I didn't mean to imply we should all rewrite WinSock or "get rid of it", but I guess that could have been misconstrued. I was just noting this is a complex issue. I agree with you completely: WinSock is basically Good. But even the interfaces to black boxes need to be studied so one understands their nouances.
Two other thoughts:
(1) Maybe software black boxes are too easy to create. That's probably true for just about anything, but consider how easy it is to scrape together a.DLL with a few hasily thought out entrypoints and release it to clients. Maybe API design should be more rigorous. Here's some flamebait: I happen to think the NT Kernel API is very well thought out, whereas the Linux Kernel API is, well, not as much.
(2) Maybe someone shouldn't be "allowed" to use an API until they've, well, sortof taken training on it to understand the subtleties of its use. Maybe just learning "the basics" about an API isn't good enough. How much of software instability could just be explained by a programmer not understanding the function s/he is calling?
I'm also an embedded systems engineer. Two huge concepts I got as an undergrad in CS were "APIs" and "object oriented programming." By their very nature, these things inspire black box thinking.
And heck, I don't know. I mean, is it great that I can now call malloc(1000000); and get a valid pointer that's just usable? Yeah probably. In DOS, I wasn't shielded from the memory manager as much, and to do something like that, I had to write my own EMS memory swapping code! That was a PITA, and kept me from the true task I was trying to solve.
So a modern 32-bit malloc() is a black box for me. Cool. It's empowered me very nicely.
However, something like WinSock has become a big black box for people too. Okay, great. So it's really easy, in 5 function calls, to open a socket across the internet and send data. But you've missed the nourances of security. So now your app is unsafe, because you weren't forced to know more about what's going on in the "black box."
Well, that's all I can really say in my post. Black boxes are a darn complex issue to talk about. Anyone who attempts to distill this down to a "yes" or "no" answer is probably missing a lot of the completixy at hand in the issue.
Very interesting question to put forth, though. Good topic.
CGI let them do things no self-respecting physics model ever would. "Ramming speed" indeed!
"Hey, guys, let's ram two ships together!"
"Are you crazy? The models would never stand the stress! They'd crumble, just like real ships would!"
"Fine then. Get Digital Domain on the phone. Have them turn 'inertia' down."
A great 3 book "hard sci-fi" series about the colonization of Mars. Really awesome character development, and it starts only 30 years or so in the future. Written by Kim Stanley Robinson
>He won't work with PCI-SIG because PCI-SIG doesn't have shit to do with this work he's done.
Um, except that they are the actual creators and maintainers OF the PCI bus specification! And, oh yes, they also are the ones who hand out PCI Vendor IDs, so they have a DIRECT correlation to his list.
> All these people who are doing all this free work that benefits you so much aren't little kindergartners for you to take their work away from them when you want to.
You're right, good point. I'd say the average response to this issue on/. is that of a 12 year old.
Jim took their trademarked logo and used it on his own site. From a strict legal view, he is the one who must act to restore/establish trust. You don't steal someone else's trademarked logo and use it to pretty up or give greater credibility to your own website, regardless of your intentions.
Now, yes, he did it for the best of reasons. And yes, it was bad of PCI-SIG to play this C&D card this early on. The whole situation is just badness. So what do we do? Just bitch and moan, or actually try to move on from where we stand?
So, do I just "lay down and play dead?" I don't think so. I think I'm just talking about a compromise here, which is exactly what PCI-SIG was talking about in their C&D order.
Allright, good point. They could have been a lot more tactful pointing this out to him.
But, I DO think it's a "prisoner's dilemma" for them too. Maybe they couldn't know that Jim would have acted in good-faith if they had just sent a gentle warning. So, they erred on the side of going to the lawyers. That's their right. It is their trademark.
The question now is: who's gonna be the bigger man on this? Jim could take the high road and say, "allright, you could have been nicer saying it, but let's work together on this," and help establish trust.
I've worked with the PCI-SIG before, and I've been kicked in the nuts before, and I assure you, this C&D letter is nothing like a kick in the nuts.
This is just an organization try to prevent its trademark from getting "diluted." They sounded decent enough in this letter, why not work with the PCI-SIG on this instead of drawing up arms and getting ready for some needless battle?
I agree. Let's not get in a huff over this. I seriously doubt that the PCI-SIG is out to hunt down everyone who's ever used the letters "PCI". After all, they have a vested interest in people using and loving PCI! Why would they want to squash interest in their bus?
If you read the letter, they don't even sound that pissed about the whole thing. What's wrong with working to "Create a similar database... which would be available on the official PCI-SIG website," as they themselves wrote?
This does NOT have to be an "us" versus "them" thing!
Actually, I have, but thankfully that was a work-releated thing. It went OK.
The problem is not the average Joe trying to do something like this. In fact, most average Joes would have no interest in trying to defeat a trusted computing scheme.
The problem is the smart guy in the basement with a soldering gun and a lot of pent up rage against society.
This is just another attempt to make a definitive, final "seat of trust" for computing. Only now, it's in proprietray X86 assembly code that OEM's pay tens of thousands of dollars for.
Also, conceptually, this will still not solve the trust issue, as someone could still open up their case and replace their BIOS chip.
