How Are Standards Monitored And Enforced? 89
Pubman asks: "I suspect virtually everyone appreciates the value of standards, especially the open variety. Where would we be without TCP/IP? At my company, we have been going through a continuous process of defining, implementing and enforcing standards. An associate has posed the following question to me. 'How are standards monitored for compliance?' I would appreciate everyone's thoughts on how standards are monitored and enforced on the Internet, by IETF, ISO, NIST, etc. so we can design a process based upon the published and unpublished experience of others.
Thanks ... "
Thoughts. (Score:3)
1) Interoperability. Test your stuff with other peoples' and make sure it works. If it doesn't, good luck selling it. This is the Internet way.
Sometimes comes out very badly - viz. tons of not-quite-RFC-compliant mail servers...
2) Certification. Certification bodies test your product for compliance with a written standard. Of course, this assumes that such a written standard actually exists... This is the best way for non-upgradable stuff - imagine having to upload new firmware to your cellphone every two weeks.
3) Being Microsoft. Not an option for most non-Microsoft companies. May result in antitrust proceedings.
Depends on the standard (Score:3)
As far as a business is concerned, well that's a whole different bag of tricks. Standards, unfortunately, for any size company are going to have to be monitored by individuals...details would be, of course, different from situation to situation. While this works for small companies, large companies will have to figure out how best to utilize manpower to make sure that what works best is actually being implemented.
The best rule of thumb, as far as i'm concerned, is don't standardize something that no one is going to/want to use....anything is enforceable so long as people say "hey...that's a good idea." but you're going to have a hell of a time if everyone is rebelling.
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
It's been said before, and it'll be said again.... (Score:2)
Possible models ... (Score:1)
Standards by Fiat
- flog a new product/protocol, then define it as *THE* standard
Standards by Proclaination
- competitors create me-too "compatible" clones
Standards by Committee
- someone creates a group to knock heads
Standards by Concensus
- define a lowest-common demonomiator subset that people can live with
Standards by Irritation
- result is so grotty that someone is pissed off enough to write a free|open implementation
Standards by stealth
- works so well that everyone else just accepts it
What we need instead is a mechanism to help seek and destroy *bad* standards/interfaces.
LL
Quote early, Quote often (Score:2)
While the standard is being developed, release a revision around the office and solicit responses. Some decisions in the standard may be very obvious, but if you've recieved a response from 10 people "demanding" this obvious implimentation, they'll feel that they've "fought hard" to help shape the standard, and will help others to use it. (remember, your goal is achieve buy-in first, then rely on network effects to spread the word).
If I'm handed a 30 page document with instructions that read "Do It", I might be a little put off. But if my opinion is saught throughout the development of that same document, I not only will impliment it's use, but will be proud to help other people use it too.
This leads to the "chapter and verse" quotes that help to keep a standard in place. "Clearly, if you take a look at 'Foo Co. RFC chapter 3 page 4' you'll notice it calls for . . ". these are the kinds of network effects that help to educate people, and help to move your company in the direction you need.
___
Some thoughts about TCP/IP / MS ... (Score:2)
From now on i think standard must become more rigid and controlled by someone (like Kerberos). It may suck, but I think that's a small price to pay considering what MS is capable of and any MS-wannabe that may show up after MS's fall. What do you think?
Thank you.
//Frisco
--
"At the end of the journey, all men think that their youth was Arcadia..." -Goethe
Haiku (Score:1)
Fret not. So many standards...
Must comply with one!
Re:Thoughts. (Score:1)
Opinions are like assholes, everyone has one.
Then again, some people are "opinions"
Conformance Testing (Score:2)
Enforcement shouldn't be needed. (Score:2)
Short answer (Score:4)
Not.
Or at least not by an independent group or even a collaboration of various parties or an organization standing up for consumer rights.
Office file formats have become the de facto standard, not any of the well documented open text/data formatting standards. The HTML specifications are not the standard, the way MSIE renders HTML is. MP4 was embraced and extended/altered by Microsoft even before it was a standard.
There are probably even better examples, and non-Microsoft ones as well. They deserve to be bullied but their are a symptom, not the disease. The real disease are the huge companies:
Five years ago there was a lot of rumble about mega-fusions resulting in mega-corporations. I shrugged. Now, I see AOL/Time Warner, Microsoft, Viacom, UPC etcetera and start to get scared, because these big corporations do not only control the standards, they make them.
They have no or little interest in consumer benefits. Money is their primary (only?) motivation. Communism was a good idea in theory, but failed in practice. And perhaps capitalism is being driven too far and this might eventually make an end to it as we know it as well.
Think about it: the UCITA, the whole Napster/Gnutella affair, deCSS, human beings even _considering_ a hyperlink could be copyright infringement..
My apologies for this possible piece of flamebait. But the big buck is already starting to undermine certain principles of the democracy and freedom we enjoy and I am worried it will only get worse and worse.
End of rant..
Don't keep them past their sell-by date (Score:1)
The current "standards" bodies that supposedly govern the internet are a legacy of government control over the development and direction of the network. Back in the early days of the net it might have worked, but in the fast-changing culture of the net we see today, these dinosaurs are doing little to aid progress, and much to hold it back.
Despite the promise of the much-needed IPv6 it has still failed to materialise apart from on a few private networks run solely for the benefit of the elite few, and even then it is running on top of IPv4. What kind of progress is this? Will we be forced to wait another five years for this very necessary change to the architecture of the net?
No, like every other government "standards" body, those that govern the net - IETF, ICANN and so on - have become ossified to the point of inaction. Do they ever check RFCs any more? Hopefully not since they all seem to be specifications for pigeons, coffee or monkeys on typewriters nowadays, hardly a sound basis for an "information revolution" that looks less and less likely to happen. Red tape, meetings and arguments are the bane of any group, and it looks like those that attempt to control the net are suffering badly from these malaises, to the detriment of all its users, both at home and at work.
A solution? These older bodies need to go, in order for something new to take their place. ICANN is somewhat of a step in the right direction since it is not dominated by the ivory tower academics who prefer to deliberate for long weeks at the taxpayers expense, but rather by corporate interests who, despite their faults, will at least get something done within a time scale where it will be useful.
So standards bodies? Keep them well focused on what they are supposed to do, and don't keep them for any longer than they're required.
