"Sure it's perhaps the most popular web server for major sites. But the number of non web-servers on the internet vastly outnumbers the number of webservers."
Your explanation, while factually correct, exhibits some rather, uh, convenient reasoning. Have we already forgotten Code Red and Nimda which wreaked havoc on the Internet by affecting only IIS? Those were all web servers.
"And besides, servers are likely to be set up with the main user not running as administrator. It's tough to get traction on those systems. Better to attack loosely administered user systems, regardless of OS."
So... how does this explain Code Red etc.? It doesn't.
It does, however, explain why Windows software is the single largest vector for computer infection in the world today. MS flouts the principle of least privileged access, and makes its users pay the price.
Congratulations! You've just provided the information necessary to prove that hackers attack the easiest system rather than the most popular. 8^)
"No, I think you'll find that the vast majority of computer users live in rich countries. The vast majority of *people* live in poor countries, but very very few of them have computers."
I think the poster was channeling the future there. Your statement above is correct today, but will almost certainly not be correct within about 5 years.
Computer use in the developing country I work in has increased by about an order of magnitude in the last 3 years. This still represents a fairly small number, but we're rapidly approaching a level of saturation where hardware and software will hit the tipping point in terms of cost and availability and become as necessary to life as road transport is today.
"The thing about support of Open Source Software is that quality support demands above all else a stable product. No, not one that doesn't crash very often, one that doesn't change very often."
Erm, not to burst your bubble or anything, but isn't this exactly what Debian and CentOS are all about?
I agree with your point about stability; I'm almost pathological about it myself. But to imply that FOSS can't be stable is patently wrong.
"Compared to keeping a connection state, gzipping is _way_ more expensive. I find it very hard to believe that there is a case where keeping the connection longer was more expensive than gzipping the content."
I'm prone to agree. But I also suspect that my CTO is going to agree that it's cheaper to pay once for more processing power than it is to pay every day for higher bandwidth use. YMMV, of course. Bandwidth is relatively cheap in some parts of the US, but in other parts of the world it's hideously expensive.
In short, I agree with your conclusion, but I think that the GP is right, if not for the reasons he provided. In some cases it actually does make sense to cope with a little less efficiency in one part of the system than it is to cope with constantly higher costs in another.
"Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
"If only these companies knew then what we know now: these internet services don't need to be marketed to the masses."
You hit the nail on the head. The level of misunderstanding at the time was immense. I vividly remember one keynote address at the 1999 World Wide Web Conference in Toronto, given by Bob Metcalfe.
Bob had this nice tight little riff he'd made up, wherein he announced that in order to thrive on the web, a company had to eyeballize, memberize and then monetize their website. His message, as much as any other, epitomised the Oklahoma-land-rush feeling at the time, where people grabbed turf first and asked questions later.
Unfortunately, some of those questions were rather nuanced. Like, for example, 'do you not like ads at all, or do you just not want to be distracted while you're reading online?' Google found the answer to that. Go.com and others did not, to their chagrin.
MSN has only recently begun learning the folly of 'memberizing'. And people are still struggling with the problem of 'monetizing' their websites.
At the time I heard Metcalfe's talk I remember shaking my head in disbelief. Now, don't get me wrong, I respect him greatly for inventing ethernet. But further proof of the folly of the Dot Com boom was the blind faith that investors put in the business acumen of the alpha geek. Visionaries, generally speaking, are not too great at dealing with the messy details of day-to-day life, and as often as not need to be protected from it (that's one good use for tenure in Universities, by the way). Investors allowed these same dreamers into the driver's seat, and paid in spades for the decision.
"Programmers also have to debug and maintain that software, and that makes Perl one of the most wasteful languages in terms of programmer time."
This is insightful only to those who have no exposure to Perl other than the odd two-bit script.
Well-written Perl features inline documentation, built-in unit tests, strong interaction with more powerful languages where optimisation is required and complete access to the Apache API. Not to mention a very useful debugger. And Perl apps can benefit from the vast wealth of experience that is CPAN, not to mention some of the best-designed web development tools available today.
