Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Debian Talks About Systemd Once Again

grcumb Re:All's I know... (517 comments)

Remember this before ranting too much on Lennart. He is not in any position to force any distribution to do anything. Distributions choose to use his software because it actually is better than the stuff that came before it.

Yes, of course Lennart's just a developer with a better idea. He's never seen software development as a means to a larger political end.

Except when he has:

Getting a clear message out what Linux is supposed to be is definitely a social issue, but to make that happen the Linux platform needs to be streamlined first, and that's a technical task, and not done yet.

All of these disingenuous statements that there's no other agenda in place are just bullshit. They're simply and self-evidently not true, because you can't do system design without some kind of vision of what you want. And you don't change the system design unless you don't like the one you've got. Lennart's vision, as he says, is a 'streamlined' Linux, which is to say catholic, not agnostic, unified rather than pluralistic, with fewer options rather than more. And when you cut away all the cruft, it's his stuff that remains.

Poettering and his acolytes can argue all they like that their vision is simply better. I disagree, but I accept that this is always an argument worth having. But when you start arguing that POSIX is a constraint and that Linux should be 'leading' the way (and that POSIX can just catch up, thank you), you're taking a stance that is not simply in opposition to others, it cannot coexist with the others because the alternatives have become mutually exclusive within a particular space.

POSIX is a limiting factor. That's true. Its limitation is that we've all agreed on a basic subset of behaviours in order that we all have enough in common to interact. So when you discard POSIX, you have effectively announced that you do not see the value of playing nicely with the other children. From that moment, your 'better idea' is being implemented at the expense of interoperability.

Which is a really fucking bad idea.

(The quote above is from an interview with Lennart, linked from his Wikipedia page.)

Lastly, to respond directly to the assertion that he is not in a position to force any distro to do anything. The tight web of dependencies, his position at RedHat and the support and assistance provided on the corporate level is perhaps not sufficient literally to force a distro to use his software, but it's enough to raise the question that undue influence is being brought to bear and that rather questionable tactics are being indulged in expressly because Lennart and his cohorts think that doing the right thing does not imply contributing in an open[*] and inclusive way.

-----------------
[*] Lennart's idea of openness is allowing others to interact with his software, but fuck you if you want him to take a second look at your requirements. And then, of course, to act shocked (shocked!) when others get upset.

3 days ago
top

FBI Director Continues His Campaign Against Encryption

grcumb Re:Public safety is not the issue (281 comments)

The issue is the balance between public safety and personal privacy. Denying the citizen of any democracy the right to encryption of their personal communication is not an appropriate response to the perceived threat to public safety that same encryption would bring.

Quoth Schneier:

...there's no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012 -- and the investigations proceeded in some other way.

There never is any reason to remove a citizen's right to privacy except to extend the power of the state. You can argue the reasons for and against this, but historically, we've always found that more respect for individual rights contributes significantly to better governance.

4 days ago
top

Analysis of Linux Backdoor Used In Freenode Hack

grcumb Re:security methods can be used by both sides (37 comments)

If you think I've misinterpreted the problem, please tell me exactly where.

Right here:

You know the kind of shabby security joke that Windows turned into? The same thing has happened to linux and BSD

The security problems that afflict Linux, Mac OS X and, to a much lesser extent, *BSD are fundamentally different in the way they manifest.

We have yet to see the systemic infestation that characterised Windows in the late '90s and early '00s. There was a time mid-decade when the time it took to for an unattended, freshly installed Windows box to get pwned was estimated to be 20 minutes.

Heartbleed, Shellshock, the Debian SSH debacle (can't forget that one) and numerous other problems are symptomatic of weaknesses in aspects of the FOSS environment that people used to think (unrealistically) were invulnerable. Instead, what we've discovered is that they're quite susceptible to targeted attack. This difference should not be understated. Windows is an infected system - basically, you can't run it without antivirus. Linux, Mac OS X and numerous other OSes are easily attacked individually, but there are not as yet any exploits that subvert the entire ecosystem.

None of this is to dismiss how serious the potential threat is. I just want to make it clear that, so far, the danger that we see is different from what we are living with in the Windows world. It's different in quantity and quality.

about a week ago
top

Analysis of Linux Backdoor Used In Freenode Hack

grcumb Re:security methods can be used by both sides (37 comments)

Doesn't seem so special after all.

