Google Chrome 6 was, in fact, the current "stable" Chrome browser back then. Google Chrome 7 was not released until October 21, 2010, and Chrome 8 is from this month.
Google Chrome 6 only seems "old" because it's two full revisions back. That's because Google has it on a Jack Russel Terrier release schedule, probably desperately trying to get their browser to version 10 "see? one more than Microsoft!" ASAP.
But green bananas purchased when Chrome 6 was still the current stable browser might still be edible today.;)
There is a valid point about why IE9 Beta got in there, but not Firefox 4 Beta, or Chrome 7 Beta. But the test was testing speed of blacklist signature updates anyway, and those don't change very much between browser updates since it's all vendor-side maintenance, and not some actual property inherent to the browser itself.
Perhaps, but throwing out the IE9 beta the test was done in October 2010. It used Chrome 6 (released September 2010, superseded in late October 2010 by Chrome 7), Firefox 3.6 (Released January 2010 and still the current stable release), and Internet Explorer 8 (released in early 2009).
If you ignore the IE9 beta, Internet Explorer was actually the oldest of all of the browsers tested.
The real problem with the test is not browser age. In fact, browser age has nothing to do with the test. They were testing the vendor's blacklist update interval and completeness, with a deep bias toward "fast response" and a deep bias away from "completeness". I posted a critique earlier on in the thread detailing the problems: http://tech.slashdot.org/comments.pl?sid=1912006&cid=34567368
The age of the browser is an invalid critique of the test, and almost leads me to believe that some Microsoft shill put it in the article summary to mislead you from the real problems with the test.
The report is almost useless because it has compared the latest stable and dev releases of IE with versions of Firefox and Chrome that are years old.
What. No, wait, what?
Read on to the end, because later I'm going to tell you what's really wrong with the test and why it's bullshit, but I have to first burn down the obvious straw man you've introduced.
It used Google Chrome 6, which was the current stable Chrome at the time (6 came out in September 2010). Google Chrome has gone from 6 to 8 in two months. It used Firefox 3.6, which is the current stable Firefox RIGHT NOW, two months after the report was released. 3.6 was released in January 2010, but Mozilla has only done "dot" releases since October. It also included Internet Explorer 8, which was released in March 2009.
In other words, if you want to say "older is worse", then IE8 should have been absolutely fucking pasted by this test. Ummm, right? It's the oldest browser in the test by almost a year.
Now we get to the point that won't upset you, because THIS is what is wrong with the test.
According to their test, what they were really testing was vendor responsiveness to known threats (on-time maintenance of the blacklist), not some response internal to the browser. They took a bunch of really recent entries of bad sites from someone and plugged them into the browsers, getting a new batch of URLs every few hours. The time was measured in hours, so what this is really saying is that Microsoft seems to be the best vendor at maintaining the server-based "bad URLs" list, though it took them 4 hours on average to block sites as opposed to Firefox's 6 hours.
If they got these sites from their paid sponsor, then the list could easily have been biased. But there's more actual provable bias to the test than just that.
The real bias is in the percentages. They do not actually represent "Microsoft browsers blocked 90% of sites while Firefox only blocked 20%". they are a grade-type score, where 100% means all sites were blocked immediately, while a 0% means no sites were blocked, ever. Early detection (measured in hours) seems to play a much larger role than actual number of sites detected. The scores appear to have been done on some form of normalization curve, with the sweet spot being somewhere around "One Half Hour Longer than Internet Explorer".
Otherwise, how does an increase in response time from 4 hours (IE, both versions to within a few minutes plus or minus) to 6 hours (Firefox) make your score go from 90% to 20%?
The net conclusion is, if you're going to use a web browser and you depend on vendor-maintained "baddie" lists as your primary line of defense (rather than script protections like NoScript, which don't depend on a vendor to maintain stuff for you), you're better off with Internet Explorer than any other mainstream browser in the market.
It doesn't make you "70% safer" or protect you from "70% more threats", it means that it has, on average, 2 hours of lead time on the next-best browser in terms of the list of sites it protects you from. It's like saying that McAfee is better than Norton because McAfee generally releases specific virus signatures, on average, 2 hours before Norton does.
So, the test is correct, it's just expressing the results in a very misleading way, showing a very low number for "everyone but Microsoft" because the test results were designed to score what IE did best in the highest way possible. They even spelled that out in their results:
The value of this table is in providing context for the overall block rate, so that if a browser blocked 100% of the malware, but it took 264 hours (11 days) to do so, it is actually providing less protection than a browser with a 70% overall bloc
Honestly? It doesn't matter. I have "broadband", but I can't come close to actually using it.
With the introduction of bandwidth caps, Comcast could give me 1 trillion gigabytes to my home via magic faerie fiber, and I'll still be limited to a monthly allotment of 250GB (and consider myself lucky, because of the capping ISP's at least Comcast has the highest cap!). That means that if my combined upload and download over the course of the month exceeds an average of about 100 kilobytes/second, I'm screwed.
Comcast recently upgraded my connection so it technically qualifies as this new definition of "broadband" (without any prior notice, without my consent, and at the tune of another $10 a month bringing me up to $65 for Internet access ONLY - no cable and no phone, thanks Comcast, if you weren't a complete monopoly here I'd kick you out, but you know you got me between the cheeks with the sandy vaseline!). Of course, with the new speeds and the new increased pricing came.. the same monthly cap.
Great, now I can burn up my monthly allotment in 7 days instead of 12. Woo-freaking-hoo. Party time!
