If you want to see something really annoying, set your browser to ask you before accepting cookies and then hit www.securityfocus.com. The've implemented this really nifty stunt which makes your browser fetch another add about once every minute. To make sure it's a different add, give you a new cookie each time so that your browser does the work for them of keeping track of which add you got last.
SecurityFocus is a handy site, but they drove me insane when I was trying to understand more about what people were doing to me with cookies.
> yes, women, in my experience, generally tend not > to have penises and also don't have so many > ego problems.:)
I have to concede that you are right on the penis part. As far as ego problems go, I'm not sure I can agree with you, but perhaps the point you are trying to make can be worded another way.
I know there has been research into women only discussion groups online, and one of the conclusions drawn is that an online discussion for which women are the primary participants is considerably less likely to degenerate into flame wars. The communications styles of men and women are different, and in text only communications, discussion between men tend to be more... volitile. In addition, it was found that in an online discussion where women are the initial participants, the introduction of men will likely change the atmosphere in a way that tends to drive women out of the discussion. I can't find the bookmark to that research on my system at home, so I'll check my work bookmarks tomorrow and post a reference then, if I can.
While I'm certain I do not have bookmarks to it, I have heard of research suggesting that similar (although perhaps less extreme) results can be expected at the introduction of men into previously women only class rooms.
There are definately differences between the way men and women communicate, and there is no real question in my mind that we men, on the whole, undervalue and underappreciate those things that characterize the communications styles of women.
Having said that, I also believe that women often do not understand what we men value in our own communications styles. First let me point out that both men and women can be childish in the way that they conduct a discussion; We men are certainly no exception to this rule. Second, let me say that the point I'm about to make may be controversial, and I do not want to discourage anyone from voicing their disagreement. I DO want to discourage those people who find themselves on my side from flaming those who don't.
Now to the point I am trying to make: I think men are more likely, on the average, to turn to analysis in resolving disputes between participants in a discussion. While this approach is not always the right one in every discussion, its value in discussions of highly technical issues cannot be overstated.
I'm not saying that women cannot participate in technical discussions. I am trying to address a point that I think 'backline' was trying to make about differing communication styles. I think there is a great deal that men can learn by trying to understand the communication styles that we think of as typical of women, and I've tried to learn these things myself. I place a greate deal of value on those things that I have learned, and I encourage other men to try it more.
I argue that call for a shift to a communication style that is characteristic of women may result from ignorance of the value, in the context of a highly technical discussion, of some elements of a communication style that is characteristic of men. I'm not saying that the men on the Linux Kernel developement list couldn't stand to grow up (or at least lighten up) a bit. But I do think they cannot afford to give up any tendency that they have to resolve disputes through analytical discussion. In the midst of all the flaming, I think those people who respond to flames with reason are respected for it, and that respect for a display of calm reasoning skills is more characteristic of communications amoung men than amoung women.
The win is this: It simplifies the enforcement of requirements that the Operating Systems Business shall not make unfairly favorable arrangements with the Applications Business.
Without a breakup, it would be much less practical to level the playing field because people in the same company with the same stockholders will usually communicate informally with each other about their work. By separating these two groups of works, by making them answerable to two different groups of stock holders and management, by establishing clearer boundaries between the interrests and businesses of these two groups, and by requiring that communications between the two companies be on record and auditted, the government now makes it possible to level the playing field for other competing companies. Without the breakup, it might not be possible.
Crushing Netscape wasn't about HTML. Netscape planned to use their browser as a kind of middleware. By writing your applications as Java applets, you would have been able to run these applications, virtually without change, on any operating system that supported Netscape. The evidence cited in Jackson's original findings of fact (anyone have a reference? I lost mine) suggested that MicroSoft felt that this would threaten their monopoly.
MicroSoft's original response was to attempt to bully Netscape into cripling this middleware functionality. MicroSoft offered to leave Netscape alone if Netscape promised not to threaten their monopoly this way. Otherwise, MS threatened to crush them. Netscape refused to comply with this demand, so MS proceded to carry out their threat.
The browser war wasn't about controlling HTML. On the contrary, Microsoft's attempts to pollute the HTML standards were a further attempt to undermine Netscape's market share by creating artificial incompatibilities. MS even went as far as compensating outside organizations for putting things on their website that would make their sites more difficult to browse effectively with netscape.
Go find the original findings of fact. The document is long, but it is well worth the read.
