Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Pirate Bay Founder Gottfrid Warg Faces Danish Jail Time

grcumb Re:BT (84 comments)

And you would be wrong about that. I'm a multi-millionaire who risked everything to create software programs that are used worldwide to make the car you drive better, the airplane you fly safer and make the heart pump that saves your lazy junk food eating ass safer.

I mean this in all sincerity: Good for you.

Those things happen only because I can protect my IP from the likes of you.

Let's be clear about this, though: When you say 'those things', you're referring to those specific things that you and your company did. Because there is a very large volume of life-changing —and life-saving— software that came about without any thought of recompense, and with very different ideas about copy-protection and ownership.

Without copyright protection, enforceable EULAs and copy protection/licensing software, I would never have created my products and all those products that impact your life would be more expensive.

I don't know why I spend my time trying to convince people like you that you are utterly, hopelessly wrong in your idea that it is OK to steal other people's work without compensating them the price they demand. I think it's because I have tons of spare time now that my wife and I spend our days travelling the world first class.

Again, in all sincerity: Good for you and your wife.

Having traveled in first class, I found it to be full of pampered, self-important twits with more money than sense, but hey, it wouldn't exist if there weren't a demand for it. I'll take business class myself, thanks.

So in summary, suck it bitch. I'm laughing all the way to the bank.

Ah, the famous 'I'm all right, Jack' defence. Astonishingly, this self-aggrandising approach to entitlement doesn't breed a lot of sympathy among those of us who have other considerations than ourselves. But that's okay. I've saved lives, you've saved lives —that's what counts. At the end of the day, the fact that the lives I saved were in the developing world and yours (probably mostly) weren't is not going to count for much when we're both rotting in the ground. The fact that I'm largely at peace with myself and don't get too exercised about what people do with the fruits of my labours is likely secondary as well. I daresay you're pretty content, too.

But there is this: My way of living and doing business is just as workable as yours, and my way doesn't serve only the rich. So fuck you, you self-satisfied, closed-minded, smug little shit. You think there's no other way but yours? You're wrong and I'm living proof.


Drupal Warns Users of Mass, Automated Attacks On Critical Flaw

grcumb Re:PHP (70 comments)

While the responsibility for this rests with Drupal, they were set up by another strange design decision of PHP: The fact that arrays are also hashtables and vice-versa. There are *tons* of these strange design decisions in PHP.

That one, at least, seems designed to copy a feature of perl, and therefore it's completely understandable...

Er, no. Where did you get that idea? Perl has distinct array and hash data types, and though Perl has a liberal approach to reading variable values ('$scalar = @array' does... interesting things, for example), there is a clear distinction between the two.


CERN Looking For Help Filling In the Gaps In Photo Archive

grcumb Re:My guesses (28 comments)

Feh, easy:

Porn porn porn porn porn porn porn porn porn porn porn porn porn porn work porn porn porn porn porn work work porn porn porn porn porn...

(This is another paragraph that does not use repetition to make its point because Slashdot's lameness filter is rearing its ugly head again.)

2 days ago

We Are All Confident Idiots

grcumb Re:Seems consistent (300 comments)

Wise men speak because they have something to say; Fools because they have to say something. -Plato

But ACs still haven't learned to just fucking google clever aphorisms before they post them.

HINT: Plato didn't speak English, so the likelihood of him coming up with a cute turn of phrase like that in Classical Greek, and then having it translate to something so erudite in English is... small.

2 days ago

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

grcumb Re: Why not allow the update into the repos? (126 comments)

Why shouldn't they? If you want it included in the distro, why is it the distro's responsibility for maintaining the package?

Because that's what fucking distros do. Maintain the fucking package.

about a week ago

Days After Shooting, Canada Proposes New Restrictions On and Offline

grcumb Re:And all this simply proves ... (307 comments)

And all this simply proves just how deluded these terrorists truly are. The deaths of our soldiers is tragic, but do they really think bumping off some of our politicians will get under Canadian's skin? I think not. We might even thank them.

Humour aside, I am nothing but impressed by the security response on the Hill. Within 4 minutes of the first shot being fired, the assailant was dead on the ground. Aside from the initial victim, there were no other serious injuries.

