| Wednesday,
August 22, 2001 Mixed bag today.
Begin with the simplest:
Are you aware that your site has no alternates, so
that it comes up meaningless when automatic image downloading is disabled?
Try accessing it with Netscape after the disable, or with Lynx (a text
only browser).
Alternates in your image links will fix this nicely.
-- Chuck F (cbfalconer@yahoo.com) (cbfalconer@XXXXworldnet.att.net)
(Remove "XXXX" from reply address. yahoo works unmodified) mailto:uce@ftc.gov
(for spambots to harvest)
I never know what to make of letters like this. I
have learned from long experience that the confrontational tone isn't
always intended, and often the sender is unaware of just how this sounds
to people not brought up in the tradition of superlatives and shouting at
each other.
In any event, there's no one to do
"alternatives" to make this meaningful to people who use
Netscape with imaging disabled, and if I want to make this pretty for Lynx
I would I expect do little else. So it goes. My apology but what I intend
to do here is nothing.
Regarding the current column:
On August 20 you wrote:
| I have no sympathy for worm
farmers, but I have | even less for "professionals" who can't be
bothered | to do what they are paid for.
But have you ever *done* this job? Have you ever
actually tried to support a large enterprise with hundreds or thousands of
servers, where new security fixes are released on a weekly or even daily
basis, and where every patch risks breaking a critical application?
In many cases, the risk to a business of applying
every patch is greater than the risk from viruses and worms. That's
because the vendors aren't always as careful as they might be in making
sure a patch doesn't change the behaviour of a system in such a way that
applications will break. This is understandable, they're under a lot of
pressure to release patches quickly.
It's not as simple as you make out!
Regards,
Chris
Of course I have never "done this job"
but I do have the column vetted by people who have done similar jobs. And
I would have thought that professionalism includes knowing what are
critical updates and what are not: that it is part of what a professional
who "does this job" knows, or should know.
Nor did I ever imply that this is
"simple". Neither is driving an 18-wheeler truck
"simple" although it is done fairly often.
Two points
Using current operating systems it's impossible to
provide real security as there is always a time gap between the creation
of a exploit and the publication of the cure. Even the best sysadmins will
be caught out sometimes. The only real fix is for operating systems to be
designed from the ground up with security in mind (just like a bank, where
the default is that the doors and windows, if they exist at all, are
closed, locked and bolted.) Unfortunately this conflicts with the
marketing requirements of at least one major supplier of PC operating
systems.
It suddenly occurred to me that many companies
require the use of a "change management" system (complete with
committees and other bureaucracies) so that their computer services are
developed and maintained in an orderly manner. It also occured to me that
any such company, if it hasn't got the sense to trust it's own sysadmins
to perform emergency security fixes without authorization, is a sitting
duck for hackers. I hope no companies are so stupid as to work in this way
but in the past I've worked for a defence contractor and know that
stupidity can be a way of life :-)
-- /\ Geoff. Lane. /\ Manchester Computing /\
Manchester /\ M13 9PL /\ England /\
You are only young once, but you can be immature
forever.
In fact I had dinner Monday night with some
people who are designing tools to make life easier for systems
administrators.
As to the difficulties, "You knew the job
was dangerous when you took it, Fred."
Some welcome news:
A far cry from the days of a $500-$1200 SDK.......
http://www.zdnet.com/eweek/stories/general/0,11011,2805288,00.html
In case you don't want to chase that link from your
56k line, it is IBM making it's Web Bench development studio open source,
saying "it will never be sold for profit"
Marlin Roberts
Hurrah. They learned something. Astounding.
On the Sklyarov case
Congratulations on an excellent column! "I
don't want to see the FBI arrest someone for writing a book on how to
build a printing press" - great stuff! I'm also impressed with your
advice on avoiding Outlook macro viruses - you just don't get this kind of
advice from the news media, beacuse it isn't sensational or a good
"sound bite".
Just a small point, you mention the questioning of
"effective" protection. The DMCA specifically covers this:
"a technological measure `effectively controls access to a work' if
the measure, in the ordinary course of its operation, requires the
application of information, or a process or a treatment, with the
authority of the copyright owner, to gain access to the work." So, it
doesn't need to be proof against hacking attacks in order to gain the
protection of this law. A paperclip clearly isn't a lock, and is a bit of
an exaggeration. I appreciate the sentiment, though.
Philip Hibbs Cap Gemini Ernst & Young Wynyard,
UK 0870 238 8892 +44 1483 24 8892
***************************************************
" This message contains information that may be
privileged or confidential and is the property of the Cap Gemini Ernst
& Young Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message
or any part thereof. If you receive this message in error, please notify
the sender immediately and delete all copies of this message ".
