While I agree with many of your points -- such as that the BBS community is not gone (though it is but a shadow of what it once was) and that the future may see many more Internet-connected BBS's (such as the 50+ telnet-access Wildcat! systems listed here) -- I disagree that it is wise and/or helpful to use the discussion of the passing of a well-known member of the online community as a forum for defending the BBS scene.
I'd prefer to see government officials become more bland, rather than offending me regularly with tabloid-appropriate behavior with interns, taking away the rights of the innocent in a misguided (at best) attempt to prevent crime, etc. This attitude regarding online reading is just one more offense to add to the stack.
"A government big enough to give you everything you want is a government big enough to take from you everything you have." Gerald Ford
I was wondering if anyone else would mention the PowerHouse 4GL from Cognos. I used it under VAX/VMS for several years in the 90s, and it met our needs fairly well. I didn't really feel that it lived up to the supposed benefits of a 4GL, at least in terms of extending programming capability to "non-programmers." We did have a handful of users who could write ad-hoc Quiz reports, but writing Quick screens or QTP runs was definitely in the programmers-only realm.
The water that runs through would be come toxic as hell, and since we are no longer talking about N2 pollution I dont think the trees would help. In fact most modern landfills want to prevent the trash from decomposing, the goal is simply long term storage. So I am not so sure what he is getting at here
I think the main point is that the long-term storage approach is not a real solution, because the containment eventually fails. When that happens, the waste that leaks is just as bad as it was when it went into "storage." If you control timely degradation of the materials instead, that eventual loss of containment results in safer materials leaking out. So, water is used as part of that timely-degradation process, if I understood the article correctly. Capping with trees allows holding back water or "inserting" water (via over-irrigation), according to the controls desired by the owner of the site.
As is apparently true with some other states, Washington State has a use tax that covers 'Net purchases just like any other out-of-state purchase (mail order, telephone order, etc.). However, very few consumers are aware that it applies to them -- but all businesses in the state know about it because the state government "reminds" them via the periodic tax return that businesses file. (WA doesn't have a personal income tax, so Joe Citizen doesn't send a tax return to the state.)
"Funnier" still is that it also applies to purchases at garage sales and other situations where the in-state seller doesn't collect sales tax.
It's pretty ugly, IMHO, and given that nobody I know is following the law (heck, I wasn't even aware it applied to private individuals until a week or two ago, and I've met with disbelief when I've told others about it), it should be repealed. But that's another issue entirely...
The solution is to correct the law and its application, not to prevent one single company from abusing a bad law.
Consumer pressure does not prevent a company from doing something, it simply discourages them from doing it. The same type of pressure has been placed against major corporations (e.g., fast food chains) for environmental abuses, where the corporation was acting within the law but not within "community standards." And guess what? That pressure works -- look, for example, at the guarantees given that a restaurant chain doesn't use "rain forest beef" (meat from cattle raised on land that was stripped of rainforest for grazing purposes), and look at the reduction in non-biodegradable, non-renewable fast food packaging.
As consumers, we have the right and responsibility to encourage good behavior, and punish bad behavior, by "voting" with our dollars. Ignoring that responsibility gives us things like certain major software publishers gaining huge market share with poor-quality software. The free market can give us great things if we, the consumers, accept our responsibility for where our dollars (yen, marks, whatever) go. OTOH, the free market will give us garbage if we ignore that responsibility. (And the presence of that garbage gives policitians incentive to restrain the free market.)
I completely understand what you are saying, but I wonder if you know why you are saying it. For example:
"Linux isn't for the non-technically-literate masses"
Why? Because it has been so historically, or because it "should" be? And, if the latter, why do you think this? Is it a case of "it's my toy, let me play with it how I want" or is there some more logical reason?
"Apple has 'ease of learning'... down pat."
Why do you believe this? Because it's a "given" or because you have empirical evidence to support it? My empirical evidence denies it, actually -- and I'm not talking about my own use of a Mac, but from my assistance to Mac users struggling to perform basic functions like storing files, installing software, etc.
Also, to answer:
"Furthermore, what's this business about the 'Linux killer'?... Technology that would make Linux obsolete would have to be pretty darn spectacular, IMO."
