How about we break away from the W3C and its strange policies and instead appoint a community-based chair with people from Mozilla, Apple, Opera, Google, Microsoft (if they would show) and anyone else who wanted to make a browser.
Who is this 'we' you keep talking about?
The W3C is a Consortium (that's the 'C') consisting of interested industry members. Right now, businesses who care how web technologies are developed have a vested interest in sitting down together and at least going through the motions of standardising languages and protocols.
The W3C might have democratic mechanisms, but it is neither a populist nor a grassroots organisation. It is, and always has been, an industry body.
I honestly don't know why Tim Berners-Lee decided that an industry consortium would be the best means to achieve web standards. I do know, however, that he chose deliberately and only after consideration. I suppose he hoped that collective interests would trump selfish motives and, if that failed, that other companies could be relied on to reign in the more egregious abuses.
It needs to be said that, in this respect at least, the W3C has been largely successful, but only in the way that standards bodies generally are: Through endless, awkward compromises that sometimes defy reason, and often with only reluctant support from the very people who developed the standards in the first place.
The W3C was born at a time when Netscape Communications ruled the roost, and acted like they didn't need anyone else. Virtually all of the abominations of early 'Tag Soup' HTML can be laid at Netscape's feet. Following that, we saw years of tug-of-war spec development, in which MS and Netscape defined their competing and incompatible implementations of numerous new elements and attributes.
But the W3C persevered and (painfully) slowly managed to bring us back from the brink to HTML 4 and eventually XHTML. There've been some interesting manoeuvres of late regarding WHATWG and HTML 5, but most interesting is the fact that the 'Tag Soup' crew and other unilateralists are more often on the defensive than in control. Much of that - indeed much of the conventional wisdom that Web Standards are Good - is the result of the efforts of the W3C and its members.
What if we ran an open data project like an open source project? What would this look like?
Wikipedia. With all the inherent problems of self-proclaimed authorities who don't know what they're talking about; bored trouble-makers who inject bad information because they're, well, bored; petty little squabbles which result in valid data being deleted; and so on.
So, basically just like any other large-scale, cooperative human enterprise, with the sole distinction that everyone gets to see the sausage being made (and to make it, if they choose)?
You can be self trained, or trained through apprenticeship, or whatever, but I disagree with the idea that people dedicated to their art can be replaced by a mass of random dabblers.
Of course you would, as would I. The examples I gave, though, were not 'random dabblers'; they were people who would go to any lengths to perfect their craft. This kind of person still exists today. And they are the ones I'm talking about.
I chose the examples I did because they initially worked for very offbeat employers, and lived hand-to-mouth for significant periods.
Certainly someone who is a blogger today might well be a star journalist of tomorrow, but in most cases I think that will require that he or she be a) dedicated to journalism and b) be able to make enough money as a journalist to dedicate a good deal of time to it.
We both agree that there is no substitute for time and experience. Blogging doesn't obviate the need for the same level of commitment and devotion, nor does it magically pay the bills. But it does allow opportunities to explore subject areas and approaches that are currently out of bounds to the so-called Mainstream Media.
Under those circumstances a "blog" really becomes a self-published column. As for the self-published part, it would really be helpful if these "bloggers" you can trust were collected together into some sort of organization, wouldn't it?
Sure. There's a cyclical process at work here. Capa founded his own photo agency for exactly this reason. Nobody else was going to look out for him and his colleagues, so Magnum was invented to do that. For a while it was in the vanguard of journalism. Now it's more of a shrine to a past age than anything else.
Media institutions come and go. My point is that blogs, for all their shortcomings, are most likely to be the source of the next wave.
I notice that the bloggers I follow all either write full time or write about their professions. They are both trained (sometimes self-trained in journalism) and professional.
Look, I don't disagree with much of what you're saying, but you can't equate 'trained' and 'self-trained'. The phrase you're looking for, by the way, is 'self-taught' and its meaning is the opposite of 'trained'.
The next generation of really prominent commentators on modern events will almost certainly not be formally trained in their medium... because there's nobody around to train them. And in my opinion that's a good thing.
Journalism, newspapers and magazines are in for some lean years. Then we'll all realize that no, a million random bloggers on the Internet are not a replacement for a trained, professional journalist/writer.
I agree completely with your first statement. Journalism is undergoing a radical transformation. 'Interesting Times' (pun intended) in the worst sense of the Chinese curse.
