A good point, but none of the descriptions of this specific virus make me think it's set up to spread that way, so I still think the real threat is minimal at worst.
I work under the, perhaps naive, assumption that if virus code is not actually executed, it is harmless.
If infected files are lying on an iPod, which does not execute any Windows code itself, then wouldn't it be harmless to have the virus there?
The last time I configured an iPod I don't remember seeing any files on it other than a basic directory structure, and certainly no executable files.
This worm would be entirely harmless unless:
* Someone mounted the iPod as a disk, as opposed to its more common media player use. --AND-- * Someone clicked on an executable file that was on the iPod
It seems to me that this would very rarely happen. I would assume that the virus was caught by virus scanning software running on the host PC, which would of course detect and remove it. However, if someone with this virus on the iPod had no virus scanning software, the odds are extremely high that it would just sit on the disk and never be triggered.
This is a stupid and embarassing thing to happen, but I'm not convinced it's dangerous. I'm open to having my mind changed, though, so go ahead and see what scenerios you can devise that would make this truly dangerous to more than a handful of people.
It's theory B in a landslide. Check out Free Republic for an example. It's as big as Slashdot, if not bigger, and is 100% conservative.
I'm amazed at the ignorance of conservatism expressed in this forum. Conservatives welcome change just as liberals do; it's just the type of change that's at issue. The conservative critique of the status quo, with its political correctness, defense of poorly run government programs, awful public schools and largely socialized medicine is every bit as strong as the left's obsession with President Bush.
What is this with President Bush, anyway? You do this to every even modestly right-wing President. I've gotten in the middle of an International ANSWER protest where you show Bush with the swastika placed on his head. I'm sorry, I have to laugh. Bush has no resemblance whatsoever to Adolf Hitler. Bush has not tried to curtail your right to say whatever you want. If Bush really was Hitler, the members of Internaional ANSWER would be in concentration camps right now. I am sorry, but they are not, despite their transparent attempts to get arrested for publicity.
It would be a lot more effective if I didn't remember the same sort of demonization when George H W Bush, as mild-mannered a leader as the world has ever seen. And since Clinton "ended welfare as we know it" shouldn't you have protested him? You don't even stand up to your own ideals. You've just decided you hate us, personally, without even asking who we are or what we stand for.
Conservative views recognize government as a base on which the people rest. The people are in charge of their own lives, and government should really do little but mediate disputes and make sure the country is defended against intruders such as Al Queda. But the people stand on this foundation, and there should be as little intervention in their lives as possible. This means we're against the maze of rules that traps businesses, and that includes small business owners who make less money than the average Slashdotter.
Conservative views face reality about the situation in the Middle East. Negotiating with the Palastinians has been tried for decades, and those nice folks keep on blowing up pizza parlors in return. Is it not reasonable to say, then, that the "peace process" has failed, because the other side wants to continue fighting so badly?
The war in Iraq has drawn our enemies into a quagmire. We're in the same quagmire, true, but there have been no large-scale attacks on American soil since we started our counterattacks in Afghanistan and Iraq. Most of the people involved in Al Queda are now in Iraq killing Iraqis instead of killing Americans here. At the same time, we have rid Iraq of Saddam, and even Al Queda's butchers are pikers compared to what Saddam did.
We have established a democracy on Iraqi soil. Not a perfect one, but then again, ours isn't either. And although Iraqis may not be enthusiastic about us, they are enthusiastic about their democracy and remaking their own country their own way. Isn't that exactly what Noam Chomsky claims we never allow to happen? We've done it in Iraq. He should be proud.
Okay, someone's going to talk about the drug war and the right's embrace of religion. I agree with the left wing on both of those issues, but consider the other issues of greater importance.
So now you've looked a bit into the mind of a conservative. I don't expect to change anyone's minds overnight, but I hope I've at least shown that we have a viable view of the world. I think neither side is evil; they just see life in their own way. I hope you can now consider giving "the other side" similar respect.
Are you talking about Office in general or Office for the Mac?
I remember I tried writing huge, complex VbScript stuff in Office for Windows, and it was just horribly crashy, so I don't think problems are restricted to the Mac version unless they have really cleaned things up on the Windows side.
I remember the usual lifecycle of a MS product for me:
1 Hey, this does some cool stuff! Maybe MS isn't so bad!
2 That's the second crash in ten minutes! Why can't they make it reliable?
I'm glad I'm not using any MS products for what I'm doing now, save checking my sites in IE for Windows.
Obviously the OS is not obsolete to the people who make virus protection software, even if we're eventually all using Web 2.0-type stuff. Which I doubt, because who the heck wants to be constantly bombarded with advertisements in their word processor, and to not be able to write documents AT ALL when the Internet is down?