They aren't. (Score:5)
Enforced, that is. Not real ones, anyway. The world of computing is littered with dead or undead standards "enforced" by government fiat, corporate white papers, or other forms of "enforcement." The fact is that true standards, like TCP/IP, exist as standards because they work, and it is in the interests of all concerned to comply with them.
If I build a packet of random data and toss it out onto my network, the TCP/IP police won't come and get me for failing to comply with the standards. Similarly, if I connect to an FTP server and start trying to talk to it in english, no jack-booted IETF thugs will show up at my door. On the other hand, my packet will get tossed out as soon as it reaches a router, and the FTP server just isn't going to send me the file I keep asking it for. I comply with the TCP/IP and FTP standards because it is in my interests to do so. Otherwise, things don't work.
Note that this requires a key distinction be made between a standard and a specification. A specification is what passes through the comittee and gets written up in a white paper. A standard is what people actually use. People violate specifications all the time, and the world continues to turn, so long as there is a standard. Most internet standards were standard long before they were specified by the IETF, for example the mapping from port names to services. On the other hand, there is HTML. There is no HTML standard. There are plenty of specifications, of course, but no standard, which is why being a web designer is such a nightmarish job.
From your question, however, I get the impression that a specification, not a standard, is what you are creating. Honestly, the only thing you can do is make sure your specification is so good that it is adopted as a standard, a process which can only take place voluntarily. Quality is the only real determinant of whether a specification becomes a standard, and no amount of enforcement can save a specification that people don't want to follow.
Anarchism, or "Rough Consensus and Running Code" (Score:3)
Standards generally boil down to two kinds. The first kind is usually a legal minimum of quality imposed on manufacturers for civic purposes. Thus we have standards for toys, car safety and food. The second kind of standard is when everyone agrees to work to the same specs. It is this kind of standard that dominates the software industry.
The IETF is perhaps the most influential "bazaar" group of them all. Before Linux, before GNU, there was a bunch of guys who believed in "rough consensus and running code". The IETF makes the standards of how the Internet runs. Basically if it's IETF-approved, it's in.
The irony is that the IETF is as non-enforcing as groups come. It is, in fact, quite anarchic in nature. Anyone may join. Anyone may attend any meetings and generally propose anything they like. If it's good, it will garner consensus. If you have code to show, you're way ahead on points.
The enforcement of IETF standards is not coercive, as you are looking for: it is social. Individual developers, tool companies, software companies, publishers, and software buyers - all of these derive advantage from standards-based software. For any company to break these standards there must be substantial reason - and even then, they will cop a lot of flack.
So if you are looking for a "method" to derive, derive this: Discussion, Design and Disclosure makes a Standard. Discuss the standard widely, give it a solid grounding of design, and disclose your code and detailed designs to everyone.
Just some quick observations to catch the 25-post moderator's theshold :)
be well;
JC.
--
"Don't declare a revolution unless you are prepared to be guillotined." - Anon.
Its all a dangerously stacked house of cards... (Score:5)
Your average programmer is a completely incompetent ego riden madman. A standard is an affront to his cherised belief that he is the best programmer on the planet. How dare someone restrict his options to make a complete mess. So they trample all over the standards, and each program that is broken but not broken enough to fail immediately and catastrophically adds to the standards pollution. Limiting the solution space in which it is possible to create an app that interoperates correctly with everything else.
A proper standard shouldn't be released unless it has a few things which most lack,
C.
Especially the open variety? (Score:1)
So tell me, who appreciates closed standards? In other words, proprietary standards? The real power of standards lies in their openness, no?
Everyone knows that standards are regularly ignored and "embraced and extinguished" (to borrow a phrase from the M$ toolkit). So apart from raising a stink about it (e.g., Kerberos), is there any other way to "coerce" adherence to the standards? Specifying "strict" standards will not be useful as it leaves no room for changing the standards in an upward-compatible way. Any other options?
Sreeram.
----------------------------------
Observation is the essence of art.
Re:Depends on the standard (Score:1)
Extend me (Score:5)
Sometimes the language of the spec is so general that it can be interpreted many different ways, or is so vague that there can be incompatible implementations of the same portion of the spec. Often, this is the result of "group writing" and a series of compromises. When working through a spec, it's in everyones best interest to avoid putting any language of this kind into the spec.
___
Re:They aren't. (Score:1)
Re:Thoughts. (Score:1)
3) Being Microsoft. Not an option for most non-Microsoft companies.
Although Sun are willing to have a go.
Dave :)
Simply put (Score:2)
Possible models+examples (Score:2)
e.g. Samba, Word, Audio Compact Disc
Standards by Proclaination - competitors create me-too "compatible" clones
FAT16
Standards by Committee - someone creates a group to knock heads
Jpeg, Ethernet. Tends to have the disadvantage of having a lot of numbers based on 1.5 * 2^n when nobody could decide whether to go for 2^n or 2^(n+1)
Standards by Concensus - define a lowest-common demonomiator subset that people can live with
The X window system
Standards by Irritation - result is so grotty that someone is pissed off enough to write a free|open implementation
Any X toolkit
Standards by stealth - works so well that everyone else just accepts it
A standard that works well? Naah.
The microsoft way of course (Score:2)
1. Find an system that works well, such as kerbos
2. Innovate to add new features to the protocol.
3. Make certain that the inovations ruin interoperability.
4. Call it the same name as the stadardized protocol, kerbos.
5. Hire intern to refresh slashdots web page every 25 seconds and ensure that nobody published the documentation for your innovation into an open standard.
------------------------------------------
If God Droppd Acid, Would he see People???
Re:Depends on the standard (Score:1)
Sadly, that's only true if not complying means technical incompatibility. There's heaps of RFCs or part of RFCs that are violated whenever it's convenient because doing it doesn't have negative consequences. The best example are forged "From:" adress fields in emails and Usenet postings.
Re:Haiku (Score:1)
Re:Quote early, Quote often (Score:1)
I replied as Anonymous Coward so that people browsing at +1 wouldn't be bothered.
Regards,
oojah
Re:Haiku (Score:2)
But I have to admit, you display remarkable wit and intelligence.
Re:Possible models ... (Score:1)
- flog a new product/protocol, then define it as *THE* standard.
Now these standards are in partnership with
standard by General Motors, aren't they?