Your conclusion, though, is too reductive. You're begging the question by implying that the only way to be a skilled journalist is to have training and to be a professional. History tells us otherwise. Many, if not most, of the stars of journalism never went near J-school and a substantial number of the ones who did the most to define journalism spent their careers working against the grain of Establishment attitudes. Billy Russell, Peter Arnett, Robert Capa and Don McCullen are just a few who fell sideways into print and photo journalism, but who were each revolutionary in their own small way.
If I were looking for the future of journalism, I'd be looking carefully at Marcy Wheeler and Nate Silver - people whose extraordinary skill at research and analysis has been enabled by their ability to start a blog and work on their own terms, spending time on subjects and approaches that most bean-counters would never allow.
Full disclosure: I'm biased in favour of such an outcome because I do my own writing and photography on those terms. I don't really care whether I earn money from it (though I do derive a modest income), because I long ago learned that it's just something I love to do.
Maybe my work will never be of more than regional interest. I don't care. The beauty of the format is just this: It doesn't have to be popular. It can just be good. I can focus on quality for its own sake; I can write and photograph what I consider to be in the public interest and allow people to make of it what they will.
Is professionalism a virtue? I like the notion of Ubuntu as being warm and fuzzy, especially with the adjective+animal names for the releases.
Don't you worry. In the 15 years I've been doing web and interface design, I've never heard the words 'purple', 'orange' and 'professional' used in the same sentence.
[I]f a company ran (say) ubuntu or (more likely) macos an attacker could still craft an attack against them, as long as they had information on the systems being used.
Agreed. These guys know what they're about, and they're willing to invest patience and resources in their attacks.
That said, reducing the number of attack vectors is a useful and productive exercise. As Schneier loves to point out, the real goal of the security process is to make breaking in cost more than it's worth to the attacker. In this particular case, that puts the cost pretty high indeed. But choosing a more secure OS and simplifying the exposed systems would help a lot.
The next step would be to reduce the reward derived from a successful attack: a strong auditing process.
This is rarely considered, except in high-security scenarios, but really, the only really viable defense against this kind of assault is to recognise when you're being attacked (most companies probably never did) and then to take steps to reduce its effectiveness. You'd need to watch who's talking to whom, and who's accessing what data. The cost in man-hours would be significant, but the alternative is to accept that before long there's going to be a Chinese knock-off of your product on the market, competing with yours at a fraction of the price.
The final step is the least likely: Actively counter-attack. Infiltrate and/or disable the attacker's machines, feed them false information (costing them money as they try to track the source of the failure), and even use official channels (as Google as done) to try to slow them down or take greater pains to conceal themselves.
True, but the GP's fundamental point is still valid:
The DCMA required only the contested content be removed in any case. Network Solutions removing access to [the] entire web site is very troubling. And it may even have opened them up to a lawsuit themselves.
[Emphasis mine]
They've actually made the domain unavailable, which is more troubling, because it means that email and other services will fail, too. Regardless, NetSol is out of line.
Here is what that haven of piracy Canada has to say about it when they were put on the list: "Canada does not recognize the Special 301 process due to its lacking of reliable and objective analysis, and we have raised this issue regularly with the U.S. in our bilateral discussions." Even our mild mannered neighborino to the North told them to go suck an egg.
Well, actually, the first draft of the response went like this:
CHORUS OF MOUNTIES AND ESKIMOS: FUUUUCK-ALUKALUKA YOOOOUU-HOO!
The editor of the document, however, was a Presbyterian second-son of the Empire, and translated it back into Ontarian for publication.
i saw a guy walking down the street just today - in a long black coat wearing sunglasses talking on his nokia. i thought "i bet that guys a leet hacker" probably him. he was scowling.
You're wrong. The person you saw:
Was stylish;
Outdoors;
Had at least one friend.
If this was a real hacker, he was disguised as a n00b.
Oh my heavens! A bug in a beta? What is the world coming to?
Indeed, though a story about recursive dependencies in any product does introduce a little welcome schadenfreude into my day, it's a pretty trivial issue.
What I found infinitely more newsworthy about the article was this:
With Outlook 2010, Microsoft is trying to take yet another stab at one of the most perplexing issues for computer users -- e-mail sprawl. Microsoft has introduced "conversation arrangement" features in previous versions of Outlook -- as have other e-mail program makers -- in which messages are saved based on the participants in the "thread" and in the order in which messages were received.
Microsoft, the company that single-handedly destroyed email communications in the 90s by placing replies at the top of the message and refusing to support inline quoting, then relying on Word (WORD!) as the default editor... has finally discovered threading!
It's touching, really. Kind of like watching an autistic adolescent say his first word....
And so MD_Update(&m,buf,j);/* purify complains */ was commented out.