Someone help me out here: Does PHP (for example) have any of these?
I'm not one to disparage other languages. There are plenty of desirable features in each. But when people cast aspersions based on nothing but roadside rumour, I feel it's important to correct the record.
"I am guessing that they chose to do this client-side (knowing it would get bypassed) because they did not want to deal with the backlash from passing the data to the server."
Yeah, fuck that Secure Sockets Layer data encryption shit. Let's just make a trivially circumvented client-side javascript instead.
"If MS does end up having to change Windows Vista's name, they can choose from a list of synonyms for "Vista" so they'd have names like:" [list to follow]
You know what I like best about product names? No matter how hard the company tries, they just can't stop some smartass from making stupid puns at their expense:
Windows VISTA (Virus Infections, Spyware, Trojans: Agony!)
Windows Aspect (Ass pick)
Windows Horizon (shorten to Windows Whore, or just plain Ho)
Windows Panorama (Pain-o-rama, Pano-rammer)
Windows Outlook (Look out! Sorry, this one's been done to death already)
If the folks from MS marketing were smart, they'd spend half an hour testing product names with some pimply little attitude-challenged 13 year olds before they even consider choosing a product name. 8^)
"What most people don't understand is that a very small minority in the scientific community believe that one, global warming is a threat, and two, global warming is totally or mostly man-made. You have a small number of unscrupulous scientists who massage data, make up data, and use weather models that are known to be flawed who are able to convince NGOs and the mainstream media that not only is the sky falling, but the scientific community is in total agreement with them. In reality, it's only about 1-2% who are true believers. Rep. Barton has every right to investigate these shady characters, who very well may have been paid by "environmentalist" groups to peddle their party line. There's corruption here, whether it be intellectual dishonesty and pseudo-science, or even scientists being on the take."
In this paragraph you have:
Asserted that a minority of scientists believe that global climate change is a threat
Asserted that a minority of scientists believe that global climate change is caused by human intervention
Asserted that at least some of the claims concerning climate change involve people who "... massage data, make up data, and use weather models that are known to be flawed..." - in short are guilty of fraud.
State specifically that "1-2%" of scientists are guilty of this kind of activity.
State explicitly that this is the result of corruption.
Then you say:
"Let the eco-nuts defend their arguments on fact, not a revived misanthropic mysticism."
Might I suggest that you offer some basis for the assertions you make here, lest you be accused of the very thing you accuse the 'eco-nuts' of doing?
"And how exactly is any of that going to happen under anything remotely resembling the idea I described, if you weren't sending that stuff in e-mails to people who didn't want it?"
Sorry, I didn't mean to imply that this would be an intended use of the system. I was trying to suggest that it would be trivial to game such a system e.g. forward the original message as an attachment to all of the members of your {group|clique|cabal|whatever} and have them reject it independantly. Heck, the whole thing could be trivially scripted in VBA.
In a perfect world, your assumption is more or less on target - it makes the cost of any single transgression too high. I'm simply extrapolating from that and suggesting that it can make the cost of any communication too high.
Remember, these are people and governments we're talking about here, not saints and angels. Think again about how the denunciation process has worked in history, then apply it to the scheme that you describe and you'll quickly realise that it's wide open to abuse.
"Sure, you can still get a spammer signing up for a new account, doing it once, and then going away, but at least you can shut them down quickly and effectively. You could almost automate it: if x% of recipients of mail from verified address spammer@spammers.com click the "I think this is spam" button in their mail client within a brief period, the system just shuts down any further propagation of mail from that address. (That naive an approach is probably unworkable, but you get the idea.)"
Yes, it is a naive approach. And yes, I get the idea. But I happen to think it's incredibly dangerous and prone to abuse. Do you really want the family values gang to shut you out of the Internet for good just because they don't like your artful nudes? Do you want some semi-rational posse of political activists to be able to legally DOS you just because they consider your ideas dangerous? Do you want the government to have an excuse to throw you into jail simply because of some anonymous denunciation?
