Slashdot Mirror

I use them for the speed, but anyone claiming they are reliable are smoking some strong peyote.

Yep, just yesterday I had four embedded boxes on my desk that needed the SSD's pulled for replacement and reinstall. All four had Kingston SSDNOw drives in them and were 1-2 years old. We had much better luck back in the days of IDE CompactFlash adapters and those were less expensive parts than SSD's.

I'm under the impression now that it's because those were 90nm devices and the newer stuff is just crap. MLC SSD's have moved further along the hot/crazy scale in the past couple years. I should say that I'm still happy with the SLC SSD's in my servers, but for low-cost gear we're going back to 2.5" harddrives for reliability.

http://shawnblanc.net/2013/02/27-inch-ips-lcd-displays/

It all started last summer when my cousin sent me a link to this article by Jeff Atwood concerning his discovery of the gray-market of inexpensive 27-inch IPS LCDs on eBay... I decided to get one of the same, cheap displays as Atwood had. Same as Atwood, I ordered the FSM-270YG. You can still find them on eBay...

Just recently, Monoprice began selling their version of the FSM-270YG. It's called the CrystalPro. The CrystalPro looks exactly like the FSM-270YG monitor I have in front of me right now, except their's has a Monoproce logo slapped on the front... Not only does Monoprice check each monitor they sell to make sure it works, they also offer a one-year warranty which means they'll replace the display if there are more than 5 dead pixels.

I recommend reading the whole piece -- he's got more info about features, connectors, etc.

Jeff Atwood had good things to say on his blog about some of the no-name monitors you're talking about.

In this particular case it is because Jeff Atwood hates threading. I think it's a huge mistake and he never manages to argue this choice in a compelling way, but I guess it's an emotional thing after all.

He's got a point that many implementations make it hard to navigate the tree, but it's not like it's that hard to implement what he wants (find my replies, see original) and be able to collapse trees.

Is it because the developers are too lazy to add a minimal amount of recursion in their engine or . . . what?!

In this particular case it is because Jeff Atwood hates threading. I think it's a huge mistake and he never manages to argue this choice in a compelling way, but I guess it's an emotional thing after all.

Don't let the name, nor their tag line, confuse you.

Here is the list of actual forums he gives as examples:

There's an amazing depth of information on forums.

* A 12 year old girl who finds a forum community of rabid enthusiasts willing to help her rebuild a Fiero from scratch? Check.
* The most obsessive breakdown of Lego collectible minifig kits you'll find anywhere on the Internet? Check.
* Some of the most practical information on stunt kiting in the world? Check.
* The only place I could find with scarily powerful squirt gun instructions and advice? Check.
* The underlying research for a New Yorker article outing a potential serial marathon cheater? Check.

I have honestly never seen an SSD die from the cells being used up but I have seen a LOT of SSDs that had the controller fail and take the drive out.

No you haven't. There isn't anything special about SSD controllers which could make them more likely to physically fail than HDD controllers. They're both just chips. Not especially super high tech chips at that, and SSD controllers don't even need to interface to any sensitive analog circuitry either. (Not that that's likely to make HDD controllers less reliable, mind you.)

What you're almost certainly seeing in 99% of cases is buggy firmware. SSDs must spread erase/write cycle wear evenly across every location in the media to ensure long life, so SSD controllers run vastly more complex firmware which maintains a vastly more complex data structure on the media. Bugs in this firmware can easily produce the appearance of a dead drive even when it is possible to recover it to like-new status (not necessarily easy for you to do so, mind, but easy for the manufacturer and/or anyone who reverse engineers how to send the relevant nuke-and-pave-the-media command to the controller).

The solution: Buy SSDs from vendors who can pass the stringent testing required by certain big brands. For example, Apple is known to be very picky in their internal qualification testing of storage devices (not just in the SSD era I might add). You can't get SSDs fully identical to what Apple ships (they like customized form factors and firmware), but if you pick SSDs based on the same controllers you know the vendor passed a high bar for firmware reliability. (The best SSDs Apple's shipping right now are Samsung 830 series, which is disappearing from retail, but 840 series that replaced it is very similar.)

Over at coding horror they labeled this the hot/crazy scale in that to get the hot performance of SSDs you had to put up with the crazy failure rates.

Hurr hurr hot wimmenz are always crazy so that's why this comparison is totally witty! No, sorry, it's not, it's misogynistic, and the quality of the idea isn't significantly improved when used to discuss SSDs. Jeff Atwood is terrible in so many ways.

So I have a feeling when all those cheapo SSDs start going tits up there is gonna be a lot of folks that write off the tech and go back to HDDs, say what you will about HDDs they usually give you plenty of warning before going tits up.

Except when they don't. Which is rather often in my experience with bad HDDs.