I used to be an activist, and had occasion to protest (and get arrested) on Parliament Hill. Ask any activist and they will tell you that the Hill cops (who are all federal, not city police) are the ones you want to arrest you. They are trained and highly skilled, and know everything there is to know about appropriate response.

Coincidentally, I once met the man responsible for Hill security only a few weeks after his people had arrested a friend of mine. In spite of being ideologically opposite, I found myself respecting the man immensely. It was a successor of his who stopped the madman this time, but his behaviour was exemplary as well. He shouted a clearly audible warning three times, then engaged the assailant, firing 4 individual, aimed shots.

The discipline and response of the police and security forces to an unknown situation that was clearly targeting Parliament was, I think, exactly what anyone would have wanted. Let's not let the politicians - some of whom owe these people their life - spoil things by capitalising on the event.

about a week ago

Debian Talks About Systemd Once Again

grcumb Re:All's I know... (522 comments)

Remember this before ranting too much on Lennart. He is not in any position to force any distribution to do anything. Distributions choose to use his software because it actually is better than the stuff that came before it.

Yes, of course Lennart's just a developer with a better idea. He's never seen software development as a means to a larger political end.

Except when he has:

Getting a clear message out what Linux is supposed to be is definitely a social issue, but to make that happen the Linux platform needs to be streamlined first, and that's a technical task, and not done yet.

All of these disingenuous statements that there's no other agenda in place are just bullshit. They're simply and self-evidently not true, because you can't do system design without some kind of vision of what you want. And you don't change the system design unless you don't like the one you've got. Lennart's vision, as he says, is a 'streamlined' Linux, which is to say catholic, not agnostic, unified rather than pluralistic, with fewer options rather than more. And when you cut away all the cruft, it's his stuff that remains.

Poettering and his acolytes can argue all they like that their vision is simply better. I disagree, but I accept that this is always an argument worth having. But when you start arguing that POSIX is a constraint and that Linux should be 'leading' the way (and that POSIX can just catch up, thank you), you're taking a stance that is not simply in opposition to others, it cannot coexist with the others because the alternatives have become mutually exclusive within a particular space.

POSIX is a limiting factor. That's true. Its limitation is that we've all agreed on a basic subset of behaviours in order that we all have enough in common to interact. So when you discard POSIX, you have effectively announced that you do not see the value of playing nicely with the other children. From that moment, your 'better idea' is being implemented at the expense of interoperability.

Which is a really fucking bad idea.

(The quote above is from an interview with Lennart, linked from his Wikipedia page.)

Lastly, to respond directly to the assertion that he is not in a position to force any distro to do anything. The tight web of dependencies, his position at RedHat and the support and assistance provided on the corporate level is perhaps not sufficient literally to force a distro to use his software, but it's enough to raise the question that undue influence is being brought to bear and that rather questionable tactics are being indulged in expressly because Lennart and his cohorts think that doing the right thing does not imply contributing in an open[*] and inclusive way.

[*] Lennart's idea of openness is allowing others to interact with his software, but fuck you if you want him to take a second look at your requirements. And then, of course, to act shocked (shocked!) when others get upset.

about two weeks ago

FBI Director Continues His Campaign Against Encryption

grcumb Re:Public safety is not the issue (284 comments)

The issue is the balance between public safety and personal privacy. Denying the citizen of any democracy the right to encryption of their personal communication is not an appropriate response to the perceived threat to public safety that same encryption would bring.

Quoth Schneier:

...there's no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012 -- and the investigations proceeded in some other way.

There never is any reason to remove a citizen's right to privacy except to extend the power of the state. You can argue the reasons for and against this, but historically, we've always found that more respect for individual rights contributes significantly to better governance.

about two weeks ago

Analysis of Linux Backdoor Used In Freenode Hack

grcumb Re:security methods can be used by both sides (37 comments)

If you think I've misinterpreted the problem, please tell me exactly where.

Right here:

You know the kind of shabby security joke that Windows turned into? The same thing has happened to linux and BSD

The security problems that afflict Linux, Mac OS X and, to a much lesser extent, *BSD are fundamentally different in the way they manifest.

We have yet to see the systemic infestation that characterised Windows in the late '90s and early '00s. There was a time mid-decade when the time it took to for an unattended, freshly installed Windows box to get pwned was estimated to be 20 minutes.

