Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



The Quantum Experiment That Simulates a Time Machine

grcumb Re:Government agit-prop (128 comments)

What makes you think we haven't already done that with ad neaseam ?

Wait - I'm confused. Have we renamed it ad neaseam yet? Or is it still nauseam?


2 hours ago

The Quantum Experiment That Simulates a Time Machine

grcumb Re:Government agit-prop (128 comments)

Meh, just go back in time and get Cambridge to accept "at nauseum" as the approved version.

That's how nerds will win the internet in the future. :)

What makes you think we haven't already done that with ad neaseam?

Bruce Hecklesby
International Time Travelers for Proper Latin Spelling

2 hours ago

Serious Network Function Vulnerability Found In Glibc

grcumb Re:Heartbleed (209 comments)

Troll-rated? Really? That's kind of the opposite of a troll post.

2 days ago

Serious Network Function Vulnerability Found In Glibc

grcumb Re:Think you're immune from attacks? (209 comments)

Don't be so glib, see?

I'll be here all night folks. Tip your servers. Make sure they're bolted in, though.

Don't blow your stack if nobody applauds. It's just that we're overflowing with bad puns, and the funny bits get flipped around, and in the end all we see is some stupid zero on the stage who's only in it for the cache anyway.

2 days ago

Serious Network Function Vulnerability Found In Glibc

grcumb Re:Heartbleed (209 comments)

Will you please actually read the quote rather than quoting an inorrect interpretation. The quote is:

"given enough eyeballs, all bugs are shallow"

It means that once a bug is found, it is shallow, i.e. quick and easy to solve for someone. It doesn't and never did mean that all bugs will be found.

Actually, it's unfortunate, but I think he did mean that:

Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.

That's his longer version of the same slogan - literally the next sentence in the essay.

It's possible to read that as meaning that every problem —once it's been found— will be fixed quickly and relatively easily, but Occam's razor says that we should understand discovery of the problem to be implicit in this statement.

But... you are right to say that FOSS is far better at fixing known bugs than proprietary software. By the late '90s, I was so sick of having my professional reputation as a systems software developer tarnished by bugs, poor quality and stupid release cycles that I stopped supporting Windows entirely. Dropped the entire proprietary ecosystem and moved to Linux and FOSS. I can't say it's been perfect, but I've slept way better since then.

2 days ago

Omand Warns of "Ethically Worse" Spying If Unbreakable Encryption Is Allowed

grcumb Re: That's a nice democracy you have there... (390 comments)

What criteria are you using to distinguish a nonconstitutional state from a constitutional one?

Example: In 2006, the Fijian military seized power from the elected Parliament. Some time afterward, on instruction from the military dictator, the President abrogated the constitution. During the entire tenure of the military regime, they did not issue a single law. They lacked the constitutional authority to do so. Instead, they issued a number of decrees, because that's what they were: Follow this instruction or get a visit from some very burly men with guns.

During the time between the abrogation of the old constitution and the promulgation of the new one (a period of several years), Fiji was a non-constitutional republic.

3 days ago

Google Handed To FBI 3 Wikileaks Staffers' Emails, Digital Data

grcumb Re:Encryption? (194 comments)

If I worked for Wikileaks, I think I'd be encrypting everything especially if it involved using a Google server.

Or better yet...don't use an email provider with any US presence.

Uh... that only means they don't bother with a warrant. They just go and get whatever they like.

Perversely, you're actually better off dealing with these ridiculous, draconian, panopticonian laws, because at least in theory you have some kind of recourse - even if it consists of fighting retroactively to reduce the J. Edgar Hoovering up of your personal data. If you use an offshore email provider, the NSA will just grab whatever it wants, whenever it wants, without even the tiniest fig leaf of law to cover up strategic bits.

3 days ago

TWEETHER Project Promises 10Gbps MmW 92-95GHz Based Wireless Broadband

grcumb Re:Watch that capitalisation (54 comments)

milli is one thousandth, so Mega milli is a Kilo


Here I went and ignored the First Rule of Slashdot: Coffee, then comment.

about a week ago

TWEETHER Project Promises 10Gbps MmW 92-95GHz Based Wireless Broadband

grcumb Re:Watch that capitalisation (54 comments)

I read that as Mega-milli-Watt.

