Well, to be fair, whoever said 'All data is lost' to the press should have been dragged out back and shot.
Just read the 10/10/2009 12:35 PM PDT official update from T-Mobile and Microsoft:
"Dear valued T-Mobile Sidekick customers:
[...] Regrettably, based on Microsoft/Danger’s latest recovery assessment of their systems, we must now inform you that personal information stored on your device – such as contacts, calendar entries, to-do lists or photos – that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger."
The entire update is reproduced here ( the official site with the original text was replaced with a more recent update ).
whatever the reason the mozilla guys had, the SSL messages of Firefox 3 are the worst example of UI behaviour in the history of user interfaces.
Why? because if ( the system ) wants to notify a nearly-fatal "error" just say that:
"there is a grave issue here: blah blah blah...." and don't let the user continue
but here we just have a "self signed certified" situation. What is the no-brainer and correct ( UI science ) solution?:
say the truth, in simple words let the user choose what to do and provide a link to get more info if he want it
Example:
i) user tries to enter a self-certified site
ii) firefox popups a message:
"This site is attempting to use a self signed certificate to provide encryption and authentication. Please read carefully the following alternatives and choose one:
[ ] See more info about self-signed certification
[ ] Cancel navegation to "https://blah.blah.com"
[ ] Continue to "https://blah.blah.com"
[ ] Continue to "https://blah.blah.com" and don't show this message again ( Firefox will remember blah.blah.com certificate )
And voila,, ready! The user is informed about the situation and he can decide what to do or get more info if he wants it. But if he wants to continue browsing his "dangerous" site without annoying freaking UI artifacts LET THEM DO IT!!!
Who put in Firefox team minds that they must be the SSL superheroes that should keep we ( stupid and ignorant ) users away of the SSL bad guys in the wild wild internet?
"What I currently see as best option is to actually comment out
those 2 lines of code. But I have no idea what effect this
really has on the RNG. The only effect I see is that the pool
might receive less entropy. But on the other hand, I'm not even
sure how much entropy some unitialised data has.
What do you people think about removing those 2 lines of code?
Kurt
"
BTW, i thought that Debian had some kind of policies about testing each package before committing changes in testing/stable branches.
Also, the following paper, contributed by another poster, says interesting things about touching cryptographic code, we have to learn from this experience and have tighter policies !
"
In a narrow sense, the security flaw we found in the Netscape browser serves merely as an anecdote to emphasize the difficulty of generating cryptographically strong random numbers. But there's a broader moral to the story. The security community has painfully learned that small bugs in a security-critical module of a software system can have serious consequences, and that such errors are easy to commit. The only way to catch these mistakes is to expose the source code to scrutiny by security experts.
Peer review is essential to the development of any secure software. Netscape did not encourage outside auditing or peer review of its software-and that goes against everything the security industry has learned from past mistakes. By extension, without peer review and intense outside scrutiny of Netscape's software at the source-code level, there is simply no way consumers can know where there will be future security problems with Netscape's products.
"
This is one of the changes freneticallyaccepted in BRM, regarding treatments of dates in OOXML. See the salad of colors trying to explain the modifications. And this is a fix ( BRM ) of a fix ( one of ECMA 1027 proposed fixes ) of a NB comment of a draft text ( original ECMA submission ).
And this document contradicts this another BRM document:
http://www.itscj.ipsj.or.jp/sc34/open/0989.pdf
because the first says that the.DOC file replaces ECMA responses 18 and 43 but the "Response_DE-0028_dates_v9.doc" document says that it replaces ECMA responses 18, 43, 76 and 690 !
ECMA and Microsoft have not provided a final text with all this changes applied. In the BRM they frenetically changed Scope, Conformance , Schemas , and lot of normative text. Microsoft is now rushing to get a final text in less than one month, to comply with ISO normative.
This is how ISO delivers IT international standards, mandating fundamental changes to drafts, leaving national bodies with the only alternative to cast a political vote leaving aside the technical content of the specification.
Congratulations to the countries that had *balls* and didn't agree with this way of deliver standards to people:
Netherlands ( abstained but only Microsoft opposed the disapproval )
France ( abstained due to heavy Microsoft pressure )
Malaysia ( abstained due to heavy Microsoft pressure )
Australia ( abstained due to heavy Microsoft pressure, government opposed OOXML )
Kenya ( abstained )
And congratulations Microsoft, your friendly little countries supposedly experts in XML document description languages;-) ( now ISO P-members ), who joined ISO JTC1 just to cast an unconditional-yes-votes payed off:
This was just sent to ISO from the chairman of the Norwegian standards
committee responsible for evaluating OOXML:
Formal protest regarding the Norwegian vote on ISO/IEC DIS 29500
I am writing to you in my capacity as Chairman (of 13 years standing)
of the Norwegian mirror committee to ISO/IEC JTC 1/SC 34. I wish to
inform you of serious irregularities in connection with the Norwegian
vote on ISO/IEC DIS 29500 (Office Open XML) and to lodge a formal
protest.