Well, full marks for that clever little bit of sleight of hand that allowed them to set up persistent connectivity without hard-coding addresses. I like the way they use the combination of port and sequence number to determine the remote address, and packet window size to set the remote port. It was also pretty interesting that the software could take its sweet time between 'magic' packets, allowing it to obscure itself in incoming traffic.

But yeah, it's a clever riff on well-known rootkit tools. And it's nothing that shouldn't have been discovered in a moderately well-run security environment. I mean, we are talking about an altered boot script, new rules running in iptables, and additional new binaries on the system. You would expect that sort of thing to be found before too long.

But one thing I would very much like to know is how this rootkit got installed in the first place. There's nothing about that in TFA.

about a week ago
top

What's Been the Best Linux Distro of 2014?

grcumb Re:systemd (302 comments)

> It's being touted as The One True Way.

not unlike the Unix way touted by the opposite camp.

Wow, once again, Poe's Law rears its ugly head.

What follows is not for your benefit, but because somewhere out there on the wilds of the internet, there might still be some youngster with a clue who needs to get this:

Systemd, OOP and a number of other technologies have been touted by people who have a curious mixture of cleverness and a lack of imagination or experience (something altogether too common in the world of software development). They claim that because they have solved a problem, they are therefore entitled to use the same approach to Solve All Problems Ever. So instead of exercising a little humility and moving their work ahead in a way that's accepting of other approaches, they charge in full speed, damn the torpedoes and devil take the hindmost.

It happened with Microsoft and ActiveX. It happened with Object Oriented Programming languages - most notably with Java: there was a time when it was hard to find work programming in anything else. It happened, to a smaller degree, with design patterns. You can find numerous other examples if you search for them.

It's happening again today with systemd.

Now, parent here is implying that the conflict between The Unix Way and systemd's kitchen-sink approach is a contest between equal ideologies. In other words, each represents a single thing, one of which is old and full of faults, the other of which is new and shiny and presumably lacking in faults. The only choice we have, then, is to weigh each in the balance and choose the one that's superior.

There's a fly in that ointment, though: You see, the Unix Way is a process, not a product. It states that it is better to take a toolkit approach - that is, chain together a series of tools that do one thing and do that one thing in a well-defined, simple manner. Systemd, on the other hand, is a particular set of services. Its implementation is antithetical to the Unix Way, because although it's contrived out of dozens of smaller executables, they really only work when they're chained together. You currently can't, in other words, use journald outside of systemd (you'd have to build a completely new interface), or use systemd without journald.

The people who like systemd are willing to discard the decades of experience that brought us the awkward-but-workable Unix world, full of text files, single-purpose utilities, shims on shims on shims.... They see it as ugly and awkward and ungainly. It is all of those things. The place where they go wrong, though, is that they think they can do better in one simple stroke. They think that they're good enough to design a system *cough* that inhabits the space between kernel and userland, and that they can do it in the course of a few short years. That's admirable. I applaud their ambition.

But....

But there is no way in Hell that I would let someone with that kind of confidence get within a mile of my machines. That would be Daedalus and Icarus all over again. (Google it; I'm not your nanny.) What systemd supporters fail to understand is that The Unix Way is the way of humility. It's essentially a way of expressing our own understanding that we cannot do everything well. Therefore, we do the one thing that we can do, and we do it simply (which is not always as well as it might be, but will at least work reliably).

Empirically, systemd does things neither well enough, nor simply. For reasons that are particular to each of them, most adherents are incapable of admitting to either of those things. For example:

> Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own.

Its detractors rarely comment on technical merits/shortcomings, 99% of the time they only throw "pid1", "monolitic", "poettering blight", "binary logs" and "they took our jerbs^wkludgy init scripts!" around.

See how the commenter rejects out of hand the complaints that too much happens at too low a level? How there's no recognition that building a series of interlocking pieces which do not interlock with anything else except themselves, and only in a certain way can be called 'monolithic'? How the issue of binary logs, of how logging should work generally, is tossed away as so much noise?

Now, it's not that nobody has ever responded to these complaints. They have, and at length. The issue is that their answers have been rejected by a great many people as insufficient. But rather than show a little humility and learn a thing or two at the hands of those who are offering these criticisms, systemd devs and supporters instead treat dissent as antagonism, and indulge in name-calling (e.g. neckbeard) and such.

It's shameful, really.

But yes, it's happened before, and it will happen again. And those of us who are in it (init - heh) for the long haul will eventually get a modicum of sanity back once their fanaticism is ground down by reality.

about two weeks ago
top

What's Been the Best Linux Distro of 2014?

grcumb Re:systemd (302 comments)

You honestly do sound like an angry neckbeard. You might want to get some therapy or something. That rage isn't helpful.

