I'm not having any more luck getting developers to incorporate self test, bounds checking,
and testability access points than I am trying to get my kids to eat vegetables.
Nice analogy:-)
Have you (or the PHBs) tried code review or unit tests? That might get them eating their spinnach, so to speak...
I don't think it's too much to ask for people who actually get paid to write this stuff to validate input, no matter where it comes from.
Validating input against assumptions is easy. The hard part is identifying all the assumptions we have to validate against. We often assume things about input without realizing we are assuming them.
The more secure approach is not stripping out possibly dangerous input - it is only permitting the minimum necessary. It's not always possible, but it should be applied where possible.
So if it's a phone number, just numbers (and brackets and a plus for international numbers, and maybe minuses for the transatlantic cousins).
Naturally there is a tradeoff between security and usability - especially if you make a mistake in the permitted characters:-(
Even if you're not going that far, anything that looks like an escape character of any sort should generally be banned. Of course, some names have apostrophes, which could look like 'close quotes' if your app is especially dim.
Just as well there is no strict liability for software bugs!
Yahoo messenger, for all it's failure to play nice with the open-source community, DOES do offline messages. Stored on central servers, naturally.
So far I've had very little IM spam, thankfully! Mostly spammers seem to use Yahoo to harvest email addresses at the moment.
If you've an always-on connection and you leave the client running, any IM network can get messages while you're away. Otherwise offline messaging would have to be supported in the infrastructure (and not just the by the client). So that means on a central server, or using some cunning distributed point-to-point method.
As for IM killing email, I don't think so. Some things are just too complex to say in an instant message. I suppose we could get the central points from most slashdot posts in quite a short IM though:)
This has information on plugins like:
Adobe Reader,
Java Plugin,
Macromedia Flash Player,
Macromedia Shockwave Player,
QuickTime,
RealPlayer 10,
Windows Media Player, etc.
Last point first: there can't really be any usability studies until someone has actually written the system they will try to use! So this IS the first step.
I can see some plausible ways this (or the Sun java 3d thingy) would help me find information, or the windows I want, on a busy screen - so it might make ME more efficient (whether the windows are for files or objects or applications or tasks). No idea about you though:)
By all means organise some user trials, if you're curious or it bothers you...
As you suggest, there may be many things that could improve productivity and usability. But the thing about open source is that pundits and managers don't get to say THIS one or THAT one must be done first.
The problem that gets addressed first is the one that someone actually writes the code for! It's that simple. If you think something else is more important, organise a project or team to fix it, or do it yourself. That's how it works.
Now if only I could persuade someone to write me that utility to...
If you email-me, I have the right to publish your email on my web site, period.
Actually, you don't. The author of a letter still owns the copyright. You cam publish it decades after the writer dies, I suppose, but by then you'll probably be dead too!
Maybe things are different in the US though... Or maybe, if it was BASE-64 encoded or something, you'd also have DMCA problems to deal with:-)
But which concordet method is the right one? Concordet is sometimes ambiguous, which is not ideal in an election.
All electoral methods (indeed most forms of government) represent a tradeoff between different considerations.
For voting methods, criteria of "goodness" might include this list [wot I mostly nicked]:
The voting system should always give a result
If a voter improves the ranking of a particular option, that option should not be disadvantaged (monotonicity criterion)
Removing a candidate should not change the winner of an election unless that candidate is the winner (independence of irrelevant alternatives)
Every possible outcome should be achievable
Non-dictatorship (i.e. more than one person's vote matters)
The number of seats won by any party should be in proportion to votes cast (Proportionality)
Simplicity of process, and accessibility to largest range of voters
Speed of election and count
Reduction of potential for dispute after the fact
In fact, Arrow's impossibility theorem has shown that the first 5 of these cannot be simultaneously met if there are more than . So pick one with disadvantages you can live with.
Paper votes aren't always secure either
on
Open Voting at OSCON
·
· Score: 5, Insightful
Until pressing a button is as secure as writing (or punching) your vote on paper and dropping it in to a box, e-voting won't be mainstream. You can't hook up a wire to a box to change all the votes inside can you?
