I have to agree that *full* XML is inappropriate for DNS. Requiring an XML parser for all mail servers is undesirable (unless you're MS and have MSXML available as part of the platform).
On the other hand, some kind of structured format is needed for the more complicated cases, which are currently badly served by SPF's somewhat clunky macro language.
As someone who's written a complete XML parser I wouldn't wish such a thing on MTA authors. A reduced profile of XML with no declaration, DOCTYPE, entity references (argh - imagine external parameter entity references in a DNS record!) or CDATA sections would seem preferable. Even comments and character references are pointless for DNS.
> SPF doesn't block spam
SPF doesn't block spam, but it makes blocking spam feasible. Currently thanks to spoofing, zombies etc. it's not.
> Spammers can still create new domains on a hit-and-run basis
Of course. But we can now block the new domains, so it'll cost them $10 to send a message to servers using 'the New Email' or whatever Caller-ID+SPF will be called. This will drastically alter the economics of spam.
> It just blocks spam where the From: is not right.
Nope, it goes on the envelope sender (SMTP MAIL FROM), the machine sending the mail.
This will also help in cutting down the insane number of misdirected bounces.
> How will I be able to send mail using my own business' domain, as I do today, when it is going out via an ISP server?
Same as you do now. You can still use any From address you like; the bit that will be checked is that the ISP's server really does represent the ISP.
I'm amazed that no-one has yet posted an analysis of the final payload 'a.exe'.
This decompresses and drops 'ra32.exe', 'lanext.dll' and 'lanman.dll' into the Application Data\Microsoft folder, and sets ra32.exe to run on startup through a HKCU\Software\MS\Win\CV\Run registry entry.
These files act as a keylogger. When they sees one of a built-in list of online bank sites being used, it logs keypresses for a bit and uploads the result via FTP to a server controlled by the attacker.
Bizarrely, for me in Windows 2000, it also opens an alert box with the message 'timediff' every 60 seconds. Bug?
Start planting sites that root peoples MS boxes and there will be a huge outcry on CNN or something.
What do you mean, 'start'?
Web sites have been abusing IE holes to install malware for years. In the last few months it has become worse than usual, with exploits like SurferBar and Delude/QHosts becoming very widespread through known but widely (or completely) unpatched holes.
Typically these holes are not used maliciously, to harm the user - after all, where's the profit in that? - but instead as an in-road to installing adware, spyware and other parasites that attempt to generate revenue at the user's expense.
The lack of oversight (or concern) from content aggregators (ie. the major web advertising networks) is resulting in parasite loaders ending up even on mainstream web pages. In my view, this makes IE unsafe for use as a general purpose web browser.
No need to set up a proxy. The billing info is the only info eMusic looks at, and it is only important when signing up and at the end of the billing period.
Personally, I'm torn. I want to support eMusic (for their lack of DRM - this makes them the only usable major online vendor), and on average I probably download fewer than 40 tracks a month. But I usually download them in larger bunches, when I have time to try out new music.
If download credits don't carry over that puts the onus on me to manage my downloading manually, killing the ease of use that - in the absense of customer-hostile DRM - was one of eMusic's big selling points.
eMusic's previous business model is not sustainable when applied to a larger range of available music. And I am happy to pay for individual MP3 downloads. But I am not at happy to pay for access to a service *and* again for individual downloads.
I don't believe it's in the current distribution, but there's an awful lot of other unsolicited commercial software in it. Grokster and iMesh are competing for the 'most offensively spyware-laden app' prize.
> If I hunt down foo.com on the web, I'm not really worried that their IP has been spoofed, I just don't want my transaction to be sniffed.
A spoofed IP can also be used as a man-in-the-middle attack. You can't protect against one without protecting against the other.
The real issue is that currently to get a certificate you have to be able to prove not only that the domain in question belongs to you, but that you have to prove your own identity. The latter process is what adds the cost, and is essentially unnecessary for most sites - okay, so it's a good idea for a bank site to be able to prove it is the same entity as the high-street bank with the same, but it's hardly an issue for briansbuffyforums.org.
