Worst Bug or Shortcomings in a Standard? 270
Alastair asks: "Just curious what the Slashdot crowd thinks are the worst bugs ever to creep into a standard? For mine, the various security vulnerabilities in WEP would make the grade. Also perhaps the lack of a protocol field in HDLC, and which most implementations added in a non-compatible way. I'm thinking here about bugs which result in partial or total irrelevance of the standard itself, as opposed to just a lack of interest in adopting it."
SMTP has no sender authentication. (Score:5, Interesting)
Re:SMTP has no sender authentication. (Score:4, Interesting)
Not really. SMTP was designed a long time ago where there was little need for sender authentication. At that time the "Internet" (ARPAnet) was much smaller and friendlier than todays predatory Internet. Few at that time could imagine what Internat has become today. No need to blame those designers for lack of sender authentication.
Now, the design of WEP is an entirely different matter. It was very well known that a design process of a new encryption protocoll should be public, but the designers decided to do this in secret. This was a bad decision going agains best practices.
Re:SMTP has no sender authentication. (Score:2)
Meanwhile various fixes for WEP are already in-place and available.
Comment removed (Score:4, Interesting)
Comment removed (Score:4, Informative)
It's not a Bug it's a feature (Score:2, Funny)
Linux Installation (Score:5, Insightful)
Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".
Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:
User: "How do I get Quake 3 to run in Linux?"
Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in
User: "How do I get Quake 3 to run in Windows?"
Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"
So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.
Re:Linux Installation (Score:2)
Re:Linux Installation (Score:2)
And where does that setup icon come from? I don't see an icon on windows that can download almost any program, compile it, and install it automatically.
I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"
You do realise that you're comparing the quake 3 install process
Re:Linux Installation (Score:2, Insightful)
Anywhere.
/opt. The Unix way (spraying shit all over the filesystem) is just too much fucking work. Good t
Unlike Windows, it's rather rare to find a Linux software package that includes everything it needs to run. Generally, you're fucked for anything not under package management.
Personally, I anything I compile manually I do statically, and shove under
Re:Linux Installation (Score:3, Interesting)
Actually, I *almost* agree with you. The real problem is that Windows Wizards work most of the time. But when they don't, they work against you - even worse than not being there. They get in your way and make it hard to do things manually.
I began preparing to leave RedHat when RH8.1 never happened, and they went staight to RH9. After looking for a while, and evaluating various distributions on their maintainability, etc, I came to a different realization: For home use, this is supposed
Re:Linux Installation (Score:2)
Now with gentoo that I've been using since July, it's just a matter of searching for it on por
Re:Linux Installation (Score:4, Insightful)
Linux: everything is moderately hard
Windows: 95% of the time it's easy, 5% it's impossible
Re:Linux Installation (Score:2)
double-clicking an icon that says "setup".
And how this is different than double-clicking an RPM?
Try being as fair as you want us to be. (Score:2)
Remember, too, that it's a good idea to have video drivers installed properly anyway, as most distros will encourage you to do, even when doing flat things like surfing Slashdot. Ever try Windows _before_ you download the nvidia drivers? My Linux will do highe
Re:Linux Installation (Score:2)
Not this tripe again.
Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".
I'll give you a hint. "apt-get" is just a tool. Likewise for "emerge". Better frontends can exist for them. As an example, Debian provides dselect and aptitude at the command line. More importantly, there's an entry in the GNOME 2 System Tools menu f
Comment removed (Score:5, Interesting)
Re:"Referer" (Score:3, Funny)
Re:"Referer" (Score:2)
How about all the 'bugs' in the English language itself? For example, the counting system. There are often occasions where you have to code up incremental counters, and the effort to make them grammatically correct in English is such a chore most people never bother.
When you're counting something, for example days, you need to put a suffix on the number like '1st, 2nd, 3rd'. Suffixes by itself wouldn't be so bad, but the way it's determined is quite wierd. It
Re:"Referer" (Score:2, Interesting)
Sure, Japanese is so logical.
Let's consider the days of the month. "One" is "ichi", and "day" is "hi", so we put them together and get "tsuitachi". Then for the second, "two" is "ni",
Re:"Referer" (Score:2)
UTF-8 email headers (Score:3, Informative)
TCP, SMTP, POP3, HTTP, ... (Score:2)
Re:TCP, SMTP, POP3, HTTP, ... (Score:2)
SMTP was designed at a time when every connected computer had a sysadmin that was legally responsible for it.
POP has POP over SSL; while there is the option to use STARTTLS, I haven't used a POP server yet that used this.
