``So the brilliant marketing boys at IBM decided to support Windows and Windows apps under OS/2 and market it as a "better Windows than Windows". And it was - about the only stable way to run Windows before 3.1 was to run in under OS/2. So they basically supported MS's buggy product and discouraged migration of apps to their much superior system (why not just develop for Windows if OS/2 can run Windows too?). When MS finally fixed Windows, there was no reason to run it under OS/2, no reason for most of the buyers to continue OS/2 and no reason for developers to do the considerable work of porting their DOS apps to OS/2 rather than Windows 3.1.''
And yet, when Microsoft does the same thing, it's called "embrace, extend, extinguish". Somehow, that didn't work for IBM (and remember, IBM was the 300 pound gorilla back then).
As far as I am concerned, OS/2 bled to death. When I first experienced it (this was, I think, OS/2 Warp, version 3.0...at any rate, shortly before Windows 95 was released) I really liked it a lot. It was a huge step from DOS, yet managed to stay compatible with it, and it had all kinds of technical improvements. Then came Windows 95 and I watched in agony as that piece of junk took over the world. It was like OS/2, only bad. Crashed all the time, etc. Those who lived through it probably know what I mean. Windows 95 is what got me to Linux. One day, it crashed and failed to come up again. I said "there must be something better". I knew OS/2, but couldn't get my hands on a copy. I searched and found Linux. I've been using it ever since.
Meanwhile, IBM did update OS/2, but I never saw it anywhere. Some open source projects sprang up around it, but I still couldn't find the actual OS anywhere. Then IBM announced it would be end of lifed, and I finally managed to pick up a copy of OS/2 Warp from a store that sold old junk. I couldn't get it installed on either real or virtual hardware (I think the problem was with hard disk support).
I don't know why OS/2 failed. Fact is that many people liked it but didn't manage to get a copy. By now, I would be very surprised to find people wanting to run OS/2 for anything other than backward compatibility or geeky curiosity. I don't think OS/2 still has much to offer on a technical front, and whatever UI benefits it had have likely been duplicated elsewhere. Of course, I could be wrong...not having seen a working OS/2 instance for years.
Fortunately for the RIAA, the old content of the site has been archived by the Internet Archive.
Although that poses a rather uncomfortable dilemma for the RIAA: should they thank archive.org for saving their content...or sue them for copyright infringement?
``Why is something as notionally simple as contact list transfer so technologically complicated that we actually consider it to be a great service to us when two giants like Microsoft and Facebook bless us with the ability to synchronize our contact information between them?''
I don't think the problem is that is technologically complicated. I think that it is a matter of mindset. Most people will simply not consider doing something with their computers unless it is advertised to them as a service. If you have a programmer's mindset, it will be natural to try combining features with one another to gain new functionality, or even try to find or create functionality that you wish were there. Most people don't work that way; they'll sit back until a software upgrade introduces a new feature and go oh and ah when they like it, no matter if it is something that has been possible somehow for years, or something actually new.
``While using it to issue voice commands is OK (and can be a real time-saver as it avoids going into Start,/Applications, Programs menu etc)''
What?
Oh, ah, yeah. Sorry, I've been away from Windows for a _long_ time. This is yet another one of those things that work great when you only have a few items, but really not that well anymore when the lists get longer. Like the task bar...by the time you have more than a few windows open, there isn't space anymore for the text.
Really, there are better ways. Speech commands are one, which solves the problem is basically the same way as the command line, which is what I use. It just puts everything into a single list. No hierarchy to navigate. Actually, nothing to navigate at all; you aren't selecting an item from a list you are offered, you are just telling the computer what you want. The downside of this is, of course, lack of discoverability. How do you find out there is a program called Ekiga in the first place? (And, when using speech recognition, how should you pronounce it?)
Apple's (NEXTSTEP's, really) dock is another solution. Single, flat list, everything immediately accessible. This system will eventually run into problems when the list gets too large, but the fact that items are distinguished by their (large enough to actually be distinguishable) icons makes it a bit better than a system based on text (which is long in one dimension). Compared to commands, it has the advantage that it's discoverable, and the disadvantage that it doesn't scale. I can fit about 40 icons along the bottom of my screen at usable size, whereas the shell lets me easily choose from over 2400 commands. But then again, most of the shell commands can't really sensibly be put in icons, and of those that can, I wouldn't be surprised if the number I used regularly were less than 40.
I don't know why you got modded up. I mean, obviously overselling something isn't a Good Thing, but I don't think we're overselling open source. If anything, open source is underappreciated because it is misunderstood, meaning we need to spend _more_ time informing people.
