Quotes in 2002

Tuesday, December 31, 2002

The "mind trick" in object-oriented design is to conflate some "object" (which might be a person, place, or conceptual entity, not just a physical object) with a program data structure which holds information about it. The data structure itself is called the "object" by OO programmers, even though it only *represents* the original object. The original object is in the "problem domain" or "domain of discourse", while the data structure object is usually not. The information about the problem-domain object, stored in the data-structure object, is called the object's "state".

This conflation can be very useful and is done willfully. It's often much simpler for the programmer to think about maintaining a list of students than to think about maintaining a list of data structures, each of which stores information about a student. Good object-oriented programming involves making sure the analogy between the problem-domain objects and the data-structure objects continues to hold as the system is developed.

--Sandro Hawke on the www-tag mailing list, Monday, 30 Dec 2002

Monday, December 30, 2002
Intel's Lagrande and Microsoft's Palladiumm attack the essence of the PC--a universal machine, capable of doing anything that one can write software to describe or build an interface to control=--and threaten to turn the PC into a harem eunuch for an oligopoly of pay-per-use content vendors and channels. Legislators have likewise been to quick to accomodate the demands of deep-pocketed content creators.

--Peter Coffee, eWeek, December 23/30, 2002, p. 39

Saturday, December 28, 2002

Necessary as tradeoffs between quality factors may be, one factor stands out from the rest: correctness. There is never any justification for compromising correctness for the sake of other concerns such as efficiency. If the software does not perform its function, the rest is useless.

--Bertrand Meyer
Read the rest in Object Oriented Software Construction, 2nd edition, p. 15

When you run a Gnome application on a KDE desktop, the GNOME application looks like a KDE application. Conversely KDE applications look like GNOME when run on the GNOME desktop. Apparently the two platforms use common run-time library calling conventions to display widgets. The desktop environment determines the look and feel more than the application's own code does.

If you are looking for one, single, outstanding validation of the open source devlopment model, this is it. With no profits to lose and no trade secrets to compromise, projects are encouraged to cross-pollinate their technologies, making all products better and advancing the state of technology across the board. You won't find much evidence of this cooperation among the mailing lists associated with both desktops. Mostly what you find is fierce competition and chauvinism. But separate yourself from all that, and the result is positive.

--Al Stevens
Read the rest in Dr. Dobbs Journal, October, 2001, p. 107

Thursday, December 26, 2002

When you run a Gnome application on a KDE desktop, the GNOME application looks like a KDE application. Conversely KDE applicationns look like GNOME when run on the GNOME desktop. Apparently the two platforms use common run-time library calling conventions to display widgets. The desktop environment determines the look and feel more than the application's own code does.

If you are looking for one, single, outstanding validation of the open source devlopemnt model, this is it. With no profits to lose and no trade secrets to compromise, projects are encouraged to cross-pollinate their technologies, making all products better and advancing the state of technology across the board. You won't find much evidence of this cooperation among the mailing lists associated with both desktops. Mostly what you find is fierce competition and chauvinism. But separate yourself from all that, and the result is positive.

--Al Stevens
Read the rest in Dr. Dobbs Journal, October, 2001, p. 107

Tuesday, December 24, 2002
We're working on a new policy for software vendors that will say, 'Before you deliver your software to Sprint, you need to run certain tests and tell us the results. There are holes in Microsoft you can shoot a cannon through. It's only fair that they tell us.

--Robert Fox, Sprint's chief security officer
Read the rest in Sprint to Require Security Tests on Vendors' Software - Computerworld

Sunday, December 22, 2002

A technical issue or project sometimes raises ethical issues. When that happens, discussing the ethical issues is an essential part of the technical discussion. A discussion which ignores the ethical aspect of the issue is severely incomplete.

That does not happen often. Most of the decisions in a technical project are purely technical, and whatever is technically best is really best. After many such issues, it is easy to start thinking that raising ethical issues in a technical issue is improper, that there is some virtue in keeping technical decisions away from ethics. That is a the worst mistake an engineer can make.

--Richard M. Stallman
Read the rest in Linux and Main - The week that was: RMS - McVoy, Turbo - SuSE, MSFT - SunW, Wozniak, Cacheflow

Saturday, December 21, 2002
When you are pure software, when you have a bug, you can fix it just by sending a new version down. When you're a piece of hardware, you fix it by doing a product recall. And, consequently, people who work with real atoms rather than just bits, tend to be more cautious than us software people would like them to be.

--Simon Phipps
Read the rest in An Interview with Simon Phipps [Mar. 15, 2001]

Friday, December 20, 2002

We, ASCII-age programmers, are used to considering plain text rendering as being injective up to binary identity. We carefully choose fonts that distinguish between O and 0, 1 and l. We use editors that warn us about non-native line ending conventions, about whitespace at the end of lines, about white lines at the end of files.

With Unicode, doing the same becomes impossible, which some of us (including myself) find disorienting. We will have to change our work habits, and we'll have to work out new tricks for making our software reliable when confronted with a non-technical user

--Juliusz Chroboczek on the unicode@unicode.org mailing list, 11 Feb 2002

Thursday, December 19, 2002
Friday, November 22, 2002

A recent visit with the PC Magazine folks in China revealed some interesting facts. First, the Chinese are having some trouble coming to grips with intellectual-property laws. This is a cultural thing. Generations of Chinese were brought up to believe that intellectual property is the property of the people. It is a marxist ideal that has been inculcated in Russia as well as China.

The solution, insofar as computers are concerned, is open-source. Nobody can complain if the software you're passing around is free! The Chinese are very amenable to open-source and could become a massive conduit for Linux applications. Apparently, Microsoft is freaked out by this possibility and is investing a lot of money in China to educate people. My prediction: It's a lost cause, and China will go to Linux in a big way.

--John C. Dvorak, PC Magazine, December 3, 2002, p. 63

Wednesday, December 18, 2002
Each time a new DVD movie is played on a computer, the WMP software contacts a Microsoft Web server to get title and chapter information for the DVD. When this contact is made, the Microsoft Web server is giving an electronic fingerprint which identifies the DVD movie being watched and a cookie which uniquely identifies a particular WMP player. With this two pieces of information Microsoft can track what DVD movies are being watched on a particular computer.

--Richard M. Smith
Read the rest in Why is Microsoft watching us watch DVD movies?

Tuesday, December 17, 2002
You might have noticed that most CEOs are not eager to work for companies that are already in the crapper and rotating clockwise. That's puzzling, because you would think that a confident CEO who believed in the power of his own leadership skills would prefer a challenge -- something with more of an upside potential. But it seems that given the choice between a hard job, like CEO of Bob's Pastry and Muffler Shop, or something easy, like CEO of General Electric, most leaders will opt for the position that could be handled equally well by a sock monkey.

--Scott Adams in the Dilbert Newsletter 44.0, Monday, 25 Nov 2002

Monday, December 16, 2002

Just turned on CNN to catch the headlines. The network is running a report about Iraq and the likely upcoming war.

The channel is also, in the middle of a supposed news report, playing ominous-sounding music in the background while the anchor/reporter talks and the images are displayed on the screen. This is a technique movie-makers use to stir up viewers' emotions. It works.

Most likely the purpose of this technique is to make the broadcast more interesting. But it's smells of propaganda, not serious journalism.

CNN's credibilty has been shrinking for some time. This kind of overt viewer manipulation puts it closer and closer to zero.

--Dan Gillmor
Read the rest in Silicon Valley

Sunday, December 15, 2002
Every paper you pick up today talks about threading as if we were working in a textile mill. Using the "thread" word is very popular. But those who know threading intimately know that multi-threading is often like a Steven King novel -- there are things crawling around in the night that can bite you.

--Edward Harned
Read the rest in Knowledge Base - - JAVAPeerPublishing

Saturday, December 14, 2002
I tell kids now, if you want to get that Sixties sound, just get stoned and get into a tiny room, because we never had rehearsal rooms, we always used to jam in somebody's bedroom ‹ and above all, throw away your tuner. When you listen to the Eagles, which was the defining Californian sound of the 1970s, they were perfectly in tune. The electronic tuner had been perfected. In our day, nobody had tuners. Well, the Dead had what they called a strobe tuner, a huge thing the size of fridge. But we didn't and we would fight non-stop about who was in and out of tune, and the in-tuneness would only last for a hot minute before our guitarist Barry Melton hit the joystick on his guitar and the moment he did that, it went out of tune again.

--Country Joe McDonald
Read the rest in Independent News

Friday, December 13, 2002

Frequent readers, by now, have noticed that I've been thinking of the problem of how one might deliver an application on Linux, Macintosh, and Windows without paying disproportionately for the Linux and Macintosh versions. For this you need some kind of cross-platform library.

Java attempted this but Sun didn't grok GUIs well enough to deliver really slick native-feeling applications. Like the space alien in Star Trek watching Earth through a telescope, they knew exactly what human food was supposed to look like but they didn't realize it was supposed to taste like something. Java apps have menus in the right places but there are all these keyboard things that don't work the same way as every other Windows app and their tabbed dialogs look a little scary. And there is no way, no matter how hard you try, to make their menubars look exactly like Excel's menubars. Why? Because Java doesn't give you a very good way to drop down to the native facilities whenever the abstraction fails. When you're programming in AWT, you can't figure out the HWND of a window, you can't call the Microsoft APIs, and you certainly can't intercept WM_PAINT and do it differently. And Sun made it plenty clear that if you tried to do that, you weren't Pure. You were Polluted, and to hell with you.

After a number of highly publicized failures to build GUIs with Java (e.g. Corel's Java Office suite and Netscape's Javagator), enough people know to stay away from this world. Eclipse built their own windowing library from the ground up using native widgets just so they could write Java code that had a reasonably native look and feel.

The Mozilla engineers decided to address the cross platform problem with their own invention called XUL. So far, I'm impressed. Mozilla finally got to the point where it tastes like real food. Even my favorite bugaboo, Alt+Space N to minimize a window, works in Mozilla; it took them long enough but they did it.

--Joel Spolsky
Read the rest in Joel on Software - Lord Palmerston on Programming

Thursday, December 12, 2002
Why don't we set up the machinery of real international law? Why don't we talk about "justice" rather than revenge? Why don't we have international tribunals so that those who wish to kill us can have their time in court? I don't want al-Qa'ida's members blown to pieces in Yemen by Mr Bush's hit squads. I want to see them tried, fairly and by due process. Of course, the Americans will whinge and whine about this. They will rabbit on about how Americans may be taken to court for political ends, about how American troops might be liable for war crimes trials ‹ and given some of their behavior in Afghanistan, I can well see why they would worry about this. I can see, too, why Mr Sharon would worry that he, too, could end up in court on war crimes charges for his involvement in the massacre of Palestinians at Sabra and Chatila in 1982. I don't know if Mr Sharon is guilty. But I think he deserves a fair trial.

--Robert Fisk
Read the rest in Ariel Sharon Has Walked Into a Trap. And We Are Following Him

Wednesday, December 11, 2002

The key discriminating function of the main Linux maintainers--which include Linus Torvalds--is their absolute no-compromise position on clean interfaces and forcing people who want to go two steps forward to not go one step back. What this means is, in many kernel mailing-list discussions I've seen over the last 12 months, when somebody proposes a solution that solves some problems but brings with it other problems, generally that solution is rejected until the other problems are addressed.

A great example of this is two years ago when a number of groups approached Linus, each trying to be the approved security mechanism for Linux. The NSA (National Security Administration) was showing their solution, HP (Hewlett-Packard) was showing their solution and Immunix/Wirex was showing theirs--and he told them all, "The fact that each of you is trying to get me to adopt your approach is proof that none of these approaches is correct. The only possible correct approach is one single approach that supports each of the different things you're trying to do. Come back when you've defined a set of interfaces that supports each of your systems, and I'll support that."

--Michael Tiemann
Read the rest in Vision Series 3: Michael Tiemann - Tech News - CNET.com

Tuesday, December 10, 2002

Back in the early 60's, IBM came out with a new line of computers to replace their various scientific and commercial models. They had a new idea: to create a line of computer systems that shared a common architecture, with a full range of models, all capable of running the same software.

They called this new product line System/360. Although the physical implementation details of these systems varied significantly, the ISA was consistent throughout, except for some specific features (packed decimal and/or floating point instructions were optional on certain models, depending on whether you needed to do scientific or commercial work). Of course those first systems had about the same processing power as today's digital watches, and we all know how neat digital watches are.

--Ford Prefect
Read the rest in Ace's Hardware

Monday, December 9, 2002
No one could have possibly arranged for more publicity for the open-source movement and its importance than Bill Gates coming and giving $400 million to fight Linux

--Atul Chitnis, Bangalore Linux Users Group
Read the rest in Linux, Microsoft tussle in India - Tech News - CNET.com

Sunday, December 8, 2002
A lot of people in the scene talk about the evils of selling out, but I say sell out, sport a suit and tie, give up illegal cracking and get a life. I realized real quickly that I could learn a lot more working legitimately.

--Ejovi Nuwere
Read the rest in Wired News: Hacker From the 'Hood Tells All

Saturday, December 7, 2002
Microsoft has given this vulnerability a maximum severity rating of moderate. Great, so arbitrary command execution, local file reading and complete system compromise is now only moderately severe, according to Microsoft.

--Thor Larholm
Read the rest in Microsoft: IE hole worse than reported - Tech News - CNET.com

Friday, December 6, 2002
Has anyone spotted something amiss about the latest episode in the "war on terror"? Has it dawned on any of the chickenhawks in the US administration or in Downing Street that they are losing the initiative? Has anyone noticed that Mr bin Laden is writing the script? Al-Qa'ida attacks New York so we attack Afghanistan. Al-Qa'ida attacks in Bali and the Australian government re-pledges its support for America. Al-Qa'ida threatens America and so we murder four of its members in Yemen. And our governments ‹ even the Irish last week ‹ respond not by protecting us, not by uniting in a new, inspiring system of international justice, but by producing laws that will diminish our freedoms, our rights and our liberty. Under attack by al-Qa'ida? Let's tap into the telephones and emails of our innocent citizens. Let's frisk every Muslim who goes through our airports. Let's spy on our own people. How Mr bin Laden ‹ hardly a man of humor, as I can personally attest ‹ must be smiling.

--Robert Fisk
Read the rest in Ariel Sharon Has Walked Into a Trap. And We Are Following Him

Thursday, December 5, 2002
The Java Community Process is a wondrous beast, I'm coming into contact with it from another angle at the moment. I suspect they can't send you an acknowledgement without the agreement of 39 company lawyers.

--Michael Kay on the saxon-help mailing list, Thursday, 5 Dec 2002

Wednesday, December 4, 2002
We're seeing interest among Fortune 500 companies to make sure the software they need for their business continues to be available in open source. They've gone through this latest license nightmare with Microsoft, where suddenly their outlay became much larger and got locked into multiyear-long deals. A bunch of them don't want to be on the pusher-addict model of software anymore and are going to take a more active voice in directing that software.

--Bruce Perens
Read the rest in Vision Series 3: Bruce Perens - Tech News - CNET.com

Tuesday, December 3, 2002
The reality is that in anything resembling today's normal operating procedures, airliners are inescapably vulnerable to ground attack within a many-mile radius around any major airport. We couldn't hope to secure a dozen-mile safety zone around airports in Atlanta or Dallas, let alone Cairo or Jakarta. Surface-to-air missiles are so small, cheap, portable, and (reportedly) abundant on the black market that sooner or later terrorist groups will get and use them. The missile threat will mean to airline travel what the recent sniper episode means to metropolitan life. That is, once terrorist groups see how easy it is for a few people to generate widespread fear, and how impossible it would be to mount an effective defense, it is only a matter of time before it's done again. (If there were the slightest chance that terrorist groups had not already figured this out, I wouldn't mention it. But let's not kid ourselves.)

--James Fallows
Read the rest in Air Fright - Why Nov. 28 will prove scarier in the long run for airline passengers than Sept. 11. ByJamesÊFallows

Monday, December 2, 2002

For some reason, Richard Clarke continues to believe that he can increase cybersecurity in this country by asking nicely. This government has tried this sort of thing again and again, and it never works. This National Strategy document isn't law, and it doesn't contain any mandates to government agencies. It has lots of recommendations. It has all sorts of processes. It has yet another list of suggested best practices. It's simply another document in my increasingly tall pile of recommendations to make everything better. (The Clinton Administration had theirs, the "National Plan for Information Systems Protection." And both the GAO and the OMB have published cyber-strategy documents.) But plans, no matter how detailed and how accurate they are, don't secure anything; action does.

And consensus doesn't secure anything. Preliminary drafts of the plan included strong words about wireless insecurity, which were removed because the wireless industry didn't want to look bad for not doing anything about it. Preliminary drafts included a suggestion that ISPs provide all their users with personal firewalls; that was taken out because ISPs didn't want to look bad for not already doing something like that.

And so on. This is what you get with a PR document. You get lots of varying input from all sorts of special interests, and you end up with a document that offends no one because it demands nothing.

--Bruce Schneier
Read the rest in Counterpane: Crypto-Gram:

Saturday, November 30, 2002
While not exactly newsworthy (but still interesting), a recent poll conducted by Billboard revealed that 42% of respondees stated they would be more willing to purchase a CD if it included additional perks such as unreleased songs or concert ticket offers. Is this really any surprise? The Christian music industry, one of the few markets making a profit these days, does this very thing. Buy a contemporary worship CD and with it you will commonly receive free lyric sheets, guitar tablature, and alternate, acoustic versions of songs in MP3 format - all included on the disc. This is one area where the Christian music industry is truly ahead of the secular market.

--David Nevue
Read the rest in MusicDish Industry e - Journal

Friday, November 29, 2002

If you replaced all of the CEOs of the Fortune 500 companies with Magic 8 Balls (tm), and came back in five years, you would discover that some of those companies had compiled excellent track records by pure chance. The CEO's job in a huge company is essentially the same as the Magic 8 Ball: saying yes, no, or maybe, without the benefit of understanding the questions. A Magic 8 Ball is highly qualified for that sort of work.

Recently I heard an interview that CNBC did with Lou Gerstner. He said his biggest contribution as CEO at IBM was changing its culture. His example of how he changed the culture is that when he came into the job there was a lot of talk about breaking up the company into smaller companies; he decided not to do that. In other words, his biggest contribution to IBM was NOT DOING SOMETHING. Then he wrote a best-selling book about his leadership. The Magic 8 Ball would have had a 50% chance making the same decision; a sock monkey would have nailed it on the first try.

--Scott Adams in the Dilbert Newsletter 44.0, Monday, 25 Nov 2002

Wednesday, November 27, 2002

Refactoring improves the design. What is the business case of good design? To me, it's that you can make changes to the software more easily in the future.

Refactoring is about saying, "Let's restructure this system in order to make it easier to change it." The corollary is that it's pointless to refactor a system you will never change, because you'll never get a payback. But if you will be changing the systemÑeither to fix bugs or add featuresÑkeeping the system well factored or making it better factored will give you a payback as you make those changes.

--Martin Fowler
Read the rest in Refactoring with Martin Fowler

Tuesday, November 26, 2002

One of the problems the tablet PC is supposed to solve is the barrier that's formed between you and another person when you use a conventional laptop. The screen is purportedly some kind of offensive shield that cuts people off from one another and erects an insulting wall between them. To which I say phooey. Laptops are endemic to business, and using a laptop during a meeting is commonplace. But is it rude?

Our society has gotten so rude and inconsiderate that using a laptop is small potatoes. People have been multitasking in meetings for as long as there have been meetings. Whether you're doodling on a pad, reading a memo that has nothing to do with the subject being discussed, gazing out the window, or sleeping with your eyes open, it's not a problem that technology caused, and additional technology is not the cure.

We're wireless here at PC Magazine, and people tip-tap away on their laptops throughout our meetings. I know from their stop-and-start pace that they're often sending instant messages. We can hope that they're answering urgent questions from outside the room that would otherwise disrupt the meeting, but it's equally possible that they're organizing social activities for the weekend or sending snide comments to coworkers across the table. If this is the current state of the multitasking art, so be it. These notebook users are a lot less detrimental than the clods who attempt to drive and talk on their cell phones.

--Bill Machrone
Read the rest in Tablet PCs: Yawn

Monday, November 25, 2002
I do admit to looking pretty out of it in that commercial Ñ I think I look horrible. It was after school, but I was the last person to make the commercial, so by the time I made it it was like 10, so I was really tired. The funny thing was, I was on drugs! I was on Benedryl, my allergy medication, so I was really out of it anyway. ThatÕs why my eyes were all red, because I have seasonal allergies. But no one believes me.

--Ellen Fleiss
Read the rest in the apple of apple's eye: ellen feiss

Sunday, November 24, 2002
Behind that smiley face is a single mother who makes $7.50 an hour and can't afford health insurance for her family because Wal-Mart charges her $400 a month for it

--Rian Wathen, United Food & Commercial Workers Local 700
Read the rest in NOLA.com: Newflash

Saturday, November 23, 2002
For us it is not a question of Microsoft versus Linux. It is just a matter of choosing between a free software and a monopoly. We feel that when we are putting public information out in the open, then it should not be through a proprietary software.

--Digvijay Singh, Madhya Pradesh Chief minister
Read the rest in MP opens windows to Linux - The Economic Times

Friday, November 22, 2002

Computer makers need to simplify their products and reduce crashes and conflicts among programs. As long as the industry gives nerds who think about computers 24 hours a day the final say on products headed to market, they're going to have stagnant sales.