(Again, does anyone have a reference to it? Perhaps serveral would be better to help aliviate the SlashDot Effect.)
Interresting. Does anyone have more detail about this compiler. I remember hearing, all through college (through about 88) that there were no approved/validated/certified Ada compilers. What platform did the 83 platform run on?
I bet 90% of people think schizophrenia refers to multiple personality disorder. They are wrong.
I bet 99% of people use the word "illegal" when they mean "unlawful". They are also wrong.
I bet 99% off people don't know the difference between subjective uncertainty and objective uncertainty, but we can't really let them go telling physicists how to talk to each other, can we.
Sure, language evolves. Most of the time, there's nothing wrong with this. But sometimes we must resist.
Perl programmers aside, I think the problem is that programmers and computer techies have never liked context sensitivity.
'Hacker' is context sensitive. It means different things at different times to different people. Most English words are like. This makes it easier to express yourself accurately, not harder.
In the UK, hacker has long meant someone who hacks into computer systems. Because of the (more US based) meaning of 'skilled, unorthodox programmer' it has _two_ meanings. Wow.
Context Sensitivity is not the same as Speaker Sensitivity. Please be careful of the difference.
'I was up all night rebuilding the mail server after some hacker trashed it' - can you guess what meaning is in use here?
'It was a fun company to work for, they had some pretty smart hackers there' - how about now?
Is it really so difficult that we must must must have a special word?
Yes. Not every context makes this distinction so clear. Suppose I say, "That man is a hacker." What does that mean?
Yes, the phrase ' I think of myself as a hacker ' on its own might be ambiguous. But, in real life you simply would never get that phrase on its own. A live conversation would allow an unsure listener to ask what meaning the speaker intended. A written email or letter would never simply be that phrase all on it's own.
Why not? Because it might confuse some people? A lawyer might be careful to explain the difference between "illegal" and "unlawful" (look it up. Illegal probably doesn't mean what you think) to a layman, but I'm guessing they expect other lawyers to know the difference. Should we deny them a chance to talk about these two different concepts with two concise words simply because many laymen don't understand the difference?
Stop trying to erode the precision that the rest of us need in this language.
The point needed to be made, so we can argue with it. 8-) I sent and email reply to the author which may help answer your objection. I've included it below.
Date: Mon, 08 May 2000 17:22:55 -0500 From: L. Adrian Griffis <agriffis@dstsystems.com> To: shewchukb@toronto.cbc.ca Cc: adrian@nerds.org Subject: Good start on explaining misuse of the term "Hacker"
Blair,
I'm glad to see you respond to the criticism of the media's common use of the word "hacker". I couple of points come to mind.
You note that a few dictionaries agree with the common usage (i.e. a hacker is someone who breaks into systems). I'm sure that you, as someone who writes for a living, have flinched more than once at the kinds of word misuse that have been immortalized in all these dictionaries that you site. I fear, myself, that these dictionaries will begin to validate the common sports caster's use of the word "literally" to add emphasis rather than to differentiate literal and figurative uses of other words. In the event of such an appalling development, I vow to fight on in defense of the word "literally", and I can only hope that you would do the same. There is no word to replace "literally", and in the same sense, there is no word to replace "hacker".
The word "schizophrenic" is often misunderstood to mean someone who has Multiple Personality Disorder. It may even be that some dictionaries are legitimizing this misunderstanding. This usage is wrong, and even harmful. There are times when we NEED words to have exact meanings that are beyond what we can expect from the layman. When a complex profession develops a jargon to help it communicate concisely within the profession, we must give that jargon a kind of protected status, or we risk letting the confusion about words amoung laymen intrude into its proper, more technical usage. It doesn't matter that the number of people who think schizophrenic means MLP is much larger than the number of people who understand its meaning; The majority is wrong when it is applied to psychology, and the dictionary would be wrong to legitimize this incorrect usage. The fact that the average layman thinks the word hacker refers to someone who breaks into computers is equally wrong, regardless of the extent to which these confused people outnumber those of us in the computer business. The fact that someone of these confused people make dictionaries is unfortunate, but we in the computer business are entitied to our jargon, and those people on the outside are only making communications difficult by attempting to pollute our jargon with their misunderstanding.
A more subtle point, perhaps, comes from how this misuse came to be so common. The word "hacker" in the MIT sense came to be vested with a kind of prestige. As a result, a growing crowd of kids began to covet this term and simply usurped it, without actually gaining the skills required.
