Shostack + Friends Blog Archive


Small Bits of Chaos all Starting with Names

  • Mike Solomon, of PithHelmet fame, comments on RSS spam, and promises to do something about it. (Incidentally, I’ve been wondering about NetNewswire’s cookie behavior when you load pages, but some rummaging in it’s files didn’t seem to turn up cookies, and I needed to go blog earn money.)
  • Alan Chapell (whose blog is looking much nicer, but still needs RSS and individual post links) discusses (Thurs, April 28 entry) :

    When I confirmed that I’d been enrolled as a result of a purchase I’d made on the travel web site, I decided to end my relationship with the travel web site. Here’s where the fun started…

    I sent an email to the travel web site’s CS group – asking them to remove all my personal information from their records. One would figure that this isn’t a very big deal as their web site privacy policy states:

    “If a visitor’s personally identifiable information (for example, their zip code, phone, email or postal address) changes or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate visitor’s personally identifiable information.” ([Chapell] paraphrased this to protect the company)

    [Frustration, frustration elided.]
    As a consumer, this is beyond frustrating. Btw, this is not some tiny website – it is a nationally advertised site owned by a fairly large company.

    Perhaps its time to involve their seal program…

    No, sir, it’s time to name names. Why are you protecting them? Shame them. Call them out. Use them as an example when you speak. Tell them that you’ll continue doing so until you believe that they comply with the terms and conditions they had on display when you signed up.

  • Kurt Voelker has an insightful post about “Lessons for Online Community in ChoicePoint Failures:”

    Think about credit agencies. When it comes to our digital reputations, systems like ChoicePoint and Equifax are reviled, while ranking and endorsing systems like eBay’s thrive. Why? Transparency. The eBay community incents its members to participate because they can see exactly who is saying what about whom. And interestingly, this transparency lets my digital reputation be as much about what I say of others, as it is about what other say about me.

  • Zach Brown (hi Zach!) has a great post in which he goes from C code to the philosophy of programming, entitled: Sloppy Systems Programming:

    It wasn’t that stat() failed, it was that suEXEC saw that it had just performed stat() on a link. It apparently decides that this is fatal, because it knows more about the security trade-offs of your environment than you do, and that when it sees this policy violation it will fail and lie to you about why it failed.

    Now, I’ll be the first to admit that this in itself is a very minor detail. The rub is that this sort of misleading behaviour isn’t rare at all. I think this struck a chord with me because it made me focus on my changing thoughts about what it is that I do. There was a time when I loved having a catalogue of this kind of behaviour in my head so that I could use all kinds of software and predict the ways in which I would have to work around its behaviour. It was super-fun to be an expert in so many details.

    But these days, and I won’t admit to a decade having passed, it all seems like so much wasted time. People who use this software should be focusing on solving their problems instead of spending time discovering that “cannot stat program:” can sometimes mean “I refuse to work with this file because it is a link.”

    It seems like after a few decades of building these kinds of software systems we could be doing a better job of it.

    The profusion of such issues, along with the social awareness that they’re ok, helped drive me to a Mac. On the Mac, they are distinctly not ok, and once you adjust your pain threshold downwards, its hard to remember why you put up with them.

One comment on "Small Bits of Chaos all Starting with Names"

  • Since NetNewsWire uses WebKit, it shares cookies with Safari and other WebKit apps. Cookies are stored at ~/Library/Cookies/Cookies.plist.
    NetNewsWire uses WebKit for displaying news item descriptions and web pages. It does not use WebKit for downloading feeds.

Comments are closed.