True, you can't change paper votes by wire, but there are lots of traditional methods for interfering with paper votes:
replace the ballot box with "one I prepared earlier"
steal the box altogether
manually stuff lots of extra votes into it
nobble voters
register extra voters
don't register some real voters
impersonate real voters (especially dead ones still on the register, or sick or apathetic ones)
etc...
A fair and free vote requires confidence in the mechanism, but also in the count, and the officials, and the register, and lots of other parts of the process.
In some countries, hacking electronic machines might be one of the harder ways to steal an election:-(
One amendment said action should not be taken against consumers who download music "in good faith" for their own use.
If it basically restricts the suing to professional pirates, ie people who download music or movies to sell it on the street, then I don't see anything wrong with it.
Does the exclusion extend beoynd downloading, to prevent raids and seizures for other "infringing" actions (like, in the UK, copying your CDs onto cassette so you can listen to them in your car)?
There are good reasons to use CD-ROM tech in car CD Players. The average car CD player will be moving around a lot more than the average home player. This is a more challenging environment, so it's more important to have error correction and faster reading (to allow for re-reading) when sections are missed or misread due to shock.
Since the "copy protection" is generally done by interfering with the error detection features of the CD standard, this product is inherently less suitable for in-car or personal player use (while jogging, say). It's also more vulnerable to scratches... Almost like in the old days with vinyl records?
But your local RIAA folk are still wrong. Consumers should be able to play their music CDs in ANY CD player. That's what the standard is for, after all.
You could check HMSO or Parliamentary sites for the final word on the Copyright and Related Rights Regulations 2003, but here is some press coverage from burning bits and the register.
In the UK, for example, goods have to be fit for purpose and of satisfactory quality or you have a right to a refund.
If you buy something from the CD rack of your music shop, and it won't play in your CD playing equipment, you are entitled to a refund.
In fact, buying such a CD, then returning it for just that reason, provides "valuable" feedback to the labels on how acceptable / workable copy-protection isn't. (Maybe we should all go buy the stuff, then return it to send a message?)
Even if these misguided "copy-protection" measures are headed off, and it remains technically possible to play all music CDs on PCs and the like, it would be nice to have sensible "fair use" rights as well.
The UK seems to ban making backup copies of music you've bought, and doesn't permit you to copy your own CDs so you can listen to them on your car cassette player. Allegedly. What's the rest of Europe / the world like? Here's an area where the US has some sensible rules.
Isn't it ironic that after the fuss about mozilla's stand-alone browser being called Phoenix, clashing with a Phoenix-the-BIOS-folk product, the same Phoenix-the-BIOS-folk have a CSS that clashes with the Cascading Style Sheet standard?
Of course, the great thing about standards is that there are so many to choose from!
If you're going to write to them, you'd better explain what caused this sudden revulsion towards their product - the example email didn't actually say what decision of theirs the writer objected to.
But the idea is sound - more potential customers need to make the effort. They may pay attention if they get enough, sufficiently lucid responses. But they have to make sense from the vendor's point of view too!
(Me - I've never bought one of those Mother-BIOS computer thingies of which you speak!)
OK. I was thinking about using enum from the internet. Apart from VoIP from the Internet, enum is "about" voice / fax / telephony services from a phone line.
It's not, yet, about accessing websites as such from a phone, or providing a harder to remember alternative to URLs.
Though with sophisticated phones (approaching PCs), that distinction could begin to blur...
Our three main points are fear, surprise, and an almost fanatical devotion to... downloading monty python sketches over the internet to a videophone?
The main point of this service is to facilitate Voice over IP. Telephone number in - domain that routes the call to the right number out. In theory, at least. This may possibly need regulation to prevent scammers from hijacking people's calls.
Remember - this controls what happens when people attempt to reach *your" phone number!