Heartbleed, Shellshock, the Debian SSH debacle (can't forget that one) and numerous other problems are symptomatic of weaknesses in aspects of the FOSS environment that people used to think (unrealistically) were invulnerable. Instead, what we've discovered is that they're quite susceptible to targeted attack. This difference should not be understated. Windows is an infected system - basically, you can't run it without antivirus. Linux, Mac OS X and numerous other OSes are easily attacked individually, but there are not as yet any exploits that subvert the entire ecosystem.

None of this is to dismiss how serious the potential threat is. I just want to make it clear that, so far, the danger that we see is different from what we are living with in the Windows world. It's different in quantity and quality.

about two weeks ago

Analysis of Linux Backdoor Used In Freenode Hack

grcumb Re:security methods can be used by both sides (37 comments)

Doesn't seem so special after all.

Well, full marks for that clever little bit of sleight of hand that allowed them to set up persistent connectivity without hard-coding addresses. I like the way they use the combination of port and sequence number to determine the remote address, and packet window size to set the remote port. It was also pretty interesting that the software could take its sweet time between 'magic' packets, allowing it to obscure itself in incoming traffic.

But yeah, it's a clever riff on well-known rootkit tools. And it's nothing that shouldn't have been discovered in a moderately well-run security environment. I mean, we are talking about an altered boot script, new rules running in iptables, and additional new binaries on the system. You would expect that sort of thing to be found before too long.

But one thing I would very much like to know is how this rootkit got installed in the first place. There's nothing about that in TFA.

about two weeks ago

What's Been the Best Linux Distro of 2014?

grcumb Re:systemd (303 comments)

> It's being touted as The One True Way.

not unlike the Unix way touted by the opposite camp.

Wow, once again, Poe's Law rears its ugly head.

What follows is not for your benefit, but because somewhere out there on the wilds of the internet, there might still be some youngster with a clue who needs to get this:

Systemd, OOP and a number of other technologies have been touted by people who have a curious mixture of cleverness and a lack of imagination or experience (something altogether too common in the world of software development). They claim that because they have solved a problem, they are therefore entitled to use the same approach to Solve All Problems Ever. So instead of exercising a little humility and moving their work ahead in a way that's accepting of other approaches, they charge in full speed, damn the torpedoes and devil take the hindmost.

It happened with Microsoft and ActiveX. It happened with Object Oriented Programming languages - most notably with Java: there was a time when it was hard to find work programming in anything else. It happened, to a smaller degree, with design patterns. You can find numerous other examples if you search for them.

It's happening again today with systemd.

Now, parent here is implying that the conflict between The Unix Way and systemd's kitchen-sink approach is a contest between equal ideologies. In other words, each represents a single thing, one of which is old and full of faults, the other of which is new and shiny and presumably lacking in faults. The only choice we have, then, is to weigh each in the balance and choose the one that's superior.

There's a fly in that ointment, though: You see, the Unix Way is a process, not a product. It states that it is better to take a toolkit approach - that is, chain together a series of tools that do one thing and do that one thing in a well-defined, simple manner. Systemd, on the other hand, is a particular set of services. Its implementation is antithetical to the Unix Way, because although it's contrived out of dozens of smaller executables, they really only work when they're chained together. You currently can't, in other words, use journald outside of systemd (you'd have to build a completely new interface), or use systemd without journald.

The people who like systemd are willing to discard the decades of experience that brought us the awkward-but-workable Unix world, full of text files, single-purpose utilities, shims on shims on shims.... They see it as ugly and awkward and ungainly. It is all of those things. The place where they go wrong, though, is that they think they can do better in one simple stroke. They think that they're good enough to design a system *cough* that inhabits the space between kernel and userland, and that they can do it in the course of a few short years. That's admirable. I applaud their ambition.


But there is no way in Hell that I would let someone with that kind of confidence get within a mile of my machines. That would be Daedalus and Icarus all over again. (Google it; I'm not your nanny.) What systemd supporters fail to understand is that The Unix Way is the way of humility. It's essentially a way of expressing our own understanding that we cannot do everything well. Therefore, we do the one thing that we can do, and we do it simply (which is not always as well as it might be, but will at least work reliably).

