Slashdot Mirror


User: jc42

jc42's activity in the archive.

Stories
0
Comments
6,784
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,784

  1. Re:Coders? on Linux Spreads its Wings · · Score: 4, Interesting

    Well, getting a line of credit is more credit than I've gotten for most proprietary software that I've written. It's common practice in the corporate world to strip out all such credits from their software (especially the binaries), and replace them with a simple corporate claim.

    Now, it may be true that I got paid to write those. But a lot of people are interested in more than just money. Fame, honor, and "Hey dummy, you should have done it this way ..." comments are worth a lot to some of us.

    One of the widespread misunderstandings is that people are only motivated by money. The economists who believe this can't understand things like Open Source (and charitable organizations). But to those of us who understand that humans can have a lot of different motivations, including things like "honor", it's easy to explain such mysterious behavior.

    Remember a couple of years back, when the OSS crowd got all upset with Sun including some Open Source software in their distributions? People weren't upset that Sun did this. They were mostly rather pleased, in fact. What was unacceptable was that Sun stripped out the credits from the code and documentation. That put Sun on our sh*t list, until they put the credits back in. Using something that is given away is fine; that's why it's given away. But refusing to give credit is unforgivable.

    For an interesting example, look at the man pages on linux or BSD systems, and compare them with the man pages on commercial unix-like systems. With linux and *BSD, most of the man pages have an AUTHOR(S) section telling you who wrote it, though sometimes the person's name is in another section near the end. In commercial *nix systems, the man pages usually contain a corporate copyright notice but not the author name(s), though sometimes an actual human name does slip through.

  2. Re:Grrr on Linux Spreads its Wings · · Score: 2, Interesting

    Heh. You're right of course. It's standard bio textbook fodder to observe that penguins do actually "fly", in a liquid medium rather than gaseous. They're similar in a lot of ways, but the two fluids do have somewhat different physical properties. For that matter, a lot of birds that fly in the air (ducks, cormorants) also "fly" underwater, using their wings for propulsion at least part of the time. Their wings just aren't very well-adapted for flying through a liquid, so most of them also have those feet modified to work as "fins".

    But there's really nothing abominable about calling a penguin's wings "flippers". Not only are they biologically homologous to the fins and flippers of fish and dolphins, they are also used essentially the same way. It's true that a penguin's flippers are modified bird wings, since the optimal shape for for this appendage is very different in air and water. In English, we routinely call such appendages "wings" when the critter travels through the air, and "flippers" or "fins" when they travel through water.

    Calling a penguin's wing a "flipper" is no odder that, say, referring to the paw of a raccoon or muskrat as a "hand".

    If we ever discover critters with wing-like appendages that live in a (near) vacuum, and use something like light pressure or magnetic fields for maneuvering, I wonder what we'll call them? Of course, people have already proposed light sails, so maybe we'll call them "sails".

    And we'll pretend that they're something different from wings or flippers. Well, they would be different, sorta. But it's useful to notice both the similarities and differences between similar structures with similar functions. Especially when they're homologous structures.

  3. Does it matter? on Gmail Commentary and Responses · · Score: 1

    I've had a number of jobs in which I was partly responsible for keeping the email running. On a number of occasions, I had the fun of helping a user with a failed message that was obviously very personal and not job related. I always took the approach of making it clear that I wasn't concerned with the contents of their message, I was just fixing a failure in the email system. I tried to get across the idea that, yes, I can read any message that goes through the system, and so can anyone else with a position of responsibility. I tried to get them to understand that the software at every stage does have to read and understand at least a part of any email message (the headers), and there's no technical reason that the software can't be made to examine anythingg in a message. Also, email is stored temporarily on any number of machines while in transit, and isn't always deleted. The user's message was one that wasn't deleted, because there was a problem with it, and other messages could be saved, too.

    One of the other ideas I've tried to get across is that, although users might find me trustworthy, they (and I) have no idea who else may be looking at their email or saving copies. This could happen anywhere along the network path. Not that this should be a problem. They shouldn't get all paranoid over it. But it's something that they should understand.

