Real Change has some interesting dirt on all of the candidates -- here's what they have on Nader:
Authoritarian hypocrite, secret luxury house, owned by the trial lawyers' lobby, just another politician, busted a union among his workers, abuses workers, amassing millions of dollars and playing the stock market with it, secrecy and stonewalling, vindictive toward critics, forced contributions to his college PIRG groups.
LinuxToday got wind of an e-mail that went out to WinME beta testers that encouraged them to rig a poll at ZDnet regarding whether people would buy WinME
Really? Well, I'm a WinME beta tester, and received no such email. Stop spreading FUD.
It's nice to see that 3rd parties can contribute greatly towards the MS platform just to have them poke out and claim that something they did is the first time it has ever been done on their OS.
And where exactly do they claim that? I didn't see it in the page that was linked to.
It works like this: You break data up into 100k packets and send them to integrity@microsoft.com. You then have a program waiting for the bounces which picks them up when they come back (the bounced packets) and sends immediately sends them on again. Sure - the latency isn't wonderful, but it's infinitete bandwidth! And it even supports Raid-5.
Nice idea... but Microsoft doesn't bounce mail; if the email address doesn't exist, it just gets swallowed.
1982 - Digital Research sues Microsoft and IBM - DR wins. It was obvious MS-DOS and its PC-DOS variant were simply rip- offs of Digital Research's CP/M operating system. It remained only to prove it contained DR code. DR's Gary Kildall sat down at an IBM PC supplied by IBM and, using a secret code, got it to pop up a Digital Research copyright notice.
It's case won, Digital Research received monetary compensation and the right to clone MS-DOS. This is why Microsoft never sued DR over DR-DOS, but used every other means to destroy it. The settlement was under a strict non- disclosure agreement, so few even know DR sued, never mind that they won.
Where's the references to court cases? Or any kind of source info? Because I've never heard that story before, and without that info, it's impossible to verify this.
This is such a crock! I'm sure companies will go through the whole process of H-1B AND pay them the same rate as a US programmer instead of hiring a US programmer. Because we all know that companies don't care about labor costs. (bzzzz, wrong answer)
Hmmmm.... (checks salary)... (checks visa stamp in passport)... (checks bonuses)... (checks 1040 form)... I would appear to get paid more than most US programmers.
However, it is possible in the NT model to have apps "customize various aspects of [their] behavior" on a per-user basis. Under "winroot, Profiles, username, Application Data" progs can save settings that get merged into the registry (I think) when the user logs in. That being said, almost no windows apps take advantage, possibly for the sake of running on 95/8. As I check my system, only Microsoft, Rational, and MKS put anything there, and I have the whole world installed.
Try looking under HKEY_CURRENT_USER\ for the user-specific section of the registry. User-specific data storage is a different (and much newer) mechanism, so it hasn't garnered much 3rd party support yet.
are you deliberately lying, or does your ISP put you behind a transparent proxy without telling you? when I send a "HEAD / HTTP/1.0" to slashdot.org, with a single CRLF, it just sits there waiting, and times out (closes the connection w/o reply) after 25 seconds or so. I sure don't see it responding after the first CRLF pair.
Well, I'm telnetting in over port 80, and no, there's no transparent proxy.
Actually, checking into this further, I find:
1) Slashdot's behavior is indeed as you state. I had it set to send ^M^J on ^M instead of just to pass straight through.
2) Hotmail's behavior is the same.
Both are scanning for LF characters (as they should). Maybe people have their termcaps sent to send unix newline (LF) instead of CR.
After reading through this thread, it has become obvious that you are one of those people who can't see when they are wrong. How does it feel to be an idiot who thinks they know something? I pity your arrogance.
(I shouldn't even be posting this, since I believe that you're actually a subtler variety of troll, since you have claimed that hotmail does -not- exhibit erroneous behaviour, and then that the erroneous behaviour isn't erroneous, and tried to claim that the erroneous behaviour is because the request is for HTTP/1.0 even though multiple people have stated that the experiment returns the same results when requesting HTTP/1.1, -and- it's a trivial experiment to carry out for anyone with telnet or netcat on their system, and yet you still seem to have failed to do so and get the same results that every other poster has gotten. Thus, I conclude, you are only being argumentative and are -deliberately- leading this conversation astray.)