********************************************************
subject: Dmitry Sklyarov
Jerry:
I can't figure out why adobe, at first, and the US
government, currently is going after Dmitry Sklyarov personally? If he
wrote the software as an employee of a company then doesn't the company
own the software and therefore inherit any gains, losses, or liabilities
associated with that software? Even if he was an independent contractor
his work would become the property of the contracting agent, in this case
the software company.
As an engineer I am forced to sign patent
agreements, work agreements, and NDA's, before I can work at a company.
This holds true for scientist, especially scientist involved in medical
drug development. Wouldn't a guilty verdict against Dmitry Sklyarov either
invalidate or call into question those agreements and any case law that
those patent agreements are based upon. I hate play acting at Perry Mason
(since I am really bad at it), but this whole episode has me greatly
concerned. I'm probably not the first to think of this, you yourself
alluded to it in an email comment, but our governments heavy handed
attitudes of late would probably either make King George laugh himself
silly or the founding fathers roll over in their graves.
rock on
ds
I certainly would have thought that civil matters
should be served as civil cases before resorting to criminal law. Clearly
Adobe's intent was intimidation. They succeeded, but they also managed to
make enemies of some rather clever people. We will see what the future
brings.
 And
an important missing point:
Good day Jerry. This makes two letters in two weeks.
Interesting times.
First, a story of one physicist's job doing
operations analysis and slide rule manufacturing in the Pacific Theatre:
http://physicstoday.org/pt/vol-54/iss-8/p40.html
Second, there's a point missing in just about all
the coverage of the Sklyarov case to date. Sklyarov's ebook program does
not crack passwords. Nor does it spread decrypted ebooks across the
internet like some unholy crossbreeding of Gnutella and the Sircam virus.
It simply takes the password the user gives it, and saves the ebook as an
ordinary pdf file. The program will not work without the correct password,
provided by the user, presumably the purchaser. Hopefully we won't get to
the point where the right to read an ebook is not transferable to other
household members.
This how ebook protection is designed. As long as
the client program attempting to access the ebook provides the secret word
(toy duck optional), the ebook happily proffers its goodies. It cares not
if the client is a rights shackled ebook reader, or a virus emailing all
ebook documents it handles to dubya@whitehouse.gov. In Sklyarov's program,
there is no cracking or circumvention. It relies on the user to give it
access to the file. Without the correct password, it doesn't work. In
professional terms, it is an untrusted client. It's as if you purchased a
lock for your study, or your front door, and you're only allowed the two
keys that came with the lock. You can't buy additional keys without buying
all new locks, and you can't pay anybody to make copies of the keys. You
can make your own copies, but you have to punch the key blanks yourself,
as well as either filing them by hand, or building the grinder to grind
them for you.
Even more disturbing is the fact that the previous
paragraph is in potentially in violation of the DMCA, though not likely,
as it's too vague to be useful. One part of the DMCA declares that only
"authorized researchers" can publish the results of their
examinations of protection schemes. This means that only the emperor and
his hand selected circle of fashion critics can comment on his wardrobe.
Authors will have to rely on Adobe's salespeople, and their anointed
shills - I'm sorry, I meant independent evaluators - to learn how
effectively protected their documents will be. I'm not sure exactly how
much Adobe's ebook authoring software costs, I think it's about $300,
certainly not much less, and likely quite a bit more. Just how much are
you willing to spend on authoring software without being sure of the
actual degree of protection it offers for your documents?
I see a pretty clear demarcation of responsibility,
between Sklyarov, and his program, and the ebook purchaser who makes his
decrypted ebooks available for anonymous ftp, in violation of his
purchasing/license agreement. You can make a case for vicarious or
contributory copyright infringement, but I wouldn't want to see such a
case stand in the absence of any actual infringement. You can also argue
that it's against the law, but unless you're one of those rare individuals
who always obeys the posted speed limits, never uses illegal drugs, never
jaywalks, never drank underage, and (for those over a certain age) never
drank alcohol during Prohibition, I would suggest taking a close look at
human behavior, and in particular the behavior of US citizens when
presented with unpopular laws. Not even the Pope can get US Catholics to
follow the rules.
And let's keep a bit of perspective here. We're
talking about writing a tool that saves electronic books in a more
portable format. We're not talking about drunk driving, parking in
handicapped spaces, or rape. Nor are we talking about a counterfeiting
operation that's shipping books across the land to be sold in flea markets
and on the streets of New York. For this we're ceding away first amendment
rights and consumer protections? Do we really want to make copyright
violators face more severe criminal penalties than drunk drivers and
people who park in handicapped spaces? Although counterfeiters on the
other hand...