You know the part where I said there are people who don't know the difference between an argument and a quarrel?

You might want to read it again.

If you can't respond substantively, why respond at all? I've offered a little insight into history so that you can draw a parallel between present and previous conflicts in the software world, and all you can do is call me names that you know are infuriating to me, and you suggest I get therapy?

about two weeks ago
top

What's Been the Best Linux Distro of 2014?

grcumb Re:systemd (302 comments)

systemd is the wave of the future. Or at least something similar to systemd that they'll probably hate just as much.

I haven't seen this much hate since OOP started getting popular and old school devs were dragged into it kicking and screaming. But guess what, OOP was the wave of the future.

Considering where the OOP-For-Everything crowd got us, and how long it took us to recover from the fact that it was the hammer for every nail for far too long, considering that we're finally emerging into a sane world where OOP has its place, as one approach among many....

... I'd say you're right about systemd:

It's being touted as The One True Way. Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own. Its adherents are clever, antisocial alphas whose faith in their own intelligence is far too complete, and who don't know the difference between an argument and a quarrel.

Yep, it is OOP vs The World all over again. Dog help us all.

--------
[*] Seriously: I will punch the first person who uses that term in my presence.

about two weeks ago
top

Gmail Security Is a Problem For Tor Users In Repressive Countries

grcumb Re:under dangerous regimes (74 comments)

Whew! I feel so safe in the good old USA, the shining beacon of freedom. And I fully expect our FBI to hack down the repressive firewalls of censorship, without a warrant, and ram some of our great freedoms down their commie throats.

I know where you're coming from (literally - I'm North American), but some beacons of freedom shine more brightly than others. In Fiji, a country which I visit professionally on a fairly regular basis, this story about a man hospitalised by military intelligence has raised some eyebrows.

Ever since the military take-over some years ago, there have been rumours of wholesale surveillance. Numerous people who for whatever reason objected to the post-coup regime reported being contacted by police or military on the day before a gathering (for example), and asked questions about things that they could only know about by eavesdropping on their communications. Soldiers reputedly beat up a large number of people in order to intimidate them into silence. There has indeed been video released of police torturing their prisoners. [Find it yourself; I'm not going to gratify your prurience.]

But this appears to be the first time a person has explicitly been detained tortured and imprisoned because of text messages sent complaining about the regime's leader (and lo and behold, newly-elected prime minister).

So yes, sending authorisation keys via text message is a Very Bad Idea in some places.

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

Oh fuck me. I'm wrong on that last point. I did say manpower. Sorry.

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

It isn't a contradiction, it's that you said that to continue supporting init would require significant manpower and that systemd is pushed by a minority.

That's a fucking contradiction by any definition of the word (albeit a contradiction that you constructed, and that only you can see). You are clearly deficient in your capacity to conduct a conversation, so I'll just leave off here.

In parting, and just because reading comprehension seems to be a shortcoming with you: I never once alluded to manpower. I referred to the 'pain' involved in replacing it. But you needed 'manpower' in order to construct that thing which you are adamant is not a perceived contradiction, so you can have it. If you can find the place where it fits... outside of your own imagined version of what I'm arguing, that is.

HTH HAND

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

You seriously see a contradiction there?

No, I said how is there not enough manpower to maintain a fork that doesn't have a dependency on systemd and uses init instead?

You're talking right past me. Are you now saying that you do NOT see any contradiction? Because 'one the one hand... on the other....', used as you used it, generally implies a perceived contradiction.

Read the analogy and you have your answer. It's not about manpower. It's about role.

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it.

So how is it there isn't enough manpower to maintain a fork with init rather than systemd? On the one hand you claim it's too much work to not use systemd but then simultaneously say systemd is pushed by a minority.

You seriously see a contradiction there? That a core part of a larger system has a new dependency, meaning that one is suddenly put in the position of considering whether it's more pain to keep it than to undo the damage? That this same core part could have been written by a very small group of people who have a track record of not playing nicely with the other children?

... Because if you can't even conceive of the nature of the problem, there's no point at all in responding to the rest of your quibbles.

As a gendankenexperiment, imagine one valve of your heart deciding it wants to change its rhythm. The others can choose to remain as they were, or adopt the new rhythm. Right and wrong are only peripherally part of the decision; what matters first and foremost is not falling out of step. The other components can reason all they like, but if the recalcitrant one doesn't budge, they're stuck either accepting the ultimatum or taking radical steps. The rest of the body parts are, for all intents and purposes, just along for the ride, no matter how the decision affects them.