Yes, that's the idea -- something spectacular, compared to what we are working with now. Consider the desktop PC explosion compared to DEC's mini computers mentioned in the article -- that's the level of difference that could make Linux a "technology of yesteryear." This doesn't mean that nobody will be using it (hey, there are VAXClusters still in use too), but it will eventually look like old tech, and his point is that the wise developer will look outside the current in-vogue thing for the next "killer" technology.
To borrow a quote from today's InformationWeek e-mail: "This 'telephone' has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us." (Western Union internal memo, 1876)
"It's a powerful tool creaded by gearheads for gearheads, and that's what has driven the community to such success."
I suppose that depends on how you define success. If you define it in terms of code merit alone, I might agree with you. If you define it in terms of broad acceptance and use, I couldn't agree less. When I got my first taste of Linux, by downloading the Slackware distribution from ftp.cdrom.com in the early 90s, it was definitely by and for "gearheads" -- yet finding anyone who had heard of it, much less would consider using it for anything remotely important, was difficult (to put it mildly).
In terms of broad acceptance and use, what little success I've seen in Linux recently has only come from the "commercialization" of it, i.e., strongly advocating it to the non-gearhead corporate world. Sure, it's still by and for gearheads -- and it's also a relatively-obscure OS for the "man on the street." The code may be great -- and that can be a valid definition of success for some -- but without qualifying what you mean by success it's virtually impossible to prove that Linux has been successful at all to begin with.
When I was just getting my feet wet with OS/2, I ran into some significant problems getting it installed. This was using 20+ floppies, and around the 18th floppy or so it crashed, every time. No recovery, had to start over, only to hit the same wall. So I turned to Usenet, in hopes of getting some help installing it. Well, it wasn't long before I was called an outright liar (i.e., that I was making up the story of it crashing), and my coworker and I were actually accused of being "spies" from Microsoft. All this from OS/2 "advocates" (zealots), in response to somebody wanting help getting started with their OS of choice. (It turned out that a campus-standard network card was causing OS/2 to hang -- then I was accused of using a "cheap" network card on purpose to attack OS/2!)
Have a I seen similar attitudes from Linux users? Unfortunately, yes, and it makes me cringe every time. I advocate Linux regularly (ask my boss!), but I try to do it in a positive manner. Obviously, Linux isn't alone in having zealots causing 'bad PR' -- I've had problems with OS/2 zealots, as noted above, and Macintosh zealots -- but it is so unnecessary and so unfortunate, for any operating platform. Did I stick with OS/2? Nope. Was the negative experience from OS/2 zealots the only reason? Nope, but I would be a liar if I said it didn't play a part.
The next time you feel like flaming somebody for being (in your eyes) "anti-Linux" remember the old saying: You attract more flies with honey than with vinegar!
For what (little) it is worth, US-based corporate sites that do not take accessibility into account may run afoul of US federal law designed to protect those with disabilities -- i.e., blind users who can't access a page that relies on graphics. I can't come up with a good reference off-hand, but perhaps someone else will add a link to a relevant article or legal page.
I had to "ruffle a few feathers" at my workplace before I could finally get the main corporate site to include ALT tags on graphics, and even now it's not 100%. Very frustrating...
(The above is not a reference to UniNova's site which should be fully accessible.)
No. That is not what this advisory is about! Please read the advisory carefully. You are talking about the well-established, "old news" issue of protecting user B from malicious code posted by user A. The advisory is about protecting user A from code posted by user A! If you don't understand why, then read the advisory (again).
As far as the content of comments in Slashdot, it is "vulnerable" because it allows you to link to a page. Like this:
Now, that looks like an innocent link, right? But if the "boo" in the query string was replaced with malicious code, and the destination page was such that it would inadvertently redisplay that code, then the user would have a problem. (Don't worry, that link above is not dangerous -- 'boo' is not malicious code!)
(Actually, the filtering provided by Slashdot might interfere with the inclusion of code into a query string, but that is a side effect.)
"Thus a nefarious AC could post a slashdot comment that contains malicious tags, and just by surfing through here, your browser gets sacked."
Within the context of this advisory, you are not going to have your browser "sacked" by reading comments here -- but you could by clicking a link provided in a comment.
Ok, but what does this have to do with the CERT advisory?