Laurie addresses exactly this point in the entry I linked to. Immediately following the sentence I quoted (and to which you refer):
About 50% of the comments on my post point to this conversation on the openssl-dev mailing list. In this thread, the Debian maintainer states his intention to remove for debugging purposes a couple of lines that are “adding an unintialiased buffer to the pool”. In fact, the first line he quotes is the first one I described above, i.e. the only route to adding anything to the pool. Two OpenSSL developers responded, the first saying “use -DPURIFY” and the second saying “if it helps with debugging, I’m in favor of removing them”. Had they been inspired to check carefully what these lines of code actually were, rather than believing the description, then they would, indeed, have noticed the problem and said something, I am sure. But their response can hardly be taken as unconditional endorsement of the change.
[Emphasis mine]
And so MD_Update(&m,buf,j);/* purify complains */ was wrongly commented out.
True, but that's not what he is questioning. Given two identical projects that are fairly complex (i.e. an OS kernel) he's saying that just being open source doesn't necessarily provide "more eyes". While I think there is a bit of merit to this, it certainly doesn't hurt to have more eyes possible - especially when you don't have to pay for them.
Agreed, of course. However, the converse is important, too:
Given two identical projects that are fairly complex (i.e. an OS kernel), being closed source virtually guarantees that there won't be 'more eyes'.
But the real question is: How many eyes are enough?
The answer is its own problem: Only one more pair. The tricky part is figuring out whose they are. (Yes, I'm in screaming agreement with what the OP is saying.)
[I]f the Debian maintainer [who created the bug] had asked the [OpenSSL] developers, then we would have advised against such a change.
So yes, it does matter whose eyes are turned to a particular problem. The difference between FOSS/Open Source and Closed Source is therefore whether the Closed Source company has hired the right people and whether the FOSS project has gained the attention and interest of the right people.
Neither of those situations is guaranteed, but they are not at all equivalent. (Especially when we consider that for many of the best FOSS products, gaining the attention and interest of the right people is done by employing them.) Realistically, FOSS faces better odds of having bugs found and fixed, all else being equal.
Slashdot Mirror
...Spacebook?
HYPErspace? No, wait, Lucas got that already.
Whatever you call it, as ideas go, it's pure Shat.
He, wanted commasplice.com, but it was, taken.
this has to be the worst car analogy ever.
Yeah, it's like the AMC Pacer of car analogies.
I just did some research, and I found out that you don't have to do research to make stuff up.
On another note, this guy just walked by my house, and there was a 20' tall cedar tree growing out of his ear.
Q-Tip gone bad. I read some place that research shows this happens all the time.
How about we break away from the W3C and its strange policies and instead appoint a community-based chair with people from Mozilla, Apple, Opera, Google, Microsoft (if they would show) and anyone else who wanted to make a browser.
Who is this 'we' you keep talking about?
The W3C is a Consortium (that's the 'C') consisting of interested industry members. Right now, businesses who care how web technologies are developed have a vested interest in sitting down together and at least going through the motions of standardising languages and protocols.
The W3C might have democratic mechanisms, but it is neither a populist nor a grassroots organisation. It is, and always has been, an industry body.
I honestly don't know why Tim Berners-Lee decided that an industry consortium would be the best means to achieve web standards. I do know, however, that he chose deliberately and only after consideration. I suppose he hoped that collective interests would trump selfish motives and, if that failed, that other companies could be relied on to reign in the more egregious abuses.
It needs to be said that, in this respect at least, the W3C has been largely successful, but only in the way that standards bodies generally are: Through endless, awkward compromises that sometimes defy reason, and often with only reluctant support from the very people who developed the standards in the first place.
The W3C was born at a time when Netscape Communications ruled the roost, and acted like they didn't need anyone else. Virtually all of the abominations of early 'Tag Soup' HTML can be laid at Netscape's feet. Following that, we saw years of tug-of-war spec development, in which MS and Netscape defined their competing and incompatible implementations of numerous new elements and attributes.
But the W3C persevered and (painfully) slowly managed to bring us back from the brink to HTML 4 and eventually XHTML. There've been some interesting manoeuvres of late regarding WHATWG and HTML 5, but most interesting is the fact that the 'Tag Soup' crew and other unilateralists are more often on the defensive than in control. Much of that - indeed much of the conventional wisdom that Web Standards are Good - is the result of the efforts of the W3C and its members.
What if we ran an open data project like an open source project? What would this look like?
Wikipedia. With all the inherent problems of self-proclaimed authorities who don't know what they're talking about; bored trouble-makers who inject bad information because they're, well, bored; petty little squabbles which result in valid data being deleted; and so on.
