This bug has been known for a very, very long time. It was known during beta testing. Go search the WHS forums, you'll see 9 months worth of complaints. It was supposed to have been fixed in the OEM version, but here we are. I'm looking forward to spending a long and horrible week trying to recover my data.
Problem is that apparently SPA in Outlook is an MS specific thing. Well, what do you want them to do. The only way for outlook to support not sending the login in cleartext is to use SPA.
Basically all that needs to be done is for other mail clients to support MS SPA
This is where the problem is. There are existing protocols to deal with secure POP/IMAP authenticaion, but MS goes ahead and writes their own, and then people say "why doesn't everyone just support the Microsoft format" -- it is this line of reasoning that has led to nearly every proprietary closed format/protocol.
If MS doesn't want to pass passwords in cleartext, they should be using one of the existing and open methods of encryption, not forcing other people to use their software.
He was in no way quoted as calling it frivolous. Quoth The Father:
"I haven't looked at that particular patent, so I can't formally comment on it. But I can say that Web development is seriously threatened by frivolous patents, though you can't quote me as saying I called that patent frivolous," Jairus Pryor
Think about it. Your average person who will follow a shamanistic path, or a neo-pagan one (with the possible exception of Gardner's Wicca) is interested in defining their own reality, in being able to have some form of control, or hand in the processes that take place around them. They want to be able to do something which The Church doesn't permit in their theology. That might not be their main motivation, they may have a host of other reasons for studying Faerie Wicca instead of Roman Catholicism, but it usually biols down to 'I want something that mainstream religion does not provide for. I want something more, and I want it to be personal.'
Well.
Replace the word 'religion' with OSs/GUIs/Servers/etc, and you have the mentality of a great number of hackers out there. Admittedly, becoming a shaman is a lot more difficult than installing Enlightenment... But it's the same thing, I think. You're changing the way you interact with the world, and defining your reality. Jairus Pryor
Agreed, this is what should have been done at the very start... It's unfortunate that they had to go through all of this first, but.. Learn from your mistakes, I suppose.
Mind you, I'd really like to see the publishing of this book go through. It would get a good message out to a lot of people, I'd just like the rights of those involved to be respected. Good job to the Slashdot crew on fixing this up, it was more than many of us expected. Jairus Pryor
Of course they're missing an issue that's obvious to us--it's the pirates that are to blame, not Napster (just like people who copy tapes are to blame, not tape decks with a record button). But from their point of view, they just want to stop this from going on, and they can't see any other way to do it.
Are they trying to stop it from going on, or are they trying to get compensation? Not trying to be sarcastic, it's an honest question... Consider that Metallica did launch the lawsuit without ever contacting Napster, and seeing what could be done. They made a quick judgement, and it was (at least to us) the wrong one.
While I'm not saying that Napster would have solved the problem had Metallica contacted them, I think it would have been good form, at the very least. It would have been a show to their fans that they're trying to protect their work, and work with the fans/Napster, instead of retaliate at people they feel have wronged them. Jairus Pryor
Metallica is having an online chat on May the 2nd, as part of an ArtistDirect promotion... Somehow, the idea of a few thousand slashdotters arriving, and voicing their opinions about the Napster fiasco is amusing... At the very least, a good way to let them know what you think. Jairus Pryor
Y'know, I've been reading slashdot for well over a year, and I don't think I've ever posted anything before... But this, this is upsetting.
2. For those who posted in a public forum, they were not consulted. We had considered tracking down people, but my inital test run of trying to track down people went so terribly, we gave up. You'd be amazed how many people change e-mail addresses in a year.
This is really unnacceptable. Even Jane's Intelligence Review had a system setup for payment for those who were quoted in their publication. Surely, with slashdot funding Katz's trips to meet security guards, they can give a little money back to their community.
4. The reality, in terms, of paying people is that the book wouldn't happen at that point. The amount of time that would have added to things would have made the book impossible. Besides, the amount of actual quoting from people, once the rest is considered is/very tiny/ on a person person basis.
The amount of quoting is irrelevant. The fact is, people were quoted, and their words helped produce a book that is being commercially distributed. At the very least, Slashdot could have had the courtesy to mention that this was going to happen, and allow people to write in, stating that they would not want their comments used, for whatever reasons. This lack of notice, and lack of forethought is really unsettling. I expected a lot more.
5. We tried to deal with the Amazon thing, but you can't stop them from ordering for a resaler. Once something has entered the ISBN system, anyone can order it. However, at this time, we're only selling it through Amazon. As far as funds collected at this time, Katz is not taking money, I'm not taking any - we have to pay for the cost of making the book and the editor, but besides that, nada.
Somewhere between "tried to deal with the Amazon thing" and "only selling it through Amazon," I think I got lost. There are enough alternative e-bookmarkets that slashdot would not be forced to resort to Amazon. Homestly, I imagine they never cinsidered the boycott too seriously in the marketing for this book.
Actually, it doesn't seem like they took very much at all seriously, when planning this.
If I get moderated down for this, whatever. This is the first time I've actually cared enough about a topic to speak my mind on it, and I'm really rather shocked at/.'s behaviour.
