All cynicism and paranoia aside, if Microsoft is serious about wanting to interoperate (with anybody, not just the FOSS community), here's the input I'd give them:
Use open standards, and don't try to subvert them with little "improvements" so that they don't interoperate except with MS software any more.
Don't gratuitously invent your own closed or encumbered standards and then try to get them accepted as industry standards.
Stop giving the impression (and remember that actions speak louder than words) that your primary goal is to require everyone in the world to use Microsoft software, and to make it frustrating or impossible to use anything else.
Every web user knows, along with Jakob Nielsen, that clean and simple web page design is best.
However, every corporate web page designer knows that flashy and graphics-laden is the only way to go. Ever since the <img> tag was invented, these two worldviews have been for all intents and purposes irreconciliable. It'd be truly lovely if something could persuade the corporate designers of the www to KIS,S, but I'm not holding my breath...
...just take along a floppy disk with PuTTY on it, ssh into a friend's box in the US...
If I were setting up that "Great Firewall",
one of the very first things I would do is block port 22.
Simple.
Are you suggesting they haven't done this?
...the Huygens space probe has entered the atmosphere of Saturn's moon Titan after traveling 2.2 billion miles. Pictures from the moon's surface should be available sometime this afternoon.
How soon do we find out about the prices for split-crotch panties, etc.?
I think the biggest single problem is that the filesystem -- specifically, the inode -- hasn't really changed since Unix was born. In particular, there's no central place to put all the new information that fancier systems (e.g. Gnome and KDE) need. So everyone implements this sort of thing using bag-on-the-side kludges instead (and of course everyone's bag is different).
To some extent this is because people are too reverent towards the core of Unix -- it's as if the stat and inode structures are sacred relics which mustn't be touched. But that's nonsense: Unix is a hacker's system, so if those structures need to be augmented, they should be!
There's work being done in this area, of course, but someone needs to step forward and put a big stick in the ground saying "this is an attribute filesystem and API to it that everyone can and ought to use to centralize file-related metainfo."
Stupid question, and not the right place for it, but:
anybody know where to get the Firefox source?
Their Linux binary download unaccountably fails to work on my PowerBook:-), so I need to build my own.
I'm aware of what I am doing, and take full responsibility...
Why should I be forced into two different identification "modes"...?
I won't argue with you, but be aware that not everyone feels as you do.
I like logging in under different userids (with, yes, different passwords) when performing certain classes of different tasks.
It helps me remember what I'm doing, and how careful I need to be.
And I think a lot of people work this way.
So why do you bother with two different identification modes? (Who's forcing you?)
Why not just do everything while logged in as root?
No, apparently not. Microsoft evidently added the bug when they added some code to the IJG codebase.
(Oddly enough, they added the same bug, and in the same spot, as Netscape had back when Netscape tried to add the same code -- JFIF comment parsing -- to their copy of the IJG library in Mozilla.)
Why shouldn't I be able to run as an administrator on my own machine? It's my computer... I paid for it... I'm the only one using it.
The notion is that you shouldn't want to be running unnecessarily as administrator on any machine, even your very own, because quite aside from any concerns about viruses, etc., you ought to be worried about how much damage you can do when you accidentally type something wrong.
Artificial permission models are not panaceas...
I'm not sure what you mean by "artificial".
Maybe I'm being closed-minded or not thinking for the future, but I still think permission models are a good thing (if only people would use them properly)...
The openwall page says that the vulnerability in Netscape's copy of the IJG code was in a Netscape modification to the code, not in the base code. So was there another vulnerability in the IJG code (meaning that everyone else inherited it, too), or did Microsoft introduce their own vulnerability with one of their own mods?
Basic essay format is 5 paragraphs: Introduction, 3 paragraphs with supporting points, conclusion.
Each paragraph has rules, so essentially you don't need to think about structure when writing an essay.
And of course this is nonsense.
There is no such thing as "the essay format".
The definition of an essay is not structural, i.e., it's not the same as, say, the definition of haiku.
I know, I know, a lot of people got the mistaken notion back in high school that an "essay" had to follow a certain format, and it's easy&fun to spot their writing today, as they laboriously bludgeon their ideas into those imaginary mandatory boxes, but that ain't essay writing, any more than gumby flower arranging is flower arranging.
Where would be the leverage in letting people easily create plain text files?
You've got to erect barriers-to-exit, genius.
Now, now, don't be too hard on him.
What you say is absolutely true,
but it takes a while to realize it.
(But once you do, boy, does a lot more about Microsoft's "idiocy" and "incompetence" make sense.)
Ever-changing.doc format:
Yes, the doc format changes.
How else are new features supposed to be saved?
