The actual problem is simple and only needs to deliver a simple binary distinction between two specific classes of file.
Which 2 classes? "Data" and "executable"? There is no distinction as long as interpreters exist. Spread sheets are data, but if opened in MS Excel can perform actions that many executables find difficult. Many many applications change registry when just opening "data" files. It is easy to make a file which is both a csv and a perl script.
Then there are zero day, and decades old vulnerabilities in many applications where a "maliciously" crafted data file can get the application to run arbitrary code.
Could you possibly explain to a regular human being why that was the best possible way of distinguishing data from applications?
For a regular human being, there is no possible way of distinguishing data from applications.
As long as interpreters exist, there is no difference between 'load this file in its proper application' and 'run this application'. You have to go full iOS and disable "interpreters", loosely defined.
From my perspective, this is the worst. Command line showing one name, explorer showing another name of the SAME folder. There are even applications which show the "internal" name, and some show the so-called "user friendly" name.
There is only one utility of things having a name - and that is that it doesn't keep changing depending on circumstances. Otherwise there is no point in anything having any name.
That is assuming backup strategy for all pictures is the same, that for all music is the same etc. This is a VERY bad assumption - leaving with 2 options :
1. Analyze the 120 GB documents, pictures and music spending 3 hours. Still, worst case backup 120 GB. 2. Backup 120 GB across documents, pictures and music.
Only one of those folders makes sense - Downloads. This is because it is unlikely one would want to backup downloads. But other backup strategy has nothing to do with whether something is called a document, or a picture or "a music".
1. One is your slashdot post 2. One about memes with a quote written on an obese lady saying "lowering minimum wage will increase the number of jobs". No explanation/description. 3. One heritage.org, saying somewhat orthogonally "Increased Minimum Wage Does Not Reduce Poverty"
First try answering this question which has proven hard enough for you.
And superior for making phone bodies. I am waiting for 24 carat gold screw drivers for such idiots - steel is cheap, it's why the vast majority of cheap crap is made from steel. Nice stuff is made from gold.
metal, which isn't as easy to work with
Building a good device out of plastic is quite hard - you need to
Decide whether metal is more "isn't easy", or plastic is more "quite hard". I know doing real work is difficult - whether plastic or metal but it makes no sense to call both more difficult than each other to publicly declare your idiocy, since it is already well established from your first paragraph.
I see humans walking around with shattered glass in their phones' front and backs everyday. And those with plastic as good as new for months, good condition for years.
When you poke/squish the plastic, it moves and deforms. When you do the same to glass it stays rigid (like a solid).
Poke extremely hard and squish cruelly, for modern plastics. Like you do to the big iPhone to hilarious results, except the hilarity in metal is forever.
People like something that feels well built and solid even if the plastic being able to deform has other advantages.
Plastic doesn't just have "other" advantages, modern plastics have every advantage. Nothing better than "idiots feel smug about their cluelessness" can be said about this, I guess.
Aside from SSL in transport it is not encrypted. Gmail really needs encryption. Aside from Obama, there is no president of the US. US really needs a president.
Of wait, one president is enough. And one encryption is enough, especially for those who are fine with some third parties reading their mail. Oops, you're wrong again.
the solid feel of a phone with glass on both sides.
You used glass and solid in the same sentence. Apart from the legends about glass being liquid, I haven't met any one else yet who calls glass "solid" in its figurative sense either.
So the "idiots feel smug about their cluelessness" as spake a mindless person upthread seems right.
I checked again, and I don't find gmail really violating any of your golden principles laid out in this post - http://slashdot.org/comments.p....
Google reads mail - check. Others cannot read mail - check. Forgot password support - check
Gmail does even more - it has 2 factor authentication too.
In fact I agree with your statement
It is not necessary that no third parties can decrypt your data or messages in order to have encryption be useful
Encryption is useful against whoever has access to data bits and should be unable to read the data underlying those bits. Whether they be third, fourth or nth party when n tends to infinity. There are no such people in the case of gmail.
Agreed with the initial 2.5 paragraphs of your post. But
if you want to strengthen a muscle, you have to exercise it, and in general the more intense the exercise, the greater the gains............ in general exercise leads to better health. By logical inference, better health would obviously lead to the likelihood of living longer
Exercising a muscle strengthens it can be accepted. But I don't see any increasing function between muscle strength and health. And it is another leap, though a shorter one, between better health and living longer.
Very weak people are unlikely to be healthy - but after a certain threshold increasingly more muscle strength definitely doesn't lead to better and better health. This threshold isn't even hunk level strength. Note also that health is typically defined in a negative - absence of physical and mental disease. Not only does this correlation NEED a scientific study, there weren't any good ones that I could find last when I looked a few years ago.
And people very healthy while living drop dead suddenly, or after a very short "non-health". And non-healthy people live on 20 pills a day for 40 years. Both these effects run into families. This is another correlation that isn't as much as it is generally assumed.
But plastics used nowadays are clearly superior to metal for a phone body. Less denting, less slippery, more flexible at the stress levels typically endured by phones so protects phone innards better.
So metal necessarily is less well made than plastics typically used for phones.