Why? If you want to, Google provides the tools to root it and you can easily install your personal choice of freedoms.
This is aimed at the type of person who wants to put a piece of bread in a slot, push down on the lever, watch the wires get hot, and have TOAST, YEAH TOAST!
Not the kind of person who wants to go out and start a fire in their backyard so they can hold bread on a handcarved stick to make their toast.
Computers are, for a decent percentage of the population, an appliance. An appliance that takes too much time to maintain and worry about and protect just to get on a web browser and surf them thar interwebz.
Nothing at all is stopping you from expressing your own personal freedoms on this device. It's just that with freedom comes responsibility, and a lot of people either can't or don't want that responsibility for a computer they don't really need it on.
The rest of us will carry on, free from the "hey, I saw an odd popup and clicked on it and now I've got this odd message every time I start up" multi-hour debugging extravaganza.
I don't want this for me. I want this for my 70-year-old aunt who is intimidated by the term "Web Browser" ("but I don't want to browse, I know where I want to go!") and email client ("I'm not a lawyer! I want it for me!") and program ("I'm not watching TV!").
Here, push the power button, three seconds later click on "The Facebook", hey, you're online! No caps lock key so you can't shout.
It's easy to change things. Just don't buy an iOS device. It's not like there is a lack of technologically superior, more open, and cheaper (pick any two) devices out there. Apple may have been sorta kinda first into the touchscreen cellphone niche, but it's not a lonely place any more.
Enough people avoid it, and The Steve decides maybe he has to figure out what people really want. Except that, in this case, the walled garden appears to be in significant part what a lot of people really want.
Not me, and it appears not you either, but a lot of people.
The Market Has Spoken. Fortunately, the conversation never ends.:)
I was thinking the same thing. If iOS is a walled garden, this is a walled garden hermetically within a Plexiglas dome and a concrete floor and all the plants in sterilized pots.
But that might not be a bad thing. For the "my phone/computer is an appliance" crowd, this might be perfect. No fiddling around trying to download plugins or extensions, no overhead of antivirus, and no difference between multiple machines, and most importantly almost no tech support required. If I break something like this, I go out and buy a new one, present one username and password to it, and it's exactly like my old one used to be.
If you're selling an OS whose primary purpose is to surf da interwebz, it might not be a terribly bad idea to resurrect the concept of the "dumb terminal" in that context. I presume Google will push updates, so if they keep a current list of plugins and/or extensions that can be enabled/disabled by the user as desired, you have machines that are going to be really, really hard to compromise, and really, really easy to use. And really, really inexpensive.
Well, except by Google, so you'd better trust Google a LOT under this model (much like you have to trust Apple a good deal under the iOS model). If you want your computer to do anything outside what Google had in mind, you're done. If Google gets hacked, your data gets hacked and you might never know about it. And, of course, you'll never be able to do anything without Google knowing about it.
The ceiling ain't gonna be where your monthly charge is today, that's for sure.
Think about it. The cable company is (by and large) regulated to ensure a reasonable profit margin. That margin isn't going to change by a whole hell of a lot, so the cable company will still need about the same AVERAGE amount of money per consumer just to maintain the wires and gimcrackery.
So let's say there are two customers in this plan to make the math simple. Currently you each pay $50 a month, your neighbor downloads his 50mb and pays his $50, and you download your 5TB and pay your $50.
The company changes to a pay-as-you-go sort of plan. $20 a month buys you service and your first 20GB of data, and it's, say, $1 a gigabyte over that. So your neighbor still isn't scratching the surface of his allotment, he saves $30. But if you were capped at your current charge, you'd never pay more than $50, and the cable company is out $30 (your neighbor's savings).
They've lost money, and they have not discouraged you from gobbling up bandwidth like it's free candy. And it's not, really, most service providers currently pay by the gigabyte (a very small fee, but if someone is using 5TB of bandwidth on a consumer connection each month $75 isn't going to garner much of a profit, if at all).
The real problem is, though, the niche users are the minority. By and large, most customers will be saving money on this. A lot of money, unless the ISP charges a significant "base charge" to make a profit off maintaining the connection. Which means the niche users are going to be milked until they moo, then they'll go for blood, then when that's dried up they'll grind your bones for the calcium.
They might put in a service charge cap, but it's going to be a lot lot LOT higher than what you pay today. And the wired and wireless worlds have shown us that companies don't tend to want caps on charges, only caps on data amounts you get with those charges (a' la the Comcast 250GB/month limit).
So if you download 5TB, that's a flat rate for you of $1 a gig, $5,000 please. If you want your service charges capped at $100, then you'll be limited to 100GB a month. I'm sure they'll offer "bandwidth management", for an extra fee.
In the high school I attended in the 80s, there was no money for chemicals in chemistry, so we used water and food items. "See, kids, if that half-gram of salt had been pure sodium, the water would have fizzed, so write "SAW FIZZING REACTION" in your books." Quickly put the lids we're calling stoppers over the paper coffee cups we're pretending are beakers, and do you remember what would happen if we had lit the end of the straw we're pretending is a glass tube protruding through the imaginary stopper? Jimmy? That's right - flame, because the result is, Jane? Yes, that's right, hydrogen. Excellent. Now rinse out your cups and set them back on the towel over by the radiator so I can reuse them for test tubes tomorrow." I'll say one thing, they did teach us imagination.
I don't know what level the kids will be involved in. If they're old enough, maybe they'll work in the metals shop cutting or at least polishing their own shield? Maybe some of them will work in the wood shop helping to build the ship, and get involved in tarring the joints and other parts of the project?