And that, my child, is the choice the Debian had foisted on them.

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Stay out of our business then..... (993 comments)

And the reason for including libmicrohttpd is so that people can get http access to their log files.

I read that a few times and I still do do a Poe's Law double take at the end.

This is only used by the journald gateway deamon (so not by systemd at all)

But by 'not systemd at all' you mean, 'by one of the few core packages that cannot be removed from systemd?

and also only if you explicitly enable it with "systemctl enable systemd-journal-gatewayd.service".

Yes, because unsafe code lying available on the system has never been made part of a compromise originating from another source. Or are you okay with losing the crown jewels as long as someone else takes part of the blame?

I think you have to practice your Google-fu a bit there pal.

Google can't cure your brand of refusal to come to grips with reality, chum.

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:in the spirit of open source (993 comments)

Please RTFA, he is saying people even make life threats.

Yeah, that sucks. It's really juvenile and stupidly cruel.

It's not a thing of "I want to be married by church but they don't accept gay marriage", it's "The KKK burned down my house because I kissed my significant other in the park".

No, it's a case of, 'I piss on my neighbours lawn every day. Yeah, there's a little dead patch on the grass where I do it, but now he's trying to shoot me.'

The first step in remedying this situation is, 'Call the cops.' The second step in this process is 'Stop pissing on your neighbour's lawn.'

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

Systemd was taken up, because it was the better solution for distros.

No it fucking was not. It was taken up because the pain of living with it was judged to be less than the pain of excising it. Other, equally wrong developers decided to make it a requirement, with the effect that in order to stay with init, we would have to retrofit core elements of GNOME, which would have required significant manpower.

Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it. The fact that there was a closely split decision on whether to integrate systemd into Debian should have been read as a damning indictment, and at very least should have given the developers pause. But no, it got chalked up as a victory - which is exactly the kind of thinking that got this shit into our operating systems in the first place.

Any self-respecting developer would have realised that the best way to move systemd forward would be to take an incremental approach, to offer it as an optional component. Any reasonable developer would have had the fucking humility to accept that something so integral to the system cannot be made mature and robust except over the course of time. And until that time, he should perhaps quit fucking saying how sweet his shit smells.

about two weeks ago
top

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Systemd (993 comments)

Poettering is not a troll. He's a software developer, who has the unforunateness of writing lots of great software that a lot of people simply do not like.

See, this, right here, is why people lose it when they deal with Lennart.

This is not a matter of 'like' or 'do not like'. If it were, we could tell Lennart his software sucks and move on. But no, he's so fucking clever he not only has to be right, he has to foist his rightness onto systems before it's anywhere near mature.

And then.... and then, to add insult to injury, he refuses to accept that integrating core software, which in his own words claims to offer a one-stop-shop for kernel-userland interaction, without extensive use in real world conditions, might reasonably be thought a little rash. No, he has to go and accuse the entire software establishment of bias, an unwillingness to change (without even beginning to address where that inclination comes from), and ultimately, of a simple lack of ability to see and accept just how fucking right he is.

Amazingly, astonishingly to abso-fucking-lutely no one, his actions give rise to more than a little rancour. And now he has the gall to say that he was right all along, that his opponents are irrational and that it's a problem with the rest of the world.

To which I can only reply: seek help.

about two weeks ago
top

Why the FCC Will Probably Ignore the Public On Network Neutrality

grcumb Re:Changes require systematic, reliable evidence.. (336 comments)

What he's saying, put bluntly, is that most of the people making comments obviously have no understanding at all of how Carrier grade networks actually operate.

I kind of got that, in spite of some random wanker modding me troll for my troubles.

My point, however, is that that is not actually how the process works. That's how the process is dressed up, but in actuality, the FCC has become a political creature, and will reliably support the party that appointed the majority of commissioners. This rather important element was only barely alluded to in the article.

about two weeks ago
top

Why the FCC Will Probably Ignore the Public On Network Neutrality

grcumb Re:Changes require systematic, reliable evidence.. (336 comments)

... so where is the systematic, reliable evidence that not being neutral in the way you treat traffic is somehow better for the future of the Internet?

These networks are owned by the ISPs. It seems to me that government, before it steps in and tells them how best to run their networks, should have the burden of showing how net neutrality is better for the network than prioritization schemes.