Or... Watt, as it's commonly known.

about a week ago

Linus On Diversity and Niceness In Open Source

grcumb Re:Where's this desire for "nice" coming from? (361 comments)

I'm a polite Canadian

There's another kind?

Of course dere is, you stupide fuckin' Englisher!! I spit on your politesse!

À bas la reine! Vive le Quebec libre!

about two weeks ago

Systemd's Lennart Poettering: 'We Do Listen To Users'

grcumb Re:I agree with Lennart (551 comments)

He talks about it more here. I will quote him without giving any of my own commentary:

The design of systemd as a suite of integrated tools that each have their individual purposes but when used together are more than just the sum of the parts, that's pretty much at the core of UNIX philosophy.

I would say that he misunderstands the essence, the substance and possibly even the purpose of the UNIX philosophy... but I think he actually does understand. I think he's simply being disingenuous, twisting the definition to meet his desires. It's clear that this is a man who believes that he knows what's good and what's not.

This blog post from last September lays out in perfect clarity how dismissive he is of contrary points of view:

The toolbox approach of classic Linux distributions is fantastic for people who want to put together their individual system, nicely adjusted to exactly what they need. However, this is not really how many of today's Linux systems are built, installed or updated. If you build any kind of embedded device, a server system, or even user systems, you frequently do your work based on complete system images, that are linearly versioned. You build these images somewhere, and then you replicate them atomically to a larger number of systems. On these systems, you don't install or remove packages, you get a defined set of files, and besides installing or updating the system there are no ways how to change the set of tools you get.

[Emphasis mine]

So the toolkit approach is not useful for someone who's deploying large numbers of commodity servers? This defies logic. It implies that somehow it's better to use commodity servers built using Lennart's toolkit than to have the capability to define one's own toolkit to build your own purpose-built standard image.

He's ignoring logic here in order to serve his own agenda, which of course consists of being smarter and sleeker and better than some crufty old Linux with 20 years of barnacles on its hull.

Init on Linux emphatically is ugly, but it's the product of a very large number of people coping with a very large set of circumstances, and finding a solution that is decidedly imperfect, but can be made to address most of the hundreds of thousands of peculiar and unique use cases in the world today.

Quoth Poettering:

The Linux model is the one where you have everything split up, and have different maintainers, different coding styles, different release cycles, different maintenance statuses. Much of the Linux userspace used to be pretty badly maintained, if at all. You had completely different styles, the commands worked differently – in the most superficial level, some used -h for help, and others ––help. It’s not uniform.

This really is the essence of it. When you get right down to it, he's just pissed at having to deal with other people's half-assed implementations of everything, and having to make all the bits work to a purpose. It's just too... democratic. I suspect he feels the same way George W. Bush did when he famously quipped that if he really were a dictator, he'd get a lot more done.

And that's really the essence of the problem. No matter how good systemd turns out to be, it's effectively less than a dozen core committers (the top 10 committers have submitted over 90% of the code) dictating how your modular system is going to run. They want a single group (themselves) and a single philosophy (theirs) to occupy pretty much the entire space between the kernel and userland. And that is not the Linux way of doing things.

about two weeks ago

Sloppy File Permissions Make Red Star OS Vulnerable

grcumb Re: Master plan (105 comments)

Too late, Kim Jong Un ordered the general who bought the HP printer to be executed already, and ordered his brother to buy a Canon inkjet to replace it. The brother was also executed for bring imperialist Japanese goods into Korea, but at least they have a new national printer now. Both the PCs are now being studied by North Koreas elite hacking squad to see if the files can be removed without recompiling the whole system from scratch, but the results are not promising so we may see more outage on the North Korean netblock again this week.

"PC ROAD RETTER? What dis fuckin' PC ROAD RETTER? You die today, Minister!"

about three weeks ago

Ask Slashdot: Sounds We Don't Hear Any More?

grcumb Re:Joke? (790 comments)

A real typewriter couldn't make two rapidfire Dings! in a row.

I think you've forgotten —or never knew— the carriage release. It was a feature on both my old Remington manual and my Underwood electric that allowed the carriage to slide all the way to the end with a single gesture. And depending on how you set your tabstops, you could probably get the same effect with the TAB key, too.