Slashdot Mirror
This bug has been known for a very, very long time. It was known during beta testing. Go search the WHS forums, you'll see 9 months worth of complaints. It was supposed to have been fixed in the OEM version, but here we are. I'm looking forward to spending a long and horrible week trying to recover my data.
And for those of you visiting Google Watch, I also suggest a trip to Google Watch Watch.
Problem is that apparently SPA in Outlook is an MS specific thing. Well, what do you want them to do. The only way for outlook to support not sending the login in cleartext is to use SPA.
What about RFC 1734 and 2095?
Basically all that needs to be done is for other mail clients to support MS SPA
This is where the problem is. There are existing protocols to deal with secure POP/IMAP authenticaion, but MS goes ahead and writes their own, and then people say "why doesn't everyone just support the Microsoft format" -- it is this line of reasoning that has led to nearly every proprietary closed format/protocol.
If MS doesn't want to pass passwords in cleartext, they should be using one of the existing and open methods of encryption, not forcing other people to use their software.
He was in no way quoted as calling it frivolous. Quoth The Father:
"I haven't looked at that particular patent, so I can't formally comment on it. But I can say that Web development is seriously threatened by frivolous patents, though you can't quote me as saying I called that patent frivolous,"
Jairus Pryor
It's just a way of hacking meatspace.
No, really.
Think about it. Your average person who will follow a shamanistic path, or a neo-pagan one (with the possible exception of Gardner's Wicca) is interested in defining their own reality, in being able to have some form of control, or hand in the processes that take place around them. They want to be able to do something which The Church doesn't permit in their theology. That might not be their main motivation, they may have a host of other reasons for studying Faerie Wicca instead of Roman Catholicism, but it usually biols down to 'I want something that mainstream religion does not provide for. I want something more, and I want it to be personal.'
Well.
Replace the word 'religion' with OSs/GUIs/Servers/etc, and you have the mentality of a great number of hackers out there. Admittedly, becoming a shaman is a lot more difficult than installing Enlightenment... But it's the same thing, I think. You're changing the way you interact with the world, and defining your reality.
Jairus Pryor
Good.
Agreed, this is what should have been done at the very start... It's unfortunate that they had to go through all of this first, but.. Learn from your mistakes, I suppose.
Mind you, I'd really like to see the publishing of this book go through. It would get a good message out to a lot of people, I'd just like the rights of those involved to be respected. Good job to the Slashdot crew on fixing this up, it was more than many of us expected.
Jairus Pryor
Of course they're missing an issue that's obvious to us--it's the pirates that are to blame, not Napster (just like people who copy tapes are to blame, not tape decks with a record button). But from their point of view, they just want to stop this from going on, and they can't see any other way to do it.
Are they trying to stop it from going on, or are they trying to get compensation? Not trying to be sarcastic, it's an honest question... Consider that Metallica did launch the lawsuit without ever contacting Napster, and seeing what could be done. They made a quick judgement, and it was (at least to us) the wrong one.
While I'm not saying that Napster would have solved the problem had Metallica contacted them, I think it would have been good form, at the very least. It would have been a show to their fans that they're trying to protect their work, and work with the fans/Napster, instead of retaliate at people they feel have wronged them.
Jairus Pryor
Metallica is having an online chat on May the 2nd, as part of an ArtistDirect promotion... Somehow, the idea of a few thousand slashdotters arriving, and voicing their opinions about the Napster fiasco is amusing... At the very least, a good way to let them know what you think.
Jairus Pryor
Y'know, I've been reading slashdot for well over a year, and I don't think I've ever posted anything before... But this, this is upsetting.
/very tiny/ on a person person basis.
/.'s behaviour.
2. For those who posted in a public forum, they were not consulted. We had considered tracking down people, but my inital test run of trying to track down people went so terribly, we gave up. You'd be amazed how many people change e-mail addresses in a year.
This is really unnacceptable. Even Jane's Intelligence Review had a system setup for payment for those who were quoted in their publication. Surely, with slashdot funding Katz's trips to meet security guards, they can give a little money back to their community.
4. The reality, in terms, of paying people is that the book wouldn't happen at that point. The amount of time that would have added to things would have made the book impossible. Besides, the amount of actual quoting from people, once the rest is considered is
The amount of quoting is irrelevant. The fact is, people were quoted, and their words helped produce a book that is being commercially distributed. At the very least, Slashdot could have had the courtesy to mention that this was going to happen, and allow people to write in, stating that they would not want their comments used, for whatever reasons. This lack of notice, and lack of forethought is really unsettling. I expected a lot more.
5. We tried to deal with the Amazon thing, but you can't stop them from ordering for a resaler. Once something has entered the ISBN system, anyone can order it. However, at this time, we're only selling it through Amazon. As far as funds collected at this time, Katz is not taking money, I'm not taking any - we have to pay for the cost of making the book and the editor, but besides that, nada.
Somewhere between "tried to deal with the Amazon thing" and "only selling it through Amazon," I think I got lost. There are enough alternative e-bookmarkets that slashdot would not be forced to resort to Amazon. Homestly, I imagine they never cinsidered the boycott too seriously in the marketing for this book.
Actually, it doesn't seem like they took very much at all seriously, when planning this.
If I get moderated down for this, whatever. This is the first time I've actually cared enough about a topic to speak my mind on it, and I'm really rather shocked at
Jairus Pryor