    If you don't understand all this, you have a fundamental misunderstanding of how email has always worked. Gmail is no different, reallly. Privacy in email is an illusion, unless you've encrypted the contents.

  4. Re:Arrrrghh! on Grassroots Response to .doc E-mail Attachments? · · Score: 3, Insightful

    There's an old joke to the effect that being paranoid doesn't mean that they aren't out to get you.

    It's probably true that we might be overreacting to the threat of prosecution if we decode a message we're sent in a proprietary and patented format such as a MS word doc. Courts in the US and most other jurisdictions have usually (though not always) held that you aren't responsible for receiving a message or broadcast sent by another. But there have been a few worrying exceptions.

    The main precedent comes from the recording industry, of course. We currently have a situation where a company can sell me a CD without any warning that it is encoded in a way that can only be read on a few machines. If I find that it doesn't play on my machine, and do a bit of programming to make it play, I can in fact be prosecuted under a number of current US laws. This has happened to others in some highly-public cases, and I have no reason to believe that I'm exempt for any reason.

    This has overthrown an old legal principle that a product should be usable for the purpose that it is sold. We now have a situation with recordings that I can pay money for a product, but if I use it for its sole purpose on my own sound equipment, I am in violation of the law.

    There's no reason to believe that this won't apply to things like email messages. Microsoft has been very much involved in the DRM efforts, whose sole purpose is to prevent customers from decoding files. They have received patents on some of their newer encodings used in Word docs, and presumably they had a reason for applying for those patents. The only reason for a patent is to control who is permitted to use the technology. So presumably they are serious about controlling who may use Word docs with these new encodings.

    The idea that I may be prosecuted for decoding a Word doc may be paranoia. But it is not materially different than the prosecutions for decoding sound recordings by people who want to play them on their home machines.

    Note that some of those prosecutions have had nothing to do with "pirating", i.e., making commercial use of a decoded CD. Jon Johansen has been dragged into court for merely writing code that makes a CD play on his own linux box. He wasn't charged with selling anything, his crime was writing software that made a CD play on his own machine. The Sklyarov case here in the US is similar, with the added point that the decoding charges against him were for actions in another country where those actions were legal.

    It's not any sort of stretch to think that peole may be prosecuted for similarly writing or using software that makes a Word doc readable on their own machine. If this isn't Microsoft's intent, why are they pushing DRM, and why did they patent those new encodings?

    Anyway, I'm not sure I want to be a test case.

  5. Re:Arrrrghh! on Grassroots Response to .doc E-mail Attachments? · · Score: 4, Informative
    Doesn't this sound a bit rude? ... Deal with it.

    It could be a lot more serious than that. Here's a reply that I've found fairly effective in a few such cases:

    You have sent a document in Microsoft's Word format. Such
    documents may now contain text encoded in forms that are
    patented by Microsoft. Decoding and reading such a document
    on a non-Microsoft system or with non-Microsoft software
    may subject the reader to criminal charges and/or large
    fines for patent enfringement.

    Please re-send the document in a format that won't result
    in such criminal charges and/or fines if I read it.

    This isn't a joke. Decoding proprietary formats can land you in serious trouble in the US and a number of other countries, if the format's owner decides to enforce the laws.

    Maybe the courts wouldn't enforce such things. Do you really want to be a test case? If you do, well, I'll cheer you on.

  6. Re:TIVO on National TV Turn Off Week · · Score: 1

    I've found that since I got my TIVO my TV watching has declined enormously.

    Heh. Since my wife got her wireless Mac Powerbook, our TV has hardly been turned on. I didn't watch much anyway; the last time I spent more than 10 minutes in front of the Tube was Sept 11, 2001. But that's another topic. It got home to me how weird I was years ago when I was in grad school. A friend left a bunch of stuff at my place over the summer, including a TV set, and at the end of the summer, I realized I'd never turned the TV on. So I suppose I'm a hopeless case.

    Anyway, most of the TV here was watching the old movie channels, and a Mac plus NetFlix is a lot more practical for that. TV news is a joke; you can learn more in 10 minutes of news.google.com than a whole day of TV news shows.