Near the end, there are several measures in which the bell rings after only three keystrokes, and without the carriage return sound, also impossible:

See above.

about three weeks ago

FCC Favors Net Neutrality

grcumb Re:Seriously? GOOD NEWS? (255 comments)

Be careful what you ask for.

Most /.ers probably are not old enough to remember the days when all telecommunications were regulated under title II.

Are you implying that there was a time when residential internet was regulated under Title II? If so, I'd be interested to hear a great deal more.

Let's just say that costs were higher, innovation was essentially prohibited, and service was even worse than you can get from Comcast today.

And was that due specifically to Title II, or was it due to other regulation, which allowed the national, monolithic monopoly that Lily Tomlin (quite rightly) so loved to hate?

I stand to be corrected, but I believe that there's nothing currently in Title II that would result in the stagnation that AT&T brought about in its time. It's true that there would be greater scrutiny of how carriers manage their networks, which could conceivably result in slow-downs in deployment of certain management practices and technologies, but I'd venture to suggest that that's the fucking point.

When 'innovation' means a willingness to hold a content service's customers to ransom, then hell yes, I'd like to see that process slowed down. I'd even pay a little for the privilege of not getting fucked over.

I agree that it's unfortunate that such measures seem to be necessary. It would be nice to believe that the invisible hand would bitch slap any company that tried to play fast and loose with its customers. But tragically, because of the nature of communications networks, that doesn't always happen.

And let's make no mistake - it's the very companies who are guilty of these sins that are arguing that Title II is a return to the 'bad old days' of the 1930s, when the FCC was created and Title II came into being. It was during those 'bad old days', by the way, that the majority of Americans finally got telephone service, such as it was.

about three weeks ago

Netflix Cracks Down On VPN and Proxy "Pirates"

grcumb Re:Cat and mouse... (437 comments)

What I don't understand is why the big media conglomerates put such baffling restrictions into their licenses in the first place.

Do sociopaths need a reason other than the desire for control?

Well, purportedly, the reason for this is to ensure profits, but that doesn't compute. Even a business undergrad could tell you that with a little rationalisation in the business space, it would be possible for Hollywood to extend their control and improve their profits in the process. Somehow, though, the ridiculously hidebound distribution chain is successfully working against an improved industry. There are enough people with a vested interest in keeping things the way they were (the way things are is... obviously different) that they can cut off their proverbial face to spite their nose. Yes it's that illogical.

I'm really surprised that, even with over a decade to adjust, most media companies have yet to do so. Even telcos, the other digital industry we love to hate, have learned significant lessons and are in the process of taming a frontier they initially ignored. But media - their collective consciousness defies even a modicum of logic.

about a month ago

Judge: It's OK For Cops To Create Fake Instagram Accounts

grcumb Re:Not seeing the issue here (209 comments)

Bingo. You're absolutely correct.

"I've got three witnesses that put you there, DNA evidence, and some video with someone wearing jeans and a white hoodie, just like you wear, though the face isn't visable. You'll get the death penalty. If you give me a confession, we can get it down to manslaughter. First offense. You'll probably just get probation. Here's some paper."

You might like to look up the difference between coercion and deception. One of them is almost always a crime; the other, not so much.

about a month ago

Ask Slashdot: How Should a Liberal Arts Major Get Into STEM?

grcumb Re:been there, done that (280 comments)

You're not a liberal arts major, by any chance, are you? 'Cuz one thing STEM tries to do is kill the belief that an anecdote counters data.

Why yes, I am a liberal arts major, who studied classical logic, among other things. I was responding to the assertion that 'most' liberal arts majors ended up as lowly restaurant workers. I countered that by asserting a) that restaurant workers are not so lowly as characterised; b) that drawing general conclusions about people's prospects based on their education does not bear out, particularly where some of the more respected and influential jobs are concerned; and c) that in a number of cases, a liberal arts education is a precursor to the kind of work that most people can only dream about.

You see, I was actually not making a positive argument so much as rebutting (and refuting) someone else's crass, inaccurate and unsubstantiated assertion that a liberal arts degree is valueless. Shocking, isn't it, to see a STEM major failing so badly at applying basic logic?

But yeah, the plural of anecdote is not always data.

