Of course you should try to learn how to write the most secure code possible...
This sounds nice, but there's a serious problem: There is a widespread attitude in the security community that the details of security holes should be kept secret from programmers. They're worried about those evil hackers exploiting the holes, and there is reason to worry. But when they keep such things secret, the major effect is to keep programmers ignorant of how they might be making mistakes.
If you combine this "keep the programmers ignorant of the details" practice with the widespread "don't bother the readers with nerdy stuff that'll be over their heads", the result is the security disaster we now have in some parts of the industry.
As a programmer, I'd like to learn how to write the most secure code possible. But when I try to read about it, I usually find myself reading text that is frustratingly vague on exactly how something might go wrong. If I could learn the details, I could usually write (meta-)code that would check my own code for those problems. But I can't do that if all I have is a vague "don't do things wrong" sort of statement.
So, yes, sloppy programming is part of the problem. But keeping your programmers ignorant is also a major part of the problem. Don't feed us vague, feel-good commands to write secure code. Tell us exactly how things have been screwed up in the past. Then maybe we can figure out how not to do it again in the future.
Yeah, and not only that, but you get [BUFFERING] when you play something for the 2nd or Nth time. Most other players work by downloading the file to disk and playing from that asynchronously. That way, if the download is too slow to watch, you can background the thing, and when it finishes, you can start it from the beginning and it'll be fast. But Real Player downloads it again every time, giving you those slowdowns over and over.
They probably do this to prevent you from finding the disk copy and saving it somewhere. And so they can take it away from you when they want by just removing it from their server. It's a good example of how paranoia over "IP rights" can lead to a crummy product.
I wonder if the "open" version will improve the product by running off a disk copy?
... is that it would be useful to find a good, compact case for carrying batteries. I often carry 2 or 4 spare charged AA batteries in a pocket, and on several occasions I've found myself with a pocket full of very hot batteries. They seem to be able to move themselves into a configuration that results in a discharge. Aside from the annoyance, this doesn't seem very safe.
I do have a couple of large bags that have a set of straps for batteries. But that means carrying a huge bag just to transport a few batteries. What would be nice would be a cheap plastic box just big enough to hold four AAs and protect their contacts. I've been on the lookout, but I haven't seen this for sale anywhere.
I wonder if there's a Tupperware container of the right size?;-)
Hmmm... I did RTFM. I was specifically looking for mentions of non-MS software and didn't see that line.
I wonder if it was added after they read some of the responses? Maybe their editor caught it and suggested correcting the omission. Or maybe my non-MS browser suppressed it? Paranoid theories abound...
One of the good-news/bad-news things about online "news" is that it can be edited after release. We see that here sometimes on/., ranging from correcting typos to adding later news to actual rewrites. If this actually adds information, it can be useful.
One of the other things that struck me is that a lot of the discussion here dealt with browsers, but the actual story was about IIS. Oh well; most of the comments were a meta-discussion about such problems with software in general, so I suppose it's not a big deal.
Of course, part of the reason for the recent fuss over the validity of fingerprint identification was the revelation that, historically, it seems that all the "evidence" has come from the companies that market fingerprinting equipment. There apparently never has been anything remotely resembling a scientific study of the accuracy of fingerprinting.
One funny thing I keep noticing in the fuss is the repeated insistence of the uniqueness of fingerprints. It's not just that this has never been verified. The zinger here is that, if you pick up just about any book on the specifics of fingerprinting, they'll usually start right off giving examples of fingerprints that are either (a) indistinguishable, or (b) widely duplicated in the population. These are really two ways of saying the same thing, of course. (The prints in question are primarily those that lack "points"; i.e., they have no intersections of lines.)
So the fingerprint textbook writers know of lots of duplicate/indistinguishable fingerprints, while the PR people keep trying to reassure us keep insisting that all fingerprints are unique.
And just WHY should CNN, or any other news service, "push" one product over another? What possible interest could they have?
There's a difference between "mention" and "push".
The CNN article in question mentions IIS, though they don't push it in any obvious sense.
However, they also don't mention any alternatives, or even the fact that they exist. Thus your typical reader who believes that MS is the only supplier of software will finish the article still believing that MS is the only supplier. There was no mention of any alternative. There was no suggestion that a possible solution is to switch to alternative software.
This is, of course, a subtle form of "push". You don't outright say that X is good and Y and Z are crap. You just talk only about X, and don't mention the existence of Y or Z at all. In particular, you don't mention that Y and Z don't have the current problem that X has.
The media is in general good at this sort of "push". It's why most people think that there are no alternatives to Microsoft. Stories like this talk about a new virus or worm affecting "computers", and never mention that only MS computers are affected. This way people don't get the subversive idea that they could avoid the problem by switching to an alternative.
What I have always done is download Firefox, change the icon to the blue E, and rename the shortcut "Internet Explorer". I then tell them, "It's the new version of Internet Explorer, called Mozilla."
I notice that there are already a number of replies saying or implying that there's something dishonest (and possibly illegal) about this. However, IE itself has done the same thing for years. A few seconds ago, the server log on my main web site showed an access from a browser that identified itself with the ID string:
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;.NET CLR 1.1.4322)"
That's right, IE 6.0 identifies itself as "Mozilla/4.0". IE has pretty much always done this. Anyone that deals with server-log data is very familiar with the fact that to figure out the real browser, you have to look at the rest of the string.