Most of us build our "seats of trust" on human relationships, like our family and friends. Oh, and these guys, too.
I work for one of the companies that's been on this list for several years. Yeah, it's OK working here, but this list is overrated and sounds more important than it is, IMHO.
Since almost 40% of the companies who try to get on this thing do, I really view it as "pay Fortune Magazine some money, and we'll give you a nice-sounding list we'll put you on that you can use as a recruiting bullet item."
And yes, oh yes, we DO use it as a selling point in recruiting. A LOT. We even have one of those nice velcro signs we stick onto the recruiting booth at career fairs for this thing.
I have been using this site for a long time now to branch out.
Two years ago, I just knew about Steely Dan. By browing this site's "similar artists" and "worked with" links for them, I found out about a lot of jazz/fusion acts out there!
Slashdot Mirror
Two other thoughts:
(1) Maybe software black boxes are too easy to create. That's probably true for just about anything, but consider how easy it is to scrape together a .DLL with a few hasily thought out entrypoints and release it to clients. Maybe API design should be more rigorous. Here's some flamebait: I happen to think the NT Kernel API is very well thought out, whereas the Linux Kernel API is, well, not as much.
(2) Maybe someone shouldn't be "allowed" to use an API until they've, well, sortof taken training on it to understand the subtleties of its use. Maybe just learning "the basics" about an API isn't good enough. How much of software instability could just be explained by a programmer not understanding the function s/he is calling?
Thanks for the reply
And heck, I don't know. I mean, is it great that I can now call malloc(1000000); and get a valid pointer that's just usable? Yeah probably. In DOS, I wasn't shielded from the memory manager as much, and to do something like that, I had to write my own EMS memory swapping code! That was a PITA, and kept me from the true task I was trying to solve.
So a modern 32-bit malloc() is a black box for me. Cool. It's empowered me very nicely.
However, something like WinSock has become a big black box for people too. Okay, great. So it's really easy, in 5 function calls, to open a socket across the internet and send data. But you've missed the nourances of security. So now your app is unsafe, because you weren't forced to know more about what's going on in the "black box."
Well, that's all I can really say in my post. Black boxes are a darn complex issue to talk about. Anyone who attempts to distill this down to a "yes" or "no" answer is probably missing a lot of the completixy at hand in the issue.
Very interesting question to put forth, though. Good topic.
A great 3 book "hard sci-fi" series about the colonization of Mars. Really awesome character development, and it starts only 30 years or so in the future. Written by Kim Stanley Robinson
The series won several Hugo and Nebula awards.
I don't think many apps are using this yet. Intel has a FAQ on this technology here, and they even have a Windows driver to support this.
Um, except that they are the actual creators and maintainers OF the PCI bus specification! And, oh yes, they also are the ones who hand out PCI Vendor IDs, so they have a DIRECT correlation to his list.
> All these people who are doing all this free work that benefits you so much aren't little kindergartners for you to take their work away from them when you want to.
You're right, good point. I'd say the average response to this issue on /. is that of a 12 year old.
Now, yes, he did it for the best of reasons. And yes, it was bad of PCI-SIG to play this C&D card this early on. The whole situation is just badness. So what do we do? Just bitch and moan, or actually try to move on from where we stand?
So, do I just "lay down and play dead?" I don't think so. I think I'm just talking about a compromise here, which is exactly what PCI-SIG was talking about in their C&D order.
But, I DO think it's a "prisoner's dilemma" for them too. Maybe they couldn't know that Jim would have acted in good-faith if they had just sent a gentle warning. So, they erred on the side of going to the lawyers. That's their right. It is their trademark.
The question now is: who's gonna be the bigger man on this? Jim could take the high road and say, "allright, you could have been nicer saying it, but let's work together on this," and help establish trust.
This is just an organization try to prevent its trademark from getting "diluted." They sounded decent enough in this letter, why not work with the PCI-SIG on this instead of drawing up arms and getting ready for some needless battle?
If you read the letter, they don't even sound that pissed about the whole thing. What's wrong with working to "Create a similar database ... which would be available on the official PCI-SIG website," as they themselves wrote?
This does NOT have to be an "us" versus "them" thing!
Oh well. At least I'll have something to gripe about when I'm an old man. "Back in my day..."
The problem is not the average Joe trying to do something like this. In fact, most average Joes would have no interest in trying to defeat a trusted computing scheme.
The problem is the smart guy in the basement with a soldering gun and a lot of pent up rage against society.
Also, conceptually, this will still not solve the trust issue, as someone could still open up their case and replace their BIOS chip.
Most of us build our "seats of trust" on human relationships, like our family and friends. Oh, and these guys, too.
Since almost 40% of the companies who try to get on this thing do, I really view it as "pay Fortune Magazine some money, and we'll give you a nice-sounding list we'll put you on that you can use as a recruiting bullet item."
And yes, oh yes, we DO use it as a selling point in recruiting. A LOT. We even have one of those nice velcro signs we stick onto the recruiting booth at career fairs for this thing.
Two years ago, I just knew about Steely Dan. By browing this site's "similar artists" and "worked with" links for them, I found out about a lot of jazz/fusion acts out there!