P.S. For the humour-impaired: I'm a keyboard monkey, too. A liberal arts educated keyboard monkey.

about a month and a half ago

Ask Slashdot: How Should a Liberal Arts Major Get Into STEM?

grcumb Re:been there, done that (280 comments)

I second this comment. besides teaching college which will probably involve a graduate degree, most of thejobs with a liberal arts degree involve asking "Do you want fries with that?"

Two things:

First - I supported myself for a decade working in bars and restaurants. There are more interesting people living interesting lives employed in that sector than just about any other.

Second - Ridley Scott went to art college. Peter Jackson was self-taught. James Cameron was a truck driver. The people who have done more to shape your vision than you're likely able to realise followed no discernible pattern of behaviour. I'd advise you to save your derision until someone's earned it.

Case in point: One 'liberal arts' friend of mine plays the king of the White Walkers on GoT. Another works on The Daily Show. How's your job look now, keyboard monkey?

about a month and a half ago

Ask Slashdot: How Should a Liberal Arts Major Get Into STEM?

grcumb Re:been there, done that (280 comments)

Have an English degree, found it useless. went back got my BSEE, been employed as such ever since. short version, go back and get your degree.

Did a double major in Theatre and English Literature. After 20 years of gainful employment in systems software development and consulting, I'm now CTO at an international think tank. I also know the value of capitalisation and punctuation.

Short version: It's horses for courses; reflect carefully, then do what you feel is best. If you're smart, the real determining factor is how hard you're willing to work, and how well you continue to learn.

about a month and a half ago

Microsoft To Open Source Cloud Framework Behind Halo 4 Services

grcumb Re:please keep closed! (50 comments)

I disagree. Encapsulation and abstraction of complexity is natural and humans are great at breaking complexity apart and making the common-man able to accomplish what was one impossible.

No dispute there. The problem, though, is not that we make easy things simple and hard things possible (pace, Larry Wall). It's that we have of late developed a tendency to simplify too far. Microsoft is famous for making systems administration and certain types of programming 'click-and-drool' easy. And hyperbole aside, the cost to society of the half-competent people who found gainful employment due to this charade can be measured in the many billions.

You're absolutely right in that commercial flying is safer than ever, notwithstanding the tendency in airlines to pressure senior pilots out in favour of cheaper, younger staff. And those working in HFT would likely be wreaking havoc by other means if they didn't have software and fibre-optics to enable them. I guess my tongue hadn't entirely left my cheek when I wrote that last para.

BUT... Microsoft has contributed significantly to a general downward trend in the quality of software and systems integrity. And they've done so by marketing the idea that with the right tools, tool users can be commoditised. And that really, really sucks.

about a month and a half ago



Android Ice Cream Sandwich Source Released

grcumb grcumb writes  |  more than 3 years ago

grcumb (781340) writes "Looks like the folks at Google have made good on their promise to release the Android 4.0 source code. Android software engineer Jean-Baptiste Queru writes: "Hi! We just released a bit of code we thought this group might be interested in. Over at our Android Open-Source Project git servers, the source code for Android version 4.0 (Ice Cream Sandwich) is now available."

"This is actually the source code for version 4.0.1 of Android, which is the specific version that will ship on the Galaxy Nexus, the first Android 4.0 device. In the source tree, you will find a device build target named "full_maguro" that you can use to build a system image for Galaxy Nexus. Build configurations for other devices will come later."

If the Cyanogen elves get busy Daddy just might be getting a new ROM for Christmas...."

Link to Original Source

Economist Mag Profiles "Wireless Carrier-Pigeons"

grcumb grcumb writes  |  more than 4 years ago

grcumb (781340) writes "The Economist magazine is running a brief profile of Digicel, a 'minnow' in the wireless telecoms market that has distinguished itself by setting up shop in some of the most unlikely (and dangerous) markets in the world, including Haiti and Papua New Guinea, whose capital, Port Moresby, has one of the highest murder rates in the world.

"If you just focus on risk, you can't do a thing," said Digicel's billionaire president Denis O'Brien in a 2008 Forbes profile. But O'Brien's small-market revolution should teach us another lesson, too: Traditional economic analysis doesn't work when it comes to communications. Telecommunications is a supply-driven economy. If you build it — no matter where you build it — they will come.

Now, if someone could just teach the North American telcos this...."

