Slashdot Mirror


User: 0x0d0a

0x0d0a's activity in the archive.

Stories
0
Comments
6,986
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,986

  1. Re:Oh lord, burn this book! on User Interface Design for Programmers · · Score: 1

    Nobody knows how many lives have been lost (measured in hours of frustration) by bad programmer-designed interfaces?

    Of course, then people talk about how great MS HCI-designed interfaces are and igore the Start button as a whole, the Office XP uses-different-widgets-from Windows 2000-uses-different-widgets from Windows 95.

    They're just used to it. There are damn few really well done user interfaces, and a huge amount depends on a given user's background and biases. I consider Anarchie to be one of the very best non-Apple examples of correct classic Mac OS user design. Many users would find the program too complicated, and prefer a much simpler interface.

  2. Mod up parent on User Interface Design for Programmers · · Score: 1

    Wow, someone who does a proper breakdown.

  3. Perspective, please? on User Interface Design for Programmers · · Score: 1

    Some user just posted an item how she highlighted her work and then hit 'backspace' and deleted everything.

    First, I assume that this is text that you're talking about. For non-text selections, backspace (on Windows, not Mac OS) should not delete selections. That's what the delete key is for.

    If it *is* a text selection, you should be providing an undo feature.

    The main problem is that a not insignificant number of people in tech support (which is admittedly not a fun job) are jackasses and feel like ridiculing users will somehow socially elevate them. I'd like to see a couple of said jackass tech support people be laughed at by the mechanic when they bring in their car (which they're unable to fix, despite the fix being a quick, five-minute change) or their tax preparer when they bring in their taxes. Or their doctor when they come in with an obviously diagnosable case.

    How would you feel if there was a User Friendly starring doctors? "Doctor, I feel sick and my legs are swollen." "Let's see...you're currently taking hyponeophenothol for depression. Did you take any drugs in the last day?" "Uh, yeah, some muscle relaxants." [Picture of doctor smacking head in frusteration.] "Well, the best thing to do would be to take 300 mG of cyanide. As soon as possible." "Okay. [click]"

    This is pretty much the template of a Greg-user-support cartoon on UF, but with medical workers instead of tech workers. Less funny when you're on the recieving end, portrayed as the "stupid user" who isn't conversant with the specialized field involved, isn't it?

  4. Re:I don't buy it on Geer Comments On Firing From @Stake · · Score: 1

    But you think that on the basis of a slashdot discussion you have enough information to take on someone who did read it? The paper is online, it is not exactly hard to find.

    Yes. I'm not claiming that you're wrong about the content of the paper -- I'm arguing whether doing doing of certain actions (which we both agree that he did) is justifiable. Minutiae of the paper are not at issue.

    The title of the report claims to be addressing national security issues. The report itself only considers a single software vendor. The report is passing itself off in a false light.

    As you point out the report does nothing but attack one vendor, that does not appear to me to be a constructive consideration of cybersecurity.


    That's not the point.

    Look, suppose I work at a major interior decorator. This interior decorator happens to use some advanced, non-peeling paint from a particular vendor. Many of the vendor's shades of paint are blue, and a disproportionately large chunk of that vendors' sales are from paint in various blue shades. If I run out and say, *representing this opinion as my own*, *not that as my employer*, and doing no more than pointing out that I've worked in the interior decorating business for years and that I'm quite sure that using blue paint in a house produces a depressing environment, I feel that that statement should not result in a firing. An employer pays for my work, the time I'm at work. It should not be able hire people in an attempt to then leverage their employed status in an attempt to prevent them from speaking freely. There is no benefit to society in considering this acceptable employer behavior, and significant drawbacks (it significantly reduces the pool of knowledgable sources that can be considered useful information sources).

    And at the end of it you find absolutely nothing to tell you why the enumeration of these laws has anything to do with cybersecrity in general or Microsoft code in particular.

    (Notice how I'm not arguing your claim that the paper is of poor quality -- it's not a relevant point.) Again, I don't feel that the quality of an independent publication has anything to do with what the man was doing at his job. Furthermore, this is absolutely not what @Stake admitted to firing him for -- it was specifically for the fact that his views were not in line with the company's. It could be that they fired him because they felt that this damaged his reputation WRT to paper quality and then *lied* about the reason for his termination, claiming that it was because his views different from company views, but that seems unlikely in the extreme.

    And if any of my employees went off and participated in a similar hit job against a major customer I would fire them as well.

    [Shrug] And I don't feel that your behavior would be justified, as long as they were doing so on their own time and were clear that what they were doing was not representative of company views.