HTTP... What't the problem with HTTP?
Re:TCP, SMTP, POP3, HTTP, ... (Score:2)
Anyway, while I agree with your comment in general, I think we have to address exactly what kind of security we're talking about. TLS is fine for what it is - it's just that what it is is fairly limited. Perhaps one of the weaknesses of a protocol stack model is that you have to implement security for each level at each level. For example, TLS will prevent eavesdropping on your SMTP conversation, but it
Re:TCP, SMTP, POP3, HTTP, ... (Score:3, Funny)
Re:TCP, SMTP, POP3, HTTP, ... (Score:3, Funny)
Java (Score:3, Insightful)
Why is this a bug? Because the creators of the standard explicitely denounce operator overloading yet they do it anyway for this exception. Operator overloading is explicitely not possible in Java... except this one time.
If it is so incredibly useful in this particular case that they would bend the specification for it, can't they understand that it would be useful for other classes (ie. Matrix classes or even the standard Number classes) too?
Re:Java (Score:2)
Re:Java (Score:2)
i.e. MyDate d= new MyDate(-2);
Sorry... offtopic, I know. I really didn't miss your point. Damned programmer's mind...
I'll be going now...
Me.leave("topic");
Re:Java (Score:2)
uh, YEAH
What is 5? Five *what*? Milliseconds, minutes, dates, months, years? Date at this point is deprecated except as a container of an abstract point-in-time millisecond value. Calendar classes should be used to manipulate time. Maybe that was a bad example, but the point is, when the mathematical symbols are not necessarily clear, it is much bett
Re:Java (Score:2)
Re:Java (Score:2)
mirc (Score:3, Insightful)
Over tcp.
TCP of course already does this, and this just makes sending files very very slow. It should have just sent it as a single stream.
Re:mirc (Score:2)
DCE and DTE i RS232 (Score:5, Insightful)
It should have been female connectors with only one pinout (e.g DCE) on all equipment supporting RS232, and all RS232 cables should be crossed (null modems).
Instead we have a complete mess with male and female connectors, straight and crossed cables. Is pin 2 receive or transmit? Dohhh.
Why female connectors on boxes? Male connectors are more fragile. If the pins break, replace (or repair) the cable. The female connector on the box is OK.
Luckily, RS232 are dying ;-)
Re:DCE and DTE i RS232 (Score:2, Funny)
**hugs USR Couriers**
Don't you listen to that Bad Man...
Re:DCE and DTE i RS232 (Score:3, Interesting)
Yeah, but Ethernet repeated the same mistake and is sure to stay for a while.
Re:DCE and DTE i RS232 (Score:2)
The Gigabit ethernet spec have fixed that mistake since all GigE equipment is auto MDI/MDIX
Re:DCE and DTE i RS232 (Score:2)
They didn't use ballanced cabling which limits the distance and the bandwidth big time. RS-422 and 485 both use ballenced cables and signals and can go up to 4000feet at 115,200 baud while RS-232 can only go 50feet at 19,200 baud.
Re:DCE and DTE i RS232 (Score:2)
Re:DCE and DTE i RS232 (Score:3, Interesting)
Re:DCE and DTE i RS232 (Score:2)
While it may seem confusing to a relative outsider, RS-232 is beautiful to thoes working in the WAN/campus portions of the IT field.
232 is usually DCE if it's female; DTE if it's male. A straight-through cable will fit most people's needs. If you enter into the world of crossover cables
Telecine'd DVD movies (Score:2)
When I am watching a DVD on my computer, it is trivial for my monitor to switch to 72Hz refresh, and show each movie frame for 3 refreshes, rather than getting all the interlace artifacts. It would also have improved the compression of the DVD for a given quality.
Re:Telecine'd DVD movies (Score:2)
What are you talking about? Movies are mastered to DVD at 24fps and the player does indeed perform the 3/2 pulldown process to produce the 60 fields per second NTSC TV requires. Progressive scan DVD players can directly output the 24fps non-interlaced image to
Re:Telecine'd DVD movies (Score:2)
Check out http://www.hometheaterhifi.com/volume_7_4/dvd-ben
Re:Telecine'd DVD movies (Score:2)
DVDs sourced from 24 frames/ps film are encoded at 24 frames/ps 480 scanline progressive and converted to 60 fields/ps NTSC by the player. Material shot on standard NTSC video is sourced at 60 fields 480 scanlines interlaced and the player can just play that back. However, a progressive player while able to show 24fps 480p material nicely has a harder time with 480i material as it has to deinterlace it and the quality of the deinterlacer is going to affect the quality of t
serial RJ45 connectors (Score:2)
XML. For existing at all. (Score:5, Interesting)
Re:XML. For existing at all. (Score:2, Informative)
Sure a well defined markup language is nice but really, people seem to loose all rational sense when it comes to XML
So in other words, there isn't a problem with the standard at all?