Empirically, systemd does things neither well enough, nor simply. For reasons that are particular to each of them, most adherents are incapable of admitting to either of those things. For example:

> Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own.

Its detractors rarely comment on technical merits/shortcomings, 99% of the time they only throw "pid1", "monolitic", "poettering blight", "binary logs" and "they took our jerbs^wkludgy init scripts!" around.

See how the commenter rejects out of hand the complaints that too much happens at too low a level? How there's no recognition that building a series of interlocking pieces which do not interlock with anything else except themselves, and only in a certain way can be called 'monolithic'? How the issue of binary logs, of how logging should work generally, is tossed away as so much noise?

Now, it's not that nobody has ever responded to these complaints. They have, and at length. The issue is that their answers have been rejected by a great many people as insufficient. But rather than show a little humility and learn a thing or two at the hands of those who are offering these criticisms, systemd devs and supporters instead treat dissent as antagonism, and indulge in name-calling (e.g. neckbeard) and such.

It's shameful, really.

But yes, it's happened before, and it will happen again. And those of us who are in it (init - heh) for the long haul will eventually get a modicum of sanity back once their fanaticism is ground down by reality.

about three weeks ago

What's Been the Best Linux Distro of 2014?

grcumb Re:systemd (303 comments)

You honestly do sound like an angry neckbeard. You might want to get some therapy or something. That rage isn't helpful.

You know the part where I said there are people who don't know the difference between an argument and a quarrel?

You might want to read it again.

If you can't respond substantively, why respond at all? I've offered a little insight into history so that you can draw a parallel between present and previous conflicts in the software world, and all you can do is call me names that you know are infuriating to me, and you suggest I get therapy?

about three weeks ago

What's Been the Best Linux Distro of 2014?

grcumb Re:systemd (303 comments)

systemd is the wave of the future. Or at least something similar to systemd that they'll probably hate just as much.

I haven't seen this much hate since OOP started getting popular and old school devs were dragged into it kicking and screaming. But guess what, OOP was the wave of the future.

Considering where the OOP-For-Everything crowd got us, and how long it took us to recover from the fact that it was the hammer for every nail for far too long, considering that we're finally emerging into a sane world where OOP has its place, as one approach among many....

... I'd say you're right about systemd:

It's being touted as The One True Way. Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own. Its adherents are clever, antisocial alphas whose faith in their own intelligence is far too complete, and who don't know the difference between an argument and a quarrel.

Yep, it is OOP vs The World all over again. Dog help us all.

[*] Seriously: I will punch the first person who uses that term in my presence.

about three weeks ago

Gmail Security Is a Problem For Tor Users In Repressive Countries

grcumb Re:under dangerous regimes (74 comments)

Whew! I feel so safe in the good old USA, the shining beacon of freedom. And I fully expect our FBI to hack down the repressive firewalls of censorship, without a warrant, and ram some of our great freedoms down their commie throats.

I know where you're coming from (literally - I'm North American), but some beacons of freedom shine more brightly than others. In Fiji, a country which I visit professionally on a fairly regular basis, this story about a man hospitalised by military intelligence has raised some eyebrows.

Ever since the military take-over some years ago, there have been rumours of wholesale surveillance. Numerous people who for whatever reason objected to the post-coup regime reported being contacted by police or military on the day before a gathering (for example), and asked questions about things that they could only know about by eavesdropping on their communications. Soldiers reputedly beat up a large number of people in order to intimidate them into silence. There has indeed been video released of police torturing their prisoners. [Find it yourself; I'm not going to gratify your prurience.]

But this appears to be the first time a person has explicitly been detained tortured and imprisoned because of text messages sent complaining about the regime's leader (and lo and behold, newly-elected prime minister).

So yes, sending authorisation keys via text message is a Very Bad Idea in some places.

about three weeks ago

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

Oh fuck me. I'm wrong on that last point. I did say manpower. Sorry.

about three weeks ago

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

It isn't a contradiction, it's that you said that to continue supporting init would require significant manpower and that systemd is pushed by a minority.

That's a fucking contradiction by any definition of the word (albeit a contradiction that you constructed, and that only you can see). You are clearly deficient in your capacity to conduct a conversation, so I'll just leave off here.