``solves every problem from bugs to world poverty and acne.''
Have I ever claimed it does this? I didn't even start out talking about open source per se, I said "generally, anything that's hackable". But now that you brought it up, I do think open source can help with bugs and world poverty, if not acne.
``Selling points for the general public are more along the lines of long-term availability of the software, a better record on fixing bugs and a culture that encourages interoperability.''
Yes, and open source generally does well here. So why are you arguing against it and why did you get modded up for it?
``"You can fix it yourself" isn't a selling point for most people, even if it were true.''
It's not what I said, either. I said that everyone who wants to can make improvements, and even if you do not make any improvements yourself, you can benefit from them. And that _is_ true.
``"This car comes with no warranty, there are no dealers, but you are free to cast your own engine parts when it breaks down, and even to distribute those engine parts to third parties" isn't a sales pitch you are going to see on TV any time soon.''
And is completely irrelevant to everything in this thread. We are not talking about products for which there is no warranty and no dealer.
Seriously, you are putting things into this discussion that weren't there before, and then attacking them, while trying to make me come off as some sort of blind open source zealot. Pretty much everything you've said is flawed or even complete nonsense. And yet, you got modded up. I am astonished, and angry.
``There ought to be a Slashdot autoresponder for this suggestion. It is not and never has been true of software, and is even less true of hardware. If you really think you can personally add whatever feature you fancy to any and all open-source software in anything like a reasonable timescale, I suspect you've never tried. I'd really like emacs to display all regexes properly (# is a particular problem in both perl and tcl modes). The bug has been around for years, and I'm sure tens of thousands of technical users have noticed. Can you fix that for me by next Wednesday?
If you think it makes sense to even try fixing other people's code in most cases, you are probably still in full-time education. I suspect I could work out a fix for the above problem if I had nothing else to do for a few months, but the reason I use emacs in the first place is because I have other things to do. That's true of the vast majority of software users. The options are to live with the bugs, hold out for a bug fix and find another product that does the same job better.''
Ok, you win. Open source clearly isn't perfect. Therefore, we should all throw in the towel and go back to closed-source software. After all, since open source software isn't perfect, closed source software is clearly better.
``Also, "open source" does not mean "anyone can tinker with it" as you suggest. Hackers (the malicious type) may be able to read the source code, but that doesn't necessarily mean they can modify it or the compiled version on your machine.''
Exactly what I was trying to communicate. Anyone can change their own copy, and you can apply the changes to your own copy if you want, but you don't have to.
``Indeed. But so are the reasons for closed hardware. Your argument that ANYONE (your word) can modify a device that uses electricity is, for the majority of the population, an argument against, not for, openness.''
That's a very good point! I honestly hadn't thought of that.
People are right to be concerned about others tampering with their devices, and the concern that this will happen when it's open source (which about literally means "anyone can tinker with it") is definitely understandable.
Perhaps it would be good if we started spreading the message that open source does _not_ mean that anyone will tamper with _your_ things without your permission. And that, in fact, open source can help prevent this behavior; without being allowed to know what something does, exactly (closed source), it's easy enough to insert parts that monitor you, modify your settings, etc., and go undetected. When anyone can see what's going on (open source), this is much more difficult...and given that there are many in th open source crowd who frown on these practices, it is likely that they _will_ be detected..._and_ stopped.
Aren't the benefits of open source, or, generally, hackable hardware very simple to explain?
If there is any bug, or desireable feature that is missing, or really any kind of improvement to be made, it can be made by anyone. This includes you, but you don't have to do it yourself - chances are there is somebody who wants the same improvement and will make it and share it with the world. Sure, companies will also enhance closed-source products, but now it's not just the company that does this, but a large group of volunteers, as well. This means that improvements can be expected to be made much more quickly and in many more directions at once. Plus, if the company ever stops supporting the product, the community will continue supporting it until the last person has lost interest.
``How telling is it that the overwhelming majority of/. users seem to despise the idea of technology in the ballot box? We're the group that one would think would be the first to welcome the modernization of voting, the elimination of the "arcane" technology of scribbles on paper as a way for millions of people to vote?''
I much rather think that we are, by and large, a group that understands technology, and makes at least somewhat informed decisions on what is good and what isn't, what to use and what to avoid.
``In short, accurate elections with anonymous, non-voter-provable (to prevent blackmail/vote purchasing) votes are hard, but since they are the basis for our system of government, we need to do the work to do it right.''
The bad news is that none of the better systems have taken off yet. Part of the problem is that people really don't care. Part of the problem is that politicians actually don't _want_ to admit there is something wrong and fix it (that, at least, is how it is in the Netherlands). Part of the problem is that people keep re-inventing the wheel, usually poorly, instead of using the solutions others have already come up with. And part of the problem is that all these new systems are just _complicated_.