The computer industry isn't suddenly stupid. it has always been stupid, conducting business by nerds for nerds year after year. Now they wonder why people aren't rushing out to buy the newest, fastest machines. The faster machines will crash just as often as the ones sitting on everybody's desks! Forget about speed—give us reliability.

--Warren Jamison, PC Magazine, December 3, 2002, p. 57

Thursday, November 21, 2002

A technical issue or project sometimes raises ethical issues. When that happens, discussing the ethical issues is an essential part of the technical discussion. A discussion which ignores the ethical aspect of the issue is severely incomplete.

That does not happen often. Most of the decisions in a technical project are purely technical, and whatever is technically best is really best. After many such issues, it is easy to start thinking that raising ethical issues in a technical issue is improper, that there is some virtue in keeping technical decisions away from ethics. That is a the worst mistake an engineer can make.

--Richard M. Stallman
Read the rest in Linux and Main - The week that was: RMS - McVoy, Turbo - SuSE, MSFT - SunW, Wozniak, Cacheflow

Wednesday, November 20, 2002

The law of leaky abstractions means that whenever somebody comes up with a wizzy new code-generation tool that is supposed to make us all ever-so-efficient, you hear a lot of people saying "learn how to do it manually first, then use the wizzy tool to save time." Code generation tools which pretend to abstract out something, like all abstractions, leak, and the only way to deal with the leaks competently is to learn about how the abstractions work and what they are abstracting. So the abstractions save us time working, but they don't save us time learning.

And all this means that paradoxically, even as we have higher and higher level programming tools with better and better abstractions, becoming a proficient programmer is getting harder and harder.

--Joel Spolsky
Read the rest in Joel on Software - The Law of Leaky Abstractions

Monday, November 18, 2002

It should be a crime to teach people C/C++.

This isn't an attack on the language itself (although there are plenty). The problem is that people use it to write high level applications. People who barely understand the language are writing millions of lines of code with it. Code that will one day run our electric shavers and lawn mowers and air traffic control systems.

If you don't take programming seriously and write code that looks like utter dog shit, and instead of committing hari-kari from shame, you just say "meh, it's a living" then please, for the sake of your species, at least use a high level programming language. High level languages are usually more secure than C/C++ and chances are you'll write less lines of utter dog shit that other people have to deal with.

High level languages like Ruby, Python, or even Java are strongly recommended for all new projects. The reason these languages are more secure (in theory) is that they don't have pointers. Most security vulnerabilities that involve breaking program code involve manipulating pointers-in fact, many programming bugs are generally related to pointers in some way. As with the OS issue noted above, do not mistake this for invulnerability. You're simply less likely to be compromised using this particular attack vector with a high level programming language.

--Michael Bacarella, Netgraft Corp
Read the rest in The Peon's Guide To Secure System Development

Sunday, November 17, 2002
languages/systems that depend on IDEs have no evolutionary staying power. They are replaced over the long-term by competitors that are less picky about their creation environment. So, for example, MFC is dead and none of its modern replacements are even remotely as grotty. Same with COM (which is being replaced with .NET). And every attempt to make programming languages deeply visual has failed.

--Paul Prescod on the xml-dev mailing list, Monday, 11 Nov 2002

Saturday, November 16, 2002
One of Microsoft's smarter tactics has been to advocate neutrality -- to say that the software ecosystem is fine with more than one choice as long as no one forces that choice. Of course, anyone who's been awake the past 20 years understands that Microsoft itself does not believe this. This monopolist believes the ecosystem is ideal when there is precisely one choice -- Microsoft.

--Dan Gillmor
Read the rest in Mercury News | 11/12/2002 | Dan Gillmor: Accounting reform takes two steps back, no steps forward

Friday, November 15, 2002
After the Taliban's chums enter the Pakistan parliament, the Islamists are back in Turkey. Who said that fundamentalism is dead? No, the victory of Turkey's Justice and Development Party (AKP) is not a specifically anti-American vote å‹ corruption and economic collapse produced its 350 seats in the 540-seat Turkish parliament. But opposition to corruption and economic collapse lay behind the Pakistani vote, too. Indeed, it is the foundation for almost every Islamist opposition vote in the Middle East, the desire to destroy the cancer which infects almost every pro-American regime in the region.

--Robert Fisk
Read the rest in Independent Argument

Thursday, November 7, 2002
Open source is all about _other_ people being able to make their changes. It by no means means that those changes have to be accepted back: the license basically only boils down to that I must be _able_ to accept them back. But the really important thing, the thing that really makes a difference, is that you, your dog, and your company can make your OWN changes.

--Linus Torvalds
Read the rest in Linux Kernel Development Archive: Re: [lkcd - general] Re: What's

Wednesday, November 6, 2002

The smartest thing about Rendezvous, though, is the fact that it's just Apple's trademarkable, T-shirt-worthy name for an open standard called zero configuration networking. There are some things Apple doesn't get and maybe never will, but the value of a good open standard isn't one of them.

Microsoft's people still can't get their heads around this concept. When they decide that a good computer acts as a conduit for information, they say, "So if we build and control the standards for this basic conduit, we could control … the world!" The result is .Net, which isn't getting a lot of traction and has recently been co-opted by the open source community.

--Andy Ihnatko, Macworld, November 2002, p. 127

Tuesday, November 5, 2002
Objects are for people. The reason objects exist is to help human programmers do their jobs. This is important to keep in mind when designing APIs as well as objects, because if objects are for people, then so are object interfaces. (After all, API means application programmer interface.) When you design an object or API, you are primarily designing for the benefit of human programmers.

--Bill Venners
Read the rest in API Design: The Object

Monday, November 4, 2002

Time and again, in my own work, I have made premature optimization decisions that have cost me dear. I worked with a company in the Eighties that well nigh went under because of premature optimization. Unless you are very lucky, premature optimization will result in you bending your design out of shape for a perceived performance need that is illusory. I have been writing software since 1982 and I have yet to accurately guess where the real performance bottlenecks of any moderately sized system really are.

As the years go by, I also note with considerable interest, the extent to which willfully banishing thoughts of optimization from my head at design time leads to systems with better performance than I would have imagined possible. In a paradoxical, Tao-like way, you'll achieve good performance by ignoring performance issues during design. Let performance look after itself. If the design is right, it will.

--Sean McGrath
Read the rest in XML is Too Slow...Not!

Sunday, November 3, 2002
There is a mentality that everyone is potentially a criminal. I resent the idea that I should be subjected to the scrutiny of invisible cameras just to satisfy someone's crazed idea of that way society is.

--Simon Davies, Privacy International
Read the rest in Wired News: London's Privacy Falling Down

Saturday, November 2, 2002
We forced everyone to go to Macs for the desktops. The support load dropped to almost nothing and the only complaints were from people who couldn't play games on their machines any longer. So sorry, no games at work. We are so mean.

--Doug Humphrey, CEO Cidera
Read the rest in Wired News: All Aboard! (But No PCs Allowed)

Friday, November 1, 2002

I am not fond of copy constructors. In fact, I'm not very fond of constructors at all. The problem is that the code that creates the object with a constructor is defining the object's type. In all other operations, the code that uses an object effectively only defines that the object is at least a certain type. Constructors are an exception to that rule. I don't think that exception should exist.

You can also think of it this way: new Foo should turn into an invocation of a static method that might create a subclass. The static method could look at the parameters and say: I will create a Foo subclass that is efficient for these kinds of parameters. At the point where you want a Foo, there are myriad reasons why the implementer of Foo may know you want a subclass, but you don't know it. And maybe you shouldn't know it, because next week a different set of decisions might make sense. The actual class of object that gets created is an implementation detail. You need something that is at least a Foo. You should go to the Foo class and say: I need something that is at least what you are, and here are the initialization parameters. Other languages will do that; of all things, Perl objects do that. I think this is a better solution. By calling a copy constructor on Foo, you are asking the Foo class to get a copy of this object that is at least a Foo, which is not the Foo class's business.

--Ken Arnold
Read the rest in Java Design Issues

Thursday, October 31, 2002
JCP 2.5 breaks new ground by making open source licensing possible for those who work on Java specifications and those who create compatible independent implementations of the specifications. In addition the cost structure has been changed to allow smaller developer groups and individual developers to gain broader access to Java specifications, often times free of cost

--Jason Hunter

Wednesday, October 30, 2002
We were lied into Vietnam, and we're being lied into a war right now.

--Daniel Ellsberg
Read the rest in Wired News: Ellsberg: Still Rabble - Rousing

Tuesday, October 29, 2002

One argument for privatising every field in Java is that if you then laboriously write pairs of get... and set... methods for each field then you can (later) put in consistency checks for valid field values, automatic updating of indices, security checks, etc. by modifying or overriding those get/set variables.

Ideally, of course, one would have a language where foo.bar = baz is just a shorthand for foo.setBar (baz) and foo.bar is short for foo.getBar (), like my beloved Dylan, since then you can declare fields public or public-read private-write as you see fit and still add behaviour later. Or remove the actual field storage altogether and replace it with a computation.

--Alaric B. Snell on xml-dev mailing list, Wednesday, 23 Oct 2002

Monday, October 28, 2002
What if we kill Saddam and take over the oil fields, in a 50-50 split with the Russians, and begin to pump them like crazy to rebuild Iraq? Would we be shocked that oil would crash through $20? How much FedEx or United Parcel or Southwest or jetBlue would you like to own if that happened? Would you like to catch the AMR double? The UAL triple? Heck, I'd even rent US Airways stock for a day or two if that scenario played out.

--James J. Cramer
Read the rest in Bear Trap

Sunday, October 27, 2002
I never much liked Macs. All the interesting stuff is hidden away.

--Linus Torvalds
Read the rest in Torvalds: Next Linux due by June - Tech News - CNET.com

Saturday, October 26, 2002
C++ and Java have pretty much given OO a bad name. Meyer's work in Eiffel proves that OO did not need to ditch axioms from abstract data types. Kay's work in Smalltalk proves that OO did not need to ditch dynamicism. Stroustroup started out with a solid, practical core and made too little fuss as a committee ruined it. Joy, as far as I can tell by the language he spawned, enjoyed strapping straitjackets onto paramedic training dummies.

--Uche Ogbuji on the xml-dev mailing list, Friday, 25 Oct 2002

Friday, October 25, 2002

Here is a scene that happens at some point in almost every young company. The founder/CEO/technical visionary meets with his board and finds him or herself out of a job. How could this happen? Well, the company has grown to the point where the board feels that "professional management" is required, so they are bringing in a new management team. The new team is composed of old friends and classmates of the board, and the new team costs five to 10 times as much, but that's okay because the company is "hiring for growth." This new team cuts staff, cuts costs and outsources everything that can be outsourced, with the result that earnings are improved and the stock goes up or the company makes itself look better for an Initial Public Offering. The professional managers get big bonuses, they exercise mountains of stock options, sell those option shares, then go on to some other, even bigger, job having "saved" the company, which then stagnates, goes into a slow decline, and is eventually acquired by a competitor.

In the PC industry, this is the path followed by almost every company. On the software side look at Borland, Broderbund, Personal Software, Lotus, WordPerfect and hundreds of others. The similarly afflicted hardware companies are so many that the names become a blur. All these companies, even though some of their names may remain, are effectively dead. Certainly, they bear no resemblance at all to what they once were. And every one of these companies had something else in common: At the time their management was displaced, they were profitable and had money in the bank.

--Robert X. Cringely
Read the rest in I, Cringely | The Pulpit

Thursday, October 24, 2002
It is always the dream of corporations to give people things that seem like money to people without giving them any actual money. In the dot-com era, we had stock options. Now we don't have that option anymore. More and more companies are giving rocks. They are actually paperweights that say "quality" or have some other inspirational message. They are morale building mementos that by any other definition are in fact rocks. Companies are telling people they are not getting a raise and then are handing them a blunt object. I'm surprised there hasn't been more trouble.

--Scott Adams
Read the rest in Weasels rule, Scott Adams says

Wednesday, October 23, 2002
We're forced into a position where we're either out of compliance with Microsoft's licensing, which is not acceptable, or we're out of compliance with the law, which is not acceptable either. Under these circumstances, we'll probably change our operating system.

--Lester Warby, CIO, Seattle Metropolitan Credit Union
Read the rest in Is Microsoft Licensing Forcing Banks to Break The Law?

Tuesday, October 22, 2002
I joined Sun--actually, a small Sun spin-off called FirstPerson--in August 1993. I knew about the company because a few of my favorite coworkers had left NeXT to work at FirstPerson. But my main reason for joining was that I loved the cartoony user interfaces FirstPerson was developing, interfaces that featured a character nicknamed Duke.

--Kathy Walrath
Read the rest in The J2EE(tm) Tutorial

Monday, October 21, 2002
Python is a dynamic programming language with the power of well-known languages such as Java, C++, and Smalltalk. In fact, Python is leaner and meaner than any of these languages and yet very expressive; it doesn't talk much, but it has a lot to say.

--Richard Hightower
Read the rest in Python Programming with the Java Class Libraries, p. xi

Sunday, October 20, 2002
I now use Java for most of my programming work, primarily on UNIX systems (including Mac OS X). I admire and very much like doing Java programming. In many ways it reminds me of using Pascal and Modula-2 when I was younger. It's clean, simple, and safe. In many ways I feel that Java is to C++ as Pascal and Modula-2 are to C. Java lets you do 95% of what you need to do in object-oriented programming, with 10% of the complexity of more "advanced" languages like C++.

--John L. Norstad
Read the rest in John Norstad's Autobiography

Saturday, October 19, 2002
Security is a commons. Like air and water and radio spectrum, any individual's use of it affects us all. The way to prevent people from abusing a commons is to regulate it. Companies didn't stop dumping toxic wastes into rivers because the government asked them nicely. Companies stopped because the government made it illegal to do so.

--Bruce Schneier
Read the rest in Counterpane: Crypto-Gram:

Friday, October 18, 2002
Getting down 20 percent over an 18-month period is a tough decision, but it's the right one to do at this point

--Scott McNealy
Read the rest in With layoffs, Sun eyes profitability

Thursday, October 17, 2002
Anyone who thinks that spy codes aren't much of a problem takes Microsoft statements (lies and all) at face value. In this case the fact that Redmond is saying very little and not even following their own security procedures (bulletins etc) is a sure sign that this is a big problem that the company wants to hide.

--Woody Leonhard on the Woody's Office Watch mailing list, Tuesday, 15 Oct 2002

Wednesday, October 16, 2002
My top-level question about Sept. 11 is, do we really want to live in a world in which U.S. intelligence can detect every half-million-dollar, 20-person, two-year activity? I'm very concerned that a number of things from the rise and power of intellectual property purveyors to the hard-to-resist concerns for life and limb that has given new life and power to police institutions are going to lead us toward a much more rule-bound and controlled society.

--Whitfield Diffie
Read the rest in Q&A Whit Diffie

Tuesday, October 15, 2002
The spirit of the Bitkeeper license is the spirit of the whip hand. It is the spirit that says, "You have no right to use Bitkeeper, only temporary privileges that we can revoke. Be grateful that we allow you to use Bitkeeper. Be grateful, and don't do anything we dislike, or we may revoke those privileges." It is the spirit of proprietary software. Every non-free license is designed to control the users more or less. Outrage at this spirit is the reason for the free software movement. (By contrast, the open source movement prefers to play down this same outrage.)

--Richard M. Stallman
Read the rest in Linux and Main - RMS remarks, gets responses, on the BitKeeper license "outrage"

Monday, October 14, 2002
I'm glad it's a good old i variable. You just can't beat an i loop for smooth running, you know. Call me old-fashioned, but I can't be doing with iterators. I'm sure programmers think they look lovely in source code but, when all is said and done, it's not programmers that get to execute it, is it? Programmers think exceptions look nice in the source code; two bits will get you a nybble that they wouldn't be so glib with their throws and re-raises and finallys if they had to unwind their own stacks. Handling an exception is like sliding down a four-storey staircase on your backside.

--Verity Stob
Read the rest in Dr. Dobb's Journal, November 2002, p. 12

Sunday, October 13, 2002

Some people view simplicity -- and again, I mean the external simplicity, the user's view -- as something that happens if their system is internally simple. I am saying you should strive for external simplicity on its own.

Just like you should strive for efficiency or clarity, you should strive for simplicity. And returning to taste, striving for simplicity requires that you make choices. You have to say to the user, "You know, frankly, you think you want to do this, but you really don't. And if you really do need to do it, come back and beat me up. Show me why, and we'll do it later." To achieve simplicity, you sometimes have to say, "You think you want this, but you're not quite right." That is arrogance, the arrogance of taste.

--Ken Arnold
Read the rest in Taste and Aesthetics

Saturday, October 12, 2002
APIs are no substitute for actually understanding what is going on in any system. In some cases -- such as complex calculations and the like -- I can see why APIs are vital. But for things like HTTP -- protocols -- I have my doubts. The APIs get in the way of understanding the concepts, which are really quite simple. When the API hits the wall -- as happened in my case -- your productivity hits the wall too, unless you can think past the API to the underlying reality.

--Sean McGrath
Read the rest in ITworld.com - XML IN PRACTICE - APIs Considered Harmful

Friday, October 11, 2002

Unix software and Unix services are sold at high prices because they have always been sold at high prices and prices in defined market segments are almost always "sticky". When Unix came to broad markets in the very early Eighties of the last century, Unix and Unix stuff were cheaper than the competing Big Iron products, or were seen to be by many buyers, for many of the same reasons that much free software today is perceived to be less expensive than older stuff. So Unix was the low price product back then, and Big Iron was the high priced product. Today the price of Unix looks high because it is now being compared with stuff sold for "personal computers". But because it is "Unix", the price does not fall as far as an idealistic fan of free markets might have predicted. Sun will simply not reduce by much the price of its Unix stuff, nor will most vendors whose stuff runs on top of Sun Unix.

The excuses proffered for the pricing of Unix stuff are, of course, simply fantasies by which vendors of Unix stuff justify to themselves their usually irrational over-pricing.

--Jay Sulzberger on the wwwac mailing list, Friday, 6 Sep 2002

Thursday, October 10, 2002

Sometimes it seems faster to avoid modularity. Fred Brooks explains the issue very well; modular software is part of a "programming system" and takes longer to write than a plain old program. Three times longer. Robust, tested, documented, maintained software is part of a "programming product" and also takes three times longer than just typing in a "works for me" program.

Something you can support for serious customers over a period of years combines both these qualities into a "programming systems product" and takes _nine_ times as long to create. The gap between "works for me" and "supportable product" is order-of-magnitude.

Ignoring modularity is a false economy, it just keeps you from scaling your system to larger size or higher quality. You can write the small, local bit of code more quickly without modularity, but you slow down the big picture by preventing developers from working in parallel.

--Havoc Pennington
Read the rest in OSNews.com - Exploring the Future of Computing

Wednesday, October 9, 2002
What would the future be like without Mozilla? There's the frightening risk that Microsoft Internet Explorer would become the Mr. Burns of our online Springfield. Browsers are our increasingly essential portal to banking, shopping and learning, and if Explorer becomes the only game in town, there'd be the possibility that the Internet would exploit the user instead of the other way around. Remember that Microsoft is the company that wanted every word on every Web page in the world to become a link to one of its ad partners.

--Andy Ihnatko
Read the rest in New day dawns thanks to Mozilla software

Tuesday, October 8, 2002
Identix, of Minnesota, one of the largest face-recognition-technology companies, contends that in independent tests its FaceIt software has a success rate of 99.32 percentåÑthat is, when the software matches a passenger's face with a face on a list of terrorists, it is mistaken only 0.68 percent of the time. Assume for the moment that this claim is credible; assume, too, that good pictures of suspected terrorists are readily available. About 25 million passengers used Boston's Logan Airport in 2001. Had face-recognition software been used on 25 million faces, it would have wrongly picked out just 0.68 percent of themåÑbut that would have been enough, given the large number of passengers, to flag as many as 170,000 innocent people as terrorists. With almost 500 false alarms a day, the face-recognition system would quickly become something to ignore.

--Charles C. Mann
Read the rest in The Atlantic | September 2002 | Homeland Insecurity

Monday, October 7, 2002

Registered traveler IDs could well become extremely coveted by terrorist organizations. Some of these groups would likely be willing to recruit and prepare operatives who remained law-abidingly dormant for years, in order to place terrorist sleepers in a position to obtain those nifty ID cards.

All the fancy computerized biometric systems in the world won't tell you if the person holding the card is a would-be terrorist who successfully qualified for registered status. They could be all-American, too. Oklahoma City bomber and decorated Vietnam vet Timothy McVeigh might well have qualified for a registered traveler card.

Even one screwup in handing out these IDs -- if it permits a terrorist to pass through airport security with a lesser degree of scrutiny -- could be catastrophic.

--Lauren Weinstein
Read the rest in Register Air Travelers? P-shaw!

Sunday, October 6, 2002
åÊ åÊIt's nice that the U.S. Department of Justice recognizes that Microsoft abused its monopoly power. But someone really needs to go after guys like Bill Gates, Steve Ballmer and Jim Allchin for the more heinous crime of voluntary wordslaughter. I'm talking about how they beat the term innovation to death. One gets the impression they think they can justify their anticompetitive business practices if they simply learn to mouth the word innovation when they belch. But don't worry. I don't know of anyone under the illusion that Microsoft innovation extends beyond the areas of marketing and licensing, so I won't spend any more time torturing that deceased Clydesdale.