In an ideal world you should get a free certificate in the name of "Owner of mydomain.com" with every domain you register, and only have to pay the extra for formal identity checks if that's actually relevant to your business.
-- Andrew Clover mailto:and@doxdesk.com http://www.doxdesk .com/
"Everything" we might want in a downloadable music service? It's not even beginning to approach nearly being close.
The DRM in this system takes away all the flexibility and reliability we expect of digital music. Look at the insane amount of hoop-jumping darnellmc had to go through to get a usable track! This is not something I could recommend to anyone.
And it's not even anything new - the likes of PressPlay and listen.com have been doing the same for ages (PP even uses the same crappy broken Roxio software). So it doesn't count as a step in the right direction either.
For a music service that really *is* a step in the right direction, try emusic.com. It's far from perfect, but it does offer proper non-DRM-crippled files that you can use, in any way you like. (Or, for people whose machiens don't match the spec that Universal's service deigns to work with, it gives you files you can use at all...)
-- Andrew Clover mailto:and@doxdesk.com http://www.doxdesk .com/
The 'Avoid IE' bit in the BBC article is actually a quotation you know, it's not an endorsement from the Beeb.
It's a quotation from me, in fact.
I also went on to add that the 'Avoid IE' quote was a glib answer, and was accurate only in part due to IE's propensity for security holes. The other parts are, of course, the fact that IE's popularity causes malware writers to target it specifically, and finally - as you mention - the design decisions behind ActiveX.
Of course, technically difficult issues such as why ActiveX is flawed by design are unlikely to make it into a mass-media article, but I am glad they got the bit about not clicking 'Yes' in.
I've been increasingly worried about the DHTML feature creep of Mozilla, and the fact that it has its own automatic-install system (XPInstall). I can't say I expect using Mozilla to stay safe either. But still, it can't be much worse than IE.
Anyway. My site's already been hit by a denial-of-service attack by an adware author this month, let's see if Slashdot can help bring it down...:-S
-- Andrew Clover mailto:and@doxdesk.com http://www.doxdesk .com/
Well, not a virus, but I'd certainly call it a trojan. So did Trend and McAfee when they came across the 'dlder' spyware that crept into many P2P apps last year, since it wasn't mentioned in the licence agreement, and some of the apps' companies claimed to have been unaware of it.
In the end, they backed down. McAfee still detects it, but only if you ask it to look for 'other programs' as well as viruses/trojans. There are a few other parasites in this category. But mostly, it's a case of "if it isn't used by 'hackers', it's not a proper trojan".
I know this is OT but do you have any info on exactly what kind of security hole gator poses?
Like most spyware, it has a feature whereby it can update itself without confirmation or warning. This can be used by whoever owns the server the software connects to to run any arbitrary code on the machine in question.
This is the mechanism Brilliant will be using (it hasn't happened yet) to install their distributed computing network client on machines that previously only had their crappy "rich media" advertising software on.
Most spyware also does not have any kind of code-signing mechanism for downloaded updates, so any enterprising hacker who r00ts the spyware company's server, or persuades Verisign to hand over the DNS, or uses something like DNS poisoning, can install anything they like on the X-million boxen with that company's client on - great for DDOSing, eh?
(Brilliant's client does have checks so is not vulnerable this way. I have not investigated Gator enough to tell in that case.)
Oh, and also, if your boss is surfing an intranet with Gator, it may be leaking information in visited URLs you might not want the outside world to see.
I can't work out why some people get so attached to Gator. All modern browsers have form-filling features built-in, so the only advantage of having an application to do it is that the app can offer multiple accounts - something which you should be using Windows's built-in accounts for, especially in a corporate environment.
BTW, if you're using IE with scripting and ActiveX on, just visit this page for an instant spyware-check. It doesn't catch everything (you can't from a web page alone), but it's a good start.