You will have been notified that Norway voted to approve OOXML in this
ballot. This decision does not reflect the view of the vast majority
of the Norwegian committee, 80% of which was against changing Norway's
vote from No with comments to Yes.
Because of this irregularity, a call has been made for an
investigation by the Norwegian Ministry of Trade and Industry with a
view to changing the vote.
I hereby request that the Norwegian decision be suspended pending the
results of this investigation.
This is one of the changes frenetically accepted in BRM, regarding treatments of dates in OOXML. See the salad of colors trying to explain the modifications. And this is a fix ( BRM ) of a fix ( one of ECMA 1027 proposed fixes ) of a NB comment of a draft text ( original ECMA submission ).
ECMA and Microsoft have not provided a decent final text with all this changes applied. In the BRM they frenetically changed Scope, Conformance , Schemas , and lot of normative text. Microsoft is now rushing to get a final text in less than one month, to comply with ISO normative.
This is how ISO delivers IT international standards, mandating fundamental changes to drafts, leaving national bodies with the only alternative to cast a political vote leaving aside the technical content of the specification.
Congratulations to the countries that have balls and didn't agree with this way of deliver standards to people:
Netherlands ( abstained but only Microsoft opposed the disapproval )
France ( abstained due to heavy Microsoft pressure )
Malaysia ( abstained due to heavy Microsoft pressure )
Australia ( abstained due to heavy Microsoft pressure )
Kenya ( abstained )
And congratulations Microsoft, your friendly little countries supposedly experts in XML document description languages;-) ( now ISO P-members ), who joined ISO JTC1 just to cast an "uncoditional yes vote" have payed off:
Irregularities and political decisions in ISO DIS 29500 March 2008 votes:
Germany
In a steering committee of 20 people a vote was taken to answer this question:
"did the process run according to the rules and without irregularities?"
The technical committee didn't agree to change the disapproval vote but it was "decided" to vote yes anyway.
The committee S-142/U-34 under Danish Standards could not agree to change their vote from No to Yes.
A couple of hours later:
http://www.version2.dk/artikel/6718 says that the announcement from Danish Standards will not be made until Friday and that the Chair of the committee has been barred from speaking about the result of yesterday's meeting.
After some Microsoft political intervention to revert this ( the Prime Minister of Denmark is a Microsoft friend ), we have this:
http://www.en.ds.dk/4227
Another political decision, influenced by Microsoft lobbyists.
Malaysia
The Minister of Science, Technology and Innovation decided on Malaysia's final position on OOXML ("abstain" ), overturning the 81% "Disapprove" position by ISC-G and TC4.
On March 20, 2008, Technical Committee (KT 182) of PKN was supposed to either accept the recommendation (which was to vote YES for the proposed standard) or not accept it, and thus recommend PKN to vote NO or abstain from voting. Of 45 members, 24 appeared on the meeting. And the votes looked like this:
12 votes supporting the reccomendation,
10 votes rejecting it,
2 abstaining to vote.
No consensus has been achieved concerning the recommendation. Thus, the chairman of KT 182, Elzbieta Andrukiewicz, decided to allow the missing members to vote by e-mail during the next 10 days (till the end of March).
The email vote was taken, counting a "no mail sended" as an "approval" !!!
Clearly, there was no technical consensus in Poland, but the chairman forced the rules to favour an approval.
Out of 35 members of TO Z1, 17 sent a vote, and there were three votes for, and fourteen against fast-tracking OOXML, which is relative rejection rate of 82%. Members who voted were individual experts, IBM, CLUG and HrOpen. However, since there were less than 51% of votes, the voting process was declared invalid, and the previous vote holds ( "approve" ) !
"Standards Process Abuse: Microsoft decided, rather than working to produce a harmonized standard by enhancing ODF to add MS-Office-specific features, to re-invent the world from scratch. This seems wrong.
ECMA, which claims to be a serious standards organization, blessed the process of generating a XML dump of the internal data format and publishing it in six thousand poorly-edited pages, in well under a year. This seems wrong.
ISO allowed ECMA to submit this on their fast-track process with breathtaking obliviousness to the existence of other standards and lack of concern for harmonization. This seems wrong.