So, basically just like any other large-scale, cooperative human enterprise, with the sole distinction that everyone gets to see the sausage being made (and to make it, if they choose)?
Amusingly, you could make the same point about Shakespeare. And you'd be just as wrong.
Of course you would, as would I. The examples I gave, though, were not 'random dabblers'; they were people who would go to any lengths to perfect their craft. This kind of person still exists today. And they are the ones I'm talking about.
I chose the examples I did because they initially worked for very offbeat employers, and lived hand-to-mouth for significant periods.
We both agree that there is no substitute for time and experience. Blogging doesn't obviate the need for the same level of commitment and devotion, nor does it magically pay the bills. But it does allow opportunities to explore subject areas and approaches that are currently out of bounds to the so-called Mainstream Media.
Sure. There's a cyclical process at work here. Capa founded his own photo agency for exactly this reason. Nobody else was going to look out for him and his colleagues, so Magnum was invented to do that. For a while it was in the vanguard of journalism. Now it's more of a shrine to a past age than anything else.
Media institutions come and go. My point is that blogs, for all their shortcomings, are most likely to be the source of the next wave.
Look, I don't disagree with much of what you're saying, but you can't equate 'trained' and 'self-trained'. The phrase you're looking for, by the way, is 'self-taught' and its meaning is the opposite of 'trained'.
The next generation of really prominent commentators on modern events will almost certainly not be formally trained in their medium... because there's nobody around to train them. And in my opinion that's a good thing.
Why is it that editors think deleting articles somehow makes it better?
Because ;
- if the quality of Wikipedia is measured by averaging the quality of all its articles, deleting the crap raises the quality of Wikipedia....
[Emphasis mine.]
Wow. So in your mind, 'not notable' is equivalent to 'crap'. That's quite a leap.
Perhaps you should make that case first before you embark on any other argument.
"The worst change IMO is going to be journalism."
Journalism, newspapers and magazines are in for some lean years. Then we'll all realize that no, a million random bloggers on the Internet are not a replacement for a trained, professional journalist/writer.
I agree completely with your first statement. Journalism is undergoing a radical transformation. 'Interesting Times' (pun intended) in the worst sense of the Chinese curse.
Your conclusion, though, is too reductive. You're begging the question by implying that the only way to be a skilled journalist is to have training and to be a professional. History tells us otherwise. Many, if not most, of the stars of journalism never went near J-school and a substantial number of the ones who did the most to define journalism spent their careers working against the grain of Establishment attitudes. Billy Russell, Peter Arnett, Robert Capa and Don McCullen are just a few who fell sideways into print and photo journalism, but who were each revolutionary in their own small way.
If I were looking for the future of journalism, I'd be looking carefully at Marcy Wheeler and Nate Silver - people whose extraordinary skill at research and analysis has been enabled by their ability to start a blog and work on their own terms, spending time on subjects and approaches that most bean-counters would never allow.
Full disclosure: I'm biased in favour of such an outcome because I do my own writing and photography on those terms. I don't really care whether I earn money from it (though I do derive a modest income), because I long ago learned that it's just something I love to do.
Maybe my work will never be of more than regional interest. I don't care. The beauty of the format is just this: It doesn't have to be popular. It can just be good. I can focus on quality for its own sake; I can write and photograph what I consider to be in the public interest and allow people to make of it what they will.
so i'm under the impression of having advanced quantum physics described to me by a drunk with a cockney accent. i guess that's helpful...
Nah. Then then they'd call "Anti-Strange Hyypernuclei" something like "Panty-mange wiper pukey pie."
Oi mate, learn the language. It's Uncle Honey Kippers:
Perfectly simple. Now if you'll paddle me gently, I'm going to keaton this cummerbund before my staggering loss twits the fiddle.
Is professionalism a virtue? I like the notion of Ubuntu as being warm and fuzzy, especially with the adjective+animal names for the releases.
Don't you worry. In the 15 years I've been doing web and interface design, I've never heard the words 'purple', 'orange' and 'professional' used in the same sentence.
[I]f a company ran (say) ubuntu or (more likely) macos an attacker could still craft an attack against them, as long as they had information on the systems being used.
Agreed. These guys know what they're about, and they're willing to invest patience and resources in their attacks.
That said, reducing the number of attack vectors is a useful and productive exercise. As Schneier loves to point out, the real goal of the security process is to make breaking in cost more than it's worth to the attacker. In this particular case, that puts the cost pretty high indeed. But choosing a more secure OS and simplifying the exposed systems would help a lot.
The next step would be to reduce the reward derived from a successful attack: a strong auditing process.