In parting, and just because reading comprehension seems to be a shortcoming with you: I never once alluded to manpower. I referred to the 'pain' involved in replacing it. But you needed 'manpower' in order to construct that thing which you are adamant is not a perceived contradiction, so you can have it. If you can find the place where it fits... outside of your own imagined version of what I'm arguing, that is.


about three weeks ago

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

You seriously see a contradiction there?

No, I said how is there not enough manpower to maintain a fork that doesn't have a dependency on systemd and uses init instead?

You're talking right past me. Are you now saying that you do NOT see any contradiction? Because 'one the one hand... on the other....', used as you used it, generally implies a perceived contradiction.

Read the analogy and you have your answer. It's not about manpower. It's about role.

about three weeks ago

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Complain to choosers, not creators (993 comments)

Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it.

So how is it there isn't enough manpower to maintain a fork with init rather than systemd? On the one hand you claim it's too much work to not use systemd but then simultaneously say systemd is pushed by a minority.

You seriously see a contradiction there? That a core part of a larger system has a new dependency, meaning that one is suddenly put in the position of considering whether it's more pain to keep it than to undo the damage? That this same core part could have been written by a very small group of people who have a track record of not playing nicely with the other children?

... Because if you can't even conceive of the nature of the problem, there's no point at all in responding to the rest of your quibbles.

As a gendankenexperiment, imagine one valve of your heart deciding it wants to change its rhythm. The others can choose to remain as they were, or adopt the new rhythm. Right and wrong are only peripherally part of the decision; what matters first and foremost is not falling out of step. The other components can reason all they like, but if the recalcitrant one doesn't budge, they're stuck either accepting the ultimatum or taking radical steps. The rest of the body parts are, for all intents and purposes, just along for the ride, no matter how the decision affects them.

And that, my child, is the choice the Debian had foisted on them.

about three weeks ago

Lennart Poettering: Open Source Community "Quite a Sick Place To Be In"

grcumb Re:Stay out of our business then..... (993 comments)

And the reason for including libmicrohttpd is so that people can get http access to their log files.

I read that a few times and I still do do a Poe's Law double take at the end.

This is only used by the journald gateway deamon (so not by systemd at all)

But by 'not systemd at all' you mean, 'by one of the few core packages that cannot be removed from systemd?

and also only if you explicitly enable it with "systemctl enable systemd-journal-gatewayd.service".

Yes, because unsafe code lying available on the system has never been made part of a compromise originating from another source. Or are you okay with losing the crown jewels as long as someone else takes part of the blame?

I think you have to practice your Google-fu a bit there pal.

Google can't cure your brand of refusal to come to grips with reality, chum.

about three weeks ago



Android Ice Cream Sandwich Source Released

grcumb grcumb writes  |  more than 2 years ago

grcumb (781340) writes "Looks like the folks at Google have made good on their promise to release the Android 4.0 source code. Android software engineer Jean-Baptiste Queru writes: "Hi! We just released a bit of code we thought this group might be interested in. Over at our Android Open-Source Project git servers, the source code for Android version 4.0 (Ice Cream Sandwich) is now available."

"This is actually the source code for version 4.0.1 of Android, which is the specific version that will ship on the Galaxy Nexus, the first Android 4.0 device. In the source tree, you will find a device build target named "full_maguro" that you can use to build a system image for Galaxy Nexus. Build configurations for other devices will come later."

If the Cyanogen elves get busy Daddy just might be getting a new ROM for Christmas...."

Link to Original Source

Economist Mag Profiles "Wireless Carrier-Pigeons"

grcumb grcumb writes  |  more than 4 years ago

grcumb (781340) writes "The Economist magazine is running a brief profile of Digicel, a 'minnow' in the wireless telecoms market that has distinguished itself by setting up shop in some of the most unlikely (and dangerous) markets in the world, including Haiti and Papua New Guinea, whose capital, Port Moresby, has one of the highest murder rates in the world.

"If you just focus on risk, you can't do a thing," said Digicel's billionaire president Denis O'Brien in a 2008 Forbes profile. But O'Brien's small-market revolution should teach us another lesson, too: Traditional economic analysis doesn't work when it comes to communications. Telecommunications is a supply-driven economy. If you build it — no matter where you build it — they will come.

Now, if someone could just teach the North American telcos this...."

Anonymous Coward or Corporate Troll?