You've got your cart on the wrong side of your horse, young man.

It's up to the ISPs to demonstrate to the people (via government) that they're using the resources —to which they have been granted limited monopoly rights— in the public interest, and that their pursuit of profits is not leading them into anti-consumer activity such as creating artificial scarcity for extortionary purposes when negotiating with other network operators, holding their users hostage, arbitrarily throttling bandwidth to customers whom they have testified are causing network congestion when in fact no such congestion exists.

For example.

Network Neutrality is the neutral position. It's not telling ISPs how to run their network - it's telling them to stop fucking with their customers' traffic. It's telling the ISPs to stop indulging in funny business and get back to making money the old-fashioned way: by providing an actual fucking service.

But yeah, fuck big government and Ayn Rand and America Fuck Yeah and all that because... Oh, I don't know, because who the fuck cares any more? This stopped being a dialogue years ago.

about two weeks ago
top

Why the FCC Will Probably Ignore the Public On Network Neutrality

grcumb Re:Changes require systematic, reliable evidence.. (336 comments)

... so where is the systematic, reliable evidence that not being neutral in the way you treat traffic is somehow better for the future of the Internet?

This is the part that grabbed my attention. The whole piece is pretty disingenuous in the way it frames the issue. Just check out this quotation from an FCC staffer:

"I find the whole rulemaking context almost hilarious in many instances, because you know you're reading something, and you know it's not true. And you're guessing, you know, the person is hallucinating." Ordinary comments were, in other words, prone to error and lacked truthfulness, in the eyes of many of the Commission's staff.

It's a subtle bit of work, but the author of the piece implies not only that:

a) The FCC gets to ignore most comments because its rules require arguments to be made on technical grounds (true); but also that

b) The public opinion is not just wrong, it's 'hallucinating' (false).

The paternalistic tone of the article was a little much, too. Allow me to fisk it:

In the interviews I conducted for my dissertation [just had to get that in, didn't you?], FCC commissioners and a handful of staffers (e.g., civil servants, as opposed to political appointees) [so... staffers, then?] explained that the rulemaking process does not function like a popular democracy. [It's not a vote. Got it.] In other words, you can't expect that the comment you submit opposing a particular regulation will function like a vote. [Right. Not a vote. Got it.] Rulemaking is more akin to a court proceeding. Changes require systematic, reliable evidence, not emotional expressions. [Yeah. It's not a vote. I fucking got it.] And with the exception of Democrat Commissioners Copps and Adelstein, the people I spoke with at the FCC considered citizen input during the media ownership proceeding as emotional and superficial content. [Ah so it's not really like a court, then. 'Cause courts aren't politicised.]

Not once - not once in this article does the author admit what's central to the entire fucking issue - this is a politicised process. It's not a popular issue only because the power brokers don't want it to be. Though truth be told, they're fine with appearing to support the popular will when it coincides with whatever's politically expedient for them.

about two weeks ago
top

Cyanogen Inc. Turns Down Google, Seeing $1 Billion Valuation

grcumb Re: Google just pissy (107 comments)

Capitalism developed as a response to whydontijusttakeitandrapeyourdaughterwhileimatitalism. The seductive power of a pile of cash is not changed when you change the system. The only thing that changes is the standard means of obtaining that pile of cash.

about two weeks ago

Submissions

top

Android Ice Cream Sandwich Source Released

grcumb grcumb writes  |  more than 2 years ago

grcumb (781340) writes "Looks like the folks at Google have made good on their promise to release the Android 4.0 source code. Android software engineer Jean-Baptiste Queru writes: "Hi! We just released a bit of code we thought this group might be interested in. Over at our Android Open-Source Project git servers, the source code for Android version 4.0 (Ice Cream Sandwich) is now available."

"This is actually the source code for version 4.0.1 of Android, which is the specific version that will ship on the Galaxy Nexus, the first Android 4.0 device. In the source tree, you will find a device build target named "full_maguro" that you can use to build a system image for Galaxy Nexus. Build configurations for other devices will come later."

If the Cyanogen elves get busy Daddy just might be getting a new ROM for Christmas...."

Link to Original Source
top

Economist Mag Profiles "Wireless Carrier-Pigeons"

grcumb grcumb writes  |  about 4 years ago

grcumb (781340) writes "The Economist magazine is running a brief profile of Digicel, a 'minnow' in the wireless telecoms market that has distinguished itself by setting up shop in some of the most unlikely (and dangerous) markets in the world, including Haiti and Papua New Guinea, whose capital, Port Moresby, has one of the highest murder rates in the world.