    In the specific case of Microsoft (and this applies to a number of other large tech conglomerates, like IBM), it's extremely difficult to operate in the tech community without having opinions one way or another. Making squashing employee opinions a prerequisite for working at a company is a fairly non-beneficial action.

    Well in business you don't have academic tenure. A CTO is paid to be a PR representative for the company. You expect your CTO at least to stay on message.

    First, a CTO may or may not be a PR representative, depending upon the company. Second of all, no, I do not expect a CTO to drop his own opinions in favor of his employer's opinions in private life. An employer can reasonably expect actions from an employee during the period of time that he is at work. They aren't purchasing the employee's life, however.

  5. Re:The 65 bit Port - The difference?? on Turn Your New Opteron Into A One-Game Console · · Score: 2, Informative

    The console "bit range" issue was significant at one point. At one point, the palette size depended upon word-addressable values on consoles. Thus, each "bit increase" that came along resulted in games with a wider palette.

    Now, of course, all that's ended, and much fun was poked at the "64-bit" generation, which was pretty much entirely a marketing oddity.

  6. This can't even be used as a positive for Linux on Turn Your New Opteron Into A One-Game Console · · Score: 2, Interesting

    It's rare that I look at a new idea being done with Linux and get depressed instead of excited, but this definitely qualifies. This is a fairly bad idea. As people pointed out in a recent Slashdot discussion, OS-with-game means that the game will soon stop working on new hardware for which there is no support, requires rebooting to play the game, doesn't let you take advantages of the OS *anyway* (I mean, the only role the OS plays in something like this is in what kind of sound latency you're seeing).

  7. Re:free speech has a cost on Geer Comments On Firing From @Stake · · Score: 1

    Okay, you're right. I oversimplified.

    To be more accurate: he made a statement. That statement relies on the fact that *society* has a particular viewpoint (otherwise his statement would be nonsensical). If someone says "reduced to nothing but a schoolteacher", I know exactly what that person is talking about. Schoolteachers are paid less, get less respect than many other jobs, etc. This is all factual evidence. I don't need to rely on biases to realize why it might be bad to be a schoolteacher. I might feel that being a schoolteacher might be worth the costs, just as I might feel that being a 30 hour a week employee is worth the pay cut. However, it's not unreasonable to understand where he's coming from.

    You're right that it wasn't his "point".

  8. Absolutely correct on Geer Comments On Firing From @Stake · · Score: 1

    IME, when companies want a consultant to analyze something, it's generally to sign off on a point they want made. They're leveraging the consultant's reputation. This can either be for external use ("Look, customers! This product is good/competitor's product is bad/etc!") or for internal use ("Look, VP! My idea is good!")

  9. He's right, you're wrong on Geer Comments On Firing From @Stake · · Score: 1

    After all, if security is improved by using a variety of products, he'd have said that TCP/IP is the bad boy of internet security (as *all* internet attacks use it), or SMTP, or HTTP, etc.

    No, he's absolutely correct. Heterogenous environments necessarily tend towards being more secure against complete collapse, since complete collapse entails failure of all components simultaneously -- and different components have different weaknesses.

    TCP/IP *is* a risk, but the benefits of using a single protocol are overwhelming (plus, it's relatively small and simple, and doesn't have that much potential for holes at the design level). One of the attacks against TCP/IP at the design, rather than implementation level, was SYN flooding. When SYN flooding came out, there was a serious concern about its impact. Same goes with source spoofing -- another design level issue that provided a whole generation of headaches WRT to the r* services.

    However, using the same *implementation* of TCP/IP, which is more analogous to what Geer was arguing, *has* had exactly the kind of security impact that you're claiming is not an issue. The BSD TCP/IP stack is almost everywhere today -- Linux is one of the very rare exceptions that (currently) uses a different codebase. Attacks against this TCP/IP implementation like teardrop and bonk have affected significant swaths of computers, and had a serious impact.

    The argument that relying on a single implementation of software to provide global services is exactly what Geer's pointing out is a bad idea. Word a bad idea? Absolutely. Before the Word monoculture, macro viruses simply were not an issue. Now, if a worm can propagate using Word, it can cause untold damages to individuals and companies aroung the globe in a short period of time. Same goes for Outlook viruses. You can't claim that this isn't the case -- it's *happened*.

    I wouldn't mind if Linux was 99% of all systems used today, I think we'd have pretty much the same issues to deal with though - and Geer would be sniping at Linux's security flaws in favour of OpenBSD!