There is another type of criteria - the illiterate's criteria of "encryption" as a buzzword without any practical value. Using SSL, gmail satisfies that too.
GPG supports all this and more kinds of use. Some kinds of usefulness are independent of how many people use it. Hence number of people using GPG doesn't matter at all to how useful it is. QED.
from what I've read the Blackberry's model seems to be pretty good
Bruce Schneier put it perfectly - everyone wants you to be secure, just not from themselves. So Blackberry's model is great, safe from the government of India. But not safe from Blackberry and anyone capable of twisting Blackberry's arm. Don't worry, government of India also wants you to be safe - but not safe from government of India.
Google's security model is also very awesome. But Google's users are not safe from Google and anyone capable of twisting Google's arm. Microsoft's security model is also very awesome. But Microsoft's users are not safe from Microsoft and anyone capable of twisting Microsoft's arm. Such security has already been achieved some years ago, and it is demonstrably meaningless.
As long as you continue define as "secure" as something absolute, the security is meaningless.
Now show that it is possible to get meaningful security without understanding a lot more about security than the gadget freak joe sixpack.
I'm willing to bet if you polled all the people that use email, a significant majority would prefer that their email couldn't be spied on by governments or other snoops.
Not if there is a postscript mentioning they won't be able to read their own mail if they lose the key. Even less if there is a post-postscript with stats on hard disk failure rates in laptops, desktops, specifically their hard disk model in their PC model. Even less if followed by data backup advice.
guarantees that you access to your keys across platforms, at all times, and that your keys are safe and backed up. Even if it means trusting your private keys to a 3rd party like Lastpass or Google or Microsoft, and they could theoretically decrypt all of your files and communication, most people simply cannot be trusted to secure their own asses
We already have this. Just install a browser plugin to enforce HTTPS as much as possible - done. Use webmails, blogs. Since you want encryption to be only a buzzword, there you have it. Web pages will be "encrypted(TM)", so will their webmail and blogs.
I don't see any usability problem for a token usage of encryption already for a few years. Only problem is with real usage of encryption, and that necessitates third parties / intermediaries to be unable to decrypt.
Slashdot Mirror
The actual problem is simple and only needs to deliver a simple binary distinction between two specific classes of file.
Which 2 classes? "Data" and "executable"? There is no distinction as long as interpreters exist. Spread sheets are data, but if opened in MS Excel can perform actions that many executables find difficult. Many many applications change registry when just opening "data" files. It is easy to make a file which is both a csv and a perl script.
Then there are zero day, and decades old vulnerabilities in many applications where a "maliciously" crafted data file can get the application to run arbitrary code.
Could you possibly explain to a regular human being why that was the best possible way of distinguishing data from applications?
For a regular human being, there is no possible way of distinguishing data from applications.
As long as interpreters exist, there is no difference between 'load this file in its proper application' and 'run this application'. You have to go full iOS and disable "interpreters", loosely defined.
From my perspective, this is the worst. Command line showing one name, explorer showing another name of the SAME folder. There are even applications which show the "internal" name, and some show the so-called "user friendly" name.
There is only one utility of things having a name - and that is that it doesn't keep changing depending on circumstances. Otherwise there is no point in anything having any name.
That is assuming backup strategy for all pictures is the same, that for all music is the same etc. This is a VERY bad assumption - leaving with 2 options :
1. Analyze the 120 GB documents, pictures and music spending 3 hours. Still, worst case backup 120 GB.
2. Backup 120 GB across documents, pictures and music.
Only one of those folders makes sense - Downloads. This is because it is unlikely one would want to backup downloads. But other backup strategy has nothing to do with whether something is called a document, or a picture or "a music".
Google gives me 3 results :
1. One is your slashdot post
2. One about memes with a quote written on an obese lady saying "lowering minimum wage will increase the number of jobs". No explanation/description.
3. One heritage.org, saying somewhat orthogonally "Increased Minimum Wage Does Not Reduce Poverty"
First try answering this question which has proven hard enough for you.
And that's the thing. Plastic is cheap
And superior for making phone bodies. I am waiting for 24 carat gold screw drivers for such idiots - steel is cheap, it's why the vast majority of cheap crap is made from steel. Nice stuff is made from gold.
metal, which isn't as easy to work with
Building a good device out of plastic is quite hard - you need to
Decide whether metal is more "isn't easy", or plastic is more "quite hard". I know doing real work is difficult - whether plastic or metal but it makes no sense to call both more difficult than each other to publicly declare your idiocy, since it is already well established from your first paragraph.
I see humans walking around with shattered glass in their phones' front and backs everyday. And those with plastic as good as new for months, good condition for years.
When you poke/squish the plastic, it moves and deforms. When you do the same to glass it stays rigid (like a solid).
Poke extremely hard and squish cruelly, for modern plastics. Like you do to the big iPhone to hilarious results, except the hilarity in metal is forever.
People like something that feels well built and solid even if the plastic being able to deform has other advantages.
Plastic doesn't just have "other" advantages, modern plastics have every advantage. Nothing better than "idiots feel smug about their cluelessness" can be said about this, I guess.