Anonymous Coward or Corporate Troll?

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "In a recent article on Alternet, Annalee Newitz writes to report that our perception of the typical anonymous poster as a fat, half-naked basement dweller with a grudge is nearly 100% wrong. Virgil Griffith's WikiScanner site exposes the surprising truth: The majority of dishonest edits and omissions on wikipedia derive from corporate and government IP addresses. In Annalee's words: 'It turns out that the people who are hiding behind anonymity online for nefarious or selfish reasons are not little guys in pajamas but the very bastions of accountability that haters of the Web have deified.'"
Link to Original Source

AT&T Practices Political Censorship

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "Pearl Jam reports that their live webcast from Lollapalooza was censored by AT&T. The statement on the band's website outlines their concerns in the context of the ongoing Net Neutrality 'debate':

"AT&T's actions strike at the heart of the public's concerns over the power that corporations have when it comes to determining what the public sees and hears through communications media.

"Aspects of censorship, consolidation, and preferential treatment of the internet are now being debated under the umbrella of "NetNeutrality." Check out The Future of Music or Save the Internet for more information on this issue.

It's refreshing to see that at least some of our media darlings have a clue about what this debate is about,"

Link to Original Source

France: Surrender Your Blackberries!

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "Le Monde has published a story claiming that French defence officials have asked all senior functionaries in the French government to stop using Blackberries wireless mobile devices. Fears that the US-based mail servers supporting the service could lead to systematic eavesdropping by US intelligence agencies led to the drastic move. From the AP story:

"It's not a question of trust," Mr. Lasbordes told The Associated Press. "We are friends with the Americans, the Anglo-Saxons, but it's economic war."

Research In Motion, makers of the Blackberry device, claim they couldn't read the emails even if they wanted to: "No one, including RIM, has the ability to view the content of any data communication sent using the BlackBerry Enterprise Solution,"

Apparently, nobody at RIM has ever worked at the NSA."



Flickr: Flunkr

grcumb grcumb writes  |  more than 6 years ago

About once a month or so, I'm tempted to dump 25 bucks on Flickr to upgrade to a 'Pro' account, just so I can plop more than 200 photos into that particular bucket. I admit I've been on the cusp a couple of times.

But I never do. The plain fact is that Flickr is a terrible photo viewing interface.

White, what?

A bright white background is possibly the worst neutral background they could have chosen. White washes out colours and destroys one of the things that I personally love best: subtle shading on very dark and earth-toned pictures. It's got the point where a lot of self-respecting photographers actually have a 'View on Black' link, pointing to one of several services that do nothing other than render the very same photo with a dark background. The difference is stunning.

But Flickr, in its infinite marketing wisdom, would rather emulate Google's 'any colour as long as it's white' mantra. In Google's case, there's wisdom in the approach; they are a utility, like power or water, not a creative service. Flickr does not benefit in the least from an engineer's design sense, and it's high time someone told them that.

One Hundred's Spartan

When viewing photos in groups - or any aggregation, for that matter - one is usually presented with a hodge-podge of 100 pixel thumbnails. Viewing photo sets is even worse. the screen is filled with a patchwork quilt of arbitrarily cropped 75×75 pixel postage stamps. No, wait, I take that back. Postage stamps are larger.

I can't imagine a worse fate for any decent photo. To be reduced to a smudge of light among dozens or hundreds of others on a glaring white page. I'm not sure even Ansel Adams could survive that.

Of course, there are some photos that do just fine in such an environment. Too often, they're from the 'Ooh Shiny!' school of art. To everyone's credit, some genuinely lovely photos can be found, if you know where to look. But they're lovely in spite of Flickr, not because of it.

There are any number of technical arguments for crowding dozens of blots of colour together and call them a collection, but none of them wash when it comes to aesthetics, or even usability, for that matter.


Flickr's groups are subject to the same AOL-ish devaluation that most large scale communities suffer from. The absolute preciousness of users who troll through other galleries, bestowing silly trophy and ribbon icons on pretty photos in a desperate attempt to burnish their collective karma by associating with only the best types... it's off-putting in a way that I'd rather not characterise in a public medium.

Let's just leave it at this: Any group of more than a few dozen people who are mostly unknown to one another can never merit the descriptor 'exclusive'.

