The important point here is that proprietary software manufacturers aren't telling you how many security flaws they had.
Indeed. FTFA:
"Our commercial customers wouldn't like it too much if we aired the number of defects found in their code," said Maxwell, when asked about the results from scans on 400 product lines of the firm's private customers.
One can only speculate about the, er, source of their discomfort.... 8^)
I bet it's more than 1 per 1000 lines, that is an incredibly excellent figure for the first time a scanner like coverity is run.
1 per 1000 lines is even more impressive as an average across all 180 FOSS applications tested. Most impressive of all are the highlights:
SAMBA: 236 defects in 450,000 lines of code. 228 already fixed.
Linux Kernel: 0.127 security faults per thousand lines of code. The kernel scan covered 3,639,322 lines of code.
Apache: 135,916 lines of code, which yielded a security defect rate of 0.14 bugs per thousand lines of code. Or 1.4 per 10,000 lines of code, if you prefer. 8^)
PostgreSQL: 909,148 lines of code, with a 0.041 per 1000 defect rate.
glibc: 83 bugs in 588,931 lines of code, all since fixed.
Even some of those with more bugs have at least responded well:
KDE: 4,712,273 lines of code, fixed 1,554 defects, verified another 25 and has only 65 to go.
GNOME: 430,809 lines of code, fixed 357 defects, verified 5 and has 214 to go.
And my favourite 'backslider' of all, OpenVPN, has yet to fix 100% of the bugs found during this exercise. Of course, that's only 1 bug in over 69,000 lines of code....
These results should be viewed as excellent, by and large. This doesn't mean all this software is bug-free, just that there aren't a lot of easily preventable bugs in the code base. Most encouraging, though, is how fast they got addressed and fixed by the healthier FOSS projects.
If you read the knowledge base article, you'll see that the default allowed old-version goes back to before even Word 95. PowerPoint 95, but not 97, is blocked. It's very likely that few documents exist in such old formats at this point.
I don't know about you, but all of my documents from University are in WordPerfect 5.x format, and many of the things I wrote in my earlier years were saved as Ami Pro. In general terms, it should neither be desirable nor necessary to update all of one's archival materials at the whim of the software maker.
While I can understand the danger of storing things in binary, word processing document formats are - or should be - especially easy to support for decades if not longer.
She was responsible for designing the display, which, depending on who you ask, is either really novel and cutting edge, or a substandard compromise to modern display design. Personally, the display is not anything I would want for standard laptop-like use.
Don't be so quick to disparage it. While I'll be the first to admit that it's not really necessary for typical indoor use, the extremely high definition and brilliant contrast make it possible to use a portable device in scenarios you might not have considered before.
I did a month-long evaluation of an OLPC B2 prototype, and the thing that appealed to me most was the fact that it made it possible (or at least conceivable) to have constant access to information at all times, without worrying about rain, sun or shade, accidents, dust and most other kinds of things that make laptop-users cringe. The display played no small part in this.
I live in what the UN designates as a Least Developed Country, so I'll admit that my needs are special. But I can think of dozens of ways in which a device with similar attributes to the OLPC would be useful to inhabitants of the world's most developed cities. Their low cost and robustness, combined with their suitability to the task, finally give us true commoditisation of information technology.
This dual-mode screen is really impressive when you see it at work. It is truly innovative because it makes new uses of computers possible.
# World leading in border surveillance, mandating trans-border data flows
I call FUD on that. Prove that we have more per capita surveillance of border crossings than, say, Switzerland, Singapore, Norway or Israel.
Well, I haven't been to Norway or Israel, but in a lifetime of constant travel, the US is the only country that I know of that requires my photo and finger prints in order to enter it, or even to transit through it.
... Which, incidentally, is why I will no longer visit the US.
In TFA, they are refering to OpenStreetMap, a wiki-style project to create free street maps. (though this is not mentioned in the summary)
I love these guys. I live in Vanuatu, a tiny South Pacific country that so far has escaped the attention of the Google, Yahoo! and Microsoft map interfaces. The only way we're going to get decent maps of our towns is by doing it ourselves. Thanks to a few thoughtful people from Australia and the US, we now have a GPS and are mapping all the streets of Port Vila, the capital.
Few people have computer experience, but we managed to recruit a young man from a local NGO's youth project, and he's been spending the last few weeks riding around in a local mini-bus run by a family member of his. I've already uploaded some of the raw data, and with any luck we'll have some decent maps of the town before too long.
What I like best about Open Street Maps is that their format is compatible with Google Maps. This means that if the stars align themselves properly, we'll be on the map fairly soon.
This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results.