Re:Especially the open variety? (Score:2)
the DVD forum 'appreciates' closed standards as a way to control people's viewing habits, use of equipment and the likes. And ofcourse screw us all out of some more obsolete money.
You can open up a completely closed standard by reverse engineering, like DeCSS did. Yes, that's legal, but probably not in the US.
//rdj
Re:TCL/IL (Score:2)
Look at it this way, the TCP/IP spec is "a way to interoperate". That's why it's called: Transmision Control Protocol/Internet Protocol (TCP/IP) instead of Transmision Control Law/Internet Law (TCL/IL). You can provide as many tools as you want to help people make sure they are compliant, but in the end, it has to be in there own interest to comply, and not be forced upon them.
___
Re:blah blah blah microsoft blah blah (Score:1)
6. Misspell kerberos.
Re:Especially the open variety? (Score:1)
~Tim
--
Re:Don't keep them past their sell-by date (Score:1)
I'd take ivory tower academics any day over corporal greed that has the one aim to remove any barriers preventing them to milk their customers for all they have and make damn sure that people don't even have the choice not to be a customer.
RFCs are explicitly not standards (Score:4)
Then later when I started learning the Internet protocols, I wanted to see the ``recommendations''. But all I could find was ``Requests for Comments''. Once again, I asked to see the _real_ recommendations. And once again, it turned out that there were none.
It seems to me that ``standards'' are just not politically/diplomatically accepted. It's all done by subtle diplomacy. ``Raise a flag and see if anyone salutes it'', as you say in America, or ``fly a kite and see anyone shoots it down'', as we say in Australia.
Re:Extend me (Score:2)
It suddenly realized how important it is to write precise specs. Not is english, not in lawyer-english, but in the only precise language in this world, mathematical-language.
rfc822 is a 47 page document. In which the authors try to specify a standard in english, and things still aren't clear (read the article about rfc822).
I'm quite sure that using a simple BNF grammar, I could 'define' the standard in no more than 5 pages. We have a very precise and powerfull language at our disposal, but somehow a lot of scientists prefer to use english. By the way, implementing a mathematical spec is a *LOT* easier than a spec written in english.
Johan V.
Re:Extend me (Score:1)
Re:Short answer (Score:2)
The way the US and most European countries went during the Cold War is very interesting. In response to the USSR going hard left, the US went hard right, while most European countries tried to walk the thin line inbetween. As a result, many European countries, especially the Scandinavian countries, Benelux countries, Germany and the UK display a rather elegant mix of capitalism, liberalism and socialism which seems to work out quite nicely.
I too watch with fear the development and growth of the monster companies in the US. One I especially fear is UPC, because it is taking over the cable nets in the Netherlands at the moment. Its coverage is already about 50%, and from experience I can say that their quality SUCKS. They change channels around without prior notice, the quality of some channels' signals is deplorable, and the quality of their cable internet service, Chello, is even worse. Once my parents were without internet for SIX DAYS, and all they said if you were ever able to get through the telephone queues was that they were working on the problem and that it would be resolved WITHIN TWO WORKING DAYS. Two working days to restore an internet connection? How would that sound if it were, for example, a telephone connection, or a power connection?
Ah, but I'm digressing, and ranting.
Standards should be there to make sure various programs by various companies are able to work together flawlessly. But currently all too many standards are created to do the opposite: make sure other companies' products CAN'T work together with yours, so everybody will have to buy yours to be compliant to your standard. To quote from Galaxy Quest: "Ewwwww, that just isn't right!"
)O(
the Gods have a sense of humour,
Re:Especially the open variety? (Score:2)
I think you're a little off-base lumping PostScript in with Word. PostScript is hardly an "opaque format." It's a bona-fide programming language. Anyone is free to write a PostScript interpreter or a program that generates PostScript docs-- the specs for the language are available here [adobe.com].
Re:Thoughts. (Score:2)
Ok, I know this was just the obligatory slashbot clause, but I'll answer it anyway...
Microsoft are by no means the only company to define their own standards. For example, when IBM wanted a networking protocol, they just said "SNA" and the industry jumped. And "consensus" standards, despite the hype, are often not the best solutions. For example, SPX/IPX is arguably a better LAN protocol than TCP/IP, because it has much less of an administration overhead. DECNet also has many advantages over TCP/IP, not least of which is its designers were sensible enough to think that users as well as machines could be network principals.
And there are the de-facto standards due to popularity. For example, IBM's CICS (or Rexx, or MQ, or many others) product is a standard, because everyone uses it. The same could be said for Oracle's PL/SQL. IBM also have a firmer grip on the transaction processing market than MS have over the desktop. Java is an arbitrary Sun standard, no matter what noises they make about standards bodies. If Cisco say they want such-and-such feature in BGP, then it's there, no questions asked (or perhaps that should be "no questions answered").
Microsoft were correct when they realised that whoever controls the rules controls the game, but they didn't invent this model, and whatever the DOJ say, the rest of the industry isn't going to stop using that strategy competitively.
Re:Thoughts. (Score:1)
Re:Extend me (Score:1)
It's funny you brought that up, because that is exactly the comparison I was making in my mind. Language added or subtracted as the bill moves through legislation (kinda like a pre-draft of a standards spec) is so mangled by the time it's done, it might as well just say:
RFC 119234580235
Do the right thing.
Thank you.
___
Re:They aren't. (Score:1)
Re:Depends on the standard (Score:2)
come on baby! modelate me up...make me feel so good....me post fo yoo, post loong time!!!!
now THAT is karma whoring!
FluX
After 16 years, MTV has finally completed its deevolution into the shiny things network
Consider IEEE 754 (floating point) (Score:3)
Nowadays, we have IEEE 754, which says a 32 bit float has 23 bits (plus an implied 1 bit) in the mantissa, 8 in the exponent, and of course the sign bit. Intel, Motorola, Sun, et all followed the standard, which presumably had input from all the major players. The major IC manufacturers caused the compilers and other tools to follow, which generally caused most software to follow the standard, and today the idea of using floats other than IEEE 754 is thought only by developers of very resource limited embedded devices, who typically convert their space-saving floats to the standard when they communicate.
With the recent M$ kerberos slashdot story/hype, I suspect a lot of slashdot folk will complain about monopolies breaking standards, and probably trademarks, patents, and all the other usual slashdot stuff.... cynical and jaded as many slashdotters may be, there are lots of computer related standards that are well followed.