--Nicholas Petreley
Read the rest in What's New? - Computerworld

Saturday, October 5, 2002
The two worst run industries in America are the telecom and the airline. Maybe WorldCom should merge with United and Sprint should merge with Delta. Imagine the possibilities of bad customer service, overbilling, doublebooking, golden parachutes, corrupt executives, demoralized workforces, customer complaints and gaping national security holes. All we need is Salomon Smith Barney and Goldman Sachs to get involved and we'll be living in a society where planes fall out of the sky and no one can dial 911 because our phones don't work. But it will be ok because a small group of middle-age white men will be making billions on all of it.

--Ben Silverman
Read the rest in Dotcom Scoop: As The WorldCom Turns

Friday, October 4, 2002
Yes, Virginia, it is possible to create a software development environment which is so difficult to use that no human being can do it. ATL and COM+ are my two favorite examples (the latter is so complicated that only one man on Earth, Don Box, actually understands everything that's going on). C++ itself comes pretty darn close. But most programmers are too macho to admit this.

--Joel Spolsky
Read the rest in Joel on Software - Working on CityDesk, Part IV

Thursday, October 3, 2002
I believe that if, in a generous gesture, we gave the Java language to the world (if we released our reference implementations under an open source license), Java technology would become even more popular because the community would build bridges between the Java language and languages like Perl and Python that are often entry points for new programmers.

--Danese Cooper
Read the rest in Open Source Advocate Danese Cooper on Open Source

Wednesday, October 2, 2002
It is very easy to fix the example exploit that I came up with. But to fix the inherent flaws in Passport is a pretty complex task.

--Marc Slemko
Read the rest in Security problems open Microsoft's Wallet

Tuesday, October 1, 2002

McNealy argues that Open Source is threatening licensing revenue needed to finance J2EE's advertising and R&D. Well, with a rumored $42B in the bank, Microsoft will ALWAYS outspend Sun on marketing. Good marketing starts with a good product; don't assume developers are dumb. JBoss has spent $0, I repeat "ZERO" dollars, on marketing and manages to get more downloads than Sun's own J2EE Reference Implementation. JBoss also enjoys an excellent reputation, better than many heavily marketed products out there. Scott, please forget our Open Source nature for a second and IMAGINE the impact we would have with just a fraction of Sun's marketing dollars and with Sun's backing. You don't need Microsoft's budget, you need JBoss and the people behind it; you need Open Source!

As for financing R&D with software licensing, there is a way around that. We don't charge licensing fees at JBoss Group. Our solution to financing development is to pursue the services route. J2EE is a very services intensive market. Those who know how to take advantage of this are sitting on a moneymaking machine. We certainly aren't the only ones to come to this realization. It is also IBM's take on J2EE, where they often discount software licenses if they can make money on services, or, like Sun, on hardware. At JBoss Group, we bill our services at expert rates. We understand Open Source, we understand remote networking and we understand the code because we wrote it.

--Marc Fleury
Read the rest in JBoss > COMING VERY NEAR

Monday, September 30, 2002
It's a double standard for people to keep suggesting that the Greens have a responsibility to avoid hurting the Democrats rather than arguing that the Democrats have a responsibility to pass instant-runoff voting

--Michael Feinstein, mayor of Santa Monica
Read the rest in Greens at the Crossroads

Sunday, September 29, 2002

You are falling into the benchmark trap, assuming up front that the benchmark itself is valid. Or that the validity of the benchmark exceeds its own weaknesses. Or that the weaknesses of the benchmark do not exceed the purportedly measured weaknesses of the JVM. You're putting the cart before the horse, begging the question, or at best tacitly assuming the validity of the unproven measuring tool.

While a supposed benchmark may run fast or slow, many of them do not measure what they claim to measure. Or they measure more things than they intend, and present "tainted" measurements. It is astonishingly easy to write irrelevant benchmarks, or to think that they measure something that they do not measure.

This is a classic problem with ANY measurement. How do you know that the measuring tool is any good? How do you know it measures what it claims to measure? How do you know what other factors influence measurement errors? Are there other measuring tools that are better?

--Greg Guerin on the java-dev mailing list, Saturday, 28 Sep 2002

Saturday, September 28, 2002

Here is the plan. Everyone who hates the DMCA has to illegally copy a movie or a song, and then tell both the Congress and the U.S. Copyright Office exactly what they did. We need 10 million or so confessed and unrepentant intellectual property pirates. That's too much illegal behavior to ignore (What could 10 million pirated copies of "Debbie Does Dallas" be worth?), but too many individual criminals to be prosecuted. Then, having pirated our movie or song, we also need to turn ourselves in to the authorities, clogging every hoosegow in America, facing our potential $10,000 fine, each of us demanding the jury trial we are guaranteed under the Constitution.

If we all do this, REALLY do it, the DMCA will be gone in a year. This follows the simple principal that if you or I drive 100 miles-per-hour on the highway, we get a ticket, but if EVERYONE drives 100 miles-per-hour, they change the speed limit. "They," whoever that is, can't afford to annoy so much of the population. We are, after all, the folks who elect all these officials who keep telling us what we can and can't do. But it isn't enough to just threaten to vote against your Congressman. To make the system really change we have to work it to death by all becoming criminals.

--Robert X. Cringely
Read the rest in I, Cringely | The Pulpit

Friday, September 27, 2002
Microsoft's .NET is like instructions for how to replace the kink joint in the plumbing in your bathroom sink. It's pretty straightforward how you tell a homeowner to hook that up. JXTA is like the plans for how to core down through the street outside to the water main -- you have to think about the pressure of that pipe.

--Clay Shirky
Read the rest in Open Source Advocate Danese Cooper on Open Source

Thursday, September 26, 2002
The entire theme of the copyright community is that downloading off the Web is both illegal and immoral. It is neither.

--Gary Shapiro, CEO Consumer Electronics Association
Read the rest in Trade group: P2P not illegal or immoral

Wednesday, September 25, 2002
Intentional design choices and unintentional bugs in Microsoft Windows, Outlook, Word and Explorer have created vulnerabilities so numerous they've become legendary. Shoddy default settings have practically begged intruders to plunder Windows-equipped PCs. Any serious look at Internet security has to start with the world's largest software company.

--Declan McCullagh
Read the rest in Microsoft's new deal with Uncle Sam

Tuesday, September 24, 2002
Times have changed since the 1970s, when a relative unknown by the name of Bill Gates argued that charging for software licenses was a necessity in order to finance the huge upfront R&D cost necessary to develop an operating system. Since that time, the subsequent growth of the Internet and the accompanying improvement in Open Source developers' ability to collaborate and develop high-quality software, challenge both Microsoft and Sun's assumption that software development need be accomplished at great expense. Open Source software is not "free" R&D, but it does come at a very small cost. At JBoss, a lot of our professional motivation as developers is tied to the personal satisfaction that can be obtained through the Open Source lifestyle. It's about being your own boss, doing the work you enjoy, living and working where you want, collaborating with your peers worldwide, getting to see the kids grow up. By selling product-related services, many of us are able to work full time on JBoss, with an income as good, if not better, than any corporate development jobs I know of. Compared to the workplace opportunities of our parents' generation, this is priceless

--Marc Fleury
Read the rest in JBoss > COMING VERY NEAR

Monday, September 23, 2002
Saddam accused the UN inspectors of working for the CIA. And he was right. The United States, it emerged, was using the UN's Baghdad offices to bug Iraq's government communications. And once the inspectors were withdrawn in 1998 and the US and Britain launched "Operation Desert Fox", it turned out that virtually every one of the bombing targets had been visited by UN inspectors over the previous six months. Far from being an inspectorate, the UN lads å‹ though they didn't all know it å‹ had been acting as forward air controllers, drawing up an American hit list rather than monitoring compliance with UN resolutions.

--Robert Fisk
Read the rest in Independent Argument

Sunday, September 22, 2002
Every security system will fail. This is a vital concept. A good system lets you quickly detect failure, fix the problem, and apply necessary remedies.

--Walter Glenn on the cbp mailing list, Tuesday, 17 Sep 2002

Saturday, September 21, 2002
porting from Java to .NET is so easy that it's not fun :-)

--Kohsuke Kawaguchi on the xml-dev mailing list, Saturday, 21 Sep 2002

Friday, September 20, 2002

I haven't had to upgrade my Windows to run a new version of Java in a long time. Windows 98 and NT 4 still run JDK 1.4.0 quite happily. Linux you could have stayed on 2.2.12 for the last 3 years to run it. So yes, forcing people to upgrade to a new OS (a charge for it too) to get a new version of Java is unique to Apple.

What is also unique to Apple is not releasing early versions to all so that people can try it and find bugs. How did Sun get 10,000 bugs into its database on JDK 1.4? It wasn't by charging for access to early releases or putting developers under NDAs.

--Andrew Newman on the java-dev mailing list, Friday, 20 Sep 2002

Thursday, September 19, 2002

It takes a lot of energy to maintain an open source project. Most participants will try to harmonize within the community rather than forking and working against whatever momentum the primary project has. There's a major cultural taboo against wasting energy like that.

I understand the fear that Open Source will ruin the Java language, but those people don't realize that putting your code into Open Source doesn't mean you have to accept "all" the contributions. It doesn't mean that ice weasels will descend on your codebase and rip it to shreds. We've run into that fear on every open source project we've set up so far, but its been unfounded.

--Danese Cooper
Read the rest in Open Source Advocate Danese Cooper on Open Source

Wednesday, September 18, 2002
I am beginning to believe in disposable software for many applications. I know this sounds very "extreme programming" - ish but my belief on this is that until you actually get your hands dirty on a project and you get some feedback from the people using the tool ( or whatever it is ) you don't really have enough information to judge what the best usage of design effort is. Most projects are over designed and over engineered and many miss the mark. Not because of bad engineering but because there is not enough information to design the project for even 1 year in the future.

--Thomas Maciejewski on the xml-dev mailing list, Tuesday, 17 Sep 2002

Tuesday, September 17, 2002

We need a war with Iraq. It would help distract Americans from the scandals surrounding the president (and more broadly from the fact that our failing economy is killing the planet) than the start of football season: Nothing compares to the patriotic thrill of watching grainy footage of Iraqi radar facilitiesåÑor maybe houses or hospitals; the resolutionåÕs never quite good enough to tellåÑexplode into fragments, or better, simply vaporize from the pressure of the blasts.

We need a war with Iraq. It allows those who run the U.S. governmentåÑboth the politicians, who run the nominal government, and the CEOs, who run the de facto governmentåÑto talk about new jobs while increasing their fortunes. It allows the top 1% of AmericaåÕs power elite to speak of patriotism while sacrificing lives less valuable than their own. It brings about an urgencyåÑa frenzy, evenåÑthat allows the rationalization of massive public expenditures without even the illusion of a greater good or benefiting the public. It allows them to further centralize political and economic power under the guise of efficiency and national security. It allows them to imprison or execute those who oppose this centralization, with no fear of repercussion. It allows them to praise themselves and others like them for giving voice to an urge to destroy. It allows them to invent, deploy, and use no end of nightmarish devices. It allows them to kill, or rather give orders so others must kill, with no fear of public censure. It allows them to pull off the mask of public nicety and more fully concentrate and exercise their power, or more precisely, their power to destroy.

--Derrick Jensen
Read the rest in We need a war with Iraq

Monday, September 16, 2002
The latest botched Florida election has much to do with technology, not just incompetence among election workers. The computerized balloting was nothing less than a fiasco, with some precincts reporting turnout as low as zero percent in a hotly contested primary election.

--Dan Gillmor
Read the rest in Mercury News | 09/14/2002 | Blame clumsy vote count partly on technology

Sunday, September 15, 2002

Sadly, many US communities seem to feel that it is necessary to rush ahead with voting equipment procurements, while reliable systems, appropriate testing, usability, security, and auditability procedures, and other safeguards, are years away. Florida 2000 woke us up to what many already knew -- our voting systems and laws were flawed. Florida 2002 lets us know that expensive computers can not and will not provide the answer to our election troubles.

For the short run, communities that have purchased malfunctioning equipment should return it to the manufacturers and request refunds. There should be an immediate moratorium throughout the United States (and world) on the procurement of electronic voting systems that do not provide voter-verifiable paper ballots. In other words, if your community is thinking of buying touchscreen or other fully-computerized voting equipment, don't let them do it!

--Rebecca Mercuri, Bryn Mawr College
Read the rest in The Risks Digest Volume 22: Issue 24

Saturday, September 14, 2002
Take, for example, the Nintendo GameCube. There's only one obvious way to plug in a controller, and the controllers plug into the front of a console. Why is that, do you think? Is it possible that's where you intend to use the controllers? Don't we also use keyboards and mice in front of the PC? Or consider the fact that wireless controllers on a GameCube are (gasp!) wireless. The receivers sit right on the GameCube itself. The receiver for my so-called wireless keyboard has a long wire so that I can place the receiver on my desk. And can we finally shoot and stuff the inventors of PS/2 plugs and any other round connectors one has to twist to find the sweet spot for pushing them in? At least you have only a 50% chance of frustration with a USB connector, because the worst you can do is get it upside down where it doesn't fit. But it should be illegal to produce ribbon cables without the tabs that prevent you from plugging them into your disk drives the wrong way, or to produce a motherboard with connectors that allow you to plug the cables in wrong even when the cable has the tab. I haven't seen the new serial cables for the upcoming high-speed IDE drives, but I hope they won't have this problem.

--Nicholas Petreley
Read the rest in What's New? - Computerworld

Friday, September 13, 2002
Premature optimization is the root of all evil.

--Donald Knuth
Read the rest in "Structured Programming with go to Statements", Computing Surveys 6 (1974): 261-301

Thursday, September 12, 2002

Computer programs are often overoptimized. It may not be worthwhile to take pains to ensure that an implementation of a particular algorithm is the most efficient possible unless the algorithm is to be used for an enormous task or is to be used many times. Otherwise, a careful, relatively simple implementation will suffice: We can have some confidence that it will work, and it is likely to run perhaps 5 to 10 slower at worst than the best possible version, which means that it may run for an extra few seconds. By contrast, the proper choice of algorithm in the first place can maker a difference of a factor of 100 or 1000 or more, which might translate to minutes, hours, or even more in running time.

--Robert Sedgewick
Read the rest in Algorithms in Java, 3rd edition, p. 6

Wednesday, September 11, 2002
Dell charges extra for GNU/Linux loaded on its "servers" because Microsoft has threatened them. Microsoft has threatened that unless Dell overcharges for GNU/Linux Microsoft will take some action which Dell imagines would hurt Dell. Of course, unless Microsoft were to gain real monopoly power by getting control of the hardware, there is nothing Microsoft can do to hurt Dell. If Michael Dell were to go to Bill Gates and say "Bill, I have decided you will pay me fifty dollars for each box I sell with your stuff on it, otherwise I'll put some other OS on." Gates would say to Dell "Where do I sign?". Gates would also say to his lieutenants "Find out whom we must talk to make the Xbox the only Infotainment Central licensed home device."

--Jay Sulzberger on the wwwac mailing list, Friday, 6 Sep 2002

Tuesday, September 10, 2002

Yes, at some point a design is so simple it doesn't work anymore, right? I think the fundamental way you get simple, yet sufficient, systems is to ask yourself some questions. First, what does the user need to accomplish? Let me back up and explain what I mean by user. I have this really weird radical notion. Every great idea starts off with an absolutely radical notion. I am immodest enough to think I have this great idea. And the radical notion that founds it is that programmers are people. Now if you accept this premise, then the next step is to say that designing tools for programmers, including languages, APIs, and compilers, is a human factors problem. And so we should ask the same kinds of questions that people ask about GUIs [graphical user interfaces]. Is it easy to do what you need to do? Is it natural? Are simple things simple? Are complicated things complicated? Are dangerous things hard to do? Are common things easy to do? Are similar things done in a way that is naturally similar to the person?

You start asking all these questions. And if you do that right, like with a GUI, you come up with something easy to use. It may be rich and complicated, but it has an easy starting point and easier mechanisms to learn things.

However, the more common way to think of design is, "What can I, the designer, do?" instead of, "What does the user want to do?" For example, we could have done many things with JavaSpaces, but our capabilities were of no value. It is the user's desires that were of value.

--Ken Arnold
Read the rest in Perfection and Simplicity

Monday, September 9, 2002
The open-source people are still innovating, and that will continue. The problem is that we are dependent upon commodity hardware, but if motherboards won't boot Linux anymore then we are in trouble, and there are certainly people who want to make that happen.

--Bruce Perens
Read the rest in Corporate Paws Grab for Desktop

Sunday, September 8, 2002
I'm not proud. We really haven't done everything we could to protect our customers ... Our products just aren't engineered for security.

--Brian Valentine, Senioe Vice President, Microsoft
Read the rest in Lead Windows developer bugged by security

Saturday, September 7, 2002

Disappointment with C++ indeed follows from exaggerated hopes. Earlier discussions in this book have carefully analyzed some of the language's more controversial design choices — especially in the areas of typing, memory management, inheritance conventions, and dynamic binding — and shown that better solutions are available. But one cannot criticize C++ as if it were the be-all and end-all of object-oriented languages. What C++ has attempted, and achieved beyond anyone's dreams, was to catch a particular moment in the history of software: the time at which a large part of the profession and its managers were ready to try object technology, but not ready to shed their current practices. C++ was the almost magical answer: still enough not to scare the managers; already O-O enough to attract the forward-looking members of the trade. In seizing the circumstance, C++ was only following the example of C itself, which, fifteen years earlier, was another product of coinciding opportunities — the need for a portable machine-oriented language, the development of Unix, the emergence of personal computers, and the availability of a few decommissioned machines at Bell Labs. The merits of C++ lie in the historic boost it gave to the development of object technology, making it presentable to a whole community that might not have accepted the ideas under a less conventional apparel.

THat C++ was not the ideal object-oriented language, a comment regularly made by authors and lecturers in the field, and obvious enough to anyone who has studied the concepts, should not obscure this contribution. We must not look at C++ as if it were destined to remain a major tool for the software engineering community well into the twenty-first century, as it would then be overstaying its welcome. In the meantime C++ has admirably played its role: that of a transition technology.

--Bertrand Meyer
Read the rest in Object Oriented Software Construction, 2nd edition, p. 1135

Friday, September 6, 2002

The float and double types are designed primarily for scientific and engineering calculations. They perform binary floating point arithmetic, which was carefully designed to furnish accurate approximations quickly over a broad range of magnitudes. They do not, however, provide exact results and should not be used where exact results are required. The float and double types are particularly ill-suited for monetary calculations because it is impossible to represent 0.1 (or any other negative power fo ten) as a float or double exactly.

The best solution to this problem is to prohibit subclasing in classes that are not designed and documented to be safely subclassed.

--Joshua Bloch, Effective Java, p. 149, Addison-Wesley, 2001

Thursday, September 5, 2002
programmers who start businesses often have the bad habit of thinking everybody else is a programmer just like them and wants the same stuff as them, and so they have an unhealthy tendency to start businesses that sell programming tools. That's why you see so many scrawny companies hawking source-code-generating geegaws, error catching and emailing geegaws, debugging geegaws, syntax-coloring editing tchotchkes, ftping baubles, and, ahem, bug tracking packages. All kinds of stuff that only a programmer could love.

--Joel Spolsky
Read the rest in Joel on Software - Rub a dub dub

Wednesday, September 4, 2002
Cryptophiles, Schneier among them, had been so enraptured by the possibilities of uncrackable ciphers that they forgot they were living in a world in which people can't program VCRs. Inescapably, an encrypted message is harder to send than an unencrypted one, if only because of the effort involved in using all the extra software. So few people use encryption software that most companies have stopped selling it to individuals.

--Charles C. Mann
Read the rest in The Atlantic | September 2002 | Homeland Insecurity

Tuesday, September 3, 2002
What counts for me are the details, and they were all wrong. I found so many UI errors in OS X, I couldnåÕt believe it. A huge amount of work that went into designing the ultimate GUI was thrown away and all we got back was a bag full of candy that was dog slow.

--Maarten Hekkelman
Read the rest in Daring Fireball: Pepper Author Maarten Hekkelman

Monday, September 2, 2002
Don't buy computers from Dell, go to Wal-Mart and buy them. You'll get just as much technical support.

--Scott McNealy
Read the rest in Dishin' the Dirt at LinuxWorld

Sunday, September 1, 2002
The handwriting recognition is unbelievable, but the best thing about owning a Newton has to be the community. In the time it takes to get put on hold by a Handspring tech support agent, you can have 15 different solutions for your problem from Newton users worldwide.

--Jonathan Wise
Read the rest in Apple's Newton Just Won't Drop

Thursday, August 29, 2002

But what about ordinary concrete classes? Traditionally, they are neither final nor designed and documented for subclassing, but this state of affairs is dangerous. Each time a change is made in such a class, there is a chance that client classes that extend this class will break. This is not just a theoretical problem. It is not uncommon to receive subclassing-related bug reports after modifying the internals of a nonfinal concrete class that was not designed and documented for inheritance.

The best solution to this problem is to prohibit subclasing in classes that are not designed and documented to be safely subclassed.