Scripting languages have been capable of processing all manner of free form text files in the past
And you've got to write a new parser for every new format.
somehow XML is necessary for interoperation?
Necessary? No. The best option? Usually.
Why do people somehow think that XML encapsulated data will be small
Re:XML. For existing at all. (Score:2, Interesting)
<?xml
<config>
<connections>
<connection>
<type>mysql</type>
<host>foo.bar.com</host>
<username>bob</username>
<password>2sekret4u</password>
</connection>
<connection>
<type>mysql</type>
<host>db.host.com</host>
<username>jane</username>
<password>flower</password>
</connection>
</connections>
</config
YAML vs XML (Re:XML. For existing at all.) (Score:2)
If you are typing it from scratch, you'll want a quick way to check the syntax. AKA validation.
YAML parser will validate your YAML documents, much like an XML parser validate XML documents. And additionally you can quickly check the syntax with your _eyes_, since YAML uses indentation.
YAML also has builtin datatypes, so when you load it, you will automatically get a data structure of strings, numbers, symbols, etc. instead of just strings for all values. And thus you save time by not having to cast dat
Why are Slashdot readers such XML bigots? (Score:3, Insightful)
Yes, XML has been overhyped. Yes, it is used in many places where it's not appropriate. But it's completely unfair to tar an entire language and suite of associated technologies because of the way it's abused. Is Flash an inferior product because there are idiots who put loud, bloated Flash in
XML design flaws: (Score:2)
Re:XML design flaws: (Score:2)
But using LISP instead of XML syntax would not solve any of the mentioned problems.
Re:XML design flaws: (Score:2)
Yes, that is true. But those parser are complex, and each increasement in complexity also has an impact on parsing speed.
XML Schema and NG have already solved this.
The fact is that XML Schema is hardly used by any one. It could have been in the XML standard, but because XML comes from a domain where people work with textual documents, nobody thought about the
Re:XML. For existing at all. (Score:3, Insightful)
Numerous other formats performing the same role as XML exist, but they never got the hype because they either weren't a standard, didn't have available parsers, weren't simple, etc., etc.
What nutjob actually thought XML is easy to read?
I think it's easy to read! It's a hell of a lot easier to read than RTF, Postscript. Or consider Sendmail configurat
Use of floating point for date/time (Score:4, Interesting)
It's not a huge problem to avoid, but unless you're draconian about using standard safe time math routines, it'll bite you .. eventually .. when you least expect it .. at a customer site running Martian Standard Time at local midnight. (Which will still be a bad hour for you to get a call no matter where it is.)
And all because someone thought it would be pretty nifty to use floating point. Don't they teach the inherent dangers of round off or truncation errors in school these days? (And before someone automatically jumps on MS, with all the UNIX standards, what are you using? Is it safe?)
Re:Use of floating point for date/time (Score:2)
We had to learn this one the hard way. We were in the regional ACM programming contest, and our solution worked perfectly on our local machine with the test data, but would return incorrect results on the marking machine. We ended up spending a ridiculous amount of time debugging it, which was hard, since
Re:Use of floating point for date/time (Score:2)
I think the Linux machines here and the Solaris machines at other sites returned different results, due to the differences in the architectures and their math libraries.
Re:Use of floating point for date/time (Score:2)
OTOH, I started when t
Submarine patents (Score:3, Insightful)
A current example would be packing VC-1 into both Blu-ray and HD DVD [blu-ray.com].
Though software patents are currently only a problem in the U.S., I'd still say that they threat of stealth patents would be the worst bug. Proprietary material shouldn't get through the standards process.
DNS and service entries (Score:2)
DNS's MX entry is excellent, I wish it existed for other services as well.
Re:DNS and service entries (Score:2)
Excellent. I believe that I may have heard or seen the SRV RFC before. Now I did a quick search and saw plenty of references to that RFC, but none (besides a dead openldap thread) that talked about using it.
Is SRV implemented in current DNS servers? Does the resolv library and/or any applications actually use this handy spec?
C++ (Score:3, Interesting)
Grab.