What a terrible design! I worked for a couple of years on a FOSS product whose commercial version phoned home by design. It was a small server that allowed remote configuration changes via our NOC. The idea was to provide basic systems admin functionality for multiple geographically dispersed servers. Man-in-the-middle attacks - in either direction - were one of the primary concerns, second only to the privacy of the customer.
We vetted every byte, incoming or outgoing; we worried constantly about both sides of the the authentication process, addressed DNS poisoning and coped properly with pwned clients as well. We never ever passed anything but text between the server and the NOC. Even anti-virus signature updates were performed out-of-band with the 'phone-home' process.
Allowing execution of arbitrarily defined scripts is a disaster in the making. The trust model is entirely wrong, for one thing. I understand now why the manufacturer didn't want to talk about, because no sysadmin in his right mind[*] would accept that someone outside the organisation should ever have the right to run arbitrary code on their boxes without prior vetting.
*****
[*] Unfortunately, 'sysadmins in their right mind' is a far-too-small subset of all sysadmins....
What is needed is a/. style moderation and karma system so that any peer can review it without having to change it and indicate to other which are the best entries and editors.
And like here, it will help for egregious defacement, but will only ensure that the surviving articles match any communinty groupthink that may exist....
Is for the richer countries to stop giving them access to easy credit, foreign aid and programs like this.
No, there's a place for foreign aid. Consider the history of 'developed' countries like the US and Canada, which were built up from virgin nature in a little less than two centuries. In both cases, large-scale development projects were underwritten almost completely by government. Railroads, the highway system and especially rural electrification were all heavily subsidised by the central government, with little or no thought of ever getting a direct return on the investment.
Give them trade opportunities instead.
Trade opportunities are critical, that's true. But they have to be fair trade opportunities. Typically what we see are deals that maximise the extraction of natural resources, with very little incentive at all to produce finished goods or to provide services. Quite the contrary, trade negotiations are usually excuses for developed countries to create new export markets at the expense of local industry.
The EU's European Partnership Agreements (EPA) are a perfect case in point. They have manipulated small countries in Africa, the Pacific and the Carribean into accepting virtually free trade conditions where imports from Europe are concerned, but given almost nothing in return. In fact, import duties on a number of critical products (e.g. coffee, copra and sugar) would rise rather than fall.
The conditions are so punitive that the majority are outright opposing it. The minister of Trade for the small developing nation I live in actually sat there at a major public forum and politely but quite firmly told the EU that no deal at all was better than the terms they were offering.
That's the only way you are going to encourage them to create real economies that will alleviate poverty. The obstacles to these people creating wealth and getting themselves out of poverty are a whole hell of a lot more complicated than just access to computers...
I agree with your statement, but not with the implications. There is a definite need for large-scale donor support in order to build basic infrastructure. And these days, the single most critical element of infrastructure is communications. I write a weekly column on ICT in development for one of our national newspapers, and I'm constantly harping on this note. Here's an excerpt from a recent column:
"When asked to forecast growth and capacity in markets such as Vanuatu's, many analysts will simply plot a linear curve that shows a slow but steady increase based on previous trends. The problem is: they're right. Or they will be, if we listen to them.
"You see, it's a self-fulfilling prophecy. If you act on the assumption that nobody will use a network, then - surprise surprise - nobody will. But it works the other way as well. If you simply build out the network, trusting that people will use it... well, they will. What for? It's impossible to say for sure. My guess is that it will dovetail itself into normal life, more or less as described above. But honestly, the only way to be sure is to roll out the network first, then wait and see.
"This kind of advice is, unfortunately, the worst kind of absurdity to planners, donors and business people alike. There's really only one argument for it, and that is: It Works."
To make a long story slightly shorter: Invest heavily and well in infrastructure. The XO is a great investment, because it requires so little else to start being useful.
That's because this hypothetical client doesn't know his ass from a hole in the ground, if you'll pardon my French.
I can't take credit for this, but I read a wonderful snippet somewhere that coined a different phrase, about people who don't know their burro from their burrow...
Coincidentally, it was a regular poster to comp.infosystems.www.html.authoring. His tag line quoted a past professor of his, saying something like: "A burro is an ass. A burrow is a hole in the ground. As journalists, you are expected to know the difference."
To provide an alternative to Negroponte's dicates as to what OS a computer should run. Lock in is bad, not matter who turns the key.
And a completely open, Free software suite, adaptable and extensible by anyone who chooses, is called 'lock in' now?
To povides users of the XO with acess to a much larger proportion of the software available in the world, rather than limiting them by fiat. Freedom of choice includes the freedom to make bad choices - and freedom of choice is good.