Are you kidding? Even given the confidence and necessary user rights to install it, JRE 1.4 is a 12 meg download. That's not exactly attractive to the average modem user.
For all its problems, Java gives me a decent way to put cross-platform interactive stuff on my site and have it Just Work straight away for the majority of users. There's no obvious alternative if XP takes that away.
Indeed - so you go for visually simple games where you don't need to fit a lot of information on-screen at once. It's a limitation (as is the keypad; text adventures aren't going to be fun with SMS-style typing), but it doesn't mean you can't do games at all. Certainly it's a lot less limited than Game-and-Watch's fixed graphics.
With cell phones ever shrinking, into the size of ballpoint pens, why not just make a better Game Boy and have it do phone?
I very much hope that the screens won't shrink with the phone. Certainly there are devices coming this summer which forego the keypad in favour of a bigger, touch-sensitive screen. They'll be expensive to start with but I believe that's the way forward.
Not that I'm likely to get one. I don't want people to be able to interrupt me with phone calls!
Oh, and could the Slashbots stop with the weak traffic accident gags now please? Thanks then.
If Netscape released a MUCH faster and MUCH more stable version of Netscape 4.76, I'd love it.
But web authors wouldn't. The only reason Netscape 4 is usable for you at all is that authors have spent a lot of time painstakingly working around the bugs and inconsistencies 4.x brings.
Please let it die now.
Was Navigator-only.
Damn right. I can't see what a web browser and a newsreader have in common that dictates they should live in the same app. Smells like more marchitecture.
I find this approach only works if your web browsing tasks are separate from your other desktop tasks, especially if you're just randomly browsing around for entertainment. This isn't the case for me - web pages can be part of work.
I'm much more likely to have one browser on one desktop with some APIs in I need to view whilst working in a text editor window, a couple more browsers up on time-wasting sites (like/. of course...) and likely another one I tucked away on some other subject I'll get around to later. This, my usual manner of working, just isn't convenient in MDI. To me the only real advantage of MDI is being able to combine two documents into one 'work area' for a task you're working on - something I don't find applies on the web.
True, the crowded taskbar under Windows 9x/NT is a problem when you have lots of windows open, but I take that more as a design flaw of the taskbar than of SDI. It looks like MS are addressing this one in Whistler.
The question is, is 'experimental' any better than the minimal getElement and positioning-style support that was in 4.x? I've just had a brief play and it doesn't seem to be.:-(
DOM Core is badly needed for forms in particular, given HTML's relatively weak featureset.
the ability to run it outside the MDI interface on all platforms
Damn right! I personally find MDI unsuitable for anything at all, but it's uniquely horrible for web browsing. Running two Operas simultaneously doesn't seem to work, either.
Opera were shooting themselves in the foot by not making a free version; webmasters need a copy to test their pages on, if not even more pages will be Opera-unfriendly and no-one will want to use Opera. Hopefully this will help.
I've been waiting for Opera to support DOM Core for ages, but their web page doesn't say whether they've done it. It could be they haven't changed much and this is just version 4.02 viewed through the wonder of version number bloat, I guess...
Oh my, you must be right - let's see, a String, List, and other structured data are all... OBJECTS!
I don't they naturally are, though, any more than an integer or a boolean is. They're values, and passing them around shouldn't require you to write glue classes; it just makes programs longer and more difficult to read.
Java is perhaps to be applauded for avoiding many of the problems other languages have differentiating a value and an object by having very few things that are values, but it makes programming slower. And String is still a bit confusing in that it's an object you can write as a literal, and isn't mutable.
Is really difficult. And creating a new file - my what a hardship.
Well, for every possible tuple I might want, yes. Do I really want a directory full of Custard$ResultFromABCMethod.class, Custard$ResultFromXYZMethod.class, Custard$ResultFromABCButWithAnExtraBoolean.class? I'm more likely to kludge it, I think, using private member fields as result passing. Or your casting solution which I guess would work quite well if I could escape my casting phobia.:-)
There's no way to implement the interface in your main object at all. Can't be.
