Finding, installing, handling revocations/expiration. Loading parent/certificate chains, -particularly when the certificate chains themselves (root and intermediate) change-. In a perfect world, this would all be handled automagically. But when something goes wrong, figuring out what happened, and then trying to fix it, has been At Least One Bridge Too Far.
I've had to mess with PKI encrypted email (as a job requirement) many times over the last 15 years. In my experience, the problem is the underlying PKI support. It's really hard to load & manage certificates, deal with revoked certificates (including preserving emails when a certificate expires), etc. Some of that is, I believe, due to the complexity of PKI itself, and some of it is due to poor (at least from a user experience perspective) support by the OS vendors. Much of my experience is with DoD PKI, including their huge chains of PKI certificate/trust.
If the PKI infrastructure worked well, encrypting/decrypting email should be easy. But if the PKI infrastructure makes it really hard to manage certificates, there's nt a lot the mail user agent can do about that!
NYT's coverage of Apple puts it ahead in this race, I think. There's just plain incompetence, and then there's targeted attacks with the goal to win a Pulitzer.
2. For this to happen, there had to be a vulnerability on that computer.
We _know_ that some systems are much more vulnerable than others. But there's no penalty for that, either for the makers or for the purchasers/specifiers of that.
There have been substantial penetrations of the US Power Grid, but this was -not- one of them. I remember hearing about vulnerabilities in the electrical grid and other SCADA critical infrastructure in the '90s. The one guy who talked about that worked for the EPRI, and ended up getting fired because he continually pointed out how the utilities were -ignoring- the problem.
Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.
(And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")
I heard a piece on NPR (which unfortunately I can't find a link for), that observed if you paid over $500k for your house 20 years ago, your house appreciated more than 100%, and if you paid less than $200k, it only appreciated 25%. Further analysis discussed that the great preponderance of such houses were on the coasts, and that affordability in those communities is a real problem . They also correlated the house price with how the people voted, noting that Trump voters were more likely to have houses in the $100k-$200k range rather than the $500k range, and that was presumed to be part of the dissatisfaction with the state of the economy.
Now putting these stories together, -I- come to the conclusion that high cost areas such as Silicon Valley are much more likely to support abstract notions of income redistribution, with the sense that "I have mine, so now I can feel bad about income inequality."
Because innocuous typos can still produce legal (but very incorrect) programs.
But more generally, there's a tension between some people's need for conciseness and other people's need for assurance that the program actually does what the author intended. And that's closely related to the tension between ease of creation vs ease of reading/understanding/change.
So how the fsck do you make a movie of a book you haven't read, and have -any credibility-? It's one thing to "adapt for the cinema", it's a whole nuther thing to steal the title and a couple character names and ignore the intent of the book.
Y2K remediation, sample size about 50 people. Corporate IT charged 2 hours for PCs, 1 hour (min charge time) for Macs. Most PCs took at least 2 hours, the worst case was the guy who was down for 3 days. Most Macs took less than 30 minutes if Corporate IT did the updates. But most Mac users did this themselves (in part saying, "I don't trust corporate to mess with my Mac.") Most of the required Mac patches were for Microsoft Office, Adobe Acrobat and other 3rd party products. The required change to Mac OS X was to set date display to 4 digits.
Where I used to work, the Macs were mostly self-supporting. When someone needed help, s/he would send a message to the internal Mac user group, and usually get a good/authoritative answer. The few times we needed to work with corporate IT involved hardware problems.
Laptop 'survivability,' sample size about 40 people. I was on a project with about 75% travel for several years. No one had a machine that lasted 3 years without a repair, most Windows machines were replaced within 2 years (ThinkPads lasted substantially longer than the Dells, HPs and Toshibas that most people had.) My first Mac lasted almost 3 years, it had a motherboard failure at 34 months. I dropped it off at the Newport Beach CA Apple Store late Thursday night, and got it back at the McLean VA Apple Store Tuesday AM. My second MacBook Pro lasted 5 years, but for the latter part of that period we were on less travel. I did have that machine knocked over and the screen cracked, but that's not an Apple problem. I handed that machine in when I left the company, it still worked and was usuable but a bit slow. One of the (removable) batteries had failed, the second was weak (and I had a 3rd replacement battery), but the hardware was otherwise fine.
In part because we have significant experience and therefore patience with sucky technology. That's due to both the fact we grew up with technology as the technology got better, and because some of our key experiences (Windows, for example) sucked so badly.
