server admins who got burned by a recent broken hotfix, or at least read the June 8 CNET article about it, didn't want to be guinea pigs for MSFT's newest fixes.
It's splitting hairs to point out that this is an Index Server hole, not an IIS hole. Sure, and there was a mid-1990s hole that wasn't an Apache hole. It was a hole in a CGI script that happened to be part of the default Apache distribution. But let's not split hairs: it was effectively an Apache hole. This is effectively an IIS hole.
The difference is that the CGI script was just for debugging, whereas Index Server performs a very important web-site function that would be missed if turned off.
If you feel this is still an unfair comparison because Apache doesn't ship with a search engine, feel free to point out any remote exploits in SWISH or other popular free-software search engines. If you find any, be sure to say when they occurred. Good luck!
The need for a graphical configuration tool has been acknowledged as important, even in the 2000 OSCon keynote, yet only about 15 people showed up for the Comanche presentation at the same conference. Getting such a tool packaged as part of the standard Apache dist is something that could happen if somebody championed it. There are plenty of choices for anybody motivated to pursue this. Problem is, a good champion would be someone who used a graphical interface him/herself, and most hackers (like me) prefer the text interface.
In my job I've used BRL in many small-to-medium projects, plus another project larger than BRL itself that my employer isn't ready for me to talk about. I'm training two coworkers in Scheme/BRL.
The Kawa manual has an appendix listing projects using it.
One month is not "long before" Code Red came out for the average sysadmin. Installing the latest MSFT patches is a hazardous undertaking, and not everyone wants to do it every month.
Let's compare apples and apples. GNU/Linux supports a lot more network services than NT, so there will likely be more patches. On a web server, it's smart to turn off every service you can, but you can't turn off the web server. When's the last time a remote exploit got installed with a typical Apache installation?
If you actually read my post, you'll notice that I never claim that they implement all of SQL-92. I won't bother restating myself as the original post was quite clear.
P.S. Cursors with updatable columns did not actually work in MSFT SQL 6 until some time long after the marketing literature claimed they did. With PostgreSQL, you can expect more accuracy as to what is/isn't implemented.
One problem with proprietary DBs is that their docs will steer you toward non-standard SQL even when standard SQL will work. For example, Oracle will teach you to use NVL and Sybase will teach ISNULL, when COALESCE works in both databases.
The solution is to develop with PostgreSQL regardless of what your deployment DB will be. Their docs favor standard SQL. The code you develop will work with the proprietary DBs as well.
If software patents are so good, I'll take your car and bank account because they happen to look like mine.
(referring to the fact that independently implementing an idea is a patent violation, and the onus is on you to prove that the patent is invalid, e.g. obvious. Thus you can be forbidden from using an idea you came up with yourself.)
You can sometimes update code without having to update content and vice versa even with systems reputed to be bad at separating one from the other.
What do you mean, HTML "separated out into templates?" The templates have code in them indicating (at the very least) what data goes where.
My example is not silly. I chose a simple example to prove that it was not contrived. There are plenty of more complicated situations in which content/code naturally interact in a way more complicated than tools claiming "separation" can deal with.
Indexing server is essentially part of IIS
on
Fight Virus With Virus?
·
· Score: 2, Insightful
The indexing server is bundled with IIS, and is one of the main reasons for choosing IIS -- searching is bundled right in. Comparing it with "some CGI script" is disingenuous.
It would be fair to compare it with Apache modules that are part of the standard distribution and are usually installed. Care to point out a recent hole in such a module?
Insightful, my foot. The pro-MSFT moderators are busy today.
And while we're working on Code Red, can we send a
large man to the home of my latest Sircam senders and politely "ask"
them to stop clicking on virii?
I was surprised when a virus got sent from someone I thought would
know better. After thinking it through, it's not at all
surprising.
The problem is that daily use of MSFTware trains users to
click on such attachments and ignore the warnings. A Word macro
should only be able to affect the document it's in. Likewise an Excel
macro. Yet MSFT engineers took the lazy route and enabled unlimited
powers in files that should be data, not programs.
The result is that people who exchange documents and spreadsheets
via e-mail are (correctly) warned with a popup box every time they
open one. They proceed anyway, because that's what they have to do.