Worst of all, Flickr is a vortex. It's a gravity well whose debris can be found throughout the Web, but which is entirely self-referential. Once you're in there, you don't come out. I've had over 14,000 visitors to my main photo stream, yet a mere 18 referrals from Flickr show up in my imagicity.com server logs. People who use Flickr don't go elsewhere.

Flickr, in other words, is good for Flickr. Any benefit that derives to individual photographers seems to be purely coincidental.


All of of this isn't Flickr's fault, per se. The fault lies in our technical inability to render - and more importantly, to manage - images efficiently through a standard GUI, and to share them effectively.

It seems almost paradoxical. Digital technology has allowed revolutionary advances in photography. It has made possible one thing that I love more than any: the ability to draw with light rather than pigment. Sometimes when I'm engrossed in my work I find myself getting almost drunk on colour. There is nothing more rewarding than watching a well-built slide show wash the room with light and shape, to see human vision captured, distilled and transformed in the process.

It astounds me, therefore, how poorly most websites handle photos.

But this is the environment that Flickr has chosen. With few tools to effectively deal with social economies of scale, people are left to their own devices, so they crowd together (as people always do), creating cacophony where contemplation might once have been. Flickr has embraced (in the embarrassing cloying-college-drinking-buddy sense of the word) conventional wisdom with regards to UI, and have spent all their effort on the engineering challenge of handling photos in volume. They've tacked on a few trendy bloggy/webbish bits, like tagging with keywords and location data, but done nothing whatsoever to innovate how photos are viewed.

And that, it seems to me, should be the very essence of innovation where photography is concerned.

I won't demur for a moment if you counter that thumbnails are a necessary evil, that larding a page up with binaries slows down load times, that we're unfortunately bound by the lowest common denominator where display and download capacity are concerned. Nor will I argue if you express admiration for their ability to handle the data volumes that they do. Just storing and serving up 2 billion photos is a decidedly non-trivial task.

But let's be clear here: I expect more from Flickr. I judge them by a higher standard.

They want to set themselves apart? Then let them deal intelligently - dare I say it? creatively - with their popularity. The engineering challenge is interesting; I'll be the first to admit it. But dammitall, this is a photography site. It's for creative people. Is it too much to ask that they should actually take a little of their revenue and use it for basic research and innovation? Where's the research into lossless compression, peer-to-peer content distribution, point-and-click monitor calibration, optimal display environments, click-and-drag online image resizing? Where's the community for UI geeks?

How many of Flickr's 10-30 million monthly visitors have paid accounts there? My guess would be: Several. Surely some of that revenue could go into renewal, exploration and invention.

Perhaps it's no surprise that Flickr founders Catarina Fake and Stewart Butterfield left Yahoo! just as soon as they reasonably could. I don't doubt for a moment that they've thought a great deal more about these issues than I have. Perhaps they'll be the ones who manage to pull a rabbit or two out of their digital cap.

If they do, they'll get my money, too.


Steaming Piles

grcumb grcumb writes  |  more than 6 years ago

[Cross-posted from the Scriptorum.]

Sometimes you have to destroy the document in order to save it....

I give up. I can't support OpenOffice Write any more, and it's nobody's fault but their own. For anything more than simple tasks, the application is terrible. Their only saving grace is that Microsoft Office has its own brand of polished turd, named Word. Collectively, they are racing to the bottom of a decade-long decline in useability.

No, that's too generous. The thing is, they're at the bottom. They are useless for any but the most trivial tasks, and the most trivial tasks are better accomplished elsewhere, anyway.

Yes, I'm ranting. Let's put this into a proper context:

I hate word processors. For any but the simplest tasks, their interfaces are utterly ridiculous. I haven't liked a word processing interface since WordPerfect circa version 5, and if I had my own way, I'd author all my documents in either emacs or vi, depending on the circumstances.

Why do word processors suck so badly? Mostly, it's because of the WYSIWYG approach. What You See Is What You Get, besides being one of the most ghastly marketing acronyms to see the light of day in the digital era, is ultimately a lie. It was a lie back in the early 1990s when it first hit the mainstream, and it remains a lie today. The fact of the matter is that trying to do structuring, page layout and content creation at the same time is a mug's game. Even on a medium as well understood as paper, it's just too hard to control all the variables with the tools available and still have a comprehensible interface.