Also, literally the only reason there were problems with early generation SSDs was industry-wide immaturity. Lots of the early drives simply didn't get anything like the kind of validation testing that was standard practice for HDDs. It was a gold rush and many of the participants chose to forgo seriously attempting to sell to OEMs in favor of pursuing quick market share lead through retail channels (see for example OCZ). As SSDs mature and vendors who can't get the volume contracts with major OEMs are shaken out, average reliability will go up.

Actually if anything I have a feeling HDDs are gonna have a "bounce" in a year or two as all those that got cheap SSDs get burnt when they flip the switch and find all their data gone.

The problem with SSDs is frankly they have never really licked the controller issues and as they add more space the problem just seems to be getting worse. I have honestly never seen an SSD die from the cells being used up but I have seen a LOT of SSDs that had the controller fail and take the drive out. Over at coding horror they labeled this the hot/crazy scale in that to get the hot performance of SSDs you had to put up with the crazy failure rates. While those of us who are religious about backups won't have a problem with this most folks are NOT religious about backups and WILL get bit in the ass when they flip the switch one day and just find their data gone forever.

So I have a feeling when all those cheapo SSDs start going tits up there is gonna be a lot of folks that write off the tech and go back to HDDs, say what you will about HDDs they usually give you plenty of warning before going tits up.

The reason I don't advocate Intel, well besides the douchebag compiler rigging and bribery they should have gotten an anti-trust bust for, is that they cripple their chips and moreover they cripple them WRONG. I mean cutting out POWERSAVING features on the lower end chips? Really? You have cache and HT and VM support you can cut, that isn't enough but you gotta make them laptop chips into pigs when you have so many other ways to upsell?

And I have to completely disagree that Intel chips are cheaper and lower wattage, not only because they tend to cripple powersaving on their lower end chips but also because on the low end you can get insane amounts of power from AMD cheap. I mean I can get an Athlon Triple kit for $195 just add HDD and a fricking Phenom II Hexacore for just $210 just add HDD and burner. When you figure in the cost to finish those kits up I can have a completed product for less than an Intel i3 CPU, board and RAM, which would leave me with half the parts left to buy!

And finally I again have to disagree when it comes to SSDs because until they fix the hot/crazy scale when it comes to SSDs I simply can't recommend them except for certain niches like a mobile device that isn't gonna have mission critical data on it, and that article may be a couple years old but if anything I've found that since going up to triple cells the problem has gotten worse. I have several gamer customers that buy top o' the line and they are up to double digits when it comes to SSDs because of all the failures, and we ain't talking OCZ, we are talking Intel, Kingston, and Samsung. In a way it reminds me of the first days of HDDs and how insanely high those early drive failure rates were and of course once it fails you can't wipe the drive so many of my customers are leery of even claiming on their warranty because they have no idea what kind of third world center those drives will be sent to and if they will be risking ID theft thanks to all the data on the now dead SSD.

The funny part is its NOT the cells that are failing as you'd think, nope its the ARM controllers they have on the drives themselves. When that thing fails, which it ALWAYS does with no warning at all, you can't even get your data off because it won't even show up in BIOS. Now once they get THAT fixed? Behind you 100% although I have to wonder how much gain myself and most of my users will see since most just use sleep mode anyway and with Win 7 intelligent caching most of their programs are already loaded into RAM but in its current state frankly SSDs are even worse than Seagate drives over 600Gb when it comes to the number just shitting themselves.

The problem with SSDs, especially the MLC is the hot/crazy scale and I have seen this with my own eyes, I have several gamer customers that buy the top o' the line SSDs and they are already on double digits because of all the failed drives.

The problem AIN'T the cells though, its the damned controllers. I have been saying for years they need to have a simple ARM chip that kicks in when the main controller fails that makes the drive read only so you can at least get your shit off but after looking into it this is why I do NOT install SSDs as main drives and advise against using them as main drives, because when the controller fails? unless you have the skills to unsolder the chips and get the data off one chip at a time you are screwed, it won't even show up under BIOS. This also makes many of my customers leery about using the warranties because who knows what third world country they send dead drives to and since you can't nuke it who knows where your CC numbers and data would end up.

At the end of the day this is what i tell my customers: The SSD is like any other tool in that used WISELY it can be a benefit. if its in a mobile device that you back up religiously or which doesn't have any important data, like a netbook? Works great here. if its for an OS drive where you have image backups and all your important data on spinning rust? Again works great. if this is a mission critical system or is gonna have important irreplaceable things like family photos? NOT a good use, in fact it will end up biting you in the ass. The good old HDD may not be the fastest but at least you usually get plenty of warning before they fail, too many times i have seen an SSD go from 100% good to deader than Dixie overnight. NO WARNING, that is just fucked up and why I still use spinning rust in my builds.

I noticed in their standards doc that they said all classes must start with "id". Classic Smurf naming convention.