If you think that the above is just the tin-foil lined rambling of a deluded mind, consider that this kind of behaviour has happened throughout history, and that this little bubble of freedom we're experiencing is, historically speaking, more an aberration than the norm:
"You've got to be kidding....why would this bother them?"
A bunch of different coloured people speaking a foreign tongue wander all over your home town with some kind of weird sensing equipment that you've never seen before in your life.
If you can name one town in the USA where behaviour like that wouldn't result in phone calls to (and questions from) the local authorities, I'll agree that the GP was out of line.
But you won't. So no, he's not kidding. People in small towns are just like that.
"Iris Scans, like any technology, can be used for both good and evil. I know because I am starting a business using iris scans in a way that will actually increase privacy of users."
Good, then maybe you can answer a question for me: Will I lose access to work, my bank account and all my private papers when some kid who doesn't listen to his mother's advice puts my eye out with a snowball?
I know I'm being a little glib, but it's a serious question....
"Malware removal is about 30% of our billable hours."
*BOGGLE*
Dude, I am so in the wrong line of work. Here I am running systems so reliable my customers don't recognise me any more, when all along I should have been installing Windows and billing 30% more!
It's because they do a lot of reading and almost as much writing. It's because precision matters to them, and they don't consider hand-waving in the general direction of a topic to be knowledge.
For my part, I definitely judge geeks by their ability to communicate. A spelling error on a CV is death, as far as I'm concerned.
That said, I also enjoy neologisms and word play. I don't believe in a tyrannical, académie française approach to language. But before you use 'freedom' as an excuse to mangle the language, though, consider that, generally speaking, people know the difference between flamboyance and laziness.
Lastly, as others have said, this terrible imprecision in written language is everywhere, even among writers. For some real horror stories, simply run a google search for 'poetry'. 8^)
"Quotes like "The lack of any concrete numbers at all shows the typical academic hand-wavy 'our asymptotic is good, we don't need to worry about reality' approach" certainly don't earn him much respect from academics in system programming research who work very hard, thankyou very much, to ensure that their results are realistic. He has turned a simple observation about the paper (they neglected certain overheads) into a bigoted rant (academics are foolish). Not cool."
I'd venture to suggest that he's tired of 'typical academic hand-waving', in which 'neglected overheads' get overlooked. Take this nugget, for example:
"The really big unfixable problem with error correction is that peers can't verify data with a secure hash before they pass it on to other peers. As a result, it's quite straightforward for a malicious peer to poison an entire swarm just by uploading a little bit of data. The Avalanche paper conveniently doesn't mention that problem."
The paper exposes a fundamental misunderstanding of the process it's attempting to explain, doesn't have the adequate means to test its assumptions - and still should be taken seriously by the one person who has the most experience with the kind of problem it purports to 'solve'?
No, I think it's a simple matter of Bram being right and refusing to suffer fools gladly. He does not generalise illiberally; he provides reasons for his disdain, and makes it clear it's based on experience, not assumption:
"I'd comment on academic papers more, but generally they're so bad that evaluating them does little more than go over epistemological problems with their methodology, and is honestly a waste of time."
So kindly quit with the ad hominem attacks. Bram's attitude may be dismissive. It's his right, and it does nothing to reduce the impact of his observations, which expose just how badly the researchers have misunderstood the issue.
Bram is one of the giants on whose shoulders we have the privilege to stand.
"Will this be an effective means to bring the shining light of truth to the unwashed masses, or will the opposing party of darkness be able to subvert it to their own nefarious ends?"
... And the answer, as always, is yes to both. 8^)
Slashdot Mirror
"Sure it's perhaps the most popular web server for major sites. But the number of non web-servers on the internet vastly outnumbers the number of webservers."
Your explanation, while factually correct, exhibits some rather, uh, convenient reasoning. Have we already forgotten Code Red and Nimda which wreaked havoc on the Internet by affecting only IIS? Those were all web servers.
"And besides, servers are likely to be set up with the main user not running as administrator. It's tough to get traction on those systems. Better to attack loosely administered user systems, regardless of OS."