I wanted two timers to call back my class at different intervals. Obviously they'd both call the same method, so I wouldn't be able to tell between them without writing extra glue classes. It's also true when you want to call a single method in another class (where you can't change that to be the relevant Listener).
Next question: Why would you ever want to ignore an exception?
Well, the first few exceptions I stumbled across were MalformedURLException and InterruptedException. I know the URL isn't malformed because I made it myself; if this happens, I'd like the exception to bubble up to the interpreter and cause it to quit. InterruptedException should do the same. Why do I need to trouble myself writing code to handle these?
make it extend RuntimeException - RuntimeExceptions don't need to be caught.
You're right; I ended up surrounding all my exceptable method calls with a try {... } catch (SomeException e) { throw new RuntimeException("There was a SomeException"); }; this troubled me for readability reasons and because it was a hack I'd not seen documented anywhere as normal idiom. Put another way, why aren't most exceptions RuntimeExceptions? They all happen at run-time, don't they?
You can call any method in any object in java through the reflecion api.
OK, I'll admit I'm relatively new to Java, and I haven't fully investigated reflection. I did see the FAQ, but that told me it was meant for debuggers and I probably shouldn't use it. If it's a commonly-accepted Java idiom, I'll have another look.
And what of javas other powers, Its multithreading is some of the easiest you can ever use, It has a uniform database access API that you can actually use accross multiple databases without changing any code. Its network code is clean, easy to use and very solid.
I'm ranting after an extremely frustrating day's Java (and to be fair much of the frustration was caused by the class libraries and Sun and MS's implementations rather than the language itself).
I honestly do like a lot about how Java works - I'm not using it because I have to - but some seemingly trivial things end up covered with unsightly kludgematter, making the code harder to read. The tutorials and docs give little advice along the lines of "this is how you'd normally do thing X from other languages that's a bit tricky in Java", unfortunately.
Java's not unique in having threading, standard dbi, networking and compiled bytecode, either...
Yes you have the option of not checking them. Just declare the exception on the throws clause of the method again.
Yeah, but then you have to document that at *every* stage in between, which entails impractical amounts of program-changing every time you change any method. Unless "throws Exception" is an acceptable hack, I guess.:-)
And if the method is called by, say, an event, you can't add throws to the definition; even if the throw and the catch are in your class, having another object in the call stack in between them stops you from doing it.
This all stems from Java considering throwable-exceptions part of the interface definition, something I'm struggling to see the advantage of. It's like including a return code in every function - which, true, is useful if you can't explicitly return a tuple of object and return code, but it's not really what I understand by 'exceptions' from other languages.
I think there is a connection, though kalifa didn't state it: functional programming. ML-based languages are functional, and Python has some very useful functional-ish constructs, especially in 2.0.
Both make it natural to pass around strings, lists, other structured data, and function references around, but in Java you're limited to simple types and objects.
Want a method to call you back to do some calculation? In Java, you can't tell it your own method or lambda function, you have to make a new object which implements the interface the external method expects to be able to call. Major PITA. Want an (int, string, boolean) tuple? Have fun creating a whole new class to describe it, or surrounding a Vector with ugly (Cast)s.
(unrelated rant) And is it just me, or are Java exceptions completely useless? I thought the whole idea of exceptions was to bubble error conditions up to the nearest level of execution that knows how to handle them, but Java requires you to include what possible exceptions can be thrown in the method interface, so it's impractical to not handle exceptions as soon as they occur. It's no better than checking the return code from a function call in C. Actually it's worse since you don't even have the option of *not* checking it; if you don't catch (...), it won't compile, even for exceptions that will never ever happen.
Slashdot Mirror
> XML is hardly appropriate for a DNS function.