So it's unlikely that Microsoft will challenge anyone who installs Firefox with an ID string saying that it's IE. They would be just opening themselves up to an obvious fraud charge, and the evidence is in everyone's server logs (and in the text strings inside the IE binaries).
Heh. Funny, yes, but with a good deal of history behind it.
Note that the OSI protocols were once touted as an improvement over IP, and we were supposed to switch over in the near future. It never happened, despite the fact that OSI was as open as IP. (It may or may not have been better; we'll really never know.)
One of the major reasons was that, to get the detailed specs for OSI, you had to pay out several hundred dollars, and you got a printed copy. The Internet gang provided all their RFCs free on the Internet, and you got a file instead of hard copy.
This was often a big deal for programmers. If you wanted to know the details of an OSI protocol, and you didn't have a (printed) copy handy, you had to go through purchasing to order a copy. It could take weeks to get the information you needed. And then you'd have to type parts of it by hand into your computer. Meanwhile, you could download the RFC for the IP equivalent, and you'd get it in machine-readable form. You could be programming in minutes, and you'd often have your code running by the end of the day.
If you look at MS's "shared source", you see that to access anything you need to go through a similar process of registration, including signing what amounts to an NDA. This is a similar hassle, and even if it didn't have the implied legal threats, it would still lose. With true open source, all I have to do is download the software. This saves me a lot of time. And if I have questions, I'm not restricted to asking in an official forum (that requires registration). I can ask in any online forum that seems likely to give answers. This also saves me a lot of time.
Software development is mostly expensive because of all the time it takes to get the information you need. A big part of debugging is discovering that the things you're working with don't work like you expected, and you have to discover how they actually do work. Ideology and religion aside, speedy access to specs and code is the major reason that open source works so well.
Microsoft hasn't gotten anywhere near this, any more that OSI has.
Well, "United Statsian" isn't a very good term, because someone might think you're a citizen of the United States of Brazil or one of the other countries that uses "United States" (in their own language, of course) as part of the country's name.
"American" is better because there's only one country with that word in its name.
Yeah; Finlandia is one of my favorites. The Finns did pick up a few good things from their century of Russian domination. Now they make better vodka than the Russians. As with phones, their main competition comes from Sweden.
Have any Russians built an OS? Sound like something with potential for a lot of geek jokes...
Hmmm... That was pretty bad. Maybe Mr. Hart should just stick to his humor. Of course, B.C. varies from hilarious to weak groaners, but this is to be expected, since no comic writer is always totally on. That one was just embarrassing.
Oh, yeah; you're right; it was the Wizard. Shows I should double-check my sources before submitting such important notes.
I guess my confusion is that they both have this fun way of infringing on religious topics in a way that the religious folks really can't criticise without sounding like idiots.
I haven't seen either much lately. I wonder if they're online? Probably google knows...
How is that any more or less valid than any other religious belief?
One big difference might be that, unlike most other religious artifacts, ESR can probably not only show you his flute; he can also prove that it is in fact a flute. And he can likely demonstrate its power over people by picking it up and playing it.
One of my favorite cartoons in my collection is a very old B.C. strip, in which Rodney tells the king that there's a fellow out in the square with a flute who says he'll get rid of all our rats for $500.
The king says to tell him that we don't have any rats.
If RMS has to clarify this in a speech he's giving about something not directly related to the topic at hand, it's reasonable to assume that at least a few people were confused about the term.
Well, I've found it useful to reply to this confusion by saying that both senses of "free" apply to linux (and the GNU software used with linux, and other "free" software).
In particular, it's useful to tell people that, while they can in fact download all this "free software" over the Net without paying anyone, there are good reasons that they might want to fork over some money. If they want to become an expert at the arcane job of compiling, configuring, and otherwise installing software, they they certainly do want to download it all for free, and they can. If they just want to install it an use it, they should look at the vendors like RedHat, Suse, Debian, etc. who make some nice packages that are easy to install. It's nice to have it on CDs; it's nice to have a fat book sitting next to the computer; those things will cost a bit. And if you're at a company, you might want a support contract, which will also cost a bit more.
But, yes, you can get it all for free. Or you can save some time by spending some money and paying someone else to do part of the job.
Most people understand this, and think it's all reasonable.
Then you hit them with the other meaning of "free", in terms they might relate to. For example, they have the right to run the software on any machine; they don't have to pay extra for each machine. They can legally give a copy to a friend without worrying about a vendor's laywer dragging them into court. They can legally publish criticisms of the software without violating the fine print in a EULA. These are all "free as in freedom", and might be worth a lot to them.
Many people don't quite get these points at first, but they ask questions. When you point out that you usually can't legally do these things with Microsoft or other commercial software, you can see them getting nervous.
Most people don't understand that such things are problems. And they don't realize that not everyone will try to impose such restrictions on how they use their own computers. But many people can be educated.
... they now consider independence from MS as an end in itself.
This isn't all that new a phenomenon. For some years, I've found that a simple way of ending most discussions of the subject with non-Americans (and some Americans;-) is to ask "Do you want your data and communications controlled by a giant American corporation that doesn't have your interests at heart?" This cuts right to the heart of the matter, and often produces a quick change of topic.