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "In a recent article on Alternet, Annalee Newitz writes to report that our perception of the typical anonymous poster as a fat, half-naked basement dweller with a grudge is nearly 100% wrong. Virgil Griffith's WikiScanner site exposes the surprising truth: The majority of dishonest edits and omissions on wikipedia derive from corporate and government IP addresses. In Annalee's words: 'It turns out that the people who are hiding behind anonymity online for nefarious or selfish reasons are not little guys in pajamas but the very bastions of accountability that haters of the Web have deified.'"
Link to Original Source

AT&T Practices Political Censorship

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "Pearl Jam reports that their live webcast from Lollapalooza was censored by AT&T. The statement on the band's website outlines their concerns in the context of the ongoing Net Neutrality 'debate':

"AT&T's actions strike at the heart of the public's concerns over the power that corporations have when it comes to determining what the public sees and hears through communications media.

"Aspects of censorship, consolidation, and preferential treatment of the internet are now being debated under the umbrella of "NetNeutrality." Check out The Future of Music or Save the Internet for more information on this issue.

It's refreshing to see that at least some of our media darlings have a clue about what this debate is about,"

Link to Original Source

France: Surrender Your Blackberries!

grcumb grcumb writes  |  more than 7 years ago

grcumb writes "Le Monde has published a story claiming that French defence officials have asked all senior functionaries in the French government to stop using Blackberries wireless mobile devices. Fears that the US-based mail servers supporting the service could lead to systematic eavesdropping by US intelligence agencies led to the drastic move. From the AP story:

"It's not a question of trust," Mr. Lasbordes told The Associated Press. "We are friends with the Americans, the Anglo-Saxons, but it's economic war."

Research In Motion, makers of the Blackberry device, claim they couldn't read the emails even if they wanted to: "No one, including RIM, has the ability to view the content of any data communication sent using the BlackBerry Enterprise Solution,"

Apparently, nobody at RIM has ever worked at the NSA."



Flickr: Flunkr

grcumb grcumb writes  |  about 6 years ago

About once a month or so, I'm tempted to dump 25 bucks on Flickr to upgrade to a 'Pro' account, just so I can plop more than 200 photos into that particular bucket. I admit I've been on the cusp a couple of times.

But I never do. The plain fact is that Flickr is a terrible photo viewing interface.

White, what?

A bright white background is possibly the worst neutral background they could have chosen. White washes out colours and destroys one of the things that I personally love best: subtle shading on very dark and earth-toned pictures. It's got the point where a lot of self-respecting photographers actually have a 'View on Black' link, pointing to one of several services that do nothing other than render the very same photo with a dark background. The difference is stunning.

But Flickr, in its infinite marketing wisdom, would rather emulate Google's 'any colour as long as it's white' mantra. In Google's case, there's wisdom in the approach; they are a utility, like power or water, not a creative service. Flickr does not benefit in the least from an engineer's design sense, and it's high time someone told them that.

One Hundred's Spartan

When viewing photos in groups - or any aggregation, for that matter - one is usually presented with a hodge-podge of 100 pixel thumbnails. Viewing photo sets is even worse. the screen is filled with a patchwork quilt of arbitrarily cropped 75×75 pixel postage stamps. No, wait, I take that back. Postage stamps are larger.

I can't imagine a worse fate for any decent photo. To be reduced to a smudge of light among dozens or hundreds of others on a glaring white page. I'm not sure even Ansel Adams could survive that.

Of course, there are some photos that do just fine in such an environment. Too often, they're from the 'Ooh Shiny!' school of art. To everyone's credit, some genuinely lovely photos can be found, if you know where to look. But they're lovely in spite of Flickr, not because of it.

There are any number of technical arguments for crowding dozens of blots of colour together and call them a collection, but none of them wash when it comes to aesthetics, or even usability, for that matter.


Flickr's groups are subject to the same AOL-ish devaluation that most large scale communities suffer from. The absolute preciousness of users who troll through other galleries, bestowing silly trophy and ribbon icons on pretty photos in a desperate attempt to burnish their collective karma by associating with only the best types... it's off-putting in a way that I'd rather not characterise in a public medium.

Let's just leave it at this: Any group of more than a few dozen people who are mostly unknown to one another can never merit the descriptor 'exclusive'.