--Joshua Bloch, Effective Java, p. 82, Addison-Wesley, 2001

Wednesday, August 28, 2002

Microsoft was once something to behold. They saw an idea or two, cribbed them, took them to market, and steamrolled it into a new metaphor for success. Things would be fine if they continued to make strides like they made in the first half of their life. But they didn't. Then one day they looked on the horizon and said, "We can't generate the revenue we need on the current license renewal trending" and began to announce features that would never appear, and withhold critical bug fixes to invent reasons to upgrade. Then that blew up, and they had to threaten audits and lawsuits to keep the herd in front of the glacier.

And let's not forget, illegally leveraging their monopoly into markets they were sure would one day help keep their revenue projections in line with reality.

--Jeremy Hogan
Read the rest in Commentary: Is Red Hat the Microsoft of Linux?

Tuesday, August 27, 2002
A lot of code has been rearranged (change of variable names, loop unrolling etc. -- every student programmer once tried those tricks if he'd face the situation when time was running out and he had a working copy of a colleague's and had to modify it for his/her own needs -- but very seldom does this work out) Those code changes have no real use, they add no functionality, they don't improve anything -- they are just there to disguise the stealing of intellectual property.

--Michael Militzer
Read the rest in XVID leader: Despite code release, Sigma GPL problem still isn't resolved

Monday, August 26, 2002
Don't skip the design stage. At one point, our open source project went from being a 'new, small, fast, standards compliant browser' to being a superset rewrite of Netscape Communicator 4.x (a mature, full featured product), without any adjustment in the schedule. Due to impossible time constraints, an explicit design phase was largely skipped (along with requirements gathering and functional specification), with the substitute being 'just make it work like 4.x wherever you can'. Since the product was different, with many new participants who had little time, there were many exceptions, deviations, and features where the basic look was copied, but subtle detail was ignored or wrong. We wound up spending longer getting requirements in the form of bug reports, and doing design by accretion, backout and rework. Don't let rushed coders drive things, design the product.

--Peter Trudelle
Read the rest in Shall We Dance? Ten Lessons Learned from Netscape's Flirtation with Open Source UI Development

Sunday, August 25, 2002
We can't declare war on everything.åÊåÊWe've declared a war on poverty, a war on drugs and a war on terrorism.åÊ To declare war suggests there will be an end, a victory.åÊ How can there ever be an end to "wars" such as these?åÊ Is the word "war" just a catch phrase to get us all fired up?åÊ There is no war.åÊ There can be no war, because there will be no victor, no end.åÊ So here we are put in an open-ended obligation to fight something we cannot see, someone we cannot find, animosity we will not defeat by going to WAR.

--Tara Grubb
Read the rest in Tara Grubb For Congress Radio Weblog

Saturday, August 24, 2002
SOAP is about firewall avoidance and even if we could bring the developers around to our point of view the marketers would never, ever, let anything slow the deployment of SOAP, including firewalls.

--Paul Prescod on the xml-dev mailing list, Thursday, 21 Feb 2002

Friday, August 23, 2002

Two months ago India and Pakistan appeared headed for a nuclear war. Colin Powell, the U.S. secretary of state and a former general, played a key role in talking the two parties back from the brink. But here in India, I've discovered that there was another new, and fascinating, set of pressures that restrained the Indian government and made nuclear war, from its side, unthinkable.

Quite simply, India's huge software and information technology industry, which has emerged over the last decade and made India the back-room and research hub of many of the world's largest corporations, essentially told the nationalist Indian government to cool it. And the government here got the message and has sought to de-escalate ever since. That's right -- in the crunch, it was the influence of General Electric, not Powell, that did the trick.

--Thomas L. Friedman
Read the rest in Nukes are unthinkable if business is good

Thursday, August 22, 2002
I don't pretend to be an expert on intellectual property law, but I do know one thing. If a music industry executive claims I should agree with their agenda because it will make me more money, I put my hand on my wallet -- and check it after they leave, just to make sure nothing's missing,

--Janis Ian
Read the rest in Mercury News | 08/22/2002 | Q&A: Janis Ian vs. the recording industry on file sharing

Wednesday, August 21, 2002
Real FORTRAN programmers can program FORTRAN in any language.

--Allen Brown
Read the rest in FORTRAN

Tuesday, August 20, 2002
C/C++/Java are practically the same performance for 95% of all the apps (esp 1.4 SDK for Java... NIO library is *very* fast). The people that bitch about Java being slow are the people that don't understand object-oriented technology.

--Frank D. Greco on the WWWAC mailing list, Friday, 16 Aug 2002

Monday, August 19, 2002
When I was on Wall St. Just suggesting the use of C++ was a career-ending move. (I heard a director of programming telling one of his programmers _exactly_ that.) People who really care about performance didn't use C++ or Java, and what's in-fashion didn't have much weight with the decision-makers.

--Ron Guerin on the WWWAC mailing list, 15 Aug 2002

Sunday, August 18, 2002
It is impossible to guard all potential targets, because anything and everything can be subject to attack. Palestinian suicide bombers have shown this by murdering at random the occupants of pool halls and hotel meeting rooms. Horrible as these incidents are, they do not risk the lives of thousands of people, as would attacks on critical parts of the national infrastructure: nuclear-power plants, hydroelectric dams, reservoirs, gas and chemical facilities. Here a classic defense is available: tall fences and armed guards. Yet this past spring the Bush Administration cut by 93 percent the funds requested by the Energy Department to bolster security for nuclear weapons and waste; it denied completely the funds requested by the Army Corps of Engineers for guarding 200 reservoirs, dams, and canals, leaving fourteen large public-works projects with no budget for protection. A recommendation by the American Association of Port Authorities that the nation spend a total of $700 million to inspect and control ship cargo (today less than two percent of container traffic is inspected) has so far resulted in grants of just $92 million. In all three proposals most of the money would have been spent on guards and fences.

--Charles C. Mann
Read the rest in The Atlantic | September 2002 | Homeland Insecurity

Saturday, August 17, 2002
Linux is the only operating system in major use today that was started outside of the United States, and I think it makes a difference,

--Jon "Maddog" Hall
Read the rest in International House of Penguins

Friday, August 16, 2002
To improve the efficiency of airport security screening, the FAA deployed the Computer Assisted Passenger Screening system (CAPS) in 1999. CAPS attempts to identify potential terrorists through the use of profiles so that security personnel can focus the bulk of their attention on high-risk individuals. In this paper, we show that since CAPS uses profiles to select passengers for increased scrutiny, it is actually less secure than systems that employ random searches. In particular, we present an algorithm called Carnival Booth that demonstrates how a terrorist cell can defeat the CAPS system. Using a combination of statistical analysis and computer simulation, we evaluate the efficacy of Carnival Booth and illustrate that CAPS is an ineffective security measure. Based on these findings, we argue that CAPS should not be legally permissible since it does not satisfy court-interpreted exemptions to the Fourth Amendment.

--Samidh Chakrabarti and Aaron Strauss
Read the rest in Carnival Booth: An Algorithm for Defeating the Computer-Assisted Passenger Screening System

Thursday, August 15, 2002
Corporate user resentment and dissatisfaction with Microsoft and some of its practices are at an all-time high. A myriad of issues ranging from Microsoft's perceived monopolistic practices, hyperbolic marketing, ongoing security woes, and habitually slipping ship dates of major new product releases, as well as confusion surrounding the overall .NET strategy have undermined corporate customer confidence.

-- Laura DiDio, Yankee Group
Read the rest in Linux Feels the Corporate Love

Wednesday, August 14, 2002
Linux is doing very well on the desktop. We love that, and I promise you will hear more from us on this subject. Stay tuned, you will see more.

--Scott McNealy
Read the rest in Linux Feels the Corporate Love

Tuesday, August 13, 2002
Software is becoming the oil of the 21st century, the difference being that this time the scarcity is entirely artificial. People are acutely aware that Microsoft and friends have as much power over them right now as OPEC had over people in the 1970's--and that makes them nervous.

--Alan Cox
Read the rest in Big computing flexes Linux muscle

Monday, August 12, 2002
What you will see from Sun is a lot more attention paid to Linux on the desktop, because there is a lot more growth there than anyone is willing to suggest.

--Jonathan Schwartz, executive vice president Sun Microsystems
Read the rest in Big computing flexes Linux muscle

Sunday, August 11, 2002

In the winter of 1997, I was consulting on an e-commerce project that was using Java RMI. Not surprisingly, the project failed because RMI didn't address performance, scalability, failover, security, or transactions, all of which are vital in a production environment. Although the outcome of that project is not unique to Java RMI—I have seen the same thing happen with CORBA—the timing of the project was especially interesting. Enterprise JavaBeans™ was first introduced by Sun Microsystems at around that time, and had Enterprise Javabeans (EJB) been available earlier, that same project probably would have succeeded.

--Richard Monson-Haefel, September, 2001
Read the rest in Enterprise JavaBeans, 3rd edition, p. xi.

Saturday, August 10, 2002
We have served many a lawsuit on Bill Clinton, Al Gore, and Hillary Clinton when they were in The White House. The Clinton White House accepted the papers. Never before have our process servers been threatened with arrest. If this Bush-Cheney White House is serious about corporate corruption and responsibility, it would not allow the Vice President to improperly hide behind White House security to evade service of process in the Halliburton securities fraud litigation, and it would not threaten the process server with arrest

--Larry Klayman, Judicial Watch Chairman and General Counsel

Friday, August 9, 2002

With a good implementation, we do not need to fear any negative consequence from the decision to define all types from classes. Nothing prevents a compiler from having special knowledge about the basic classes; the code it generates for operations on values of types such as INTEGER and BOOLEAN can then be just as efficient as if these were built-in types in the language.

--Bertrand Meyer
Read the rest in Object Oriented Software Construction, 2nd edition, p. 171

Thursday, August 8, 2002

My high school wasn't one of those institutions for exceptionally smart or ambitious kids, which are common in most U.S. cities. Such schools are pretty much against how Finland works. Finnish schools don't separate out the good students--or the losers, for that matter. However, each school did have its specialty, a subject that was not required but that you couldn't get at any other school. In the case of Norssen High School, it was Latin. And Latin was fun. More fun than learning Finnish and English.

Too bad it's a dead language. I'd love to get to get together with a few buddies and tell jokes in Latin or maybe discuss operating system design strategies.

--Linus Torvalds, Just For Fun, p. 25

Wednesday, August 7, 2002
Debugged code is NOT free, whether proprietary or open source. Even if you don't pay cash dollars for it, it has opportunity cost, and it has time cost. There is a finite amount of volunteer programming talent available for open source work, and each open source project competes with each other open source project for the same limited programming resource, and only the sexiest projects really have more volunteer developers than they can use. To summarize, I'm not very impressed by people who try to prove wild economic things about free-as-in-beer software, because they're just getting divide-by-zero errors as far as I'm concerned.

--Joel Spolsky
Read the rest in Joel on Software - Strategy Letter V

Tuesday, August 6, 2002

Palladium is unlikely to protect users from most exploits. There are a great number of attacks that can be executed within applications, as those applications have such power and reach. Microsoft Outlook viruses can continue to spread, as can other macro viruses. The cmd.exe execution vulnerability on IIS Web servers executes only trusted code -- but it does so in response to a Web request from an attacker.

From what I've seen, I don't think that Palladium can block any of these attacks, or most other application-layer attacks. While buffer overflows allow users to execute arbitrary code on systems, application attacks execute only approved code but nevertheless produce undesirable results. Those results can be every bit as serious as the buffer overflows that Palladium would eliminate.

--Jon Lasser
Read the rest in SecurityFocus HOME Columnists: The Devil And The Deep Blue Sea

Monday, August 5, 2002

People don't RTFM, much less the F****** Spec. Architectures that don't support the "principle of least surprise" are going to be fragile, no matter how logical and consistent their other principles might be.

Confusion IS a danger in itself, as various spacecraft lost for want of a comma, or misunderstandings of units of measurement, can attest.

--Mike Champion on the Xml-Dev mailing list, Thursday, 25 Jul 2002

Sunday, August 4, 2002

Replace the PC with a console, a.k.a. network appliance or network computer, and you create a predictable platform for software developers, which should result in much more stable software, not to mention more secure software. Network computing fizzled for a number of reasons the first time around, some of them good ones, some bad. For one thing, once Larry Ellison's low price tag was imprinted on everyone's brain, there was no way to build a network computer fast enough to run Java well, or to sell one at a profit. One very bad reason network computing failed is that we have such an irrational love affair with the PC that we tolerate its unstable and insecure design.

--Nicholas Petreley
Read the rest in A Costly Affair - Computerworld

Tuesday, July 30, 2002
Will having a firewall -- or implementing strong system security practices or being a good system administrator -- become illegal and prosecuted as circumventing copyright controls under the existing Digital Millennium Copyright Act? If Hollywood can't easily inspect your system in their quest for copyright enforcement and world control, are you now a criminal suspect?

--Richard Forno
Read the rest in The Dark Side of Hacking Bill

Monday, July 29, 2002
What differentiates the Afghan campaign from previous US military engagements is that the civilians, increasingly, have not been caught up in strikes on legitimate targets or killed as a result of bombs going astray å‹ what in military parlance is known as "collateral damage". Rather they have been deliberately targeted by precision bombers acting on flawed instructions from their superiors.

--Andrew Gumbel
Read the rest in Independent News

Sunday, July 28, 2002
while Richard Stallman argues that Linux should be called GNU Linux, there's a good argument for calling it Berkeley Linux :-) As a small data point, our informal market research, consisting of about five years of sponsoring a emacs vs. vi paintball battle at Atlanta Linux showcase, in which there was a consistent two-to-one signup for the vi team, and the fact that our vi book outsells our emacs book two to one.

--Tim O'Reilly on the Computer Book Publishers mailing list, Saturday, 27 Jul 2002

Saturday, July 27, 2002
You can't create a standard that doesn't infringe patents - PNG or Ogg Vorbis could equally be challenged. So it's no good saying something is patent free.

--Richard Clark
Read the rest in The Register USA

Friday, July 26, 2002
Microsoft is already doing this now; their developers and testers (more than 10,000 people!) are sifting through the existing Windows XP, 2000, and .NET codebases, looking for, and fixing, security flaws. It's an organized, systematic, managed process that has, and will have, no equivalent in the Linux world, simply because you can't herd cats.

--Paul E. Robichaux on the Computer Book Publishing mailing list, Monday, 22 Jul 2002

Thursday, July 25, 2002
Up until now, robotics has been more of a fringe thing and a manufacturing thing. But 20 years from now, robots are going to be both pervasive and invisible, embedded in so many different places. It won't be the C3P0 that we envision, but it'll be some type of robotic device.

--Bill Gross
Read the rest in Ideas Aplenty From Idealab Head

Wednesday, July 24, 2002
Windows emacs is better than *n*x emacs because there is *no confusion* over which keys are backspace/delete, and no escape sequences, and the names for F-keys and so on never change. I haven't changed my .emacs on windows for years and years, and I have to fiddle with it on linux/unix systems whenever I change terminal emulators or versions or look away from the screen too long.

--Tim Bray on the xml-dev mailing list, Tuesday, 23 Jul 2002

Tuesday, July 23, 2002
What bothers me even more than the corruption is the way business leaders have been presented as having the solutions to all the world's problems when in fact some of them haven't been able to run their own businesses without cooking the books and making questionable deals.

--Suzanne Lainson on the WWWAC mailing list, Saturday, 20 Jul 2002

Monday, July 22, 2002
The administration apparently wants to implement a program that will turn local cable or gas or electrical technicians into government-sanctioned Peeping Toms.

--Rachel King, ACLU
Read the rest in Is your cable guy a spy? - Tech News - CNET.com

Sunday, July 21, 2002
Palladium will allow only authorized code to run on systems equipped with compliant hardware. While this sounds like a good thing, its real purpose seems to be to protect content providers, to permit Microsoft to enforce draconian licensing schemes, and quite possibly to allow Microsoft to act as gatekeeper for all PC software, allowing them to collect royalties on that software as though those systems were nothing more than video game consoles.

--Jon Lasser
Read the rest in SecurityFocus HOME Columnists: The Devil And The Deep Blue Sea

Saturday, July 20, 2002

I have been using Mac OS X as my ONLY operating system since 10.1 came out. I don't even have Classic on my system. Using IE in Mac OS X I am able to do all my online banking with multiple credit card vendors, my bank, my wife's credit union, and the company that manages my student loans. I used Kiplinger TaxCut to file my taxes online this year.

All of these companies use Java applets, and I haven't had any substantial problems with any of them. There have been a few oddities here and there, such as strangely rendered text, but nothing that in any way inhibited the function of the applet, or my ability to make use of it.

I suppose one could say that any oddities at all are unacceptible. But that really would be whining. "Write once, run everywhere" is a nice idea, and Java has gone a long way toward achieving it, but there are going to be variations in the results. No one can possibly debug for every conceivable hardware and software combination that the code will encounter.

--Chris McCusker
Read the rest in Mac OS X Special Report: Reader Reports

Friday, July 19, 2002

One hopes sometime between now and August 24th, Apple relents and offers Jaguar pricing that rewards those of us who purchased OS X in recent months partially on the hype surrounding Jaguar. Yes, I like X, but it's still very much a work in progress. Would I have purchased my eMac last month, knowing about networking issues, spinning beach balls, iffy mail app., etc., if Jaguar hadn't been promoted heavily by Apple as the answer to these issues? Of course not. Would I have purchased it, if along with all the hype, Steve's kids added a a headline on the Apple/Jaguar promo page that said "just $129, with no break for the faithful?" Of course not!

Yes, I'm feeling a bit suckered today. I bought an eMac, complete with it's EMI problem nearly two months earlier than I should have based on Jaguar hype. Gee thanks, Steve. This is what I get for buying your products faithfully since 1988? Thanks a hell of a lot.

--Jim Neal
Read the rest in Mac OS X Special Report: Reader Reports

Thursday, July 18, 2002
We have prided ourselves on always being the cheapest guy on the block--we were going to be higher volume and lower priced than anybody else out there, whether it was Novell, Lotus or anybody else.. One issue we have now, a unique competitor, is Linux. We haven't figured out how to be lower priced than Linux. For us as a company, we're going through a whole new world of thinking.

--Steve Ballmer
Read the rest in VARBusiness : News : Ballmer: Linux Changed Our Game

Wednesday, July 17, 2002
The LCD iMac was unquestionably unique. Whether it was worth the money as anything other than an objet d'art was a different question, and though there was a burst of sales when it first became available, that ramped off rather badly and the current word is that sales have been extremely disappointing. Word is also spreading that system performance is also extremely disappointing. Not to put too fine a point on it, the new LCD iMac is a dog. It has beautiful fur, but it's lame.

--Steven Den Beste
Read the rest in USS Clueless - MacWorld Rumors

Tuesday, July 16, 2002

As you Internet users know, most e-mail comes from "spammers," who are the mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class mail industry. Every day I get dozens, sometimes hundreds, of e-mails from these people, almost always trying to sell me one of four things: (1) pornography; (2) Viagra; (3) a product for the man who is not satisfied with his natural self and would like to increase, by as much as three inches, the size of his endowment; or (4) a low-interest mortgage.

Why are there so many e-mail ads for these products? Does anybody buy them? Is there a town somewhere, called Spamville, where the men consume Viagra and pornography in bulk quantities, then lurch around in a lust-crazed frenzy, their huge artificially enhanced endowments knocking holes in their walls, so eventually their houses fall down, forcing them to purchase new ones, using low-interest mortgages?

--Dave Barry
Read the rest in Spam beats cafeteria food

Monday, July 15, 2002

The C++ approach, in the C tradition, is to give the programmer full control over the details of what happens at run time, be it object allocation or routine call. The spirit of object technology instead suggests relying on compilers for tasks that are tedious and error prone, if algorithms are available to handle them. On a large scale and in the long run, compilers always do a better job.

--Bertrand Meyer
Read the rest in Object Oriented Software Construction, 2nd edition, pp. 513-514

Sunday, July 14, 2002
Nothing should be able to crash the OS. Anything that crashes the OS is a bug.

--Mark Lucovsky
Read the rest in Goal Setting

Saturday, July 13, 2002

George Bush and Dick Cheney want American CEOs to vouch personally for the accuracy of financial statements. Fine. Let's begin at home. Let's ask for a fuller accounting of what happened in their companies.

This much is clear: Both men come from cultures that pushed the envelope of accounting standards. Neither can claim a bully pulpit. In fact, they'd have trouble claiming a broken soapbox.

--Scott Herhold
Read the rest in Mercury News | 07/11/2002 | Scott Herhold: Bu...

Friday, July 12, 2002
I think that white-collar crime is way more despicable than someone who steals a loaf of bread because they're hungry. I'm from Detroit. Throw them in the drunk tank in downtown Detroit and have them make a few new friends.

--Scott McNealy
Read the rest in Corporate crooks belong behind bars, Sun chief says

Thursday, July 11, 2002
This skirmish is a part of the larger "IBM and Microsoft vs. everybody else war" that's turning the Web services arena into a big political debate. Every vendor wants their own specification to become the standard, and IBM and Microsoft have so much clout that that they get their way more often than not. This upsets companies like Sun, who wanted to be a market leader with that kind of clout but missed the boat.

--"Jason Bloomberg, ZapThink
Read the rest in Money matters force standards stalemate

Wednesday, July 10, 2002

"Stable standards" are both a blessing and a curse. A blessing when the underlying technology is stable, a curse when premature standardization locks us in to an inferior technology for years. VHS is an oft-cited example; I would point to Windows -- the industry has been aided by a "standard" operating system, but would have been better off if the "standard" had survived some more competition and cross-fertilization with Mac and Unix for a few years before it achieved dominance.