ISO allowed the draft to be substantially edited and enhanced after the initial ballot. This seems wrong.
It tried to repair the damage by stuffing 120 people in a room in Geneva for five days to address a thousand changes to the spec. This seems wrong."
If this is supposed to be a standard, supposedly in the hands of a standards body, then why would it need Microsoft's permission to change the things that are broken in it. The standards body should change the spec to fix some of the worst deficiencies highlighted by the comments
It seems that you forget that this fast-track is taking place in
Wonderland
file "v1 comments.zip" with 77 pages of comments ( 60 of them technical, general and editorial problems throughout OOXML ) partially reviewed by the USA panel ( most of them MS partners sended by MS, so don't expect a "deep" review there ) [note: this is an email attachment, open it with Thunderbird ]
IMHO this fundamental UI changes in Office have more to do with stop-the-office-software-commoditization reasons that graphical-user-interface-design ones
so, what the final user likes or not will have minor impact in MS ( strategical ) product decisions
Slashdot Mirror
Well, to be fair, whoever said 'All data is lost' to the press should have been dragged out back and shot.
Just read the 10/10/2009 12:35 PM PDT official update from T-Mobile and Microsoft:
"Dear valued T-Mobile Sidekick customers:
[...] Regrettably, based on Microsoft/Danger’s latest recovery assessment of their systems, we must now inform you that personal information stored on your device – such as contacts, calendar entries, to-do lists or photos – that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger."
The entire update is reproduced here ( the official site with the original text was replaced with a more recent update ).
Mmmm. the PDF linked in TFA was created with "Apple Keynote 4.0.3"
Does it run on KDE ;-)
The metadata of gazelle.pdf ( full research paper ) reads:
Creator: TeX output 2009.02.19:1213
Producer: dvipdfm 0.13.2d
Ups... what happened with Office 2007 boys? ask for your free copy!
--omz
"What is the fastest booting operating system out there that is still sufficient for editing text?"
certainly: Puppy Linux.
7 seconds and you are ready
WTF is Internet Explorer? It is like Firefox? does it run on Linux ( Eee PC 4G Surf)? Thank you very much
Get it here
Why can't users get security right (revisited) [...]
Security people are wierdos
Why? because if ( the system ) wants to notify a nearly-fatal "error" just say that:
"there is a grave issue here: blah blah blah...." and don't let the user continue
but here we just have a "self signed certified" situation. What is the no-brainer and correct ( UI science ) solution?:
say the truth, in simple words let the user choose what to do and provide a link to get more info if he want it
Example:
"This site is attempting to use a self signed certificate to provide encryption and authentication. Please read carefully the following alternatives and choose one:
[ ] See more info about self-signed certification
[ ] Cancel navegation to "https://blah.blah.com"
[ ] Continue to "https://blah.blah.com"
[ ] Continue to "https://blah.blah.com" and don't show this message again ( Firefox will remember blah.blah.com certificate )
And voila,, ready! The user is informed about the situation and he can decide what to do or get more info if he wants it. But if he wants to continue browsing his "dangerous" site without annoying freaking UI artifacts LET THEM DO IT!!!
Who put in Firefox team minds that they must be the SSL superheroes that should keep we ( stupid and ignorant ) users away of the SSL bad guys in the wild wild internet?
I boot Puppy linux in less than 10 seconds, faster than splashtop. No rocket science here :-) Go Puppy!
Found this post at openssl-dev list by Kurt Roeckx ( AFAIK the Debian OpenSSL Team member that made this RNG-clean patch )
http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html
Extract:
"What I currently see as best option is to actually comment out those 2 lines of code. But I have no idea what effect this really has on the RNG. The only effect I see is that the pool might receive less entropy. But on the other hand, I'm not even sure how much entropy some unitialised data has.
What do you people think about removing those 2 lines of code?
Kurt
"
BTW, i thought that Debian had some kind of policies about testing each package before committing changes in testing/stable branches. Also, the following paper, contributed by another poster, says interesting things about touching cryptographic code, we have to learn from this experience and have tighter policies !
" In a narrow sense, the security flaw we found in the Netscape browser serves merely as an anecdote to emphasize the difficulty of generating cryptographically strong random numbers. But there's a broader moral to the story. The security community has painfully learned that small bugs in a security-critical module of a software system can have serious consequences, and that such errors are easy to commit. The only way to catch these mistakes is to expose the source code to scrutiny by security experts.
Peer review is essential to the development of any secure software. Netscape did not encourage outside auditing or peer review of its software-and that goes against everything the security industry has learned from past mistakes. By extension, without peer review and intense outside scrutiny of Netscape's software at the source-code level, there is simply no way consumers can know where there will be future security problems with Netscape's products. "
http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html"
If you want to see how bad was this process handled, see one of its awfuls deliverables.