I have to agree that *full* XML is inappropriate for DNS. Requiring an XML parser for all mail servers is undesirable (unless you're MS and have MSXML available as part of the platform).
On the other hand, some kind of structured format is needed for the more complicated cases, which are currently badly served by SPF's somewhat clunky macro language.
As someone who's written a complete XML parser I wouldn't wish such a thing on MTA authors. A reduced profile of XML with no declaration, DOCTYPE, entity references (argh - imagine external parameter entity references in a DNS record!) or CDATA sections would seem preferable. Even comments and character references are pointless for DNS.
> SPF doesn't block spam
SPF doesn't block spam, but it makes blocking spam feasible. Currently thanks to spoofing, zombies etc. it's not.
> Spammers can still create new domains on a hit-and-run basis
Of course. But we can now block the new domains, so it'll cost them $10 to send a message to servers using 'the New Email' or whatever Caller-ID+SPF will be called. This will drastically alter the economics of spam.
> It just blocks spam where the From: is not right.
Nope, it goes on the envelope sender (SMTP MAIL FROM), the machine sending the mail.
This will also help in cutting down the insane number of misdirected bounces.
> How will I be able to send mail using my own business' domain, as I do today, when it is going out via an ISP server?
Same as you do now. You can still use any From address you like; the bit that will be checked is that the ISP's server really does represent the ISP.
Unfortunately, Thunderbird's blocking feature only hits img-tags, leaving eg. table backgrounds, CSS styles, iframes etc. untouched.
I like the 'bird a lot but this *really* has to be fixed for 1.0.
I'm amazed that no-one has yet posted an analysis of the final payload 'a.exe'.
This decompresses and drops 'ra32.exe', 'lanext.dll' and 'lanman.dll' into the Application Data\Microsoft folder, and sets ra32.exe to run on startup through a HKCU\Software\MS\Win\CV\Run registry entry.
These files act as a keylogger. When they sees one of a built-in list of online bank sites being used, it logs keypresses for a bit and uploads the result via FTP to a server controlled by the attacker.
Bizarrely, for me in Windows 2000, it also opens an alert box with the message 'timediff' every 60 seconds. Bug?
What do you mean, 'start'?
Web sites have been abusing IE holes to install malware for years. In the last few months it has become worse than usual, with exploits like SurferBar and Delude/QHosts becoming very widespread through known but widely (or completely) unpatched holes.
Typically these holes are not used maliciously, to harm the user - after all, where's the profit in that? - but instead as an in-road to installing adware, spyware and other parasites that attempt to generate revenue at the user's expense.
The lack of oversight (or concern) from content aggregators (ie. the major web advertising networks) is resulting in parasite loaders ending up even on mainstream web pages. In my view, this makes IE unsafe for use as a general purpose web browser.
No need to set up a proxy. The billing info is the only info eMusic looks at, and it is only important when signing up and at the end of the billing period.
Personally, I'm torn. I want to support eMusic (for their lack of DRM - this makes them the only usable major online vendor), and on average I probably download fewer than 40 tracks a month. But I usually download them in larger bunches, when I have time to try out new music.
If download credits don't carry over that puts the onus on me to manage my downloading manually, killing the ease of use that - in the absense of customer-hostile DRM - was one of eMusic's big selling points.
eMusic's previous business model is not sustainable when applied to a larger range of available music. And I am happy to pay for individual MP3 downloads. But I am not at happy to pay for access to a service *and* again for individual downloads.
Actually, Sqwire *is* Xupiter. It's just another name for another variant of the same code run by the same people.
k .com/
They like to do this to keep the anti-spyware community on their toes. It's all good fun!!
Oh, except if you're a computer user. In that case it's a bit shitty really. Ah well.
--
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdes
> Anyone know which P2P one it is?
Grokster.
I don't believe it's in the current distribution, but there's an awful lot of other unsolicited commercial software in it. Grokster and iMesh are competing for the 'most offensively spyware-laden app' prize.