Jeff Atwood has some very nice observations about this from the real world. Also highly entertaining:

- http://www.codinghorror.com/blog/2007/02/why-cant-programmers-program.html
- http://www.codinghorror.com/blog/2010/02/the-nonprogramming-programmer.html

One claim is that 199 out of 200 people applying for a coding job cannot code at all. The examples given are hilarious (or deeply depressing) and there is every reason to believe the observations described. Some of the links are also eminently worthwhile.

Jeff Atwood has some very nice observations about this from the real world. Also highly entertaining:

- http://www.codinghorror.com/blog/2007/02/why-cant-programmers-program.html
- http://www.codinghorror.com/blog/2010/02/the-nonprogramming-programmer.html

One claim is that 199 out of 200 people applying for a coding job cannot code at all. The examples given are hilarious (or deeply depressing) and there is every reason to believe the observations described. Some of the links are also eminently worthwhile.

Look up "functional illiteracy". It affects about 15% of all adults even in the US. Now, programming is much harder. Having functional illiteracy here even after intensive training at 85%-99% of all adults would not surprise me in the least. And I would expect to see > 10% of this even among people claiming to be programmers.

Nice link: http://www.codinghorror.com/blog/2010/02/the-nonprogramming-programmer.html
Read it. It is straight out of reality.

Unless you are using SLC, which is getting harder to find and more expensive every day you are really pushing your luck. The problem is the hot/crazy scale when it comes to these drives, specifically the fact that nobody has figured out how to lick the controller issue. For those that haven't run into it yet (lucky bastards) the controller issue will cause a drive to suddenly fail without ANY warning and unlike how the SSDs are always bragged on to "fail safe" into a read only mode what actually happens is when the controller fails the whole drive is completely dead, it won't even show up in BIOS/UEFI.

So until somebody figures out how to lick the controller problem, and when they do the money they make will truly be insane, or come up with the idea that i have been advocating for years of putting a second cheaper ARM controller on the board designed to take over as a read only backup while you get your data out? Well I'd be seriously leery of trusting any data I cared about to an SSD, not without spinning rust backups at the very least. The controller bug seems to bite every OEM on the ass, I have seen it from Intel to OCZ and its always the same. Push the button and poof! Data all gone with the drive. And of curse since you can't get your data off or even wipe it you have to hope they don't send it to some third world country for refurb where they help themselves to your data. Because of this I don't think my customers have even used 10% of their warranties for fear of the data falling into the wrong hands, great for the OEMs which rarely have to make good on warranties, not so good for the customer.

That's known as "Yoda style"

Please see this article. Bad programmers actually create more work for the good programmers than they end up doing. If you want to be a programmer, fine. But it's not something I recommend you jump into with minimal training. There's almost no such thing as a "beginner" programmer job. Most good programmers have been programming for years (often a decade) at home or on their own before they start doing it for a living.

What inflated? I've seen 2Tb for $99, 1Tb for $70 and the prices continue to fall. and when it comes to SSDs you have to watch for the hot/crazy scale which as a retailer who has gamer customers into the double digits when it comes to SSDs because of all the failures i can tell you is a BIG problem.

In fact with the prices falling the way they are I'd say the ONLY problem we have is Seagate. Instead of Seagate raising up Maxtor it appears that Maxtor brought down Seagate, with Seagate drives being sold cheaper and cheaper due to the high failure rates. During the BF and Xmas sales so far I've seen WD charge 40%+ markups not because that price is a fair market value but because like Intel WD knows that their "competition" can't really compete on anything but price so they feel no need to lower their prices.

Now I don't know if this is true or not, just what I heard, but here is the scuttlebutt I was told when it comes to Seagate: When Seagate bought Maxtor they got the cheap ARM controllers from Maxtor and that when combined with piss poor firmware is making the Seagates die left and right. From what I was told the ARM chips get too hot and when they do the firmware starts fucking up, it fails to "see" where the end sectors of the drive are and tries to go past end of the drive and bye bye drive. I know that the failure rate on anything Seagate above 500GB from what I've seen in the shop is just pathetic, I've had to RMA enough of them i won't even touch a Seagate larger than 500GB ATM. Since most people don't care about the drive itself but the data this is a serious problem, I even had to walk a guy through building a clean box so he could swap the platters on a less than 3 month old Seagate in the hopes of getting his pictures back.

But I'll tell you like I tell my customers that SSDs are ONLY useful for certain use cases, like any tool you have to make sure that you have the right tool for the job. If its a laptop or netbook AND you have limited non cloud based data or are religious about backups? Then SSDs make sense there, less power usage and no moving parts make it a good fit especially if you pull the drive and slap it in an external and use it to hold backups of the OS and important data. If its gonna be used on a desktop as an OS drive AND all your data as well as backups of the OS are gonna be kept on a HDD? Then it makes sense, the increased speed is worth the risk. if its gonna be a mission critical system or you are working on data you can't constantly backup and would hurt if you lost? Then there it is NOT a good fit, the high failure rate makes the risk too great for any advantages.