Open the document "Response_DE-0028_dates_v9.doc" in this zip
http://www.itscj.ipsj.or.jp/sc34/open/0989_reference_docs.zip
This is one of the changes frenetically accepted in BRM, regarding treatments of dates in OOXML. See the salad of colors trying to explain the modifications. And this is a fix ( BRM ) of a fix ( one of ECMA 1027 proposed fixes ) of a NB comment of a draft text ( original ECMA submission ).
And this document contradicts this another BRM document: http://www.itscj.ipsj.or.jp/sc34/open/0989.pdf because the first says that the .DOC file replaces ECMA responses 18 and 43 but the "Response_DE-0028_dates_v9.doc" document says that it replaces ECMA responses 18, 43, 76 and 690 !
ECMA and Microsoft have not provided a final text with all this changes applied. In the BRM they frenetically changed Scope, Conformance , Schemas , and lot of normative text. Microsoft is now rushing to get a final text in less than one month, to comply with ISO normative.
This is how ISO delivers IT international standards, mandating fundamental changes to drafts, leaving national bodies with the only alternative to cast a political vote leaving aside the technical content of the specification.
Congratulations to the countries that had *balls* and didn't agree with this way of deliver standards to people:
And congratulations Microsoft, your friendly little countries supposedly experts in XML document description languages ;-) ( now ISO P-members ), who joined ISO JTC1 just to cast an unconditional-yes-votes payed off:
from
http://blogs.freecode.no/isene/2008/03/31/norwegian-committee-chairman-to-iso-count-the-vote-as-no/
http://consortiuminfo.org/standardsblog/article.php?story=20080331114700984
http://blogs.freecode.no/isene/2008/03/30/promoting-the-repair-shop-philosophy/
This was just sent to ISO from the chairman of the Norwegian standards committee responsible for evaluating OOXML:
Formal protest regarding the Norwegian vote on ISO/IEC DIS 29500
I am writing to you in my capacity as Chairman (of 13 years standing) of the Norwegian mirror committee to ISO/IEC JTC 1/SC 34. I wish to inform you of serious irregularities in connection with the Norwegian vote on ISO/IEC DIS 29500 (Office Open XML) and to lodge a formal protest.
You will have been notified that Norway voted to approve OOXML in this ballot. This decision does not reflect the view of the vast majority of the Norwegian committee, 80% of which was against changing Norway's vote from No with comments to Yes.
Because of this irregularity, a call has been made for an investigation by the Norwegian Ministry of Trade and Industry with a view to changing the vote.
I hereby request that the Norwegian decision be suspended pending the results of this investigation.
Yours sincerely,
Steve Pepper
Chairman, SN/K185 (ISO/IEC JTC 1/SC 34 mirror committee)
(sign.)
The Letter to ISO in pdf:
http://blogs.freecode.no/isene/wp-content/uploads/2008/04/iso-protest.pdf
http://www.itscj.ipsj.or.jp/sc34/open/0989_reference_docs.zip
If you want to see how bad was this process handled, see one of its awfuls deliverables.
Open the document "Response_DE-0028_dates_v9.doc" in this zip
http://www.itscj.ipsj.or.jp/sc34/open/09891.pdf
This is one of the changes frenetically accepted in BRM, regarding treatments of dates in OOXML. See the salad of colors trying to explain the modifications. And this is a fix ( BRM ) of a fix ( one of ECMA 1027 proposed fixes ) of a NB comment of a draft text ( original ECMA submission ).
ECMA and Microsoft have not provided a decent final text with all this changes applied. In the BRM they frenetically changed Scope, Conformance , Schemas , and lot of normative text. Microsoft is now rushing to get a final text in less than one month, to comply with ISO normative.
This is how ISO delivers IT international standards, mandating fundamental changes to drafts, leaving national bodies with the only alternative to cast a political vote leaving aside the technical content of the specification.
Congratulations to the countries that have balls and didn't agree with this way of deliver standards to people:
- New Zealand ( dissaproved )
- Brasil ( dissaproved )
- India ( dissaproved )
- China ( dissaproved )
- South Africa ( dissaproved )
- Canada ( dissaproved )
- Venezuela ( dissaproved )
- Ecuador ( dissaproved )
- Iran ( dissaproved )
- Italy ( abstained )
- Spain ( abstained )
- Belgium ( abstained )
- Netherlands ( abstained but only Microsoft opposed the disapproval )
- France ( abstained due to heavy Microsoft pressure )
- Malaysia ( abstained due to heavy Microsoft pressure )
- Australia ( abstained due to heavy Microsoft pressure )
- Kenya ( abstained )
And congratulations Microsoft, your friendly little countries supposedly experts in XML document description languagesIrregularities and political decisions in ISO DIS 29500 March 2008 votes:
Germany
In a steering committee of 20 people a vote was taken to answer this question: "did the process run according to the rules and without irregularities?"