Thank you for your time Jerry, I know how little of
it you have... Bruce
My sentiments exactly. Thanks. In the absence of
any proof the program has EVER BEEN USED in an illegal manner, the man who
may or may not have written the program is arrested and treated like a
common criminal, bussed to Oklahoma, denied bail, and in general
humiliated for a crime that was not a criminal act in Russia, and which
may in fact not have resulted in any crime at all: there is no allegation
even by ADOBE that anyone ever used this to make illegal copies of a
protected program available to anyone.
Shame, Adobe. Shame.
I've just read your BYTE article regarding Dmitry
Sklyarov and DMCA.
To me, one of the (many) problems with DMCA is that
it paints with such a wide brush.
Under DMCA, if someone were to develop a unique
encryption scheme to protect an illegal activity (such as kiddie-porn,
money-laundering or fraud), that individual is actually protected by DMCA.
That is, they could prosecute another individual who developed a
decryption scheme, or even if someone who simply discussed the methods for
decryption.
I don't think it was the intention of the authors of
DMCA to protect criminals.
That said, I don't think the authors of DMCA put
very much thought into the law at all. They simply followed the directions
of a lobby group who's intent was to protect their copyright at the
expense of everyone else.
-- Charles Milner - Harts Systems Ltd http://www.harts.com
On another subject:
Subj: Not All Linux Enthusiasts Are Fuggheads
I certainly don't want to stop you calling
Linux-Enthusiast-Fuggheads (LEFs) "fuggheads".
I'd just like it on the record that I consider
myself a Linux enthusiast, but not a LEF. And that I bet I'm not alone.
Please keep up the good work -- I'm especially
happy, when I've read your Web site recently, to see you spending more
time on Fiction!
Rod Montgomery == monty@sprintmail.com
Heck, I consider myself a Linux enthusiast. A lot
of the people who beat me about the head and shoulders for my Linux
attitudes learned of it from me in the first place, and I was the one who
discovered Moshe Bar for Byte. Ah well. But Linux does not clean my
dirty floors or throw away my trash. Neither does Windows...
On Worm and Viruses:
Great job on Sklyarov vs DMCA. If enough people
become aware of the case, releasing him and trimming back the DMCA should
be a no-brainer.
Actually, there have been several theoretical
vulnerablities only requiring browsing a malicious page with IE, or
previewing malicious mail with Outlook. All the ones I've seen were
ActiveX problems. There is one out there now that is described here:
http://www.guninski.com/vv2xp.html
As far as I know, none have been found in the wild
(fortunately!). It would be interesting to know if Microsoft has fixed the
vulnerability above in the Friday release of XP, I have not been able to
find word of anything but the existence of the vulnerability anywhere,
thus far.
Jim
Most viruses and worms are actually found by
tiger teams looking for holes, and the holes are fixed before anything
exploiting them gets loose. Most. But clearly not all...
And on the new math tests (excepted from a
discussion elsewhere):
The new tests are based largely on the belief
systems of the NCTM National Committee of Teachers of Mathematics, which
is behind the recent "WASL" test prep course that has 10th
graders figuring how how many cornflakes will fit into a cereal box
instead of how to solve for x when the square root of (x * 3) - 7 = 22.
The answers to 4th grade math problems can be found in high school texts,
if they can be found at all (independent probability, similar triangles,
comparing probability with common denominators up to 24ths etc.)
The new tests are based on the assumption that
anything remotely resembling an IQ test or SAT is by definition, biased
and invalid, and that everything must be done the exact OPPOSITE of what
most h-bd believe the way a test must be constructed and scored. So
instead of one correct answer, there are zero or many correct answers.
Instead of grading on a curve, a committee sets a cut score even if, or
more likely because 90% of most students fail. Instead of setting a pass
point or correct answer before giving the test, it's set AFTER the test is
given and all answers are in. A question with a good explanation but a
wrong numerical result is scored higher than a right result without a good
explanation. I'm still perplexed why the IQ hawks have completely ignored
this massive bastaridzation of the testing process.
The entire notion of a "cut score" for
public education system whose purpose is to education people at ALL levels
of performance up to 12 years is invalid on its face. In fact, any talk of
- raising standards - high standards for all -
excellence for all - world class standards for all - eliminating grade
promotion - a meaningful diploma - eliminating seat time based learning -
accountability - continuous improvement
is bogus, and based on the flawed theory of
"outcome based education", the educational equivalent of
socialism, which promises equal wealth for all, ed reform promises high
academic achievment for all, which is basically impossible given the bell
curve.