Still, it's not quite as simple as you say, because many people have suggested that it may be necessary to use MULTIPLE spyware/adware removal tools. So if Microsoft is trying to prevent those tools from working, I would say that's a problem. Remember, Microsoft almost bought a major spyware vendor, and you can bet Microsoft Anti-Spyware isn't going to do much against anything made by one of its subsidiaries.
Now, I have no particular love for PDF, which when viewed on the screen has to be the most irritating format ever. (Why should you want to see page breaks on the screen that have no relevance to your reading on it? I really and truly hate that user interface).
This new format will work on no version of Windows older than XP, and there are still millions of computers lying around with the old operating systems, most of which have a still-functioning PDF reader on them. And you know that having to download a reader to display a file is the kiss of death if you want people to see your stuff.
Pesky MacOS X and Linux users can all read PDF, but they can't read Metro.
I looked at some samples of the document format, and it looked just as hard to deal with as PDF, if not harder.
So I don't see any point to using it instead of PDF. I wouldn't be too worried if I were Adobe.
I've used it off and on pretty much since its introduction.
I can't find anything particularly wrong with it. In fact, it's nicer to use because at least it's not all gloomy grey like the Windows version. (Interesting to see them finally fixing this in the new Office, but it was a long time coming).
Relevent extract from his fascinating account, well worth reading in its entirety:
9) Finally we can do a POST! However, when we send the post it never actually adds a friend. Why not? Myspace generates a random hash on a pre-POST page (for example, the "Are you sure you want to add this user as a friend" page). If this hash is not passed along with the POST, the POST is not successful. To get around this, we mimic a browser and send a GET to the page right before adding the user, parse the source for the hash, then perform the POST while passing the hash.
I must say I was quite impressed, not to mention frightened half to death, by what Samy went through to create his worm. It was not a simple task at all. I had thought before that nobody would waste their time doing something like this; I was, of course, wrong.
The consequence of his story is that I changed my own social networking site to become a lot more secure. I didn't like doing it because I would have preferred to let people do what they want, but that artilce was a real eye opener as to how dangerous that would have been.
Some of them were probably trying to get it to crash, and that can distort the numbers.
I know a lot of people on here have Windows XP systems that have run forever as long as updates are made, but what's the average uptime for a Windows system? It could be that almost all Windows machines crash at some time during the beta period timeframe, in which case the 450,000 crashes would be expected.
I might expect most people to send the data to MS because you as beta tester want to help.
Well, that will teach me to write a comment before I'm fully awake! Thanks for the correction, yes, she was a myspace user, not myspace itself.
I've discovered a very strange thing in developing my own social networking site (URL in signature). People want to be seen as your virtual friend without actually talking to you. I had things set up so that a friend request was just another option within an email, and so people would just click "Ask David to be my friend".
Almost immediately, I got a barrage of questions of how friend requests worked, so now it composes the email for you if you don't really want to bother. It was the only change that my users wanted me to make that made me feel bad, because I still think virtual friends should send each other emails, not just friend requests!
Still, I'm trying to build social networking for the person with a brain. A different niche, for sure:-). I hope you'll give it a look.
The take-home message seems to be that as these sites get more entrenched in society, they look more like society at large. Myspace has over 100 million users, on paper at least. I doubt that there are 100 million kids within the site's target demographic, so it was inevitable that it get older.
I always thought of it as a site of 20somethings, not teens, though. On the other hand, I know a myspace who was 18 when I first met her, and I thought she looked 26 then. Maybe people just grow faster nowadays...
"It will be interesting to monitor the shifts in Facebook's demographic composition that will undoubtedly occur as a result of the company's recent decision to open its doors to users of all ages."
Not only that, but Facebook always allowed its visitors to continue using the site after they left college, which would have created an upward age shift no matter what they did. Opening up their population will increase that even more, but it is impossible to tell how much due to the lack of a control.
I've never really understood the psychology of this, since if I saw a page like the one linked in the article, I would just close it without clicking on anything, since none of it was of interest to me.
But I understand some people will just click out of curiosity and then - BANG! - the virus writer's got real money in his pocket.
I thought you made and excellent point and if I wasn't the writer of the parent post, I would have modded you up.
However, the people I really suspect I will need are support people and maybe a graphic artist. I have people back in the US doing testing for me. Support people, of course, need to be cheerful, and I don't think it would hurt if my graphic artist was too.
So I think things will work out OK. Take advantage of each country's natural temprament:-).
So I tried to moderate it funny, and hit Overrated by mistake, giving your comment a score of 0!