New features are not the reason that the.doc file format keeps changing.
MS makes sure they change the.doc file format with every release whether they need to or not.
It's a viral marketing strategy, of course.
But you clicked on the EULA and waived all your rights away, don't you remember?
Friend of mine and I were talking about liability one day.
He pointed out that when you go skiing, when you buy a lift ticket you're agreeing that it's dangerous and at your own risk and that the lift operators bear no responsibility at all -- but if the ski lift collapses and a bunch of people are injured or killed, and if it's found that the operators were woefully, wilfully negligent in maintaining it, they're gonna get sued, and successfully.
Just like it's my fault when I never put my car through the yearly inspection and let its brakes rot...
If you don't know how to fix it, pay someone who knows.
Okay, but hold that thought.
Only with PCs and Windoze, the most fucking fragile, error-prone, bug-ridden technical achievement since the invention of the light-bulb
people think it's different.
But let's see:
If your -- and everyone else's -- rotten-braked car were as fragile, error-prone, and bug-ridden as all this, who would we be holding responsible?
...would reduce the value of recruiting your home PC as a member of a botnet because "normal users have no need to send out floods of e-mail, which reverse firewalls can stop..."
And given the rock-solid nature of the platform in question, there's no way the bot software would ever be able to reprogram the `reverse firewall' to let the floods out anyway. Uh uh, no way.
I'm sure that this time around they use a proper algorithm...
Why are you so sure?
Time and again people have chosen laughably weak crypto algorithms and then plastered them with impressive-sounding quotes like "the discs, by themselves, cannot be hacked."
They might have used a decent algorithm.
But I'd put the odds at only about 50/50.
The OP is right; they're really setting themselves up for a fall.
I'm about as hard-core a Unix junkie as there is, but I'm also a Mac junkie, and most of the Unix GUI's just suck. My preferred solution is to use various terminal emulators (usually NiftyTelnet/ssh) on one of my Macs, and connect to all my *nix machines that way. I get proper, consistent cut&paste, and decent scrollbars, and like that.
Unfortunately, if you've gotten used to the Windowsesque control-C and control-V, you're stuck with the worst of both worlds. If you want the cut/paste mechanism to be consistent across all apps (and who doesn't?), it can't be control-C/control-V, because you've got to be able to use those verbatim in terminal emulation windows. That's why I vastly prefer the Mac command-C and command-V (from which, of course, the Windows hotkeys were copied, albeit in the customarily mildly broken Windoze fashion).
My point is that blaming the users for security problems, or looking to user education to solve security problems, has been amply shown not to work. If we want more secure systems, we're going to have to find approaches that don't rely on the user so much.
"...If I had an encrypted zipfile that I had trouble sending because the filename was too long or had spaces or something in it, I should be able to simply rename it and send it without having to decrypt and encrypt it all over again."
This is a user interface issue, not a protocol issue.
You're right, you shouldn't have to decrypt and encrypt and send all over again. If your recipient's system can't handle your filename, then your recipient's unzipping program should give the recipient the option of renaming upon extraction.
By your argument, cars shouldn't need seat belts or air bags, since the real problem is just the morons who cause accidents, and all we have to do is educate them not to.
Slashdot Mirror
All cynicism and paranoia aside, if Microsoft is serious about wanting to interoperate (with anybody, not just the FOSS community), here's the input I'd give them:
-
Use open standards, and don't try to subvert them with little "improvements" so that they don't interoperate except with MS software any more.
-
Don't gratuitously invent your own closed or encumbered standards and then try to get them accepted as industry standards.
-
Stop giving the impression (and remember that actions speak louder than words) that your primary goal is to require everyone in the world to use Microsoft software, and to make it frustrating or impossible to use anything else.
My 3 cents.When they say "for Linux", I assume they mean "for Linux on x86", and that those of us with PPC and Alpha (etc.) are still out of luck.
So, flickerfly/ Zonk, pun intended, right? :-)
+1 funny.
Every web user knows, along with Jakob Nielsen, that clean and simple web page design is best. However, every corporate web page designer knows that flashy and graphics-laden is the only way to go. Ever since the <img> tag was invented, these two worldviews have been for all intents and purposes irreconciliable. It'd be truly lovely if something could persuade the corporate designers of the www to KIS,S, but I'm not holding my breath...
If I were setting up that "Great Firewall", one of the very first things I would do is block port 22. Simple. Are you suggesting they haven't done this?
How soon do we find out about the prices for split-crotch panties, etc.?
To some extent this is because people are too reverent towards the core of Unix -- it's as if the stat and inode structures are sacred relics which mustn't be touched. But that's nonsense: Unix is a hacker's system, so if those structures need to be augmented, they should be!