Re:C++ (Score:2)
IMAP (Score:2, Interesting)
Using IMAP it should be possible for several clients to connect to the same account simultaneously. Changes made by one are reflected in the others as they happen, since the server sends updates describing these changes. Think model-view-controller. (Some clients ignore these u
EIDE (Score:3, Interesting)
Plus the whole master/slave system is kinda fun.
Basically it's the only thing a novice couldn't figure out on their own when doing an install
Re:EIDE (Score:2)
I do think he's right that EIDE is normally biggest gotcha for the budding do-it-yourself PC hardware person. Either the cable is the wrong way, or the jumpers are wrong, yet it all appears to be plugged in just fine. Thankfully SATA will get rid of these problems.
Those old AT power supplies with 2 different identically shaped plugs were also a brilliant way to screw up a system. ATX's single, non-reversable plug is much better.
Dont' forget DVD CSS and Y2K (Score:3, Insightful)
It was a de facto standard to use two digits to encode the year, which caused a lot of fun a few years ago.
Re:Dont' forget DVD CSS and Y2K (Score:2)
It did that pretty well.
It was marketed as copy-protection but in reality, it was always intended as playback prevention.
Java (Score:2)
Re:Java (Score:2)
I almost choked when I found the option to allow, or not illegal dates.
For instance, you can tell it to access 02/31/2005 as a valid date. Actually, you have to modify the flag so it doesn't accept dates like that. (this was several years ago, probably depricated by now).
While I can understand the appeal of allowing arbitrary, but invalid dates (for unusual circumstances) it should NOT be the default for the class.
IPsec (Score:2)
The NAT problem got resolved by UDP encaps
Album/Track information on CDs (Score:3, Insightful)
Re:Album/Track information on CDs (Score:3, Informative)
Session Initiation Protocol (Score:3, Interesting)
Others:
List of Evil SIP ideas [ietf.org]
Oh, and never updating the SIP version string despite syntax changes in the standard is evil.
POSIX and Leap Seconds (Score:2)
NFS (Score:4, Interesting)
Back before M$ had Linux to kick around, there was the UNIX-Haters Handbook [microsoft.com]. I worked at Apollo/HP with a UNIX-Hater zealot. He enlightened me on the serious flaws in NFS, which I had experienced first-hand on a few occasions.
A quote from the book: (page 287)
So even though NFS builds its reputation on being a "stateless" file system, it's all a big lie. The server is filled with state--a whole disk worth. Every single process on the client has state. It's only the NFS protocol that is stateless. And every single gross hack that's become part of the NFS "standard" is an attempt to cover up that lie, gloss it over, and try to make it seem that it isn't so bad.
Networking in .Net / Mono (Score:3, Informative)
IPAddresses are frequently imported/exported at Longs - 8 bytes with a sign bit
Port numbers are 4 byte signed integers.
Sure, Java doesn't have a signed int or long but
Now they introduced a way to get the IP address as an array of bytes, so that you can support IPv6, problem is the constructor that takes a byte array will only accept a 16 byte address, not a 4 byte one for us IPv4 users. On top of this they've deprecated the only other method that can get you an ip address in binary format.
So if you want to serialize an IP address you have to either get it as a Long and cast it to an unsigned int - this generates all sorts of compiler warnings, so forget about clean compiles. Or you can get the address as a byte array and then on reception you have to turn it into an unsigned long.
Oh yeah, there's no documentation on what the environment does about the endianess of IP addresses converted into longs.
Now... we''ve also got the alarmingly bad Select() method which requires you to build lists of the sockets you're interested in and then proceeds to prune these to only leave the ones where activity has happened. Problem is that you can't reuse these lists so you need to construct them every time so you end up spending more CPU on building lists than you do on simply scanning the list of open sockets. Not that it matters,
Another retarded design decision is the implementatino of non-blocking IO and EAGAIN, they decided that this should be implemented as an exception. And we all know how fast exceptions are.
Grrrrrrrrr
I could go on and on.
Re:Networking in .Net / Mono (Score:2)
Which is strange, because (by your description) it has exactly the same shortcomings of the old *NIX select(2) system call (that's why poll(2) is there). One would expect that people designing a library in the 21st century knew better than this.
.doc (Score:2)
An unambiguous description of the One True Way to properly render
deprecated by w3c (Score:4, Insightful)
See the HTML 4.0 [w3.org] recommendation. I literally hit something when I first read this back in '97 (yes, I sometimes read standards documents and RFC's for fun
Remember that HTML is a markup language, and see above where the W3C intentionally took away contextual information from the document.