Also, for much of the past couple years, I've been working on a project that amounts to getting a big European corporation (it doesn't much matter which one) from under the thumb of IBM. Several years ago, their management realized that their corporate data was in fact controlled by IBM, and they couldn't access it without IBM's cooperation. My job has amounted to "data raiding", extracting the data from their old computers by any means necessary and stuffing it into a flock of little linux (RedHat) boxes scattered around the Net. There has been much obstructionism in this task from IBM, whose people have been ordered to give us as little information about data formats as possible, consistent with their contracts of course. But they're losing the battle, because for their system to work at all, most of the data has to be exposed to the company and its customers at some point, and that's where we can intercept it and cache the information somewhere else. Thus, most customer information can be found by merely sending us a copy of the billing print files.
Much of our "sales" guys' argument is that we can't do to them what IBM did over the years. They have access to all the source, all the way down to the bottom. If they decide they don't like us, they can simply walk away from us, and they won't lose anything (except some capable consultants;-).
One irony is that we've advised them a couple of times that IBM's linux workstations would in fact be very good machines for their purposes. But we also emphasize that ease of migration is important, and they should always be on the lookout for new suppliers.
You might think that there's another irony in the fact that this approach is being used by a group that is mostly Americans. But it's no irony at all, because many Americans are just as worried about IBM and Microsoft power. Any corporation with that much control over our information is a serious threat to society, regardless of where the borders may be drawn.
I just like to say "giant American corporation" to non-Americans because it gets the idea across better. There is a widespread perception in much of the world that the leaders in America have a very arrogant and possessive attitude towards the rest of the world. Many people view MS and IBM as much more threatening than a "local" corporation, irrational as such an attitude may be. But you can use this to get across the idea that they really should look at approaches that free them from domination by any such giant power center.
This is appalling news.... Coffee should have caffeine!
Don't worry. The marketers will quickly come up with a coffee drink based on this new coffee, with caffeine added. Just as they have done with most soft drinks. Citrus fruit don't contain caffeine, but most commercial citrus drinks do.
is the doctor/ user of a medical monitor going to sue becuase their phone didn't work? If so then something is definitely wrong.
True, but irrelevant to my point. If the phone "just didn't work" for no apparent reason, then nobody will be liable. But there is a long history of distinguishing this situation from one in which someone is responsible. If a huge rock falls from the sky and hits your house, it's an "act of God". But if a helicopter flies over your house carring a large chunk of concrete, they lose control of it and drop it on your house, then you can easily sue the operator for damages.
Similarly, if you knowingly and intentionally block a cell-phone signal, then phone failures are no longer an "act of God", and there is someone who can be sued for consequences. The courts haven't much looked at this sort of case yet, mostly because such blocking hasn't been very easy. There's a good chance that courts will hear such cases soon. I wouldn't bet my money and freedom on the chance that they'd void all the legal precedents and decide that a person intentionally blocking such signals isn't responsible for the consequences. If you'd like to be the test case, go ahead. The rest of us will be interested in the outcome.
Note that just putting up a sign rarely absolves you of responsibility. You can put up a "no ambulances allowed" sign at the entrance to your property. But there are very few places where such a sign would have any legal standing, and I wouldn't suggest that you try to enforce such a sign. If you block the path of an ambulance, it doesn't much matter to any court what you may believe; you will be held responsible for the consequences.
The way I see it, if a cinema puts up a notice saying that cellphones are not allowed in the auditorium, then there's nothing wrong with them using technology to inforce it - it's no different than having the usher(s) kick people out that use them.
Well, that may be the way you see it, but that's not the way very many courts are going to see it.
Suppose there were a medical emergency in the theater, a doctor attempted to come to the person's aid, and the ushers kicked the doctor out. You can bet there would be a court case, and the theater would lose badly.
Similarly, such blocking may well end in many places the first time there's a medical emergency, a doctor is present who attempts to call for an ambulance, the call doesn't go through because of blocking, and the person dies.
This isn't a parallel with a cell-phone relay going down. The legal system may well consider that an "act of God", unless the prosecution can show the phone company was actually at fault. But if the building's owners have installed cell-phone blocking, that is not an act of God; it's an act of the building owners. Unlike God, they can be held responsible for their actions.
Yeah, we're all annoyed by people talking on cell phones. Many people are also very annoyed when they have to pull over to let an ambulance get by. No court is going to consider your annoyance relevant. If you block an ambulance and a person dies, you are in serious trouble. This could well be the legal situation with cell phones in the near future.
It may not even require a blocked phone call. We are now seeing wearable medical nonitoring gadgets that can automatically contact the hospital when measurements go out of bounds. These use cell-phone and/or wifi protocols for their data. A likely scenario is a medical emergency in a theater or restaurant, the person's monitor attempts to call the hospital, the connection fails, and the person silently dies. The inquest determines that the connection fails because it was blocked by equipment in the building, and that blocking was the primary purpose of the equipment. The owner of that equipment is charged with negligent homicide.
It'll be an interesting court case. And the outcome may be different in different jurisdictions. But it's coming soon.
Actually, medical and biological researchers don't so much compare a fetus to a cancer; a better metaphor is a parasite. One of the active areas of research is attempting to explain why a female mammal's immune system doesn't recognize the fetus as "foreign" and attack it the same way other parasites are attacked.
Of course, sometimes the mother's immune system does attack the fetus. The best-known example is "Rh disease", in which an Rh-negative mother's immune system recognizes a fetus's Rh-positive protein and produces antibodies.