What really gets my goat is the new "Dale
Seymour" math textbook, where ANY method of computation including
counting on your fingers to 36 or drawing pictures up to 144 is valid, but
the only method they consider "wrong" is what used to be the
"right answer". So carry and borrow, long multiplication and
division are out. In fact, they assert that mathematicians don't even use
the )----- long division notation, and that it doesn't even mean you have
to use long division. They specifically state that 10 divided by 4 is NOT
to be called 2 r 2, but "whatever the student is to be comfortable
with". You can count cubes in layer, count one by one, or multiply in
one layer and then add but NEVER, EVER accept that the volume is L X W X H
because that's "rote learning". The only conceivable purpose for
such a math book is to eradicate arithmetic as we know it because it is
the cause of racism, sexism, homophobia, global warming, and all the other
evils of society.
Arthur
And the reply
Arthur,
You are not *nearly* cynical enough. The purpose of
such math "instruction" is to create jobs for Remedial Math
teachers all the way up through America's 4-year "Universities".
All this stuff makes sense if you think of America's system of public
education as a patronage jobs program for
otherwise-unemployable-in-"professional"-jobs members of the
core constituencies of the Democratic Party.
Jim
I leave the rest as an exercise for the reader. But
see below.
Dear Dr. Pournelle, Your correspondent who referred
to "Alternates in your image links" was noting that you don't
have "alt=" tags in the image tags. It's a usability feature
that allows people using text only browsers to be able to navigate around
a website. Those tags are required in Federal websites. Section 508 covers
that. I know Sec 508 because I work for a DoD contractor. Once we got
through the gobs of legalese we discovered that Sec 508 simply requires us
to do sensible and polite things like "alt=" tags or text-only
versions of a website. Things that professional web developers (and yes, I
realize thet you are not in the profession of developing web pages, but we
are) should be doing anyway. We found that we were already compliant,
because we have good people here. Imagine, a Federal Regulation that
doesn't impose unreasonable overhead. What a concept.
The primary purpose of section 508 is to provide
access to and use of Federal agencies’ information technology by
individuals with disabilities. Primarily the blind, but also the deaf (if
the site has audio content). It only applies to Federal Agencies, but note
that AOL got in deep water with the National Federation for the Blind (as
I recall) for not having "alt=" tags, on account of the blind
can't use AOL. Really. If you can't see the graphics, you can't navigate
around AOL and, since AOL provides a "public accomodation" they
got nailed under the ADA. (AOL may have fixed this by now)
To quote from the Section 508 Guide to the
standards:
A text equivalent for every non-text element shall
be provided (e.g., via "alt", "longdesc", or in
element content).
What is meant by a text equivalent? A text
equivalent means adding words to represent the purpose of a non-text
element. This provision requires that when an image indicates a
navigational action such as "move to the next screen" or
"go back to the top of the page," the image must be accompanied
by actual text that states the purpose of the image. This provision also
requires that when an image is used to represent page content, the image
must have a text description accompanying it that explains the meaning of
the image.
HTML Source Code: <img src="art/logo-green.gif"
alt="Access Board Logo">
:End of quotation
The 508 website: http://www.access-board.gov/508.htm
The Guide to the standards: http://www.access-board.gov/sec508/guide/1194.22.htm
Sorry for the length of this letter.
Sincerely, Kit Case kitcase@home.com
Wonderful. Every time I do anything I have to go
put in alt = tags as well? In which case I will simply shut down. I
haven't the time to do all that. I am sure it is a nice thing to do, and I
am equally sure no one will do it for me.
Hi,
I just read your article and went looking for the
update 7019xme.exe and found it and the other one 701nt2kme . Here is the
url I found using web ferret and the name of the file.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000111006445306
Hope this helps you to find it on their web page.
Rustyb (Rick)
I didn't need to find it on their web page. I was
hoping to shame them into making it easier to find.
Jerry,
Let me start off with a plea to get Mamelukes and
Burning Tower into bookstores so that I can get my hands on them.
Secondly, after lurking for some time, I feel the
need to respond to the comments made about math education. To start, there
are two main goals of math education: computation and problem solving. To
achieve the computation goal, the student must master basic facts and a
number of computational algorithms. To solve problems, a student must have
understanding of mathematical concepts, the ability to identify and apply
the concepts which are applicable to this particular problem, and the
computational ability to calculate the correct answer.