> If I hunt down foo.com on the web, I'm not really worried that their IP has been spoofed, I just don't want my transaction to be sniffed.
k .com/
A spoofed IP can also be used as a man-in-the-middle attack. You can't protect against one without protecting against the other.
The real issue is that currently to get a certificate you have to be able to prove not only that the domain in question belongs to you, but that you have to prove your own identity. The latter process is what adds the cost, and is essentially unnecessary for most sites - okay, so it's a good idea for a bank site to be able to prove it is the same entity as the high-street bank with the same, but it's hardly an issue for briansbuffyforums.org.
In an ideal world you should get a free certificate in the name of "Owner of mydomain.com" with every domain you register, and only have to pay the extra for formal identity checks if that's actually relevant to your business.
--
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdes
"Everything" we might want in a downloadable music service? It's not even beginning to approach nearly being close.
k .com/
The DRM in this system takes away all the flexibility and reliability we expect of digital music. Look at the insane amount of hoop-jumping darnellmc had to go through to get a usable track! This is not something I could recommend to anyone.
And it's not even anything new - the likes of PressPlay and listen.com have been doing the same for ages (PP even uses the same crappy broken Roxio software). So it doesn't count as a step in the right direction either.
For a music service that really *is* a step in the right direction, try emusic.com. It's far from perfect, but it does offer proper non-DRM-crippled files that you can use, in any way you like. (Or, for people whose machiens don't match the spec that Universal's service deigns to work with, it gives you files you can use at all...)
--
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdes
The 'Avoid IE' bit in the BBC article is actually a quotation you know, it's not an endorsement from the Beeb.
:-S
k .com/
It's a quotation from me, in fact.
I also went on to add that the 'Avoid IE' quote was a glib answer, and was accurate only in part due to IE's propensity for security holes. The other parts are, of course, the fact that IE's popularity causes malware writers to target it specifically, and finally - as you mention - the design decisions behind ActiveX.
Of course, technically difficult issues such as why ActiveX is flawed by design are unlikely to make it into a mass-media article, but I am glad they got the bit about not clicking 'Yes' in.
I've been increasingly worried about the DHTML feature creep of Mozilla, and the fact that it has its own automatic-install system (XPInstall). I can't say I expect using Mozilla to stay safe either. But still, it can't be much worse than IE.
Anyway. My site's already been hit by a denial-of-service attack by an adware author this month, let's see if Slashdot can help bring it down...
--
Andrew Clover
mailto:and@doxdesk.com
http://www.doxdes
Well, not a virus, but I'd certainly call it a trojan. So did Trend and McAfee when they came across the 'dlder' spyware that crept into many P2P apps last year, since it wasn't mentioned in the licence agreement, and some of the apps' companies claimed to have been unaware of it.
In the end, they backed down. McAfee still detects it, but only if you ask it to look for 'other programs' as well as viruses/trojans. There are a few other parasites in this category. But mostly, it's a case of "if it isn't used by 'hackers', it's not a proper trojan".
Luckily, there are others working on anti-spyware software. Ad-Aware and Spybot S&D are the most popular. more info + online check...
Like most spyware, it has a feature whereby it can update itself without confirmation or warning. This can be used by whoever owns the server the software connects to to run any arbitrary code on the machine in question.
This is the mechanism Brilliant will be using (it hasn't happened yet) to install their distributed computing network client on machines that previously only had their crappy "rich media" advertising software on.
Most spyware also does not have any kind of code-signing mechanism for downloaded updates, so any enterprising hacker who r00ts the spyware company's server, or persuades Verisign to hand over the DNS, or uses something like DNS poisoning, can install anything they like on the X-million boxen with that company's client on - great for DDOSing, eh?
(Brilliant's client does have checks so is not vulnerable this way. I have not investigated Gator enough to tell in that case.)
Oh, and also, if your boss is surfing an intranet with Gator, it may be leaking information in visited URLs you might not want the outside world to see.