Oh, believe whatever the hell you want to believe. It doesn't really matter one iota anyway. The people who really care will read the specs (1945, 2145, 2616) and know what I'm talking about. And they'll disagree with me (or not). And if necessary, that means that the spec needs to be clarified.
But when it comes down to it, the people who will go to that length won't care what's written on Slashdot.
Aside from that, the response claims HTTP/1.1, so it is governed by RFC 2616, not RFC 1945.
Actually, the HEAD command states HTTP/1.0 -- the response status code is governed by an entirely different mechanism:
Your reading of the BNF in the RFC is incorrect. I do see two CRLFs, because TWO are required. The definition of Status-Line REQUIRES a CRLF, and the definition of Full-Response REQUIRES both a Status-Line and another CRLF.
If you're still with me, 1 CRLF + 1 CRLF = 2 CRLFs. Have a nice day.
Aside from that, the response claims HTTP/1.1, so it is governed by RFC 2616, not RFC 1945.
An HTTP server SHOULD send a response version equal to the highest
version for which the server is at least conditionally compliant, and
whose major version is less than or equal to the one received in the
request. An HTTP server MUST NOT send a version for which it is not
at least conditionally compliant. A server MAY send a 505 (HTTP
Version Not Supported) response if cannot send a response using the
major version used in the client's request.
An HTTP server MAY send a lower response version, if it is known or
suspected that the client incorrectly implements the HTTP
specification, but this should not be the default, and this SHOULD
NOT be done if the request version is HTTP/1.1 or greater.
The format of the response is for HTTP/1.0 -- governed by the HEAD command's requested version number. The version of the response is HTTP/1.1, indicating the version of the server. This is all perfectly valid until HTTP/1.2 comes out.
How could I have forgotten to point out that your interpretation of the request BNF is ALSO wrong. A HEAD request cannot be a Simple-Request, it is a Full-Request. The Full request contains a Request-Line and a CRLF, at least. The Request-Line also contains a CRLF, so again the request MUST have two CRLF, and the server MUST wait for both CRLF before responding.
Whoever taught you to read BNF should be ashamed.
From RFC 1945:
8.2 HEAD
The HEAD method is identical to GET except that the server must not return any Entity-Body in the response. The metainformation contained in the HTTP headers in response to a HEAD request should be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the resource identified by the Request-URI without transferring the Entity-Body itself. This method is often used for testing hypertext links for validity, accessibility, and recent modification.
So... that's NO entity body.
From RFC 2068:
9.4 HEAD
The HEAD method is identical to GET except that the server MUST NOT
return a message-body in the response. The metainformation contained
in the HTTP headers in response to a HEAD request SHOULD be identical
to the information sent in response to a GET request. This method can
be used for obtaining metainformation about the entity implied by the
request without transferring the entity-body itself. This method is
often used for testing hypertext links for validity, accessibility,
and recent modification.
And that's NO message-body.
... and from RFC2068:
Note: certain buggy HTTP/1.0 client implementations generate an extra CRLF's after a POST request. To restate what is explicitly forbidden by the BNF, an HTTP/1.1 client must not preface or follow a request with an extra CRLF.
Less of the insults. More study. There's a good chap.
If you want to continue this debate, please post references to the exact part of the spec that you think claims that it requires CRLFCRLF after a request.
First of all, despite the respect I have for Infoworld, you have t oadmit that "Robert X. Cringely" is a gossip columnist, not a "serious" journalist like Nick Petreley or the Security Column guys.
*ROTFLS* that's a good one! Nick Petreley a serious journalist!!!! ***guffaws***
It's not surprising at all that MS isn't using Win2K internally yet. When Linux 2.4 kernel reaches a release state, I would be pretty shocked if Red Hat started using 2.4 internally for everything too. Anyone who trusts brand new software for production systems, probably deserves to be fired. That goes for Microsoft or anyone else.
Microsoft was using Win2k in selected parts of the company in May 1998; and in January 1999, they rolled it out to EVERYONE. You had to move to it -- you had no choice.
Note; that's EVERYONE. All primary-use machines were converted (ie. all those except ones running images of other OSes for test purposes).
Oh, and by the way, there is a 5 second timeout before it sends the redirect request. He didn't enter CRLF after his HEAD / HTTP/1.1 request, because it had timed out, and was sending the redirect.