The advisory isn't about active content. You can get the effect by embedding a FORM tag in a URL to a page that uses a Server-Side Include directive that utilizes the content of the QUERY_STRING environment variable along with its own FORM tag. As long as the SSI directive appears at the right place relative to the page's native FORM, the new FORM tag from the QUERY_STRING will override it, thus redirecting the form processing.
This isn't active content (scripting, Java, ActiveX, whatever), it's just HTML and server-side processing of environment variables. Sure, JavaScript or whatever might come into play if the attacker so chose, but that doesn't mean that it's the focus of this issue.
Unless I'm missing something, the only real danger is from malicious code included in the QUERY_STRING (the part of the URL after the ? mark, in case anybody here doesn't know that). If that is the case, then we have a single point of entry to secure -- nothing else is necessary if we ensure that the QUERY_STRING doesn't include anything it shouldn't. (Or, to look at it another way, if we ensure that it only includes what it should.)
Please correct me if I'm wrong, but please understand the advisory first! (Too many of the comments here have shown a lack of understanding, assuming it was the "protect user B from user A" issue.)
No, and if you read and understood the advisory, you'd know that. Controlling HTML in a message board is a way to protect user B from malicious code inserted by user A. The advisory specifically states that it is not about encoding input from user A to protect user B, it is about encoding input from user A to protect user *A* -- and if you don't understand why, read the advisory (again).
I disagree, from personal experience, at least for a small (tiny?) company. Incorporating in-state (no matter where that may be) will avoid paperwork hassles and extra costs (agent fees, another state's licenses and taxes, etc.). If you're operating on an ultra-lean budget, it can make a difference.
I suppose the success of it would depend on the agent in Delaware, but I still think it can be an unnecessary step for a bootstrapping start-up. (I can't speak for what VCs would or would not like, though -- I'm looking at a self-funding operation.) If the "business savvy" of DE made a difference later, it's possible (though not painless) to re-incorporate there when there was a definite benefit in doing so. I think too many inexperienced entrepreneurs get sold on the "mystic" business benefits of Delaware but they do not necessarily gain anything more valuable than a "warm fuzzy."
(I will admit that my experiences may have unfairly jaded me against incorporating in DE. Suffice it to say I consider it a mistake that I would not repeat.)
I couldn't agree more: Don't under-capitalize! I know from (discouraging) experience what can happen when you try to start up on a shoestring budget, hoping to bootstrap from virtually nothing. You go virtually nowhere and most (if not all) of the people involved back out very quickly.
I wouldn't say you're guaranteed to fail if you start out without a proper amount of money -- who knows, you could be like me and have an incredible tolerance for pain and frustration!:-/ But making a go of it without the right funds will be discouraging, it will take much longer, and it very likely will strain or break relationships you might value.
Upon what do you base this language use assertion? Even if we accept (perhaps when we should not) that C++ and VB are predominant, that is entirely different from stating that "almost all" apps are written in them. "Almost all" implies a very high percentage of the total (perhaps 80% or higher), whereas "predominant" simply implies a percentage that is larger relative to other percentages (which could only be 10% if the rest were 1% and 2%, but in which case the term "almost all" obviously could not be applied to 10%).
Also, of what language relevance is the chosen OS? For example, I use Perl a lot under Windows NT. With the exception of OS-specific scripting languages (e.g., DCL under VMS), no correlation between OS and language choice should necessarily be assumed.
Perhaps it would be worthwhile for you to define (for yourself, at least) what you mean by application, and also to consider the how difficult it would be to truly determine the usage of languages to develop those applications, without having such a narrow definition of application as to border on unusable. Remember, the stereotypical Y2K step-in programmer worked on COBOL code...
Market leader and trustworthy are not related. It may be that a market leader is trustworthy, but that is coincidental, not causal. If, for the sake of argument, we assume that RealNetworks is the market leader in streaming media (which may or may not be true, I don't have any stats on that market), does that make them trustworthy, despite their recent privacy boondoggle of surreptitiously collecting information about user activity?
From my own experiences with VeriSign and Thawte (as limited as those experiences may have been up to this point), I certainly have not felt that I trusted VeriSign any more as a result of their market position. And, truthfully, I would tend to trust "centralized control" less than a more diverse marketplace, because the benefits of competition extend beyond simple pricing issues.