    We are wondering whether it's time to see if we can get just cable Internet and forego the cable TV. Unfortunately, most places you can't, or if you can, it doesn't save you much money.

  7. Re:So much for SCO's defense on Injunction to Enforce GPL · · Score: 1

    I don't think this is really true in the US. We've had cases where, for example, a father was denied visitation rights after separating from the mother on the grounds that they weren't married. (He still had to pay support, of course. ;-) It's all very confused, though, since it depends on the whims of whatever judge you happen to get, and precedent is hardly honored.

    The gay marriage cases (both from Quebec and the Netherlands) have a lot of promise for some very entertaining cases. We could very easily end up with an insane set of non-precedents that are different in every jurisdiction. Or we could find that visiting tourists are considered unmarried under US law, so (like the gays) they wouldn't be permitted to visit their spouse in the hospital in case of a medical emergency. Combine this with the many attempts to enforce English-only regulations, and you start to wonder why anyone would ever consider vacationing in the US.

    The Moslem plural marriage case is interesting in part because there is actually a lot of precedent in American law. Ask any Mormon. This doesn't encourage hopefulness.

    Actually, Utah handles this in a sensible manner. There is a strict distinction between civil and religious marriage. Civil marriage only allows one spouse. Religious marriage isn't the concern of the state, and is whatever your minister says it is (until he gets excommunicated ;-). But many states seem to have a massive confusion between the two.

    Now back to the massive confusion over what the GPL means legally ...

  8. Re:I remember something like this.. on AT&T Wireless Announces Music ID Service · · Score: 2, Interesting

    an any other Finnish people confirm?

    Funny; I was thinking of testing it out with some Finnish folks songs that I've heard but don't have names for. And some Bulgarian, Nigerian, Peruvian, and Chinese songs, for that matter. Also, I probably wouldn't be playing a radio for them; I'd be playing my fiddle or flute or accordion or Yamaha keyboard or some such, because I don't have recordings of them.

    Think this would work?

    I wasn't too impressed by their tests. They failed to identify Beethoven's Moonlight Sonata. Of course, I wouldn't need them to identify that one for me, since I know it. But there are some less-known sonatas, by lesser-known composers, and if they can't even handle Ludwig's Moonlight Sonata, what are the chances they'd recognize the others?

    This isn't a trivial concern. There's a growing threat to musicians who accidentally perform copyrighted works without first getting a license. We've had stories of music industry guys showing up at sessions at bars and such, and hitting the proprietor up for a fine because the motley gang of fiddle, flute and accordion players played a copyrighted tune. It's a followup to the story a few years ago when they sued the Girl Scouts for singing copyrighted songs around the campfire. (And note that the Girl Scouts lost that one. Or rather, they caved and are paying the protection money.)

    This is getting to be a serious problem for amateur musicians. You remember a tune and play it, and like George Harrison, you get sued for copyright infringement. But there's nowhere you can look up a tune and get the name and email address of the owner. If you want to do a proper search for permission, it'll cost you years of your life and millions of dollars. All you can really do is play it, and see if anyone sues you.

    You could buy an annual license from every agency in the world. That would only cost tens of thousands of $$ per year. Yeah, right. That may work for a handful of top professionals whose albums are selling well. For the rest of us, especially us amateurs, it's far more money than we'll make playing music in our lifetime.

    So what's the hope for a service that will correctly identify an old Finnish or Bulgarian or Mongolian folk song, or warn us that the tune is modern and under copyright?

    (Actually, I could build such a site. I've been in several discussions of how to do it. But of course, it would be illegal, and I'd be sued out of business by all the copyright owners. ;-)

  9. Re:I'm not aware of an earlier one on Injunction to Enforce GPL · · Score: 1

    And that's why any company ..., if they have competent legal advisors, will view GPL'd code as sort of a 'Nut Cracker' that will crack open their code base and give it to the world without compensation, to whatever degree their development staff makes use of any GPL'd code.

    This isn't anything special with the GPL. If you steal any copyrighted code and incorporate it into your product, you are in the same situation.