I can't work out why some people get so attached to Gator. All modern browsers have form-filling features built-in, so the only advantage of having an application to do it is that the app can offer multiple accounts - something which you should be using Windows's built-in accounts for, especially in a corporate environment.
BTW, if you're using IE with scripting and ActiveX on, just visit this page for an instant spyware-check. It doesn't catch everything (you can't from a web page alone), but it's a good start.
Don't be sorry. Putting an apostrophe in a third-person verb is a particularly dismal error, and deserves to be mocked without mercy.
PS. help for idiots.
...would be nice if they had finished writing it before taking the Java away, then, really. :-)
--
This comment was brought to you by And Clover.
Are you kidding? Even given the confidence and necessary user rights to install it, JRE 1.4 is a 12 meg download. That's not exactly attractive to the average modem user.
For all its problems, Java gives me a decent way to put cross-platform interactive stuff on my site and have it Just Work straight away for the majority of users. There's no obvious alternative if XP takes that away.
--
This comment was brought to you by And Clover.
Indeed - so you go for visually simple games where you don't need to fit a lot of information on-screen at once. It's a limitation (as is the keypad; text adventures aren't going to be fun with SMS-style typing), but it doesn't mean you can't do games at all. Certainly it's a lot less limited than Game-and-Watch's fixed graphics.
I very much hope that the screens won't shrink with the phone. Certainly there are devices coming this summer which forego the keypad in favour of a bigger, touch-sensitive screen. They'll be expensive to start with but I believe that's the way forward.
Not that I'm likely to get one. I don't want people to be able to interrupt me with phone calls!
Oh, and could the Slashbots stop with the weak traffic accident gags now please? Thanks then.
--
This comment was brought to you by And Clover.
But web authors wouldn't. The only reason Netscape 4 is usable for you at all is that authors have spent a lot of time painstakingly working around the bugs and inconsistencies 4.x brings.
Please let it die now.
Damn right. I can't see what a web browser and a newsreader have in common that dictates they should live in the same app. Smells like more marchitecture.
--
This comment was brought to you by And Clover.
I find this approach only works if your web browsing tasks are separate from your other desktop tasks, especially if you're just randomly browsing around for entertainment. This isn't the case for me - web pages can be part of work.
I'm much more likely to have one browser on one desktop with some APIs in I need to view whilst working in a text editor window, a couple more browsers up on time-wasting sites (like /. of course...) and likely another one I tucked away on some other subject I'll get around to later. This, my usual manner of working, just isn't convenient in MDI. To me the only real advantage of MDI is being able to combine two documents into one 'work area' for a task you're working on - something I don't find applies on the web.
True, the crowded taskbar under Windows 9x/NT is a problem when you have lots of windows open, but I take that more as a design flaw of the taskbar than of SDI. It looks like MS are addressing this one in Whistler.
--
This comment was brought to you by And Clover.
The question is, is 'experimental' any better than the minimal getElement and positioning-style support that was in 4.x? I've just had a brief play and it doesn't seem to be. :-(
DOM Core is badly needed for forms in particular, given HTML's relatively weak featureset.
--
This comment was brought to you by And Clover.
Damn right! I personally find MDI unsuitable for anything at all, but it's uniquely horrible for web browsing. Running two Operas simultaneously doesn't seem to work, either.
--
This comment was brought to you by And Clover.
Opera were shooting themselves in the foot by not making a free version; webmasters need a copy to test their pages on, if not even more pages will be Opera-unfriendly and no-one will want to use Opera. Hopefully this will help.
I've been waiting for Opera to support DOM Core for ages, but their web page doesn't say whether they've done it. It could be they haven't changed much and this is just version 4.02 viewed through the wonder of version number bloat, I guess...
--
This comment was brought to you by And Clover.
I don't they naturally are, though, any more than an integer or a boolean is. They're values, and passing them around shouldn't require you to write glue classes; it just makes programs longer and more difficult to read.