Fiat - it all sounds so authoritarian when you use words like that. The XO is an open platform, right down to the hardware specifications. If anyone wants to do it differently, they are welcome to do so.
What is at issue here, though, is Microsoft wanting the OLPC project to change the XO specification - and raise the cost of the machine - in order to accommodate software that is not designed for this platform, and which, even if it's shoe-horned onto it, does nothing whatsoever to guarantee that this brave new world of software applications will become available, because we would still have to wait for individual vendors to support the platform.
To summarize simply: It doesn't matter who the philosophical leader of the project is - Negroponte or Gates, both should be held to the same standard.
Oh, I couldn't agree more. Wake me up if Gates ever shows even a fraction of Negroponte's open-mindedness and enlightenment. Negroponte's strategy leaves to game open to anyone to pick up the ball and play. Microsoft, on the other hand, won't even play until the lines are re-drawn to favour them.
Let's say there was the capacity to add another gig of flash, and XP could run on it. How much educational software would then fit in the machine? How much development tools would fit for the kids to develop apps (I'm thinking specifically of the capabilities Squeak/EToys gives the XO here)? How secure would the grid computing model be?
Good points, all. Let's just summarise by asking one simple question: Why?
The XO has everything it needs already. I've done a month-long evaluation of one of the late prototypes and I can assure you that there is no similar combination of software available for Windows. And even if such a beast existed, there is no way it could be made to run as well on 128 MB RAM and a 400 MHz processor. And even if it could, it wouldn't be as nicely integrated into the overall environment. And even if it were perfectly integrated, there's no way it would come as cheap. And even if it did come as cheap, there's no way people could get the source and alter it to their individual needs.
... But let's just summarise by asking that one simple question: Why?
Think of it as a new, really hot girlfriend that doesn't speak your language. Or can't get it through her @#%$!)(@# head that the roll of toilet paper should be put with the paper coming out over the top!
I could take all that and more... if she would just stop shitting in the bed.
Somehow I don't think telling your clients to move away from the platform they're standardized on is generally going to go over well.
That's because this hypothetical client doesn't know his ass from a hole in the ground, if you'll pardon my French. What software the client is using doesn't mean jack squat if you're building a public website. What's important is what the rest of the world is using today, and what they will be using 12 months from today.
Standards compliance is not ideology. It's the practical application of the very principle that the Internet depends on: We have to be able to talk to one another using known protocols. Anything that subverts that principle should be treated as damage and routed around, to coin a phrase.
If a potential client doesn't care about turning 20% or more of their potential customer base away simply because they don't want to support software from more than one manufacturer, then I don't want to work for them, because they're going to be equally stupid about other decisions, too.
If you're talking about an Intranet application, then your point is moot. It has no bearing whatsoever on the the Internet, which is what's being discussed here. If I meet a potential client that wants a Microsoft-centric intranet application, then I'll politely decline the work and send them on to someone who actually likes that kind of thing. There's enough work to go around.
This argument has been rearing its ugly head since the mid-1990s. Do a Google search for 'standards compliant' in comp.infosystems.www.html.authoring and you'll find endless, tedious debate there. Frankly, I find it boring. I made the decision not to work with Microsoft anything on the web back in 1998, and it hasn't hurt a bit. I've never lacked for work, and I find I spend so much less time dealing with bugs and incompatibilities that I can actually focus on polishing and improving things instead of busting a nut against Microsoft's latest crap-du-jour.
No, MS developers are just plain incompetent. Malevolence gives them far too much credit. To be malevolent, they would actually have to understand, plan and execute....
Make no mistake: Microsoft have a deliberate strategy of disrupting the standardisation process, and everything they do that requires any amount of interoperability is designed with this strategy in mind.
Maybe you're too young to remember, but incompatibility was Microsoft's explicit strategy from the early days of Internet Explorer. Oh, they dressed it up in pretty language, but never forget that 'Embrace and Extend' was a phrase invented by Microsoft in the late 1990s in order to justify their subversion of Web standards. I remember attending the 1999 World Wide Web conference in Toronto where the MS kiosk was happily emblazoned with that very phrase in two foot tall letters.
'Embrace and Extend' has been Microsoft's strategy with regards to any standard they couldn't coopt or dominate from the start. They've done it with HTML, with DHCP, with Kerberos and no doubt with numerous other standards as well.
It's also true that Microsoft produces poor to mediocre software almost all the time, but that's a separate issue. Let me put it this way, I wouldn't attribute to malice what can be explained by incompetence, but in this case we are seeing malice and incompetence.
Do not underestimate fools. Better ones are born all the time and Microsoft is hiring.
I know my position is very un-slashdotish, but there is nothing wrong with content producers wanting to control how their content, in particular, the stuff they paid to generate, from being indexed.