But in general, we have a term for a mother's rejection of a fetus; it's called a "miscarriage". And the rejection is a lot like the rejection of a parasite. The interesting puzzle is what suppresses this reaction in a successful pregnancy. How does a fetus convince the mother's immune system that the fetus is "self"?
In another decade or so we may have the explanation.
Yeah; in fact, why don't we encourage them to incorporate DRM into IE, Outlook, and other software that is capable of downloading copyrighted material from the Net? It would seem to me that this is an obvious area where wholesale copyright infringement is going on, and they have a real chance to stop it.
After all, much of the stuff on the Web (including all the stuff here on slashdot) comes with a copyright notice. How many of us ever get written permission from the copyright holder before we copy their material to our disk and screen?
Of course, Microsoft seems to want to enforce "Digital Rights" when the copyright owner is demanding protection. So what we need is a few writers who are willing to make a fuss about all the IE users who are pirating their copyrighted material.
As the/. notice states, you all hold the copyright on anything you post here. Anyone want to volunteer to call this piracy to MS's attention, and demand that they incorporate DRM into IE so that their customers can't copy your IP without your permission?
This war does get a few pages in most American history texts. It's called the "War of 1812", though. The more-or-less conventional explanation is that the US government saw the UK, France and Spain involved in a war, figured that they wouldn't be able to spare troops to defend their North American colonies, and sent troops to places like Canada and Florida in an attempt to grab a bit more territory. Unfortunately for them, the British government decided that they could spare the troops.
It's also fairly common for historians to suggest that this was what persuaded France and Spain to sell some of their colonies to the US in the following decades. Better to get some money from the Americans now than lose the colonies in the next European war.
As far as I know, this is mostly conjecture and interpretation; the "smoking gun" docs don't seem to exist (and probably never did). But it's all fairly straightforward politics.
It is true that most Americans couldn't tell you a thing about the War of 1812 other than its name. One of the funnier bits of evidence was the general lack of ridicule some years back when Nixon told us that he didn't want to be the first president to lose a war. A few historians and other educated people called him on this, but the general population didn't much notice. To all but a few history buffs, the entire subject is supremely uninteresting.
One of my favorite conspiracy theories is that the schools knowingly try to instill the idea that history is boring. This is so that most of the population will never learn anything from history. They have been rather successful at this. But there's the contrary advice that one shouldn't attribute to malice that which may be explained by incompetence. Except for a few narrow subject areas (e.g. evolutionary biology;-), the schools' abysmal teaching of history is mostly due to incompetence (and underfunding) than anything else. Still, it's fun to argue the anti-history conspiracy theory.
Works fine, in my experience. It's not the only way to pass around state, but it's the simplest.
I have gotten frustrated by the need to wrap it in a <form>, though. It'd be handy if hidden variables would also get passed back with plain hyperlinks.
But I'd agree that HTML wasn't designed to be the programming language that a lot of people want. It was designed as text markup, after all. Trying to make HTML into a programming language is sorta like trying to make a bicycle carry heavy freight. Saying it's stupid isn't critticising the tool; it's criticising the people who insist on using the wrong tool for the job.
But there's a serious barrier to making web pages into programs. Nobody with a grain of sense will allow programs to be downloaded from random sites and run automatically. Until this changes, things that make HTML into code will simply be turned off by anyone with the slightest understanding of why we have problems with malware and adware.
... it's possible to get close to rich web apps using JavaScript, DHTML,...
Yes, obviously, but a simple experiment on my machine shows one very good reason this isn't happening. I have maybe a dozen windows open, and several have as many as 10 tabs showing closely-related pages.
I keep javascript and other scripting turned off for a very good reason. If I turn it on and refresh any of these windows, that browser's cpu usage rapidly goes to nearly 100%. Why? Simple answer: advertising.
Most of the actual web content makes little use of scripting. No point, usually, because I'm mostly displaying static docs. But the advertisers want my attention, and to get that, they use changing pictures. A changing widget requires cpu time. It doesn't take very many "active" ads to saturate the cpu.
But I'm trying to get work done, and I need my cpu. My only defense is to turn off scripting. And set the image processing to only do a single pass through a changing image. This isn't totally successful. The mozilla here is running at about 10% of the cpu when idle, even though I've turned off all the "active" things that I know about.
When someone comes up with a scripting technique that doesn't allow web pages to soak up my cpu, maybe I'll consider leaving it turned on. Maybe.
Of course, there are also security concerns. Anyone who leaves scripting turned on in IE is a fool (or is working on a "crash and burn" machine and doesn't care). Java and Javascript are materially safer from a security viewpoint, but they still have some serious risks. I have a demo page with a bit of Javascript that downloads an image to your machine without ever showing it to you. Depending on my mood, it may be a porn image, and anyone watching your Net usage will see that you downloaded porn. Depending on where you are, you could lose your job and/or land in jail as a result of downloading my web page with Javascript turned on.
But the cpu usage is the real story here. As far as I can tell, nobody is working on solving it. Unless I can trust the Web to not soak up all my cpu, I won't seriously consider allowing any cpu-using Web gimmicks to run.
Of course you should try to learn how to write the most secure code possible ...
This sounds nice, but there's a serious problem: There is a widespread attitude in the security community that the details of security holes should be kept secret from programmers. They're worried about those evil hackers exploiting the holes, and there is reason to worry. But when they keep such things secret, the major effect is to keep programmers ignorant of how they might be making mistakes.