Daily habit trains them to ignore the warnings.
Seriously, do you have any data showing that Code Red does "bog down" traffic globally?
There's never been a worm that exploited an Apache hole the way this IIS hole is being exploited. That's not flamebait; that's a fact.
It's been years since any remote vulnerability has been discovered in Apache. That's not flamebait; that's a fact.
Are you willing to make a new "nice guy" worm every time a new evil IIS worm comes out? If not, then you would only lull IIS admins into a false sense of security by fixing their problem for them this time. Let them deal with it; it's a valuable educational experience.
I have seen a lot of theoretical discussion of
keeping code and content separate, [...] and I must admit I have
absolutely no idea what you're all talking about.
They should admit the same thing: people who claim code/content
"separation" have no idea what they're talking about. You can make
code embedded in content more concise, but the word "separation" in
this context is a lie. There is always a point where code and content
meet. The only question is how much of what the code does is
hidden/abstracted.
Generally, the way to silence people claiming code/content
separation is to ask
for an example solving a simple problem that doesn't fit their
assumptions about what dynamic web content looks like.
CURL is heavily influenced by Lisp, a language popular among
Computer Scientists. A relatively simple dialect of Lisp, Scheme, is used in teaching
introductory CS. Improvements from Perl 4 to Perl 5 were inspired by
Scheme, as were some current and future Python features. Scheme's
syntax is quite different from C, etc., albeit simpler and more
uniform.
Kawa Scheme
compiles directly to JVM bytecodes, without any intermediate
Java-language code. It's quite useful for scripting in a Java
environment. I've extended it into the Beautiful Report Language
(BRL), a template system like PHP but without the language
misfeatures. If you want to get a feel for a Lisp-like language while
working in a server-side Java environment, BRL would be a good
tool.
In case you missed it, yes, this is a shameless plug. I wrote BRL
and use it daily in a professional environment.
Large projects necessitate bad code?
on
ICFP 2001 Task
·
· Score: 2
Hint: 20 levels of bracing means you should be breaking that function down into smaller, reusable functions. You don't tend to do that in C++ because it's such a drag -- cut, paste, declare, etc. In Scheme new functions are cheap and easy.
That aside, who says you have to use it for a large project before it's fun? I'm having fun with a couple of 3KLOC projects.
MSFT took 2nd in 1999 with Haskell entry
on
ICFP 2001 Task
·
· Score: 2
MSFT was among the 1999 winners, but their entry was in Haskell, not Visual Basic. Unfortunately their writeup has disappeared from the MSFT web site.
Where's the torture? Scheme is fun!
on
ICFP 2001 Task
·
· Score: 2
It takes a little up-front learning if you're used to, say, C. The syntax is different from other languages, but actually simpler.
Who will win? Look at past years:
on
ICFP 2001 Task
·
· Score: 5
First prize was a Cilk entry. Winning the contest doesn't seem to have made the language take off in popularity.
Second prize: an OCaml entry ``beat out 23 C and C++ entries, many
of these being highly tuned programs produced by extremely competent
programmers skilled in game-playing algorithms.''
I doubt such a maneuver could be programmed unless you assume the engine only goes out over an available runway. The maneuver requires that you get as close to the ground as possible before pulling up, at which point there will be some horizontal movement before you fall. Staying close to the ground without hitting an obstacle on uneven terrain is an awfully hard AI problem.
Slashdot Mirror
I read my e-mail with GNUS. Besides the documented filtering features, I find it helpful to do this:
(defun yearly-gnus (groupname)
(concat (format-time-string "%Y") groupname))
Then, instead of naming my mail groups like "mail.foo.bar", I name them like (yearly-gnus ".foo.bar"). This helps separate the old junk from the really old junk.
Without action to raise public awareness, people will think laws are being passed to "protect intellectual property" rather than to take away constitutional rights for the convenience of industry.
Why do I ask here? Because I want an answer before I talk to others and sound ignorant. I'm not just posting on slashdot. I handed out flyers and got petition signatures in Boston today. Having an answer to my question would help me talk about the DMCA more intelligently.