Anything else, like other IP based services that could be offered on different ports from a server with the same URL is icing on the cake (or a huge revenue opportunity / regulatory nightmare / security problem / take your pick).
Since the enum domain is a hierarchy that corresponds to international format telephone numbers (leading "1" is US/Canada/et al, leading "44" is UK, "353" is Irish Republic, etc) the e164.arpa "domain" may have to be delegated on similar lines, so that neustar don't end up running what would become a worldwide resource. Besides, local telecoms authorities may be better placed than neustar to determine how calls may be routed into the "Plain Old Telephone System".
Either that, or there would need to be strong rules to give people control over the domains to which "their" numbers point -- or at least rules ensuring that they point (for SIP / Internet Telephony purposes) to the right line. I suppose personalised web / mail servers at those domains could be value-added services from whoever owns the domains to which the telephone numbers eventually resolve.
Of course if they mess it up too badly, the rest of us (or the ITU) can use some other domain for "enum" (assuming it's a good idea).
Those of you living in the USA can help by raising the mismanagement of the internet with your Congresscritters or Senators (or whatever you call them). Unfortunately, we aliens would be written off as troublemakers complaining about how the US runs "its" internet. So it's up to you!
Fortunately, the issues are simple enough for politicians (and the great unwashed) to understand:
important since it affects the whole internet
government responsible since it controls the system via Dept of Commerce
unilateral action by the company entrusted with running.com and.net, flagrantly ignoring standards, regulations, and users
unfair commercial advantage to that company - bad for competition
breaks "lots of stuff" on the internet (examples left as an exercise for the reader)
could get you more spam!
thin end of wedge - if Verisign (with the privileges given them by the DoC, via ICANN) get away with ignoring net standards and norms, we create a precedent for rogue states and other bodies to damage the internet and the strategic interests of "the free world" by even more damaging self-interested unilateral action
failure by US government to fix the problem will potentially embarrass the USA, and increase pressure to remove its control of the internet (which would probably be a good thing, except that the UN would probably be even worse than the USA)
In principle, a federation of independent, cooperating, and standards-compliant domain resolving organisations is better than a single organisation with a conflict of interest.
But one issue with OpenNIC may be the replacement of domains under the.biz top level domain recently launched by ICANN, by corresponding domains in the earlier OpenNIC registered.biz domain.
Not a huge problem for most of us, I'd have thought. Do many important sites use.biz?
It's a proposed directive, so if passed at the EU (where effective scrutiny is rare), it will be binding on member states.
What normally happens instead of scrutiny is that controversial measures are used as bargaining counters in a "horse trading" session, where they are granted in exchange for a concession on something else (like fishing quotas, beef subsidies, EU enlargement or closer political union). Sadly, proposals are too rarely examined on their actual merits.
And while you can vote out an individual MEP, MEPs are not the Administration. It's next to impossible to get rid of the Commission as a whole, or of individual commissioners.
Lobbyists, on the other hand, have very good access to the levers of power within the commission and the EU as a whole. Which is why we see proposals which favour the interests of special interest groups over those of the electorate.
Then again, you're right about one thing. The only way to oppose it starts with, as you put it: "getting our... politicians not to buy into what the commision is saying". But due to the perceived remoteness (and actual unresponsiveness) of the EU, that's not easy. And then you have to go beyond that, and get them to do something about it...
These are the types of directives that will make governments fall
Unfortunately, this DMCA-style Directive is a European Directive, so voters won't blame their own governments. And there is simply no way to vote out "the Administration" in Europe. You can't even get rid of them when it turns out they are corrupt, for goodness sake!
Looks like nearly everyone is going to be a felon!
19 ``(b) As used in this section, the term `enabling soft- 20 ware' means software that, when installed on the user's 21 computer, enables 3rd parties to store data on that com- 22 puter, or use that computer to search other computers' 23 contents over the Internet.''.
By the definition above that includes browsers, since their "cookie" feature enables 3rd parties to store data on that computer. Admittedly they are the only people who can get it back, but the definition is so poorly written that details like that don't actually matter.