If you combine this "keep the programmers ignorant of the details" practice with the widespread "don't bother the readers with nerdy stuff that'll be over their heads", the result is the security disaster we now have in some parts of the industry.
As a programmer, I'd like to learn how to write the most secure code possible. But when I try to read about it, I usually find myself reading text that is frustratingly vague on exactly how something might go wrong. If I could learn the details, I could usually write (meta-)code that would check my own code for those problems. But I can't do that if all I have is a vague "don't do things wrong" sort of statement.
So, yes, sloppy programming is part of the problem. But keeping your programmers ignorant is also a major part of the problem. Don't feed us vague, feel-good commands to write secure code. Tell us exactly how things have been screwed up in the past. Then maybe we can figure out how not to do it again in the future.
Yeah, and not only that, but you get [BUFFERING] when you play something for the 2nd or Nth time. Most other players work by downloading the file to disk and playing from that asynchronously. That way, if the download is too slow to watch, you can background the thing, and when it finishes, you can start it from the beginning and it'll be fast. But Real Player downloads it again every time, giving you those slowdowns over and over.
They probably do this to prevent you from finding the disk copy and saving it somewhere. And so they can take it away from you when they want by just removing it from their server. It's a good example of how paranoia over "IP rights" can lead to a crummy product.
I wonder if the "open" version will improve the product by running off a disk copy?
... is that it would be useful to find a good, compact case for carrying batteries. I often carry 2 or 4 spare charged AA batteries in a pocket, and on several occasions I've found myself with a pocket full of very hot batteries. They seem to be able to move themselves into a configuration that results in a discharge. Aside from the annoyance, this doesn't seem very safe.
;-)
I do have a couple of large bags that have a set of straps for batteries. But that means carrying a huge bag just to transport a few batteries. What would be nice would be a cheap plastic box just big enough to hold four AAs and protect their contacts. I've been on the lookout, but I haven't seen this for sale anywhere.
I wonder if there's a Tupperware container of the right size?
Hmmm ... I did RTFM. I was specifically looking for mentions of non-MS software and didn't see that line.
...
/., ranging from correcting typos to adding later news to actual rewrites. If this actually adds information, it can be useful.
I wonder if it was added after they read some of the responses? Maybe their editor caught it and suggested correcting the omission. Or maybe my non-MS browser suppressed it? Paranoid theories abound
One of the good-news/bad-news things about online "news" is that it can be edited after release. We see that here sometimes on
One of the other things that struck me is that a lot of the discussion here dealt with browsers, but the actual story was about IIS. Oh well; most of the comments were a meta-discussion about such problems with software in general, so I suppose it's not a big deal.
Of course, part of the reason for the recent fuss over the validity of fingerprint identification was the revelation that, historically, it seems that all the "evidence" has come from the companies that market fingerprinting equipment. There apparently never has been anything remotely resembling a scientific study of the accuracy of fingerprinting.
One funny thing I keep noticing in the fuss is the repeated insistence of the uniqueness of fingerprints. It's not just that this has never been verified. The zinger here is that, if you pick up just about any book on the specifics of fingerprinting, they'll usually start right off giving examples of fingerprints that are either (a) indistinguishable, or (b) widely duplicated in the population. These are really two ways of saying the same thing, of course. (The prints in question are primarily those that lack "points"; i.e., they have no intersections of lines.)
So the fingerprint textbook writers know of lots of duplicate/indistinguishable fingerprints, while the PR people keep trying to reassure us keep insisting that all fingerprints are unique.
Gives one a lot of confidence, doesn't it?
And just WHY should CNN, or any other news service, "push" one product over another? What possible interest could they have?
There's a difference between "mention" and "push".
The CNN article in question mentions IIS, though they don't push it in any obvious sense.
However, they also don't mention any alternatives, or even the fact that they exist. Thus your typical reader who believes that MS is the only supplier of software will finish the article still believing that MS is the only supplier. There was no mention of any alternative. There was no suggestion that a possible solution is to switch to alternative software.
This is, of course, a subtle form of "push". You don't outright say that X is good and Y and Z are crap. You just talk only about X, and don't mention the existence of Y or Z at all. In particular, you don't mention that Y and Z don't have the current problem that X has.
The media is in general good at this sort of "push". It's why most people think that there are no alternatives to Microsoft. Stories like this talk about a new virus or worm affecting "computers", and never mention that only MS computers are affected. This way people don't get the subversive idea that they could avoid the problem by switching to an alternative.
What I have always done is download Firefox, change the icon to the blue E, and rename the shortcut "Internet Explorer". I then tell them, "It's the new version of Internet Explorer, called Mozilla."
.NET CLR 1.1.4322)"
I notice that there are already a number of replies saying or implying that there's something dishonest (and possibly illegal) about this. However, IE itself has done the same thing for years. A few seconds ago, the server log on my main web site showed an access from a browser that identified itself with the ID string:
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
That's right, IE 6.0 identifies itself as "Mozilla/4.0". IE has pretty much always done this. Anyone that deals with server-log data is very familiar with the fact that to figure out the real browser, you have to look at the rest of the string.
So it's unlikely that Microsoft will challenge anyone who installs Firefox with an ID string saying that it's IE. They would be just opening themselves up to an obvious fraud charge, and the evidence is in everyone's server logs (and in the text strings inside the IE binaries).