The way forward seems clear to me: RELY on the stable old things, EXPERIMENT with the shiny new things, and let competition and experience turn the shiny new things into stable reliable things.

--Mike Champion on the xml-dev mailing list

Tuesday, July 9, 2002
Sun is the loose cannon of the computer industry. Unable to see past their raging fear and loathing of Microsoft, they adopt strategies based on anger rather than self-interest. Sun's two strategies are (a) make software a commodity by promoting and developing free software (Star Office, Linux, Apache, Gnome, etc), and (b) make hardware a commodity by promoting Java, with its bytecode architecture and WORA. OK, Sun, pop quiz: when the music stops, where are you going to sit down? Without proprietary advantages in hardware or software, you're going to have to take the commodity price, which barely covers the cost of cheap factories in Guadalajara, not your cushy offices in Silicon Valley.

--Joel Spolsky
Read the rest in Joel on Software - Strategy Letter V

Monday, July 8, 2002
A couple of items in the press accounts of Jeff's speech raised my eyebrows, not because they were particularly interesting, but because all the write-ups in the computer press sounded nearly identical. That's usually an indication that Microsoft managed to confuse (or bamboozle) the computer press, so reporters scramble to re-write the press releases. When five different press accounts look almost the same, you can bet there's a PR firm dancing gleefully in the background: the press is regurgitating what the client (in this case Microsoft) wants the press to say. Good for MS. Good for WagEd. Not so good for you.

--Woody Leonhard on the Woody's Office Watch mailing list, Tuesday, 2 Jul 2002

Sunday, July 7, 2002
Any fool can write code that a computer can understand. Good programmers write code that humans can understand.

--Martin Fowler, Refactoring: Improving the Design of Existing Code, p. 15

Saturday, July 6, 2002
Lindows, an attempt to create a new computer operating system melding the power of Linux with the popularity of Windows, fails to offer consumers what we so desperately need: more credible alternatives to escape the iron grip of Microsoft.

--Mike Langberg
Read the rest in Mercury News | 07/03/2002 | Lindows makes Windows look good

Friday, July 5, 2002
We expect that copyright regulations due out later this year in Britain will deprive the blind of the fair-use right to use their screen scraper software to read e-books. Normally, a bureaucratic stupidity like this might not matter much, as people would just ignore it, and the police would not be idiotic enough to prosecute anybody. But if the copyright regulations are enforced by hardware protection mechanisms that are impractical to break, then the blind may lose out seriously.

--Ross Anderson
Read the rest in TCPA / Palladium FAQ

Thursday, July 4, 2002
If Microsoft would throw out everything that doesn't actually belong in an operating system, and just concentrate on debugging the OS, they would probably have a better shot at making it work right.

--Margaret Levine Young on the cbp mailing list, Wednesday, 26 Jun 2002

Wednesday, July 3, 2002
By casting Karl and me as destroyers, Vint seems to be assuming that if a dissident board member actually gets access to the records of what ICANN is doing, that board member will be sufficiently horrified that he will publish it as a whistleblower. And that once the public finds out what ICANN has been doing, it will be torn down. If ICANN's internal dealings were lily-white, then Vint would have no need to keep them away from the public. If there were no secrets that a board member couldn't be trusted with, then ICANN wouldn't have spent two years stalling Karl and trying to get him to sign nondisclosure. What do Vint and Stuart Lynn know that we, the public, and our elected representative, Karl Auerbach, haven't been allowed to know?

--John Gilmore
Read the rest in Salon.com Technology | It's time for ICANN to go

Tuesday, July 2, 2002
the more I learn about it the more I can see how C#/.NET is built on the shoulders of Java -- it's quite obvious and everyone can see it, although Microsoft naturally claims otherwise, probably politics and getting sued and all that. Nonetheless, the more I see of it the more I can see that it really is a good design, the first time I think I can say that about a language and framework that Microsoft has done (and certainly inspired by competition from Java, and I'm sure Java too will benefit from the competition).

--Bruce Eckel on the OOPList mailing list, Sunday, 30 Jun 2002

Monday, July 1, 2002

Palladium is the code name for a Microsoft project to make all Internet communication safer by essentially pasting a digital certificate on every application, message, byte, and machine on the Net, then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR. Palladium compatible hardware (presumably chipsets and motherboards) will come from both AMD and Intel, and the software will, of course, come from Microsoft. That software is what I had dubbed TCP/MS.

The point of all this is simple. It may actually make the Internet somewhat safer. But the real purpose of this stuff, I fear, is to take technology owned by nobody (TCP/IP) and replace it with technology owned by Redmond. That's taking the Internet and turning it into MSN. Oh, and we'll all have to buy new computers.

This is diabolical. If Microsoft is successful, Palladium will give Bill Gates a piece of every transaction of any type while at the same time marginalizing the work of any competitor who doesn't choose to be Palladium-compliant. So much for Linux and Open Source, but it goes even further than that. So much for Apple and the Macintosh. It's a militarized network architecture only Dick Cheney could love

--Robert X. Cringely
Read the rest in I, Cringely | The Pulpit

Sunday, June 30, 2002
This product may support Kava. Kava is not ground, blended, percolated or otherwise processed for use in air traffic control systems, hospital devices, biological warfare weaponry, doomsday machines or answering machines. We will not be held responsible if your use of Kava fails to prevent a plane crash, an X-ray machine boiling your brain, a global epidemic of jock itch, a black hole that destroys the solar system or your mother-in-law visiting unannounced. Why Spin Macrosystems has contractually obligated us to make this frightening disclaimer is beyond our lawyers' imaginations, but we're tickled pink.

--Nicholas Petreley
Read the rest in The Fine Print - Computerworld

Saturday, June 29, 2002
The willingness to make scurrilous accusations ("open source might facilitate efforts to disrupt or sabotage electronic commerce, air-traffic control or even sensitive surveillance systems") is symptomatic of the disregard for the truth afflicting corporate America these days. The willingness to harness misinformation as a tool of corporate strategy springs from the same "me first at all costs" mentality that led us to the Enron debacle. Just as Enron thought it was appropriate business practice to manipulate the California energy markets to raise its profits, Microsoft seeks to influence public policy to raise the costs of software and prohibit government support for a low-cost alternative.

--Tim O'Reilly
Read the rest in O'Reilly Network: The Strange Case of the Disappearing Open Source Vendors

Friday, June 28, 2002
Software should be shipped with bugs. The zero-defect notion is mythological and theoretically unachievable. That doesn't mean shipping ill-behaved or useless software; it means being open with users about the bugs we find, sending notices or including the bug list, publishing the workarounds when we have them, and being honest and open about what we have and haven't yet tested and what we do and don't plan to test in the near future. Most of all, it means treating users as adults who can, should and will make the right risk decisions if we give them the facts on which to base such decisions.

--Boris Beizer
Read the rest in On the Mend?

Thursday, June 27, 2002
We have two competitors. One's in Mountain View and the other is in Redmond. The road to Redmond is through Mountain View.

--Matthew Szulik, Red Hat
Read the rest in News: Red Hat: Linux desktop should take on MS

Wednesday, June 26, 2002
Why does no one care about licensing agreements? Because for the most part there's no enforcement. It's much the same reason many people used to ignore the old 55-mile/hour speed-limit. What do I care what I agree to in a click-through agreement when I've never, ever experienced such an agreement being enforced. Now I'm not saying that I shouldn't care, it's just that I understand to some extent why people generally don't. As companies (notably Microsoft) begin enforcing and policing these agreements against consumers, then you'll see people suddenly care. Bottom-line, consumers will put their energies into eliminating roadblocks to whatever it is they really want to do. When code-bloat and license agreements become roadblocks, that's when people will care.

--Jonathan Gennick on the Computer Book Publishing mailing list, Tuesday, 25 Jun 2002

Tuesday, June 25, 2002
Some people are hesitant to put Internet Information Server because of security issues. Well, .Net doesn't really address those problems. IIS is still just as vulnerable with .Net running behind it as the older ASP code running behind it.

--Mark Driver, Gartner Group
Read the rest in Microsoft .Net software's hidden cost

Monday, June 24, 2002
Did you notice this week that Burst.com sued Microsoft? The story caused so little commotion I feel compelled to comment. Apparently, we are so jaded now that another lawsuit against Microsoft doesn't mean much. But given the fact that Microsoft is a convicted monopolist, you'd think they would try to avoid these things. Apparently not.

--Robert X. Cringely
Read the rest in I, Cringely | The Pulpit

Sunday, June 23, 2002

software vendors do have a clear goal in mind, but that goal is to make money, not to produce reliable software or to solve specific problems.

Software is mostly junk because junk sells. Millions of people pony up hundreds of dollars each for that junk. Large companies budgets thousands and millions of dollars for junk.

The software industry needs to mature before it can produce reliable software with reliable schedules, but it will never happen until the marketplace matures and customers start to demand reliable software.

--Ray Lischner on the cbp mailing list, Wednesday, 19 Jun 2002

Saturday, June 22, 2002
Back in my day ... when dinosaurs ruled the earth ... my school taught programming on a home-brewed operating system (the Michigan Terminal System) and using a language (Algol-W) that had absolutely zero commercial signficance. There were a certain number of complaints that the students were woefully unprepared for the "real" world of IBM JCL and COBOL. But guess what -- the (relatively) easy to use operating system let people learn the principles of getting things done on a computer without getting in their way, and AlgolW turned out to greatly resemble Pascal (the Next Big Thing in the early '80's). People learned that operating systems, languages, applications, etc. come and go, but the principles endure.

--Mike Champion on the xml-dev mailing list, Friday, 21 Jun 2002

Friday, June 21, 2002
On every floor I clean there's a game room for their employees with video games, ping-pong tables and refrigerators full of food. I know this company has a lot of money. Yahoo needs to gain a conscience and pay us wages we can live on.

--Francisco Casteñeda, Yahoo janitor
Read the rest in Mercury News | 06/20/2002 | Valley's janitors push for better wages, benefits

Thursday, June 20, 2002
Most home Windows users tempted to switch to a Mac could do so without losing anything, and might well gain. Macintosh computers are the best-designed computers on the market, and handle every common computing task as well as, or better than, a Windows PC.

--Walter S. Mossberg
Read the rest in Apple Beckons Windows Users, But Doesn't Make Sense for All

Wednesday, June 19, 2002
We're just grateful we got over the bubble. Now we're just waiting for the next mass hallucination.

--Craig Newmark
Read the rest in Mercury News | 06/19/2002 | Webby Awards take a more 'thoughtful' tone

Tuesday, June 18, 2002
The .NET Framework is really about productivity: even if Microsoft pushes these technologies for creating Web Services, the major benefit of these is increased programmer productivity.

--Miguel de Icaza
Read the rest in Mono and GNOME. The long reply.

Monday, June 17, 2002
To summarize, resist the urge to write a set method for every get method. Classes should be immutable unless there's a very good reason to make them mutable.

--Joshua Bloch, Effective Java, p. 70

Sunday, June 16, 2002
Fundamental changes in how the United States copes with domestic terrorism requires, um, fundamental changes. Much as the Bush Administration would like to ignore the constitutional issues surrounding some of their proposals, those issues are real. Much of what the Israeli government does to combat terrorism in its country, even some of what the British government does, is unconstitutional in the United States. Security is never absolute; it always involved tradeoffs. If we're going to institute domestic passports, arrest people in secret and deny them any rights, place people with Arab last names under continuous harassment, or methodically track everyone's financial dealings, we're going to have to rewrite the Constitution. At the very least, we need to have a frank and candid debate about what we're getting for what we're giving up. People might want to live in a police state, but let them at least decide willingly to live in a police state. My opinion has been that it is largely unnecessary to trade civil liberties for security, and that the best security measures -- reinforcing the airplane cockpit door, putting barricades and guards around important buildings, improving authentication for telephone and Internet banking -- have no effect on civil liberties. Broad surveillance is a mark of bad security.

--Bruce Schneier
Read the rest in Counterpane: Crypto-Gram:

Saturday, June 15, 2002
Punk's not dead, but rock 'n' roll is. It's Cold War phallic music that's gone obsolete. We want to take punk back from the dummies and give it back to the weirdos.

--Jack Terrycloth, World/Inferno Friendship Society
Read the rest in NYPress - Music - Philip Henken - Vol. 15

Friday, June 14, 2002

Internet is for everyone - but it won't be if its users cannot protect their privacy and the confidentiality of transactions conducted on the network. Let us dedicate ourselves to the proposition that cryptographic technology sufficient to protect privacy from unauthorized disclosure should be freely available, applicable and exportable. Moreover, as authenticity lies at the heart of trust in networked environments, let us dedicate ourselves to work towards the development of authentication methods and systems capable of supporting electronic commerce through the Internet.

--Vinton Cerf
Read the rest in fRFC 3271: The Internet is for Everyone

Thursday, June 13, 2002
I've visited a whole lot of government organizations. Virtually every government agency I've visited has Linux somewhere in the enterprise. The question is: Does anyone know about it?

--Robert Hibbard, Red Hat
Read the rest in Behind Linux's Struggle in Gov't

Wednesday, June 12, 2002
It is crucial to get to zero known bugs (what Netscape famously called "Zarro Boogs") before releasing a beta. If you don't, you'll waste a lot of time during the beta reading 200 emails about a bug that you already knew about. And you've just used up time and goodwill of those 200 beta testers, so they may not bother telling you about the next bug they find, something you didn't know about. Or the bug may stop them from trying other parts of the program that needs some pounding. This seems self-evident, but almost every time I've been on a real product, everybody starts to think that releasing the beta on time is more important than releasing a Zero Known Bugs beta. (After all, it's ok to have bugs in the beta, they say. And I agree: it is ok to have bugs in the beta, just not known bugs.)

--Joel Spolsky
Read the rest in Joel on Software - Working on CityDesk, Part One

Tuesday, June 11, 2002
If a non-citizen like Zacarias Moussaoui can be tried in a regular court of law, surely a United States citizen can be afforded the same access to justice. As we have seen in the prosecutions of the 1993 World Trade Center bombers and Oklahoma City bomber Timothy McVeigh, our courts are perfectly capable of meting out justice even in the most horrific of circumstances. The government has failed to justify why our traditional system of American justice should not apply in the case of Jose Padilla.

--Anthony D. Romero, Executive Director of the ACLU
Read the rest in Safe and Free: Safe and Free in Times of Crisis

Monday, June 10, 2002
The technology sector, which is 30 times the size of big media, is rightly terrified of the kind of ignorant design-by-legislation we've seen in the DMCA and SSSCA/CBTPDA. These laws are the worst kind of market-rigging, a thinly-disguised form of corporate welfare that's doomed to fail in its stated objectives but could wreck healthy industries.

--Eric S. Raymond
Read the rest in Mr. and Ms. Geek Go to Washington

Sunday, June 9, 2002

Expecting America's chief executives to curb their greed is like being a Boston Red Sox fan. You keep hoping for the best, but you just know they'll find a way to disappoint you.

So, once again, it's no surprise to learn that excess in CEO compensation has not subsided. From seven-figure salaries to eight-figure (and higher) "loans" that need not be repaid, from massive grants of stock and options to platinum parachutes in the event of executive failure, corporate boards keep pouring the riches on the people they allegedly supervise.

The unrelenting gluttony has become almost numbing. CEO greed, combined with all of the other legal and illegal corruptions of public markets, is one of the many reasons for a growing popular disenchantment with investing. When people figure the market is rigged, the entire economy suffers in the long run.

There's another effect. America's continuing, disproportionate accumulation of wealth at the very top, while others lag far behind, is a corrosive influence in a society that claims equal opportunity.

--Dan Gillmor
Read the rest in Mercury News | 06/08/2002 | Unrelenting CEO greed has become almost numbing

Saturday, June 8, 2002
Why is O'Reilly still here and Coriolis gone? It's because there is a person behind O'Reilly who loves technology and has followed it his entire life. He does not let the business get the better of him. It's because there is one person who enjoys technology, plays with it, and can articulate it better than most CEOs who are suppose to be experts.

--Mitchell Waite on the Computer Book Publishing mailing list, Thursday, 6 Jun 2002

Friday, June 7, 2002
I'm much more concerned with people getting caught unaware by obfuscating legal mumbo-jumbo. If the Hotmail sign-up page has a 1,000-line, 10,000-word Terms of Service agreement that was carefully crafted by a dozen silver-tongued shysters - and you have to click a button that says "I Accept" before receiving a Hotmail account - I don't see how any rational person could hold you accountable for every dangling participle in the "agreement."

--Woody Leonhard on the Woody's Office Watch mailing list, Wednesday, 29 May 2002

Thursday, June 6, 2002

The desktop PC is an anachronism already to most people. The high flexibility of the system makes it scary to use, expensive to manufacture, and hard to make reliable. PC's are also noisy, they are hard to reset to the state they arrived in without losing your personal data and so forth.

The low cost sealed box PC is an inevitability, and one that is badly needed to push computing on a stage. It is much cheaper to do safety and approvals work on a system that the user can't poke a screwdriver inside and which doesn't contain connectors sticking up off the board like small aerials.

--Alan Cox
Read the rest in Slashdot | Alan Cox talks about laws... and Linux

Wednesday, June 5, 2002
XML people want to apply XML tools to XML data sets. When those XML data sets are hidden behind programmatic APIs that becomes much harder and less scalable.

--Paul Prescod on the xml-dev mailing list, Monday, 22 Apr 2002

Tuesday, June 4, 2002
Any copy-protection scheme will eventually be broken, so Hollywood needs to lower prices to the point where paying is less of a pain in the ass than circumventing copy protection. However, it won't do that. The moguls will just keep squawking, because, unlike the Techies, they're better at lobbying than business. If 80% of CDs lose money, they NEED a new distribution system, because the one they've got is irredeemably bad. "We need to pump out a hundred bands to find one money-making Madonna" isn't a business model, it's subsidized lunacy. And subsidized is what it is. Wal-Mart wanted to sell sub-$10 CDs as loss-leaders to get customers in the door, but Hollywood cried foul, and got an antitrust exemption. Most of the publishing industry, when it's eventually confronted with the same problem, will react the same way. After all, most books published lose money, too.

--Chris Charuhas on the computer book publishing mailing list, Sunday, 26 May 2002

Monday, June 3, 2002
"Licensing per seat" perverts the GNU+Linux system into something that respects your freedom as much as Windows. They cannot restrict the GPL-covered programs in the system that way, because that would violate the GNU GPL, but the system also contains non-copylefted programs which are points of vulnerability. Free software developers, please don't let them license YOUR program per seat. Use the GNU GPL!

--Richard M. Stallman
Read the rest in Linux and Main - RMS, FSF condemn per-seat license

Thursday, May 30, 2002

Apple has made the noises of being the 'Java Platform', but has yet to deliver. But as Steve stated,in their defense, they're trying.

That many applications can't be delivered on the Mac OS, is no failing on the developers part. I have been delivering applications to thousands of users ( Win, Linux, Solaris, Mac), but it's been a battle to maintain the Apple implementation. The applications always work 100% uniformly across Win, Linux, and Solaris in JRE 1.3.1 (same bugs and functionality), but 80% of the problems are always in the Mac implimentation.

Since the Mac Java delivery has ALWAYS been 8 months to a year behind the rest of the Java community, our deliveries have gone from 60% Mac to 12% Mac. The 12% have been retained through significant professional risk and detriment. Most converts to the Linux/Win side have been a result of 'enough is a enough' and the desire to stop wasting money and resources.

--Peter Zaharkiv on the java-dev mailing list, Saturday, 25 May 2002

Wednesday, May 29, 2002

Most of us that have played this rebate game for a number of years have come to the conclusion that rebates are almost always a pain to get involved with and usually not worth the hassle.

What is astounding is that vendors seem to be too dense to see the damage to their reputations they receive from buyers because of the perceived deception, stalls and non payments. Most vendors hire these "fulfillment companies" to handle rebates, and one gets the feeling that there mission is actually to not pay or to stall so long that the buyer loses interest and gives up. If the vendor is serious about rebates and really wants to pay in a timely fashion, then they seem to be incapable of hiring a competent rebate contractor. Regardless, the vendor is rightly blamed by the buyer for the contractors ineptness.

--Louie G. Berry
Read the rest in Reader Report: QPS Rebate

Tuesday, May 28, 2002

At this point I think we need to find a better balance between "my customers want XYZ feature" and "the XYZ feature is toxic to the technological ecosystem in which it is used." Right now the first is often heard, the second only rarely considered.

Businesses are notoriously bad at considering ecosystems beyond the boundaries of their balance sheets, at least until it's made painfully clear that something's drastically wrong.

--Simon St.Laurent on the xml-dev mailing list, 24 May 2002

Monday, May 27, 2002
it's quite easy to come up with silly benchmarks that claim to measure one thing, but in fact are measuring several things, or several things the author didn't realize they were measuring, or even several things that don't matter much. For example, I have yet to write a real-world program whose performance hinged on 1E9 iterations of an empty loop (or even a nearly empty loop).

--Greg Guerin on the java-dev mailing list, Sunday, 26 May 2002

Sunday, May 26, 2002
If a program had to be explicitly _granted_ permission to make the initial connect to a outbound TCP/UDP port (or via a non-port oriented IP protocal period) or to establish a listener the first time (either by user interaction or via strong cryptographic signature, or both) this would drop 99% of Internet-aware malware dead in its tracks. The (not insignificant) side-benefit is that it would _also_ stop virtually all 'spy-ware' from 'phoning home' without a user's explicit permission and knowledge. And users should have the ability to _turn off_ a specific program's access priviledges once set as well.