    The only thing special about the GPL is that it gives you permission to do this in certain circumstances. And it's mostly attached to copyrighted code that is published openly, so stealing it is easy. But if you don't like the idea that someone else might have control over your code, you shouldn't infringe on anyone's copyright.

  10. Re:So much for SCO's defense on Injunction to Enforce GPL · · Score: 1

    The German court judgment WILL have a chilling effect on SCO's US stance.

    Probably not while GWB is president. He has already declared Germany "irrelevant". He has clearly said that the US is not going to be held to any mere treaties with foreigners while he's running things.

    Anyway, as Dave Barry so elegantly put it in a recent column, and applied directly to the question of whether the US will obey silly things like the Berne Convention:

    Q. Is that legal?

    A. It is if you have nuclear weapons.

    See also http://www.newamericanempire.org/ for more information on the topic.

  11. Re:So much for SCO's defense on Injunction to Enforce GPL · · Score: 1

    Right. And the American honoring of other countries' marriage laws just might have some interesting test cases in the near future. There is a major fuss going on right now in the US over people who want a Constitutional ammendment to officially define a marriage as a contract between one man and one woman. This is mostly talked about with regard to the gay marriage issue. But it also brings up questions like: Suppose a citizen of a Moslem country moves to the US, perhaps as a refugee, and brings his two wives. Is the second wife still legally married in the US? Or suppose he only brings his children, but some of them are by his second (perhaps deceased) wife. Are they legally his children?

    So far, such things don't seem to have been actually tested in American courts, though perhaps some knowledgeable lawyer can inform us otherwise.

    The most likely outcome in most American courts is that the judge would automatically rule such marriages valid. But I wouldn't put a lot of money on that outcome.

  12. Re:slashdotted (RHF URL) on AmEx vs. rec.humor.funny · · Score: 1

    For the benefit of those few who may not have it at the top of their bookmarks, here's the rec.humor.funny URL:

    http://www.netfunny.com/rhf/current.html

    The latest installment of this series is currently the top joke on the stack. Let's see if we can slashdot them ...

    Also, for those who may not be familiar with this newsgroup-turned-website, they may well now have the world's largest collection of jokes. So you can blame me if the productivity of the rest of your week is destroyed.

    They have had to explain their slowdown in new jokes in the past couple of years. The problem is that they have a policy of rejecting jokes that are just trivial retellings of jokes already in their collection. As their collection grows, it slowly becomes more difficult to find truly new jokes. Most of their posted jokes now are the highly-topical type, like this one.

    But they're still worth checking out every 2 or 3 days.

  13. Re:Come on, where is it? Come on, Trolls! on The Mellow Baboon · · Score: 3, Funny

    Nah; the trolls are busy working on comparisons with the current American administration, and wondering how to best phrase the suggestion that a similar experiment be tried in November.

    Somebody's gotta have a way of phrasing this so it gets a +5 funny mod.

    Maybe I'll go off and work on it ...

  14. Re:Both sites already slow, here they are on AmEx vs. rec.humor.funny · · Score: 1

    Oh, yeah; I remember that one. It truly qualifies as "sick and offensive". And, of course, Iaughed again when I read it this time.

    I wonder if there's a way to get the AmEx execs involuntarily submitted to a treatment program for the humor-impaired?

  15. Re:WHAT??? on Five Fundamental Problems with Open Source? · · Score: 1

    Heh, heh. What's wrong here is that it takes about 10 times as long that way as typing a "rm" command in a handy *term window. And if you want to delete a whole flock of files, say *.o, doing it through the GUI takes a lot longer than a few seconds.

    Well, maybe not always. But you have to have the right app; most of the apps that show you file lists don't have a simple, elegant mechanism for matching a bunch of files and doing something to all of them.

    OTOH, I've had a wish script around for a while that does file lists, lets you type one or more of the usual file-match patterns (like *.o) in one entry widget, shows you the matching files if you hit the Show button, and lets you type in a command in another entry widget that will be run on all the matching files when you hit Return. This is a fairly straightforward variant of one of the examples in one of the tcl books, and it can save a bit of time when dealing with flocks of related files.