Heh. Funny, yes, but with a good deal of history behind it.
Note that the OSI protocols were once touted as an improvement over IP, and we were supposed to switch over in the near future. It never happened, despite the fact that OSI was as open as IP. (It may or may not have been better; we'll really never know.)
One of the major reasons was that, to get the detailed specs for OSI, you had to pay out several hundred dollars, and you got a printed copy. The Internet gang provided all their RFCs free on the Internet, and you got a file instead of hard copy.
This was often a big deal for programmers. If you wanted to know the details of an OSI protocol, and you didn't have a (printed) copy handy, you had to go through purchasing to order a copy. It could take weeks to get the information you needed. And then you'd have to type parts of it by hand into your computer. Meanwhile, you could download the RFC for the IP equivalent, and you'd get it in machine-readable form. You could be programming in minutes, and you'd often have your code running by the end of the day.
If you look at MS's "shared source", you see that to access anything you need to go through a similar process of registration, including signing what amounts to an NDA. This is a similar hassle, and even if it didn't have the implied legal threats, it would still lose. With true open source, all I have to do is download the software. This saves me a lot of time. And if I have questions, I'm not restricted to asking in an official forum (that requires registration). I can ask in any online forum that seems likely to give answers. This also saves me a lot of time.
Software development is mostly expensive because of all the time it takes to get the information you need. A big part of debugging is discovering that the things you're working with don't work like you expected, and you have to discover how they actually do work. Ideology and religion aside, speedy access to specs and code is the major reason that open source works so well.
Microsoft hasn't gotten anywhere near this, any more that OSI has.
Well, "United Statsian" isn't a very good term, because someone might think you're a citizen of the United States of Brazil or one of the other countries that uses "United States" (in their own language, of course) as part of the country's name.
"American" is better because there's only one country with that word in its name.
People have funny ideas about language sometime.
Free vodka for all!
...
Yeah; Finlandia is one of my favorites. The Finns did pick up a few good things from their century of Russian domination. Now they make better vodka than the Russians. As with phones, their main competition comes from Sweden.
Have any Russians built an OS? Sound like something with potential for a lot of geek jokes
Hmmm ... That was pretty bad. Maybe Mr. Hart should just stick to his humor. Of course, B.C. varies from hilarious to weak groaners, but this is to be expected, since no comic writer is always totally on. That one was just embarrassing.
Oh, yeah; you're right; it was the Wizard. Shows I should double-check my sources before submitting such important notes.
...
I guess my confusion is that they both have this fun way of infringing on religious topics in a way that the religious folks really can't criticise without sounding like idiots.
I haven't seen either much lately. I wonder if they're online? Probably google knows
How is that any more or less valid than any other religious belief?
One big difference might be that, unlike most other religious artifacts, ESR can probably not only show you his flute; he can also prove that it is in fact a flute. And he can likely demonstrate its power over people by picking it up and playing it.
One of my favorite cartoons in my collection is a very old B.C. strip, in which Rodney tells the king that there's a fellow out in the square with a flute who says he'll get rid of all our rats for $500.
The king says to tell him that we don't have any rats.
Rodney says "We will if he stops playing."
If RMS has to clarify this in a speech he's giving about something not directly related to the topic at hand, it's reasonable to assume that at least a few people were confused about the term.
Well, I've found it useful to reply to this confusion by saying that both senses of "free" apply to linux (and the GNU software used with linux, and other "free" software).
In particular, it's useful to tell people that, while they can in fact download all this "free software" over the Net without paying anyone, there are good reasons that they might want to fork over some money. If they want to become an expert at the arcane job of compiling, configuring, and otherwise installing software, they they certainly do want to download it all for free, and they can. If they just want to install it an use it, they should look at the vendors like RedHat, Suse, Debian, etc. who make some nice packages that are easy to install. It's nice to have it on CDs; it's nice to have a fat book sitting next to the computer; those things will cost a bit. And if you're at a company, you might want a support contract, which will also cost a bit more.
But, yes, you can get it all for free. Or you can save some time by spending some money and paying someone else to do part of the job.
Most people understand this, and think it's all reasonable.
Then you hit them with the other meaning of "free", in terms they might relate to. For example, they have the right to run the software on any machine; they don't have to pay extra for each machine. They can legally give a copy to a friend without worrying about a vendor's laywer dragging them into court. They can legally publish criticisms of the software without violating the fine print in a EULA. These are all "free as in freedom", and might be worth a lot to them.
Many people don't quite get these points at first, but they ask questions. When you point out that you usually can't legally do these things with Microsoft or other commercial software, you can see them getting nervous.
Most people don't understand that such things are problems. And they don't realize that not everyone will try to impose such restrictions on how they use their own computers. But many people can be educated.
... they now consider independence from MS as an end in itself.
;-) is to ask "Do you want your data and communications controlled by a giant American corporation that doesn't have your interests at heart?" This cuts right to the heart of the matter, and often produces a quick change of topic.
;-).