The comment score box vanished and so now I have no way to undo this mistake other than writing this message, which will undo the moderation and set things right.
I agree with you there, I would just rather hire positive people, and have positive people around me than negative ones.
It may be nobody's fault per se, but that doesn't make life any more enjoyable when it's spent around bitter people.
I hope some of the bitter people who are reading this will take it to heart. Improve your atittude and you're a lot more likely to get, and stay, employed.
I never said anything even vaguely like that, so I'm a little puzzled as to why you would think it.
The unemployment rate in the Philippines is far higher than in the US.
The Philippines is a much nicer place to live than the US if you don't need to earn a living, or if you can take your work from another country (which is what I plan to do).
If you need to make a living, the Philippines is a nightmare. This is why huge numbers of skilled people are leaving the country to work in the US and other countries with stronger economies.
And yes, the Philippines does have skilled people. I got to know a lot of them when I visited. They do a lot with nothing over there.
(At a bank where a friend of mine works, they were still using FoxPro for DOS applications. I used to write those things... 10 years ago!)
For me, the lack of national pride - or any kind of pride at all - is the big problem.
From what I see in this forum and elsewhere, US workers are embittered, cynical and feel they're grossly underpaid, while foreign workers are not embittered, uncynical and are grateful to work for peanuts.
Someone tell me why I SHOULD hire a US worker or invest in the US with the above being true.
For ever job I could give a bitter and ungrateful US worker, I could give 10 jobs and materially improve people's lives in another country.
Which is the moral choice?
I'm so tired of this bitter and gloomy country that I'm planning on moving to the Philippines, where people at least try their best to appear cheerful. Life there isn't perfect and there is a lot less money, but at least people are determined to be happy with what they have.
And if things are so bad, why do we have a 5% unemployment rate? That's about as low as it can go without major problems. (There is always churn in the labor market with people quitting jobs and getting new ones.)
There's nothing in your message I disagree with. To compete successfully in that space, they had to take the bull by the horns and make their own player and store, because the players and stores created by third parties were overwhelmingly mediocre. So they had to try and do better, with the pretty much unlimited resources they had.
But why not allow previously purchased PlaysForSure music to play in the Zune? That seems like a perfectly simple decision to make. Let the seamless integration start with your own store, but at least allow people who bought music previously to use it unaltered. Otherwise you're spitting your DRM in people's faces. As you say, Apple DRM works well because it's invisible in ordinary use. Having your music not work in an updated device is as clear a violation of that rule as you're going to face.
I've noticed that Apple's success in the music world may extend to video, at least if we ever get fast enough Internet connections to make downloading it practical. The reviews of Amazon's store were terrible. Apple's is apparently much better except for the selection, and if it winds up looking like the winner, that should solve itself.
I was rather astonished by the rental rights the Amazon store offered. The movie can exist for 30 days but you have only 24 hours to play it. How crazy is that? Most video stores will let you keep videos and play them as much as you want for a week. I wouldn't want to be in Amazon's position in trying to sell an inferior product for a premium price.
What's really happening is that it adds some trust to the equation.
Take a random web site that wants to sell a book. You don't know if that book will actually show up, or if they'll just take your money and vanish. You don't know them.
Enter Amazon. You know that if you buy something from Amazon, you'll get it. You have confidence in them. Of course they sometimes make mistakes. I remember when they sent me the wrong book, but it turs out it was an interesting book so I read it anyway. But you know they won't just take your money and run with it, and they'll take the book back if you don't like it.
The big advantage Amazon has is aggregating shipping costs. Say I find a small vendor who's selling me a book for $15. They tack on $ 5 shipping and make it $20. I can find that book at amazon for $12.50 and buy it together with three other books for $8 in shipping. So my shipping overhead per book is $2 instead of $5, and I got the book for a little less, too. That's a huge win for me and makes it far more likely that I will buy your book.
This phenomenon is why the person in the article is still dealing with Amazon. Buying a $15 book for $20 is prohibitively high overhead, at least for me. Buying a $15 book for $14.50 ($12.50 + $2 shipping) sounds a lot better. And I know I'll get it, usually pretty quickly.
The truth is, it's better than ever to be a small producer of books or seller of merchandise thanks to Amazon and eBay's trust mechanisms, which are effective in spreading a bit of the trust the big guys have to the little guy. That's a huge advantage to bring the little guy.
Would you want to turn back the clock to the days before Amazon? Odds are that your small publishing company wouldn't even be noticed. Amazon and eBay help link you with your customers, and that's a huge advantage over the way things were before.