Now as far as HDDs go from the shop here is what I've found, again YMMV but in order from best to least I've found the best to be pre-buyout Samsung and Hitachi drives, especially the EcoGreen on the samsung as their excellent firmware and well thought out use of the 32Mb cache makes them test nearly as fast and sometimes faster than a 7200RPM drive while putting out MUCH less heat and taking insane abuse, we're talking construction trailers and warehouses where the systems get seriously nasty with dirt and grime, followed by the WD drives and finally Seagate which over 500Gb I wouldn't trust with anything I cared about.

So if you want to go SSDs just remember the hot/crazy scale and backup often, and avoid the OCZ drives like an STD because from what I've seen they are just garbage. Like Seagate this is reflected in the prices, with the better quality Intel and Samsung drives carrying a much higher per GB price than the OCZ because the OCZs fail like crazy. Why they can't put a simple ARM chip that would take over if the main controller dies and simply allow the drive to be used as read only so you could get your data off I don't know, but from what I've seen here in the shop over 90% of SSDs fail not because the cells fail, but because the controller dies. Until they fix this serious problem I'd be leery of trusting my data to an SSD.

That's pretty much what HRTF audio cards were doing 15 years ago. Notably, Aureal's A3D 2.0 was doing full wave-traced audio in hardware, up until they got shut down by Creative.

Since then, Creative's cards have been doing HRTFs for some time, available to any game using DirectSound 3D through CMSS-3D, but DS3D was cut from Vista & Win7. For more recent OpenAL games, products like Rapture 3D can get your HRTF fix on.

Get back under your bridge.

I'm not so sure about that. A song is maybe 4 MB. According to this article with proper storage mechanisms, you can store about 500,000 bytes on a single sheet of paper using a 600 dpi printer. And that's just using black and white. Add in support for multiple colors and you could probably easily encode most MP3 files on a page or two. Even without color, you could fit a 4 MB song on 8 pages. Not a single page, but hardly a box.

SSDs have a "dark side" that I have a feeling is gonna ultimately torpedo that market, and that is the crazy failure rate which is made worse by the fact that it is usually NOT the drive chips themselves but the controller that fails with NO WARNING so if you don't have a VERY recent backup? Bye bye data. I have some gamer customers that are already into double digits on the number of drives they've owned, ALL died of controller failure.

So I wouldn't write off HDDs yet, they may not have the speed but they are a HELL of a lot more reliable. While the gamers are willing to risk it for the benches, my regular customers that have tried SSD and gotten burnt have already sworn off SSds, they won't own another one. Enough people hear and see the crazy failure rate the market will fall, I'm just waiting for the SSD equivalent of the IBM Desktar 80Gb or the Maxtor 400Gb, only since they nearly all use the same controllers when they have their bad line its gonna bite a LOT of people in the ass. When that happens I wouldn't be surprised to see SSD purchases to drop like a stone, because most people if given a choice of raw speed or risking losing all their data? they'll choose reliable over fast any day of the week.

Except the "dirty little secret" of the industry is its NOT the cells dying that gets you, the controller dying is what bites you in the ass. if it was just the cells since when a cell fails it just ends up read only that wouldn't be so bad, but when the controller fails you flip the switch and...nothing. Not even the BIOS/UEFI detects the thing, its just gone.

That is why even though this article is a year old I'd urge those thinking of diving into SSD to read it, especially the comments where you see guy after guy getting bit in the ass by dead controllers. brand make a difference, OCZ being worst and Intel best, but ALL have this problem to a degree, and when it happens to you? Well lets just hope you have a VERY recent backup.

This is why I tell my customers there are some places SSDs make sense but NOT all. If its mobile, not mission critical, and you religiously stick to a backup schedule? No problem there, if its just an OS drive with the data on HDD? No problem there, just make sure you have recent disc images so you can just clone onto the replacement, but in anything mission critical, or for those that won't stick to a rigid backup schedule? then SSD is NOT the way to go, it'll bite them on the ass and leave them in a bad way.

They really need to come up with a second controller, one that will simply take over in the case of failure and leave the drive in a read only state. this would at least insure that when the main controller does fail you can get the data off, and its those failure rates that are keeping a lot of people (myself included) from switching.

The problem is gonna be, as this article notes the chips get a LOT worse with each shrink with more failures and more trouble with throughput. As their tests show single does best, triple cell does worst, but of course we all knew that and what we are seeing on the market is mostly MLC.

I have a feeling SSDs are gonna be a "stop gap" on our way to something like the PRAM that HP is working on, but until it gets here the keyword with SSDs is gonna be backup, backup backup backup. We know that is smart to do anyway, but you'd be surprised how many normal folks will think the SSDs are no different than the HDDs and just trust it and find out the hard way you get NO warning with SSDs. This article may be a little old but its still true, with SSDs its a hot/crazy scale with hot speeds and crazy failure rates.