Before I go on, it is important to note that some full fledged hackers really are the kinds of people that break into systems without authorization. This is unfortunate, and is not something that many hackers like to talk about. We sometimes call them "Dark Side Hackers". But these hackers are, by far, outnumbered by a group of people that we call "Script Kiddies", who simply use canned tools that they couldn't have written themselves to break into systems. In many cases (but not all) it is dark side hackers that originally wrote the tools, but most security incidents are probably perpetrated by script kiddies.
Anyway, back to the second point. At first, and to some extent even today, many journalists lack the technical sophistication required to tell the different between people that really qualify as hackers and people who claim, falsely, to be hackers. Those of us who understand the term simply see journalists as gullible.
But suppose we decided we've fought this battle long enough. Suppose we surrendered this term to the layman. Would this really improve communications? Would we have a way to talk to you journalists to help you understand the difference between the person who understands the system well enough to create a really impressive utility and the person who simply uses the utility in some pathetic act of vandalism? If I can't convince you that I have some authoritative right to correct your use of the word, can I at least convince you that surrendering this distinction will make clear communications more difficult.
Further, suppose we surrender this word and pick another one. How long will it be before the script kiddies covet this new word, as well. How long will it be before they claim this new word as their own. And how long will it be before all these dictionaries begin to parrot their claims. If we decide on this new word, can we count on you jounalists to do a better job of examining these false claims than you did with the word hacker? From the first misuse of the word hacker, we've challenged it, and you journalists have ignored us. Now that we finally shout loudly enough that we are not so easy to ignore, you journalists have made excuses.
Suppose we surrender this word. Are you promising to take better care of the next one? Shall we count on jounalistic integrity to safeguard this next word where it did nothing to protect the first? If you won't admit that you are wrong now that the dictionary backs you up, will you at least admit that you would have wrong before the dictionaries validated this misuse of the word hacker? Are you honestly working towards better communications and a better understanding or is it just tough, sometimes, to admit that you are wrong.
Regardless of what words we use, it is important to understand that there are two different groups here and we needs ways to talk about them without getting confused. There are people who love working with the intricate details of computer programming. We call them "hackers". There are people who use tools that they are not bright enough to develop themselves to commit pathetic acts of vandalism. We call them "script kiddies", but you want to call them hackers. Do you plan to confuse your public about the difference between these two groups? Is there some other word that you would like us to use to describe the first group? Have you really thought this through?
This message is public domain. You may reprint it without any other kind of permission, but I hope you will let me know, and I hope your journalistic integrity will guide you in quoting sections of it. I will be posting it to SlashDot.org.
My understanding is that Ada was designed, in part, to help keep the programmer from making some kinds of mistakes. My feeling is that this philosophical influence on a language tends to lead to a more cumbersome language. Indeed, Ada is a complex enough language that it took years to create a certified version of the compiler.
I worked as a civilian consultant at an Air Force base for several years. I remember that there was a fierce resistance to using Ada for many years after the US Department of Defence issued its mandate that Ada was to be used for everything unless there was a clear justification. Even though there was a clear recognition of the fact that the multitude of languages used on individual systems and weapons platforms, NOBODY wanted to use Ada.
What about the journalists that report it?? I've sent the following off to the BBC, in hopes that MicroSoft will shoulder its share of the blame. I encourage the rest of you to send similar messages to the BBC and to other news organizations whose coverage is similarly incomplete.
-------------
From: L. Adrian Griffis <adrian@idir.net> To: newsonline@bbc.co.uk Subject: Missing the Point Regarding the "ILOVEYOU" Virus.
While I'm delighted to the some substantial details in your coverage of the tour of the "ILOVEYOU" virus, I'm disappointed that you haven't pointed the finger at the one organization that should carry most of the blame. That organization is MicroSoft.
Don't get me wrong, I'm appalled at the kind of attitude that must be behind a decision to release this virus. But MicroSoft's 20 years of reckless and perverse disregard for the safety of their customers' data is the central theme in all of these virus incidents. In the Unix/Linux world, when a vulnerability is discovered in an email client, it is acknowledge as a bug and corrected. It would never occur to us to tollerate a product that continues, release after release, with the same flawed design from a vendor that won't even acknowledge the flaws. It astonishes me that the MicroSoft Windows community never even cries foul when they find that MicroSoft has, once again, held their pants down during yet another attack. It astonishes me further that this same community thinks it quite natural to spend money on a third party product (a virus scanner) whose purpose is to shield this system, that the first vendor won't lift a finger to fix, from the malicious data that exploits the first vendor's neglect.