After all, nothing's stopping you from opening your own online bookstore. You just won't sell as much, or make as much money. And it's a huge distraction from the core business of writing and publishing books, which surely is hard enough without adding the complexities of sales to the equation.
Couldn't they build a better music store and a better player, but still use the same music format?
They could certainly up the bitrate if that was what bothered them.
I don't understand why you would want to antagonize customers, who really didn't trust you much to begin with, by invalidating whatever value is in the existing PlaysForSure downloads, particularly with that unfortunate slogan. Certainly it would be very difficult to convince me to buy products from the new store, which could be invalidated by some other Microsoft change down the road.
I bought a 24-pack of Diet Coke today at my local Wal*Mart and the clerk was staring dumbly at the pictures on the case. Apparently there was some kind of promotion going on with some sports stars that I guess she'd heard of. "Wow, (insert name of forgotten sports star here)! And giveaways!"
"I can't use the giveaways, I use iTunes. Wal*mart downloads don't work on my Mac," I told her.
She looked at me like I was a martian.
I wonder what she will do when her Plays4Sure music Wal*Mart songs doesn't work after her kids upgrade her music player with "that new thing from Microsoft."
The kind of contempt that shows for customers on the part of Microsoft is somehow shocking to me, even though there are plenty of similar examples from the past. But it just disgusts me that the company would abandon their customers like that.
I don't see Apple being this bone-headed, do you?
I'm not saying Apple's perfect, but that's just plain dumb.
Good thinking, and I thank you for raising the idea. But it won't work in my case.
As you know, at this very moment, YouTube is going bust in bandwidth bills hosting all that video, unless someone buys them out for US$1.5 billion first.
I don't want to host video. I want to let people point to their videos whereever they might be, so your idea won't work.
There is a tension between what users want to do that's legitimate, and what users can do maliciously.
For example, I'm developing a myspace-like system, with which I am presently grappling with these issues.
Ideally, I'd like to give users perfect creative freedom to do whatever they want on their profiles and online community pages. After all, they should be able to express themselves, no?
So before these attacks became well-known, it was a perfectly reasonable stance to say that we should NOT filter user input, that we should let people express themselves as they want. That's been my position, before I learned about this problem.
Before you laugh, even computing greats have made similar mistakes. RMS, of Emacs, GNU and GPL fame, used to rail against people using passwords on their accounts. He had no password on his account on the MIT AI ITS machine, which was accessible through the ARPANet. Theoretically, a lot of bad things could have happened to him, but they didn't because yesterday's ARPANet users had respect for him and people like him. The administrators eventually forced him, pretty much at gunpoint, to set a password. Of course he told everyone what it was. Such was the wonderful culture of the AI lab.
I don't know what RMS has done personally, but I'm sure he has a password on his account now, and I'm sure that fact greatly saddens him. I am sad about it myself. I don't like this new world of poison users and XSS and spyware and so on, but unfortunately you have to accept it as a fact of life.
My own tipping point, which showed me how important this issue was, was this fellow. I actually like him, or at least his writing style. But what he did to myspace makes my blood run cold. I realized after that that I simply could not allow people to do whatever they wanted.
Another important thing to note is that preventing XSS is not as simple as it seems. In fact, preventing it may be just plain impossible if we don't want to prevent people from doing things like showing videos and Flash, with the OBJECT tag. There are apparently huge security holes in allowing it, but if you don't, then you have a world without music or video. If anyone has tips on securing this, please reply to this and let us all know. I was thinking that it might be necessary to allow only certain URLs but that seems too draconian if there's any way to avoid it.
If we disregard that particular risk, it's still very difficult to prevent JavaScript from sneaking in. This site, unfortunatley Slashdotted together with the article, is an excellent example of how hard it is to deal with these problems, and how subtle and persistent the enemy is.
Anyway, I've spent two solid days figuring out ways to deal with all the exploits Rsnake deals with in the above document. I'm about done now, and I'm confident that my system will stand tall against most known attacks. But there's always something around the corner, and I guess that's what makes being a security guy interesting.
Personally, I really resent the time I have to waste on restricting people's freedoms just because this is a cruel and crazy world out there of people who wish you ill, just because you happen to design systems. I love to design systems, and this new project is the best thing I've ever worked on, but I shake my head over what this world has become.
I'm faster at typing than navigating with the mouse too, but not when it comes to typing names like those!
Isn't it funny that even with Windows XP, Microsoft has done their best to confirm to the 8.3 file naming structure they first introduced with DOS 1.0?
(Or was it in CP/M too? I remember Digital Equipment's PDP-11 had a 6.3 file naming system, which I daresay really dates me pretty badly:-). )
Slashdot Mirror
A good point, but none of the descriptions of this specific virus make me think it's set up to spread that way, so I still think the real threat is minimal at worst.