"If you just focus on risk, you can't do a thing," said Digicel's billionaire president Denis O'Brien in a 2008 Forbes profile. But O'Brien's small-market revolution should teach us another lesson, too: Traditional economic analysis doesn't work when it comes to communications. Telecommunications is a supply-driven economy. If you build it — no matter where you build it — they will come.

Now, if someone could just teach the North American telcos this...."
top

Anonymous Coward or Corporate Troll?

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "In a recent article on Alternet, Annalee Newitz writes to report that our perception of the typical anonymous poster as a fat, half-naked basement dweller with a grudge is nearly 100% wrong. Virgil Griffith's WikiScanner site exposes the surprising truth: The majority of dishonest edits and omissions on wikipedia derive from corporate and government IP addresses. In Annalee's words: 'It turns out that the people who are hiding behind anonymity online for nefarious or selfish reasons are not little guys in pajamas but the very bastions of accountability that haters of the Web have deified.'"
Link to Original Source
top

AT&T Practices Political Censorship

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "Pearl Jam reports that their live webcast from Lollapalooza was censored by AT&T. The statement on the band's website outlines their concerns in the context of the ongoing Net Neutrality 'debate':

"AT&T's actions strike at the heart of the public's concerns over the power that corporations have when it comes to determining what the public sees and hears through communications media.

"Aspects of censorship, consolidation, and preferential treatment of the internet are now being debated under the umbrella of "NetNeutrality." Check out The Future of Music or Save the Internet for more information on this issue.


It's refreshing to see that at least some of our media darlings have a clue about what this debate is about,"

Link to Original Source
top

France: Surrender Your Blackberries!

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "Le Monde has published a story claiming that French defence officials have asked all senior functionaries in the French government to stop using Blackberries wireless mobile devices. Fears that the US-based mail servers supporting the service could lead to systematic eavesdropping by US intelligence agencies led to the drastic move. From the AP story:

"It's not a question of trust," Mr. Lasbordes told The Associated Press. "We are friends with the Americans, the Anglo-Saxons, but it's economic war."

Research In Motion, makers of the Blackberry device, claim they couldn't read the emails even if they wanted to: "No one, including RIM, has the ability to view the content of any data communication sent using the BlackBerry Enterprise Solution,"

Apparently, nobody at RIM has ever worked at the NSA."

Journals

top

Flickr: Flunkr

grcumb grcumb writes  |  more than 5 years ago

About once a month or so, I'm tempted to dump 25 bucks on Flickr to upgrade to a 'Pro' account, just so I can plop more than 200 photos into that particular bucket. I admit I've been on the cusp a couple of times.

But I never do. The plain fact is that Flickr is a terrible photo viewing interface.

White, what?

A bright white background is possibly the worst neutral background they could have chosen. White washes out colours and destroys one of the things that I personally love best: subtle shading on very dark and earth-toned pictures. It's got the point where a lot of self-respecting photographers actually have a 'View on Black' link, pointing to one of several services that do nothing other than render the very same photo with a dark background. The difference is stunning.

But Flickr, in its infinite marketing wisdom, would rather emulate Google's 'any colour as long as it's white' mantra. In Google's case, there's wisdom in the approach; they are a utility, like power or water, not a creative service. Flickr does not benefit in the least from an engineer's design sense, and it's high time someone told them that.

One Hundred's Spartan

When viewing photos in groups - or any aggregation, for that matter - one is usually presented with a hodge-podge of 100 pixel thumbnails. Viewing photo sets is even worse. the screen is filled with a patchwork quilt of arbitrarily cropped 75×75 pixel postage stamps. No, wait, I take that back. Postage stamps are larger.

I can't imagine a worse fate for any decent photo. To be reduced to a smudge of light among dozens or hundreds of others on a glaring white page. I'm not sure even Ansel Adams could survive that.

Of course, there are some photos that do just fine in such an environment. Too often, they're from the 'Ooh Shiny!' school of art. To everyone's credit, some genuinely lovely photos can be found, if you know where to look. But they're lovely in spite of Flickr, not because of it.

There are any number of technical arguments for crowding dozens of blots of colour together and call them a collection, but none of them wash when it comes to aesthetics, or even usability, for that matter.