Well, (1) widely distributed decision-making has real problems with ensuring everyone has reasonably enough information to act rationally in a timely basis; (2) then an assumption that people act rationally in aggregate. The two very large scale distributed decision-making examples I can think of are (a) stock markets and (b) elections. It's going to be damn hard to argue the value of large scale distributed decision making from -those- two examples.
Any optimization approach/algorithm is set up to maximize the value of its utility function. Consider two utility functions for getting from "A" to "B", 'fewest miles' or 'fastest'. A direct route that takes you down 10 miles of roads at a speed limit of 30 MPH, compared to 20 miles on an interstate at 65 MPH, will win under the first utility but not under the second.
The same thing holds true for public policy. Do you want "most lives saved?" Do you want "greatest economic output?" Do you want "Least tax burden?"
So independent of any other consideration, there is huge judgement and therefore huge variation when trying to conduct 'rational policy' by what you choose as your utility function.
AV software should meet the standards for medical treatments, following the virus analogy. First, they should be clearly shown to be 'safe' - to not cause problems on the machine or introduce new vulnerabilities. Second, they should be shown to actually stop known viruses, be able to react to new infections, and in general do a better job than the OS vendor in rapidly adapting to threats.
Frankly, on Mac OS, I don't think any product meets these standards.
They laughed all the way to the bank! I'm old enough to remember this (and was living in Mass at the time). This issue became an instant classic, and they got -tons- of press coverage.
Slashdot Mirror
Finding, installing, handling revocations/expiration. Loading parent/certificate chains, -particularly when the certificate chains themselves (root and intermediate) change-. In a perfect world, this would all be handled automagically. But when something goes wrong, figuring out what happened, and then trying to fix it, has been At Least One Bridge Too Far.
I've had to mess with PKI encrypted email (as a job requirement) many times over the last 15 years. In my experience, the problem is the underlying PKI support. It's really hard to load & manage certificates, deal with revoked certificates (including preserving emails when a certificate expires), etc. Some of that is, I believe, due to the complexity of PKI itself, and some of it is due to poor (at least from a user experience perspective) support by the OS vendors. Much of my experience is with DoD PKI, including their huge chains of PKI certificate/trust.
If the PKI infrastructure worked well, encrypting/decrypting email should be easy. But if the PKI infrastructure makes it really hard to manage certificates, there's nt a lot the mail user agent can do about that!
Agree! And in particular, do the test cases cover both all expected functionality and error situations, particularly bad (user) input?
(someone please mod parent up).
I didn't assert 'No one develops websites on the Mac', all the websites hosted on my servers are developed on the Mac.
But the number of people who do this is Much Less Than the total Mac user population.
Furthermore, few people who develop websites on any platform get their tech advice from Consumer Reports.
But then, when you can't produce a useful thought, insults work just fine.
How many Mac users develop web sites?
I always thought that Yahoo was well-named, a company run by a bunch of Yahoos...
Has anyone ever seen a "an unnamed junior administration official" cited in a story?
NYT's coverage of Apple puts it ahead in this race, I think. There's just plain incompetence, and then there's targeted attacks with the goal to win a Pulitzer.
There has to be a vulnerability on the computer to exploit. That's a point most people seem to forget, and the people here have no excuse for that.
Yes, the air gap between the vulnerable laptop and the power grid worked as expected. But that doesn't excuse the vulnerability of the laptop!
1. There clearly was a penetration of a computer.
2. For this to happen, there had to be a vulnerability on that computer.
We _know_ that some systems are much more vulnerable than others. But there's no penalty for that, either for the makers or for the purchasers/specifiers of that.
My 'grip' is to not run Windows.
There have been substantial penetrations of the US Power Grid, but this was -not- one of them. I remember hearing about vulnerabilities in the electrical grid and other SCADA critical infrastructure in the '90s. The one guy who talked about that worked for the EPRI, and ended up getting fired because he continually pointed out how the utilities were -ignoring- the problem.
(Agree, mod parent up, good link!)
Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.
(And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")
I heard a piece on NPR (which unfortunately I can't find a link for), that observed if you paid over $500k for your house 20 years ago, your house appreciated more than 100%, and if you paid less than $200k, it only appreciated 25%. Further analysis discussed that the great preponderance of such houses were on the coasts, and that affordability in those communities is a real problem . They also correlated the house price with how the people voted, noting that Trump voters were more likely to have houses in the $100k-$200k range rather than the $500k range, and that was presumed to be part of the dissatisfaction with the state of the economy.