Java is perhaps to be applauded for avoiding many of the problems other languages have differentiating a value and an object by having very few things that are values, but it makes programming slower. And String is still a bit confusing in that it's an object you can write as a literal, and isn't mutable.
Well, for every possible tuple I might want, yes. Do I really want a directory full of Custard$ResultFromABCMethod.class, Custard$ResultFromXYZMethod.class, Custard$ResultFromABCButWithAnExtraBoolean.class? I'm more likely to kludge it, I think, using private member fields as result passing. Or your casting solution which I guess would work quite well if I could escape my casting phobia. :-)
I wanted two timers to call back my class at different intervals. Obviously they'd both call the same method, so I wouldn't be able to tell between them without writing extra glue classes. It's also true when you want to call a single method in another class (where you can't change that to be the relevant Listener).
Well, the first few exceptions I stumbled across were MalformedURLException and InterruptedException. I know the URL isn't malformed because I made it myself; if this happens, I'd like the exception to bubble up to the interpreter and cause it to quit. InterruptedException should do the same. Why do I need to trouble myself writing code to handle these?
You're right; I ended up surrounding all my exceptable method calls with a try { ... } catch (SomeException e) { throw new RuntimeException("There was a SomeException"); }; this troubled me for readability reasons and because it was a hack I'd not seen documented anywhere as normal idiom. Put another way, why aren't most exceptions RuntimeExceptions? They all happen at run-time, don't they?
--
This comment was brought to you by And Clover.
OK, I'll admit I'm relatively new to Java, and I haven't fully investigated reflection. I did see the FAQ, but that told me it was meant for debuggers and I probably shouldn't use it. If it's a commonly-accepted Java idiom, I'll have another look.
I'm ranting after an extremely frustrating day's Java (and to be fair much of the frustration was caused by the class libraries and Sun and MS's implementations rather than the language itself).
I honestly do like a lot about how Java works - I'm not using it because I have to - but some seemingly trivial things end up covered with unsightly kludgematter, making the code harder to read. The tutorials and docs give little advice along the lines of "this is how you'd normally do thing X from other languages that's a bit tricky in Java", unfortunately.
Java's not unique in having threading, standard dbi, networking and compiled bytecode, either...
--
This comment was brought to you by And Clover.
Yeah, but then you have to document that at *every* stage in between, which entails impractical amounts of program-changing every time you change any method. Unless "throws Exception" is an acceptable hack, I guess. :-)
And if the method is called by, say, an event, you can't add throws to the definition; even if the throw and the catch are in your class, having another object in the call stack in between them stops you from doing it.
This all stems from Java considering throwable-exceptions part of the interface definition, something I'm struggling to see the advantage of. It's like including a return code in every function - which, true, is useful if you can't explicitly return a tuple of object and return code, but it's not really what I understand by 'exceptions' from other languages.
--
This comment was brought to you by And Clover.
I think there is a connection, though kalifa didn't state it: functional programming. ML-based languages are functional, and Python has some very useful functional-ish constructs, especially in 2.0.
Both make it natural to pass around strings, lists, other structured data, and function references around, but in Java you're limited to simple types and objects.
Want a method to call you back to do some calculation? In Java, you can't tell it your own method or lambda function, you have to make a new object which implements the interface the external method expects to be able to call. Major PITA. Want an (int, string, boolean) tuple? Have fun creating a whole new class to describe it, or surrounding a Vector with ugly (Cast)s.
(unrelated rant) And is it just me, or are Java exceptions completely useless? I thought the whole idea of exceptions was to bubble error conditions up to the nearest level of execution that knows how to handle them, but Java requires you to include what possible exceptions can be thrown in the method interface, so it's impractical to not handle exceptions as soon as they occur. It's no better than checking the return code from a function call in C. Actually it's worse since you don't even have the option of *not* checking it; if you don't catch (...), it won't compile, even for exceptions that will never ever happen.
--
This comment was brought to you by And Clover.