The only positive feature is that all windows users are felons, since IE is "part of the O/S", but not all linux users are:-)
I'm studying business law, and stuff like this is what I know best. These guys have as much chance as a snowball in hell.
I wish it were otherwise, but the odds are against them.
and for a bonus point, can you share with us mere mortals why that might be?
Slashdot Mirror
Nice analogy :-)
Have you (or the PHBs) tried code review or unit tests? That might get them eating their spinnach, so to speak...
So if it's a phone number, just numbers (and brackets and a plus for international numbers, and maybe minuses for the transatlantic cousins).
Naturally there is a tradeoff between security and usability - especially if you make a mistake in the permitted characters :-(
Even if you're not going that far, anything that looks like an escape character of any sort should generally be banned. Of course, some names have apostrophes, which could look like 'close quotes' if your app is especially dim.
Just as well there is no strict liability for software bugs!
So far I've had very little IM spam, thankfully! Mostly spammers seem to use Yahoo to harvest email addresses at the moment.
If you've an always-on connection and you leave the client running, any IM network can get messages while you're away. Otherwise offline messaging would have to be supported in the infrastructure (and not just the by the client). So that means on a central server, or using some cunning distributed point-to-point method.
As for IM killing email, I don't think so. Some things are just too complex to say in an instant message. I suppose we could get the central points from most slashdot posts in quite a short IM though :)
This has information on plugins like: Adobe Reader, Java Plugin, Macromedia Flash Player, Macromedia Shockwave Player, QuickTime, RealPlayer 10, Windows Media Player, etc.
I can see some plausible ways this (or the Sun java 3d thingy) would help me find information, or the windows I want, on a busy screen - so it might make ME more efficient (whether the windows are for files or objects or applications or tasks). No idea about you though :)
By all means organise some user trials, if you're curious or it bothers you...
As you suggest, there may be many things that could improve productivity and usability. But the thing about open source is that pundits and managers don't get to say THIS one or THAT one must be done first. The problem that gets addressed first is the one that someone actually writes the code for! It's that simple. If you think something else is more important, organise a project or team to fix it, or do it yourself. That's how it works.
Now if only I could persuade someone to write me that utility to...
Maybe things are different in the US though... Or maybe, if it was BASE-64 encoded or something, you'd also have DMCA problems to deal with :-)
All electoral methods (indeed most forms of government) represent a tradeoff between different considerations.
For voting methods, criteria of "goodness" might include this list [wot I mostly nicked]:
- The voting system should always give a result
- If a voter improves the ranking of a particular option, that option should not be disadvantaged (monotonicity criterion)
- Removing a candidate should not change the winner of an election unless that candidate is the winner (independence of irrelevant alternatives)
- Every possible outcome should be achievable
- Non-dictatorship (i.e. more than one person's vote matters)
- The number of seats won by any party should be in proportion to votes cast (Proportionality)
- Simplicity of process, and accessibility to largest range of voters
- Speed of election and count
- Reduction of potential for dispute after the fact
In fact, Arrow's impossibility theorem has shown that the first 5 of these cannot be simultaneously met if there are more than . So pick one with disadvantages you can live with.See this interesting Wikipedia article for further discussion of these ideas...
True, you can't change paper votes by wire, but there are lots of traditional methods for interfering with paper votes:
A fair and free vote requires confidence in the mechanism, but also in the count, and the officials, and the register, and lots of other parts of the process.
In some countries, hacking electronic machines might be one of the harder ways to steal an election :-(
Does the exclusion extend beoynd downloading, to prevent raids and seizures for other "infringing" actions (like, in the UK, copying your CDs onto cassette so you can listen to them in your car)?
It may yet be worse than you think...
Paul
Since the "copy protection" is generally done by interfering with the error detection features of the CD standard, this product is inherently less suitable for in-car or personal player use (while jogging, say). It's also more vulnerable to scratches... Almost like in the old days with vinyl records?