From the RFC1945 specification:
"9.3 Redirection 3xx
This class of status code indicates that further action needs to be taken by the user agent in order to fulfill the request. The action required may be carried out by the user agent without interaction with the user if and only if the method used in the subsequent request is GET or HEAD. A user agent should never automatically redirect a request more than 5 times, since such redirections usually indicate an infinite loop. "
you're wrong about (1) and (2); www.hotmail.com does indeed have these bugs. I've checked with socket(1) (an older netcat-equivalent program), and ran strace on it just to make sure. here's the relevant strace output: notice how the server responds after the first \r\n from the client (when it's supposed to wait for \r\n\r\n, which signals the end of the HTTP headers), and how it only includes one \r\n at the end of its response, when it's supposed to include two (again, to signal the end of the http headers). www.hotmail.com right now (29Aug00, 1pm EST) is totally screwing up the http protocol.
From RFC1945:
"Simple-Request and Simple-Response do not allow the use of any header information and are limited to a single request method (GET).
Simple-Request = "GET" SP Request-URI CRLF
Simple-Response = [ Entity-Body ]"
HTTP/1.0 does NOT require the server to wait for two CRLF's before sending a response. Try the same thing on Slashdot -- or try reading the RFC1945 documentation on HTTP/1.0.
Also, HTTP/1.0 does NOT require the server to send two CRLFs at the end of a transmission: the format is:
Oh, and (3) is right too: if I send "HTTP/1.1" instead of "HTTP/1.0" it does exactly the same, pretends in its answer to be speaking HTTP/1.1, and still doesn't include the Connection: header.
Really? This is what I get:
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Tue, 29 Aug 2000 17:54:06 GMT
Connection: close
Content-Length: 3212
Content-Type: text/html
Connection to host lost.
And by the way, Connection: close is only required for HTTP/1.1 connections.
Yeah great. It is very instructive to note that the IIS 5.0 server running www.hotmail.com has three serious bugs in its HTTP implementation.
1: It send the response after the first \n in the request
2: It sends only one newline at the end of the response.
3: It does not send 'Connection: close' when it closes the connection. For almost a month, these bugs prevented Mozilla users from going to http://www.hotmail.com/. Nice product, Bill!
Well, I just confirmed that (1) is blatantly false (it requires ^M^J like anything else -- maybe your telnet/termcap settings are fscked?)
(2) is also false. It sends two.
(3) is not part of the HTTP 1.0 spec -- which you asked for in your HEAD command. It's part of HTTP/1.1 ONLY.
So basically... you're blaming Microsoft for crap HTTP/1.1 / HTTP/1.0 compliance in Mozilla. NICE.
Slashdot Mirror
Real Change has some interesting dirt on all of the candidates -- here's what they have on Nader:
Authoritarian hypocrite, secret luxury house, owned by the trial lawyers' lobby, just another politician, busted a union among his workers, abuses workers, amassing millions of dollars and playing the stock market with it, secrecy and stonewalling, vindictive toward critics, forced contributions to his college PIRG groups.
Ralph Nader's Skeleton Closet
Si
(2) LinuxToday did not ask the readers to rig the poll, just to go and vote.
Which in and of itself, rigs the poll.
The poll was meant for MSNBC readers; it wasn't meant for Linux Today to send lots of people who didn't regularly read MSNBC to tip the balance.
Announcing the poll skews the results. It's meant to be a poll of their *regular readership*.
Not that it matters anyway.
Si
LinuxToday got wind of an e-mail that went out to WinME beta testers that encouraged them to rig a poll at ZDnet regarding whether people would buy WinME
Really? Well, I'm a WinME beta tester, and received no such email. Stop spreading FUD.
Simon
Give me Linux or give me death!
So is Death one of those newfangled embedded operating systems?
Simon
It's nice to see that 3rd parties can contribute greatly towards the MS platform just to have them poke out and claim that something they did is the first time it has ever been done on their OS.
And where exactly do they claim that? I didn't see it in the page that was linked to.
Simon
The Email Bounce File System (EBFS)
It works like this: You break data up into 100k packets and send them to integrity@microsoft.com. You then have a program waiting for the bounces which picks them up when they come back (the bounced packets) and sends immediately sends them on again. Sure - the latency isn't wonderful, but it's infinitete bandwidth! And it even supports Raid-5.
Nice idea... but Microsoft doesn't bounce mail; if the email address doesn't exist, it just gets swallowed.