Question for people who've actually read the DMCA. If I sell house door locks and don't tell people that I have a master key for all their houses, can I sue anyone who squeals for violating the DMCA? After all, there are books, videos, and other copyrighted materials in people's houses, so such knowledge could be used for copyright violation. Could someone who's actually looked at the DMCA give a pointer to the relevant part?
I see this as yet another example of the mistaken idea that HTML-like tags make a language more user-friendly. Glossing over the difference between server-side code and client-side markup will only lead to confusion in the long run.
People need to understand that server-side templating systems (in the sense that includes PHP, JSP, BRL; not the limited WebMacro/Velocity definition of template), work by a sort of editorial process. I choose a syntax that acknowledges that editorial process.
Take the first example from the BOA tutorial. What's server-side instructions and what's client side markup? If you're not familiar with HTML it might be hard to tell the difference.
<setvar name=a value=1>
<strong>this is a strong <insert name=a></strong>
In contrast, the following code makes it clear what is literal HTML (what the browser will get), and what is an editorial instruction.
[(define a 1)]
<strong>this is a strong [a]</strong>
Other advantages of square-bracket syntax:
ESR argues against something that was never asserted: that developers should be prohibited by law from choosing proprietary licences. If he had taken the trouble to actually understand what was written, he would see that the only point was correctness of terminology. When you choose a license, you are exercising power over licensees. You tell them what they can/can't do. That's what a license is for: to impose rules on others.
Stallman and Kuhn readily admit in their article that everyone who releases software is forced (by copyright law) to exercise this power. What they object to is taking this power and including it in a list of freedoms which formerly had nothing to do with exercising power over others.
Maybe the word "freedom" just has ESR overly confused. We certainly don't need Tim O'Reilly to cloud the word's meaning even further.
Don't take my word about hazardous hotfixes. Do your own google search on "hotfix causes problems" and see for yourself. I imagine server admins who got burned by a recent broken hotfix, or at least read the June 8 CNET article about it, didn't want to be guinea pigs for MSFT's newest fixes.
It's splitting hairs to point out that this is an Index Server hole, not an IIS hole. Sure, and there was a mid-1990s hole that wasn't an Apache hole. It was a hole in a CGI script that happened to be part of the default Apache distribution. But let's not split hairs: it was effectively an Apache hole. This is effectively an IIS hole.
The difference is that the CGI script was just for debugging, whereas Index Server performs a very important web-site function that would be missed if turned off.
If you feel this is still an unfair comparison because Apache doesn't ship with a search engine, feel free to point out any remote exploits in SWISH or other popular free-software search engines. If you find any, be sure to say when they occurred. Good luck!
The need for a graphical configuration tool has been acknowledged as important, even in the 2000 OSCon keynote, yet only about 15 people showed up for the Comanche presentation at the same conference. Getting such a tool packaged as part of the standard Apache dist is something that could happen if somebody championed it. There are plenty of choices for anybody motivated to pursue this. Problem is, a good champion would be someone who used a graphical interface him/herself, and most hackers (like me) prefer the text interface.
In my job I've used BRL in many small-to-medium projects, plus another project larger than BRL itself that my employer isn't ready for me to talk about. I'm training two coworkers in Scheme/BRL.
The Kawa manual has an appendix listing projects using it.
If you actually read my post, you'll notice that I never claim that they implement all of SQL-92. I won't bother restating myself as the original post was quite clear.
P.S. Cursors with updatable columns did not actually work in MSFT SQL 6 until some time long after the marketing literature claimed they did. With PostgreSQL, you can expect more accuracy as to what is/isn't implemented.
One problem with proprietary DBs is that their docs will steer you toward non-standard SQL even when standard SQL will work. For example, Oracle will teach you to use NVL and Sybase will teach ISNULL, when COALESCE works in both databases.
The solution is to develop with PostgreSQL regardless of what your deployment DB will be. Their docs favor standard SQL. The code you develop will work with the proprietary DBs as well.
If software patents are so good, I'll take your car and bank account because they happen to look like mine.
(referring to the fact that independently implementing an idea is a patent violation, and the onus is on you to prove that the patent is invalid, e.g. obvious. Thus you can be forbidden from using an idea you came up with yourself.)
No, I don't miss the point.