--Benjamin Franz on the xml-dev mailing list, Saturday, 25 May 2002

Saturday, May 25, 2002
All the things I knew for sure at 18 I forgot at 30.

-- Gregory Tiernan
Read the rest in The culture of celibacy: one man's crossroads

Friday, May 24, 2002
Fundamentalism? It's how you get all the mysteries of the universe to fit on a bumper sticker.

--Howard the Duck
Read the rest in Howard the Duck, Vol 2, No. 1, March 2002

Wednesday, May 22, 2002
Microsoft has publically stated that it has patents on critical parts of .NET and will enforce them. If you think that .NET is a good idea, or cloning .NET is a good idea, remember you won't have a US market unless they find you amusing enough to allow to live on. And if you think Microsoft can be trusted on this look at their recent activities against Samba.

--Alan Cox
Read the rest in Slashdot | Alan Cox talks about laws... and Linux

Tuesday, May 21, 2002
On every UNIX system I've used (since the mid 80s), the system administrators have ripped out the standard system utilities (SCO, BSD, SystemV, SunOS, etc.) and installed corresponding GNU utilities, typically 100-1000% more powerful than the native tools shipped with the UNIX systems. Yet I've heard red-faced capitalists revile GNU/FSF as a "communist" organization that was making life miserable for UNIX system vendors -- too expensive to build quality toolsets: "it's unfair to upset legitimate capitalist markets with free software contributed by armies of volunteers..." A model of economics that can only measure using dollars is deficient, and FSF proves it. I still choose open source.

--Robin Cover on the XML-DEV mailing list, Saturday, 11 May 2002

Monday, May 20, 2002
The TV (and radio) business is much like the chicken business: the chickens only *think* it's all being done for their benefit. In fact, the real customers are hidden, and the chickens only get whatever will barely keep them alive (watching/listening).

--John Cowan on the xml-dev mailing list, Monday, 13 May 2002

Sunday, May 19, 2002
This is not a slippery slope, rather this is an ethical and legal free fall. The Patent Office has become a ghoulish human body shop allowing researchers and corporations to patent and own human body parts, cloning processes and even human life forms.

--Andrew Kimbrell, Patent Watch
Read the rest in A Patent That Owns Humans?

Saturday, May 18, 2002
In a conversation with VoiceStream, I mentioned that it would be nice if the truly microscopic text on their web page were larger. The tech explained that because VoiceStream had grown as a company so very fast they did not have the bandwidth available to meet web service needs at all times of the day. If I were to access their site early in the morning, when there was spare bandwidth, the text would be bigger and more readable. I thanked him for the help.

--Kim B. Foglia on the WWWAC mailing list, Tuesday, 14 May 2002

Friday, May 17, 2002

I may not make a lot of friends with this comment, but I think a lot of people use "protect the poor innocent children!" as a mantra in order to be able to push their own censorship agendas, and if you argue with them you're immediately labelled as not caring about poor little vulnerable kids, so I find the whole issue a bit tiresome. The world doesn't work to a parent's schedule. If a kid happens to see or experience something before you're ready for them to do so, then sometimes that's just tough. Lock them in a box until they're 21 ... they still might get cancer, have a parent or sibling die, or have any other number of horrible things they'll have to deal with. The fact that they might catch a glimpse of a naked body somewhere kind of pales in comparison, especially since really little kids don't tend to think anything of it until the adults around them make an issue of it.

--Dee-Ann LeBlanc on the "Computer Book Publishing" mailing list, Saturday, 11 May 2002

Thursday, May 16, 2002

God bless this industry. Every six months or so, something comes along to rekindle my interest in computing. For now, the RCX is it. I couldn't be happier...more or less.

I worry only when I look at how the RCX fits into the Big Picture. I still have an Alternative Hairstyle and spend all day horsing around with computers and video games. I still buy new comic books every Wednesday. And the closest I come to Deep Personal Interactions is the regular and violent arguments I have on the Web about whether Twiki from Buck Rogers could kick C-3PO's butt in a bar fight.

And now, Lord help me, I'm playing with Legos again. I mean, good heavens. Why don't I just have a football player to come over every day at 1:15 and chuck dodgeballs at my face for 45 minutes? Then I could claim that I'd made absolutely no progress since junior high.

--Andy Ihnatko, Macworld, April 2002, p. 139

Wednesday, May 15, 2002
My kindergarten-aged son often uses the family computer by himself. The Microsoft Magic Schoolbus games are currently his favorites, and he runs those under Win 98. Periodically, his games will just up and quit on him, dumping him back to the desktop. You should hear him then. He's developing quite the vocabulary<grin>. I didn't learn to talk like that until college when I became a programmer...

--Jonathan Gennick on the "Computer Book Publishing" mailing list, Friday, 10 May 2002

Tuesday, May 14, 2002
it is more difficult to learn object-oriented programming from C++ than it is from Java, Smalltalk, etc., because C++ is more complex. For this reason, most college OOP courses are taught using Java. Much has been written about how to teach C++ effectively in order to emphasize the OOP since that is the hardest part for most students to comprehend.

--Stuart Celarier on the xsl-list mailing list, Monday, 13 May 2002

Monday, May 13, 2002
You may hear it said that to improve performance, you should avoid the use of synchronization when reading or writing atomic data. This advice is dangerously wrong. While the atomicity guarantee ensures that a thread will not see a random value when reading atomic data, it does not guarantee that a value written by one thread will be visible to another: Synchronization is required for reliable communication between threads as well as for mututal exclusion.

--Joshua Bloch, Effective Java, p. 190

Sunday, May 12, 2002

Our leaders have described the recent atrocity with the customary cliche: mindless cowardice. "Mindless" may be a suitable word for the vandalising of a telephone box. It is not helpful for understanding what hit New York on September 11. Those people were not mindless and they were certainly not cowards. On the contrary, they had sufficiently effective minds braced with an insane courage, and it would pay us mightily to understand where that courage came from.

It came from religion. Religion is also, of course, the underlying source of the divisiveness in the Middle East which motivated the use of this deadly weapon in the first place. But that is another story and not my concern here. My concern here is with the weapon itself. To fill a world with religion, or religions of the Abrahamic kind, is like littering the streets with loaded guns. Do not be surprised if they are used

--Richard Dawkins
Read the rest in Guardian Unlimited | Archive Search

Saturday, May 11, 2002

There is a point in your life when you realize that you have written enough destructors, and have spent enough time tracking down a memory leak, and you have spend enough time tracking down memory corruption, and you have spent enough time using low-level insecure functions, and you have implemented way too many linked lists

--Miguel de Icaza
Read the rest in Mono and GNOME. The long reply.

Friday, May 10, 2002

The fundamental problem here is that machines roughly double in capability every eighteen months, and as you know, the size of the average software project in lines of code tends to be double that. That's a real problem, because bugs generally arise from unanticipated interactions between different pieces of code in a project. And that means that the number of bugs in the project tends to rise with the square of the number of lines of code. That means that as projects get larger, and their bug density increases, the verification problem gets worse, and it doesn't get worse linearly, it gets worse quadratically.

The reason I'm confident that the bazaar model, the open-source model, will continue to thrive and claim new territory, is because all of the other verification models have run out of steam. It's not that open sourcing is perfect, it's not that the many-eyeballs effect is in some theoretical sense necessarily the best possible way to do things, the problem is that we don't know anything that works as well. And the scale of problems with other methods of QA (quality assurance) is actually increasing in severity as the size of projects goes up. On the other hand, open-source development, open-source verification, the many-eyeballs effect, seems to scale pretty well. And in fact it works better as your development community gets larger

--Eric S. Raymond
Read the rest in News: Eric Raymond: Linux will rule the desktop

Thursday, May 9, 2002

The language openness of .NET is a welcome relief after the years of incessant Java attempts at language hegemony. For far too long, the Sun camp has preached the One Language doctrine. The field of programming language design has a long, rich history, and there is no credible argument that the alpha and omega of programming, closing off any future evolution, was uttered in Silicon Valley in 1995. Microsoft's .NET breaks this lock.

Everyone will benefit, even the Java community: Now that there's competition again, new constructs are--surprise!--again being considered for Java; one hears noises, for example, about Sun finally introducing genericity sometime in the current millennium. Such are the virtues of openness and competition.

--Bertrand Meyer
Read the rest in Polyglot Programming

Wednesday, May 8, 2002

Compared to programming in C or Python, programming in C++ or Java is like programming in a straitjacket. Strong static typing (SST) is a big part of this, and not SST qua SST, but rather the fact that SST is tied so fundamentally to the facilities for user extension and generic programming.

There's good reason why people who give Python a good hard look (and get past the issue of significant whitespace) don't often turn back to Java.

--Uche Ogbuji on the xml-dev mailing list, Monday, 06 May 2002

Tuesday, May 7, 2002
a clever hacker will read my code and notice that I'm only allocating 1000 bytes and hoping it will be enough, and they'll find some clever way to trick me into strcatting a 1100 byte string into my 1000 bytes of memory, thus overwriting the stack frame and changing the return address so that when this function returns, it executes some code which the hacker himself wrote. This is what they're talking about when they say that a particular program has a buffer overflow susceptibility. It was the number one cause of hacks and worms in the olden days before Microsoft Outlook made hacking easy enough for teenagers to do.

--Joel Spolsky
Read the rest in Joel on Software - Back to Basics

Monday, May 6, 2002

Q: What makes the Web as we know it different from traditional terminal-to-host systems for information browsing? A: the Web provides for worldwide interconnectivity on an ad hoc basis, without the need to preplan or preinstall individual connections. Indeed, the word "Web" seems to emphasize that any-to-any connectivity.

Q. What makes Web services different from more traditional means of interconnecting applications? A. The same thing. For the first time, we are building application interconnection architectures with late binding and ad hoc interconnectivity on a global scale. My application can talk to your application, anywhere in the world, with no pre-planning. Hence "Web" services.

--Noah Mendelsohn on the xml-dev mailing list, Friday, 26 Apr 2002

Sunday, May 5, 2002
The RPC model, on the other hand, has some primal attraction for software developers, I guess because deep down inside we want the world to be simple, synchronous, reliable, homogenous, and zero-latency, etc. Nevertheless, "web services" are at the bleeding edge where things are not secure, synchronous, reliable, instantaneous, etc., and they probably never will be: devices get smaller and smaller, "clients" are farther and farther away from their "servers", and we're starting to hit some fundamental limits of physics and information science rather than temporary limits of technology.

--Mike Champion on the xml-dev mailing list, Saturday, 04 May 2002

Saturday, May 4, 2002
San Francisco is one of the most pathological cities on earth. The people who live here lost their sense of human connection. The city was completely emptied of diversity at a certain point, and the entire population that came in were suburban kids who had never lived in any city or town or community in their whole lives. They had no sense of community. It's now a place where if you give eye contact, you get maced. The culture that has come up around the economy--and I admit I've personally tried to build this economy--is a culture that I can't stand. It's a good thing I have a sense of paradox. But I really don't like the society that has grown up around the dot-communists, who are all products of suburbia and television.

--John Perry Barlow
Read the rest in Tech News - CNET.com

Friday, May 3, 2002
I have seen too many times people fresh from a database theory class who build a system that is completely normalized, with no thought as to how the data is going to be coming in or going out. They end up with a system that is unmanageable and doesn't scale. That is not to say that database normalization is bad, but normalization is harmful if people are just following rote guidelines without understanding *why* those guidelines exist, and more importantly, when those guidelines do *not* apply, and when other information modeling techniques are more useful.

--Joshua Allen on the xml-dev mailing list, Tuesday, 30 Apr 2002

Thursday, May 2, 2002
Harder to code almost always means lower uptake. Look at the success of Visual Basic, possibly one of the all-time worst things to happen to an otherwise pitiful language. One could also argue that Perl is the ultimate write-only language as well, proving that easy-to-code scores more points with developers than style, elegance, or maintainability.

--Andrew Dubinsky on the xml-dev mailing list, Wednesday, 1 May 2002 11

Wednesday, May 1, 2002

Internet is for everyone - but it won't be if it isn't affordable by all that wish to partake of its services, so we must dedicate ourselves to making the Internet as affordable as other infrastructures so critical to our well-being. While we follow Moore's Law to reduce the cost of Internet-enabling equipment, let us also seek to stimulate regulatory policies that take advantage of the power of competition to reduce costs.

Internet is for everyone - but it won't be if Governments restrict access to it, so we must dedicate ourselves to keeping the network unrestricted, unfettered and unregulated. We must have the freedom to speak and the freedom to hear.

--Vinton Cerf
Read the rest in fRFC 3271: The Internet is for Everyone

Tuesday, April 30, 2002

ICANN was supposed to provide administration for two main groups: root server administrators and the people of the world. Over time, the business interests of domain name registrars, registries, and commercial name-holders became much more important to ICANN than the stability of the DNS root or the usefulness of the DNS for the masses.

The severity of this misdirection is evident in the proposals to reform ICANN. Most have emphasized changing the composition of the board of directors or the supporting organization without showing how the change will help the DNS root or the people of the world. Simply having different people on the ICANN board won't necessarily change ICANN's focus or its methods. The overriding assumption is that ICANN should exist because it currently exists, although its existence has not yet helped the DNS's most important constituencies.

DNS stability and usefulness should be the main focus of whoever administers the DNS root, without regard to profits for companies in the DNS market. Part of that stability is technical, but most of it is political.

--Paul Hoffman
Read the rest in Reforming the Administration of the DNS Root

Monday, April 29, 2002
The real operating system hiding under the newest version of the Macintosh operating system (MacOS X) is called... Darwin! That's right, new Macs are based on Darwinism! While they currently don't advertise this fact to consumers, it is well known among the computer elite, who are mostly Atheists and Pagans. Furthermore, the Darwin OS is released under an "Open Source" license, which is just another name for Communism. They try to hide all of this under a facade of shiny, "lickable" buttons, but the truth has finally come out: Apple Computers promote Godless Darwinism and Communism.

--Dr. Richard Paley, Fellowship University
Read the rest in The Register

Sunday, April 28, 2002
Lavasoft began as nothing more than a dream. With hard work and a specific plan for the future, we have been able to achieve the success we now enjoy. We feel that the ad-sponsored model is nothing more than a quick fix. What we would say is that developers need to find a community willing to support their efforts and help them to grow in their art and to learn from experience.

--Nicholas Stark
Read the rest in Salon.com Technology | Spyware vs. anti-spyware

Saturday, April 27, 2002
Dune is clearly a commentary on the Foundation trilogy. Herbert has taken a look at the same imaginative situation that provoked Asimov's classic--the decay of a galactic empire--and restated it in a way that draws on different assumptions and suggests radically different conclusions. The twist he has introduced into Dune is that the Mule, not the Foundation, is his hero.

--Tim O'Reilly
Read the rest in tim.oreilly.com -- Frank Herbert: Rogue Gods

Thursday, April 25, 2002
A good programing language is one that helps its users write good programs. No programming language will prevent its users from writing bad programs.

--Bertrand Meyer
Read the rest in Helping people to do things right, not preventing them from doing wrong

Wednesday, April 24, 2002

What we've learned during the past eight or so years is that full disclosure helps much more than it hurts. Since full disclosure has become the norm, the computer industry has transformed itself from a group of companies that ignores security and belittles vulnerabilities into one that fixes vulnerabilities as quickly as possible. A few companies are even going further, and taking security seriously enough to attempt to build quality software from the beginning: to fix vulnerabilities before the product is released. And far fewer problems are showing up first in the hacker underground, attacking people with absolutely no warning. It used to be that vulnerability information was only available to a select few: security researchers and hackers who were connected enough in their respective communities. Now it is available to everyone.

This democratization is important. If a known vulnerability exists and you don't know about it, then you're making security decisions with substandard data. Word will eventually get out -- the Window of Exposure will grow -- but you have no control, or knowledge, of when or how. All you can do is hope that the bad guys don't find out before the good guys fix the problem. Full disclosure means that everyone gets the information at the same time, and everyone can act on it.

And detailed information is required. If a researcher just publishes vague statements about the vulnerability, then the vendor can claim that it's not real. If the researcher publishes scientific details without example code, then the can vendor claim that it's just theoretical. The only way to make vendors sit up and take notice is to publish details: both in human- and computer-readable form. (Microsoft is guilty of both of these practices, using their PR machine to deny and belittle vulnerabilities until they are demonstrated with actual code.) And demonstration code is the only way to verify that a vendor's vulnerability patch actually patched the vulnerability.

--Bruce Schneier
Read the rest in News: Bug secrecy vs. full disclosure

Tuesday, April 23, 2002

The lesson of Social Security -- turning a retirement plan into a de facto national ID -- tells us that such an ID would be misused, because the incentive to turn it into something larger would be irresistible. Think of a national ID as your Social Security number on steroids.

Do you think government will block such misuse? Government at all levels is in the pocket of the industries that would profit the most. Congress and state legislatures, collecting millions of dollars in legal bribes (also known as campaign contributions) from business interests, have shot down practically every recent attempt to legislate even modest improvements in privacy -- and this in an era when protecting privacy had political support.

--Dan Gillmor
Read the rest in Government, Big Business battling another foe: liberty

Monday, April 22, 2002

Maybe the people who worry about SOAP see it as DCOM minus-minus and the people who don't see it as CGI plus-plus. I must admit that when I think of SOAP as a more orderly and flexible way of doing what we do with CGI/servlets/etc., I kinda like it ... and when I think of it as a way for naive (or evil) people to enable random jerks on the internet to execute untrustworthy code remotely, I don't.

Which is it, or is it both? Mechanically, it seems almost certainly true that anything bad that could be done with SOAP could be done with the previous generation of web technologies. On the other hand, SOAP is getting so many power tools hooked up to it that CGI (etc.) never had, so bad things could happen more quickly and easily. You can cut off your arm with a handsaw if you really try, but it is SO much easier with a power saw whether or not you try.

--Mike Champion on the xml-dev mailing list, Wednesday, 20 Feb 2002

Saturday, April 20, 2002
The RIAA's attack isn't about preventing piracy, it's about making more money. Through a combination of technology and re-writing laws, Hollywood is trying to take away the rights that consumers have today in order to sell them back tomorrow.

--Joe Kraus
Read the rest in Slagging Over Sagging CD Sales

Friday, April 19, 2002
MS and IBM are not the enemy. There is no enemy. We have a systemic problem of not being able to enforce RAND and not being able to identify bogus patents. We made this worse by being an industry incapable of remembering history and rewriting it conveniently. The people in the patent offices are not superhuman or stupid: they are overworked, underfunded, and not capable of finding facts in an environment where due dilligence on prior art is not supported BY THE VERY FRIKKING SYSTEM BEING RESEARCHED BECAUSE WE FILLED IT WITH SELF-INDULGENT CACA.

--Claude L (Len) Bullard on the xml-dev mailing list, Thursday, 18 Apr 2002

Thursday, April 18, 2002
I would suggest that the labels have lost touch with their customers and that retail stores don't work as a destination. The industry has managed to disenfranchise at least two generations of CD buyers; and kids these days who do buy CDs turn around and burn multiple copies for their buddies.

--Dave Allen
Read the rest in Slagging Over Sagging CD Sales

Wednesday, April 17, 2002
With all performance questions, the best answer is "try it and see" -- there might sometimes be general guidelines but the majority of the time the differences are so miniscule you should be choosing whatever gives you the easiest maintenance and extensibility rather than the approach that's ever so slightly faster.

--Jeni Tennison on the xsl-list mailing list, Wednesday, 17 Apr 2002

Tuesday, April 16, 2002
Some Internet marketing managers just don't want hot leads to visit their website. I conclude this after hearing that website owners actually call search engine customer service departments complaining that users are daring to enter sites directly on pages they're most interested in. These callers would prefer search engines that link users only to the homepages and never to pages inside the site.

--Jakob Nielsen
Read the rest in Deep Linking is Good Linking

Saturday, April 13, 2002

Flash suffers from the same maladies that afflict Authorware. It's a syndrome I call Macromeditis and that those less kind call half-@$$edness. Some here have mentioned VB in reference to doing easy things very easily and hard things hardly at all. In that respect, Flash and Authorware make VB look capable by comparison. It's not that you *can't* do very complex things in Flash or Authorware, only that you have to overcome significant obstacles to do so and when you are finished your program is likely to be extremely "unfriendly" to a multi-tasking environment.

Yes Flash (and for that matter Authorware) have some truly amazing features that enable a non-programmer to produce simple programs that work (they don't work well in terms of resource usage but neither do most programs written in other languages by beginners). My problem with Macromedia products is that that is where they stop. If you want to do anything remotely "programmer-like" in Flash or Authorware you will quickly find yourself banging your head against the Macromedia wall.