All things considered, I believe simple paper voting and counting votes by hand is the best solution to date. It isn't perfect, but the security implications are easy to understand, and there are established procedures that provide the desireable properties for voting systems (accuracy, verifiability, privacy, etc.)
``Mac OS X is the success of Unix on the desktop, period.''
Yes. And Linux is, too. Honestly, I don't think OS X and Linux market share differ as much as TFA would have you believe. Of course, that's just what _I_ think. Actually reliable data simply don't exist, because your measurements are _always_ biased. Although it would be interesting to see how the OS distribution is for, say, Google or YouTube users.
``There are a lot of geeks who are reluctant to admit it, though. Most people pinned their hope on Linux + GNOME/KDE for delivering us from evil. While GNOME and KDE brought Unix miles ahead in terms of GUI usability, neither matched the elegance and power of the NeXTSTEP interface developed years before; the evolution from NeXTSTEP to OS X has further secured this lead.''
That may be true. I, however, am reluctant to admit that OS X is _the_ (note the emphasis) success of Unix on the desktop, for reasons I mention both above and below.
``The defeat of their favorite candidate for Unix GUI Savior left many geeks unwilling to even consider or support the idea of OS X as a real Unix, as an improvement to Windows or existing Unix GUIs, etc.''
The reason I see OS X as about a half-Unix is that while it's like Unix in many aspects, it's also decidedly unlike it in some. For example, Unix has had X11 for its GUI subsystem for ages, and still does. On OS X, you get Apples beautiful but decidedly different system, with X11 available as an add-on if you take the trouble to install it. This actually very much gets in the way of portability between OS X and other Unices. Admittedly, portability being difficult is nothing new in the Unix world, but if an app that works well and looks in its right place on Linux, the BSDs, and Solaris looks out of place on OS X, and an app that works well and looks in place on OS X doesn't work on any of the others, that does give me a certain resistance to putting OS X in the same group with them.
As a final note, I would like to add that I have never been a great fan of KDE or GNOME. To me, they are both Windows knock-offs and probably good for users who are used to Windows, but I much prefer something lighter and more radical. I am currently hooked on non-overlapping windows, as featured in Ratpoison, Ion, wmii, etc. And in case you were wondering: yes, that does mean I don't like having to work with OS X's GUI.
``It's all a geek dream anyway, that people doing work for free is going to somehow outperform people who do their jobs to get paid and rely on that payment to sustain the quality of living they are used to. Not to mention that during this time that the people are writing free software they have to be working for a living; working on other projects and with other distractions. It just doesn't add up that Linux could be better than Apple, or even Microsoft, despite how completely fucked Vista seems to be so far.
Now, I know there are many ways you can tear up the logic in this post, and I freely encourage you to do so. But ultimately what you need to do is explain why, if my logic is flawed, the situation is as it remains today.''
Eh? Open source _is_ better than Microsoft and Apple. And that's with Apple having gotten a lot of stuff from the open source community. Where commercial software is developed by people under deadlines who have to care more about their evaluations than about the quality of the final product, open source software is developed by people for the love of it, for their own use, and as an advertisement for their skills. It just doesn't add up that Apple, or even Microsoft, could be better than an essentially infinite pool of dedicated and skilled developers with infinite amounts of time and no concerns about budgets or keeping business partners happy. Just compare Ubuntu to Vista.
There. My word against yours. Neither of your arguments are anywhere near conclusive, well-founded, or backed up by evidence. We're both just talking out of our orifices. And that's my _real_ point. While you have been waving the flag of logic and challenged others to step up to a standard you yourself haven't bothered to hold yourself to, I have at least pointed out that flaw in your claims, even if my claims about open source vs. proprietary development models are just as worthless as yours.
``Honestly, I have never thought of calling my operating system manufacturer for support. ''
I've known people who administer Windows machines in various companies who have called Microsoft for support. In all cases, they were on the phone for hours and didn't eventually get a solution from Microsoft. In some cases, I was able to find a solution in a few minutes by searching the fine web.
2007 WinXP W2000 Win98 Vista W2003 Linux Mac November 72.8% 5.1% 1.0% 6.3% 2.0% 3.3% 3.9%
2006 WinXP W2000 Win98 WinNT W2003 Linux Mac December 75.7% 7.9% 1.0% 0.2% 1.9% 3.6% 3.8%
I was just considering to post this to Slashdot yesterday and see what would happen. Can you see the oh my dog factor? Linux _lost_ about 10% of its market share!!