Why follow standards? Nobody enforces standards, except for customers. Customers generally like it when products interoperate, and if a group of competing products interoperate because they all follow a standard, a new product that doesn't generally won't sell.
Now there are lots of de-facto standards, where a single company had enough market share that they could just come up with something and everyone else followed. ISA bus (IBM), PDF (Adobe), and .DOC/.XLS format (Microsoft) come to mind, though there are many others.
Whether a format or de-facto standard, the reason to follow the standard is usually because a product which inter-operates with others has a market advantage over other products that don't. Look at Microsoft Exchange Server and Lotus Domino, which have their own proprietary protocols, but also have to support the standards to be accepted by customers.
Standards (Score:2)
Most internet standards today originated from research labs and universities. They were developed by people whose prime aim was to do something well and to create something that would be useful. This should be the underlying spirit when one begins to work on a new standard. Somehow, the fact that these ideas developed in a research environment, where the prime emphasis was on good design, ensured that a good job was done, and also that they were respected by other labs and universities. So they were able to become universal.
I am not suggesting that companies should not develop their own standards. If they are in the poistion to do so, they certainly should---everyone benefits from a good idea. I do believe however, that in any such effort, the spirit should be the one displayed by researchers. I think it is possible to wed the profit motive to good research.
Ulitmately, interoperability can only be ensured through trust and people acting in good faith. Remember the Microsoft versus Netscape feud [zdnet.com]? It was settled only when the two companies, voluntarily decided to do the right thing.
--Sanatan
Re:Short answer (Score:1)
So long as people believe money is an end, instead of a means towards an end, we will continue to experience social unrest, the systematic elimination of our basic human rights, and the virtual enslavement of the working class.
It has always been this way. Such was the decision of the aristocrats when creating this country, and it was the intended result. The freedoms enumerated in the constitution were placed their as spite against the British. Everyone in the US knows the preamble, the Declaration of Independence, and the first 10 amendments of the constitution.. but how many read the rest?
Here we have enshrined a brief moment of civil unrest, transcribed on paper, detailing the crimes of the king, the request for a redress of grievances... a generation passing the torch from one to another.. but what of the similarities between then and now? The technology has changed, but the people have not - if we do not exploit, we in turn will be exploited. Such competition...
How many read between the lines, how many realized that this was not a document for personal freedom but for economic freedom?
I am troubled by the turn of events.. people are ignorant of their history, are unwilling to change, and regard the temporary equilibriums of our existance as eternally functioning parts.. they are afraid of change because they are afraid that it might shatter whatever is holding back the forces of change and chaos.. that it might jeopardize the crumbs of material wealth they have had bestowed on them.
Even TCP/IP isn't "standard" or to the spec. (Score:2)
They're all different. Sure the actuall "communication" works, but most people claim BSD IP stack as the standard, and others always speak of the Windows IP stack or how linux is just hacked together (which is the reason many people believe freebsd is better, but that is another story).
So how could one claim in this "Standards" war of the new millenium that one group is right over another. Sure Mozilla may be standardized, but hell the linux components are changing every 2 seconds. You can't publish fast and publish early and still maintain a standardized system, chaos is NOT standardization my friend.
Atleast Windows as a product line standardized on the Windows IP stack. A win31 app works on a Windows 2000 stack and that what microsoft has kept. Sure new features have been added, but again, what is considered a standard. Is TCPIP as a whole standardized? Nope. I can't load BSD stack in linux without horkin the internals of the OS and simply just acknowledging tcpip data streams is not standards compliance (as we have all made it aware that microsoft products are not standards compliant because they change or add features).
So tell me my friend. What does standardized mean? Does it mean a bunch of overly paid fat asses sitting around and deciding our future or does it mean the acceptance by a consumer or product group that is widely used and established and commited? Sounds like the sitting around doesn't do jack, yet the people building a stable product such as the BSD stack or the MSIE browser or the Mozilla Browser or the Posix standards actually get work done.
So in slashdot world, conformatiy is standardization, and being unique and innovating is illegal and antitrust.
Isn't this a great time to live?
Re:Thoughts. (Score:1)
Re:Short answer ( Hate your chello) (Score:1)
They have pointed www.chello.nu ( a page that complains about chello) to www.chello.com.
Not that isn't a really nice thing to do.
It's what we all fear that AOL will do but it's already been done, albeit i smaller scale, but if it begins who knows where it will stop?
Standards followed? Ha! (Score:1)
Hardware standards are much easier to get acceptance for -- who ever heard of someone baking their own hdd, electronics and all, and coming up with a gimpy version of ATA?
JPEG? Sure, but not JPEG2000 -- Unisys redux, much?
MPEG: everyone and their mother has refused to use MPEG and created a competing 'standard'. ASF, RM, AVI (all 10**10 flavors) and whatever comes out *next* week.
Standards are a rat's nest. The only thing that can even try to enforce compatibility is the requirement of strict adherence. HTML will read in most browsers even if it's not perfect. And look what happened to that!
-Grendel Drago
Re:Some thoughts about TCP/IP / MS ... (Score:1)
You should include examples like Sun's blatant efforts to completely 0wn the Java 'standard' and try to balance out your point of view. Microsoft is not the 'great Satan' of IT firms. They have a habit of trying to take things over, but many firms do that as well.
Try not to make your primary focus Hatred of Microsoft. You'll find there's a big world out there and opposition to Microsoft isn't the only guide to go by in forming your ideology.
Man can not live on bile alone.
Re:Especially the open variety? (Score:1)
I'd agree, of adobe's attempts to take over the presentation-obsessed world, postscript is editable by hand, but on the down side there are so many varying implementations that the machine-generated stuff is always a little bit worrying as to suitability (printer drivers for windoze for an apple, canon or HP, please?
Anyway. We've done this to death the last week on uk.comp.os.linux over PDF. I don't want another flamefest here as well
~Tim
--
Re:Depends on the standard (Score:1)
What do you mean? TCP/IP is a "strict standard"; there's a given set of behaviour that has to be implemented in order to conform. If people write non-conforming (read: 'buggy') implementations, things break. Strict standards enable interoperability between systems, portability across systems (POSIX), and so on.