This isn't about Big Brother advocating or protecting privacy rights. It's about keeping power in the hands of Big Brother (instead of Big Money), and about ensuring the government has full access to every bit of information about us. Think government access to health care information won't be misused? Right... and drug raids never burst into the wrong house.
This issue probably belongs in the Politics section of my Decay area...
Well, in this case, that philosophy comes from Title 18, USC Section 2512. Regardless of whether or not you agree with the law, it's still illegal.
Bah. You might read the law before making such a statement. 18 USC 2512 does not even hint at any philosophy, for or against anything. It is simply a prohibition of the transfer (or advertising) of specific surveillance devices through the mail or through interstate and foreign commerce. (Look it up for yourself.)
The philosophy stated may or may not be behind the law (i.e., it may or may not have played a part in the passage of the law), but the law itself states nothing other than what you cannot do without facing criminal penalty.
So I finally get through to the site, only to be told to download Netscape Navigator or Microsoft Internet Explorer. I guess the history of the Web includes the exclusion of alternatives to bloatware.
I would expect that a key issue here, which will presumably be addressed in the hearing, would be the effect of the sale of Broadcast to Yahoo! on the contract that existed between Broadcast and Universal. I'm not a lawyer, and obviously I haven't seen the contract nor the terms of the sale, but I would be somewhat skeptical that Yahoo! won't find a way to show the contract did not survive the sale. (If I understand it correctly that Broadcast was part of Universal to begin with, I would be curious what kind of 'contract' existed between Broadcast and Universal anyway.)
Ah well, I'll go back to writing science fiction and leave the legal wrangling to those with the patience for it. (And to think my sister -- a lawyer herself -- keeps pushing me to go to law school...)
Did you actually read the posting or were you just in a hurry to post your AllAdvantage link? Also, upon what do you base your assertions regarding computerized elections, or was that just mental vomit to further disguise what otherwise appears as just another AllAdvantage lamer trying to use/. as a way to "build downline" (nightmares of Amway pitches running through my head...)
Having a database visible to a search engine depends greatly on the complexity of the database itself. Something simple (like the MySQL/Perl-driven Imprinted Products Source List) can be given a default list-everything URL that doesn't look like a script. As size and complexity increase, of course, that isn't feasible (or even desirable), but it might be adapted to display a representative SQL View of a complex database, with sufficient content to give the search engine the "meat" it needs.
Slashdot Mirror
While I agree with many of your points -- such as that the BBS community is not gone (though it is but a shadow of what it once was) and that the future may see many more Internet-connected BBS's (such as the 50+ telnet-access Wildcat! systems listed here) -- I disagree that it is wise and/or helpful to use the discussion of the passing of a well-known member of the online community as a forum for defending the BBS scene.
"A government big enough to give you everything you want is a government big enough to take from you everything you have."
Gerald Ford
You won't find this in the LoC...
Now I'm part of the VFP Elite... {smirk}
I think the main point is that the long-term storage approach is not a real solution, because the containment eventually fails. When that happens, the waste that leaks is just as bad as it was when it went into "storage." If you control timely degradation of the materials instead, that eventual loss of containment results in safer materials leaking out. So, water is used as part of that timely-degradation process, if I understood the article correctly. Capping with trees allows holding back water or "inserting" water (via over-irrigation), according to the controls desired by the owner of the site.
At least, that's my take on it...
"Funnier" still is that it also applies to purchases at garage sales and other situations where the in-state seller doesn't collect sales tax.
It's pretty ugly, IMHO, and given that nobody I know is following the law (heck, I wasn't even aware it applied to private individuals until a week or two ago, and I've met with disbelief when I've told others about it), it should be repealed. But that's another issue entirely...
Bamboo Database for Writers
Consumer pressure does not prevent a company from doing something, it simply discourages them from doing it. The same type of pressure has been placed against major corporations (e.g., fast food chains) for environmental abuses, where the corporation was acting within the law but not within "community standards." And guess what? That pressure works -- look, for example, at the guarantees given that a restaurant chain doesn't use "rain forest beef" (meat from cattle raised on land that was stripped of rainforest for grazing purposes), and look at the reduction in non-biodegradable, non-renewable fast food packaging.