Part of the problem in math education is that in the
last 120 years we've seen several cycles in which one of the goals is
emphasized to the detriment of the other. In the extremes of the
"computation uber alles" swing of the pendulum, we see massive
amounts of drill and practice which has the effect driving students out of
the math classes in high school and college. The National Defense
Education Act of 1958 was due in part, to the lack of mathematicians,
engineers, and scientists being produced by our nation's schools: and this
was during the hey-day of math IS computation. The "concepts before
calculation" school of thought also leads to problems. Without a
solid background of computation skills, students may understand problems
but not get the correct answer, which leads by way of lower confidence to
students opting out of math classes in high school and college. About two
million students enter kindergarten every year, but our universities
graduate only 200 Ph.D.'s in math every year (many foreign born). So both
of the extreme positions on math ed have been shown to not be the
"One, True Answer."
Unfortunately, what drives the pendulum swings is
not advances in educational theory but rather political demagoguery. The
major book publishers will print whatever will sell in the large market
states of California, New York, Florida, Texas, and Illinois. A political
backlash against either concepts or computation will soon cause an
avalanche of books which meet public expectations (The publishers are
capitalists after all).
It should be easy to see that knowledge of concepts
without computational ability is a form of mathematical impotency. Yet if
all we teach are the "basics," the only thing our kids get is a
basic education.
What is needed is a balanced approach which
establishes the dual importance of both computational skills and knowledge
of concepts necessary for problem solving. The people that built the
Apollo spacecraft had to have both sets of skills. If our children are to
build the future, they too must have both sets of skills.
And that is where Arthur's complaint over the volume
lesson in the Dale Seymour textbook goes wrong. If the goal of the lesson
is to provide understanding of the concept, then it is bad teaching to say
"Just memorize the formula." It is also bad teaching to let the
students do nothing but play with the blocks to compute the volume of a
rectangular solid. The best practice in teaching is to introduce the
concept of "volume of rectangular solids" using concrete
examples or models so that students can see, feel, touch, etc. in order to
understand the concept. The students must also be taught the formula,
which is often easier when using the conceptual model as a reference
point. Then, the students must be given enough drill so that the formula
and its concept are firmly embedded in memory. Finally, problem solving
activities which make use of the concept and computation formula should be
completed by the students. It is the whole package of activities and
skills that make for good teaching and learning. To criticize any single
portion outside of the whole process is setting up a straw man to argue
against.
As to the cause of all the evils of society, I
didn't cover that in the math classes I taught.
David Coffland
You make good points, but I think there is more
here. I learned math as follows: in first and second grade we memorized
the addition and multiplication tables, largely by reciting them in
unison. Sister would say "Times table by nines" and we would all
sing out nine times one is nine, nine times two is eighteen, and so on
through 9 times twelve is one oh eight." We learned addition
and multiplication through 12's, and so far as I know we ALL learned them
by the end of second grade.
In 5th grade we got things like volumes. But then
I was in Capleville consolidated, grades 1 - 8, two grades to a room,
about 30 pupils to a grade, one teacher and no assistants per classroom.
This was rural Tennessee and the amount of feed in a feed sack or buckets
of water in a watering trough was a matter of considerable practical
interest, and we learned those things. By 8th grade we all knew how many
cubic yards of dirt a slip-shovel (a mule-drawn gadget for doing in a week
what a modern bulldozer does in an hour) will hold, and thus how long it
would take to fill a gully using a team of mules and a slip shovel. Or to
build a pond, and how much the pond would hold.
Now we didn't get any higher math, and when I got
to college calculus was still fairly mysterious, but I did know
arithmetic, and all the grads of Capleville could count their change, and
do their farming.
This was all done by one teacher for two grades
and about 60 kids in the room. Of course we didn't talk back to her, or
talk in class, since there was no ban on corporal punishment : the only
threat that will keep boys still and in their seats. Girls seem to
sit quietly without being threatened. Boys have to be drugged or afraid of
consequences. I managed to be whacked about 5 times between 1st and 12th
grade, this in schools known to be tough (Christian Brothers didn't have
quite the reputation for whamming the kids that the Jesuits in Catholic
High did, but they certainly did not believe in sparing the rod; once
again, I got to bend over and repeat "Thank you Brother" a
couple of times, but not being stupid it wasn't often. It wasn't often
with anyone else either since either you learned or you left -- in some
cases for the Jesuits.)
Which isn't irrelevant, because if boys aren't
given some incentive to sit still, shut up, and do the work, they
generally won't do it. Which may be the real problem here...
The National Defense Education Act had stated
purposes, but the major result was to create a vast tax-consuming
bureaucracy that cannot be dismissed. Most critics of Federal Aid to
Education predicted that result.
TOP
|