But the real sin that word processors are guilty of is not that they're trying to do WYSIWYG - okay it is that they're trying to do WYSIWYG, but they way they go about it makes it even worse. Rather than insisting that the user enter data, structure it and then lay it out, they cram everything into the same step, short-circuiting each of those tasks, and in some cases rendering them next to impossible to achieve.

Learning how to write, then structure, then format a document (or even just doing each through its own interface) is easier to learn and easier to accomplish than the all-in approach we use today. For whatever reason, though, we users are deemed incapable of creating a document without knowing what it's going to look like right now, and for our sins, that's what we've become. And so we are stuck with word processors that are terrible at structuring and page layout as well as being second-rate text authoring interfaces. They do nothing well, and many things poorly, in no small part because of the inherent complexity of trying to do three things at once.

It doesn't help that their technical implementation is poor. The Word document format is little better than a binary dump of memory at a particular moment in time. For our sins, OpenOffice is forced to work with that as well, in spite of having the much more parse-worthy ODF at its disposal these days.

There's no changing any of this, of course. The horse is miles away, and anyway the barn burned down in the previous millennium. The document format proxy war currently underway at the ISO is all the evidence I need to know that I'll be dealing with stupid stupid stupid formatting issues for years to come. I will continue to be unable to properly structure a document past about the 80th percentile, which is worse than not at all. I will continue to deal with visual formatting as my only means to infer context and structure, leaving me with very little capacity to do anything useful with the bloody things except to print them out and leave them on someone's desk.

Maybe I'll just stop using them at all. Maybe I'll just start doing everything on the web and never print again. I'm half serious about this, actually. At least on the Web, the idea that content and presentation are separate things isn't heresy. At least on the Web, I can archive, search, contextualise, comment, plan, structure and collaborate without having to wade through steaming piles of cruft all the time.

At least on the Web, I can choose which steaming piles I step into.

I'm going to start recommending people stop using Word as an authoring medium. There are far better, simpler tools for every task, and the word processor has been appropriate for exactly none of them for too long now. Sometimes you have to destroy the document in order to save it.


Trust Works All Ways

grcumb grcumb writes  |  more than 6 years ago

[Cross-posted from the Scriptorum.]

The Debian OpenSSL vulnerability apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it?

Over the weekend, I've been thinking about last week's disclosure concerning Debian's OpenSSL package, which in effect stated that all keys and certificates generated by this compromised code have been trivially crackable since late 2006.

There's a pretty good subjective analysis of the nature of the error on Ben Laurie's blog (thanks, Rich), and of course the Debian crew itself has done a fairly good job of writing up the issue.

The scope of this vulnerability is pretty wide, and the ease with which a weak key can be compromised is significant. Ubuntu packaged up a weak key detector script containing an 8MB data block which, I'm told, included every single possible key value that the Debian OpenSSL package could conceivably create.

The question that kept cropping up for me is: This one-line code change apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it? Numerous exploits on Microsoft Windows would have required far more scrutiny and creativity than this one. Given the rewards involved for 0-day exploits, especially in creating platforms for cross-site scripting attacks, why is it nobody bothered to exploit this?

My hypothesis - sorry, my speculation is this: People at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn't notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

The change itself was small, but not really obscure. It was located, after all, in the function that feeds random data into the encryption process. As Ben Laurie states in his blog, if any of the OpenSSL members had actually looked at the final patch, they would almost certainly have noticed immediately that it was non-optimal.

In all this time, apparently, nobody using Debian's OpenSSL package has actually (or adequately) tested to see whether the Debian flavour of OpenSSL was as strong as it was supposed to be. That level of trust is nothing short of astounding. If in fact malware authors were guilty of investing the same trust in the software, then I'd venture to state that there's a fundamental lesson to be learned here about human nature, and learning that lesson benefits the attacker far more than the defender:

Probe the most trusted processes first, because if you find vulnerabilities, they will yield the greatest results for the least effort.

P.S. Offhand, there's one circumstance that I think could undermine the credibility of this speculation, and that's if there's any link between this report of an attack that compromised not less than 10,000 servers and the recent discovery of the Debian OpenSSL vulnerability.

Slashdot Login

Need an Account?

Forgot your password?