There's work being done in this area, of course, but someone needs to step forward and put a big stick in the ground saying "this is an attribute filesystem and API to it that everyone can and ought to use to centralize file-related metainfo."
Stupid question, and not the right place for it, but: anybody know where to get the Firefox source? Their Linux binary download unaccountably fails to work on my PowerBook :-), so I need to build my own.
Why should I be forced into two different identification "modes"...?
I won't argue with you, but be aware that not everyone feels as you do. I like logging in under different userids (with, yes, different passwords) when performing certain classes of different tasks. It helps me remember what I'm doing, and how careful I need to be. And I think a lot of people work this way.
So why do you bother with two different identification modes? (Who's forcing you?) Why not just do everything while logged in as root?
On my iPod: 99% tracks ripped from CD's I own.
1% tracks purchased from iTMS.
'Nuff said.
See http://www.openwall.com/advisories/OW-002-netscape -jpeg/.
The notion is that you shouldn't want to be running unnecessarily as administrator on any machine, even your very own, because quite aside from any concerns about viruses, etc., you ought to be worried about how much damage you can do when you accidentally type something wrong.
Artificial permission models are not panaceas...
I'm not sure what you mean by "artificial". Maybe I'm being closed-minded or not thinking for the future, but I still think permission models are a good thing (if only people would use them properly)...
The openwall page says that the vulnerability in Netscape's copy of the IJG code was in a Netscape modification to the code, not in the base code. So was there another vulnerability in the IJG code (meaning that everyone else inherited it, too), or did Microsoft introduce their own vulnerability with one of their own mods?
(I mean, I'm sorry he's broke, and bully for him for realizing his mistake and recanting and everything, but still, that's the outcome.)
And of course this is nonsense. There is no such thing as "the essay format". The definition of an essay is not structural, i.e., it's not the same as, say, the definition of haiku.
I know, I know, a lot of people got the mistaken notion back in high school that an "essay" had to follow a certain format, and it's easy&fun to spot their writing today, as they laboriously bludgeon their ideas into those imaginary mandatory boxes, but that ain't essay writing, any more than gumby flower arranging is flower arranging.
Now, now, don't be too hard on him. What you say is absolutely true, but it takes a while to realize it. (But once you do, boy, does a lot more about Microsoft's "idiocy" and "incompetence" make sense.)
New features are not the reason that the .doc file format keeps changing.
MS makes sure they change the .doc file format with every release whether they need to or not.
It's a viral marketing strategy, of course.
Friend of mine and I were talking about liability one day. He pointed out that when you go skiing, when you buy a lift ticket you're agreeing that it's dangerous and at your own risk and that the lift operators bear no responsibility at all -- but if the ski lift collapses and a bunch of people are injured or killed, and if it's found that the operators were woefully, wilfully negligent in maintaining it, they're gonna get sued, and successfully.
If you don't know how to fix it, pay someone who knows.
Okay, but hold that thought.
Only with PCs and Windoze, the most fucking fragile, error-prone, bug-ridden technical achievement since the invention of the light-bulb people think it's different.
But let's see: If your -- and everyone else's -- rotten-braked car were as fragile, error-prone, and bug-ridden as all this, who would we be holding responsible?
And given the rock-solid nature of the platform in question, there's no way the bot software would ever be able to reprogram the `reverse firewall' to let the floods out anyway. Uh uh, no way.
Why are you so sure?
Time and again people have chosen laughably weak crypto algorithms and then plastered them with impressive-sounding quotes like "the discs, by themselves, cannot be hacked."
They might have used a decent algorithm. But I'd put the odds at only about 50/50.
The OP is right; they're really setting themselves up for a fall.
Unfortunately, if you've gotten used to the Windowsesque control-C and control-V, you're stuck with the worst of both worlds. If you want the cut/paste mechanism to be consistent across all apps (and who doesn't?), it can't be control-C/control-V, because you've got to be able to use those verbatim in terminal emulation windows. That's why I vastly prefer the Mac command-C and command-V (from which, of course, the Windows hotkeys were copied, albeit in the customarily mildly broken Windoze fashion).
My point is that blaming the users for security problems, or looking to user education to solve security problems, has been amply shown not to work. If we want more secure systems, we're going to have to find approaches that don't rely on the user so much.
This is a user interface issue, not a protocol issue. You're right, you shouldn't have to decrypt and encrypt and send all over again. If your recipient's system can't handle your filename, then your recipient's unzipping program should give the recipient the option of renaming upon extraction.
By your argument, cars shouldn't need seat belts or air bags, since the real problem is just the morons who cause accidents, and all we have to do is educate them not to.