And given the purpose of this episode, I'll be deeply, utterly surprised if I don't see a "CONFIRMED" sign at the end of the episode.
Hmm, good point. I suddenly have an interest in watching it again, just to see how they manage to reverse their own findings. Their testing on this one has been fairly thorough and relatively rigorous given the slapdash quality of most of the science on the show (which of course is its popular appeal - they aren't going for accuracy as much as they are reasonably plausible tests that look good when filmed, scientific rigor doesn't sell, but at least they pay it lip service).
In retrospect, given the real goal of this episode, it's almost a given that the myth at least get a promotion to PLAUSIBLE, if not a big fat CONFIRMED.
In this case, it's a use of the President as a figurehead to promote science in education in the US media. To geeks, it's not so much that El Prez himself is appearing on one of our favorite TV shows, it's that he's using the bully pulpit rather than Executive Order to try and promote the importance of science in our educational system.
The President as spokescritter instead of dictator, this is the kind of government program that might possibly do some good.
I find it odd that The Discovery Channel would get access to the President and use their huge publicity opportunity to... rehash a myth they've already debunked twice. What?
The only possible reason to use this particular myth is so you can get 500 kids involved, each holding a mirror, and maybe involving the kids directly in the science, plus a little time with a few celebrities, will help associate science with coolness. I mean, it's an easy and pretty safe myth from the kids' perspectives. Hold a mirror, aim reflection at ship a safe distance away, hope for it to start smoking and burst into flames.
I dunno, though, it just seems like they could have done something new (at least new to the show) that would be just as engaging. Like debunking the professor's use of coconuts to power a radio on Gilligan's Island or something.
Adam: "So, as you can see, stirring the solution in 5 coconuts didn't work. Busted." Jamie: "Agreed. Busted. So what are we testing next?" Barak: [walks on stage]"Wait a minute. We can't stop here, can we? Don't we need to scale it up?" Jamie: "Sure, normally, but how do we scale this one up?" Adam: "It'll take the output of 500 coconuts! Where are we going to find enough people to build and operate hundreds of coconut batteries? It's impossible!" Barak: "Fortunately, I brought a few friends along to help out. C'mon out, kids!" [cue 500 schoolkids] Barak, Jamie, and Adam: "SCIENCE!"
set pdenatic = "on"; No, you'd actually want pretty comprehensive logging. Not a series of separate, discrete solutions. On a completely unrelated note, though, you would want it to be discreet so it isn't noticed.; set pedantic = "off";
Seriously...
Get a decent router (any of the Linux-based ones that can take aftermarket firmware would work, Tomato and the various HyperWRT variants are all capable of remote logging and even have some level of connection monitoring built-in, and I'm sure DD-WRT has it covered as well) and it'll dump logs to your computer, then you can sift through them with WallWatcher or similar. Or take your main computer, add a second Ethernet card to it, and run all your traffic through it, logging everything as it goes through.
If caps are the only thing she can read easily, wouldn't it be easier for her to load a font that shows lowercase letters as uppercase, that way she can read everything on the Web, not just the things that others have to accommodate her for? I'm not saying that accommodating her is wrong, but merely accommodating her on a specific forum means you're limiting her access to the Web. Enabling her with a font that translates everything to uppercase gives her the freedom to go anywhere she damn well pleases and the whole web is open to her (well, except for things like PDF documents or text-as-an-image, but at least most of the Web instantly becomes uppercase for her).
http://www.fontspace.com/john-singer/tymeslittlecaps would seem to be a good candidate, as it shows everything in caps, but the "lowercase" letters are just smaller capitalized letters. So she can tell the visual difference between caps and lowercase, but she's reading it all in caps.
There are tons and tons of sites with free fonts, both for artistic merit and to meet the specific needs of people who have trouble with Arial and Times New Roman and the like.
Shit like this happened back then, too. It's just that a stolen nativity scene in Virginia wouldn't make the news in Kentucky, and one in California wouldn't make the news in New Jersey. We read about this shit because it sells eyeballs and subscriptions, like all bad news, and when we run out of the other shit that's been happening forever (murder, rape, etc) we cover less and less important stories further and further away.
I'm not saying that stealing a nativity scene is somehow OK, it's just that 30 years ago it would have been purely local news of local interest, not national scare-filler.
These things aren't mysteries, even to many laypeople. Of course, I'm a private pilot, so the potential interference to radio communications, GPS, etc maybe makes me a little more aware of it than most, but it's not like this is a new phenomenon or something we've just now discovered thanks to modern science. Humanity knew about these before the 1800's, and their effects on electrical devices were pretty clearly demonstrated by Mother Nature since at least 1859 (the Carrington Event, http://en.wikipedia.org/wiki/Solar_storm_of_1859 ).
We've been hit by CMEs in the past, and their effects are pretty well understood. The potential impacts of this are real, and very inconvenient, in that they can knock out power grids with relative ease ( http://en.wikipedia.org/wiki/March_1989_geomagnetic_storm ). We haven't had a strong hit since the cellular telephone was invented in 1989, so we have little experience with the really strong ones and modern electronics, but frying a few million computers and smartphones would (if not fatal) have some pretty nasty economic consequences for the owners of same.
The only level of lethality would be if you are somehow dependent on electricity, or the possible introduction of electricity into places you weren't expecting it. So, for example, if you hear about a strong geomagnetic event, it's probably not a good idea to go out and lean on any local ungrounded aluminum-sided house or any very large piece of ungrounded conductive material. You might become the grounding strap. That could be bad. Think of it as a lightning event, except it's smaller lightning but appears everywhere, even inside things.