You can sometimes update code without having to update content and vice versa even with systems reputed to be bad at separating one from the other.
What do you mean, HTML "separated out into templates?" The templates have code in them indicating (at the very least) what data goes where.
My example is not silly. I chose a simple example to prove that it was not contrived. There are plenty of more complicated situations in which content/code naturally interact in a way more complicated than tools claiming "separation" can deal with.
The indexing server is bundled with IIS, and is one of the main reasons for choosing IIS -- searching is bundled right in. Comparing it with "some CGI script" is disingenuous.
It would be fair to compare it with Apache modules that are part of the standard distribution and are usually installed. Care to point out a recent hole in such a module?
Insightful, my foot. The pro-MSFT moderators are busy today.
I was surprised when a virus got sent from someone I thought would know better. After thinking it through, it's not at all surprising.
The problem is that daily use of MSFTware trains users to click on such attachments and ignore the warnings. A Word macro should only be able to affect the document it's in. Likewise an Excel macro. Yet MSFT engineers took the lazy route and enabled unlimited powers in files that should be data, not programs.
The result is that people who exchange documents and spreadsheets via e-mail are (correctly) warned with a popup box every time they open one. They proceed anyway, because that's what they have to do. Daily habit trains them to ignore the warnings.
Seriously, do you have any data showing that Code Red does "bog down" traffic globally?
There's never been a worm that exploited an Apache hole the way this IIS hole is being exploited. That's not flamebait; that's a fact.
It's been years since any remote vulnerability has been discovered in Apache. That's not flamebait; that's a fact.
Are you willing to make a new "nice guy" worm every time a new evil IIS worm comes out? If not, then you would only lull IIS admins into a false sense of security by fixing their problem for them this time. Let them deal with it; it's a valuable educational experience.
Webmasters who chose IIS made their bed. Let them sleep in it.
They should admit the same thing: people who claim code/content "separation" have no idea what they're talking about. You can make code embedded in content more concise, but the word "separation" in this context is a lie. There is always a point where code and content meet. The only question is how much of what the code does is hidden/abstracted.
Generally, the way to silence people claiming code/content separation is to ask for an example solving a simple problem that doesn't fit their assumptions about what dynamic web content looks like.
CURL is heavily influenced by Lisp, a language popular among Computer Scientists. A relatively simple dialect of Lisp, Scheme, is used in teaching introductory CS. Improvements from Perl 4 to Perl 5 were inspired by Scheme, as were some current and future Python features. Scheme's syntax is quite different from C, etc., albeit simpler and more uniform.
Kawa Scheme compiles directly to JVM bytecodes, without any intermediate Java-language code. It's quite useful for scripting in a Java environment. I've extended it into the Beautiful Report Language (BRL), a template system like PHP but without the language misfeatures. If you want to get a feel for a Lisp-like language while working in a server-side Java environment, BRL would be a good tool.
In case you missed it, yes, this is a shameless plug. I wrote BRL and use it daily in a professional environment.
Hint: 20 levels of bracing means you should be breaking that function down into smaller, reusable functions. You don't tend to do that in C++ because it's such a drag -- cut, paste, declare, etc. In Scheme new functions are cheap and easy.
That aside, who says you have to use it for a large project before it's fun? I'm having fun with a couple of 3KLOC projects.
MSFT was among the 1999 winners, but their entry was in Haskell, not Visual Basic. Unfortunately their writeup has disappeared from the MSFT web site.
It takes a little up-front learning if you're used to, say, C. The syntax is different from other languages, but actually simpler.
- PLClub submitted two separate entries using OCaml, either of which would have won the contest.
- Camls 'R Us took second place.
- Galois Connections took third with their Haskell entry.
- The Merry Mercurians took fourth with their Mercury entry.
1999:- Camls 'R Us mopped up the competition with their 3585-line OCaml entry
- The 1250-line Haskell Entry that took 2nd place was written in a mere 24 hours.
1998:I doubt such a maneuver could be programmed unless you assume the engine only goes out over an available runway. The maneuver requires that you get as close to the ground as possible before pulling up, at which point there will be some horizontal movement before you fall. Staying close to the ground without hitting an obstacle on uneven terrain is an awfully hard AI problem.