Worst of all, Flickr is a vortex. It's a gravity well whose debris can be found throughout the Web, but which is entirely self-referential. Once you're in there, you don't come out. I've had over 14,000 visitors to my main photo stream, yet a mere 18 referrals from Flickr show up in my server logs. People who use Flickr don't go elsewhere.

Flickr, in other words, is good for Flickr. Any benefit that derives to individual photographers seems to be purely coincidental.


All of of this isn't Flickr's fault, per se. The fault lies in our technical inability to render - and more importantly, to manage - images efficiently through a standard GUI, and to share them effectively.

It seems almost paradoxical. Digital technology has allowed revolutionary advances in photography. It has made possible one thing that I love more than any: the ability to draw with light rather than pigment. Sometimes when I'm engrossed in my work I find myself getting almost drunk on colour. There is nothing more rewarding than watching a well-built slide show wash the room with light and shape, to see human vision captured, distilled and transformed in the process.

It astounds me, therefore, how poorly most websites handle photos.

But this is the environment that Flickr has chosen. With few tools to effectively deal with social economies of scale, people are left to their own devices, so they crowd together (as people always do), creating cacophony where contemplation might once have been. Flickr has embraced (in the embarrassing cloying-college-drinking-buddy sense of the word) conventional wisdom with regards to UI, and have spent all their effort on the engineering challenge of handling photos in volume. They've tacked on a few trendy bloggy/webbish bits, like tagging with keywords and location data, but done nothing whatsoever to innovate how photos are viewed.

And that, it seems to me, should be the very essence of innovation where photography is concerned.

I won't demur for a moment if you counter that thumbnails are a necessary evil, that larding a page up with binaries slows down load times, that we're unfortunately bound by the lowest common denominator where display and download capacity are concerned. Nor will I argue if you express admiration for their ability to handle the data volumes that they do. Just storing and serving up 2 billion photos is a decidedly non-trivial task.

But let's be clear here: I expect more from Flickr. I judge them by a higher standard.

They want to set themselves apart? Then let them deal intelligently - dare I say it? creatively - with their popularity. The engineering challenge is interesting; I'll be the first to admit it. But dammitall, this is a photography site. It's for creative people. Is it too much to ask that they should actually take a little of their revenue and use it for basic research and innovation? Where's the research into lossless compression, peer-to-peer content distribution, point-and-click monitor calibration, optimal display environments, click-and-drag online image resizing? Where's the community for UI geeks?

How many of Flickr's 10-30 million monthly visitors have paid accounts there? My guess would be: Several. Surely some of that revenue could go into renewal, exploration and invention.

Perhaps it's no surprise that Flickr founders Catarina Fake and Stewart Butterfield left Yahoo! just as soon as they reasonably could. I don't doubt for a moment that they've thought a great deal more about these issues than I have. Perhaps they'll be the ones who manage to pull a rabbit or two out of their digital cap.

If they do, they'll get my money, too.


Steaming Piles

grcumb grcumb writes  |  more than 6 years ago

[Cross-posted from the Scriptorum.]

Sometimes you have to destroy the document in order to save it....

I give up. I can't support OpenOffice Write any more, and it's nobody's fault but their own. For anything more than simple tasks, the application is terrible. Their only saving grace is that Microsoft Office has its own brand of polished turd, named Word. Collectively, they are racing to the bottom of a decade-long decline in useability.

No, that's too generous. The thing is, they're at the bottom. They are useless for any but the most trivial tasks, and the most trivial tasks are better accomplished elsewhere, anyway.

Yes, I'm ranting. Let's put this into a proper context:

I hate word processors. For any but the simplest tasks, their interfaces are utterly ridiculous. I haven't liked a word processing interface since WordPerfect circa version 5, and if I had my own way, I'd author all my documents in either emacs or vi, depending on the circumstances.

Why do word processors suck so badly? Mostly, it's because of the WYSIWYG approach. What You See Is What You Get, besides being one of the most ghastly marketing acronyms to see the light of day in the digital era, is ultimately a lie. It was a lie back in the early 1990s when it first hit the mainstream, and it remains a lie today. The fact of the matter is that trying to do structuring, page layout and content creation at the same time is a mug's game. Even on a medium as well understood as paper, it's just too hard to control all the variables with the tools available and still have a comprehensible interface.