Upside: While it's dark at night what with all the lack of power and your neighbors not burning their 10,000 watt back yard lights all night, you'll see the coolest aurora display ever if you live far enough north (and that could be as far south as Texas with a strong event). "Aurora Borealis, shinin' down in Dallas, can you picture that?"
We know it damages things as crude as telegraph machines, including setting the paper in them on fire from sparks, because it has. CMEs can impart energy into metal, and the electrical network is a huge freaking CME antenna, so in a strong storm expect at least temporary loss of power, and longer if there's enough strength to overload transformers and the like.
The CME can either cancel out the existing electricity in the power grid, or it can add to it, depending on polarity. A modestly strong CME impact can actually impart electricity into unshielded electronics and fry them where they sit due to nothing more sophisticated than voltage overload, even if they are not plugged in (this is known as "geomagnetically-induced current").
That would be one holy mother jaw-dropper of a privilege escalation flaw, allowing a data read from one VM to traverse the hypervisor and read an encrypted filesystem in a separate VM.
I'm not saying it's impossible, but it's rather unlikely, and it'd probably be the subject of a very high priority fix. Once the corporate security folks read a service bulletin like that, they'd probably hit the big red "REMOTE-WIPE ALL CORPORATE PHONES NOW" button until a fix was available.
However, shit does in fact happen. There is a slight risk, sure, but compare that to the ordinary ways of doing business today:
1. I have to carry two phones, which means I'm more likely to lose one (and particularly the one I don't use as much). I'm less likely to miss a phone I don't use, so I might not notice losing it for a critical few hours or even days. Physical access to a device is the worst-case scenario, especially if the device has not been wiped.
Plus I won't always carry it if I'm not on call. If it's one phone, I'll always have it with me. If it's always with me, I'm more likely to peek at my company email to see if there are problems, and respond even when I'm not technically on call. With that slight risk comes the ability to reach me if the regular on-call guy and his backup are unavailable. We're in a fairly rural area with lots of dead spots, so this is a real risk for us.
2. I carry one for work, and they allow me to use it for personal use (the way my company does it). I load apps on it, and I'm responsible for tuning the firewall (if it exists, like it does on my BB) to make sure no apps have access to my contact information.
There are a lot of people who simply don't know how to configure security for apps, so they simply toggle everything to "allow all" so they aren't bothered by prompts and their apps always work. Company policy prevents that for a few data sources, but the contact list is not one of them. So there's a nearly 100% chance that some company data is already vulnerable to bad app writers, though none of it is critical data.
So, yeah, there's a risk involved in combining two phones into one, but it also mitigates a few risks every company that issues smartphones accepts today.
How many people will actually want their personal phone and thier business phone to be mixed?
Let me start the count for you. ONE!:)
Do you have two separate service plans with two separate bills?
Ideally, yes. Many phones (non-US-carrier-locked ones, anyway) can take two SIM chips and even from two separate carriers. Company issues you a phone with their SIM and a VM pointing to that SIM. If you want a personal plan, you go to your carrier of choice(*) and buy a month-to-month SIM (or go to a convenience store and pick up a prepaid SIM if you don't plan on using your side of it a lot) or plug your personal SIM from your personal phone into the company one.
That way, if you overuse your data, you and your company are not having a conversation about "personal use".
A generous company might even pay for the personal plan, or help subsidize it, but worst case they are giving you a smartphone that doesn't come with a 2-year ETF agreement. And it's a smartphone they'll be comfortable giving you, since they can secure the crap out of their bits of it without affecting your bits.
(*) Of course, the downside in the US is that you're pretty much stuck with your company's carrier unless the phone's got an impressive array of radios, since even the SIM-based carriers in the US use different and incompatible signalling technologies (most GSM carriers work fine for voice or EDGE, but get into 3G+ territory and it's a minefield, and of course Verizon and a few others use completely different tech). I suppose they could built a phone that can support many technologies simultaneously or make the radios modular, but that brings the build cost up and the phone gets bigger.
I don't think a VM is overkill at all for corporate use.
I currently carry a company smartphone, and there are all sorts of restrictions on what I can do with it. In addition, that device carries company confidential data. There is the possibility that I could install malware on the phone that compromises the data, and yet Corporate doesn't want to be ridiculously draconian about their policies because they understand we use these devices for a limited amount of personal use as well, and as long as it doesn't cost the company money (data/minutes overages, buying ringtones, etc) they are OK with it.
However, the fact that it's a company phone makes it less convenient. It locks after 15 minutes, I can't install certain apps like the latest Google Maps (because Google Maps 4 for Blackberry demands ALLOW access to everything on the phone, including company encrypted data, and no fucking way would I allow that even if my company policy didn't wisely block it). Fortunately, the Blackberry has a nice firewall system and with any apps I install I can allow/disallow access to various bits, so I routinely make sure that anything "corporate" is set to BLOCK for any "personal" apps I run, but a lot of apps still need the contacts list and others. Your idea of separating contact lists is a good one, but it's not sufficient - if a poorly-behaved app is running on the same operating system, it still might get access to something it shouldn't.