Why haven't I seen a single negative comment about MicroSofts role in this crisis?
Not only do I prefer HTML to PDF, I think the claim that PDF files are portable is a false one. Adobe doesn't include all of the possible fonts anymore, on the theory that some fonts are included with MS-Windows. I have a CD full of PDF files that I simply cannot read on Linux because of this treacherous decision by Adobe. Also, even where PDF files do not refer to MS fonts, the PDF view for Linux is notoriously buggy. "acroread" crashes all the time.
HTML lacks some of the bells and whisles that PDF files have, but HTML is much more reliable. And, do you really need those bells and whistles that HTML doesn't provide. HTML has always been more than adequate for any documentation that I've needed to do.
The 9th Circuit Court of Appeals has agreed to rehear the Bernstein case, en banc (i.e. before the entire court rather than just the usual three judge panel). The most recent ruling was in DJB's favor, so if the appeals process lost its momentum, DJB wins. The case isn't "pending" because of DJB's concerns; He won the last round. The case is pending because the Government knows they are wrong, they don't have the imagination to do more than stomp their feet and say "please, please, please, hear us again", and they don't have the courage to admit that they are wrong. The feds are stalling, plain and simple.
All this decision does is clear up a single point of law. The district court issued a summary judgement stating that there was no need to consider the First Amendment claim, because it felt that the source code was too functional and not sufficiently expressive to warrent First Amendment protection.
The appellate court corrected this misconception and instructed the lower court to consider the case again. The lower court could still consider the First Amendment claim and decide that the government's interrest is overriding, but before this ruling, the lower court didn't feel that it had to consider a First Amendment claim at all.
This ruling is a step in the right direction, but it is far from a (correct IMO) ruling in Junger's favor. It does not make DeCSS legal, it does not shoot down the ridiculous ITAR/BXA restrictions, it does not war obsolete, etc..
This ruling does, perhaps, cast a slightly better light on the position of the good guys in many of these encryption related cases. It is good news, but please, folks, get a grip!
Adrian
PS: IANAL PPS: I am not a witless idiot, either. 8-)
When M$-Word is released with an appallingly unsecure macro language, and when the virus writers demonstrate this, it never occurs to the M$ developers or their user community that the answer is to remove those capabilities in the macro language that make it unsecure. Their answer is to live with the unsecure language and construct an elaborate system of virus signature scanners, virus cleaners, and a virus signature distribution system.
When sendmail or pine is discovered to have a flaw that can be exploited to gain unauthorized access to a system, we, as a community, see this as a problem, and the problem gets fixed. It would never occur to Eric A. to leave an exploitable flaw in sendmail, because he knows that we won't accept it.
As long as we, as a community, are determined to see security flaws as unacceptable aberations, we will never see a proliferation of Unix/Linux viruses that we see in the M$ world.
It seems to me that this is why the US shouldn't be restricting the export of strong encryption. Aren't we better off making strong encryption availible to dissidents in those countries whose governments we are most concerned about?
I understand that Chinese students in the U.S. were sending news about the Tiananmen Square massacre over BitNet to Beijing, and that news was faxed all over the rest of China. And yet, somehow, our NSA believes that, in the unlikely event that they can contain domesticly developed encryption technology (you know, all that encryption developement that hasn't been driven overseas yet by our silly laws) within US borders, US national interrests are best served by keeping this technology out of the hands of Russian and Chinese dissidents.
But wait! Billy C. has changed our policies. Now it is only dissidents in countries like Iran and Lybia that are to be denied the fruits of all that advanced encryption technology that's only availible here in the good old USA (right?).
I'd suspect that the governments of Lybia and Iran paid him off to keep thier dissidents from getting strong encryption, but I don't think he has enough of a clue about the real benefactors of his regulations to know that he could looks for such a source of income.
Why do I always have to feel embarrased by the elected officials in my own governement? I suppose we elected them, so they are the governement we deserve. But still.. Why?
Slashdot Mirror
SecurityFocus is a handy site, but they drove me insane when I was trying to understand more about what people were doing to me with cookies.
Adrian
> yes, women, in my experience, generally tend not :)
> to have penises and also don't have so many
> ego problems.