FWIW, you just did a really good job at describing my experience with OS X. And I do a lot of Ruby work. OS X is just enough different from the free unices that it grates. apt-get is a total win, I think it's fair to say that, for me, it is _the_ killer app for an OS. And OS X doesn't have it (in the sense that there is no _single_ part that keeps the whole system up to date). Oh, and while the low-end Macs are sold with just too little memory for OS X, Linux is snappy and happy on them.
``This is not an injection bug per se, but more a string parsing bug.''
By "injection vulnerability", I mean and understand "a possibility to 'break out' of a certain datum and thus inject (part of) it into the surrounding data structure, where this is not desired". Is that not what is happening here?
``Parsing needs to be done as long as not all content is implicitly structured. One point in using XML for anything is to avoid doing any parsing on your own. But, think about it, would you like an e-mail address, URL or file path to be a structued list or XML snippet? And could we be sure that the structure is always the right one, so there will be no need to flatten it and reparse it and get into the same old bugs?''
I am not going to answer that, because it is beside the point. XML is parsed, too. What I meant in my original post is that you can create and pass everything in data structures, rather than marshalling and unmarshalling it.
If you _do_ marshal and unmarshal your data structures, of course it makes sense to do so using a robust marshaller and unmarshaller. And a proper API. If, in PHP, you do "SELECT FROM Table WHERE field = $value", you're asking for trouble. Of course, what Firefox does is going to be different at least in the language they use, but the principle along which all these vulnerabilities come in existence is the same: composing data in a way that doesn't preserve structure, and then assuming the structure has been preserved.
No, I think you're quite wrong. DRM and encryption are not the same thing. The purpose of DRM is to prevent people from doing things that you don't want them doing with the bits you release. One way to make that work is to write a program that enforces the policy you want to enforce and make that program the only program that can do something useful with the bits. And that's where encryption comes in. By scrambling the bits and not telling anyone how to unscramble them, you make it difficult for anyone to make sense of the bits you send out. One way to do that is to use encryption and hiding the key.
Where DRM goes "wrong" is that scrambling does not do anything to prevent copying, which is supposedly what it is intended to prevent, but it does prevent _using_ the content...at least in any way not provided for by those who know how to unscramble it. In other words, it does nothing to stop the pirates, but does restrain legitimate users.
Of course, the next step up (once you have restricted using the content to only programs you control) is to make those programs phone home and do some kind of check before allowing the content to be used. Done right, this can actually do something against those who violated your terms, while allowing legitimate uses.
And, of course, it all falls down once people start tinkering with the officially approved decoders. After all, that decoder can get at the actual content. If you can somehow get the content out, you will no longer need the officially approved decoder afterward. I think it is this kind of tinkering that "Trusted Computing" is intended to prevent.
Sometimes, injection vulnerabilities make me laugh. I mean, how difficult can it be to just put a string in another string?
Not very difficult, obviously.
And, honestly, it _isn't_ very difficult. It's only when you then go and interpret the resulting string as code that weird things start to happen. The solution is simple: don't treat strings as code. In Lisp, for example, the more natural way to compose the code would be to use list construction instead of string concatenation. That way, you can put whatever you want in the string, but it will never be excuted as code.
But then, of course, everybody loathes Lisp. And smug Lisp weenies. So I'll get modded down. On the other hand, I said I would get modded down, so I'll probably get modded up.
In an actual democracy, you can replace the sitting politicians with better ones. If there aren't any better ones to choose from, you can run yourself. The problem (well, inoring problems with the system for now) is getting the voting public to see that you are right and the others are wrong. Politicians get away with predictably ineffective, wrong-headed, or sometimes just plain evil laws because they can make the public at large believe they're actually good ideas.
Ban black hat tools? Sure! Nobody wants their computer broken into, right? So everything that stops that is welcome. And what matters in the political game is that it _sounds_ like it would help to an ignorant observer. Not that it will actually is a good idea in reality.
Perhaps a mandatory recording of the stated goal of a law and a mandatory asesssment of the effectiveness of that law in achieving that goal, as well as its overall cost, followed by a repeal or at least amendment of the law and a black mark for the politicians who proposed and supported it if it turns out to have had more harmful effects than goal-achieving ones would help here.
Slashdot Mirror
``Sony uses Quicktime for quite a few of their products, and it has bit customers hard.''
Serves them right. The customers, I mean. Seriously, if you _pay_ for proprietary software/media and DRM, you deserve to have compatibility problems.
