June 2002 — Monthly Archive
search-explorer.net is now running ads which pop when you mouse over the ad in a page, neatly bypassing my Mozilla popup blocks. Edge of acceptability. I’d expect to see more of such tactics as Mozilla-based browsers gain traction.
BlogToaster: cool. Compelling example of a real-world web service.
Palladium will give Bill Gates a piece of every transaction of any type while at the same time marginalizing the work of any competitor who doesn’t choose to be Palladium-compliant. So much for Linux and Open Source, but it goes even further than that. So much for Apple and the Macintosh. It’s a militarized network architecture only Dick Cheney could love.
I don’t buy into this doomsday scenario for a couple of reasons:
One: The PC market is large, and has enormous inertia. It’s not as easy to get people to upgrade as it was, say, in 1996.
Two: especially after the Hailstorm fiasco, MS knows its ability to push through even a de-facto standard is at an all-time low.
Essentially, industry trust (amusing since there’s a great deal of talk on their part about Trustworthy Computing(tm) these days) in Microsoft is at such an all-time low that it’ll be a wonder if it can cooperate and work with partners outside its own walled garden (Dell+Intel+NVidia…) in a couple of years. Sure, we have Allchin talking about Microsoft’s new `transparency’ policy, but the doesn’t-play-well-with-others image will have to go before grand, ship-100-million-to-start schemes like Palladium take off. And this is something that Microsoft will have to realize: they can’t do it alone anymore. Sure, they shipped millions of copies of DOS and Windows. But that was at a time when no one else would look at the PC market. It isn’t clear to me that they can pull it off again — with Intel/AMD or without.
Couple of words about the OpenSSH mess: in my mind, this has brought home the necessity of full disclosure more than ever. It doesn’t matter if the software is Windows XP or an obscure daemon — full disclosure helps everyone evaluate the risks involved for themselves, and not leave them to trust others who have their own agendas to push.
I have a potato box that was particularly hard-hit by this (yes, I know I should probably not be running potato, but this is a machine where I need stability more than I need the latest and greatest, dammit). Debian normally backports all patches, and doesn’t introduce new features unless strictly necessary. Because of the ubiquity of OpenSSH and the (ahem!) unique characteristics of Theo de Raadt, they blinked and backported v3.3p1 as recommended, only to find when the advisory was released that they were not vulnerable all along! Personally, I think the best course of action for them now would be to go back to the original potato sshd.
Could any of this have been handled any better? After all, apart from scaring the shit out of everybody, the OpenSSH team — even Theo — did the correct thing. They released just enough information about the problem, and suggested a workaround (in classic Theo style, not the simplest one available), until they could release a patch (3.4) which mitigated the problem.
Maybe, just maybe, in future, teams maintaining software as ubiquitous as OpenSSH should probably interact a little more with vendors — especially ones like Debian, which try to be highly responsive to security threats. That would make things much smoother for users and the reputation of the people concerned.
Uh oh, bad news. The message seems to be: upgrade to OpenSSH 3.3. Downside: 3.3 has problems with compression and PAM, in particular keyboard-interactive authentication. Folks running Debian can read DSA 134 (which, incidentally, leaves potato users in a bind). Note that upgrading will not fix the problem, only prevent a root exploit.
Yes, Mozilla lets me block popup ads, but I also hate violent, epilepsy-indcuing blinkenlights, aka animated gif ads. Here IE shines: press Esc and the pain stops. Not so in Moz (although Moz has quite a few other options that are useful for this), or Opera for that matter.
This /. post neatly captures my own feelings on the subject:
Microsoft had some good standards but they constantly ignore them these days. I saw a quote that thanks to Web application, which forces people to use really crappy UI, and the preponderance of high-resolution with lots of colors and everyone trying to take advantage of it (skinning is just another word for “angry fruit salad”), UI has been set back to about 1984.
And this tendency to make regular Windows apps look like Web pages is just ludicrous. There were so many violations of common sense in just the installation of Visual Studio .NET, I could write a book about it. The app itself isn’t too bad, but in some ways Microsoft has become the worst UI innovator because they are making lots of stylistic changes that have a negative effect on usability.
You can read the other side of the story (about Inductive User-interfaces) on MSDN. Frankly, IUI works well for certain classes of problems. Good examples include Money, Management Console, Office XP’s Task Panes. But IUI can be carried too far– look at Windows XP’s horrendous (default) Control Panel interface, for example. There, trying to find any given applet is by and large a trial-and-error affair.
Say you have Windows 98 or later with Active Desktop disabled. While browsing down the listbox of wallerpaper in the Display Applet in the Control Panel, you choose a JPEG image. Windows will then helpfully tell you: this image can be used as wallpaper `only if Active Desktop is enabled’. Well, that’s a lie. Even Internet Explorer can turn JPEGs into desktop wallpaper — it converts them into BMPs first. So do most users like myself — use an image editor like (a recent version of) Paint, or Photo Editor, and convert the bothersome JPEG into a BMP and lo! instant wallpaper gratification.
Here, the most charitable explanation is that the applet programmer never had a look at the (similar) feature in IE. The less charitable explanation would be that the programmer had orders to get the word Active Desktop in front of users’ eyes as often as possible, whether it made sense or not. Anyway, all the Control Panel applet makes us do is jump through a few hoops. Software which behaves this way — an I know better attitude — gets an arrogant mark from me.
Update: The old wucrtupd.exe had a similar problem — bustling with self-importance, it scanned for updates every five minutes, with no (good) way of changing the interval. Thankfully, the new Windows 2000 Automatic Update is much better to use. I guess someone at msft listens to all that feedback after all .
The comely seven of nine has disappeared from netcrucible, replaced by a red-and-yellow aleph-nought (what’s that supposed to stand for? Infinite Microsoft?) Shucks. The borg joke was one of the reasons I thought netcrucible was cool in the first place.
TKL: The real story here is that the Indians have managed to set the US up to fail. Any intelligence the US may have on militant activity is overly reliant on satellite photography. In the twisted terrain along the LoC, nothing short of a massive ground operation by the US military will even come close to simply monitoring, effectively and safely, the integrity of the border.