With a system like this, my company could issue me a phone with two SIM slots and two operating systems. If I want to use it for personal use, I jack in my SIM to slot #1 and I have a nice smartphone to use on my plan. The company puts their SIM in slot 2 and builds as draconian a control system as they please into it, and it's isolated from anything I might decide to do to "my" side of the phone. If I leave the company, they either take their SIM and wipe their OS and give me the phone, or I take my SIM and wipe my OS and give them the phone so they can reissue it to someone else. In either case, my personal phone remains my personal one, and the company phone ceases to exist.
The company can issue you a completely restrictive phone and you can carry a completely unrestricted phone, they just happen to be in the same device.
Sure, you could carry two devices, but then you've got to keep two devices charged, remember two devices, etc.
Slashdot Mirror
The study is from mid-October 2010.
Google Chrome 6 was, in fact, the current "stable" Chrome browser back then. Google Chrome 7 was not released until October 21, 2010, and Chrome 8 is from this month.
Google Chrome 6 only seems "old" because it's two full revisions back. That's because Google has it on a Jack Russel Terrier release schedule, probably desperately trying to get their browser to version 10 "see? one more than Microsoft!" ASAP.
But green bananas purchased when Chrome 6 was still the current stable browser might still be edible today. ;)
There is a valid point about why IE9 Beta got in there, but not Firefox 4 Beta, or Chrome 7 Beta. But the test was testing speed of blacklist signature updates anyway, and those don't change very much between browser updates since it's all vendor-side maintenance, and not some actual property inherent to the browser itself.
Perhaps, but throwing out the IE9 beta the test was done in October 2010. It used Chrome 6 (released September 2010, superseded in late October 2010 by Chrome 7), Firefox 3.6 (Released January 2010 and still the current stable release), and Internet Explorer 8 (released in early 2009).
If you ignore the IE9 beta, Internet Explorer was actually the oldest of all of the browsers tested.
The real problem with the test is not browser age. In fact, browser age has nothing to do with the test. They were testing the vendor's blacklist update interval and completeness, with a deep bias toward "fast response" and a deep bias away from "completeness". I posted a critique earlier on in the thread detailing the problems: http://tech.slashdot.org/comments.pl?sid=1912006&cid=34567368
The age of the browser is an invalid critique of the test, and almost leads me to believe that some Microsoft shill put it in the article summary to mislead you from the real problems with the test.
The report is almost useless because it has compared the latest stable and dev releases of IE with versions of Firefox and Chrome that are years old.
What. No, wait, what?
Read on to the end, because later I'm going to tell you what's really wrong with the test and why it's bullshit, but I have to first burn down the obvious straw man you've introduced.
The report was released in October 2010. http://www.nsslabs.com/assets/noreg-reports/NSS%20Labs_Q32010_Browser-SEM.pdf
It used Google Chrome 6, which was the current stable Chrome at the time (6 came out in September 2010). Google Chrome has gone from 6 to 8 in two months. It used Firefox 3.6, which is the current stable Firefox RIGHT NOW, two months after the report was released. 3.6 was released in January 2010, but Mozilla has only done "dot" releases since October. It also included Internet Explorer 8, which was released in March 2009.
In other words, if you want to say "older is worse", then IE8 should have been absolutely fucking pasted by this test. Ummm, right? It's the oldest browser in the test by almost a year.
Now we get to the point that won't upset you, because THIS is what is wrong with the test.
According to their test, what they were really testing was vendor responsiveness to known threats (on-time maintenance of the blacklist), not some response internal to the browser. They took a bunch of really recent entries of bad sites from someone and plugged them into the browsers, getting a new batch of URLs every few hours. The time was measured in hours, so what this is really saying is that Microsoft seems to be the best vendor at maintaining the server-based "bad URLs" list, though it took them 4 hours on average to block sites as opposed to Firefox's 6 hours.
If they got these sites from their paid sponsor, then the list could easily have been biased. But there's more actual provable bias to the test than just that.
The real bias is in the percentages. They do not actually represent "Microsoft browsers blocked 90% of sites while Firefox only blocked 20%". they are a grade-type score, where 100% means all sites were blocked immediately, while a 0% means no sites were blocked, ever. Early detection (measured in hours) seems to play a much larger role than actual number of sites detected. The scores appear to have been done on some form of normalization curve, with the sweet spot being somewhere around "One Half Hour Longer than Internet Explorer".
Otherwise, how does an increase in response time from 4 hours (IE, both versions to within a few minutes plus or minus) to 6 hours (Firefox) make your score go from 90% to 20%?
The net conclusion is, if you're going to use a web browser and you depend on vendor-maintained "baddie" lists as your primary line of defense (rather than script protections like NoScript, which don't depend on a vendor to maintain stuff for you), you're better off with Internet Explorer than any other mainstream browser in the market.
It doesn't make you "70% safer" or protect you from "70% more threats", it means that it has, on average, 2 hours of lead time on the next-best browser in terms of the list of sites it protects you from. It's like saying that McAfee is better than Norton because McAfee generally releases specific virus signatures, on average, 2 hours before Norton does.
So, the test is correct, it's just expressing the results in a very misleading way, showing a very low number for "everyone but Microsoft" because the test results were designed to score what IE did best in the highest way possible. They even spelled that out in their results:
The value of this table is in providing context for the overall block rate, so that if a browser blocked 100% of the malware, but it took 264 hours (11 days) to do so, it is actually providing less protection than a browser with a 70% overall bloc
Quis whooshdiet ipsos whooshdes?
How did you know about my footie pajamas? Oh, shit, they've found me!
Honestly? It doesn't matter. I have "broadband", but I can't come close to actually using it.