    Absolutely. What's wrong with that? There's nothing hypocritical there. Linux is significantly more enjoyable than Windows for me, so I'd prefer a 99% Linux universe to the current situation. That world would be more prone to complete failure than a 30% Linux, 30% Windows, 30% BSD universe, however.

  10. Re:Of Mixed Minds on Geer Comments On Firing From @Stake · · Score: 1

    Would Geer have kept his job if the paper was more objectively written?

    You have good points, but I'm still dubious that the political or non-political status of a paper that he wrote on his own, outside of work, should result in him losing his job.

  11. Re:This is NOT a technical document on Geer Comments On Firing From @Stake · · Score: 1

    Let's assume that you're right about the quality of the paper. What *possible* impact does the quality of the paper have on whether he would be fired or not? I also didn't see him saying that "@Stake has discovered..." he says that "Geer has discovered...". If you think that the fact that he works in the security field precludes him from publishing his private opinions, something's wrong with you. Hell, if I worked at a security company that had a business relationship with Red Hat and I also happened to feel that Linux had flaws, I'd damn well feel that I should be able to write a document complaining about Linux's problems.

  12. Re:Take the money, accept the rules on Geer Comments On Firing From @Stake · · Score: 1

    fuck, if i go to doctor i'd like to hear the TRUTH about my illness or possible risk factor, not what the doctors employer thinks i should hear.

    Uh, huh. Wouldn't happen to be the member of an HMO, would you?

  13. Re:Unfortunately... on Geer Comments On Firing From @Stake · · Score: 1

    At Carnegie Mellon, the DoD is a good source of funding.

    That said, academia is depressingly politicized.

  14. Re:free speech has a cost on Geer Comments On Firing From @Stake · · Score: 1

    If our society gave more esteem to schoolteachers and less to ivory tower leeches, perhaps our public education system wouldn't be the giant shitpile it is.

    Perhaps. I think he's pointing out that it doesn't, though. Hard to argue with him, eh?

  15. I don't buy it on Geer Comments On Firing From @Stake · · Score: 1

    The report was a baddly written crock

    This may be true -- I haven't read it.

    I could not find a single original thought. You can find more interesting arguments in an average slashdot post.

    Frankly, this comment sounds like someone *else* with an axe to grind. There is absolutely zero reason for a paper intended to summarize problems with a company's products to contain "original ideas". If I am a researcher that simply ties a vast set of information and ideas that other people have come up with but together form a useful set of data, I've done my job.

    Academics do not routinely brief the press over the papers they are releasing.

    And it's probably a less-than-good idea for those in academia, but he was working in the private sector. Building name recognition is a good idea. Lots of historically important scientists have become famous not some much for coming up with ideas themselves, but because they were the ones to popularize them -- they were good at promoting themselves.

    Geer was clearly grinding an axe.

    I'm impressed that you can so comfortably make such a call -- but even if this is the case, I fail to see why someone writing a paper that expresses their own opinions should then lose their job for it. He wasn't doing this at work, and he wasn't claiming that his employer's views were his. I damn well think that I should be able to write critically about a company in my free time even if my employer has a business relationship with that company without fear of being fired.

    It is quite another to participate in a press call organized by the customer's competitors with the sole purpose of damaging the competitor.

    Look, man. Come back to reality. He's working in the private sector. What the heck do you think *happens* in the private sector? Microsoft comes up with people funded to make Linux look bad all the time. Big companies do this all the time.

  16. Why Blizzard is scum on Blizzard Removes 400,000 More Battle.Net Accounts · · Score: 2, Insightful

    See, some folks *want* to run a damned bot. They aren't really interested in spending their life poking around doing the janitorial portions of the game, building up. They're interested in the more exciting portions of the game.

    Some games recognize this (Open Source and community-driven games are particularly good here) and try to minimize the amount of drudge work a player must do, if he so desires. MUD clients contain triggers. The roguelikes derived from Moria contain the Borg, a built-in-bot and a large number of automation features.

    Now, it's entirely understandable that Blizzard wants to provide an option to allow players to play with other players who are under some constraint (not use use bots, or what have you). The other players want level footing without using a bot, and they should be provided with such an opportunity. However, Blizzard enters the arena of being reprehensible when they *also* try squashing bnetd, so that the people that purchase a copy of Diablo 2 cannot go elsewhere and play their game in such a manner as *they* would like to do.

    Plus, I hold a firm conviction dating back to the Starcraft/Total Annihilation days that Blizzard is a wonderful marketer, yet mediocre developer.

  17. Re:Keep it simple. on Changes in the Network Security Model? · · Score: 1

    I hate to say it, but if you posted the address of one of the IIS boxes to Slashdot, it would probably be exploited pretty quickly.