This isn't all that new a phenomenon. For some years, I've found that a simple way of ending most discussions of the subject with non-Americans (and some Americans
Also, for much of the past couple years, I've been working on a project that amounts to getting a big European corporation (it doesn't much matter which one) from under the thumb of IBM. Several years ago, their management realized that their corporate data was in fact controlled by IBM, and they couldn't access it without IBM's cooperation. My job has amounted to "data raiding", extracting the data from their old computers by any means necessary and stuffing it into a flock of little linux (RedHat) boxes scattered around the Net. There has been much obstructionism in this task from IBM, whose people have been ordered to give us as little information about data formats as possible, consistent with their contracts of course. But they're losing the battle, because for their system to work at all, most of the data has to be exposed to the company and its customers at some point, and that's where we can intercept it and cache the information somewhere else. Thus, most customer information can be found by merely sending us a copy of the billing print files.
Much of our "sales" guys' argument is that we can't do to them what IBM did over the years. They have access to all the source, all the way down to the bottom. If they decide they don't like us, they can simply walk away from us, and they won't lose anything (except some capable consultants
One irony is that we've advised them a couple of times that IBM's linux workstations would in fact be very good machines for their purposes. But we also emphasize that ease of migration is important, and they should always be on the lookout for new suppliers.
You might think that there's another irony in the fact that this approach is being used by a group that is mostly Americans. But it's no irony at all, because many Americans are just as worried about IBM and Microsoft power. Any corporation with that much control over our information is a serious threat to society, regardless of where the borders may be drawn.
I just like to say "giant American corporation" to non-Americans because it gets the idea across better. There is a widespread perception in much of the world that the leaders in America have a very arrogant and possessive attitude towards the rest of the world. Many people view MS and IBM as much more threatening than a "local" corporation, irrational as such an attitude may be. But you can use this to get across the idea that they really should look at approaches that free them from domination by any such giant power center.
This is appalling news. ... Coffee should have caffeine!
Don't worry. The marketers will quickly come up with a coffee drink based on this new coffee, with caffeine added. Just as they have done with most soft drinks. Citrus fruit don't contain caffeine, but most commercial citrus drinks do.
is the doctor/ user of a medical monitor going to sue becuase their phone didn't work? If so then something is definitely wrong.
True, but irrelevant to my point. If the phone "just didn't work" for no apparent reason, then nobody will be liable. But there is a long history of distinguishing this situation from one in which someone is responsible. If a huge rock falls from the sky and hits your house, it's an "act of God". But if a helicopter flies over your house carring a large chunk of concrete, they lose control of it and drop it on your house, then you can easily sue the operator for damages.
Similarly, if you knowingly and intentionally block a cell-phone signal, then phone failures are no longer an "act of God", and there is someone who can be sued for consequences. The courts haven't much looked at this sort of case yet, mostly because such blocking hasn't been very easy. There's a good chance that courts will hear such cases soon. I wouldn't bet my money and freedom on the chance that they'd void all the legal precedents and decide that a person intentionally blocking such signals isn't responsible for the consequences. If you'd like to be the test case, go ahead. The rest of us will be interested in the outcome.
Note that just putting up a sign rarely absolves you of responsibility. You can put up a "no ambulances allowed" sign at the entrance to your property. But there are very few places where such a sign would have any legal standing, and I wouldn't suggest that you try to enforce such a sign. If you block the path of an ambulance, it doesn't much matter to any court what you may believe; you will be held responsible for the consequences.
The way I see it, if a cinema puts up a notice saying that cellphones are not allowed in the auditorium, then there's nothing wrong with them using technology to inforce it - it's no different than having the usher(s) kick people out that use them.
Well, that may be the way you see it, but that's not the way very many courts are going to see it.
Suppose there were a medical emergency in the theater, a doctor attempted to come to the person's aid, and the ushers kicked the doctor out. You can bet there would be a court case, and the theater would lose badly.
Similarly, such blocking may well end in many places the first time there's a medical emergency, a doctor is present who attempts to call for an ambulance, the call doesn't go through because of blocking, and the person dies.
This isn't a parallel with a cell-phone relay going down. The legal system may well consider that an "act of God", unless the prosecution can show the phone company was actually at fault. But if the building's owners have installed cell-phone blocking, that is not an act of God; it's an act of the building owners. Unlike God, they can be held responsible for their actions.
Yeah, we're all annoyed by people talking on cell phones. Many people are also very annoyed when they have to pull over to let an ambulance get by. No court is going to consider your annoyance relevant. If you block an ambulance and a person dies, you are in serious trouble. This could well be the legal situation with cell phones in the near future.
It may not even require a blocked phone call. We are now seeing wearable medical nonitoring gadgets that can automatically contact the hospital when measurements go out of bounds. These use cell-phone and/or wifi protocols for their data. A likely scenario is a medical emergency in a theater or restaurant, the person's monitor attempts to call the hospital, the connection fails, and the person silently dies. The inquest determines that the connection fails because it was blocked by equipment in the building, and that blocking was the primary purpose of the equipment. The owner of that equipment is charged with negligent homicide.
It'll be an interesting court case. And the outcome may be different in different jurisdictions. But it's coming soon.
Actually, medical and biological researchers don't so much compare a fetus to a cancer; a better metaphor is a parasite. One of the active areas of research is attempting to explain why a female mammal's immune system doesn't recognize the fetus as "foreign" and attack it the same way other parasites are attacked.
Of course, sometimes the mother's immune system does attack the fetus. The best-known example is "Rh disease", in which an Rh-negative mother's immune system recognizes a fetus's Rh-positive protein and produces antibodies.