With the introduction of bandwidth caps, Comcast could give me 1 trillion gigabytes to my home via magic faerie fiber, and I'll still be limited to a monthly allotment of 250GB (and consider myself lucky, because of the capping ISP's at least Comcast has the highest cap!). That means that if my combined upload and download over the course of the month exceeds an average of about 100 kilobytes/second, I'm screwed.
Comcast recently upgraded my connection so it technically qualifies as this new definition of "broadband" (without any prior notice, without my consent, and at the tune of another $10 a month bringing me up to $65 for Internet access ONLY - no cable and no phone, thanks Comcast, if you weren't a complete monopoly here I'd kick you out, but you know you got me between the cheeks with the sandy vaseline!). Of course, with the new speeds and the new increased pricing came.. the same monthly cap.
Great, now I can burn up my monthly allotment in 7 days instead of 12. Woo-freaking-hoo. Party time!
Why? If you want to, Google provides the tools to root it and you can easily install your personal choice of freedoms.
This is aimed at the type of person who wants to put a piece of bread in a slot, push down on the lever, watch the wires get hot, and have TOAST, YEAH TOAST!
Not the kind of person who wants to go out and start a fire in their backyard so they can hold bread on a handcarved stick to make their toast.
Computers are, for a decent percentage of the population, an appliance. An appliance that takes too much time to maintain and worry about and protect just to get on a web browser and surf them thar interwebz.
Nothing at all is stopping you from expressing your own personal freedoms on this device. It's just that with freedom comes responsibility, and a lot of people either can't or don't want that responsibility for a computer they don't really need it on.
The rest of us will carry on, free from the "hey, I saw an odd popup and clicked on it and now I've got this odd message every time I start up" multi-hour debugging extravaganza.
I don't want this for me. I want this for my 70-year-old aunt who is intimidated by the term "Web Browser" ("but I don't want to browse, I know where I want to go!") and email client ("I'm not a lawyer! I want it for me!") and program ("I'm not watching TV!").
Here, push the power button, three seconds later click on "The Facebook", hey, you're online! No caps lock key so you can't shout.
total lack of any way to change things
It's easy to change things. Just don't buy an iOS device. It's not like there is a lack of technologically superior, more open, and cheaper (pick any two) devices out there. Apple may have been sorta kinda first into the touchscreen cellphone niche, but it's not a lonely place any more.
Enough people avoid it, and The Steve decides maybe he has to figure out what people really want. Except that, in this case, the walled garden appears to be in significant part what a lot of people really want.
Not me, and it appears not you either, but a lot of people.
The Market Has Spoken. Fortunately, the conversation never ends. :)
What apps? ChromeOS is Google Chrome plus just enough operating-system-y bits stickytaped on to talk to some hardware, as I understand it.
Since the OS is basically a browser, the *whole OS* is the sandbox on this model.
I was thinking the same thing. If iOS is a walled garden, this is a walled garden hermetically within a Plexiglas dome and a concrete floor and all the plants in sterilized pots.
But that might not be a bad thing. For the "my phone/computer is an appliance" crowd, this might be perfect. No fiddling around trying to download plugins or extensions, no overhead of antivirus, and no difference between multiple machines, and most importantly almost no tech support required. If I break something like this, I go out and buy a new one, present one username and password to it, and it's exactly like my old one used to be.
If you're selling an OS whose primary purpose is to surf da interwebz, it might not be a terribly bad idea to resurrect the concept of the "dumb terminal" in that context. I presume Google will push updates, so if they keep a current list of plugins and/or extensions that can be enabled/disabled by the user as desired, you have machines that are going to be really, really hard to compromise, and really, really easy to use. And really, really inexpensive.
Well, except by Google, so you'd better trust Google a LOT under this model (much like you have to trust Apple a good deal under the iOS model). If you want your computer to do anything outside what Google had in mind, you're done. If Google gets hacked, your data gets hacked and you might never know about it. And, of course, you'll never be able to do anything without Google knowing about it.
And when they run out of ideas, we'll issue them stimulus funds. I like it.
The ceiling ain't gonna be where your monthly charge is today, that's for sure.
Think about it. The cable company is (by and large) regulated to ensure a reasonable profit margin. That margin isn't going to change by a whole hell of a lot, so the cable company will still need about the same AVERAGE amount of money per consumer just to maintain the wires and gimcrackery.
So let's say there are two customers in this plan to make the math simple. Currently you each pay $50 a month, your neighbor downloads his 50mb and pays his $50, and you download your 5TB and pay your $50.
The company changes to a pay-as-you-go sort of plan. $20 a month buys you service and your first 20GB of data, and it's, say, $1 a gigabyte over that. So your neighbor still isn't scratching the surface of his allotment, he saves $30. But if you were capped at your current charge, you'd never pay more than $50, and the cable company is out $30 (your neighbor's savings).
They've lost money, and they have not discouraged you from gobbling up bandwidth like it's free candy. And it's not, really, most service providers currently pay by the gigabyte (a very small fee, but if someone is using 5TB of bandwidth on a consumer connection each month $75 isn't going to garner much of a profit, if at all).
The real problem is, though, the niche users are the minority. By and large, most customers will be saving money on this. A lot of money, unless the ISP charges a significant "base charge" to make a profit off maintaining the connection. Which means the niche users are going to be milked until they moo, then they'll go for blood, then when that's dried up they'll grind your bones for the calcium.
They might put in a service charge cap, but it's going to be a lot lot LOT higher than what you pay today. And the wired and wireless worlds have shown us that companies don't tend to want caps on charges, only caps on data amounts you get with those charges (a' la the Comcast 250GB/month limit).