Now putting these stories together, -I- come to the conclusion that high cost areas such as Silicon Valley are much more likely to support abstract notions of income redistribution, with the sense that "I have mine, so now I can feel bad about income inequality."
This might actually make them reliable enough for normal use. (66% failure rate on 1tb drives over an 18 month period. I'll never buy another.)
Because innocuous typos can still produce legal (but very incorrect) programs.
But more generally, there's a tension between some people's need for conciseness and other people's need for assurance that the program actually does what the author intended. And that's closely related to the tension between ease of creation vs ease of reading/understanding/change.
The move version of Dune proves my point, I think :-)
So how the fsck do you make a movie of a book you haven't read, and have -any credibility-? It's one thing to "adapt for the cinema", it's a whole nuther thing to steal the title and a couple character names and ignore the intent of the book.
The special effects were pretty cool, but Verhoeven totally missed the point of the book.
Y2K remediation, sample size about 50 people. Corporate IT charged 2 hours for PCs, 1 hour (min charge time) for Macs. Most PCs took at least 2 hours, the worst case was the guy who was down for 3 days. Most Macs took less than 30 minutes if Corporate IT did the updates. But most Mac users did this themselves (in part saying, "I don't trust corporate to mess with my Mac.") Most of the required Mac patches were for Microsoft Office, Adobe Acrobat and other 3rd party products. The required change to Mac OS X was to set date display to 4 digits.
Where I used to work, the Macs were mostly self-supporting. When someone needed help, s/he would send a message to the internal Mac user group, and usually get a good/authoritative answer. The few times we needed to work with corporate IT involved hardware problems.
Laptop 'survivability,' sample size about 40 people. I was on a project with about 75% travel for several years. No one had a machine that lasted 3 years without a repair, most Windows machines were replaced within 2 years (ThinkPads lasted substantially longer than the Dells, HPs and Toshibas that most people had.) My first Mac lasted almost 3 years, it had a motherboard failure at 34 months. I dropped it off at the Newport Beach CA Apple Store late Thursday night, and got it back at the McLean VA Apple Store Tuesday AM. My second MacBook Pro lasted 5 years, but for the latter part of that period we were on less travel. I did have that machine knocked over and the screen cracked, but that's not an Apple problem. I handed that machine in when I left the company, it still worked and was usuable but a bit slow. One of the (removable) batteries had failed, the second was weak (and I had a 3rd replacement battery), but the hardware was otherwise fine.
As usual, Your Mileage May Vary.
In part because we have significant experience and therefore patience with sucky technology. That's due to both the fact we grew up with technology as the technology got better, and because some of our key experiences (Windows, for example) sucked so badly.
Those might be my only 2 choices in our new home.
dave
Well, (1) widely distributed decision-making has real problems with ensuring everyone has reasonably enough information to act rationally in a timely basis; (2) then an assumption that people act rationally in aggregate. The two very large scale distributed decision-making examples I can think of are (a) stock markets and (b) elections. It's going to be damn hard to argue the value of large scale distributed decision making from -those- two examples.
Any optimization approach/algorithm is set up to maximize the value of its utility function. Consider two utility functions for getting from "A" to "B", 'fewest miles' or 'fastest'. A direct route that takes you down 10 miles of roads at a speed limit of 30 MPH, compared to 20 miles on an interstate at 65 MPH, will win under the first utility but not under the second.
The same thing holds true for public policy. Do you want "most lives saved?" Do you want "greatest economic output?" Do you want "Least tax burden?"
So independent of any other consideration, there is huge judgement and therefore huge variation when trying to conduct 'rational policy' by what you choose as your utility function.
AV software should meet the standards for medical treatments, following the virus analogy. First, they should be clearly shown to be 'safe' - to not cause problems on the machine or introduce new vulnerabilities. Second, they should be shown to actually stop known viruses, be able to react to new infections, and in general do a better job than the OS vendor in rapidly adapting to threats.
Frankly, on Mac OS, I don't think any product meets these standards.
They laughed all the way to the bank! I'm old enough to remember this (and was living in Mass at the time). This issue became an instant classic, and they got -tons- of press coverage.