Simon
1982 - Digital Research sues Microsoft and IBM - DR wins. It was obvious MS-DOS and its PC-DOS variant were simply rip- offs of Digital Research's CP/M operating system. It remained only to prove it contained DR code. DR's Gary Kildall sat down at an IBM PC supplied by IBM and, using a secret code, got it to pop up a Digital Research copyright notice.
It's case won, Digital Research received monetary compensation and the right to clone MS-DOS. This is why Microsoft never sued DR over DR-DOS, but used every other means to destroy it. The settlement was under a strict non- disclosure agreement, so few even know DR sued, never mind that they won.
Where's the references to court cases? Or any kind of source info? Because I've never heard that story before, and without that info, it's impossible to verify this.
What was that "secret code"?
Simon
This is such a crock! I'm sure companies will go through the whole process of H-1B AND pay them the same rate as a US programmer instead of hiring a US programmer. Because we all know that companies don't care about labor costs. (bzzzz, wrong answer)
Hmmmm.... (checks salary)... (checks visa stamp in passport)... (checks bonuses)... (checks 1040 form)... I would appear to get paid more than most US programmers.
Guess they don't care.
Simon
However, it is possible in the NT model to have apps "customize various aspects of [their] behavior" on a per-user basis. Under "winroot, Profiles, username, Application Data" progs can save settings that get merged into the registry (I think) when the user logs in. That being said, almost no windows apps take advantage, possibly for the sake of running on 95/8. As I check my system, only Microsoft, Rational, and MKS put anything there, and I have the whole world installed.
Try looking under HKEY_CURRENT_USER\ for the user-specific section of the registry. User-specific data storage is a different (and much newer) mechanism, so it hasn't garnered much 3rd party support yet.
Simon
are you deliberately lying, or does your ISP put you behind a transparent proxy without telling you? when I send a "HEAD / HTTP/1.0" to slashdot.org, with a single CRLF, it just sits there waiting, and times out (closes the connection w/o reply) after 25 seconds or so. I sure don't see it responding after the first CRLF pair.
Well, I'm telnetting in over port 80, and no, there's no transparent proxy.
Actually, checking into this further, I find:
1) Slashdot's behavior is indeed as you state. I had it set to send ^M^J on ^M instead of just to pass straight through.
2) Hotmail's behavior is the same.
Both are scanning for LF characters (as they should). Maybe people have their termcaps sent to send unix newline (LF) instead of CR.
Simon
After reading through this thread, it has become obvious that you are one of those people who can't see when they are wrong. How does it feel to be an idiot who thinks they know something? I pity your arrogance.
And I pity your cowardice.
Simon
(I shouldn't even be posting this, since I believe that you're actually a subtler variety of troll, since you have claimed that hotmail does -not- exhibit erroneous behaviour, and then that the erroneous behaviour isn't erroneous, and tried to claim that the erroneous behaviour is because the request is for HTTP/1.0 even though multiple people have stated that the experiment returns the same results when requesting HTTP/1.1, -and- it's a trivial experiment to carry out for anyone with telnet or netcat on their system, and yet you still seem to have failed to do so and get the same results that every other poster has gotten. Thus, I conclude, you are only being argumentative and are -deliberately- leading this conversation astray.)
Oh, believe whatever the hell you want to believe. It doesn't really matter one iota anyway. The people who really care will read the specs (1945, 2145, 2616) and know what I'm talking about. And they'll disagree with me (or not). And if necessary, that means that the spec needs to be clarified.
But when it comes down to it, the people who will go to that length won't care what's written on Slashdot.
So surmise and analyze all you like.
Simon
Got a URL for that one? I've been trying to work out exactly where I can get hold of a copy.
Simon
Hmmm... well in that case, Apache's buggered too, because it responds on the first CRLF pair.
telnet www.slashdot.org 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 29 Aug 2000 19:35:36 GMT
Server: Apache/1.3.12 (Unix) mod_perl/1.24
Connection: close
Content-Type: text/html
Connection to host lost.
That's RFC 2145 by the way.
Simon
Actually, the HEAD command states HTTP/1.0 -- the response status code is governed by an entirely different mechanism:
Whoever taught you to read BNF should be ashamed.
From RFC 1945:
So... that's NO entity body.
From RFC 2068:
And that's NO message-body.
... and from RFC2068:
Less of the insults. More study. There's a good chap.
If you want to continue this debate, please post references to the exact part of the spec that you think claims that it requires CRLFCRLF after a request.
Simon
First of all, despite the respect I have for Infoworld, you have t oadmit that "Robert X. Cringely" is a gossip columnist, not a "serious" journalist like Nick Petreley or the Security Column guys.