I have to concede that you are right on the
penis part. As far as ego problems go, I'm
not sure I can agree with you, but perhaps
the point you are trying to make can be worded
another way.
I know there has been research into women only
discussion groups online, and one of the
conclusions drawn is that an online discussion
for which women are the primary participants
is considerably less likely to degenerate into
flame wars. The communications styles of men
and women are different, and in text only
communications, discussion between men tend to
be more... volitile. In addition, it was found
that in an online discussion where women are the
initial participants, the introduction of men
will likely change the atmosphere in a way that
tends to drive women out of the discussion. I
can't find the bookmark to that research on my
system at home, so I'll check my work bookmarks
tomorrow and post a reference then, if I can.
While I'm certain I do not have bookmarks to
it, I have heard of research suggesting that
similar (although perhaps less extreme)
results can be expected at the introduction
of men into previously women only class rooms.
There are definately differences between the way
men and women communicate, and there is no real
question in my mind that we men, on the whole,
undervalue and underappreciate those things that
characterize the communications styles of women.
Having said that, I also believe that women often
do not understand what we men value in our own
communications styles. First let me point out
that both men and women can be childish in the
way that they conduct a discussion; We men are
certainly no exception to this rule. Second, let
me say that the point I'm about to make may be
controversial, and I do not want to discourage
anyone from voicing their disagreement. I DO
want to discourage those people who find
themselves on my side from flaming those who
don't.
Now to the point I am trying to make: I think
men are more likely, on the average, to turn to
analysis in resolving disputes between
participants in a discussion. While this
approach is not always the right one in every
discussion, its value in discussions of highly
technical issues cannot be overstated.
I'm not saying that women cannot participate
in technical discussions. I am trying to
address a point that I think 'backline' was
trying to make about differing communication
styles. I think there is a great deal that
men can learn by trying to understand the
communication styles that we think of as typical
of women, and I've tried to learn these things
myself. I place a greate deal of value on those
things that I have learned, and I encourage other
men to try it more.
I argue that call for a shift to a communication
style that is characteristic of women may result
from ignorance of the value, in the context of
a highly technical discussion, of some elements
of a communication style that is characteristic
of men. I'm not saying that the men on the
Linux Kernel developement list couldn't stand
to grow up (or at least lighten up) a bit. But
I do think they cannot afford to give up any
tendency that they have to resolve disputes
through analytical discussion. In the midst
of all the flaming, I think those people who
respond to flames with reason are respected for
it, and that respect for a display of calm
reasoning skills is more characteristic of
communications amoung men than amoung women.
Adrian
Without a breakup, it would be much less practical to level the playing field because people in the same company with the same stockholders will usually communicate informally with each other about their work. By separating these two groups of works, by making them answerable to two different groups of stock holders and management, by establishing clearer boundaries between the interrests and businesses of these two groups, and by requiring that communications between the two companies be on record and auditted, the government now makes it possible to level the playing field for other competing companies. Without the breakup, it might not be possible.
Adrian
Crushing Netscape wasn't about HTML. Netscape planned to use their browser as a kind of middleware. By writing your applications as Java applets, you would have been able to run these applications, virtually without change, on any operating system that supported Netscape. The evidence cited in Jackson's original findings of fact (anyone have a reference? I lost mine) suggested that MicroSoft felt that this would threaten their monopoly.
MicroSoft's original response was to attempt to bully Netscape into cripling this middleware functionality. MicroSoft offered to leave Netscape alone if Netscape promised not to threaten their monopoly this way. Otherwise, MS threatened to crush them. Netscape refused to comply with this demand, so MS proceded to carry out their threat.
The browser war wasn't about controlling HTML. On the contrary, Microsoft's attempts to pollute the HTML standards were a further attempt to undermine Netscape's market share by creating artificial incompatibilities. MS even went as far as compensating outside organizations for putting things on their website that would make their sites more difficult to browse effectively with netscape.
Go find the original findings of fact. The document is long, but it is well worth the read.
(Again, does anyone have a reference to it? Perhaps serveral would be better to help aliviate the SlashDot Effect.)
Adrian
What does VBS stand for again? Isn't it "Virus Broadcasting Script" or something like that? 8-)
Adrian
Interresting. Does anyone have more detail about this compiler. I remember hearing, all through college (through about 88) that there were no approved/validated/certified Ada compilers. What platform did the 83 platform run on?
Adrian
I bet 90% of people think schizophrenia refers to multiple personality disorder. They are wrong.