I'm going to assume that you actually mean "...is being indexed."
It's not that they don't want you to see the content, it's that they want to control how you see that content. They want it wrapped in their page, with ads, and not summarized on a search page. Egads, what if you read the summary and decided not to visit the site after all?
Your tongue-in-cheek tone is noted. But at the end of the day, the Internet doesn't allow the kind of control old-school publishers want. Not only is that horse gone, there's no barn left to put it back in, if we ever did manage to find it.
It's an unfortunate fact of life that these people need to have a smart, communicative geek (like, say Larry Lessig) sit down with them and explain that a fundamental aspect of digital information is that it can be replicated with virtually no effort and next to no cost. Additionally, the Internet is a point-to-point network. It is agnostic by design, and works only as long as we accept that we have more to gain by getting along together than by working alone, following our own arbitrary rules. (Make sure Ballmer's not in the room when you get to this part.)
People like to talk a lot about the Tragedy of the Commons, but the one thing the Internet teaches us is that it's a fallacy where networks are concerned. The Internet is ubiquitous and effectively infinite - 'effectively' in the sense that there's always another copy of a given piece of information on the Internet.
This means that control is a pipe dream. The best we can do is use moral suasion to request that people respect our wishes with regards to particular content. We ceased to control it the moment we put it on the Net. The fact that most people actually do play nice is one of the miracles of online society.
What I am saying is that CSS is not even good at creating the output you want when the damn stylesheet you created IS honored by the client, because you don't know the defaults of a browser....
And what I am saying is that you never will.
I'll be the first to agree with you if you want to assert that CSS is an imperfect implementation of an uncomfortable compromise. Heck, I'm pretty sure even Haakon would nod sagely. 8^)
But I still think your expectations are unrealistic, for practical if not philosphical reasons. What you're looking for is a technical display specification that will be implemented consistently in all graphical browsers (let's just forget about all the other clients accessing your site for now). And that, I'm afraid to say, is a pipe dream.
It's good to hear that you're not complaining blindly that HTML/CSS isn't PDF. Nonetheless, it appears to me that you're falling victim to the same false expectations. I could be reading you wrong, and perhaps a more detailed explanation might move me a little, but honestly, I've followed this thread since the start, and I haven't seen anything that didn't make me do more than shrug and say, 'Yeah, sucks, doesn't it? But what are you gonna do?'
The web is an amorphous medium, and we fail when we aspire to assert too much control.
HTML was never perfect. Then the standards people took too long to update it.
Netscape and then Microsoft added custom HTML.
At this point, the browser became written to execute bad code well...
That is factually incorrect.
The fact is, Netscape (MS wasn't really in the game at this point) decided to implement a bunch of new random taggy goodness (e.g. FRAME and BLINK), and when the W3C declined to include them in the latest standard proposal for solid technical reasons like 'frames break the browser history feature', Netscape flipped the W3C the bird and went ahead in spite of it.
The W3C is a standards body, but it's not one that was imposed on the field. It's an industry consortium, which means that companies join it voluntarily. Netscape joined, and the moment the other kids disagreed with it, they decided to take their ball and go home. That's their prerogative, of course, but it doesn't give them - or you - the right to rewrite history.
Setting font properties at the body doesn't cascade for all elements that result in a font onscreen. Try it. With regards to the default stylesheet, that is different than "unstyled." Without using CSS at all you still have margins, there is still a default font size for different elements, there is spacing, things like links have colors, underlines, and hover/selected attributes specified. I am saying there should be a way to tell the browser to disable ALL styling so that there are no margins, no spacing, no default font family, size or weight. ALL of this would have to be specified in your stylesheet at that point.
[Emphasis mine]
The thing that seems to frustrate you the most is that you're confused about who that stylesheet actually belongs to. I've been working on the web more or less since it existed, and I've seen a long - and ultimately boring - litany of complaints from so-called 'web designers', all of them predicated on the false assumption that the website owner gets to dictate the look and feel of their website.
The bottom line is this: We web designers cannot know the display capabilities of the remote client. Therefore, we can only suggest the best way to display our content. Now, there's a reasonable compromise at play here, because it's simply impossible for any client to implement a one-size-fits-all styling that works equally well with every website.
So what we end up with is CSS. Haakon Lie has created what he felt at the time was the best possible way for client and server to negotiate how a particular set of web data is displayed. Provided that one puts away one's design-nazi tendencies, CSS becomes a useful tool. It's not perfect, but that's not entirely CSS' fault. It's down to the agnostic nature of the web.