So... how does this explain Code Red etc.? It doesn't.
It does, however, explain why Windows software is the single largest vector for computer infection in the world today. MS flouts the principle of least privileged access, and makes its users pay the price.
Congratulations! You've just provided the information necessary to prove that hackers attack the easiest system rather than the most popular. 8^)
"No, I think you'll find that the vast majority of computer users live in rich countries. The vast majority of *people* live in poor countries, but very very few of them have computers."
I think the poster was channeling the future there. Your statement above is correct today, but will almost certainly not be correct within about 5 years.
Computer use in the developing country I work in has increased by about an order of magnitude in the last 3 years. This still represents a fairly small number, but we're rapidly approaching a level of saturation where hardware and software will hit the tipping point in terms of cost and availability and become as necessary to life as road transport is today.
"The thing about support of Open Source Software is that quality support demands above all else a stable product. No, not one that doesn't crash very often, one that doesn't change very often."
Erm, not to burst your bubble or anything, but isn't this exactly what Debian and CentOS are all about?
I agree with your point about stability; I'm almost pathological about it myself. But to imply that FOSS can't be stable is patently wrong.
"Compared to keeping a connection state, gzipping is _way_ more expensive. I find it very hard to believe that there is a case where keeping the connection longer was more expensive than gzipping the content."
I'm prone to agree. But I also suspect that my CTO is going to agree that it's cheaper to pay once for more processing power than it is to pay every day for higher bandwidth use. YMMV, of course. Bandwidth is relatively cheap in some parts of the US, but in other parts of the world it's hideously expensive.
In short, I agree with your conclusion, but I think that the GP is right, if not for the reasons he provided. In some cases it actually does make sense to cope with a little less efficiency in one part of the system than it is to cope with constantly higher costs in another.
"Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
What. The. Fuck.
"Of course you could - if you were prepared to negotiate appropriate licensing with Microsoft."
You mis-spelled 'reaming'. 8^)
"SCO provided the opperating system for the Abrams Tank."
'Long haired smellies' the world over quake in fear at the news....
"If only these companies knew then what we know now: these internet services don't need to be marketed to the masses."
You hit the nail on the head. The level of misunderstanding at the time was immense. I vividly remember one keynote address at the 1999 World Wide Web Conference in Toronto, given by Bob Metcalfe.
Bob had this nice tight little riff he'd made up, wherein he announced that in order to thrive on the web, a company had to eyeballize, memberize and then monetize their website. His message, as much as any other, epitomised the Oklahoma-land-rush feeling at the time, where people grabbed turf first and asked questions later.
Unfortunately, some of those questions were rather nuanced. Like, for example, 'do you not like ads at all, or do you just not want to be distracted while you're reading online?' Google found the answer to that. Go.com and others did not, to their chagrin.
MSN has only recently begun learning the folly of 'memberizing'. And people are still struggling with the problem of 'monetizing' their websites.
At the time I heard Metcalfe's talk I remember shaking my head in disbelief. Now, don't get me wrong, I respect him greatly for inventing ethernet. But further proof of the folly of the Dot Com boom was the blind faith that investors put in the business acumen of the alpha geek. Visionaries, generally speaking, are not too great at dealing with the messy details of day-to-day life, and as often as not need to be protected from it (that's one good use for tenure in Universities, by the way). Investors allowed these same dreamers into the driver's seat, and paid in spades for the decision.
"Programmers also have to debug and maintain that software, and that makes Perl one of the most wasteful languages in terms of programmer time."
This is insightful only to those who have no exposure to Perl other than the odd two-bit script.
Well-written Perl features inline documentation, built-in unit tests, strong interaction with more powerful languages where optimisation is required and complete access to the Apache API. Not to mention a very useful debugger. And Perl apps can benefit from the vast wealth of experience that is CPAN, not to mention some of the best-designed web development tools available today.
Someone help me out here: Does PHP (for example) have any of these?