I bet 99% of people use the word "illegal" when they mean "unlawful". They are also wrong.
I bet 99% off people don't know the difference between subjective uncertainty and objective uncertainty, but we can't really let them go telling physicists how to talk to each other, can we.
Sure, language evolves. Most of the time, there's nothing wrong with this. But sometimes we must resist.
Adrian
'Hacker' is context sensitive. It means different things at different times to different people. Most English words are like. This makes it easier to express yourself accurately, not harder.
In the UK, hacker has long meant someone who hacks into computer systems. Because of the (more US based) meaning of 'skilled, unorthodox programmer' it has _two_ meanings. Wow.
Context Sensitivity is not the same as Speaker Sensitivity. Please be careful of the difference.
'I was up all night rebuilding the mail server after some hacker trashed it' - can you guess what meaning is in use here?
'It was a fun company to work for, they had some pretty smart hackers there' - how about now?
Is it really so difficult that we must must must have a special word?
Yes. Not every context makes this distinction so clear. Suppose I say, "That man is a hacker." What does that mean?
Yes, the phrase ' I think of myself as a hacker ' on its own might be ambiguous. But, in real life you simply would never get that phrase on its own. A live conversation would allow an unsure listener to ask what meaning the speaker intended. A written email or letter would never simply be that phrase all on it's own.
Why not? Because it might confuse some people? A lawyer might be careful to explain the difference between "illegal" and "unlawful" (look it up. Illegal probably doesn't mean what you think) to a layman, but I'm guessing they expect other lawyers to know the difference. Should we deny them a chance to talk about these two different concepts with two concise words simply because many laymen don't understand the difference?
Stop trying to erode the precision that the rest of us need in this language.
Adrian
The point needed to be made, so we can argue with it. 8-) I sent and email reply to the author which may help answer your objection. I've included it below.
- --
-----------------------------------------------
Date: Mon, 08 May 2000 17:22:55 -0500
From: L. Adrian Griffis <agriffis@dstsystems.com>
To: shewchukb@toronto.cbc.ca
Cc: adrian@nerds.org
Subject: Good start on explaining misuse of the term "Hacker"
Blair,
I'm glad to see you respond to the criticism of the media's common use of the
word "hacker". I couple of points come to mind.
You note that a few dictionaries agree with the common usage (i.e. a hacker
is someone who breaks into systems). I'm sure that you, as someone who writes
for a living, have flinched more than once at the kinds of word misuse that have
been immortalized in all these dictionaries that you site. I fear, myself, that
these dictionaries will begin to validate the common sports caster's use of the
word "literally" to add emphasis rather than to differentiate literal and
figurative uses of other words. In the event of such an appalling development,
I vow to fight on in defense of the word "literally", and I can only hope that
you would do the same. There is no word to replace "literally", and in the same
sense, there is no word to replace "hacker".
The word "schizophrenic" is often misunderstood to mean someone who has
Multiple Personality Disorder. It may even be that some dictionaries are
legitimizing this misunderstanding. This usage is wrong, and even harmful.
There are times when we NEED words to have exact meanings that are beyond what
we can expect from the layman. When a complex profession develops a jargon to
help it communicate concisely within the profession, we must give that jargon a
kind of protected status, or we risk letting the confusion about words amoung
laymen intrude into its proper, more technical usage. It doesn't matter that
the number of people who think schizophrenic means MLP is much larger than the
number of people who understand its meaning; The majority is wrong when it is
applied to psychology, and the dictionary would be wrong to legitimize this
incorrect usage. The fact that the average layman thinks the word hacker refers
to someone who breaks into computers is equally wrong, regardless of the extent
to which these confused people outnumber those of us in the computer business.
The fact that someone of these confused people make dictionaries is unfortunate,
but we in the computer business are entitied to our jargon, and those people on
the outside are only making communications difficult by attempting to pollute
our jargon with their misunderstanding.
A more subtle point, perhaps, comes from how this misuse came to be so
common. The word "hacker" in the MIT sense came to be vested with a kind of
prestige. As a result, a growing crowd of kids began to covet this term and
simply usurped it, without actually gaining the skills required.
Before I go on, it is important to note that some full fledged hackers really
are the kinds of people that break into systems without authorization. This is
unfortunate, and is not something that many hackers like to talk about. We
sometimes call them "Dark Side Hackers". But these hackers are, by far,
outnumbered by a group of people that we call "Script Kiddies", who simply use
canned tools that they couldn't have written themselves to break into systems.