  18. Re:This whole story is a waste of time on Y: A Successor to the X Window System · · Score: 1

    Yeah. I know. That was my point... Static apps burning RAM because there is no standard, de facto or otherwise.

    My counterargument, which you ignored in favor of spouting random complaints about static linking, is that this static linking is *not* an X issue, but a general issue that applies to *any* binary-only software being distributed on Linux/BSD/etc. If everyone standardized on GTK today, binary-only software would *still* need to be statically linked for any kind of reliable use. Y would provide zero benefits over X11 for apps like Acrobat.

    As a result, your minuses list is pretty much meaningless for the purposes of this argument.

    Plusses:

    ?


    Pluses:
    Works on more than the author's system. Required for commercially-supported software.

    Ah yes, Athena widgets

    You know, I can buy into irritation with KDE and GNOME apps running side-by-side, because there are a lot of support libraries in KDE and GNOME. Absolute worst case with xpdf, though, is an additional systemwide 3.5 megs of memory used (just SHARE from xpdf). My system is relatively modest by current standards (PIII-550, 512 megs of RAM), and even I'm not too broken up over a theoretical worst case wastage of 3.5 megs.

  19. The problem is firewall admins on Changes in the Network Security Model? · · Score: 3, Insightful

    You're right. Application firewalls are a terrible, unsolvable hack. Of course, firewall vendors love 'em, because you'll be paying them for updates until kingdom come, like antivirus vendors.

    Take a look at this part of the original post:

    Are network services becoming so complicated that application level firewalls (such as ISA Server) are absolutely necessary?

    Yes. They are. You know why? Because jackasses thought it would be a great idea to slap firewalls on everything. It's an easy, one-off fix that's centralized. Does jack for actual security, but it's easy to sell to management, so IT people constantly claim that everyone needs firewalls all over the damn place.

    So now we have a ton of firewalls inhibiting functionality all over the place. Do application vendors simply say "Gee, I guess we'll give up on doing interesting things with the network", due the best efforts of short-sighted sysadmins? No. They do ugly, slower, less reliable and harder-to-monitor things like rebuild everything and ram it through SOAP. And then sell the same stupid product right back to the "firewall-enabled" company. Now, everyone loses. The security is just as bad as before. The user gets a slower, less reliable experience. The sysadmin has a harder time monitoring usage and troubleshooting (since everything is obscured by the layer being used to bypass his firewall).

    Firewalls are the singly most-oversold computer product ever, having displaced antiviral tools in the last year or so. Nothing ticks me off more than some sysadmin shoving another firewall in front of users.

  20. Re:BeOS FAQ on yellowTab Announces Complete BeOS/Zeta Systems · · Score: 2, Insightful

    Oh, I think it can be pretty much summed up in one word, sans FAQ. Amiga.

  21. Re:I don't know of any ... on What is a Good Free MUD Client? · · Score: 1

    I still use mcl.

    Mcl development was stopped, and someone else took over a fork called "dirt", which I don't believe is in a working state yet.

  22. Re:This whole story is a waste of time on Y: A Successor to the X Window System · · Score: 1

    The fact that "a few pages were rendered" is the factor that bloats the RSS demonstrates that the static libraries are not the cause. Overhead from static libraries would be immediately present upon starting up the binary.

    I will give you that Navigator has what seems to me to be poor memory usage. That's true on all platforms, though -- not just X. Take a look at the system requirements for Navigator 4.x -- they're the same on Unix and Windows.

    As for the other complaints -- all these apps are static not because of issues with support for a single widget set, but because Linux inherently doesn't have a standard set of binaries in every distribution. This approach has plusses and minuses, but the issue is with Linux as a whole --X does not play any kind of special role.

    It's true that there is some duplicate memory use. However, most apps on Windows bundle private DLLs for large chunks of their functionality to avoid compatibiility issues (though admittedly not for widget sets) -- this ends up producing the same wasted memory.

    BTW -- the Unix implementation of Acrobat Reader is pretty bad and leaks memory like a sieve. You will end up paging no matter what with the thing. I use xpdf instead.

  23. Re:A pointless endeavour... on Y: A Successor to the X Window System · · Score: 1

    Good point, though Minix is not free.

  24. Re:Doh. on Windows 2003 takes 5% away from Linux · · Score: 1

    Huh. Sounds like the installer set your refresh rate higher than your monitor could do without getting a bit fuzzy.

  25. Might be worth a mod or two. on Windows 2003 takes 5% away from Linux · · Score: 1

    I think few people would disagree with what he's saying, though I don't have mod points.