I'm not one to disparage other languages. There are plenty of desirable features in each. But when people cast aspersions based on nothing but roadside rumour, I feel it's important to correct the record.
"MS has 90%+ of the market. Why should they try to do anyting other than what they're doing, which is obviously working? They seem pretty content!"
I bet that's exactly what the T-Rex thought when some stupid little proto-mammal scuttled across his toe. 8^)
"I am guessing that they chose to do this client-side (knowing it would get bypassed) because they did not want to deal with the backlash from passing the data to the server."
Yeah, fuck that Secure Sockets Layer data encryption shit. Let's just make a trivially circumvented client-side javascript instead.
Sorry, couldn't resist. 8^)
"If MS does end up having to change Windows Vista's name, they can choose from a list of synonyms for "Vista" so they'd have names like:" [list to follow]
You know what I like best about product names? No matter how hard the company tries, they just can't stop some smartass from making stupid puns at their expense:
Windows VISTA (Virus Infections, Spyware, Trojans: Agony!)
Windows Aspect (Ass pick)
Windows Horizon (shorten to Windows Whore, or just plain Ho)
Windows Panorama (Pain-o-rama, Pano-rammer)
Windows Outlook (Look out! Sorry, this one's been done to death already)
If the folks from MS marketing were smart, they'd spend half an hour testing product names with some pimply little attitude-challenged 13 year olds before they even consider choosing a product name. 8^)
"What most people don't understand is that a very small minority in the scientific community believe that one, global warming is a threat, and two, global warming is totally or mostly man-made. You have a small number of unscrupulous scientists who massage data, make up data, and use weather models that are known to be flawed who are able to convince NGOs and the mainstream media that not only is the sky falling, but the scientific community is in total agreement with them. In reality, it's only about 1-2% who are true believers. Rep. Barton has every right to investigate these shady characters, who very well may have been paid by "environmentalist" groups to peddle their party line. There's corruption here, whether it be intellectual dishonesty and pseudo-science, or even scientists being on the take."
In this paragraph you have:
Then you say:
"Let the eco-nuts defend their arguments on fact, not a revived misanthropic mysticism."
Might I suggest that you offer some basis for the assertions you make here, lest you be accused of the very thing you accuse the 'eco-nuts' of doing?
Hugs,
/me
"And how exactly is any of that going to happen under anything remotely resembling the idea I described, if you weren't sending that stuff in e-mails to people who didn't want it?"
Sorry, I didn't mean to imply that this would be an intended use of the system. I was trying to suggest that it would be trivial to game such a system e.g. forward the original message as an attachment to all of the members of your {group|clique|cabal|whatever} and have them reject it independantly. Heck, the whole thing could be trivially scripted in VBA.
In a perfect world, your assumption is more or less on target - it makes the cost of any single transgression too high. I'm simply extrapolating from that and suggesting that it can make the cost of any communication too high.
Remember, these are people and governments we're talking about here, not saints and angels. Think again about how the denunciation process has worked in history, then apply it to the scheme that you describe and you'll quickly realise that it's wide open to abuse.
"There are many Middle Eastern countries which have fundalmentalist leaders who also consider themselves the 'Party of God.'"
You're quite literally right. See this wikipedia article on Hezbollah for details.
(Free hint for those too lazy to click on the f-ing link: 'Hezbollah' means 'Party of God'.)
"Sure, you can still get a spammer signing up for a new account, doing it once, and then going away, but at least you can shut them down quickly and effectively. You could almost automate it: if x% of recipients of mail from verified address spammer@spammers.com click the "I think this is spam" button in their mail client within a brief period, the system just shuts down any further propagation of mail from that address. (That naive an approach is probably unworkable, but you get the idea.)"
Yes, it is a naive approach. And yes, I get the idea. But I happen to think it's incredibly dangerous and prone to abuse. Do you really want the family values gang to shut you out of the Internet for good just because they don't like your artful nudes? Do you want some semi-rational posse of political activists to be able to legally DOS you just because they consider your ideas dangerous? Do you want the government to have an excuse to throw you into jail simply because of some anonymous denunciation?