In many cases (but not all) it is dark side hackers that originally wrote the
tools, but most security incidents are probably perpetrated by script kiddies.
Anyway, back to the second point. At first, and to some extent even today,
many journalists lack the technical sophistication required to tell the
different between people that really qualify as hackers and people who claim,
falsely, to be hackers. Those of us who understand the term simply see
journalists as gullible.
But suppose we decided we've fought this battle long enough. Suppose we
surrendered this term to the layman. Would this really improve communications?
Would we have a way to talk to you journalists to help you understand the
difference between the person who understands the system well enough to create a
really impressive utility and the person who simply uses the utility in some
pathetic act of vandalism? If I can't convince you that I have some
authoritative right to correct your use of the word, can I at least convince you
that surrendering this distinction will make clear communications more
difficult.
Further, suppose we surrender this word and pick another one. How long will
it be before the script kiddies covet this new word, as well. How long will it
be before they claim this new word as their own. And how long will it be before
all these dictionaries begin to parrot their claims. If we decide on this new
word, can we count on you jounalists to do a better job of examining these false
claims than you did with the word hacker? From the first misuse of the word
hacker, we've challenged it, and you journalists have ignored us. Now that we
finally shout loudly enough that we are not so easy to ignore, you journalists
have made excuses.
Suppose we surrender this word. Are you promising to take better care of the
next one? Shall we count on jounalistic integrity to safeguard this next word
where it did nothing to protect the first? If you won't admit that you are
wrong now that the dictionary backs you up, will you at least admit that you
would have wrong before the dictionaries validated this misuse of the word
hacker? Are you honestly working towards better communications and a better
understanding or is it just tough, sometimes, to admit that you are wrong.
Regardless of what words we use, it is important to understand that there are
two different groups here and we needs ways to talk about them without getting
confused. There are people who love working with the intricate details of
computer programming. We call them "hackers". There are people who use tools
that they are not bright enough to develop themselves to commit pathetic acts of
vandalism. We call them "script kiddies", but you want to call them hackers.
Do you plan to confuse your public about the difference between these two
groups? Is there some other word that you would like us to use to describe the
first group? Have you really thought this through?
This message is public domain. You may reprint it without any other kind of
permission, but I hope you will let me know, and I hope your journalistic
integrity will guide you in quoting sections of it. I will be posting it to
SlashDot.org.
Thanks for getting the discussion going.
L. Adrian Griffis
adrian@nerds.org
Wrong. The hack is not the breakin. The hack is the tool used to breakin.
Using the tool does not make the script kiddie a hacker.
My understanding is that Ada was designed, in part, to help keep the programmer from making some kinds of mistakes. My feeling is that this philosophical influence on a language tends to lead to a more cumbersome language. Indeed, Ada is a complex enough language that it took years to create a certified version of the compiler.
I worked as a civilian consultant at an Air Force base for several years. I remember that there was a fierce resistance to using Ada for many years after the US Department of Defence issued its mandate that Ada was to be used for everything unless there was a clear justification. Even though there was a clear recognition of the fact that the multitude of languages used on individual systems and weapons platforms, NOBODY wanted to use Ada.
Adrian
What about the journalists that report it?? I've sent the following off to the BBC, in hopes that MicroSoft will shoulder its share of the blame. I encourage the rest of you to send similar messages to the BBC and to other news organizations whose coverage is similarly incomplete.
-------------
From: L. Adrian Griffis <adrian@idir.net>
To: newsonline@bbc.co.uk
Subject: Missing the Point Regarding the "ILOVEYOU" Virus.
While I'm delighted to the some substantial details in your coverage of
the tour of the "ILOVEYOU" virus, I'm disappointed that you haven't
pointed the finger at the one organization that should carry most of the
blame. That organization is MicroSoft.
Don't get me wrong, I'm appalled at the kind of attitude that must be
behind a decision to release this virus. But MicroSoft's 20 years of
reckless and perverse disregard for the safety of their customers' data
is the central theme in all of these virus incidents. In the Unix/Linux
world, when a vulnerability is discovered in an email client, it is
acknowledge as a bug and corrected. It would never occur to us to
tollerate a product that continues, release after release, with the same
flawed design from a vendor that won't even acknowledge the flaws. It
astonishes me that the MicroSoft Windows community never even cries foul
when they find that MicroSoft has, once again, held their pants down
during yet another attack. It astonishes me further that this same
community thinks it quite natural to spend money on a third party
product (a virus scanner) whose purpose is to shield this system, that
the first vendor won't lift a finger to fix, from the malicious data
that exploits the first vendor's neglect.