D
I work under the, perhaps naive, assumption that if virus code is not actually executed, it is harmless.
If infected files are lying on an iPod, which does not execute any Windows code itself, then wouldn't it be harmless to have the virus there?
The last time I configured an iPod I don't remember seeing any files on it other than a basic directory structure, and certainly no executable files.
This worm would be entirely harmless unless:
* Someone mounted the iPod as a disk, as opposed to its more common media player use.
--AND--
* Someone clicked on an executable file that was on the iPod
It seems to me that this would very rarely happen. I would assume that the virus was caught by virus scanning software running on the host PC, which would of course detect and remove it. However, if someone with this virus on the iPod had no virus scanning software, the odds are extremely high that it would just sit on the disk and never be triggered.
This is a stupid and embarassing thing to happen, but I'm not convinced it's dangerous. I'm open to having my mind changed, though, so go ahead and see what scenerios you can devise that would make this truly dangerous to more than a handful of people.
D
All very true, of course, but it would be nice to be able to turn them off entirely if you'd rather read your documents continuously, like HTML.
I would think about 90% of people who read documents over the net (instead of printing them) would prefer things that way.
D
It's theory B in a landslide. Check out Free Republic for an example. It's as big as Slashdot, if not bigger, and is 100% conservative.
I'm amazed at the ignorance of conservatism expressed in this forum. Conservatives welcome change just as liberals do; it's just the type of change that's at issue. The conservative critique of the status quo, with its political correctness, defense of poorly run government programs, awful public schools and largely socialized medicine is every bit as strong as the left's obsession with President Bush.
What is this with President Bush, anyway? You do this to every even modestly right-wing President. I've gotten in the middle of an International ANSWER protest where you show Bush with the swastika placed on his head. I'm sorry, I have to laugh. Bush has no resemblance whatsoever to Adolf Hitler. Bush has not tried to curtail your right to say whatever you want. If Bush really was Hitler, the members of Internaional ANSWER would be in concentration camps right now. I am sorry, but they are not, despite their transparent attempts to get arrested for publicity.
It would be a lot more effective if I didn't remember the same sort of demonization when George H W Bush, as mild-mannered a leader as the world has ever seen. And since Clinton "ended welfare as we know it" shouldn't you have protested him? You don't even stand up to your own ideals. You've just decided you hate us, personally, without even asking who we are or what we stand for.
Conservative views recognize government as a base on which the people rest. The people are in charge of their own lives, and government should really do little but mediate disputes and make sure the country is defended against intruders such as Al Queda. But the people stand on this foundation, and there should be as little intervention in their lives as possible. This means we're against the maze of rules that traps businesses, and that includes small business owners who make less money than the average Slashdotter.
Conservative views face reality about the situation in the Middle East. Negotiating with the Palastinians has been tried for decades, and those nice folks keep on blowing up pizza parlors in return. Is it not reasonable to say, then, that the "peace process" has failed, because the other side wants to continue fighting so badly?
The war in Iraq has drawn our enemies into a quagmire. We're in the same quagmire, true, but there have been no large-scale attacks on American soil since we started our counterattacks in Afghanistan and Iraq. Most of the people involved in Al Queda are now in Iraq killing Iraqis instead of killing Americans here. At the same time, we have rid Iraq of Saddam, and even Al Queda's butchers are pikers compared to what Saddam did.
We have established a democracy on Iraqi soil. Not a perfect one, but then again, ours isn't either. And although Iraqis may not be enthusiastic about us, they are enthusiastic about their democracy and remaking their own country their own way. Isn't that exactly what Noam Chomsky claims we never allow to happen? We've done it in Iraq. He should be proud.
Okay, someone's going to talk about the drug war and the right's embrace of religion. I agree with the left wing on both of those issues, but consider the other issues of greater importance.
So now you've looked a bit into the mind of a conservative. I don't expect to change anyone's minds overnight, but I hope I've at least shown that we have a viable view of the world. I think neither side is evil; they just see life in their own way. I hope you can now consider giving "the other side" similar respect.
D
Are you talking about Office in general or Office for the Mac?
I remember I tried writing huge, complex VbScript stuff in Office for Windows, and it was just horribly crashy, so I don't think problems are restricted to the Mac version unless they have really cleaned things up on the Windows side.
I remember the usual lifecycle of a MS product for me:
1 Hey, this does some cool stuff! Maybe MS isn't so bad!
2 That's the second crash in ten minutes! Why can't they make it reliable?
I'm glad I'm not using any MS products for what I'm doing now, save checking my sites in IE for Windows.