But the real sin that word processors are guilty of is not that they're trying to do WYSIWYG - okay it is that they're trying to do WYSIWYG, but they way they go about it makes it even worse. Rather than insisting that the user enter data, structure it and then lay it out, they cram everything into the same step, short-circuiting each of those tasks, and in some cases rendering them next to impossible to achieve.

Learning how to write, then structure, then format a document (or even just doing each through its own interface) is easier to learn and easier to accomplish than the all-in approach we use today. For whatever reason, though, we users are deemed incapable of creating a document without knowing what it's going to look like right now, and for our sins, that's what we've become. And so we are stuck with word processors that are terrible at structuring and page layout as well as being second-rate text authoring interfaces. They do nothing well, and many things poorly, in no small part because of the inherent complexity of trying to do three things at once.

It doesn't help that their technical implementation is poor. The Word document format is little better than a binary dump of memory at a particular moment in time. For our sins, OpenOffice is forced to work with that as well, in spite of having the much more parse-worthy ODF at its disposal these days.

There's no changing any of this, of course. The horse is miles away, and anyway the barn burned down in the previous millennium. The document format proxy war currently underway at the ISO is all the evidence I need to know that I'll be dealing with stupid stupid stupid formatting issues for years to come. I will continue to be unable to properly structure a document past about the 80th percentile, which is worse than not at all. I will continue to deal with visual formatting as my only means to infer context and structure, leaving me with very little capacity to do anything useful with the bloody things except to print them out and leave them on someone's desk.

Maybe I'll just stop using them at all. Maybe I'll just start doing everything on the web and never print again. I'm half serious about this, actually. At least on the Web, the idea that content and presentation are separate things isn't heresy. At least on the Web, I can archive, search, contextualise, comment, plan, structure and collaborate without having to wade through steaming piles of cruft all the time.

At least on the Web, I can choose which steaming piles I step into.

I'm going to start recommending people stop using Word as an authoring medium. There are far better, simpler tools for every task, and the word processor has been appropriate for exactly none of them for too long now. Sometimes you have to destroy the document in order to save it.


Trust Works All Ways

grcumb grcumb writes  |  more than 6 years ago

[Cross-posted from the Scriptorum.]

The Debian OpenSSL vulnerability apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it?

Over the weekend, I've been thinking about last week's disclosure concerning Debian's OpenSSL package, which in effect stated that all keys and certificates generated by this compromised code have been trivially crackable since late 2006.

There's a pretty good subjective analysis of the nature of the error on Ben Laurie's blog (thanks, Rich), and of course the Debian crew itself has done a fairly good job of writing up the issue.

The scope of this vulnerability is pretty wide, and the ease with which a weak key can be compromised is significant. Ubuntu packaged up a weak key detector script containing an 8MB data block which, I'm told, included every single possible key value that the Debian OpenSSL package could conceivably create.

The question that kept cropping up for me is: This one-line code change apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it? Numerous exploits on Microsoft Windows would have required far more scrutiny and creativity than this one. Given the rewards involved for 0-day exploits, especially in creating platforms for cross-site scripting attacks, why is it nobody bothered to exploit this?

My hypothesis - sorry, my speculation is this: People at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn't notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

The change itself was small, but not really obscure. It was located, after all, in the function that feeds random data into the encryption process. As Ben Laurie states in his blog, if any of the OpenSSL members had actually looked at the final patch, they would almost certainly have noticed immediately that it was non-optimal.

In all this time, apparently, nobody using Debian's OpenSSL package has actually (or adequately) tested to see whether the Debian flavour of OpenSSL was as strong as it was supposed to be. That level of trust is nothing short of astounding. If in fact malware authors were guilty of investing the same trust in the software, then I'd venture to state that there's a fundamental lesson to be learned here about human nature, and learning that lesson benefits the attacker far more than the defender:

Probe the most trusted processes first, because if you find vulnerabilities, they will yield the greatest results for the least effort.

P.S. Offhand, there's one circumstance that I think could undermine the credibility of this speculation, and that's if there's any link between this report of an attack that compromised not less than 10,000 servers and the recent discovery of the Debian OpenSSL vulnerability.

Slashdot Login

Need an Account?

Forgot your password?