[PL] 2004 VOTE DISCUSSION: INTERNET

[John Fitzsimons]

<news:[email protected]>:

I agree with you. That's how it's been done this year, and it looks
like most people agree with it.

In previous years, some niche apps have been placed on the list with
only two votes. IMO that threshold was too low, reducing sections
of the PL to "Best of the Best as determined by two readers of
alt.comp.freware."

True, but we can only work with the votes that are received. IMO this
newsgroup is getting more popular, and more votes are being received,
so "two vote nominations" will probably NOT be an issue in the future.

Regards, John.

 

[John Fitzsimons]

<

I did not miss your point. But in order to make your point, you
mentioned the mediocrity of non-niche programs. Unless you are
abandoning that facet of your argument, perhaps you should explain
how high vote totals indicate mediocrity.

Of themselves they don't. It is the listing of only high vote items
that I am talking about. As (low voting) niche programs get
disqualified one is left IMO with only the best known programs/
categories. That means that the list will IMO become more
mediocre.

Most freeware sites have the best known programs/categories. IMO
one of the strengths of this newsgroup, and by extension the PL list,
is the discussion of/referencing of "specialist" or "niche" type
programs/utilities.

Regards, John.

 

[John Fitzsimons]

On 15 Dec 2003, John Fitzsimons wrote

I felt this way about FTP servers. Both programs in the category only
got 5 votes, and thus got dropped; clearly, there aren't many FTP
server users in the group. The category thus will not appear at all in
the pricelessware list.

< snip >

I know very little about FTP servers BUT I have needed/used them.
Having them on the PL list would be a great help for me/others who
want to know which program(s) is/are the "best of the best" in FTP
servers.

I share your concerns.

Regards, John.

 

[John Fitzsimons]

John Fitzsimons wrote:

Thank you. Some examples of how to *apply* your criteria to the PL2004
selection process would be helpful.

I am inclined to go by the excellent suggestion by Spacey. But that
might entail too much work and/or some people might like doing things
a different way.

Which of the 5, 6 and 7 vote
programs would you have selected. Are there any 8-11 vote niche
categories?

A "niche" category could have any number of votes. For example if two
"winners" get 80 votes a niche item might have 50. If winners get 25
votes a niche item might get 10.

A niche item by it's very nature will get less votes than mainstream
items. A niche item must do something substantive that a general item
doesn't do, or perhaps doesn't do well.

A text editor that opens huge files might for example be a "niche"
item. Most text editors don't handle this well. If at all.

Which (if any) of the 12+ vote programs would you have dropped?

It isn't up to me to answer those questions. It is up to the group. I
would suggest however that we should ;

(1) list all the programs/votes that didn't "make the cut".

(2) get people to comment on which of them should remain.

The * ONLY ACCEPTABLE CRITERIA * "for" something to be re-considered
would be if something is a "niche" program. One cannot simply say that
they didn't like the winners.

For example, suppose one had 8 search tools listed. Two "pass the
vote". NONE of the remaining 6 could be re-considered unless someone
could sufficiently argue that a major function is done in one of the 6
that isn't provided in the two winners.

A second example might be mail checkers. 8 are voted on. Neither of
the 2 winners allows "deletion from server". Someone suggests that
one of the six "losers" does this and should remain. Probably in a
secondary category.

The thrust of my argument is that we shouldn't IMO simply chose
everything by "numbers".


Regards, John.

 

[B. R. 'BeAr' Ederson]

I don't expect the server to offer up passwords to the users...that would be
rediculous. I'm talking about the person maintaining the server.

No!! You have been told this before. I write anyway because security
is too important a matter to let this slip...

Even admins have no right to retrieve pass-phrases. The only thing
an admin should be able to do is deleting the current password. After
this, a new password can be chosen to access the account. In sensible
environments all important data has to be encrypted in dependence of
the user-passphrase or with another (specific) password given by the
user. So even an admin can *never* access this data.

And further yet, a password is used to access a resource. If you typed
it in the moment before, there is no need to show it to you, since you
just proofed to know it. Every possibility to view the password could
be sneaked on by ill-willing third! Retrieving the password without
current access to the resource is even worse. So *no* program should
give you (admin or not) any chance to see a password at *any time*.

To solve problems like sudden death of the user, there may be a kind
of password-deposition (= trustworthy third). But never sth. like a
master-password. In your case you need to maintain an external list
of users and passwords if you are allowed to / ought to know both.

For me, maintaining the accounts in a privately operated news server was
a problem if I could not move the accounts to a different server
program. So, for me this was a problem of hijacked data, not a
"feature". In my definition, a "feature" should be a desireable option.

You, as a SOHO-admin (although ~60 members are not this small...), ;-)
may look at all these problems a bit more relaxed. But every server
should generally be designed to be *save* in all circumstances. Else
somebody will chose a wrong setup in the most unfitting place. (Like
Murphy liked to put it.)

Still, you are right another way: Hamster should allow to update
without thinking about user accounts at all. And it does, generally.
I can't figure out, why you ran into problems. :-(

So, you sure *can and shall* share your unfortunate experiences, but
*please* be specific and don't demand functionalities you were told
can't be provided by design. (And please don't take my critics too
harsh...)

BeAr

 

[Ceg]

No!! You have been told this before. I write anyway because security
is too important a matter to let this slip...

Even admins have no right to retrieve pass-phrases. The only thing
an admin should be able to do is deleting the current password. After
this, a new password can be chosen to access the account. In sensible
environments all important data has to be encrypted in dependence of
the user-passphrase or with another (specific) password given by the
user. So even an admin can *never* access this data.

And further yet, a password is used to access a resource. If you typed
it in the moment before, there is no need to show it to you, since you
just proofed to know it. Every possibility to view the password could
be sneaked on by ill-willing third! Retrieving the password without
current access to the resource is even worse. So *no* program should
give you (admin or not) any chance to see a password at *any time*.

To solve problems like sudden death of the user, there may be a kind
of password-deposition (= trustworthy third). But never sth. like a
master-password. In your case you need to maintain an external list
of users and passwords if you are allowed to / ought to know both.


You, as a SOHO-admin (although ~60 members are not this small...), ;-)
may look at all these problems a bit more relaxed. But every server
should generally be designed to be *save* in all circumstances. Else
somebody will chose a wrong setup in the most unfitting place. (Like
Murphy liked to put it.)

Still, you are right another way: Hamster should allow to update
without thinking about user accounts at all. And it does, generally.
I can't figure out, why you ran into problems. :-(

So, you sure *can and shall* share your unfortunate experiences, but
*please* be specific and don't demand functionalities you were told
can't be provided by design. (And please don't take my critics too
harsh...)

As far as I'm concerned, this is all a matter of opinion. I am of the
opinion that whatever data I enter into a program, I should be able to
retrieve. I'm not going to get into a "pissing into the wind for distance
contest" with you.