Why haven't I seen a single negative comment about MicroSofts role in
this crisis?
Thanks
Adrian
Not only do I prefer HTML to PDF, I think the claim that PDF files are portable is a false one. Adobe doesn't include all of the possible fonts anymore, on the theory that some fonts are included with MS-Windows. I have a CD full of PDF files that I simply cannot read on Linux because of this treacherous decision by Adobe. Also, even where PDF files do not refer to MS fonts, the PDF view for Linux is notoriously buggy. "acroread" crashes all the time.
HTML lacks some of the bells and whisles that PDF files have, but HTML is much more reliable. And, do you really need those bells and whistles that HTML doesn't provide. HTML has always been more than adequate for any documentation that I've needed to do.
Does anyone know of a source that does not require that I sign up to get spammed by whomever the NYT sells my email address to?
The 9th Circuit Court of Appeals has agreed to rehear the Bernstein case, en banc (i.e. before the entire court rather than just the usual three judge panel). The most recent ruling was in DJB's favor, so if the appeals process lost its momentum, DJB wins. The case isn't "pending" because of DJB's concerns; He won the last round. The case is pending because the Government knows they are wrong, they don't have the imagination to do more than stomp their feet and say "please, please, please, hear us again", and they don't have the courage to admit that they are wrong. The feds are stalling, plain and simple.
Adrian
PS: IANAL
All this decision does is clear up a single point of law. The district court issued a summary judgement stating that there was no need to consider the First Amendment claim, because it felt that the source code was too functional and not sufficiently expressive to warrent First Amendment protection.
The appellate court corrected this misconception and instructed the lower court to consider the case again. The lower court could still consider the First Amendment claim and decide that the government's interrest is overriding, but before this ruling, the lower court didn't feel that it had to consider a First Amendment claim at all.
This ruling is a step in the right direction, but it is far from a (correct IMO) ruling in Junger's favor. It does not make DeCSS legal, it does not shoot down the ridiculous ITAR/BXA restrictions, it does not war obsolete, etc..
This ruling does, perhaps, cast a slightly better light on the position of the good guys in many of these encryption related cases. It is good news, but please, folks, get a grip!
Adrian
PS: IANAL
PPS: I am not a witless idiot, either. 8-)
When M$-Word is released with an appallingly unsecure macro language, and when the virus writers demonstrate this, it never occurs to the M$ developers or their user community that the answer is to remove those capabilities in the macro language that make it unsecure. Their answer is to live with the unsecure language and construct an elaborate system of virus signature scanners, virus cleaners, and a virus signature distribution system.
When sendmail or pine is discovered to have a flaw that can be exploited to gain unauthorized access to a system, we, as a community, see this as a problem, and the problem gets fixed. It would never occur to Eric A. to leave an exploitable flaw in sendmail, because he knows that we won't accept it.
As long as we, as a community, are determined to see security flaws as unacceptable aberations, we will never see a proliferation of Unix/Linux viruses that we see in the M$ world.
It seems to me that this is why the US shouldn't be restricting the export of strong encryption. Aren't we better off making strong encryption availible to dissidents in those countries whose governments we are most concerned about?
I understand that Chinese students in the U.S. were sending news about the Tiananmen Square massacre over BitNet to Beijing, and that news was faxed all over the rest of China. And yet, somehow, our NSA believes that, in the unlikely event that they can contain domesticly developed encryption technology (you know, all that encryption developement that hasn't been driven overseas yet by our silly laws) within US borders, US national interrests are best served by keeping this technology out of the hands of Russian and Chinese dissidents.
But wait! Billy C. has changed our policies. Now it is only dissidents in countries like Iran and Lybia that are to be denied the fruits of all that advanced encryption technology that's only availible here in the good old USA (right?).
I'd suspect that the governments of Lybia and Iran paid him off to keep thier dissidents from getting strong encryption, but I don't think he has enough of a clue about the real benefactors of his regulations to know that he could looks for such a source of income.
Why do I always have to feel embarrased by the elected officials in my own governement? I suppose we elected them, so they are the governement we deserve. But still.. Why?
Oh well.
Adrian