The question of enforcement is different. TCP/IP is a de facto standard; if you don't use it, you can't play our game. RFCs, in general, document de facto standards. The principle is that "everyone else uses this standard, so if I don't, I'll be on my own". The fear with MS is that they're so big (in some sense), that they can make their own rules. If they don't conform to a particular standard, the reasoning goes, then it's the rest of the world who'll lose out. This fear could be well-founded if MS had more than a certain proportion of the `world' (for some value of world). We've seen this happen with Word documents; if StarOffice didn't read Word documents, it's be (even?) less popular than it is. Such is the nature of monopoly: if there's a particular gas company that has a large enough proportion of the market, they can fix the size of the underground pipes to suit themselves, causing problems for everyone else.
William James Said It. (Score:1)
Re:RFCs are explicitly not standards (Score:1)
Yeah, that's true; and the actual STDs, when you look at them, aren't fixed, either. An RFC, though, never changes. An RFC is often just research into current practice, where there's as yet no standard... an RFC tends to get treated as a standard because there is no Real Standard yet! I'll throw out the RFCs about URLs (1638, 1738, 1808, 2368, probably others) as an example - this rather elemental piece of browser functionality is still not standardised!!!
It's quite the ironic nuisance if you ask me...
By Politcal force and Pragmatism (Score:1)
So, we have the same problem on a smaller scale -- we may have 10 different implementations of the same protocol -- some in firmware, some in (ack) hardware, some in one language, some in another, some off-the-shelf, etc.... (We try to avoid having multiple people doing the same thing, but sometimes it just can't be helped.)
To enforce adherence to the standards: we write that requirement into contracts with third-party vendors; we have testers who pound on the different protocol implementations and generate a lot of negative press when something isn't up to standards; and we do a lot of interoperability testing -- if an implementation isn't doing what it's supposed to do, then the people who did it get a *lot* of heat put upon them to fix it.
Re:Standards followed? Ha! (Score:1)
Re:Don't keep them past their sell-by date (Score:1)
And at least academic 'ivory tower' standards are open. Usually. Sometimes. Occasionally. Feh.
-Grendel Drago
Answer: Use Free (as in speech) software (Score:1)
The main reason why standard processes go so badly is the whole array of companies who have copyrights and patents and are trying to position themselves to be at a competitive advantage. Without these, there is plenty of motive to comply to common standards and to create rational new ones as the need arrises. You only see the standards problems between closed software and hardware vendors. Communities like the Linux community have a much better agreement about standards.
Re:Consider IEEE 754 (floating point) (Score:2)
SCSI: Dozens of SCSI devices fail to implement the spec correctly, many in fairly surprising or destructive ways. Read a quirks table sometime.
ATAPI: There are lots of devices labeled "ATAPI" that use proprietary EIDE extensions instead.
JPEG: Seattle Filmworks (whatever they're called now) has a JPEG format with a corrupted header they use for photos-on-CD.
ASCII: "Smart quotes" in many web pages (probably around 5-10%?)
TCP/IP: For years, Cisco and Linux routers corrupted any TCP transmissions using RFC1323. Microsoft boxes frequently ignore MTU's, or set them incorrectly.
SMTP: Dozens of commercial mailing list systems treat 5xx error codes as "try again immediately", when it really means "this message can never be delivered".
PCI: Many motherboards, even "good" ones, have one or more slots which don't support bus-mastering cards. Some video vendors abuse bus mastering to get marginally better performance for their cards while shutting other cards out, even when the bus could be idle.
ISO9660: Rock Ridge, Joliet.
Modem signals: v.90 came after flex and x2; in many cases, v.90 modems don't interoperate correctly with older hardware, and/or the special servers v.90 modems talk to don't interoperate correctly with older hardware.
DOC and PDF formats: Neither is sufficiently stable to be considered a "standard" in the same sense as the other things.
802.3: Almost no one actually uses this by default, although many stacks have it as an option.
ATA: There are multiple different and incompatible ways of handling large drives. No three OS's agree, so far as I know.
MP3: Many "MP3" players on the market today play only "encrypted" MP3's. The ID3 tags come in two major and incompatible versions; many software players can't play files that use the new ID3v2 tags, but some software only generates those. Lots of programs can't generate or parse VBR MP3's.
Let me add a couple of others:
C: I am not aware of an implementation with no conformance bugs. Almost no one writes correct code, even if we allow for a little bit of local color (like POSIX). Many books "on ANSI C" have painful errors.
Java: There are several implementations, which have incompatible bugs, even though they're supposed to get everything else right.
NFS: Some Linux boxes negotiate for NFS v3, but don't actually *support* v3. Lots of differences in handling of locks, when they're supported at all.
/bin/sh (the POSIX-like shell): Since this is typically "bash" on Linux systems, many shell scripts written on Linux turn out to have syntax errors when compiled with a POSIX shell which isn't bash.
HTML: Does anyone need to be told how awful HTML conformance is these days?
In summary, standards are *NOT* enforced. Thank God. While all of the above-mentioned deviations can be painful, in general, *every* one of the things listed is still a usable standard >90% of the time, and we get a little innovation in the process. Fine by me.
How are Standards Enforced? (Score:1)
Re:Some thoughts about TCP/IP / MS ... (Score:1)
I've been using MS stuff since '87 (SVI-328/728) and am writing this on an NT-machine. I've rebooted the above mentioned computer twice today. I have learned not to like MS.
You should include examples like Sun's blatant efforts to completely 0wn the Java 'standard'... [SNIP]... Try not to make your primary focus Hatred of Microsoft.
I am aware of Sun and have also been using SunOS/Solaris since '96. I was only talking of the big Satan, ehh.. I mean MS... Cause their blatant efforts to EEE Kerberos is what made me think of this in the first place. My question also included other companies that could begin acting like MS. So I'm aware they are not and will not be the only ones acting like this. Please read more carefully before you reply next time.
Man can not live on Bill alone.
I know!.. ;-P
Thank you.
//Frisco
--
"At the end of the journey, all men think that their youth was Arcadia..." -Goethe
Re:Possible models ... (Score:1)
Only then will we win the battle against Evil Karma Whoring.
Also it would be very nice if everyone made sure that they use plenty of numerals to spice up their spelling.