If you want pixel-perfect control over your content, tools for that already exist: JPG, PNG, PDF, Flash etc. all work just fine for that. Each of these formats comes at cost, but then, TANSTAAFL has always been the last word in this game.
Well, I could have believed %100 Since this survey was filled out by linux users, but %139.5 ?!!!
Am I the only one who sees a problem with the math here?
Yes. If you bothered to RTFA:
"Yes, that does add up to more than 100 percent. It would seem that groups using Linux in the office have not standardized on a particular distribution, or even a distribution family."
Linux users are - amazingly - capable of using more than one OS at once. I know this is anathema to those who believe that the only alternative to white is black, and for whom anything less than perfect logical symmetry causes cranial asplosion. But hey, we got into weird territory right from the moment we put 'Linux' and 'Desktop' in the same sentence, and left out both 'doesn't belong' and 'the year of'.
Now, how did this ship? Who tested it? Who did the code reviews? Who did the security reviews? Who did all the threat modeling?
I'm sure you'll find the answers to these questions, as well as the make-up of the team, the changelog, access to CVS, and links to the development mailing list on the FLAC Project page. If you weren't being facetious, that is.
The point behind FOSS - which you seem to have deliberately misconstrued - is openness, not perfection. While it can be argued that FOSS development processes can bring software closer to perfection, only a fool (or Daniel Bernstein, but he's in a class by himself) labours under the illusion that bug-free software is attainable.
How software bugs get addressed, and how we make informed decisions about our exposure to security risks is what allows FOSS projects to really shine. FOSS doesn't make you safer necessarily, but it gives you the opportunity to evaluate how safe you are. In the hands of a healthy development community, this transparency does result in more secure software.
eEye has been able to do a thorough analysis of the FLAC format, and has found 14 vulnerabilities. To my knowledge, none of these vulnerabilities have yet been exploited on any scale. If - and I'll grant you that this is a big if - the FLAC team responds well and quickly to the security review, then we can expect to sleep better at night than we might using J. Random Company's binary blobs.
While we're on the subject, perhaps you could provide similar information about Microsoft's development projects? Mind if I take a peek at your CVS? Or would you rather I just take your word that your code is problem-free?
Slashdot Mirror
So close. Lets turn those into a proper Tcl list, shall we...
set thislist {Samba} {the PHP} {Perl} {Tcl dynamic languages} {Amanda}No, I think he's deliberately speaking with a LISP.... 8^)
Indeed. FTFA:
One can only speculate about the, er, source of their discomfort.... 8^)
1 per 1000 lines is even more impressive as an average across all 180 FOSS applications tested. Most impressive of all are the highlights:
Even some of those with more bugs have at least responded well:
And my favourite 'backslider' of all, OpenVPN, has yet to fix 100% of the bugs found during this exercise. Of course, that's only 1 bug in over 69,000 lines of code....
These results should be viewed as excellent, by and large. This doesn't mean all this software is bug-free, just that there aren't a lot of easily preventable bugs in the code base. Most encouraging, though, is how fast they got addressed and fixed by the healthier FOSS projects.
How could he possibly know that? He said already that he stopped reading after 'the PHP'.
I don't know about you, but all of my documents from University are in WordPerfect 5.x format, and many of the things I wrote in my earlier years were saved as Ami Pro. In general terms, it should neither be desirable nor necessary to update all of one's archival materials at the whim of the software maker.
While I can understand the danger of storing things in binary, word processing document formats are - or should be - especially easy to support for decades if not longer.
Don't be so quick to disparage it. While I'll be the first to admit that it's not really necessary for typical indoor use, the extremely high definition and brilliant contrast make it possible to use a portable device in scenarios you might not have considered before.
I did a month-long evaluation of an OLPC B2 prototype, and the thing that appealed to me most was the fact that it made it possible (or at least conceivable) to have constant access to information at all times, without worrying about rain, sun or shade, accidents, dust and most other kinds of things that make laptop-users cringe. The display played no small part in this.
I live in what the UN designates as a Least Developed Country, so I'll admit that my needs are special. But I can think of dozens of ways in which a device with similar attributes to the OLPC would be useful to inhabitants of the world's most developed cities. Their low cost and robustness, combined with their suitability to the task, finally give us true commoditisation of information technology.
This dual-mode screen is really impressive when you see it at work. It is truly innovative because it makes new uses of computers possible.
Then you'd be the man in the Ion mask!
I was thinking more about waterproofing my network equipment - The LAN in the ion mask.
I call FUD on that. Prove that we have more per capita surveillance of border crossings than, say, Switzerland, Singapore, Norway or Israel.
Well, I haven't been to Norway or Israel, but in a lifetime of constant travel, the US is the only country that I know of that requires my photo and finger prints in order to enter it, or even to transit through it.