    GUIs have their uses. If those uses are the only ones you do, that's fine. But telling the rest of us that our "power" tools such as shells are offensive and intimidating to others is downright silly. Why should I be denied a power tool, because someone else is frightened by it?

    Next we're going to be hearing that the auto industry should only sell cars with automatic transmissions, because a lot of users can't handle the manual transmissions and feel intimidated by the thought that they exist.

    And, unlike a car, a computer system can have both the GUI and the power tools in the same box. So there's no sensible reason to attack the people who want something better for their purposes than the GUI.

  16. Re:Both sites already slow, here they are on AmEx vs. rec.humor.funny · · Score: 1

    So what in that qualifies as "sick and offensive"? I'd bet that most of the American Express folks laughed at it, just before they picked up their phone to call the company lawyers. It's fairly clever and well done. But I couldn't spot anything that even the most rigid fundamentalist type could find offensive.

    Anyone want to enlighten me? Maybe I can learn a bit more about how to offend people ...

  17. Re:My thoughts on Five Fundamental Problems with Open Source? · · Score: 1

    Because, in my experience, if I "just ask for more information", I invariably get replies that (usually insultingly) just tell me to google for the obvious phrase. In order to get past that phase, it's usually helpful to give enough information to show that I've done a bit of homework, and explain why it hasn't answered the questions.

    This is long and boring, true, but very often it convinces others that I'm not a total dummy, just ignorant and looking for more information.

    Not this time, though, it appears.

    My suspicion in this case is that "MDI" is just a TLA that means doing multiple tasks inside a single window. I can't prove this, but it's consistent with what I read. If so, then it's probably not interesting to pursue the topic further. Large apps that "do iit all" are a common approach on platforms that have poor IPC (google for it ;-). But on linux and other unixoid systems, there's good support for a flock of little, specialized tasks. In particular, once you're familiar with the X-Window GUI, it's a lot more time effective to split a task among multiple apps in multiple windows.

    There have been a lot of attempts in the unix environment to do things like edit multiple docs from one window. Both emacs and vi have support for this, as do several GUI editors. But this rarely gets used, because editing each doc in a separate window is so much easier on these systems. Similarly, the opera browser started off showing all its docs in one window. The MS-Windows users liked this; the unix/linux users didn't because it was so clumsy (and didn't work on multiple desktops). So now opera comes out of the box working with multiple windows on linux (and OSX), with tabs because in a few situations that's somewhat useful, but you have to explicitly turn on the "one big opera window" approach if you want it.

    If my guess about MDI's meaning is correct, then it's a good idea on MS Windows, and a poor idea on linux and other unix-like systems.

    Of course, my guess could be totally wrong.

  18. Re:My thoughts on Five Fundamental Problems with Open Source? · · Score: 1

    So can you explain what's magical about this "MDI"?

    I'd never heard of it. So I googled for "MDI interface", and read a few. I was unable to find anything described that I don't do routinely on linux.

    Going over the description in google's first match:

    MDI (Multiple Document Interface) is a Microsoft Windows programming interface for creating an application that enables users to work with multiple documents at the same time.

    Yeah, I do that. Each doc is in a different window.

    Each document is in a separate space with its own controls for scrolling.

    Yeah; each window can be scrolled. Plain-text docs are in xterm windows, each of which is scrollable. Some are in texteditor windows, which are scrollable. Some are in mozilla Composer windows, which are scrollable. Someare in gimp windows, which are scrollable.

    The user can see and work with different documents such as a spreadsheet, a text document, or a drawing space by simply moving the cursor from one space to another.

    Yeah, I can use the mouse to move the pointer (cursor) between windows. In linux, I don't even have to click on a window to work in it; I can just bump the mouse slightly to move the pointer across a border.

    So what is there to MDI that isn't a trivial use of a mouse and multiple windows? The other descriptions that I read were just as easily satisfied with any of the common window managers and apps on linux (and on OSX for that matter).

    I think I'm missing something somewhere here.

    Or maybe it's just another case of "I won't use XYZ because it doesn't have glorple, which I absolutely require. Sorry, I won't define glorple for you. But you have to supply it, or I'll never use your XYZ."