If you think that the above is just the tin-foil lined rambling of a deluded mind, consider that this kind of behaviour has happened throughout history, and that this little bubble of freedom we're experiencing is, historically speaking, more an aberration than the norm:
Ave! Old knitter of black wool. Morituri te salutant
"You've got to be kidding....why would this bother them?"
A bunch of different coloured people speaking a foreign tongue wander all over your home town with some kind of weird sensing equipment that you've never seen before in your life.
If you can name one town in the USA where behaviour like that wouldn't result in phone calls to (and questions from) the local authorities, I'll agree that the GP was out of line.
But you won't. So no, he's not kidding. People in small towns are just like that.
I work in remote, undeveloped countries (doing IT, if you can believe it) and I can confidently say that your biggest problem is going to be power.
Do yourself a favour and:
"Iris Scans, like any technology, can be used for both good and evil. I know because I am starting a business using iris scans in a way that will actually increase privacy of users."
Good, then maybe you can answer a question for me: Will I lose access to work, my bank account and all my private papers when some kid who doesn't listen to his mother's advice puts my eye out with a snowball?
I know I'm being a little glib, but it's a serious question....
"Malware removal is about 30% of our billable hours."
*BOGGLE*
Dude, I am so in the wrong line of work. Here I am running systems so reliable my customers don't recognise me any more, when all along I should have been installing Windows and billing 30% more!
When you're done with the old Internet, can we have it?
Hugs,
The Developing World.
... All the best geeks write well?
It's because they do a lot of reading and almost as much writing. It's because precision matters to them, and they don't consider hand-waving in the general direction of a topic to be knowledge.
For my part, I definitely judge geeks by their ability to communicate. A spelling error on a CV is death, as far as I'm concerned.
That said, I also enjoy neologisms and word play. I don't believe in a tyrannical, académie française approach to language. But before you use 'freedom' as an excuse to mangle the language, though, consider that, generally speaking, people know the difference between flamboyance and laziness.
Lastly, as others have said, this terrible imprecision in written language is everywhere, even among writers. For some real horror stories, simply run a google search for 'poetry'. 8^)
"Quotes like "The lack of any concrete numbers at all shows the typical academic hand-wavy 'our asymptotic is good, we don't need to worry about reality' approach" certainly don't earn him much respect from academics in system programming research who work very hard, thankyou very much, to ensure that their results are realistic. He has turned a simple observation about the paper (they neglected certain overheads) into a bigoted rant (academics are foolish). Not cool."
I'd venture to suggest that he's tired of 'typical academic hand-waving', in which 'neglected overheads' get overlooked. Take this nugget, for example:
"The really big unfixable problem with error correction is that peers can't verify data with a secure hash before they pass it on to other peers. As a result, it's quite straightforward for a malicious peer to poison an entire swarm just by uploading a little bit of data. The Avalanche paper conveniently doesn't mention that problem."
The paper exposes a fundamental misunderstanding of the process it's attempting to explain, doesn't have the adequate means to test its assumptions - and still should be taken seriously by the one person who has the most experience with the kind of problem it purports to 'solve'?
No, I think it's a simple matter of Bram being right and refusing to suffer fools gladly. He does not generalise illiberally; he provides reasons for his disdain, and makes it clear it's based on experience, not assumption:
"I'd comment on academic papers more, but generally they're so bad that evaluating them does little more than go over epistemological problems with their methodology, and is honestly a waste of time."
So kindly quit with the ad hominem attacks. Bram's attitude may be dismissive. It's his right, and it does nothing to reduce the impact of his observations, which expose just how badly the researchers have misunderstood the issue.
Bram is one of the giants on whose shoulders we have the privilege to stand.
"The hell? Remediated isn't even a word!"
Yeah, but 'remedied' isn't on the buzzword bingo card.
"Will this be an effective means to bring the shining light of truth to the unwashed masses, or will the opposing party of darkness be able to subvert it to their own nefarious ends?"
... And the answer, as always, is yes to both. 8^)