As consumers, we have the right and responsibility to encourage good behavior, and punish bad behavior, by "voting" with our dollars. Ignoring that responsibility gives us things like certain major software publishers gaining huge market share with poor-quality software. The free market can give us great things if we, the consumers, accept our responsibility for where our dollars (yen, marks, whatever) go. OTOH, the free market will give us garbage if we ignore that responsibility. (And the presence of that garbage gives policitians incentive to restrain the free market.)
Bamboo Database for Writers
"Linux isn't for the non-technically-literate masses"
Why? Because it has been so historically, or because it "should" be? And, if the latter, why do you think this? Is it a case of "it's my toy, let me play with it how I want" or is there some more logical reason?
"Apple has 'ease of learning'... down pat."
Why do you believe this? Because it's a "given" or because you have empirical evidence to support it? My empirical evidence denies it, actually -- and I'm not talking about my own use of a Mac, but from my assistance to Mac users struggling to perform basic functions like storing files, installing software, etc.
Also, to answer:
"Furthermore, what's this business about the 'Linux killer'? ... Technology that would make Linux obsolete would have to be pretty darn spectacular, IMO."
Yes, that's the idea -- something spectacular, compared to what we are working with now. Consider the desktop PC explosion compared to DEC's mini computers mentioned in the article -- that's the level of difference that could make Linux a "technology of yesteryear." This doesn't mean that nobody will be using it (hey, there are VAXClusters still in use too), but it will eventually look like old tech, and his point is that the wise developer will look outside the current in-vogue thing for the next "killer" technology.
To borrow a quote from today's InformationWeek e-mail: "This 'telephone' has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us." (Western Union internal memo, 1876)
Don't send a telegram, send a postcard...
I suppose that depends on how you define success. If you define it in terms of code merit alone, I might agree with you. If you define it in terms of broad acceptance and use, I couldn't agree less. When I got my first taste of Linux, by downloading the Slackware distribution from ftp.cdrom.com in the early 90s, it was definitely by and for "gearheads" -- yet finding anyone who had heard of it, much less would consider using it for anything remotely important, was difficult (to put it mildly).
In terms of broad acceptance and use, what little success I've seen in Linux recently has only come from the "commercialization" of it, i.e., strongly advocating it to the non-gearhead corporate world. Sure, it's still by and for gearheads -- and it's also a relatively-obscure OS for the "man on the street." The code may be great -- and that can be a valid definition of success for some -- but without qualifying what you mean by success it's virtually impossible to prove that Linux has been successful at all to begin with.
Other gear...
Have a I seen similar attitudes from Linux users? Unfortunately, yes, and it makes me cringe every time. I advocate Linux regularly (ask my boss!), but I try to do it in a positive manner. Obviously, Linux isn't alone in having zealots causing 'bad PR' -- I've had problems with OS/2 zealots, as noted above, and Macintosh zealots -- but it is so unnecessary and so unfortunate, for any operating platform. Did I stick with OS/2? Nope. Was the negative experience from OS/2 zealots the only reason? Nope, but I would be a liar if I said it didn't play a part.
The next time you feel like flaming somebody for being (in your eyes) "anti-Linux" remember the old saying: You attract more flies with honey than with vinegar!
Journey to Yandol
I had to "ruffle a few feathers" at my workplace before I could finally get the main corporate site to include ALT tags on graphics, and even now it's not 100%. Very frustrating...
(The above is not a reference to UniNova's site which should be fully accessible.)
As far as the content of comments in Slashdot, it is "vulnerable" because it allows you to link to a page. Like this:
Click here to read a sci-fi short story.
Now, that looks like an innocent link, right? But if the "boo" in the query string was replaced with malicious code, and the destination page was such that it would inadvertently redisplay that code, then the user would have a problem. (Don't worry, that link above is not dangerous -- 'boo' is not malicious code!)
(Actually, the filtering provided by Slashdot might interfere with the inclusion of code into a query string, but that is a side effect.)
"Thus a nefarious AC could post a slashdot comment that contains malicious tags, and just by surfing through here, your browser gets sacked."
Within the context of this advisory, you are not going to have your browser "sacked" by reading comments here -- but you could by clicking a link provided in a comment.
The advisory isn't about active content. You can get the effect by embedding a FORM tag in a URL to a page that uses a Server-Side Include directive that utilizes the content of the QUERY_STRING environment variable along with its own FORM tag. As long as the SSI directive appears at the right place relative to the page's native FORM, the new FORM tag from the QUERY_STRING will override it, thus redirecting the form processing.