*ROTFLS* that's a good one! Nick Petreley a serious journalist!!!! ***guffaws***
It's not surprising at all that MS isn't using Win2K internally yet. When Linux 2.4 kernel reaches a release state, I would be pretty shocked if Red Hat started using 2.4 internally for everything too. Anyone who trusts brand new software for production systems, probably deserves to be fired. That goes for Microsoft or anyone else.
Microsoft was using Win2k in selected parts of the company in May 1998; and in January 1999, they rolled it out to EVERYONE. You had to move to it -- you had no choice.
Note; that's EVERYONE. All primary-use machines were converted (ie. all those except ones running images of other OSes for test purposes).
So, it's FUD.
Simon
Oh, and by the way, there is a 5 second timeout before it sends the redirect request. He didn't enter CRLF after his HEAD / HTTP/1.1 request, because it had timed out, and was sending the redirect.
From the RFC1945 specification:
"9.3 Redirection 3xx
This class of status code indicates that further action needs to be taken by the user agent in order to fulfill the request. The action required may be carried out by the user agent without interaction with the user if and only if the method used in the subsequent request is GET or HEAD. A user agent should never automatically redirect a request more than 5 times, since such redirections usually indicate an infinite loop. "
I direct your attention to the words of Dean Gaudet, long-time Apache developer and HTTP expert
And I direct your attention to RFC1945, which is the final word.
Simon
I know for a fact that hotmail uses only FreeBSD.
Not any more -- check Netcraft. They're now 100% IIS/Win2k on the web-end.
Simon
you're wrong about (1) and (2); www.hotmail.com does indeed have these bugs. I've checked with socket(1) (an older netcat-equivalent program), and ran strace on it just to make sure. here's the relevant strace output:
notice how the server responds after the first \r\n from the client (when it's supposed to wait for \r\n\r\n, which signals the end of the HTTP headers), and how it only includes one \r\n at the end of its response, when it's supposed to include two (again, to signal the end of the http headers). www.hotmail.com right now (29Aug00, 1pm EST) is totally screwing up the http protocol.
From RFC1945:
"Simple-Request and Simple-Response do not allow the use of any header information and are limited to a single request method (GET).
Simple-Request = "GET" SP Request-URI CRLF
Simple-Response = [ Entity-Body ]"
HTTP/1.0 does NOT require the server to wait for two CRLF's before sending a response. Try the same thing on Slashdot -- or try reading the RFC1945 documentation on HTTP/1.0.
Also, HTTP/1.0 does NOT require the server to send two CRLFs at the end of a transmission: the format is:
Full-Response = Status-Line
*( General-Header ; Section 4.3
| Response-Header ; Section 6.2
| Entity-Header ) ; Section 7.1
CRLF
[ Entity-Body ] ; Section 7.2
---
Do you see two CRLF characters there? No.
Oh, and (3) is right too: if I send "HTTP/1.1" instead of "HTTP/1.0" it does exactly the same, pretends in its answer to be speaking HTTP/1.1, and still doesn't include the Connection: header.
Really? This is what I get:
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Tue, 29 Aug 2000 17:54:06 GMT
Connection: close
Content-Length: 3212
Content-Type: text/html
Connection to host lost.
And by the way, Connection: close is only required for HTTP/1.1 connections.
Simon
Next time think before opening your mouth and showing the entirety of slashdot what a moron you are.
You're the moron. Come back when you've read RFC 1945.
http://www.ics.uci.edu/pub/iet f/http/rfc1945.html#Request
Yeah great. It is very instructive to note that the IIS 5.0 server running www.hotmail.com has three serious bugs in its HTTP implementation.
1: It send the response after the first \n in the request
2: It sends only one newline at the end of the response.
3: It does not send 'Connection: close' when it closes the connection.
For almost a month, these bugs prevented Mozilla users from going to http://www.hotmail.com/. Nice product, Bill!
Well, I just confirmed that (1) is blatantly false (it requires ^M^J like anything else -- maybe your telnet/termcap settings are fscked?)
(2) is also false. It sends two.
(3) is not part of the HTTP 1.0 spec -- which you asked for in your HEAD command. It's part of HTTP/1.1 ONLY.
So basically... you're blaming Microsoft for crap HTTP/1.1 / HTTP/1.0 compliance in Mozilla. NICE.
Simon