``So the brilliant marketing boys at IBM decided to support Windows and Windows apps under OS/2 and market it as a "better Windows than Windows". And it was - about the only stable way to run Windows before 3.1 was to run in under OS/2. So they basically supported MS's buggy product and discouraged migration of apps to their much superior system (why not just develop for Windows if OS/2 can run Windows too?). When MS finally fixed Windows, there was no reason to run it under OS/2, no reason for most of the buyers to continue OS/2 and no reason for developers to do the considerable work of porting their DOS apps to OS/2 rather than Windows 3.1.''
And yet, when Microsoft does the same thing, it's called "embrace, extend, extinguish". Somehow, that didn't work for IBM (and remember, IBM was the 300 pound gorilla back then).
``You must have been using Windows 95 for quite a while before Linux came onto the scene.''
Actually, Linux is older than Windows 95.
As far as I am concerned, OS/2 bled to death. When I first experienced it (this was, I think, OS/2 Warp, version 3.0...at any rate, shortly before Windows 95 was released) I really liked it a lot. It was a huge step from DOS, yet managed to stay compatible with it, and it had all kinds of technical improvements. Then came Windows 95 and I watched in agony as that piece of junk took over the world. It was like OS/2, only bad. Crashed all the time, etc. Those who lived through it probably know what I mean. Windows 95 is what got me to Linux. One day, it crashed and failed to come up again. I said "there must be something better". I knew OS/2, but couldn't get my hands on a copy. I searched and found Linux. I've been using it ever since.
Meanwhile, IBM did update OS/2, but I never saw it anywhere. Some open source projects sprang up around it, but I still couldn't find the actual OS anywhere. Then IBM announced it would be end of lifed, and I finally managed to pick up a copy of OS/2 Warp from a store that sold old junk. I couldn't get it installed on either real or virtual hardware (I think the problem was with hard disk support).
I don't know why OS/2 failed. Fact is that many people liked it but didn't manage to get a copy. By now, I would be very surprised to find people wanting to run OS/2 for anything other than backward compatibility or geeky curiosity. I don't think OS/2 still has much to offer on a technical front, and whatever UI benefits it had have likely been duplicated elsewhere. Of course, I could be wrong...not having seen a working OS/2 instance for years.
Fortunately for the RIAA, the old content of the site has been archived by the Internet Archive.
Although that poses a rather uncomfortable dilemma for the RIAA: should they thank archive.org for saving their content...or sue them for copyright infringement?
``Why is something as notionally simple as contact list transfer so technologically complicated that we actually consider it to be a great service to us when two giants like Microsoft and Facebook bless us with the ability to synchronize our contact information between them?''
I don't think the problem is that is technologically complicated. I think that it is a matter of mindset. Most people will simply not consider doing something with their computers unless it is advertised to them as a service. If you have a programmer's mindset, it will be natural to try combining features with one another to gain new functionality, or even try to find or create functionality that you wish were there. Most people don't work that way; they'll sit back until a software upgrade introduces a new feature and go oh and ah when they like it, no matter if it is something that has been possible somehow for years, or something actually new.
``While using it to issue voice commands is OK (and can be a real time-saver as it avoids going into Start, /Applications, Programs menu etc)''
What?
Oh, ah, yeah. Sorry, I've been away from Windows for a _long_ time. This is yet another one of those things that work great when you only have a few items, but really not that well anymore when the lists get longer. Like the task bar...by the time you have more than a few windows open, there isn't space anymore for the text.
Really, there are better ways. Speech commands are one, which solves the problem is basically the same way as the command line, which is what I use. It just puts everything into a single list. No hierarchy to navigate. Actually, nothing to navigate at all; you aren't selecting an item from a list you are offered, you are just telling the computer what you want. The downside of this is, of course, lack of discoverability. How do you find out there is a program called Ekiga in the first place? (And, when using speech recognition, how should you pronounce it?)
Apple's (NEXTSTEP's, really) dock is another solution. Single, flat list, everything immediately accessible. This system will eventually run into problems when the list gets too large, but the fact that items are distinguished by their (large enough to actually be distinguishable) icons makes it a bit better than a system based on text (which is long in one dimension). Compared to commands, it has the advantage that it's discoverable, and the disadvantage that it doesn't scale. I can fit about 40 icons along the bottom of my screen at usable size, whereas the shell lets me easily choose from over 2400 commands. But then again, most of the shell commands can't really sensibly be put in icons, and of those that can, I wouldn't be surprised if the number I used regularly were less than 40.
I don't know why you got modded up. I mean, obviously overselling something isn't a Good Thing, but I don't think we're overselling open source. If anything, open source is underappreciated because it is misunderstood, meaning we need to spend _more_ time informing people.