D
Obviously the OS is not obsolete to the people who make virus protection software, even if we're eventually all using Web 2.0-type stuff. Which I doubt, because who the heck wants to be constantly bombarded with advertisements in their word processor, and to not be able to write documents AT ALL when the Internet is down?
Still, it's not quite as simple as you say, because many people have suggested that it may be necessary to use MULTIPLE spyware/adware removal tools. So if Microsoft is trying to prevent those tools from working, I would say that's a problem. Remember, Microsoft almost bought a major spyware vendor, and you can bet Microsoft Anti-Spyware isn't going to do much against anything made by one of its subsidiaries.
Now, I have no particular love for PDF, which when viewed on the screen has to be the most irritating format ever. (Why should you want to see page breaks on the screen that have no relevance to your reading on it? I really and truly hate that user interface).
This new format will work on no version of Windows older than XP, and there are still millions of computers lying around with the old operating systems, most of which have a still-functioning PDF reader on them. And you know that having to download a reader to display a file is the kiss of death if you want people to see your stuff.
Pesky MacOS X and Linux users can all read PDF, but they can't read Metro.
I looked at some samples of the document format, and it looked just as hard to deal with as PDF, if not harder.
So I don't see any point to using it instead of PDF. I wouldn't be too worried if I were Adobe.
D
I've used it off and on pretty much since its introduction.
I can't find anything particularly wrong with it. In fact, it's nicer to use because at least it's not all gloomy grey like the Windows version. (Interesting to see them finally fixing this in the new Office, but it was a long time coming).
D
Samy's worm did exactly that.
Relevent extract from his fascinating account, well worth reading in its entirety:
I must say I was quite impressed, not to mention frightened half to death, by what Samy went through to create his worm. It was not a simple task at all. I had thought before that nobody would waste their time doing something like this; I was, of course, wrong.
The consequence of his story is that I changed my own social networking site to become a lot more secure. I didn't like doing it because I would have preferred to let people do what they want, but that artilce was a real eye opener as to how dangerous that would have been.
D
I wonder how long they ran them for?
Some of them were probably trying to get it to crash, and that can distort the numbers.
I know a lot of people on here have Windows XP systems that have run forever as long as updates are made, but what's the average uptime for a Windows system? It could be that almost all Windows machines crash at some time during the beta period timeframe, in which case the 450,000 crashes would be expected.
I might expect most people to send the data to MS because you as beta tester want to help.
D
Well, that will teach me to write a comment before I'm fully awake! Thanks for the correction, yes, she was a myspace user, not myspace itself.
:-). I hope you'll give it a look.
I've discovered a very strange thing in developing my own social networking site (URL in signature). People want to be seen as your virtual friend without actually talking to you. I had things set up so that a friend request was just another option within an email, and so people would just click "Ask David to be my friend".
Almost immediately, I got a barrage of questions of how friend requests worked, so now it composes the email for you if you don't really want to bother. It was the only change that my users wanted me to make that made me feel bad, because I still think virtual friends should send each other emails, not just friend requests!
Still, I'm trying to build social networking for the person with a brain. A different niche, for sure
D
I met her in real life before I saw her on myspace, so I know she was perfectly penis-free.
On the other hand, her personality was a bit cold. Pity since she was a real stunner.
D
I always thought of it as a site of 20somethings, not teens, though. On the other hand, I know a myspace who was 18 when I first met her, and I thought she looked 26 then. Maybe people just grow faster nowadays
Not only that, but Facebook always allowed its visitors to continue using the site after they left college, which would have created an upward age shift no matter what they did. Opening up their population will increase that even more, but it is impossible to tell how much due to the lack of a control.
D
I've never really understood the psychology of this, since if I saw a page like the one linked in the article, I would just close it without clicking on anything, since none of it was of interest to me.
But I understand some people will just click out of curiosity and then - BANG! - the virus writer's got real money in his pocket.
D
I thought you made and excellent point and if I wasn't the writer of the parent post, I would have modded you up.
:-).
However, the people I really suspect I will need are support people and maybe a graphic artist. I have people back in the US doing testing for me. Support people, of course, need to be cheerful, and I don't think it would hurt if my graphic artist was too.
So I think things will work out OK. Take advantage of each country's natural temprament
D
So I tried to moderate it funny, and hit Overrated by mistake, giving your comment a score of 0!
:-)
The comment score box vanished and so now I have no way to undo this mistake other than writing this message, which will undo the moderation and set things right.
Please ignore this post
Thank you.
D
I agree with you there, I would just rather hire positive people, and have positive people around me than negative ones.