--John Atchley on the xml-dev mailing list, Monday, 18 Mar 2002

mailing list, Friday, 15 Mar 2002

Friday, April 12, 2002
Microsoft's new assault follows a year's worth of rhetoric aimed at slandering the GPL and those who, in the name of software freedom, advocate the use of GPL. Now, that war of words has been followed up with a legal attack. As Mundie's speeches tried and failed to do last summer, Microsoft seeks to pressure existing GPL'ed projects to give up copyleft. Microsoft loves non-copylefted Free Software; it allows them to benefit from the commons without contributing back. In copylefted Free Software, Microsoft now faces a rival that they cannot buy nor run out of business. As expected, they've turned to their patent pool as their last resort to assail us

--Bradley M. Kuhn, executive director of the FRee Software Foundation
Read the rest in Microsoft Attacks Free Software Developers with Licenses

Thursday, April 11, 2002
One of the seven paradoxes for me is that deep dark in my past, I was pretty heavily involved in this text editor called Emacs. It's been around for like 30 years now, and sometimes the tragedy for me is that it's been around for about 30 years now. And the various flavors of Emacs of today look an awful lot like Emacs of 20, 25 years ago, and yet it's been relatively stable with relatively minor tweaks for quite a long time. Certainly surveying my high-end developer friends, Emacs is kind of the development environment of choice. And it's done very well for people over the years for these large high-end systems.

--James Gosling
Read the rest in Q&A Part III: Java creator Gosling on Java tools, his move to Mac

Wednesday, April 10, 2002
Forget the vision of intellectual property rights protecting a homeless blues musician from greedy Napsterites. He already got ripped off by the record company, the radio station, the music publisher, and more.

--David Karlins on the "Computer Book Publishing" mailing list, Friday, 29 Mar 2002

Tuesday, April 9, 2002

Using regular indentation, proper spelling for comments and identifiers, adequate lexical conventions -- a space before each opening parenthesis but not after -- does not make your task longer than ignoring these rules, but compounded over months of work and heaps of software produces a tremendous difference. Attention to such details, although not sufficient, is a necessary condition for quality software (and quality, the general theme of this book, is what defines software engineering).

--Bertrand Meyer
Read the rest in Object Oriented Software Construction, 2nd edition, p. 180

Monday, April 8, 2002

overuse of checked exceptions can make an API far less pleasant to use. If a method throws one or more checked exceptions, the code that invokes the method must handle the exceptions in one or more catch blocks, or it must declare that it throws the exceptions and let them propagate outward. Either way it places a non-trivial burden on the programmer.

The burden is justified if the exceptional condition cannot be prevented by proper use of the API and the programmer using the API can take some useful action once confronted with the exception. Unless both of these conditions hold, an unchecked exception is more appropriate.

--Joshua Bloch, Effective Java, p. 174, Addison-Wesley, 2001

Sunday, April 7, 2002
my threshold figure for when Microsoft isn't viable anymore is when the average desktop configuration drops below $350. I got that figure by looking at the position of Microsoft in the market for PDAs and handhelds. Above $350, Windows CE has some presence, largely because Microsoft is heavily subsidizing it, but below $350, Microsoft is nowhere. And the reason is very clear: if your unit price is that low, you can't pay the Microsoft tax and make any money

--Eric S. Raymond
Read the rest in News: Eric Raymond: Linux will rule the desktop

Saturday, April 6, 2002

Large software projects expose a set of problems that can be ignored for smaller projects. Programs that have long life times have different dynamics when it comes to memory management than smaller programs.

--Miguel de Icaza
Read the rest in Mono and GNOME. The long reply.

Friday, April 5, 2002

If there's one thing every junior consultant needs to have injected into their head with a heavy duty 2500 RPM DeWalt Drill, it's this: Customers Don't Know What They Want. Stop Expecting Customers to Know What They Want. It's just never going to happen. Get over it.

Instead, assume that you're going to have to build something anyway, and the customer is going to have to like it, but they're going to be a little bit surprised. YOU have to do the research. YOU have to figure out a design that solves the problem that the customer has in a pleasing way.

--Joel Spolsky
Read the rest in Joel on Software - The Iceberg Secret, Revealed

Thursday, April 4, 2002
I feel like we're in a condition where private totalitarianism is not out of the question because of the increasingly thickening matrix of channels of communication owned by the same companies that own content, that own Web properties, that own traditional media. In essence, they're in a position to own the human mind itself. The possibility of getting a dissident voice through their channels is increasingly scarce, and the use of copyright as a means of suppressing freedom of expression is becoming more and more fashionable. You've got these interlocking systems of technology and law, where merely quoting something from a copyrighted piece is enough to bring down the system on you.

--John Perry Barlow
Read the rest in Tech News - CNET.com

Saturday, March 30, 2002
Microsoft created something? I missed it. The more I learn about their history the more I doubt they ever really created anything except maybe some Basic compilers or something way back when. I would love them more, if that was different. Monopoly, who cares there are tons of them around. But not original? Then Die MS DIE!

--Eric Frazier on the wwwac mailing list, Monday, 25 Mar 2002

Friday, March 29, 2002
Before Java, Sun was not one of the few pre-eminent companies. It was their ticket from being a workstation company to being one of the big powerhouses of the industry.

--David Smith, Gartner Group
Read the rest in The goal: Sun looks for payoff to Java addiction

Thursday, March 28, 2002
Much of the open-source community is still weak at end-user UI. Most hackers have not yet assimilated the knowledge or the attitude necessary to serve end-users like these. This will change, but it won't change overnight

--Eric S. Raymond
Read the rest in Salon.com Technology | Pretty geeky privacy

Wednesday, March 27, 2002
20 years ago, one could bet that an online or offline discussion of a computer science edge case would be held by people *trained* for computer science. They not only could solve edge cases, they lived for them. Some thought that a priesthood, but it was really just a profession. Now there is a web of people from all walks of life and background attempting to program with tools that are designed with an 80/20 philosophy. This philosophy guarantees edge cases are not only difficult, but are often obtuse and abstract to one trying to solve the last 20% of their problems with only 20% of the necessary knowledge.

--Claude L (Len) Bullard on the xml-dev mailing list, Monday, 25 Mar 2002

Tuesday, March 26, 2002
The sad thing is that Darwin has come so far, and has the potential to be such an asset to Apple. If things stay as they are, I can't see it becoming much of a success: I suspect that open source programmers will take one look at Darwin, and then go off to Linux or one of the BSD variants, where the history is of based on actually being OPEN, rather than closed as Apple traditionally has been. It's also sad to see so many nice people putting so much effort into making Darwin everything it should be, and not being able to help them. Without help, I fear their efforts will be in vain.

--Finlay Dobbie
Read the rest in ~finlayd: articles: thinking stupid

Monday, March 25, 2002
There is more Java outside of Sun than inside--more revenue, more product, everything. Sun is the steward but not the prime beneficiary or the prime contributor to the sum total of all that is Java.

--Steve Mills, IBM
Read the rest in The goal: Sun looks for payoff to Java addiction

Sunday, March 24, 2002
wouldn't it be nice if more vendors acknowledged bug reports? I have sometimes had useful "yes, it is an error, this is the problem and here is a workaround" messages, but more often, the report drops into a black hole and I never hear again. Not exactly encouraging when I might have spent hours distilling the problem down to a simple example.

--Paul Spencer on the xml-dev mailing list, Friday, 22 Mar 2002

Saturday, March 23, 2002
Open-source programs are subject to much more scrutiny and, in case of problems, fixed much more quickly than closed-source programs. Apache is not more popular than Microsoft IIS by accident; one of the reasons is that it is more secure.

--Jean-loup Gailly
Read the rest in News: Too much trust in open source?

Friday, March 22, 2002

KDE3, soon to be released, does marginally more than KDE-1.x did. Yes, there are improvements. But KDE-1.x would compile from source in about two hours on a Pentium-133 with 64 megs of memory, and when it was done compiling it would run snappily on the same hardware. Today's KDE3 release candidate takes eight hours on an Athlon running at 1.2 gHz with 768 megs of RAM. And when it is compiled, it runs just about as quickly as KDE-1.x did on that P-133.

There's a school of thought, and it's not entirely invalid, that suggests that this is of no particular concern -- that the Athlon machine with all its bells and whistles and oodles of memory probably cost less than that old P-133 machine did. But there's also a school of thought to which I adhere, and it holds that programmers have been spending our resources like drunken sailors hitting port on payday.

--Dennis E. Powell
Read the rest in Linux for the rest of us.

Thursday, March 21, 2002
Compilers are a lot smarter than we are, and we can be sure that over time, Java compilers will benefit from the technology that we know has gone into the last 30 years of FORTRAN compiler development. Eventually Java compilers will catch up, and there is no reason to abandon good OO coding styles because more hurdles remain.

--James W. Cooper
Read the rest in Java Pro Magazine - Javatecture

Wednesday, March 20, 2002
There is a real problem in both the US and Western Europe today with people trying to own and control ideas, but that is something bigger than just software or free software. Ironically it is having the same effects on free software as other things å‹ all the great innovation is moving to Eastern Europe, India and South America.

--Alan Cox
Read the rest in The ITW Interview

Tuesday, March 19, 2002
the open source development model is great for getting the fun/short things done, but it is terrible to get the long-haul, boring, repetitive or dull things done.

--Miguel de Icaza
Read the rest in Mono and GNOME. The long reply.

Monday, March 18, 2002
This morning ICANN killed the concept of public participation in ICANN and established in its stead a paternalistic oligarchy. The Internet will now be run by a body that adheres to principles that otherwise died with the era of Queen Victoria and King Leopold.

--Karl Auerbach
Read the rest in ICANN in for a Domain Change

Sunday, March 17, 2002
Jon Shirley, the only CEO of Microsoft to be universally identified as a grown-up, told me during his last week at the helm that the best thing that had ever happened for Microsoft's language business was Borland International and its language business. Borland, under the wacky Philippe Kahn, gave Microsoft fits. Borland languages were often better than Microsoft's, and always cheaper. The result was that Microsoft, even though it continued to be the larger player in that business, couldn't coast. Borland forced Microsoft to be a better company for its customers, which is exactly what Jon Shirley was talking about. Now look at the problems Microsoft has today, and you'll see that they all come down to a lack of credible competition. Netscape was good and made Internet Explorer better, but today nobody at Microsoft even pays attention to Netscape, just as they no longer pay attention to Novell in networking or, alas, even Borland in languages. Microsoft has killed all the competitors, or at least cowed them to the extent that there is now plenty of excess bandwidth in Redmond for megalomania. This is bad for Microsoft and for its customers. Jon Shirley knew that, but I don't think that Gates or Ballmer do. So the best thing for Microsoft would be a formidable competitor. This kinda sorta exists in Linux, except that Linux isn't organized in any sense, and Linux attacks only Microsoft provinces, not the homeland itself.

--Robert X. Cringely
Read the rest in I, Cringely | The Pulpit

Saturday, March 16, 2002
The growing abundance of OS X fruit on the UNIX tree creates new and interesting market conditions for Linux, along with every other UNIX branch. There are sales projections for six million iMacs alone. Many of these machines will be penetrating markets where Linux has strong incumbent server positions, such as science and education. Lawrence Livermore National Laboratory was once Apple's biggest customer and might easily reclaim the title. In January 2002, the state of Maine announced its intent to give a new iBook to every teacher and student in the seventh and eighth grades. All those kids will have their own UNIX machines. Consider the implications.

--Doc Searls and Brent Simmons
Read the rest in UNIX under the Desktop

Friday, March 15, 2002

If you have good customer service, you shouldn't ever have a customer turbo a call on you. That's axiomatic. When a call gets turboed, it's a sign of problems in your policies or organization.

Take it as constructive criticism. Here's a person who cares enough about your service to try and let you make it right. They were passionate enough to call you, despite the roadblocks. They were willing to give your company one last chance, rather than jumping ship to the competition. Don't ignore them -- cherish them, and make things right. And then find out what went wrong inside your company, and fix it so that you never have to get another turbo just like that one again.

--Rob Levandowski
Read the rest in The Art of Turboing

Thursday, March 14, 2002
I think it's absolutely ridiculous. Sun made sure Microsoft couldn't actually do anything with Java except ship something that Sun defined completely, and then when Microsoft decided that they didn't want to do that, Sun has the nerve to sue them?

--Chris Sells
Read the rest in Developers' Reaction to Sun Suit Is Mixed

Saturday, March 9, 2002
I have no confidence that the sorts of rigid type systems OO and SQL DBMS folks trumpet have *anything* to do with reducing programmer errors. "integer", "string", "float" is a criminal nonsense. Programs don't fail because someone passes a float when a string is expected. They fail because someone passes a non-prime number when a prime is expected, because of some boundary condition in the declarative code that coverage testing missed.

--Uche Ogbuji on the xml-dev mailing list

Friday, March 8, 2002
It has never been easy to be a human rights activist, but it has been worse since Sept. 11. Invoking the cause of anti-terrorism, all dictatorships now have a good excuse to justify repressions to come.

--Moncef Marzouki
Read the rest in On 7th Day, Science Fair Rested

Thursday, March 7, 2002
There are a lot of things connected to totalitarianism, such as the ability to affect the technical architecture of the Net and the increasing number of standards and protocols that are being passed down by the likes of Microsoft. I worry that the Net is closing. I would say that .Net and HailStorm are huge threats and really diabolical. The problem is that hardly anybody recognizes it because they don't know what .Net is or how it works. They don't know that Microsoft is trying to own all of your transactions, literally.

--John Perry Barlow
Read the rest in Tech News - CNET.com

Wednesday, March 6, 2002
When standards committees and government mandates tried to impose an orderly evolutionary process (Ada and COBOL come to mind), innovation came from out in the wilds of academia (LISP, BASIC) or industry labs (C). Even today when industry consolidation and quasi-monopolies have consolidated things down to about two dominant platforms (Windows and Java), and they seem to be converging on most of the same basic ideas (C#), there's a lot of innovation in programming languages out there in the wild. Python, Ruby, PHP all seem to be growing in popularity.

--Mike Champion on the xml-dev mailing list, Tuesday, 05 Mar 2002

Tuesday, March 5, 2002

Living with a three-year-old offers an odd perspective on the world. Whenever Tristan and other children his age play in each other's vicinity, an important parental task is to break up squabbles over who's playing with which toy for any given 30 seconds. "You need to share your trains with Peter," we'll say, and we'll hammer that lesson home 15 or 20 times in an afternoon.

Good thing we don't have to explain the current hullabaloo surrounding intellectual property to him. "Why don't the record companies want to let people share music?" he might ask. "Because they don't want to, and they have contracts that say they can do whatever they want with it," we'd reply. "But if I don't want to share toys with Peter, you tell me to put them up in your bedroom before he comes over. Why can't they put their music away where no one can get it?" Here's where we start to beat around the bush. "Well, because they want everyone to buy their music instead of sharing it." The three-year-old mind pounces. "So if Peter wants to play with my trains, I can make him give me a candy bar?" "No," we retort, falling back on parental say-so, "that's not nice, you just have to share."

--Adam C. Engst on the TidBITS mailing list, Monday, 25 Feb 2002
Read the rest in TidBits 618

Monday, March 4, 2002
A world divided cannot stand -- and a world cannot survive partly rich and mostly poor.

--Ismail Serageldin, director of the Bibliotheca Alexandrina
Read the rest in On 7th Day, Science Fair Rested

Sunday, March 3, 2002
Issuing a statement doesn't solve any problems. Microsoft is notorious for treating security as a public-relations problem. Gates said all the right words. If he does that, it will be a sea change. I'd like to believe him, but I need proof.

--Bruce Schneier
Read the rest in Gates makes security top focus

Friday, March 1, 2002
It's just amazing to me how many Unix applications are written in purely monolithic style, not even bothering to exploit the hundreds of dataflow objects (aka tools) shipped with the system, never mind the thousands more that anyone can trivially install for free.

--John Cowan on the xml-dev mailing list, Wednesday, 27 Feb 2002

Thursday, February 28, 2002
What we're looking at here is the fact that you can have mobile code now inside of a music file. So you start getting into security problems like macro in Word documents, or ActiveX or JavaScript problems in HTML files. Once you get code inside of a data file, you start having problems.

--Richard Smith
Read the rest in From serenade to security hole?

Wednesday, February 27, 2002
By the end of the year, two platforms--J2EE and .Net--will essentially control the programming languages market. J2EE already commands large market share, while Microsoft has moved all of its languages over to .Net. However, unlike five years ago, the differences between platforms is no longer that they are language-specific, as .Net and J2EE each represent more than one language.

--Matt Liotta
Read the rest in News: The developer's dilemma

Tuesday, February 26, 2002
Most experienced and highly productive developers (in my observations) use a decent editor (emacs, JPadPro, SlickEdit, or even vi) coupled with a debugger. Graphical IDE's tend to be slow, bulky and just get in the way for experienced developers (having built many hyper-performance development teams). IDE's hold out the marketing promise of turning a junior/intermediate/less experienced developer into a veteran hotshot. Unfortunately the marketing hype does not deliver in the real world.

--Andrzej Jan Taramina on the xml-dev mailing list, Wednesday, 30 Jan 2002

Monday, February 25, 2002
The government doesn't have a good track record of *intelligent* regulation of technology-related matters. Anti-hacker efforts, for instance, seem to have put more whistle-blowers and good-samaritans in jail then malicious hackers.

--Michael Brennan on the xml-dev mailing list, Thursday, 21 Feb 2002

Sunday, February 24, 2002
Exposing any consumer-class OS to the internet without taking serious steps to secure it is asking for trouble, with a near guarantee of getting it.

--Amy Lewis on the xml-dev mailing list, Wednesday, 20 Feb 2002

Saturday, February 23, 2002
I think anybody's a fool to put XP on their computer. It's like installing a continuous, 24-hour monitor on your mind. But people are doing it like crazy because they don't know any better.

--John Perry Barlow
Read the rest in Tech News - CNET.com

Friday, February 22, 2002
Most people I know writing web applications are smart enough to know not to write them in C or C++. Most web applications are written in Java, ASP (VBScript/Jscript), and Perl. None of which I've seen have a problem with buffer overflows.

--Dare Obasanjo on the xml-dev mailing list, Wednesday, 20 Feb 2002

Thursday, February 21, 2002
So even now at JDK 1.4, Sun is still evolving Java's security and trust model, and it still comes up short on more than one front. For example, there's still no security management tools delivered with JDK or JRE that would let anyone but an expert user manage the security settings. As if expert users were the only ones who had vulnerable machines.

--Greg Guerin on the java-dev mailing list, Wednesday, 20 Feb 2002

Wednesday, February 20, 2002
When Chinese authorities ordered Microsoft to surrender its software's underlying source codes--the keys to encryption--as the price of doing business there, Microsoft chose to fight, spearheading an unprecedented Beijing-based coalition of American, Japanese, and European Chambers of Commerce. Faced with being left behind technologically, the Chinese authorities dropped their demands. Theoretically, China's desire to be part of the Internet should have given the capitalists who wired it similar leverage. Instead, the leverage all seems to have remained with the government, as Western companies fell all over themselves bidding for its favor. AOL, Netscape Communications, and Sun Microsystems all helped disseminate government propaganda by backing the China Internet Corporation, an arm of the state-run Xinhua news agency.

--Ethan Gutmann
Read the rest in Who Lost China's Internet?

Tuesday, February 19, 2002
Microsoft is a cancer on technological innovation. They are a primary reason that we mostly have (and accept) crap software on our PC's today and why most computer technology innovation has come to a grinding halt.

--Frank D. Greco on the wwwac mailing list, Tuesday, 12 Feb 2002

Monday, February 18, 2002
What happened on Sept. 11 was a failure of doctrine, in that pilots and personnel on airlines were told to be passive, to accommodate terrorists if they struck. The doctrine was revised and changed by an ad hoc committee of a dozen Americans rebelling on Flight 93 within one hour of attack. No FAA, no Senate Committee. It was done by an ad hoc committee. And no one has questioned the committee's decision. That's power. Performed by amateurs.

--David Brin
Read the rest in Privacy Foundation: Privacy Watch

Sunday, February 17, 2002
Apple is positioning itself as the BMW or Lexus of computing, with elegant designs that -- underneath the skin -- are no different than a Ford Taurus or a Honda Civic. The new iMac even comes with a gray polishing cloth, so proud owners can buff their computers to a high shine like car owners waxing their four-wheeled status symbols on a warm weekend afternoon.

--Mike Langberg
Read the rest in Mercury News | 02/13/2002 | New iMac is not an earthshaking change

Saturday, February 16, 2002
Modularity is an essential part of a reliable system. If you cannot change one part of the system without needing to modify the rest of the system you cannot fix a bug without risking introducing thousands more.

--Alan Cox
Read the rest in The ITW Interview

Friday, February 15, 2002
JBoss is an excellent piece of software; it's one of the best J2EE servers around, at any price. If JBoss is not compatible for legitimate technical reasons, fine. But if JBoss can't be certified because Sun won't test it, then certification is meaningless.

--Mike Loukides
Read the rest in ONJava.com: Will You See Open Source J2EE Implementations? Not Likely.

Friday, February 14, 2003
programmers love the concept of assertions so much because it's like having your cake and eating it. On the one hand you can kid yourself you're protecting yourself by testing for error conditions that you know you should, but on the other you're absolved from any responsibility if the extra checks have a performance impact because they won't be there in production code. Except of course people usually leave assertions turned on in practice, certainly once they've been through the loop of puzzling over obscure bug reports from the field and muttering "that can't happen, that assertion check should have picked that case up", just before their face turns white and they realise assertions are compiled out!

--Rolf Howarth on the java-dev mailing list, Monday, 11 Feb 2002

Wednesday, February 13, 2002
Even when Microsoft patches the current round of security holes, it's only a matter of time before someone comes up with another one. Domain-security related holes are reasonably frequent, and when the next one pops up MSN will be wide-open again.