... Which, incidentally, is why I will no longer visit the US.
I love these guys. I live in Vanuatu, a tiny South Pacific country that so far has escaped the attention of the Google, Yahoo! and Microsoft map interfaces. The only way we're going to get decent maps of our towns is by doing it ourselves. Thanks to a few thoughtful people from Australia and the US, we now have a GPS and are mapping all the streets of Port Vila, the capital.
Few people have computer experience, but we managed to recruit a young man from a local NGO's youth project, and he's been spending the last few weeks riding around in a local mini-bus run by a family member of his. I've already uploaded some of the raw data, and with any luck we'll have some decent maps of the town before too long.
What I like best about Open Street Maps is that their format is compatible with Google Maps. This means that if the stars align themselves properly, we'll be on the map fairly soon.
What a terrible design! I worked for a couple of years on a FOSS product whose commercial version phoned home by design. It was a small server that allowed remote configuration changes via our NOC. The idea was to provide basic systems admin functionality for multiple geographically dispersed servers. Man-in-the-middle attacks - in either direction - were one of the primary concerns, second only to the privacy of the customer.
We vetted every byte, incoming or outgoing; we worried constantly about both sides of the the authentication process, addressed DNS poisoning and coped properly with pwned clients as well. We never ever passed anything but text between the server and the NOC. Even anti-virus signature updates were performed out-of-band with the 'phone-home' process.
Allowing execution of arbitrarily defined scripts is a disaster in the making. The trust model is entirely wrong, for one thing. I understand now why the manufacturer didn't want to talk about, because no sysadmin in his right mind[*] would accept that someone outside the organisation should ever have the right to run arbitrary code on their boxes without prior vetting.
*****
[*] Unfortunately, 'sysadmins in their right mind' is a far-too-small subset of all sysadmins....
What is needed is a /. style moderation and karma system so that any peer can review it without having to change it and indicate to other which are the best entries and editors.
And like here, it will help for egregious defacement, but will only ensure that the surviving articles match any communinty groupthink that may exist....
You mis-spelled 'consensus'. And 'community'.
I would say it's the only challenge actually. Gliding around in any winged suit is fun and safe as long as you still open the chute at the end.
Pilots have a saying that sums things up quite nicely: "Take-off is optional. Landing is compulsory."
No, there's a place for foreign aid. Consider the history of 'developed' countries like the US and Canada, which were built up from virgin nature in a little less than two centuries. In both cases, large-scale development projects were underwritten almost completely by government. Railroads, the highway system and especially rural electrification were all heavily subsidised by the central government, with little or no thought of ever getting a direct return on the investment.
Give them trade opportunities instead.Trade opportunities are critical, that's true. But they have to be fair trade opportunities. Typically what we see are deals that maximise the extraction of natural resources, with very little incentive at all to produce finished goods or to provide services. Quite the contrary, trade negotiations are usually excuses for developed countries to create new export markets at the expense of local industry.
The EU's European Partnership Agreements (EPA) are a perfect case in point. They have manipulated small countries in Africa, the Pacific and the Carribean into accepting virtually free trade conditions where imports from Europe are concerned, but given almost nothing in return. In fact, import duties on a number of critical products (e.g. coffee, copra and sugar) would rise rather than fall.
The conditions are so punitive that the majority are outright opposing it. The minister of Trade for the small developing nation I live in actually sat there at a major public forum and politely but quite firmly told the EU that no deal at all was better than the terms they were offering.
That's the only way you are going to encourage them to create real economies that will alleviate poverty. The obstacles to these people creating wealth and getting themselves out of poverty are a whole hell of a lot more complicated than just access to computers...I agree with your statement, but not with the implications. There is a definite need for large-scale donor support in order to build basic infrastructure. And these days, the single most critical element of infrastructure is communications. I write a weekly column on ICT in development for one of our national newspapers, and I'm constantly harping on this note. Here's an excerpt from a recent column:
To make a long story slightly shorter: Invest heavily and well in infrastructure. The XO is a great investment, because it requires so little else to start being useful.
I can't take credit for this, but I read a wonderful snippet somewhere that coined a different phrase, about people who don't know their burro from their burrow...
Coincidentally, it was a regular poster to comp.infosystems.www.html.authoring. His tag line quoted a past professor of his, saying something like: "A burro is an ass. A burrow is a hole in the ground. As journalists, you are expected to know the difference."
And a completely open, Free software suite, adaptable and extensible by anyone who chooses, is called 'lock in' now?
Fiat - it all sounds so authoritarian when you use words like that. The XO is an open platform, right down to the hardware specifications. If anyone wants to do it differently, they are welcome to do so.