Standards must work with software people use... (Score:1)
Today it seems that standards are pretty much defined Microsoft. The easiest way to be standards compliant across the board is to migrate from legacy systems with their confusing array of standards and protocols to Microsoft systems. MS has put a lot of work into interoperability to make this much easier for you, and as standards continue to evolve and improve you can get the latest updates on line from Microsoft licensed servers. With the most comprehensive kind of licenses, software upgrades occur transparently with no effort required on your part except to have the connections. Microsoft's servers will automatically detect your IP addresses and update your systems without your even being aware that this is happening, except to note with satisfaction that everything "just works better".
Microsoft does not claim to have invented all standards. But MS can proudly claim to have improved and enhanced legacy standards and protocols which have been in wide use, such as the HTML standard and the Kerberos authentication protocol, breathing new life into these standards which were not fully defined in early versions. It is the goal of Microsoft to enhance and extend all such standards, where possible, rather than to introduce more confusion into the situation by introducing a completely foreign standard or protocol into the matrix. Over time, Microsoft intends to shape all protocols and standards to insure the highest desgree of interoperability with the standards Microsoft has defined and patented to prevent these standards from becoming corrupted or abused.
Of course, in today's world of corporate intranets and internet technology, a standards compliant web browser like MSIE is a must have. Your customers and staff will also expect standards compliant internet components from Microsoft because it's very likely that customers and suppliers are already using Microsoft products for creating web sites, browsing and accessing your sites, and transferring data both ways. If your systems are not compliant customers will become dissatisfied and suppliers may charge you extra for maintenance service and tie-ins to legacy components that really should be replaced. Micrsoft offers competetive upgrade discounts in many such situations, especially where a high number of units may be involved. To help make the transition from legacy systems and offbrand standards, Microsoft offers technical training for your staff and 24 hour, seven days a week online technical support.
It's better to be safe than sorry, and there is really little risk to you in licensing the latest, most innovative technology from Microsoft because MS has a proven committment to keep on innovating and keeping you current. And, if you do not have the very latest standards-setting technology from Microsoft, it is very likely that your company will be unable to interoperate with the rest of the IT world.
Practice is the Real Standard (Score:1)
Re:Don't keep them past their sell-by date (Score:1)
How else could we achieve adequate economic growth rates? This was the singular genius of the modern corporation: To realize that one can reap the benefits of technological change without the unecessary cost of adding value.
Change for the sake of change is the essence of liberal democracy. We've got to keep busy or we'll suddenly realize how pointless it all is.
Excuse me, I must take my medication now...
Re:LOL! (Score:1)
Re:Thoughts. (Score:1)
Couldn't have said it better myself. I used to work for the University of New Hampshire InterOperability Lab (www.iol.unh.edu [unh.edu]) while I was a student at UNH. That lab is the interoperability mecca. They test hundreds of products each year from countless vendors for compliance to the major networking standards.
All the big netwokring players are there; Cisco, Nortel, 3Com, Intel, HP, etc., plus many smaller companies send their stuff their. They all strive for the IOL's stamp of approval because that usually means their product will work in any sort of mixed vendor environment.
I saw plenty of devices come into the lab right before they were ready to ship and we would turn over our results and they would have to delay their shipping until they fixed their problems. It's pretty amazing to see a product that claims to be "compliant to X standard" and see it perform like a bunch of monkeys wrote the code.
If I had to give advice to up-and-coming network hardware manufacturers, it would be to get your product tested for interoperability. If your product doesn't work with other companies products, you'll have a tough time selling them on the market.
Just my two cents.
Re:Consider IEEE 754 (floating point) (Score:1)
I think Crays may still use their own floating point format. They did for a long time, anyway.
Why follow standards? Nobody enforces standards, except for customers. Customers generally like it when products interoperate, and if a group of competing products interoperate because they all follow a standard, a new product that doesn't generally won't sell.
I don't know if PostScript is standardized or not, but god help anyone who writes something that generates bad PostScript. And Unix-like OSes are at least mostly POSIX.1 compliant, though it's a rare program that only uses ISO C/C++ and POSIX.1 anyway.
It depends (Score:2)
In some cases, large purchasers, like governments, require complaince to some standard in order to bid for government contracts. POSIX, for example, is a US government purchasing requirement in some cases. Companies obey the standard because it's cheaper than having one product line for governments and other big contractors and another for everybody else.
In other cases, like TCP/IP, the standard is self-enforcing. There's no law to stop somebody from writing their own TCP/IP variant, but if it isn't compliant with the standard, it probably won't work on the 'Net.
This is the kind of thing companies love. Early on, they can try to twist the standard by putting out their own, incompatible variant and then locking their customers into it. Microsoft is famous for this manoevre, and HTML is good example of a standard that ought to be just as self-enforcing as TCP/IP but isn't because of vendor intransigeance.
What makes standards work is that they tend to be safe choices, not enforced ones. There are a number of standards for the manufacture of, for example, luggage. No law prevents luggage manufacturers from making luggage with dimensions and properties that don't comply with the standard, but then they'll find that their luggage doesn't fit into aircraft luggage bins (which are also described in a standard designed to be compatible with the standards for luggage) and don't fit into standard sized cardboard boxes (which makes them more expensive to ship.) So, the luggage company sticks to the standard, because it's safe.
Now, standards like ISO 9000 and ISO 14000 aren't manditory in law, but many people require, or at least consider, ISO compliance in purchasing. For those standards, there are national certification bodies that let companies say they are ISO 9000 or 14000 compliant if they can verify that they meet certain conditions. But most standards don't work that way and don't come with certification.
Bob Metcalfe's "third way" (Score:2)
(Please don't nitpick my examples, and these companies, which have tried all three kinds of standards.)
Re:Thoughts. (Score:2)
I can remember a presentation given in-house years ago when IBM came to hype their networking technology. When he made the comment:
I couldn't see how he was able to continue amid all the laughter. A lot of people just got up and left. So some of that ``jumping'' was people jumping ship. Not everyone was silly enough to pay a license fee to use the network link to move files, another separate fee to do network printing, etc. etc.
These aren't standards -- at least you'll have a difficult time convincing me that they are -- they're just popular products. I have to cringe every time some utters the phrase ``[insert-popular-product-name-here] standard''. Just because everyone's using it doesn't make it any less proprietary. IMHO, if it only is available from one company or usable on only a single company's systems, it ain't a standard.(So, go ahead, call me rabidly in favor of true open systems. :-) )
--
InterNet is the prima facie example? (Score:1)
Standards enforced by people who buy stuff (Score:1)
The other thing we do, of course, is settle disagreements between users and producers. The users say "[producer's] widget doesn't work" and send it to us. We check it out (for a price) and tell them whether or not it conforms to relevant standards. They then have a basis to complain to the producer, if it doesn't conform.