So if you download 5TB, that's a flat rate for you of $1 a gig, $5,000 please. If you want your service charges capped at $100, then you'll be limited to 100GB a month. I'm sure they'll offer "bandwidth management", for an extra fee.
In the high school I attended in the 80s, there was no money for chemicals in chemistry, so we used water and food items. "See, kids, if that half-gram of salt had been pure sodium, the water would have fizzed, so write "SAW FIZZING REACTION" in your books." Quickly put the lids we're calling stoppers over the paper coffee cups we're pretending are beakers, and do you remember what would happen if we had lit the end of the straw we're pretending is a glass tube protruding through the imaginary stopper? Jimmy? That's right - flame, because the result is, Jane? Yes, that's right, hydrogen. Excellent. Now rinse out your cups and set them back on the towel over by the radiator so I can reuse them for test tubes tomorrow." I'll say one thing, they did teach us imagination.
I don't know what level the kids will be involved in. If they're old enough, maybe they'll work in the metals shop cutting or at least polishing their own shield? Maybe some of them will work in the wood shop helping to build the ship, and get involved in tarring the joints and other parts of the project?
And given the purpose of this episode, I'll be deeply, utterly surprised if I don't see a "CONFIRMED" sign at the end of the episode.
Hmm, good point. I suddenly have an interest in watching it again, just to see how they manage to reverse their own findings. Their testing on this one has been fairly thorough and relatively rigorous given the slapdash quality of most of the science on the show (which of course is its popular appeal - they aren't going for accuracy as much as they are reasonably plausible tests that look good when filmed, scientific rigor doesn't sell, but at least they pay it lip service).
In retrospect, given the real goal of this episode, it's almost a given that the myth at least get a promotion to PLAUSIBLE, if not a big fat CONFIRMED.
In this case, it's a use of the President as a figurehead to promote science in education in the US media. To geeks, it's not so much that El Prez himself is appearing on one of our favorite TV shows, it's that he's using the bully pulpit rather than Executive Order to try and promote the importance of science in our educational system.
The President as spokescritter instead of dictator, this is the kind of government program that might possibly do some good.
I find it odd that The Discovery Channel would get access to the President and use their huge publicity opportunity to... rehash a myth they've already debunked twice. What?
The only possible reason to use this particular myth is so you can get 500 kids involved, each holding a mirror, and maybe involving the kids directly in the science, plus a little time with a few celebrities, will help associate science with coolness. I mean, it's an easy and pretty safe myth from the kids' perspectives. Hold a mirror, aim reflection at ship a safe distance away, hope for it to start smoking and burst into flames.
I dunno, though, it just seems like they could have done something new (at least new to the show) that would be just as engaging. Like debunking the professor's use of coconuts to power a radio on Gilligan's Island or something.
Adam: "So, as you can see, stirring the solution in 5 coconuts didn't work. Busted."
Jamie: "Agreed. Busted. So what are we testing next?"
Barak: [walks on stage]"Wait a minute. We can't stop here, can we? Don't we need to scale it up?"
Jamie: "Sure, normally, but how do we scale this one up?"
Adam: "It'll take the output of 500 coconuts! Where are we going to find enough people to build and operate hundreds of coconut batteries? It's impossible!"
Barak: "Fortunately, I brought a few friends along to help out. C'mon out, kids!"
[cue 500 schoolkids]
Barak, Jamie, and Adam: "SCIENCE!"
set pdenatic = "on";
No, you'd actually want pretty comprehensive logging. Not a series of separate, discrete solutions. On a completely unrelated note, though, you would want it to be discreet so it isn't noticed.;
set pedantic = "off";
Seriously...
Get a decent router (any of the Linux-based ones that can take aftermarket firmware would work, Tomato and the various HyperWRT variants are all capable of remote logging and even have some level of connection monitoring built-in, and I'm sure DD-WRT has it covered as well) and it'll dump logs to your computer, then you can sift through them with WallWatcher or similar. Or take your main computer, add a second Ethernet card to it, and run all your traffic through it, logging everything as it goes through.
If caps are the only thing she can read easily, wouldn't it be easier for her to load a font that shows lowercase letters as uppercase, that way she can read everything on the Web, not just the things that others have to accommodate her for? I'm not saying that accommodating her is wrong, but merely accommodating her on a specific forum means you're limiting her access to the Web. Enabling her with a font that translates everything to uppercase gives her the freedom to go anywhere she damn well pleases and the whole web is open to her (well, except for things like PDF documents or text-as-an-image, but at least most of the Web instantly becomes uppercase for her).
http://www.fontspace.com/john-singer/tymeslittlecaps would seem to be a good candidate, as it shows everything in caps, but the "lowercase" letters are just smaller capitalized letters. So she can tell the visual difference between caps and lowercase, but she's reading it all in caps.
Or if the size differences are part of the confusion, http://www.fontspace.com/typophil/tpf-quackery or http://www.fontspace.com/anonymous-fonts/juggernaut might work, Juggernaut has a squared-off blockier look that might be even easier to interpret (or not, but that's the beauty of free fonts, you try until you find one that works).
There are tons and tons of sites with free fonts, both for artistic merit and to meet the specific needs of people who have trouble with Arial and Times New Roman and the like.