But in general, we have a term for a mother's rejection of a fetus; it's called a "miscarriage". And the rejection is a lot like the rejection of a parasite. The interesting puzzle is what suppresses this reaction in a successful pregnancy. How does a fetus convince the mother's immune system that the fetus is "self"?
In another decade or so we may have the explanation.
Yeah; in fact, why don't we encourage them to incorporate DRM into IE, Outlook, and other software that is capable of downloading copyrighted material from the Net? It would seem to me that this is an obvious area where wholesale copyright infringement is going on, and they have a real chance to stop it.
/. notice states, you all hold the copyright on anything you post here. Anyone want to volunteer to call this piracy to MS's attention, and demand that they incorporate DRM into IE so that their customers can't copy your IP without your permission?
After all, much of the stuff on the Web (including all the stuff here on slashdot) comes with a copyright notice. How many of us ever get written permission from the copyright holder before we copy their material to our disk and screen?
Of course, Microsoft seems to want to enforce "Digital Rights" when the copyright owner is demanding protection. So what we need is a few writers who are willing to make a fuss about all the IE users who are pirating their copyrighted material.
As the
Very good. And here's a related Doonesbury Sunday cartoon from back in '89 that you might want to bookmark (or copy ;-).
This war does get a few pages in most American history texts. It's called the "War of 1812", though. The more-or-less conventional explanation is that the US government saw the UK, France and Spain involved in a war, figured that they wouldn't be able to spare troops to defend their North American colonies, and sent troops to places like Canada and Florida in an attempt to grab a bit more territory. Unfortunately for them, the British government decided that they could spare the troops.
;-), the schools' abysmal teaching of history is mostly due to incompetence (and underfunding) than anything else. Still, it's fun to argue the anti-history conspiracy theory.
It's also fairly common for historians to suggest that this was what persuaded France and Spain to sell some of their colonies to the US in the following decades. Better to get some money from the Americans now than lose the colonies in the next European war.
As far as I know, this is mostly conjecture and interpretation; the "smoking gun" docs don't seem to exist (and probably never did). But it's all fairly straightforward politics.
It is true that most Americans couldn't tell you a thing about the War of 1812 other than its name. One of the funnier bits of evidence was the general lack of ridicule some years back when Nixon told us that he didn't want to be the first president to lose a war. A few historians and other educated people called him on this, but the general population didn't much notice. To all but a few history buffs, the entire subject is supremely uninteresting.
One of my favorite conspiracy theories is that the schools knowingly try to instill the idea that history is boring. This is so that most of the population will never learn anything from history. They have been rather successful at this. But there's the contrary advice that one shouldn't attribute to malice that which may be explained by incompetence. Except for a few narrow subject areas (e.g. evolutionary biology
Here's the two word problem: stateless protocol.
I must be using a different HTML than you are.
<input type=hidden name=foo value=bar>
Works fine, in my experience. It's not the only way to pass around state, but it's the simplest.
I have gotten frustrated by the need to wrap it in a <form>, though. It'd be handy if hidden variables would also get passed back with plain hyperlinks.
But I'd agree that HTML wasn't designed to be the programming language that a lot of people want. It was designed as text markup, after all. Trying to make HTML into a programming language is sorta like trying to make a bicycle carry heavy freight. Saying it's stupid isn't critticising the tool; it's criticising the people who insist on using the wrong tool for the job.
But there's a serious barrier to making web pages into programs. Nobody with a grain of sense will allow programs to be downloaded from random sites and run automatically. Until this changes, things that make HTML into code will simply be turned off by anyone with the slightest understanding of why we have problems with malware and adware.
... it's possible to get close to rich web apps using JavaScript, DHTML, ...
Yes, obviously, but a simple experiment on my machine shows one very good reason this isn't happening. I have maybe a dozen windows open, and several have as many as 10 tabs showing closely-related pages.
I keep javascript and other scripting turned off for a very good reason. If I turn it on and refresh any of these windows, that browser's cpu usage rapidly goes to nearly 100%. Why? Simple answer: advertising.
Most of the actual web content makes little use of scripting. No point, usually, because I'm mostly displaying static docs. But the advertisers want my attention, and to get that, they use changing pictures. A changing widget requires cpu time. It doesn't take very many "active" ads to saturate the cpu.
But I'm trying to get work done, and I need my cpu. My only defense is to turn off scripting. And set the image processing to only do a single pass through a changing image. This isn't totally successful. The mozilla here is running at about 10% of the cpu when idle, even though I've turned off all the "active" things that I know about.
When someone comes up with a scripting technique that doesn't allow web pages to soak up my cpu, maybe I'll consider leaving it turned on. Maybe.
Of course, there are also security concerns. Anyone who leaves scripting turned on in IE is a fool (or is working on a "crash and burn" machine and doesn't care). Java and Javascript are materially safer from a security viewpoint, but they still have some serious risks. I have a demo page with a bit of Javascript that downloads an image to your machine without ever showing it to you. Depending on my mood, it may be a porn image, and anyone watching your Net usage will see that you downloaded porn. Depending on where you are, you could lose your job and/or land in jail as a result of downloading my web page with Javascript turned on.
But the cpu usage is the real story here. As far as I can tell, nobody is working on solving it. Unless I can trust the Web to not soak up all my cpu, I won't seriously consider allowing any cpu-using Web gimmicks to run.
... that the Web would be useful for installing software?
But now that these guys have shown us the way, we can all start doing it. It oughta be a lot faster than those punch cards that I'd been using.