Software Enforces Standards (Score:1)
standards 101 (Score:1)
standards groups are really only allowed as an exception to the anti-trust/collusion laws that
exist in many countries (including the US).
The basic idea is that several companies can't get together and create an interoperability standard
unless they provide a level playing field to all potential players in that standard's field. To
comply with these provisions, almost all standards organizations provide open membership, not because
they want to, but because the have to to get around the legal restrictions of creating standards.
The same laws the prevent collusion in creating the standards also prevent the standards body
from any enforcement ability. This leaves the standards body with only a few options to protect
the integrity of a standard: copyright and independent certification organizations.
Copyright is the big one, you can't publish your modified standard including the original, although
you can reference it (fair use), people will always know about the original unmodified work.
Independent certification organizations (such as UL or BSI as large examples), provide the main
enforcement of standards by the value of their service marks. Note there are several competing
standards organizations operating off the same data (the published standard's specs) so this
avoids most of the anti-trust concerns.
Anti-trust principles are the main driving force behind breaking up MSFT. Just being a monopoly
isn't actually illegal. Believe it or not these rules were mostly put in place during the
formulation of gasoline. Imagine several oil companies wanting to supply gasoline for cars
and several car companies wanting to make cars that could use the cheapest/most available gas.
Instead of everyone getting together and coming up with a standard gasoline formulation, several
companies (standard oil being the biggy) just made their own proprietary standard and since they
were vertically integrated (own both refineries and gas-stations) and were the largest, they sort
of dictated the standard w/o any of the other oil company's input. Some of the anti-trust laws in
the US are directly a result of breaking up standard oil and trying to make sure something
like that never happen again...
This is old stuff, time to get off that computer and dust off a history book or two. The people
who came up with these laws were pretty clever and anticipated all sorts of things and designed
very clever laws to prevent problems...
There is a good reason why people are allowed to extend a standard w/o recourse: innovation.
Color TV, closed captioning, metric/english wrenches, call waiting, etc... were all originally
proprietary standards extensions.... (yes there are acutally ANSI/ISO standards for wrenches)
The main problem with standards is that the groups the create them are often only chartered to
"codify existing practice". The ANSI-C group for example, went way beyond their original charter.
However most are just "least common denominator" and extension is often desirable to create a
reasonable product.
If we are however talking about standards compliance, the right answer is to get on the
independent certification organizations (like UL, BSI, good housekeeping???) or maybe work to create
one specifically for the computer protocol industry (ala X/Open). I suspect that this would
make an excellent tax-exempt non-profit organization that would get heavy donations from
many of the large fortune 500 companies...
Re:Thoughts. (Score:1)
Strange way to ask the question (Score:1)
Personally, I think the idea of "enforcing" a standard is a strange way to bring up the issue of overall standard conformance / nonconformance. Either something conforms to a standard or it does not. However, this line is (usually) not a clear one, as there almost always exists *some* ambiguity in the way someone describes, understands, or implements a standard. Personally, I found the use of term "enforcement" a bit confusing, but I'm not sure that I have a better word for it either.
But, before you even try to ask the question "does product X comply with standard Y" I think one needs to define which sort of compliance / conformity you are addressing. I believe that there are two kinds of compliance. First, there is the compliance to the standard as it is on paper (if there is one!). Second, there is the compliance to the *implicit* standard that evolves from the majority of implementatations of that standard. These can often be very different; and when tyring to ask the question "Does our product/system conform?", one must first address the question of "to what?"
For instance, suppose Standard Y on paper says nothing about the implementation of Feature Z. Yet, suppose a significant majority of products out there support Feature Z. Then, I would consider the paper standard simply "Standard Y", but in some ways, there is an implicit standard that consists of "Standard Y + Feature Z." (Simply because it's out there.) I do *not* mean to imply that this is a Good or Bad Thing (that's a *whole* 'nother can of worms). I simply want to illustrate that standard "conformance" may mean building a system that complies to an implicit, evolved standard, as opposed to a standard by committee.
Not quite... (Score:2)
I think you're mistaking the implementation of individual TCP/IP components with the standard itself. I usually think of TCP/IP as communcations protocol which provides a standard means of passing information between computers. There are many implementations of this protocol and that seems to bother you.
Now about some of the outrageous statements you made:
I'll bet that a lot of those that say the BSD stack is the standard are old BSD bigots. I've recently heard that the Linux TCP/IP implementation was the one that most closely adhered to the actual standard.
Well, that's certainly a less-than-widely-touted technical achievement. (He says, his voice dripping with sarcasm.) I wonder why I haven't seen a Bill Gates TV commercial explaining why this compatibility is such an important innovation.
Does this mean that MS is moving to de-commoditize TCP/IP now?
I believe that the answer to the first part if the above quotation is: YES. As to the second part: Methinks you need to actually do a little research into what a standards group actually does and, what a standard even is before making a ludicrous comment like this! Using the same logic, I should be able to say that Multinet for VMS (does that even exist any more?) must be an inferior product since I can't load it on an AS/400 without doing some serious hacking of OS/400. You seem to think that something written for one operating system should run on another without change.
FYI: There are a number of Microsoft representatives (``fat asses'' as you call 'em) attending standard bodies meetings as well. Microsoft just seems to do whatever the hell they want to do anyway regardless of what gets decided in those meetings. And, BTW, the Posix standards were arrived at by a whole slew of those so-called ``fat asses'' from industry and IEEE. I used to work with another engineer (years ago) who was on the ANSI FORTRAN working group. He was just a regular guy and wasn't overly paid (and I didn't pay much attention to his backside). When you say ``overly paid fat asses sitting around and deciding our future'' are you referring to people like the denizens of the boardrooms in Redmond, WA?
My dictionary contains the following:
So, yes, ``conformatiy'' (sic) is part of following a standard.
OK. Now we know who your preferred software vendor is.
(My apologies to Random House for quoting from their dictionary. This seems like `fair use', though.)