  19. Re:Fake can be just as good on Non-Lethal Sniper Rifle: You're Tagged For Life · · Score: 1

    Hey, cool! I didn't know about that one. It's a bit pricey, but that's to be expected now.

    My one pointed observation is: FTP????? WTF?

    Someone should explain to them that FTP sends everything, including login id and password, in the clear. So anyone with a good sniffer can intercept all your packets, assemble your pictures, and they also know your login id and password.

    But I suppose what you'd do is use an anonymous login, with the ftp directory off in its own partition so your competitors can't bring your whole server down by filling the disk with garbage. You still have the problem of authentication, if you're at all paranoid about what the local thugs/government might do to mess with your comm links to the guys in the field.

    Meanwhile, you should be complaining about this to Nikon, and insist that the next generation do scp instead. Maybe you could tell them it's called "ssl", and if they don't recognize that, explain that ssl is what the commercial web sites use to protect things like credit card numbers. They really oughta encrypt the camera's communications.

    But this camera is awfully close to what the satirist was talking about. I want one.

  20. Re:Yes on When Does Usability Become a Liability? · · Score: 1

    Huh? I've been syncing my PalmOS toy to my PC for several years without ever needing to type a password, and all the files are there on disk owned by me.

    Oh, yeah; you're probably talking about an MS Windows PC. Mine's running linux, and I use Kpilot to do the sync.

    Why in the world would anyone store a user's PDA files under any permissions except the user's? That makes no sense at all. Unless they've included some spyware that's trying to collect passwords and send them somewhere.

  21. Re:Remember backup DNS. on What are the Benifits of Running Your Own DNS? · · Score: 1

    Some time ago, I added a caching DNS server to our firewall, without mentioning it to anyone on the LAN. I immediately got a bunch of comments on how the Internet had suddenly gotten a lot faster. Happy users aren't to be discounted.

    Of course, much of the reason was the poor performance of the ISP's name servers. I think they're better now, but they're still not very fast. I've found I can get better response with several name servers that are farther away. For example, I mentioned it to an admin for a nearby university's campus network, and he said that as long as I was running a caching name server, I was welcome to use theirs.

    YMMV, of course. And I'd second (or third or fourth) the advice about TinyDNS.

  22. Re:Fake can be just as good on Non-Lethal Sniper Rifle: You're Tagged For Life · · Score: 1

    Actually, their camera with wireless (satellite) comm capability is just at the edge of feasibility. A wireless camera about that size with WiFi and cell-phone capability is feasible right now, but we have obvious problems with WiFi access and/or transmission speed. Satellite capability would obviously be useful in situations where there is a serious prospect of the camera (and maybe the photographer) being destroyed, but that's hard to do without a somewhat larger piece of hardware.

    But it's probably not far away. This could put a serious crimp in the style of a lot of thugs, including those employed by their governments. Even if you notice the photographer, by the time you grab their camera, the picture of your actions could well be beyond your reach.

    The current crop of cell phones with crappy cameras is just the camel's nose under the tent. In a few more years, we'll have serious wireless cameras available.

    (Anyone have any links to the best wireless cameras right now?)

  23. Re:Theory on Two Takes on the Java Dilemma · · Score: 1

    Hmmm ... perl, python and tcl can all do a lot better than that. And I hardly ever see a machine any more that doesn't have all of them installed. (Of course, nobody ever pays me enough to develop for Windows. ;-) In my experience, all of them provide much better portability than java. I use all of them (python the least), and it's been years since any of my java/tcl/python tools broke on a new machine because of language or library differences. The only kernel problem I've seen was in running them on OSX, and the problems there all turned out to be caused by the caseless filename matching, something that no language can completely defend against.

    So why would I bother with java? I suppose if my boss wanted it. But even when I've argued in favor of java, I've never convinced anyone with decision-making power.

    Seems a pity; the language had so much promise.

    BTW, what ever happened to that rumor a few years back that the java, perl, tcl, and maybe python people were talking behind the scenes about merging their VMs into something that would run all of them?