What is at issue here, though, is Microsoft wanting the OLPC project to change the XO specification - and raise the cost of the machine - in order to accommodate software that is not designed for this platform, and which, even if it's shoe-horned onto it, does nothing whatsoever to guarantee that this brave new world of software applications will become available, because we would still have to wait for individual vendors to support the platform.
Oh, I couldn't agree more. Wake me up if Gates ever shows even a fraction of Negroponte's open-mindedness and enlightenment. Negroponte's strategy leaves to game open to anyone to pick up the ball and play. Microsoft, on the other hand, won't even play until the lines are re-drawn to favour them.
Good points, all. Let's just summarise by asking one simple question: Why?
The XO has everything it needs already. I've done a month-long evaluation of one of the late prototypes and I can assure you that there is no similar combination of software available for Windows. And even if such a beast existed, there is no way it could be made to run as well on 128 MB RAM and a 400 MHz processor. And even if it could, it wouldn't be as nicely integrated into the overall environment. And even if it were perfectly integrated, there's no way it would come as cheap. And even if it did come as cheap, there's no way people could get the source and alter it to their individual needs.
... But let's just summarise by asking that one simple question: Why?
It's more a case of arrested development. Apparently, she was hit over the head with a chair.
I could take all that and more... if she would just stop shitting in the bed.
That's because this hypothetical client doesn't know his ass from a hole in the ground, if you'll pardon my French. What software the client is using doesn't mean jack squat if you're building a public website. What's important is what the rest of the world is using today, and what they will be using 12 months from today.
Standards compliance is not ideology. It's the practical application of the very principle that the Internet depends on: We have to be able to talk to one another using known protocols. Anything that subverts that principle should be treated as damage and routed around, to coin a phrase.
If a potential client doesn't care about turning 20% or more of their potential customer base away simply because they don't want to support software from more than one manufacturer, then I don't want to work for them, because they're going to be equally stupid about other decisions, too.
If you're talking about an Intranet application, then your point is moot. It has no bearing whatsoever on the the Internet, which is what's being discussed here. If I meet a potential client that wants a Microsoft-centric intranet application, then I'll politely decline the work and send them on to someone who actually likes that kind of thing. There's enough work to go around.
This argument has been rearing its ugly head since the mid-1990s. Do a Google search for 'standards compliant' in comp.infosystems.www.html.authoring and you'll find endless, tedious debate there. Frankly, I find it boring. I made the decision not to work with Microsoft anything on the web back in 1998, and it hasn't hurt a bit. I've never lacked for work, and I find I spend so much less time dealing with bugs and incompatibilities that I can actually focus on polishing and improving things instead of busting a nut against Microsoft's latest crap-du-jour.
Make no mistake: Microsoft have a deliberate strategy of disrupting the standardisation process, and everything they do that requires any amount of interoperability is designed with this strategy in mind.
Maybe you're too young to remember, but incompatibility was Microsoft's explicit strategy from the early days of Internet Explorer. Oh, they dressed it up in pretty language, but never forget that 'Embrace and Extend' was a phrase invented by Microsoft in the late 1990s in order to justify their subversion of Web standards. I remember attending the 1999 World Wide Web conference in Toronto where the MS kiosk was happily emblazoned with that very phrase in two foot tall letters.
'Embrace and Extend' has been Microsoft's strategy with regards to any standard they couldn't coopt or dominate from the start. They've done it with HTML, with DHCP, with Kerberos and no doubt with numerous other standards as well.
It's also true that Microsoft produces poor to mediocre software almost all the time, but that's a separate issue. Let me put it this way, I wouldn't attribute to malice what can be explained by incompetence, but in this case we are seeing malice and incompetence.
Heh, you just got yourself a new .sig. 8^)
I'm going to assume that you actually mean "...is being indexed."
Your tongue-in-cheek tone is noted. But at the end of the day, the Internet doesn't allow the kind of control old-school publishers want. Not only is that horse gone, there's no barn left to put it back in, if we ever did manage to find it.
It's an unfortunate fact of life that these people need to have a smart, communicative geek (like, say Larry Lessig) sit down with them and explain that a fundamental aspect of digital information is that it can be replicated with virtually no effort and next to no cost. Additionally, the Internet is a point-to-point network. It is agnostic by design, and works only as long as we accept that we have more to gain by getting along together than by working alone, following our own arbitrary rules. (Make sure Ballmer's not in the room when you get to this part.)
People like to talk a lot about the Tragedy of the Commons, but the one thing the Internet teaches us is that it's a fallacy where networks are concerned. The Internet is ubiquitous and effectively infinite - 'effectively' in the sense that there's always another copy of a given piece of information on the Internet.