It may be nobody's fault per se, but that doesn't make life any more enjoyable when it's spent around bitter people.
I hope some of the bitter people who are reading this will take it to heart. Improve your atittude and you're a lot more likely to get, and stay, employed.
D
I never said anything even vaguely like that, so I'm a little puzzled as to why you would think it.
... 10 years ago!)
The unemployment rate in the Philippines is far higher than in the US.
The Philippines is a much nicer place to live than the US if you don't need to earn a living, or if you can take your work from another country (which is what I plan to do).
If you need to make a living, the Philippines is a nightmare. This is why huge numbers of skilled people are leaving the country to work in the US and other countries with stronger economies.
And yes, the Philippines does have skilled people. I got to know a lot of them when I visited. They do a lot with nothing over there.
(At a bank where a friend of mine works, they were still using FoxPro for DOS applications. I used to write those things
D
For me, the lack of national pride - or any kind of pride at all - is the big problem.
From what I see in this forum and elsewhere, US workers are embittered, cynical and feel they're grossly underpaid, while foreign workers are not embittered, uncynical and are grateful to work for peanuts.
Someone tell me why I SHOULD hire a US worker or invest in the US with the above being true.
For ever job I could give a bitter and ungrateful US worker, I could give 10 jobs and materially improve people's lives in another country.
Which is the moral choice?
I'm so tired of this bitter and gloomy country that I'm planning on moving to the Philippines, where people at least try their best to appear cheerful. Life there isn't perfect and there is a lot less money, but at least people are determined to be happy with what they have.
And if things are so bad, why do we have a 5% unemployment rate? That's about as low as it can go without major problems. (There is always churn in the labor market with people quitting jobs and getting new ones.)
D
There's nothing in your message I disagree with. To compete successfully in that space, they had to take the bull by the horns and make their own player and store, because the players and stores created by third parties were overwhelmingly mediocre. So they had to try and do better, with the pretty much unlimited resources they had.
But why not allow previously purchased PlaysForSure music to play in the Zune? That seems like a perfectly simple decision to make. Let the seamless integration start with your own store, but at least allow people who bought music previously to use it unaltered. Otherwise you're spitting your DRM in people's faces. As you say, Apple DRM works well because it's invisible in ordinary use. Having your music not work in an updated device is as clear a violation of that rule as you're going to face.
I've noticed that Apple's success in the music world may extend to video, at least if we ever get fast enough Internet connections to make downloading it practical. The reviews of Amazon's store were terrible. Apple's is apparently much better except for the selection, and if it winds up looking like the winner, that should solve itself.
I was rather astonished by the rental rights the Amazon store offered. The movie can exist for 30 days but you have only 24 hours to play it. How crazy is that? Most video stores will let you keep videos and play them as much as you want for a week. I wouldn't want to be in Amazon's position in trying to sell an inferior product for a premium price.
D
What's really happening is that it adds some trust to the equation.
Take a random web site that wants to sell a book. You don't know if that book will actually show up, or if they'll just take your money and vanish. You don't know them.
Enter Amazon. You know that if you buy something from Amazon, you'll get it. You have confidence in them. Of course they sometimes make mistakes. I remember when they sent me the wrong book, but it turs out it was an interesting book so I read it anyway. But you know they won't just take your money and run with it, and they'll take the book back if you don't like it.
The big advantage Amazon has is aggregating shipping costs. Say I find a small vendor who's selling me a book for $15. They tack on $ 5 shipping and make it $20. I can find that book at amazon for $12.50 and buy it together with three other books for $8 in shipping. So my shipping overhead per book is $2 instead of $5, and I got the book for a little less, too. That's a huge win for me and makes it far more likely that I will buy your book.
This phenomenon is why the person in the article is still dealing with Amazon. Buying a $15 book for $20 is prohibitively high overhead, at least for me. Buying a $15 book for $14.50 ($12.50 + $2 shipping) sounds a lot better. And I know I'll get it, usually pretty quickly.
The truth is, it's better than ever to be a small producer of books or seller of merchandise thanks to Amazon and eBay's trust mechanisms, which are effective in spreading a bit of the trust the big guys have to the little guy. That's a huge advantage to bring the little guy.
Would you want to turn back the clock to the days before Amazon? Odds are that your small publishing company wouldn't even be noticed. Amazon and eBay help link you with your customers, and that's a huge advantage over the way things were before.
After all, nothing's stopping you from opening your own online bookstore. You just won't sell as much, or make as much money. And it's a huge distraction from the core business of writing and publishing books, which surely is hard enough without adding the complexities of sales to the equation.
D
Does anyone other than me wonder why?
Couldn't they build a better music store and a better player, but still use the same music format?