    Probably just a rumor. But it could be good for the worl if it were to happen. Back in the 60's and 70's, there were a number of hardware makers who were catching onto the idea of putting direct support for major programming languages into the hardware. Then along came the Microsoft/Intel deal, which proved that you didn't have to do anything so useful to become the market leader. Imagine if there really were such a useful VM, and cpu makers started implementing its opcodes in silicon ...

  24. Re:The Only Way Microsoft Can Die is by Suicide on The Only Way Microsoft Can Die is by Suicide · · Score: 1

    That stuff should be sent to the legal department for their approval prior to installation.

    This could be an effective approach. In the 80's and 90's, I worked (as a "consultant") on a number of projects at Digital (RIP). I remember a number of discussions of the fact that, although they had Sys/V unix running on a number of machines internally, the management consistently decided to go with BSD unix for their own unix-based systems.

    The general explanation was that the company's lawyers had looked at the licenses, and said that they weren't absolutely certain, but there was a good chance that the courts would interpret the AT&T licenses as meaning that anything linked to the AT&T libraries legally belonged to AT&T. It didn't make any sense to risk your company's products and profits on a wager that the courts might decide differently.

    The BSD licenses clearly didn't have this sort of problem; apps linked to them belonged to the apps' authors.

    It's difficult to get real proof, but there's a widespread perception that this is the primary reason that Sys/V has effectively died (except for the interesting fact that POSIX is really Sys/V in disguise as a government standard).

    The Microsoft EULAs make it quite clear that you don't own any of the software that you've paid for, and you have no recourse if it does something to your software that you don't like. I've even found the clauses in a few MS EULAs that state specifically that MS's software may erase or otherwise disable any non-MS software found on the machine. The history of Netscape and Windows Media Player show that MS is a serious threat to anyone who wants to write and sell their own software that runs on Windows.

    It's really rather bizarre that any corporation would permit the use of systems with such licenses. But it's probably mostly because the corporate lawyers rarely actually see those EULAs. People just buy the machines, install software, and the company lawyers are rarely consulted in the process. It might be interesting to see the results if these licenses were brought to the lawyers' attention. How many of them would personally approve of running software with such a license?

  25. Re:Renaming the tools of the trade on Security Tools More Harmful Than Helpful? · · Score: 1
    Indeed, the names you give things can strongly influence people's attitudes toward those things.

    One of my favorite examples involves my usual practice of building a lot of debug hooks into code that I write. When it's to be turned into a deliverable, I always had a problem that the people paying for the work didn't want debug hooks in the final product. Now, you and I know that when you install it in a customer's machine and it doesn't work right, that's when you really need those debug hooks, but most managers don't understand this.

    But eventually I found an interesting problem, which I'll illustrate between a Questionner (me) and an Answerer (the client or boss):


    Q: Do we want our debug hooks in the version we send to the customer?

    A: Of course not; that makes the program bigger and slower, and admits that we might have bugs.

    Q: Do we want to include the tracing code that we've included during development?

    A: Of course not; customers have no need to trace through the code.

    Q: Do we want to include the "verbose" code that we've developed, so that we can have the code explain what's happening during installation and (re)configuration by turning up the verbose level, then turning it down when things are working?

    A: Of course; that will help us and the customer diagnose problems.


    I've found that A never does realize that I've asked the same question three times. The lesson I've taken from this is that I always call my debug/tracing/development hooks "verbosity" code. I describe it as good for diagnosing problems, especially during installation, configuration, and the inevitable re-configuration that all customers will have to do as they grow.

    This way, all my built-in debug hooks are permitted to remain in the final product. And notice that I haven't been at all dishonest. Those three terms "debug", "trace" and "verbose" really do describe three aspects of the same sort of thing.

    In the case of security issues, it seems obvious that you want your security code debugged just like you want any other important code debugged. If not, you'll have security disasters, just like using undebugged financial software will produce financial disasters.

    One problem is that we've let the media and management get away with classifying security debugging tools as "hacking" tools. And we've let them get away with redefining "hacking" as something undesirable. It's probably too late to fix that problem. So we have to find language that will persuade people who aren't programmers or security experts that testing and debugging the security code is a Good Thing.