This means that control is a pipe dream. The best we can do is use moral suasion to request that people respect our wishes with regards to particular content. We ceased to control it the moment we put it on the Net. The fact that most people actually do play nice is one of the miracles of online society.
And what I am saying is that you never will.
I'll be the first to agree with you if you want to assert that CSS is an imperfect implementation of an uncomfortable compromise. Heck, I'm pretty sure even Haakon would nod sagely. 8^)
But I still think your expectations are unrealistic, for practical if not philosphical reasons. What you're looking for is a technical display specification that will be implemented consistently in all graphical browsers (let's just forget about all the other clients accessing your site for now). And that, I'm afraid to say, is a pipe dream.
It's good to hear that you're not complaining blindly that HTML/CSS isn't PDF. Nonetheless, it appears to me that you're falling victim to the same false expectations. I could be reading you wrong, and perhaps a more detailed explanation might move me a little, but honestly, I've followed this thread since the start, and I haven't seen anything that didn't make me do more than shrug and say, 'Yeah, sucks, doesn't it? But what are you gonna do?'
The web is an amorphous medium, and we fail when we aspire to assert too much control.
Netscape and then Microsoft added custom HTML.
At this point, the browser became written to execute bad code well...
That is factually incorrect.
The fact is, Netscape (MS wasn't really in the game at this point) decided to implement a bunch of new random taggy goodness (e.g. FRAME and BLINK), and when the W3C declined to include them in the latest standard proposal for solid technical reasons like 'frames break the browser history feature', Netscape flipped the W3C the bird and went ahead in spite of it.
The W3C is a standards body, but it's not one that was imposed on the field. It's an industry consortium, which means that companies join it voluntarily. Netscape joined, and the moment the other kids disagreed with it, they decided to take their ball and go home. That's their prerogative, of course, but it doesn't give them - or you - the right to rewrite history.
Possibly not. 8^)
[Emphasis mine]
The thing that seems to frustrate you the most is that you're confused about who that stylesheet actually belongs to. I've been working on the web more or less since it existed, and I've seen a long - and ultimately boring - litany of complaints from so-called 'web designers', all of them predicated on the false assumption that the website owner gets to dictate the look and feel of their website.
The bottom line is this: We web designers cannot know the display capabilities of the remote client. Therefore, we can only suggest the best way to display our content. Now, there's a reasonable compromise at play here, because it's simply impossible for any client to implement a one-size-fits-all styling that works equally well with every website.
So what we end up with is CSS. Haakon Lie has created what he felt at the time was the best possible way for client and server to negotiate how a particular set of web data is displayed. Provided that one puts away one's design-nazi tendencies, CSS becomes a useful tool. It's not perfect, but that's not entirely CSS' fault. It's down to the agnostic nature of the web.
If you want pixel-perfect control over your content, tools for that already exist: JPG, PNG, PDF, Flash etc. all work just fine for that. Each of these formats comes at cost, but then, TANSTAAFL has always been the last word in this game.
Am I the only one who sees a problem with the math here?
Yes. If you bothered to RTFA:
Linux users are - amazingly - capable of using more than one OS at once. I know this is anathema to those who believe that the only alternative to white is black, and for whom anything less than perfect logical symmetry causes cranial asplosion. But hey, we got into weird territory right from the moment we put 'Linux' and 'Desktop' in the same sentence, and left out both 'doesn't belong' and 'the year of'.
I'm sure you'll find the answers to these questions, as well as the make-up of the team, the changelog, access to CVS, and links to the development mailing list on the FLAC Project page. If you weren't being facetious, that is.
The point behind FOSS - which you seem to have deliberately misconstrued - is openness, not perfection. While it can be argued that FOSS development processes can bring software closer to perfection, only a fool (or Daniel Bernstein, but he's in a class by himself) labours under the illusion that bug-free software is attainable.
How software bugs get addressed, and how we make informed decisions about our exposure to security risks is what allows FOSS projects to really shine. FOSS doesn't make you safer necessarily, but it gives you the opportunity to evaluate how safe you are. In the hands of a healthy development community, this transparency does result in more secure software.
eEye has been able to do a thorough analysis of the FLAC format, and has found 14 vulnerabilities. To my knowledge, none of these vulnerabilities have yet been exploited on any scale. If - and I'll grant you that this is a big if - the FLAC team responds well and quickly to the security review, then we can expect to sleep better at night than we might using J. Random Company's binary blobs.
While we're on the subject, perhaps you could provide similar information about Microsoft's development projects? Mind if I take a peek at your CVS? Or would you rather I just take your word that your code is problem-free?