Keep in mind this was *after* the release of CSS1 (Cascading Style Sheets, level 1 W3C Recommendation 17 Dec 1996 [w3.org] vs. HTML 4.0 Specification W3C Recommendation 18-Dec-1997 [w3.org])
99% of websites on the planet have something you could consider a "menu", or "tabs" of some kind. Wouldn't it be nice if we had a particular tag for that, like "<menu>"? (we do
Nowadays, lots of people are linking to other people (a <dir>ectory) of people with blogrolls, wouldn't it be nice to wrap those in a <dir> list and style them separately, without using arbitrary <ul class="blah"> tags? Or perhaps a list of files available for download (<dir>), or a list of (perhaps) emails in a web mailing client.
Not that there's anything preventing use of ad-hoc class tags to achieve the same effect, but there is semantic information (especially in <menu>) that can be put to good use when standardized like this. Everybody complains about screen-readers, wrap / auto-skip anything in a menu tag. Make a special button that pops up (or reads) anything in a <menu>. Grr. The web could have been just a tiny bit better without that move by the W3C.
--Robert
HTTP Header Comments (Score:2)
1. Comments are recursive.
2. Comments break the header continuation model used elsewhere for continued values.
This means that HTTP headers must make semantic decisions about the header type they are working with in order to properly perform their lexical parsing. It might not seem like much, but it's a sublte stone bitch.
W3C DOM (Score:2)
Properties such as offset(Left|Top|Height|Width) to discover the rendered position of an element are non-existant. The ability to capture context menu events is non-existant. And don't even get me started on the event model.
People may hate how IE co-opted everything, but their DOM APIs are one thing MS got *right* - the IE DOM API is far more flexable and powerfu
Re:W3C DOM (Score:2)
And good thing, too.
Context menus are part of my computer UI, not a part of your web site. Web sites should never be able to change client UI elements. This includes CSS styling of scrollbars (which is thankfully IE-only) and mouse pointers (which, unfortunately, isn't).
Anything within the window area is yours. Anything outside of that, including controls that may appear to be inside the window (eg, scrollbars, cursors, menus, etc) is mine.
Re:W3C DOM (Score:2)
HTML is not just the WWW anymore. I need to capture context menu events in web applications I work on *all the time*. Thankfully, both Mozilla and Safari implement IE's contextmenu event, so the apps can be cross-platform in this respect.
Try thinking out of the box - there are a lot more applications that run on the browser nowadays than websites. The browser is now a platform. The W3C is not adapting to that reality quickly enough.
Re:W3C DOM (Score:2)
SQL (Score:3, Interesting)
Why a different format for update and insert?
update table set field1=value1,field2=value2 where rowid=x
vs
insert into table (field1,field2) values (value1,value2).
--
I don't know about "worst" but could the SQL standard be partly to blame for why porting data from one DB to another is hard in most cases...
e.g. not covering stuff that most people find useful or even vital? And thus letting Oracle etc each define their own ways of doing things.
SQL !!! (Score:2, Interesting)
To implement the relational model you just have to implement a number of set operators and relational operators (project, join, etc), and you have to enforce arbitrary constraints on the data.
Much like arithmetic (add, subtr
SNMP V2 (Score:2)
My goodness, what a mess! 'Nuff said.
Perl's 2/3 digit year (Score:2)
MIME & Quoted Printable (Score:2)
Linus in Flame Mode [iu.edu]
HTML.... well, sort of (Score:2)
Having survived the great Revision '4.0' Browser wars, I have to say the worst 'bugs' ever were the proprietary extensions that crepts into Netscape and IE. It made it so difficult to design any sort of advanced page without all sorts of duplicate (albeight slightly different) code to satisfy both browsers.
VLANs (Score:2)
Re:MSIE & XHTML (Score:2, Informative)
That's not a bug/shortcoming in a specification. That's a bug/shortcoming in an application.
Funnily enough, I thought of sending XHTML as text/html when this story popped up. There is a problem with the specification.
The latest RFC for text/html claims that the XHTML 1.0 specification defines a profile that is compatible with HTML, and that you are allowed to label this as text/html.
The first shortcoming is that it doesn't bother mentioning this "profile" by name. Most people take it to mean Ap
Re:MSIE & XHTML (Score:2)
Soooo.... do you feel any better now?
Re:No Timestamps in MIDI. (Score:2)
Re:LOL AT TEH WINDOZE AHAEAHEA IS TEH FUNNAY (Score:3, Insightful)
COPY AND PASTE! INCOMING MEME! (Score:2)