It's not that they don't know how to do it; it's that they choose not to.

Jeff Atwood gives a good commentary on why they choose not to here: http://www.codinghorror.com/blog/2007/06/font-rendering-respecting-the-pixel-grid.html

What an idio... err sorry... what a fantastic way to justify a blatantly incorrect decision that has cost Apple dearly in terms of being forced to ship higher resolution hardware than is comfortable for their ongoing margins. This stupidity ranks right up there with Apple's suicidal dependence on "pixel perfect" fixed screen resolution. Not that I object in any way to Apple being suicidal mind you, on the contrary, I applaud it.

After reading this horror story I arrived to the conclusion that SSDs are not for me. I wonder if it's still true.

Super Talent 32 GB SSD, failed after 137 days
OCZ Vertex 1 250 GB SSD, failed after 512 days
G.Skill 64 GB SSD, failed after 251 days
G.Skill 64 GB SSD, failed after 276 days
Crucial 64 GB SSD, failed after 350 days
OCZ Agility 60 GB SSD, failed after 72 days
Intel X25-M 80 GB SSD, failed after 15 days
Intel X25-M 80 GB SSD, failed after 206 days

http://www.codinghorror.com/blog/2011/05/the-hot-crazy-solid-state-drive-scale.html

If this "Turbo" mode is enabled by pressing a square red button on the front of the computer, I will kiss the person responsible.

>..the Windows environment is akin to...
Windows isn't stuck on XP anymore, as Slashdot posters seem to be.
How do you explain the malware problem on Android then, there is no Windows code there?

Google news search for Android malware.

Not to mention the increasing malware problem on OS X. Also, why is there pretty much no malware in iOS?
Perhaps there is a bigger problem with user run software than just blaming Microsoft for all the ills in the world?
http://www.codinghorror.com/blog/2005/07/the-dancing-bunnies-problem.html

Want to take a guess at the malware infection rate of Windows RT vs. Windows 8?

On passwords, I liked Jeff Atwood's article, `You're Probably Storing Passwords Incorrectly'.

For Personally Identifiable Information (PII), I liked Brian Danger Graham's article, `What's in a name database?'.

And that right there is the problem.

Works on My Machine.

There are so many different configurations for computers and new and emerging tech, and the testing and documentation so spotty, that you've got to run through dozens of websites to get your computer to work. It took me a YEAR to get support for an Elan touchpad. Someone else decided that the ath9k driver should fill with a random number after sleep or hibernation. What the fuck is wrong with that person? Oh sure, I could fix it by bringing up a window, rmmod / modprobe ath9k, but that was seriously every time I closed the lid.

Other problems were solved with one of the following:

seems you have the asus zenbook.
i know what you are talking about

And that right there is the problem.

Works on My Machine.

There are so many different configurations for computers and new and emerging tech, and the testing and documentation so spotty, that you've got to run through dozens of websites to get your computer to work. It took me a YEAR to get support for an Elan touchpad. Someone else decided that the ath9k driver should fill with a random number after sleep or hibernation. What the fuck is wrong with that person? Oh sure, I could fix it by bringing up a window, rmmod / modprobe ath9k, but that was seriously every time I closed the lid.

Other problems were solved with one of the following:
"LOL get a new computer."
"It's not a problem with this part, it's a problem with THIS part. Report it to them."
"Sorry, my part is perfect, so you must be a crazy person. You could try this patch though."

YOU ASSHOLE I JUST WANT TO CHECK FACEBOOK NOT RECOMPILE A FUCKING OS.

And I'm not a slouch here, the post where you figure out how to add my particular computer to the specific commands to allow Fn functionality was mine. (Someone else did the heavy lifting, I put the last pieces together.)

So what would you do to fix it? The easiest thing to do would be check the hardware during the install process or as part of the Live CD. "This touchpad is giving a weird answer to the magic knock, support may be limited."

Then actually allow for easy tweaks to the UI. How do you change the login screen? What about sounds? Your average user wants to be able to do this. It's a motherfucking nightmare to do this in the Super-Friendly distro.

If you have to get anyone anywhere to press CTRL-ALT-T to install a repository, then you've fucked it up. End of story.

So, what you're saying is that DirectTV used social engineering techniques to convince people to install malicious software on their receivers and then sent a signal to those receivers that destroyed them, potentially causing millions of dollars in damages? It seems to me that if I did that, I'd be prosecuted, no matter what the people I attacked did to me.

OTOH, after reading some more about the details, the smart cards may have actually been DirectTV's property that they had lent to the hackers because they were DirectTV subscribers. The hackers were just changing their subscription level to get more than they paid for. So, in effect, DirectTV was destroying their own property. And I guess since the hackers didn't really have "clean hands", they couldn't very well claim that DirectTV wasn't providing the basic service that they were paying for.