This isn't active content (scripting, Java, ActiveX, whatever), it's just HTML and server-side processing of environment variables. Sure, JavaScript or whatever might come into play if the attacker so chose, but that doesn't mean that it's the focus of this issue.
Please correct me if I'm wrong, but please understand the advisory first! (Too many of the comments here have shown a lack of understanding, assuming it was the "protect user B from user A" issue.)
Isn't this why I see "allowed HTML" here below?
No, and if you read and understood the advisory, you'd know that. Controlling HTML in a message board is a way to protect user B from malicious code inserted by user A. The advisory specifically states that it is not about encoding input from user A to protect user B, it is about encoding input from user A to protect user *A* -- and if you don't understand why, read the advisory (again).
I suppose the success of it would depend on the agent in Delaware, but I still think it can be an unnecessary step for a bootstrapping start-up. (I can't speak for what VCs would or would not like, though -- I'm looking at a self-funding operation.) If the "business savvy" of DE made a difference later, it's possible (though not painless) to re-incorporate there when there was a definite benefit in doing so. I think too many inexperienced entrepreneurs get sold on the "mystic" business benefits of Delaware but they do not necessarily gain anything more valuable than a "warm fuzzy."
(I will admit that my experiences may have unfairly jaded me against incorporating in DE. Suffice it to say I consider it a mistake that I would not repeat.)
For freelance writers...
I wouldn't say you're guaranteed to fail if you start out without a proper amount of money -- who knows, you could be like me and have an incredible tolerance for pain and frustration! :-/ But making a go of it without the right funds will be discouraging, it will take much longer, and it very likely will strain or break relationships you might value.
It took a long time to get here...
Also, of what language relevance is the chosen OS? For example, I use Perl a lot under Windows NT. With the exception of OS-specific scripting languages (e.g., DCL under VMS), no correlation between OS and language choice should necessarily be assumed.
Perhaps it would be worthwhile for you to define (for yourself, at least) what you mean by application, and also to consider the how difficult it would be to truly determine the usage of languages to develop those applications, without having such a narrow definition of application as to border on unusable. Remember, the stereotypical Y2K step-in programmer worked on COBOL code...
Journey to Yandol
From my own experiences with VeriSign and Thawte (as limited as those experiences may have been up to this point), I certainly have not felt that I trusted VeriSign any more as a result of their market position. And, truthfully, I would tend to trust "centralized control" less than a more diverse marketplace, because the benefits of competition extend beyond simple pricing issues.
This issue probably belongs in the Politics section of my Decay area...
Bah. You might read the law before making such a statement. 18 USC 2512 does not even hint at any philosophy, for or against anything. It is simply a prohibition of the transfer (or advertising) of specific surveillance devices through the mail or through interstate and foreign commerce. (Look it up for yourself.)
The philosophy stated may or may not be behind the law (i.e., it may or may not have played a part in the passage of the law), but the law itself states nothing other than what you cannot do without facing criminal penalty.
So I finally get through to the site, only to be told to download Netscape Navigator or Microsoft Internet Explorer. I guess the history of the Web includes the exclusion of alternatives to bloatware.
For those who care (anyone? anyone?) there is a Microsoft Web history linked from their main page. Aww, isn't that special...
Ah well, I'll go back to writing science fiction and leave the legal wrangling to those with the patience for it. (And to think my sister -- a lawyer herself -- keeps pushing me to go to law school...)
Did you actually read the posting or were you just in a hurry to post your AllAdvantage link? Also, upon what do you base your assertions regarding computerized elections, or was that just mental vomit to further disguise what otherwise appears as just another AllAdvantage lamer trying to use /. as a way to "build downline" (nightmares of Amway pitches running through my head...)
(Those who know my views on RealNames know I'm only kidding.)
Having a database visible to a search engine depends greatly on the complexity of the database itself. Something simple (like the MySQL/Perl-driven Imprinted Products Source List ) can be given a default list-everything URL that doesn't look like a script. As size and complexity increase, of course, that isn't feasible (or even desirable), but it might be adapted to display a representative SQL View of a complex database, with sufficient content to give the search engine the "meat" it needs.