Aside from SSL in transport it is not encrypted. Gmail really needs encryption. Aside from Obama, there is no president of the US. US really needs a president.
Of wait, one president is enough. And one encryption is enough, especially for those who are fine with some third parties reading their mail. Oops, you're wrong again.
the solid feel of a phone with glass on both sides.
You used glass and solid in the same sentence. Apart from the legends about glass being liquid, I haven't met any one else yet who calls glass "solid" in its figurative sense either.
So the "idiots feel smug about their cluelessness" as spake a mindless person upthread seems right.
I checked again, and I don't find gmail really violating any of your golden principles laid out in this post - http://slashdot.org/comments.p....
Google reads mail - check.
Others cannot read mail - check.
Forgot password support - check
Gmail does even more - it has 2 factor authentication too.
In fact I agree with your statement
It is not necessary that no third parties can decrypt your data or messages in order to have encryption be useful
Encryption is useful against whoever has access to data bits and should be unable to read the data underlying those bits. Whether they be third, fourth or nth party when n tends to infinity. There are no such people in the case of gmail.
People in less colder climes sweat without trying.
Agreed with the initial 2.5 paragraphs of your post. But
if you want to strengthen a muscle, you have to exercise it, and in general the more intense the exercise, the greater the gains ............ in general exercise leads to better health. By logical inference, better health would obviously lead to the likelihood of living longer
Exercising a muscle strengthens it can be accepted. But I don't see any increasing function between muscle strength and health. And it is another leap, though a shorter one, between better health and living longer.
Very weak people are unlikely to be healthy - but after a certain threshold increasingly more muscle strength definitely doesn't lead to better and better health. This threshold isn't even hunk level strength. Note also that health is typically defined in a negative - absence of physical and mental disease. Not only does this correlation NEED a scientific study, there weren't any good ones that I could find last when I looked a few years ago.
And people very healthy while living drop dead suddenly, or after a very short "non-health". And non-healthy people live on 20 pills a day for 40 years. Both these effects run into families. This is another correlation that isn't as much as it is generally assumed.
But plastics used nowadays are clearly superior to metal for a phone body. Less denting, less slippery, more flexible at the stress levels typically endured by phones so protects phone innards better.
So metal necessarily is less well made than plastics typically used for phones.
OK so you define criteria and then have unspeakable problems with solutions meeting all of those and more.
Things you don't understand are that simple, you should redo your pre-school learning.
1. Using exquisite use of branching in git, it might be possible.
2. In your example, there was nothing "done since" the wrong paint so it is irrelevant.
Gmail satisfies all practical criteria you laid down for security in this post - http://slashdot.org/comments.p...
There is another type of criteria - the illiterate's criteria of "encryption" as a buzzword without any practical value. Using SSL, gmail satisfies that too.
Start using version control, and at least undoing becomes trivial.
There are 2 possibilities:
1. You want "encryption" (TM). SSL already gives you that.
2. You want security, defined such that it's is OK for some third parties to be able to read your email. Gmail already gives you that.
I don't see a problem
That security is already present for some years. Gmail is secure, period.
That depends entirely on it's use
GPG supports all this and more kinds of use. Some kinds of usefulness are independent of how many people use it. Hence number of people using GPG doesn't matter at all to how useful it is. QED.
from what I've read the Blackberry's model seems to be pretty good
Bruce Schneier put it perfectly - everyone wants you to be secure, just not from themselves. So Blackberry's model is great, safe from the government of India. But not safe from Blackberry and anyone capable of twisting Blackberry's arm. Don't worry, government of India also wants you to be safe - but not safe from government of India.
Google's security model is also very awesome. But Google's users are not safe from Google and anyone capable of twisting Google's arm. Microsoft's security model is also very awesome. But Microsoft's users are not safe from Microsoft and anyone capable of twisting Microsoft's arm. Such security has already been achieved some years ago, and it is demonstrably meaningless.
As long as you continue define as "secure" as something absolute, the security is meaningless.
Now show that it is possible to get meaningful security without understanding a lot more about security than the gadget freak joe sixpack.
I'm willing to bet if you polled all the people that use email, a significant majority would prefer that their email couldn't be spied on by governments or other snoops.
Not if there is a postscript mentioning they won't be able to read their own mail if they lose the key. Even less if there is a post-postscript with stats on hard disk failure rates in laptops, desktops, specifically their hard disk model in their PC model. Even less if followed by data backup advice.
guarantees that you access to your keys across platforms, at all times, and that your keys are safe and backed up. Even if it means trusting your private keys to a 3rd party like Lastpass or Google or Microsoft, and they could theoretically decrypt all of your files and communication, most people simply cannot be trusted to secure their own asses
We already have this. Just install a browser plugin to enforce HTTPS as much as possible - done. Use webmails, blogs. Since you want encryption to be only a buzzword, there you have it. Web pages will be "encrypted(TM)", so will their webmail and blogs.
I don't see any usability problem for a token usage of encryption already for a few years. Only problem is with real usage of encryption, and that necessitates third parties / intermediaries to be unable to decrypt.