Still, I bet they didn't tell their legal department what they were doing until after it was done, and it does sound like a neat hack :)

Because then the malware will simply target this just like they do other Windows components? The problem with doing it on the local machine is 1.-The malware guys will know exactly where it is, and 2.- The dancing bunnies problem where the malware writer tricks the user into bypassing the check by offering the right cookie, thus compromising the entire system and allowing the malware writer full control.

By hosting it remotely you've just bypassed both problems as the servers running this at MSFT is gonna be better protected than grandma's Dell is, and there isn't any users to trick with dancing bunnies to bypass the system. I work on Windows PCs 6 days a week and I can tell you that frankly since Vista drivebys and buffer overflows have gone WAAAY down, now its nearly all social engineering like Security Tool, "free porn" codecs, or getting the user to run some "free" program and bypass the checks, why? Because like all criminals malware writers are lazy creatures and will take the path of least resistance and that is PEBKAC in most cases.

The sad part? as someone who actually have to clean these machines it doesn't matter about UAC, or low rights mode, or any possible security you put in the OS because in the end it becomes another case of the dancing bunnies and there is no tech cure for that short of sticking them in a walled garden ala Apple where they can't do a damned thing without the corporation's approval.

I've seen it a million times, all the malware writer has to do is offer them the right carrot, be it some celeb nekkid, some free porn, screensavers, hell I've seen people infect their machines for a chance to win an iPad. Offer them a cookie and all the security levels and permissions and AV software is worth jack and squat because they will disable it with a smile on their face.

In the end all you can do is educate those that will listen and be ready to clean up the mess like with TFA for those that don't.

It wasn't Joel it was Jeff :)

Jeff Atwood has an blog Working with the Chaos Monkey.

But that's the problem in a nutshell, isn't it? After all an intelligent user frankly isn't gonna just install anything they find off the web, have a 4 year old 30 day trial of Norton running as "their antivirus' or fall for any of the bog standard social engineering crap that causes the vast majority of malware to spread in the first place.

I urge you and everyone else to read the dancing bunnies problem and then you'll see frankly it doesn't matter if you are on windows, OSX, or Linux, if the users want the bunny they'll be happy to jump through the hoops, put in the passwords, hell I had a customer that actually removed his antivirus because it wouldn't let him install the malware that he wanted.

In the end all this Mac bug does is prove what we repair guys have been saying for ages, that there is no such thing as a safe OS, not if it allows users any rights at all. Either you lock them down in a sandbox or walled garden where only corporate approved programs are allowed, or you deal with the dancing bunnies, that's it. All the tech in the world won't help if there is a PEBKAC actively fighting your barriers, because the fool will always be trickier than your foolproof design.

Nice to see someone else using WSUSOffline and Ninite, its a great one two punch when it comes to quickly whipping a machine back into shape.

And the problem with the authorities doing anything about infected PCs is thus: Already too many fall for the "ZOMG U got teh viruz! Run "Iz_not_Viruz_Iz_Security_Tool to clean ur machine ZOMG!" trick as it is, if the authorities actually DO start popping up helpful tips and cleaning machines remotely it'll just make it that much easier for those using Security tool and AV20XX variants to pwn more systems.

A better answer would be for the ISPs to be able to contact the customers directly about this but even then I'm leery as I've dealt with ISPs in the past that used "You must be infected" as a catch all excuse to weasel out of actually giving you what you paid for as far as bandwidth. The last one of those i dealt with I walked in with my Xandros Business laptop and said "Okay Sparky, show me the virus on this laptop" and the retard actually tried to install Norton from a home burnt disc onto a Linux laptop!

In the end all you can do is try to educate users as best you can and realize that no matter how well you harden your systems, and Win Vista and Win 7 with UAC and a decent AV can actually be pretty damned good, you'll always have the dancing bunnies problem that frankly NO OS can cure.

How hard is it to evaluate a string for potential danger?

Pretty hard, if you don't want to corrupt user data. A botched attempt to do so is how the bogus word "medireview" was created.

What they really should be doing is using parameterized queries so that the user-input strings cannot be treated as SQL commands, but will always be treated as data.

And that exact same advice frankly works just as well on Windows but if the user doesn't follow it you are screwed.

Ultimately there is only so much you can do technically against the dancing bunny problem because if the user WANTS to see the bunnies, and you try to stop the user from getting to the bunnies? they will happily thwart any and ALL security measures you put in their way to see the bunnies. Again I've seen this with my very own two eyes, i even had to throw a guy out of the shop once when he removed his fricking AV because it wouldn't let him have "The New Limewire" which I had ALREADY TOLD HIM was a fake trojan and had even gone so far as to give him eMule and BT so he wouldn't be needing it, but in the end he liked Limewire, refused to believe Limewire was dead, and when a malware writer offered him a fake that the AV pointed out was nothing but a trojan he simply removed the AV. His final words as I was pushing him out of the shop was "It says right there its the new limewire so you MAKE IT WORK!"