--Tom Gilder
Read the rest in Microsoft plugs six browser holes

Tuesday, February 12, 2002
In our surveys, java.sun.com easily beats out all publishers as the primary purveyor of Java info; MSDN (Microsoft Developer Network) is the primary source for hard core MS developers. Part of the problem that the publishing industry has with eBooks is that it thinks that it's about books. And while PDF is a part of the picture, I don't think it's the principal technology that will change the landscape.

--Tim O'Reilly on the "Computer Book Publishing" mailing list, Saturday, 02 Feb 2002

Monday, February 11, 2002
SAX2 was almost finalized when the JAXP 1.0 process (belatedly) completed, based on SAX1. It did seem odd that since JAXP 1.0 was so late, it didn't hold off just a bit longer. IMO that was a symptom of a "community" process that didn't really reflect the community ... :)

--David Brownell on the sax-devel mailing list, Friday, 08 Feb 2002

Sunday, February 10, 2002
Sun's philosophy toward unreleased products seems to be the opposite of Apple's. Apple will barely admit to the existence of a project until it's ready to release. Sun announces the release of every product several times, even when it hasn't actually been released even once. :)

--Peter Eastman on the java-dev mailing list, Thursday, 7 Feb 2002

Friday, February 8, 2002

Microsoft, in particular, has repeatedly plunged forward with a seductively simple yet dangerously powerful idea. In academia it's called "procedural attachment"--letting a program appear in place of data. Why do this? In a nutshell, programs are more versatile than data.

So Microsoft built ActiveX, a technique within Windows for automatically downloading and executing arbitrary programs. And Microsoft put macros into its word processor, along with a technique for automatically executing a macro as soon as a document is opened. And Microsoft made it easy for an e-mail script to do almost anything

But the company didn't worry about security, and guess what? One of the ways in which programs are more powerful than data is that they can be designed to replicate. That's the basic principle behind the computer virus. A Word macro can save itself to other files. An e-mail script can re-mail itself to everyone in your address book.

--Bill Joy
Read the rest in Microsoft's blind spot - Tech News - CNET.com

Thursday, February 7, 2002

Microsoft has terrible APIs to code against. Anyone who has used Win32 and any combination of the various layered cakes that have been built on top of it has stuck to that platform only because of the size of the market, but it is one of the most horrible APIs ever built.

To make things worse, an evolution of APIs, components, memory management contracts and patched up versions of COM have made the platform horrible.

Microsoft has injected fresh air into their platform by building and designing a new programming platform that addresses all these pains. They have incorporated many ideas from Java, and they have extended it to address new needs that developers had. They took where Java left off.

--Miguel de Icaza
Read the rest in Mono and GNOME. The long reply.

Wednesday, February 6, 2002
One of the great ironies of the OSI Reference Model for communications is that is has succeeded - not as a computer to computer - communication model but as a programmer-to-programmer communication model

--Sean McGrath on the xml-dev mailing list, Tuesday, 05 Feb 2002

Tuesday, February 5, 2002
the protocol stack we use today (SOAP, XML, HTTP, TCP, IP, ...) can be seen as a highly successful implementation of the OSI Reference Model. It's the OSI protocols that failed, not the layered reference model. And the protocols failed not because there were too few implementations, but because there were too many (one for each computer manufacturer), whereas TCP/IP had a single portable implementation that was available free of charge.

--Michael Kay on the xml-dev mailing list, Tuesday, 5 Feb 2002

Monday, February 4, 2002
Watch any usability test where the product is failing - the users inevitably blame "their own stupidity." Better that 100,000 users should feel stupid than one programmer admit he didn't do a very good job. Don't let anyone tell you that as a programmer you don't have to make moral or ethical decisions. Every time you decide that making users feel stupid is better than fixing your code, you're making an ethical decision.

--Joel Spolsky
Read the rest in Joel on Software

Sunday, February 3, 2002
I think computer people are the worst in the world for always going meta. Even when we have a clear problem to solve (like, implement an accounting system), we always try to attack the meta problem and the meta-meta problems first. I admit that abstraction is a good way to attack problems, but taken to far it is a way to avoid solving problems while still looking busy.

--Joshua Allen on the xml-dev mailing list, Wednesday, 30 Jan 2002

Friday, February 1, 2002
I don't ever find that Java is the real bottleneck in any of my work. The bottleneck is far more likely caused by disk I/O, database access, or network delays. The number of places where Java performance needs to be tuned is small. In addition, as a general rule, you write the program in the best OO style you can and then look for tuning opportunities if you find that something is slow, rather than writing code in peculiar and unreadable ways to start with.

--James W. Cooper
Read the rest in Java Pro Magazine - Javatecture

Thursday, January 31, 2002
A few years ago, I tried to persuade my academic friends that Java was a far more elegant teaching language than Pascal or C, and it ought to be taught to students in introductory programming courses. We won that one big time. Java is now the most widely taught computer language because it is object-oriented, elegant, and harder to screw upÌÎbut as Budimli noted, more students are now gaining a computer science education where the only language they want to use is Java. So it isn't just that we thought we'd try to optimize Java: We have no choice. Our new programmers won't (or can't) program in any other language. We're victims of Java's success!

--James W. Cooper
Read the rest in Java Pro Magazine - Javatecture

Wednesday, January 30, 2002
By insisting on some traits of NeXT-ish behaviour, but bowing to the most vociferous Apple loyalists, OS X can at times be a horrible hybrid, and you can reasonably argue that Apple has ruined not just one great UI, but two. NeXT veterans who know they're essentially using a port of the OS rue the loss of unique NeXT features, principally services.

--Andrew Orlowski
Read the rest in How I learned to stop worrying, and abandoned Mac OSX

Tuesday, January 29, 2002

Software builders have tackled — with various degrees of success — some of the most challenging intellectual endeavors ever undertaken. Few engineering projects, for example, match in complexity the multi-million line software projects commonly being launched nowadays. Through its more ambitious efforts the software community has gained precious insights on such issues and concepts as size, complexity, structure, abstraction, taxonomy, concurrency, recursive reasoning, the difference between description and prescription, language, change and invariants. All this is so recent and so tentative that the profession itself has not fully realized the epistemological implications of its own work.

Eventually someone will come and explain what lessons the experience of software construction holds for the intellectual world at large. No doubt abstract data types will figure prominently in the list.

--Bertrand Meyer, Object Oriented Software Construction, 2nd Edition, 1997, p. 148

Monday, January 28, 2002
Those who manage union employees learn that efficient management is about getting the job done quickly because workers are billing against the clock and overtime is to be avoided at all costs. It means not wasting hours on poorly-planned, badly prioritized jobs or committing people resources to fluff projects. Unfortunately, there's a lot of "dig the hole"/"fill the hole" management ineptitude in the New Economy. Managers get away with this because there are few penalties for doing so beyond employee exhaustion.

--Steve Manes on the wwwac mailing list, Thursday, 24 Jan 2002

Sunday, January 27, 2002

Microsoft is attempting to position their Passport single sign on authentication service as the one single identity that an Internet user should need to perform all their online activities. Currently, Passport isn't very widely deployed outside of Microsoft sites (in particular, most Passport accounts currently are actually Hotmail accounts). With their .NET "my services" push, Microsoft is trying to change this.

The current implementation of Passport, ignoring the new Windows XP specific functionality for the moment, is wholly inadequate to this task. It does not allow for sufficient control over the use of authentication information by a user and, where current technologies fall short of the ideal, it trades off security in favor of convenience in a way that leaves users vulnerable.

It is possible to use these design flaws and implementation holes to effectively steal a user's Passport in certain situations

--Marc Slemko
Read the rest in Microsoft Passport to Trouble

Saturday, January 26, 2002

UWB is a form of wireless data communication that uses radio in a completely different way, sending short pulses of energy across the entire zero to 60 GHZ frequency band. Not long ago, only spies and Secret Service agents used this stuff, but now there are many companies, including Intel, that are developing UWB chipsets. UWB could replace communications of all types, ending forever our dependence on wires and making worthless the ownership of radio frequencies.

UWB is like magic or quantum mechanics, whichever you prefer. It is immune to interference just as it doesn't interfere with traditional radio signals, so the FCC is considering UWB as an unlicensed service across all frequency bands -- even cellphones and broadcast frequencies. How could they regulate communications they can't even detect? UWB uses one ten thousandth the energy of networks like 802.11b, yet offers the prospect of greater range and greater privacy along with data rates that are presently around 60 megabits-per-second and might eventually hit one gigabit-per-second. UWB is virtually undetectable by traditional radios, since its signals are considered noise -- noise spread across such a wide band as to be beneath the threshold of traditional receivers. UWB uses multipath interference as a form of error correction! What was formerly considered bad is now good. In fact, UWB only works at all because we know precisely where and when to listen.

--Robert X. Cringely
Read the rest in I, Cringely | The Pulpit

Friday, January 25, 2002
A court has ruled that NSI can screw up its monopoly on dot-com domain name management and face no consequence for its actions. We hope the appellate court will recognize the danger in eliminating all accountability for this key component of Internet governance.

--EFF Intellectual Property Attorney Robin Gross
Read the rest in EFF Media Release: EFF Weighs in Against NSI

Thursday, January 24, 2002
To undertake the proposed merger is to make a big, long-term, bet-the-company move. It worsens the HP stockholders' portfolio of businesses. It does not solve key strategic problems. It creates enormous immediate risk and intermediate-term incremental challenges, and it comes at a very high price to HP stockholders.

--William Hewlett
Read the rest in Hewlett lays out detailed case against HP's bid for Compaq

Wednesday, January 23, 2002
It is poor policy to clamp down indiscriminately on a technology just because some criminals might be able to use it to their advantage. For example, any U.S. citizen can freely buy a pair of gloves, even though a burglar might use them to ransack a house without leaving fingerprints. Cryptography is a data-protection technology, just as gloves are a hand-protection technology. Cryptography protects data from hackers, corporate spies, and con artists, whereas gloves protect hands from cuts, scrapes, heat, cold, and infection. The former can frustrate FBI wiretapping, and the latter can thwart FBU fingerprint analysis. Cryptography and gloves are both dirt-cheap and widely available. In fact, you can download good cryptographic software from the Internet for less than the price of a good pair of gloves.

--Ron Rivest in The Code Book, p. 308

Tuesday, January 22, 2002
We've got bayonets fixed, and we'll go into any cave no matter how dark and dank it is. And in the air war, we'll go after any developer and not just let them turn over to the dark side.

--Scott McNealy
Read the rest in Sun posts loss; McNealy throws jabs

Monday, January 21, 2002
We prove a version of 'Murphy's Law': that the number of defects which survive a selection process is maximised. This applies equally to software and to species; software testing removes the minimum possible number of bugs, consistent with the tests applied, while biological evolution enables a species to adapt to a changed environment at a minimum cost in early deaths. However, while this is an advantage to a biological species - it preserves the maximum amount of genetic variability - it is a drawback for the software writer, as it leaves intact the largest possible number of latent bugs, which may be triggered later by a change in the way that the system is used.

--Robert M. Brady, Ross J. Anderson, and Robin C. Ball in Murphy's law, the fitness of evolving species, and the limits of software reliability

Sunday, January 20, 2002
priority should be given to reliability over performance.

--James Clark on the xml-dev mailing list

Saturday, January 19, 2002
In the 1790s, when the Bill of Rights was ratified, any two people could have a private conversation—with a certainty no one in the world enjoys today—by walking a few meters down the road and looking to see no one was hiding in the bushes. There were no recording devices, parabolic microphones, or laser interferometers bouncing off their eyeglasses. You will note that civilization survived. Many of us regard that period as a golden age in American political culture.

--Whitfield Diffie in The Code Book, p. 306

Friday, January 18, 2002

all you need do to "hack" a companies website that's running an OOB install of IIS 4.0/5.0 is enter a certain malformed URL into your Internet Browser (IE for instance) and click "go". The target of the URL will then be transformed from the website it once was, to whatever the writer of the URL wants it to be. How simple do they have to make it? Not speaking of the cracker, I am speaking about the writer of the web server software. A simple URL can "do-in" a companies website.

Who's fault is it? What does it matter? Sure, the cracker is to blame for cracking the website. But seriously? A simple URL defacement? Click on a link and *poof*, what once was a BIG CORPORATE SITE, relying on Microsoft to provide ample security, was reduced to some script kiddie chanting about the End of the World and how he/she RULEZ! it.

--John Holstein
Read the rest in COTSE | Helpdesk Editorials

Thursday, January 17, 2002

Implicit in the claim that the software industry is "immature" is the belief that this is just because we haven't learned all the tricks yet to getting reproducible results. But this idea rests on a falsehood. The unique thing about software is that it is infinitely clonable. Once you've written a subroutine, you can call it as often as you want. This means that almost everything we do as software developers is something that has never been done before. This is very different than what construction workers do. Herman the Handyman, who just installed a tile floor for me, has probably installed hundreds of tile floors. He has to keep installing tile floors again and again as long as new tile floors are needed. We in the software industry would have long since written a Tile Floor Template Library (TFTL) and generating new tile floors would be trivial. (OK, maybe there would be six versions of the library, one for Delphi, one for perl, etc. And some sick puppy programmers like me would rewrite it. But only once, and I would use it everywhere I needed a tile floor, and I would try to convince my clients that their back lawn would look really nice with tile instead of grass.)

In software, the boring problems are solved. Everything you do is on the cutting edge by definition. So by definition it is unpredictable. That's why software has more of a science nature than a construction nature.

--Joel Spolsky
Read the rest in Joel on Software

Wednesday, January 16, 2002
Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

--Bruce Schneier
Read the rest in Counterpane: Crypto-Gram: January 15, 2002

Tuesday, January 15, 2002
I think we'd all be better off if there were far fewer and far better programmers. Call me a snot, but IMHO A programmer who cannot understand the basic divide-and-conquer algorithmic imperatives that are the foundation of computer science, and that are properly enforced by functional programming, should be quarantined from *any* computer language.

--Uche Ogbuji on the xml-dev mailing list

Monday, January 14, 2002

But my point is that because of computer weirdness, I regularly see an entire morning's work -- sometimes as many as 18 words -- get blipped away forever to the Planet of Lost Data. Needless to say, I use Microsoft Windows. I've been a loyal Windows man since the first version, which required you to write on the screen with crayons. Every year or so, Microsoft comes out with a new version, which Microsoft always swears is better and more reliable, and I always buy it. I bought Windows 2.0, Windows 3.0, Windows 3.1415926, Windows 95, Windows 98, Windows ME, Windows RSVP, The Best of Windows, Windows Strikes Back, Windows Does Dallas, and Windows Let's All Buy Bill Gates a House the Size of Vermont.

My computers keep having seizures, but I keep buying Windows versions, hoping I'll get lucky. I'm like the loser in the nightclub who keeps hitting on the hot babe. His shoes are squishing from the pina colada she poured on him, but he's thinking: "She's warming up to me!"

--Dave Barry
Read the rest in Miami Herald

Sunday, January 13, 2002

Receiving Word attachments is bad for you because they can carry viruses (see http://www.symantec.com/avcenter/venc/data/acro.html). Sending Word attachments is bad for you, because a Word document normally includes hidden information about the author, enabling those in the know to pry into the author's activities (maybe yours). Text that you think you deleted may still be embarrassingly present. See http://www.microsystems.com/Shares_Well.htm for more info.

But above all, sending people Word documents puts pressure on them to use Microsoft software and helps to deny them any other choice. In effect, you become a buttress of the Microsoft monopoly. This pressure is a major obstacle to the broader adoption of free software.

--Richard M. Stallman
Read the rest in Linux Today - Richard Stallman: We can put an end to Word attachments

Saturday, January 12, 2002
As of now, C# represents a total commitment to Microsoft lock-in, and Java doesn't particularly lock you into anyone. C# could be fixed by ensuring there were multiple CLR implementations that worked equally well and had no Windows dependencies. This may well happen.

--Tim Bray on the xml-dev mailing list

Friday, January 11, 2002
The quantitative failure to pay dividends year after year is an inappropriate and, we believe, unlawful device to shelter Microsoft earnings from federal income taxes

--Ralph Nader
Read the rest in Ralph Nader wants Microsoft to pay

Thursday, January 10, 2002
As I walked the floor, I made a mental note of applications that were available for both Windows and the Macintosh. The reality is that there isn't much that is specifically for the Macintosh, with the obvious exception of the hardware from apple, with all the vendors one ends up asking, what is unique here? What Apple has that is unique, and sadly Windows and Linux both lack, is cohesion. Everyone with devices and software for the Mac seem to work so well with each other and the OS. We should strive to emulate that cohesion whenever practical for open source software. Before, the apple story was cohesion without stability or power. Now, with BSD at it's core, you can bet that Apple will be able to attack Windows, SUN and Linux on the power front.

--Chris Dibona
Read the rest in Slashdot | MacWorld Expo Report, Part II

Wednesday, January 9, 2002
Thou shalt make thy program's purpose and structure clear to thy fellow man by using the One True Brace Style, even if thou likest it not, for thy creativity is better used in solving problems than in creating beautiful new impediments to understanding.

--Henry Spencer
Read the rest in The Ten Commandments for C Programmers (Annotated Edition)

Tuesday, January 8, 2002
Property is generally defined by economists as goods that are rival (e.g., if I take your car, you don't have one) and excludable (e.g., you can lock your door to keep me out of your home). As information has become digitized (and therefore nonrival and nonexcludable), the intellectual underpinning of intellectual property has eroded, so that today the term intellectual property is little more than an oxymoron. Intellectual property may, in a few years, sound as strange to the ears as "reasonable attorney fees", "low tar cigarettes", and "Zero Administration Windows" do today.

--Dan Kohn on the TidBITS mailing list

Monday, January 7, 2002
It is simply unacceptable for civilians to be slaughtered as a side-effect of an intentional strike against a specified target. There is no difference between the attacks upon the WTC whose primary goal was the destruction of a symbol, and the U.S-U.K revenge coalition bombing of military targets located in populated urban areas. Both are criminal. Slaughter is slaughter. Killing civilians even if unintentional is criminal.

--Marc Herold
Read the rest in A Dossier on Civilian Victims of United States' Aerial Bombing of Afghanistan: A Comprehensive Accounting

Sunday, January 6, 2002
Seeking to control computer-science research by putting intellectual property concerns before the goal of good science has destroyed countless projects.

--Pete Beckman
Read the rest in Salon.com Technology | Public money, private code

Saturday, January 5, 2002
I believe that in almost all cases, the interests of science and society alike are best served by free distribution of software produced in research labs and universities. Unfortunately, there are still institutions that place significant obstacles in the way of researchers who wish to follow this path.

--Ian Foster
Read the rest in Salon.com Technology | Public money, private code

Friday, January 4, 2002

finally the 'War on Terrorism' is achieving its policy objectives. Osama bin Laden is looking haggard. We may not have caught him or brought him to justice but, at the cost of thousands of innocent Afghan lives, billions of dollars of US citizens' money and the civil liberties of the Free World, we have got him looking haggard.

It's a sensational and ground-breaking moment that justifies all the news coverage it's been getting. If Osama bin Laden is looking haggard, that means he's scared - or tired or eaten something that disagrees with him - but at least it means he's not enjoying himself as he was in his previous video.

This is a considerable triumph for the US forces, for the brave bomber pilots who release their bombs from such considerable and dangerous heights above the ground, and for Tony Blair, who has so fearlessly led his entire nation into the position of being terrorist targets for no good reason that any of us can think of.

So keep up the good work, President Bush and Prime Minister Blair, let's see if we can continue in this vein and perhaps - at the cost of only another few billion dollars, a lot more innocent lives, many more civil rights, and the stability of the Middle East, India and Pakistan, and perhaps a Third World War, we might even be able to make Osama bin Laden frown.

--Terry Jones
Read the rest in Guardian Unlimited Observer | Comment | I remain, sir, Haggard of the Hindu Kush

Thursday, January 3, 2002

What's cheaper than an OS you can buy outright once and install on every PC in your shop -- and upgrade cost-free for eternity to boot? Why, a slew of cheesy licenses for Microsoft Windows, 'Doze Division VP Brian Valentine claims in his latest cheerleading effort for his sales associates.

That's right; a putatively independent analysis by 'we'll-conclude-anything' whores DH Brown is going to rip Linux a new one and find that Windows is actually cheaper. How Valentine knows this is anyone's guess. Perhaps he has a mole in the Brown organization as good as the one we have in his. Or perhaps MS simply paid for it.

--Thomas C Greene
Read the rest in The Register

Wednesday, January 2, 2002
A preinstalled JVM is not an advantage in this world. A JVM that is installable, documented and current is.

--Greg Boswell on the java-dev mailing list

Tuesday, January 1, 2002
The Justice Department and nine of the states prosecuting the Microsoft antitrust case snatched a humiliating defeat from the jaws of victory. Having trounced a corporate lawbreaker in court, they sold out competition and consumers with a vacuous settlement. Nine states, led by California, Iowa and Connecticut, couldn't stomach the deal and stayed the course. But the odds now favor Microsoft, which has never wavered in its determination to continue brutalizing an industry over which it gained absolute control through unethical and illegal practices, and ultimately to control the choke points of commerce and communications. Makes you wonder if crime pays.

--Dan Gillmor
Read the rest in The year in tech: the highs and lows (12/30/2001)

Earlier quotes:

[ Cafe au Lait | Books | Trade Shows | FAQ | Tutorial | User Groups ]

Copyright 2002 Elliotte Rusty Harold
Last Modified at Thursday, January 2, 2003 9:58:46 AM