--
Re:Thoughts. (Score:1)
Zen: They aren't (Score:2)
This concept doesn't go over well in a geek community like /. where people have pathological fear of authority, but the way the real world works is that authority doesn't really exist. The question presumes the existance of an authority capable of monitoring/enforcing standards compliance. Such authority doesn't exist (except in small domains).
Thus, you are free to implement something like TCP/IP in any way you like. The only problem is that if you want to actually communicate on the Internet, you should probably follow the spec.
In other words, ultimate you must monitor your own compliance.
This issue is important because lots of peole try to use standards bodies in order to pursue political agendas. People have the mistaken impression that if an official organization like the ISO puts their stamp of approval on something, then everyone must adopt it. You can look at the failed ISO/OSI protocol suite for an example of where this failed: they created a standard for something that nobody wanted to implement, and thus the standard failed. The authority is powerless to coerce its members to follow its guidelines.
Another example is the word "hacker" vs. "cracker". Many geeks have the mistaken impression that a dictionary has authoritative powers; it doesn't. Instead, it is a coorperative effort. The dictionary writers attempt to monitor how words are used and understood, then write that information down in a book. When people hear a word they don't understand, they read the book in the hopes of discovering what the speaker meant. Conversely, if somebody is using a word "incorrectly", the dictionary will tell them why people are misunderstanding what the speaker is saying. In other words, the dictionary doesn't tell the speaker that they are wrong; only that their audience understands something different than what they intend to convey. If the speaker doesn't care about being understood, then they can use any meaning they want.
Coercion to follow standards that people ultimately don't want to follow always leads to failure. For example, trying to coerce the non-technical crowd to adopt the word "cracker" or "wormer" are doomed.
Re:They aren't. (Score:1)
Unfortunately very true. At least there are some people who care, and are trying to do the right thing and follow the w3 html specifications.
My suggestion to all web developers is to pick a DTD, stick with it, and validate [w3.org] your work.
W3C Approach (Score:1)
As noted in the XMLHack piece, conformance is typically monitored by external organizations like The Web Standards Project [webstandards.org], or XML.COM [xmlhack.com].
MS has been extremely effective with their logo certification program. My prior employer would jump through any hoop, do anything at all without regard to process, resources, etc. in order to get the MS logo compliance. I almost wish that IETF or W3C would try such heavy handed stuff.
Mainly (Score:1)
the only enforcement is interoperability.
If you don't do it the right way.. it won't work.
IF you break interoperability with someone else, and they do it by the book, and you don't.. you look bad, not them. Nothing 'forces' you to do it though.
Re:Don't keep them past their sell-by date (Score:2)
And I fear, even when it does, many will sieze control of it beforehand.
ie: will the days when *anyone* from *any* network could get a block of IP addresses and register a domain ever be back?
Copyright Law (Score:1)
-=Canar=-
You must conform, or risk losing interoperability. (Score:1)
Good example: Watchdog (Score:1)
Watchdog doesn't define compliance; only the spec does that. But I understand that Watchdog is a great way to check an implementation. At JavaOne today, the Tomcat developers say that they regularly run Watchdog against their implementations to make sure that they don't break anything.
Computing Standards aren't Grown Up Yet (Score:2)
The computing industry has no such system of absolute conformance. This is because the government has to get involved to enforce such a thing. Standards for computing have been around a long time relative to the industry's age (check the date for ASCII if you don't believe me), but still there is no way to enforce compliance to a standard. This is mostly because there simply isn't an easy way to classify the products being sold and to determine whether they should be standards compliant or not. The Government would have to be involved, and would have to enact legislation requiring products to be standards compliant before they could be sold to the public, much in the same way that construction is so regulated. Until computers are seen as life-threatening and as life-preserving and as essential to modern human existence as buildings are, this isn't going to happen.
OTOH, there are perfectly good reasons why the computing industry shouldn't have enforced standards. Innovation in engineering and construction doesn't proceed as rapidly as it does in computing. A standards organization charged with reviewing the state of the art in plumbing can barely keep up with the workload it is presented with; it's absolutely unreasonable to imagine a standards organization reviewing the state of the art in computing. Also, engineering and construction have been around for two thousand years or more -- most of the major concepts have been worked out already and are well known. In computing, which has only been around fifty years or so (at least in its current form), the grounding concepts are still being debated in academia and the reasearch communities. We still aren't totally sure how to describe a programming language -- how can we determine whether a given implementation of a language complies with the standard? Debates still rage about the vagaries of user interfaces, and the underlying concept of a user interface is terribly hard to pin down (Just try thinking about that -- what exactly is a user interface? What makes a user interface good?), so it's absolutely impossible to enforce user interface design. Also, remember that standards don't get updated but about once every five years or so, and any legislation regarding standards usually doesn't change without major political action. Imagine having a standards enforcement representative (read `code police') reading your code. Not a happy idea.
IMHO there should be some level of enforcement requiring compliance to a standard if such compliance is going to be an integral, advertised part of the product. Thus, if Web Browser v23 claims to comply with HTML 5.0 then it has to abide by every last little requirement of the HTML 5.0 standard. Extensions are always possible, but advertising that Web Browser v23 complies with HTML 5.0 when it actually doesn't can result in legal action by the standards body, possibly causing that product to be pulled from the shelves until it either complies with the standard or is replaced by one that makes no such claim.
I'd really like to see such a system enforced for the hardware manufacturers. IIRC there's no reason that some random motherboard manufacturer can't claim that their new board has PCI support even if it only implements a broken subset of the actual PCI standard. The existence of this glib attitude towards hardware standards is probably due to the fact that most IA32 machines are still based around the `industry standard' IBM PC design, which being an `industry standard' was never really a formal, enforceable standard. Nowadays nearly all the parts of an IA32-based PC are standardized in one form or another, but even today major manufacturers sell machines with broken implementations and gratuitously incompatible hardware. If they were regulated by a standards requirement of some form then this sort of thing would happen much less often (I won't say it wouldn't happen at all).
So, computing standards aren't grown up. They haven't reached the stage where they are enforceable by legislated authorities. Someday they probably will be, but only if the end users want such a thing. If the end users don't complain enough the Big Money in corporate hands will keep such a thing from ever happening. The situation is very similar to that of automobiles in the 1970s -- until Ralph Nader and friends started making ugly noise with class-action lawsuits and large, expensive legal cases, the manufacturers blithely ignored their end users, often with horrible results.