In the end OSes and AVs have frankly never been better, but if the user refuses to listen or show even the tiniest bit of common sense? Well you just can't fix stupid.

How has she been conditioned to ignore ME, sitting right exactly there, telling her "Its a fucking bug!" and pointing out the person sending her the bug wouldn't have the skills to send a real anything that way?

In the end friend it has NOTHING to do with conditioning and everything to do with the dancing bunnies problem which is as old as the hills. The user WANTS the bunnies, you try to stop them from getting the bunnies she/he WILL IGNORE YOU and do whatever it takes to get the bunnies, simple as that. You can show file names, have the AV show a picture of Goatse with an arrow pointing to it saying "This is you if you run that" and it will not matter because they WANT the bunny dammit!

Dude I offer to install P2P for them if that is what they want so that is NOT the problem, all they have to do is ask and they'll have BT, Gnuc, eMule, whatever, as long as they don't expect me to support it it is their PC and I'll give it to them and make it clear I will. The "New Limewire" bit was right after they closed the real Limewire and a bunch simply refused to accept that LW was dead and downloaded "New Limewire" which was a Gnuc package loaded with trojans.

And how do you explain the "ZOMG U got teh viruz!" installs of Security Tool and AV20xx? Every single machine that leaves the shop has either Avast or Comodo IS installed which will TRY to warn them but again they ignore it. Or the "porn codec" bug? I actually had to find a bug free porno site just to keep certain customers from constantly falling for that one. Again the AV TRIED to stop them, but they'd rather have the titties so they ignored it.

Finally its not that they they "don't understand the consequences" it is that the "prize' of free music/movies/porn/whatever is worth MORE to them that a clean PC. Its the classic dancing bunnies problem that simply can't be solved with technical means because the users wants the bunnies MORE than they want the clean PC. Believe me friend, i've seen it a million times, all they have to do is offer the right bunny and the users will happily destroy any and all roadblocks you put in to see the bunnies. Every time a new Twilight comes out at least a half a dozen females will get infected by running "Twilight (name of movie) player.exe" and in every damned case the AV practically tried to jump on the keyboard to stop them and they ignored it, not because of any P2P blocks but because they wanted to see the new Twilight for free more than they cared what the AV said.

With all the money spent each year to patch holes and deal with user stupidity, don't you think MSFT and the AV vendors would LIKE to be able to stop this? Imagine the sales of a "user proof" AV, that corp would be richer than God, but there simply isn't a way to ward off a user fighting for the malware unless you stuff them into a walled garden and refuse to let them do anything without permission from an outsider, and most simply won't put up with that.

I'm sorry but he's full of shit because he is still pretending everyone has WinXP when in Vista and Win 7 there is UAC WARNINGS before you launch executables but NO warning before you just play a video.

And perhaps you both better read what I wrote again because in damned near every case the AV TRIED to stop them, did everything but yank the damned keyboard away, but they simply refused to listen (or in the case of the "New Limewire" guy) actively REMOVED THE ANTIVIRUS TO ALLOW THE MALWARE IN.. Now you tell ME friend, short of an Apple style "You may do nothing without corporate approval" style iOS can you stop that in ANY way by changing any part of a UI?

The answer is you can't, because its NOT a UI problem, despite the "ZOMG HAIRY WORKS FOR M$" troll we had in this thread, its a dancing bunnies problem where the user KNOWS what they are doing is risky, they KNOW there is a more than average chance at infection, but for free movies/music/porn/stuff they simply DO NOT CARE and will happily help the malware writer remove any and all roadblocks that get between them and the prize. so I'm sorry, but you can't fix a user problem with a tech solution, it just doesn't work unless you take away all the rights and give them thin clients.

Which is exactly what the poster was pointing out, as before the flood I was snatching up Samsung ecodrives at 1Tb for $40 and 2Tb for $65. Man i got lucky on that, first time I ever got in ahead of a curve and made myself a pretty penny and was still able to outfit myself with nearly 6Tb of storage to ride through the high prices.

The problems I see with SSDs are thus: 1.- they have a crazy high failure rate and as the prices bottom and they use cheaper components and stuff more and more data per chip this will probably get worse. 2.-The biggest price drops seem to be in the 40Gb-96Gb, I've seen a few 128Gb but 40-96Gb seems to be the sweet spot now and most folks simply need more space than that, hell I'm using over 100Gb on my OS drive and I keep all my games and movies on a separate drive, and finally 3.-Consumers just aren't as diligent at backups as they should be so when #1 happens its gonna bite a lot of folks in the ass and they probably won't give SSDs a second chance after that.