``solves every problem from bugs to world poverty and acne.''
Have I ever claimed it does this? I didn't even start out talking about open source per se, I said "generally, anything that's hackable". But now that you brought it up, I do think open source can help with bugs and world poverty, if not acne.
``Selling points for the general public are more along the lines of long-term availability of the software, a better record on fixing bugs and a culture that encourages interoperability.''
Yes, and open source generally does well here. So why are you arguing against it and why did you get modded up for it?
``"You can fix it yourself" isn't a selling point for most people, even if it were true.''
It's not what I said, either. I said that everyone who wants to can make improvements, and even if you do not make any improvements yourself, you can benefit from them. And that _is_ true.
``"This car comes with no warranty, there are no dealers, but you are free to cast your own engine parts when it breaks down, and even to distribute those engine parts to third parties" isn't a sales pitch you are going to see on TV any time soon.''
And is completely irrelevant to everything in this thread. We are not talking about products for which there is no warranty and no dealer.
Seriously, you are putting things into this discussion that weren't there before, and then attacking them, while trying to make me come off as some sort of blind open source zealot. Pretty much everything you've said is flawed or even complete nonsense. And yet, you got modded up. I am astonished, and angry.
``There ought to be a Slashdot autoresponder for this suggestion. It is not and never has been true of software, and is even less true of hardware. If you really think you can personally add whatever feature you fancy to any and all open-source software in anything like a reasonable timescale, I suspect you've never tried. I'd really like emacs to display all regexes properly (# is a particular problem in both perl and tcl modes). The bug has been around for years, and I'm sure tens of thousands of technical users have noticed. Can you fix that for me by next Wednesday?
If you think it makes sense to even try fixing other people's code in most cases, you are probably still in full-time education. I suspect I could work out a fix for the above problem if I had nothing else to do for a few months, but the reason I use emacs in the first place is because I have other things to do. That's true of the vast majority of software users. The options are to live with the bugs, hold out for a bug fix and find another product that does the same job better.''
Ok, you win. Open source clearly isn't perfect. Therefore, we should all throw in the towel and go back to closed-source software. After all, since open source software isn't perfect, closed source software is clearly better.
``Also, "open source" does not mean "anyone can tinker with it" as you suggest. Hackers (the malicious type) may be able to read the source code, but that doesn't necessarily mean they can modify it or the compiled version on your machine.''
Exactly what I was trying to communicate. Anyone can change their own copy, and you can apply the changes to your own copy if you want, but you don't have to.
``Indeed. But so are the reasons for closed hardware. Your argument that ANYONE (your word) can modify a device that uses electricity is, for the majority of the population, an argument against, not for, openness.''
That's a very good point! I honestly hadn't thought of that.
People are right to be concerned about others tampering with their devices, and the concern that this will happen when it's open source (which about literally means "anyone can tinker with it") is definitely understandable.
Perhaps it would be good if we started spreading the message that open source does _not_ mean that anyone will tamper with _your_ things without your permission. And that, in fact, open source can help prevent this behavior; without being allowed to know what something does, exactly (closed source), it's easy enough to insert parts that monitor you, modify your settings, etc., and go undetected. When anyone can see what's going on (open source), this is much more difficult...and given that there are many in th open source crowd who frown on these practices, it is likely that they _will_ be detected..._and_ stopped.
Aren't the benefits of open source, or, generally, hackable hardware very simple to explain?
If there is any bug, or desireable feature that is missing, or really any kind of improvement to be made, it can be made by anyone. This includes you, but you don't have to do it yourself - chances are there is somebody who wants the same improvement and will make it and share it with the world. Sure, companies will also enhance closed-source products, but now it's not just the company that does this, but a large group of volunteers, as well. This means that improvements can be expected to be made much more quickly and in many more directions at once. Plus, if the company ever stops supporting the product, the community will continue supporting it until the last person has lost interest.
There. Was that so difficult?
``How telling is it that the overwhelming majority of /. users seem to despise the idea of technology in the ballot box? We're the group that one would think would be the first to welcome the modernization of voting, the elimination of the "arcane" technology of scribbles on paper as a way for millions of people to vote?''
I much rather think that we are, by and large, a group that understands technology, and makes at least somewhat informed decisions on what is good and what isn't, what to use and what to avoid.
``In short, accurate elections with anonymous, non-voter-provable (to prevent blackmail/vote purchasing) votes are hard, but since they are the basis for our system of government, we need to do the work to do it right.''
The good news is that the hard work has been done.