Cliqr

Flickr's groups are subject to the same AOL-ish devaluation that most large scale communities suffer from. The absolute preciousness of users who troll through other galleries, bestowing silly trophy and ribbon icons on pretty photos in a desperate attempt to burnish their collective karma by associating with only the best types... it's off-putting in a way that I'd rather not characterise in a public medium.

Let's just leave it at this: Any group of more than a few dozen people who are mostly unknown to one another can never merit the descriptor 'exclusive'.

Worst of all, Flickr is a vortex. It's a gravity well whose debris can be found throughout the Web, but which is entirely self-referential. Once you're in there, you don't come out. I've had over 14,000 visitors to my main photo stream, yet a mere 18 referrals from Flickr show up in my imagicity.com server logs. People who use Flickr don't go elsewhere.

Flickr, in other words, is good for Flickr. Any benefit that derives to individual photographers seems to be purely coincidental.

Flunkr

All of of this isn't Flickr's fault, per se. The fault lies in our technical inability to render - and more importantly, to manage - images efficiently through a standard GUI, and to share them effectively.

It seems almost paradoxical. Digital technology has allowed revolutionary advances in photography. It has made possible one thing that I love more than any: the ability to draw with light rather than pigment. Sometimes when I'm engrossed in my work I find myself getting almost drunk on colour. There is nothing more rewarding than watching a well-built slide show wash the room with light and shape, to see human vision captured, distilled and transformed in the process.

It astounds me, therefore, how poorly most websites handle photos.

But this is the environment that Flickr has chosen. With few tools to effectively deal with social economies of scale, people are left to their own devices, so they crowd together (as people always do), creating cacophony where contemplation might once have been. Flickr has embraced (in the embarrassing cloying-college-drinking-buddy sense of the word) conventional wisdom with regards to UI, and have spent all their effort on the engineering challenge of handling photos in volume. They've tacked on a few trendy bloggy/webbish bits, like tagging with keywords and location data, but done nothing whatsoever to innovate how photos are viewed.

And that, it seems to me, should be the very essence of innovation where photography is concerned.

I won't demur for a moment if you counter that thumbnails are a necessary evil, that larding a page up with binaries slows down load times, that we're unfortunately bound by the lowest common denominator where display and download capacity are concerned. Nor will I argue if you express admiration for their ability to handle the data volumes that they do. Just storing and serving up 2 billion photos is a decidedly non-trivial task.

But let's be clear here: I expect more from Flickr. I judge them by a higher standard.

They want to set themselves apart? Then let them deal intelligently - dare I say it? creatively - with their popularity. The engineering challenge is interesting; I'll be the first to admit it. But dammitall, this is a photography site. It's for creative people. Is it too much to ask that they should actually take a little of their revenue and use it for basic research and innovation? Where's the research into lossless compression, peer-to-peer content distribution, point-and-click monitor calibration, optimal display environments, click-and-drag online image resizing? Where's the community for UI geeks?

How many of Flickr's 10-30 million monthly visitors have paid accounts there? My guess would be: Several. Surely some of that revenue could go into renewal, exploration and invention.

Perhaps it's no surprise that Flickr founders Catarina Fake and Stewart Butterfield left Yahoo! just as soon as they reasonably could. I don't doubt for a moment that they've thought a great deal more about these issues than I have. Perhaps they'll be the ones who manage to pull a rabbit or two out of their digital cap.

If they do, they'll get my money, too.

top

Steaming Piles

grcumb grcumb writes  |  more than 6 years ago

[Cross-posted from the Scriptorum.]

Sometimes you have to destroy the document in order to save it....

I give up. I can't support OpenOffice Write any more, and it's nobody's fault but their own. For anything more than simple tasks, the application is terrible. Their only saving grace is that Microsoft Office has its own brand of polished turd, named Word. Collectively, they are racing to the bottom of a decade-long decline in useability.

No, that's too generous. The thing is, they're at the bottom. They are useless for any but the most trivial tasks, and the most trivial tasks are better accomplished elsewhere, anyway.

Yes, I'm ranting. Let's put this into a proper context:

I hate word processors. For any but the simplest tasks, their interfaces are utterly ridiculous. I haven't liked a word processing interface since WordPerfect circa version 5, and if I had my own way, I'd author all my documents in either emacs or vi, depending on the circumstances.