Personally after seeing some of my gamer customers go through high end SSDs like shit through a goose thanks to high failure rates I'm leery of recommending them or even using one myself. I have found having plenty of RAM for superfetch and an 8Gb flash for Readyboost seems to give me a nice compromise and while I back up my OS regularly I don't want to even know how much bullshit I'd have to go through to get a 3 year old Win 7 install pared down to 64Gb and squeezed onto an SSD. Does anybody have experience with mostly full SSDs? I know they need to use wear leveling and I'm curious how well that would work if the drive is damned near full. Lets say I have 108Gb on my OS drive and I buy a 128Gb SSD, is that gonna kill the performance? Increase the failure rate? Would it be better to simply get a hybrid or wait until the 256Gb drives come down?

Because so far nobody has been able to do shit about the crazy failure rates when it comes to SSDs and as they all become MLC and continue to have process shrinks those numbers are simply gonna get worse?

And before anybody posts that Google study please don't bother, I'd argue what Google sees is pretty fucking far from what a normal person sees when it comes to use. And what I've seen is unless you drop the things HDDs generally (not 100%, but I'd say 85%+) give you some warning before they shit themselves and die, usually enough to get your data off. that has NOT been my experience with SSDs, which just die. No warning, no errors to give you a heads up, no SMART, just flip the switch and all your stuff is gone.

That is why I tell my customers IF you are only using the SSD for the OS AND you have pretty damned regular backups of said OS? Then please go for an SSD. the nice thing about the hybrids is the entire SSD portion can die tomorrow and you STILL have a fully functional drive with NO lost data, as everything on the SSD is also backed up to the HDD. But until they can fix the problem with the crazy failure rate, which i bet is gonna get a hell of a lot worse as the chips keep shrinking, then its gonna be a gamble that I bet a lot of people after their first failure won't make again.

The numbers I'd really like to see is how many that switched to SSDs had a failure of the drive and how many chose to stay with SSDs after the failure. Because I bet a lot of people weren't too happy the first time they got told "All your stuff is gone" and i'd love to see how many preferred to continue the risk after failure.

http://www.codinghorror.com/blog/2011/05/the-hot-crazy-solid-state-drive-scale.html

To quote the above:
Thing is, SSDs are so scorching hot that I'm willing to put up with their craziness.

The best is:

MacKenzie, I. Scott, Sellen, Abigail and Buxton, Bill (1991): A Comparison of Input Devices in Elemental Pointing and Dragging Tasks. In: Robertson, Scott P., Olson, Gary M. and Olson, Judith S. (eds.) Proceedings of the ACM CHI 91 Human Factors in Computing Systems Conference April 28 - June 5, 1991, New Orleans, Louisiana. pp. 161-166.

Unfortunately it's not available online.

http://www.umich.edu/~bcalab/documents/MeyerSmithKornblumAW1990.pdf is freely available and somewhat related, as are:
http://www.mackido.com/Interface/menu_target.html
http://www.codinghorror.com/blog/2006/08/fitts-law-and-infinite-width.html

Macs actually started off with a menu-per-window but moved to the current model after doing such studies; you can see images of the earlier implementation here:
http://folklore.org/projects/Macintosh/images/polaroids/polaroids.14.jpg

Please don't do that. you'd be surprised how many people out there can't afford a PC at all and how many guys there are like me that donate their time refurbing give aways from businesses so that those poor folks can have a PC. I have yet to see ANYONE recover squat from a spinning rust drive wiped with DoD-3, which is what I use on all donations, so please don't destroy the drives because with the price of HDDs still so high that just means that many more machines can't be refurbed to help the poor. Do a DoD-3 and then use whatever software you wish to try to recover but you won't find anything, then donate it, if you don't know about anyone like me your local churches or Freecycle will be glad to help.

But so far if things continue as they have been frankly you won't have to give away that SSD, it'll already be dead before you get a chance. The amount of failures from SSDs is just insane, every one of my gamer customers that tried to switch ended going with the hybrids or raptors simply because of how quickly they die.

But when it comes to HDDs please just do a DoD-3, there are folks out there that would look upon that old P4 or early dual as a real blessing, thanks.

I've found that the ability to talk to non-technical people is more important to most hiring managers simply because it's a lot easier to train someone to be technical than it is to train them to work with people.

I disagree with that.

I think it is easier for the hiring managers to evaluate "interpersonal skills" than it is for them to evaluate "technical skills". And since it is easier for them, they value those skills more.

http://www.codinghorror.com/blog/

http://thedailywtf.com/

After a few month of usage, SSD suffer from multiple writes (to same locations) and die. (See this.) Depending on algorithms, the lifespan of a SSD varies. So it's already here, the difference is that a regular SSD fails randomly... (and you may be able to recover some data)

That was one of the best links I have ever followed on slashdot. If only for the quote, "I use my SSD fully expecting it to fail. Just like I date crazy girls fully expecting them to stab me: Always have that backup plan!"

Beautiful!