The bad news is that none of the better systems have taken off yet. Part of the problem is that people really don't care. Part of the problem is that politicians actually don't _want_ to admit there is something wrong and fix it (that, at least, is how it is in the Netherlands). Part of the problem is that people keep re-inventing the wheel, usually poorly, instead of using the solutions others have already come up with. And part of the problem is that all these new systems are just _complicated_.
All things considered, I believe simple paper voting and counting votes by hand is the best solution to date. It isn't perfect, but the security implications are easy to understand, and there are established procedures that provide the desireable properties for voting systems (accuracy, verifiability, privacy, etc.)
``Mac OS X is the success of Unix on the desktop, period.''
Yes. And Linux is, too. Honestly, I don't think OS X and Linux market share differ as much as TFA would have you believe. Of course, that's just what _I_ think. Actually reliable data simply don't exist, because your measurements are _always_ biased. Although it would be interesting to see how the OS distribution is for, say, Google or YouTube users.
``There are a lot of geeks who are reluctant to admit it, though. Most people pinned their hope on Linux + GNOME/KDE for delivering us from evil. While GNOME and KDE brought Unix miles ahead in terms of GUI usability, neither matched the elegance and power of the NeXTSTEP interface developed years before; the evolution from NeXTSTEP to OS X has further secured this lead.''
That may be true. I, however, am reluctant to admit that OS X is _the_ (note the emphasis) success of Unix on the desktop, for reasons I mention both above and below.
``The defeat of their favorite candidate for Unix GUI Savior left many geeks unwilling to even consider or support the idea of OS X as a real Unix, as an improvement to Windows or existing Unix GUIs, etc.''
The reason I see OS X as about a half-Unix is that while it's like Unix in many aspects, it's also decidedly unlike it in some. For example, Unix has had X11 for its GUI subsystem for ages, and still does. On OS X, you get Apples beautiful but decidedly different system, with X11 available as an add-on if you take the trouble to install it. This actually very much gets in the way of portability between OS X and other Unices. Admittedly, portability being difficult is nothing new in the Unix world, but if an app that works well and looks in its right place on Linux, the BSDs, and Solaris looks out of place on OS X, and an app that works well and looks in place on OS X doesn't work on any of the others, that does give me a certain resistance to putting OS X in the same group with them.
As a final note, I would like to add that I have never been a great fan of KDE or GNOME. To me, they are both Windows knock-offs and probably good for users who are used to Windows, but I much prefer something lighter and more radical. I am currently hooked on non-overlapping windows, as featured in Ratpoison, Ion, wmii, etc. And in case you were wondering: yes, that does mean I don't like having to work with OS X's GUI.
``It's all a geek dream anyway, that people doing work for free is going to somehow outperform people who do their jobs to get paid and rely on that payment to sustain the quality of living they are used to. Not to mention that during this time that the people are writing free software they have to be working for a living; working on other projects and with other distractions. It just doesn't add up that Linux could be better than Apple, or even Microsoft, despite how completely fucked Vista seems to be so far.
Now, I know there are many ways you can tear up the logic in this post, and I freely encourage you to do so. But ultimately what you need to do is explain why, if my logic is flawed, the situation is as it remains today.''
Eh? Open source _is_ better than Microsoft and Apple. And that's with Apple having gotten a lot of stuff from the open source community. Where commercial software is developed by people under deadlines who have to care more about their evaluations than about the quality of the final product, open source software is developed by people for the love of it, for their own use, and as an advertisement for their skills. It just doesn't add up that Apple, or even Microsoft, could be better than an essentially infinite pool of dedicated and skilled developers with infinite amounts of time and no concerns about budgets or keeping business partners happy. Just compare Ubuntu to Vista.
There. My word against yours. Neither of your arguments are anywhere near conclusive, well-founded, or backed up by evidence. We're both just talking out of our orifices. And that's my _real_ point. While you have been waving the flag of logic and challenged others to step up to a standard you yourself haven't bothered to hold yourself to, I have at least pointed out that flaw in your claims, even if my claims about open source vs. proprietary development models are just as worthless as yours.
``Honestly, I have never thought of calling my operating system manufacturer for support. ''
I've known people who administer Windows machines in various companies who have called Microsoft for support. In all cases, they were on the phone for hours and didn't eventually get a solution from Microsoft. In some cases, I was able to find a solution in a few minutes by searching the fine web.
More statistics, from http://www.w3schools.com/browsers/browsers_os.asp:
2007 WinXP W2000 Win98 Vista W2003 Linux Mac
November 72.8% 5.1% 1.0% 6.3% 2.0% 3.3% 3.9%
2006 WinXP W2000 Win98 WinNT W2003 Linux Mac
December 75.7% 7.9% 1.0% 0.2% 1.9% 3.6% 3.8%
I was just considering to post this to Slashdot yesterday and see what would happen. Can you see the oh my dog factor? Linux _lost_ about 10% of its market share!!