But your local RIAA folk are still wrong. Consumers should be able to play their music CDs in ANY CD player. That's what the standard is for, after all.
and some background.
If you buy something from the CD rack of your music shop, and it won't play in your CD playing equipment, you are entitled to a refund.
In fact, buying such a CD, then returning it for just that reason, provides "valuable" feedback to the labels on how acceptable / workable copy-protection isn't. (Maybe we should all go buy the stuff, then return it to send a message?)
The UK seems to ban making backup copies of music you've bought, and doesn't permit you to copy your own CDs so you can listen to them on your car cassette player. Allegedly. What's the rest of Europe / the world like? Here's an area where the US has some sensible rules.
Yes - I know you can ignore the law...
Of course, the great thing about standards is that there are so many to choose from!
But the idea is sound - more potential customers need to make the effort. They may pay attention if they get enough, sufficiently lucid responses. But they have to make sense from the vendor's point of view too!
(Me - I've never bought one of those Mother-BIOS computer thingies of which you speak!)
This message would have been brought to you sooner by 1-900-SLASHDOT ( 0891 SLASHDOT in the UK... )
It's not, yet, about accessing websites as such from a phone, or providing a harder to remember alternative to URLs.
Though with sophisticated phones (approaching PCs), that distinction could begin to blur...
Remember - this controls what happens when people attempt to reach *your" phone number!
Anything else, like other IP based services that could be offered on different ports from a server with the same URL is icing on the cake (or a huge revenue opportunity / regulatory nightmare / security problem / take your pick).
Either that, or there would need to be strong rules to give people control over the domains to which "their" numbers point -- or at least rules ensuring that they point (for SIP / Internet Telephony purposes) to the right line. I suppose personalised web / mail servers at those domains could be value-added services from whoever owns the domains to which the telephone numbers eventually resolve.
Of course if they mess it up too badly, the rest of us (or the ITU) can use some other domain for "enum" (assuming it's a good idea).
Fortunately, the issues are simple enough for politicians (and the great unwashed) to understand:
- important since it affects the whole internet
- government responsible since it controls the system via Dept of Commerce
- unilateral action by the company entrusted with running
.com and .net, flagrantly ignoring standards, regulations, and users
- unfair commercial advantage to that company - bad for competition
- breaks "lots of stuff" on the internet (examples left as an exercise for the reader)
- could get you more spam!
- thin end of wedge - if Verisign (with the privileges given them by the DoC, via ICANN) get away with ignoring net standards and norms, we create a precedent for rogue states and other bodies to damage the internet and the strategic interests of "the free world" by even more damaging self-interested unilateral action
- failure by US government to fix the problem will potentially embarrass the USA, and increase pressure to remove its control of the internet (which would probably be a good thing, except that the UN would probably be even worse than the USA)
You can think of lots more reasons, no doubt.But one issue with OpenNIC may be the replacement of domains under the .biz top level domain recently launched by ICANN, by corresponding domains in the earlier OpenNIC registered .biz domain.
Not a huge problem for most of us, I'd have thought. Do many important sites use .biz?
And while you can vote out an individual MEP, MEPs are not the Administration. It's next to impossible to get rid of the Commission as a whole, or of individual commissioners.
Lobbyists, on the other hand, have very good access to the levers of power within the commission and the EU as a whole. Which is why we see proposals which favour the interests of special interest groups over those of the electorate.
Then again, you're right about one thing. The only way to oppose it starts with, as you put it: "getting our... politicians not to buy into what the commision is saying". But due to the perceived remoteness (and actual unresponsiveness) of the EU, that's not easy. And then you have to go beyond that, and get them to do something about it...
Unfortunately, this DMCA-style Directive is a European Directive, so voters won't blame their own governments. And there is simply no way to vote out "the Administration" in Europe. You can't even get rid of them when it turns out they are corrupt, for goodness sake!
The only positive feature is that all windows users are felons, since IE is "part of the O/S", but not all linux users are :-)
and for a bonus point, can you share with us mere mortals why that might be?