They could certainly up the bitrate if that was what bothered them.
I don't understand why you would want to antagonize customers, who really didn't trust you much to begin with, by invalidating whatever value is in the existing PlaysForSure downloads, particularly with that unfortunate slogan. Certainly it would be very difficult to convince me to buy products from the new store, which could be invalidated by some other Microsoft change down the road.
I bought a 24-pack of Diet Coke today at my local Wal*Mart and the clerk was staring dumbly at the pictures on the case. Apparently there was some kind of promotion going on with some sports stars that I guess she'd heard of. "Wow, (insert name of forgotten sports star here)! And giveaways!"
"I can't use the giveaways, I use iTunes. Wal*mart downloads don't work on my Mac," I told her.
She looked at me like I was a martian.
I wonder what she will do when her Plays4Sure music Wal*Mart songs doesn't work after her kids upgrade her music player with "that new thing from Microsoft."
The kind of contempt that shows for customers on the part of Microsoft is somehow shocking to me, even though there are plenty of similar examples from the past. But it just disgusts me that the company would abandon their customers like that.
I don't see Apple being this bone-headed, do you?
I'm not saying Apple's perfect, but that's just plain dumb.
D
Good thinking, and I thank you for raising the idea. But it won't work in my case.
As you know, at this very moment, YouTube is going bust in bandwidth bills hosting all that video, unless someone buys them out for US$1.5 billion first.
I don't want to host video. I want to let people point to their videos whereever they might be, so your idea won't work.
D
Oh, I had the same understanding as him, at the time. I didn't use a password either.
I think my basic point stands, that we have to be much more paranoid now than we did then, and that on a personal level I think it really stinks.
D
There is a tension between what users want to do that's legitimate, and what users can do maliciously.
For example, I'm developing a myspace-like system, with which I am presently grappling with these issues.
Ideally, I'd like to give users perfect creative freedom to do whatever they want on their profiles and online community pages. After all, they should be able to express themselves, no?
So before these attacks became well-known, it was a perfectly reasonable stance to say that we should NOT filter user input, that we should let people express themselves as they want. That's been my position, before I learned about this problem.
Before you laugh, even computing greats have made similar mistakes. RMS, of Emacs, GNU and GPL fame, used to rail against people using passwords on their accounts. He had no password on his account on the MIT AI ITS machine, which was accessible through the ARPANet. Theoretically, a lot of bad things could have happened to him, but they didn't because yesterday's ARPANet users had respect for him and people like him. The administrators eventually forced him, pretty much at gunpoint, to set a password. Of course he told everyone what it was. Such was the wonderful culture of the AI lab.
I don't know what RMS has done personally, but I'm sure he has a password on his account now, and I'm sure that fact greatly saddens him. I am sad about it myself. I don't like this new world of poison users and XSS and spyware and so on, but unfortunately you have to accept it as a fact of life.
My own tipping point, which showed me how important this issue was, was this fellow. I actually like him, or at least his writing style. But what he did to myspace makes my blood run cold. I realized after that that I simply could not allow people to do whatever they wanted.
Another important thing to note is that preventing XSS is not as simple as it seems. In fact, preventing it may be just plain impossible if we don't want to prevent people from doing things like showing videos and Flash, with the OBJECT tag. There are apparently huge security holes in allowing it, but if you don't, then you have a world without music or video. If anyone has tips on securing this, please reply to this and let us all know. I was thinking that it might be necessary to allow only certain URLs but that seems too draconian if there's any way to avoid it.
If we disregard that particular risk, it's still very difficult to prevent JavaScript from sneaking in. This site, unfortunatley Slashdotted together with the article, is an excellent example of how hard it is to deal with these problems, and how subtle and persistent the enemy is.
Anyway, I've spent two solid days figuring out ways to deal with all the exploits Rsnake deals with in the above document. I'm about done now, and I'm confident that my system will stand tall against most known attacks. But there's always something around the corner, and I guess that's what makes being a security guy interesting.
Personally, I really resent the time I have to waste on restricting people's freedoms just because this is a cruel and crazy world out there of people who wish you ill, just because you happen to design systems. I love to design systems, and this new project is the best thing I've ever worked on, but I shake my head over what this world has become.
And then I go back to work.
D
I'm faster at typing than navigating with the mouse too, but not when it comes to typing names like those!
:-). )
Isn't it funny that even with Windows XP, Microsoft has done their best to confirm to the 8.3 file naming structure they first introduced with DOS 1.0?
(Or was it in CP/M too? I remember Digital Equipment's PDP-11 had a 6.3 file naming system, which I daresay really dates me pretty badly
D