Why do word processors suck so badly? Mostly, it's because of the WYSIWYG approach. What You See Is What You Get, besides being one of the most ghastly marketing acronyms to see the light of day in the digital era, is ultimately a lie. It was a lie back in the early 1990s when it first hit the mainstream, and it remains a lie today. The fact of the matter is that trying to do structuring, page layout and content creation at the same time is a mug's game. Even on a medium as well understood as paper, it's just too hard to control all the variables with the tools available and still have a comprehensible interface.

But the real sin that word processors are guilty of is not that they're trying to do WYSIWYG - okay it is that they're trying to do WYSIWYG, but they way they go about it makes it even worse. Rather than insisting that the user enter data, structure it and then lay it out, they cram everything into the same step, short-circuiting each of those tasks, and in some cases rendering them next to impossible to achieve.

Learning how to write, then structure, then format a document (or even just doing each through its own interface) is easier to learn and easier to accomplish than the all-in approach we use today. For whatever reason, though, we users are deemed incapable of creating a document without knowing what it's going to look like right now, and for our sins, that's what we've become. And so we are stuck with word processors that are terrible at structuring and page layout as well as being second-rate text authoring interfaces. They do nothing well, and many things poorly, in no small part because of the inherent complexity of trying to do three things at once.

It doesn't help that their technical implementation is poor. The Word document format is little better than a binary dump of memory at a particular moment in time. For our sins, OpenOffice is forced to work with that as well, in spite of having the much more parse-worthy ODF at its disposal these days.

There's no changing any of this, of course. The horse is miles away, and anyway the barn burned down in the previous millennium. The document format proxy war currently underway at the ISO is all the evidence I need to know that I'll be dealing with stupid stupid stupid formatting issues for years to come. I will continue to be unable to properly structure a document past about the 80th percentile, which is worse than not at all. I will continue to deal with visual formatting as my only means to infer context and structure, leaving me with very little capacity to do anything useful with the bloody things except to print them out and leave them on someone's desk.

Maybe I'll just stop using them at all. Maybe I'll just start doing everything on the web and never print again. I'm half serious about this, actually. At least on the Web, the idea that content and presentation are separate things isn't heresy. At least on the Web, I can archive, search, contextualise, comment, plan, structure and collaborate without having to wade through steaming piles of cruft all the time.

At least on the Web, I can choose which steaming piles I step into.

I'm going to start recommending people stop using Word as an authoring medium. There are far better, simpler tools for every task, and the word processor has been appropriate for exactly none of them for too long now. Sometimes you have to destroy the document in order to save it.

top

Trust Works All Ways

grcumb grcumb writes  |  more than 6 years ago

[Cross-posted from the Scriptorum.]

The Debian OpenSSL vulnerability apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it?

Over the weekend, I've been thinking about last week's disclosure concerning Debian's OpenSSL package, which in effect stated that all keys and certificates generated by this compromised code have been trivially crackable since late 2006.

There's a pretty good subjective analysis of the nature of the error on Ben Laurie's blog (thanks, Rich), and of course the Debian crew itself has done a fairly good job of writing up the issue.

The scope of this vulnerability is pretty wide, and the ease with which a weak key can be compromised is significant. Ubuntu packaged up a weak key detector script containing an 8MB data block which, I'm told, included every single possible key value that the Debian OpenSSL package could conceivably create.

The question that kept cropping up for me is: This one-line code change apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it? Numerous exploits on Microsoft Windows would have required far more scrutiny and creativity than this one. Given the rewards involved for 0-day exploits, especially in creating platforms for cross-site scripting attacks, why is it nobody bothered to exploit this?

My hypothesis - sorry, my speculation is this: People at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn't notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

The change itself was small, but not really obscure. It was located, after all, in the function that feeds random data into the encryption process. As Ben Laurie states in his blog, if any of the OpenSSL members had actually looked at the final patch, they would almost certainly have noticed immediately that it was non-optimal.

In all this time, apparently, nobody using Debian's OpenSSL package has actually (or adequately) tested to see whether the Debian flavour of OpenSSL was as strong as it was supposed to be. That level of trust is nothing short of astounding. If in fact malware authors were guilty of investing the same trust in the software, then I'd venture to state that there's a fundamental lesson to be learned here about human nature, and learning that lesson benefits the attacker far more than the defender:

Probe the most trusted processes first, because if you find vulnerabilities, they will yield the greatest results for the least effort.

P.S. Offhand, there's one circumstance that I think could undermine the credibility of this speculation, and that's if there's any link between this report of an attack that compromised not less than 10,000 servers and the recent discovery of the Debian OpenSSL vulnerability.

Slashdot Login

Need an Account?

Forgot your password?