FWIW, you just did a really good job at describing my experience with OS X. And I do a lot of Ruby work. OS X is just enough different from the free unices that it grates. apt-get is a total win, I think it's fair to say that, for me, it is _the_ killer app for an OS. And OS X doesn't have it (in the sense that there is no _single_ part that keeps the whole system up to date). Oh, and while the low-end Macs are sold with just too little memory for OS X, Linux is snappy and happy on them.
Slashdot uses plain text authentication. So does security.nl. And lots of other sites. It's embarassing, really.
``This is not an injection bug per se, but more a string parsing bug.''
By "injection vulnerability", I mean and understand "a possibility to 'break out' of a certain datum and thus inject (part of) it into the surrounding data structure, where this is not desired". Is that not what is happening here?
``Parsing needs to be done as long as not all content is implicitly structured. One point in using XML for anything is to avoid doing any parsing on your own. But, think about it, would you like an e-mail address, URL or file path to be a structued list or XML snippet? And could we be sure that the structure is always the right one, so there will be no need to flatten it and reparse it and get into the same old bugs?''
I am not going to answer that, because it is beside the point. XML is parsed, too. What I meant in my original post is that you can create and pass everything in data structures, rather than marshalling and unmarshalling it.
If you _do_ marshal and unmarshal your data structures, of course it makes sense to do so using a robust marshaller and unmarshaller. And a proper API. If, in PHP, you do "SELECT FROM Table WHERE field = $value", you're asking for trouble. Of course, what Firefox does is going to be different at least in the language they use, but the principle along which all these vulnerabilities come in existence is the same: composing data in a way that doesn't preserve structure, and then assuming the structure has been preserved.
http://inglorion.net/documents/essays/vorbis-microsoft-apple/
No, I think you're quite wrong. DRM and encryption are not the same thing. The purpose of DRM is to prevent people from doing things that you don't want them doing with the bits you release. One way to make that work is to write a program that enforces the policy you want to enforce and make that program the only program that can do something useful with the bits. And that's where encryption comes in. By scrambling the bits and not telling anyone how to unscramble them, you make it difficult for anyone to make sense of the bits you send out. One way to do that is to use encryption and hiding the key.
Where DRM goes "wrong" is that scrambling does not do anything to prevent copying, which is supposedly what it is intended to prevent, but it does prevent _using_ the content...at least in any way not provided for by those who know how to unscramble it. In other words, it does nothing to stop the pirates, but does restrain legitimate users.
Of course, the next step up (once you have restricted using the content to only programs you control) is to make those programs phone home and do some kind of check before allowing the content to be used. Done right, this can actually do something against those who violated your terms, while allowing legitimate uses.
And, of course, it all falls down once people start tinkering with the officially approved decoders. After all, that decoder can get at the actual content. If you can somehow get the content out, you will no longer need the officially approved decoder afterward. I think it is this kind of tinkering that "Trusted Computing" is intended to prevent.
Sometimes, injection vulnerabilities make me laugh. I mean, how difficult can it be to just put a string in another string?
Not very difficult, obviously.
And, honestly, it _isn't_ very difficult. It's only when you then go and interpret the resulting string as code that weird things start to happen. The solution is simple: don't treat strings as code. In Lisp, for example, the more natural way to compose the code would be to use list construction instead of string concatenation. That way, you can put whatever you want in the string, but it will never be excuted as code.
But then, of course, everybody loathes Lisp. And smug Lisp weenies. So I'll get modded down. On the other hand, I said I would get modded down, so I'll probably get modded up.
In an actual democracy, you can replace the sitting politicians with better ones. If there aren't any better ones to choose from, you can run yourself. The problem (well, inoring problems with the system for now) is getting the voting public to see that you are right and the others are wrong. Politicians get away with predictably ineffective, wrong-headed, or sometimes just plain evil laws because they can make the public at large believe they're actually good ideas.
Ban black hat tools? Sure! Nobody wants their computer broken into, right? So everything that stops that is welcome. And what matters in the political game is that it _sounds_ like it would help to an ignorant observer. Not that it will actually is a good idea in reality.
Perhaps a mandatory recording of the stated goal of a law and a mandatory asesssment of the effectiveness of that law in achieving that goal, as well as its overall cost, followed by a repeal or at least amendment of the law and a black mark for the politicians who proposed and supported it if it turns out to have had more harmful effects than goal-achieving ones would help here.