6 answered no and 7 abstained!
http://www.noooxml.org/forum/t-49525/limited-choice-at-german-din http://www.groklaw.net/article.php?story=2008032913190768
Norway
21 members of the committee voted NO to fast-track this DIS but it was decided to vote yes anyway.
http://www.noooxml.org/forum/t-50031/oil-fire-in-norway-microsoft-buys-another-standards-body
Denmark
The technical committee didn't agree to change the disapproval vote but it was "decided" to vote yes anyway.
The committee S-142/U-34 under Danish Standards could not agree to change their vote from No to Yes.
A couple of hours later:
http://www.version2.dk/artikel/6718 says that the announcement from Danish Standards will not be made until Friday and that the Chair of the committee has been barred from speaking about the result of yesterday's meeting.
After some Microsoft political intervention to revert this ( the Prime Minister of Denmark is a Microsoft friend ), we have this: http://www.en.ds.dk/4227
Another political decision, influenced by Microsoft lobbyists.
Malaysia
The Minister of Science, Technology and Innovation decided on Malaysia's final position on OOXML ("abstain" ), overturning the 81% "Disapprove" position by ISC-G and TC4.
http://www.openmalaysiablog.com/2008/03/the-minister-of.html http://www.openmalaysiablog.com/2008/03/malaysian-indus.html
Poland
On March 20, 2008, Technical Committee (KT 182) of PKN was supposed to either accept the recommendation (which was to vote YES for the proposed standard) or not accept it, and thus recommend PKN to vote NO or abstain from voting. Of 45 members, 24 appeared on the meeting. And the votes looked like this:
No consensus has been achieved concerning the recommendation. Thus, the chairman of KT 182, Elzbieta Andrukiewicz, decided to allow the missing members to vote by e-mail during the next 10 days (till the end of March).
The email vote was taken, counting a "no mail sended" as an "approval" !!!
Clearly, there was no technical consensus in Poland, but the chairman forced the rules to favour an approval.
http://www.noooxml.org/forum/t-49455/polish-chairwoman-distributes-microsoft-propaganda http://polishlinux.org/poland/possible-manipulation-around-ooxml-process-in-poland/ http://polishlinux.org/poland/poland-confirms-its-approval-for-ooxml-in-iso/
Croatia
Out of 35 members of TO Z1, 17 sent a vote, and there were three votes for, and fourteen against fast-tracking OOXML, which is relative rejection rate of 82%. Members who voted were individual experts, IBM, CLUG and HrOpen. However, since there were less than 51% of votes, the voting process was declared invalid, and the previous vote holds ( "approve" ) !
M
Extracted from http://www.tbray.org/ongoing/When/200x/2008/03/02/On-OOXML:
"Standards Process Abuse: Microsoft decided, rather than working to produce a harmonized standard by enhancing ODF to add MS-Office-specific features, to re-invent the world from scratch. This seems wrong.
ECMA, which claims to be a serious standards organization, blessed the process of generating a XML dump of the internal data format and publishing it in six thousand poorly-edited pages, in well under a year. This seems wrong.
ISO allowed ECMA to submit this on their fast-track process with breathtaking obliviousness to the existence of other standards and lack of concern for harmonization. This seems wrong.
ISO allowed the draft to be substantially edited and enhanced after the initial ballot. This seems wrong.
It tried to repair the damage by stuffing 120 people in a room in Geneva for five days to address a thousand changes to the spec. This seems wrong."
It seems that you forget that this fast-track is taking place in Wonderland
Anybody keeping a comprehensive and up-to-date list (or list of lists) of specific things that are wrong with OOXML?
Here you have one
Other links:
IMHO this fundamental UI changes in Office have more to do with stop-the-office-software-commoditization reasons that graphical-user-interface-design ones
so, what the final user likes or not will have minor impact in MS ( strategical ) product decisions
asa, why firefoxflicks.com blog does not accept comments any more ( i.e. "comments off" at http://www.firefoxflicks.com/backstage/ last posts ) ?
regarding IE7 and its "usability", found this interesting: IE 7b2, a UI report
Gartner joins the party
is a man with big big balls... ask m$
IMHO:
what about
?