This is rarely considered, except in high-security scenarios, but really, the only really viable defense against this kind of assault is to recognise when you're being attacked (most companies probably never did) and then to take steps to reduce its effectiveness. You'd need to watch who's talking to whom, and who's accessing what data. The cost in man-hours would be significant, but the alternative is to accept that before long there's going to be a Chinese knock-off of your product on the market, competing with yours at a fraction of the price.
The final step is the least likely: Actively counter-attack. Infiltrate and/or disable the attacker's machines, feed them false information (costing them money as they try to track the source of the failure), and even use official channels (as Google as done) to try to slow them down or take greater pains to conceal themselves.
Exactly you can find it right between the unaffordium and the baloneyum.
Bloody Yanks - those of us who remember the Queen's English know it's spelled 'bolognium'...
... or was that 'bologniminium?'
I wish we could moderate something to remove a recent post....
Ignore parent. It's incorrect. Read this informative post instead, then mod it up.
Maybe you haven't looked at their site lately (I wouldn't blame you); NetSol has been providing hosting for years: http://www.networksolutions.com/web-hosting/index.jsp
True, but the GP's fundamental point is still valid:
[Emphasis mine]
They've actually made the domain unavailable, which is more troubling, because it means that email and other services will fail, too. Regardless, NetSol is out of line.
Here is what that haven of piracy Canada has to say about it when they were put on the list: "Canada does not recognize the Special 301 process due to its lacking of reliable and objective analysis, and we have raised this issue regularly with the U.S. in our bilateral discussions." Even our mild mannered neighborino to the North told them to go suck an egg.
Well, actually, the first draft of the response went like this:
CHORUS OF MOUNTIES AND ESKIMOS: FUUUUCK-ALUKALUKA YOOOOUU-HOO!
The editor of the document, however, was a Presbyterian second-son of the Empire, and translated it back into Ontarian for publication.
i saw a guy walking down the street just today - in a long black coat wearing sunglasses talking on his nokia. i thought "i bet that guys a leet hacker" probably him. he was scowling.
You're wrong. The person you saw:
If this was a real hacker, he was disguised as a n00b.
Man you gotta come up with a better line than that. Even 'I just went swimming', or 'It's cold in here' is more convincing than that!
In any case, your girlfriend will still be disappointed....
... If you ever get one.
we luge.
Puck 'em if they can't take a joke.
Oh my heavens! A bug in a beta? What is the world coming to?
Indeed, though a story about recursive dependencies in any product does introduce a little welcome schadenfreude into my day, it's a pretty trivial issue.
What I found infinitely more newsworthy about the article was this:
Microsoft, the company that single-handedly destroyed email communications in the 90s by placing replies at the top of the message and refusing to support inline quoting, then relying on Word (WORD!) as the default editor... has finally discovered threading!
It's touching, really. Kind of like watching an autistic adolescent say his first word....
Laurie addresses exactly this point in the entry I linked to. Immediately following the sentence I quoted (and to which you refer):
[Emphasis mine]
And so MD_Update(&m,buf,j); /* purify complains */ was wrongly commented out.
Posting this only to highlight the perfect irony of the title.
True, but that's not what he is questioning. Given two identical projects that are fairly complex (i.e. an OS kernel) he's saying that just being open source doesn't necessarily provide "more eyes". While I think there is a bit of merit to this, it certainly doesn't hurt to have more eyes possible - especially when you don't have to pay for them.
Agreed, of course. However, the converse is important, too:
Given two identical projects that are fairly complex (i.e. an OS kernel), being closed source virtually guarantees that there won't be 'more eyes'.
But the real question is: How many eyes are enough?
The answer is its own problem: Only one more pair. The tricky part is figuring out whose they are. (Yes, I'm in screaming agreement with what the OP is saying.)
It's a quality issue as much as it's a question of quantity. Ben Laurie, writing about the Debian OpenSSL Fiasco, states:
So yes, it does matter whose eyes are turned to a particular problem. The difference between FOSS/Open Source and Closed Source is therefore whether the Closed Source company has hired the right people and whether the FOSS project has gained the attention and interest of the right people.
Neither of those situations is guaranteed, but they are not at all equivalent. (Especially when we consider that for many of the best FOSS products, gaining the attention and interest of the right people is done by employing them.) Realistically, FOSS faces better odds of having bugs found and fixed, all else being equal.
Not really. I heard an anecdote once and it was really lousy.
Colour me surprised. I remember hearing once that 95% of all anecdotes are shite.
I don't want to discus this.
Yeah, the poor guy must be spinning in his grave.