Shit like this happened back then, too. It's just that a stolen nativity scene in Virginia wouldn't make the news in Kentucky, and one in California wouldn't make the news in New Jersey. We read about this shit because it sells eyeballs and subscriptions, like all bad news, and when we run out of the other shit that's been happening forever (murder, rape, etc) we cover less and less important stories further and further away.
I'm not saying that stealing a nativity scene is somehow OK, it's just that 30 years ago it would have been purely local news of local interest, not national scare-filler.
These things aren't mysteries, even to many laypeople. Of course, I'm a private pilot, so the potential interference to radio communications, GPS, etc maybe makes me a little more aware of it than most, but it's not like this is a new phenomenon or something we've just now discovered thanks to modern science. Humanity knew about these before the 1800's, and their effects on electrical devices were pretty clearly demonstrated by Mother Nature since at least 1859 (the Carrington Event, http://en.wikipedia.org/wiki/Solar_storm_of_1859 ).
We've been hit by CMEs in the past, and their effects are pretty well understood. The potential impacts of this are real, and very inconvenient, in that they can knock out power grids with relative ease ( http://en.wikipedia.org/wiki/March_1989_geomagnetic_storm ). We haven't had a strong hit since the cellular telephone was invented in 1989, so we have little experience with the really strong ones and modern electronics, but frying a few million computers and smartphones would (if not fatal) have some pretty nasty economic consequences for the owners of same.
The only level of lethality would be if you are somehow dependent on electricity, or the possible introduction of electricity into places you weren't expecting it. So, for example, if you hear about a strong geomagnetic event, it's probably not a good idea to go out and lean on any local ungrounded aluminum-sided house or any very large piece of ungrounded conductive material. You might become the grounding strap. That could be bad. Think of it as a lightning event, except it's smaller lightning but appears everywhere, even inside things.
Upside: While it's dark at night what with all the lack of power and your neighbors not burning their 10,000 watt back yard lights all night, you'll see the coolest aurora display ever if you live far enough north (and that could be as far south as Texas with a strong event). "Aurora Borealis, shinin' down in Dallas, can you picture that?"
We know it damages things as crude as telegraph machines, including setting the paper in them on fire from sparks, because it has. CMEs can impart energy into metal, and the electrical network is a huge freaking CME antenna, so in a strong storm expect at least temporary loss of power, and longer if there's enough strength to overload transformers and the like.
The CME can either cancel out the existing electricity in the power grid, or it can add to it, depending on polarity. A modestly strong CME impact can actually impart electricity into unshielded electronics and fry them where they sit due to nothing more sophisticated than voltage overload, even if they are not plugged in (this is known as "geomagnetically-induced current").
A little light reading for when you get curious.
http://en.wikipedia.org/wiki/Geomagnetic_storm#Historical_occurrences
http://en.wikipedia.org/wiki/Geomagnetic_storm
That would be one holy mother jaw-dropper of a privilege escalation flaw, allowing a data read from one VM to traverse the hypervisor and read an encrypted filesystem in a separate VM.
I'm not saying it's impossible, but it's rather unlikely, and it'd probably be the subject of a very high priority fix. Once the corporate security folks read a service bulletin like that, they'd probably hit the big red "REMOTE-WIPE ALL CORPORATE PHONES NOW" button until a fix was available.
However, shit does in fact happen. There is a slight risk, sure, but compare that to the ordinary ways of doing business today:
1. I have to carry two phones, which means I'm more likely to lose one (and particularly the one I don't use as much). I'm less likely to miss a phone I don't use, so I might not notice losing it for a critical few hours or even days. Physical access to a device is the worst-case scenario, especially if the device has not been wiped.
Plus I won't always carry it if I'm not on call. If it's one phone, I'll always have it with me. If it's always with me, I'm more likely to peek at my company email to see if there are problems, and respond even when I'm not technically on call. With that slight risk comes the ability to reach me if the regular on-call guy and his backup are unavailable. We're in a fairly rural area with lots of dead spots, so this is a real risk for us.
2. I carry one for work, and they allow me to use it for personal use (the way my company does it). I load apps on it, and I'm responsible for tuning the firewall (if it exists, like it does on my BB) to make sure no apps have access to my contact information.
There are a lot of people who simply don't know how to configure security for apps, so they simply toggle everything to "allow all" so they aren't bothered by prompts and their apps always work. Company policy prevents that for a few data sources, but the contact list is not one of them. So there's a nearly 100% chance that some company data is already vulnerable to bad app writers, though none of it is critical data.
So, yeah, there's a risk involved in combining two phones into one, but it also mitigates a few risks every company that issues smartphones accepts today.
How many people will actually want their personal phone and thier business phone to be mixed?
Let me start the count for you. ONE! :)
Do you have two separate service plans with two separate bills?
Ideally, yes. Many phones (non-US-carrier-locked ones, anyway) can take two SIM chips and even from two separate carriers. Company issues you a phone with their SIM and a VM pointing to that SIM. If you want a personal plan, you go to your carrier of choice(*) and buy a month-to-month SIM (or go to a convenience store and pick up a prepaid SIM if you don't plan on using your side of it a lot) or plug your personal SIM from your personal phone into the company one.
That way, if you overuse your data, you and your company are not having a conversation about "personal use".
A generous company might even pay for the personal plan, or help subsidize it, but worst case they are giving you a smartphone that doesn't come with a 2-year ETF agreement. And it's a smartphone they'll be comfortable giving you, since they can secure the crap out of their bits of it without affecting your bits.
(*) Of course, the downside in the US is that you're pretty much stuck with your company's carrier unless the phone's got an impressive array of radios, since even the SIM-based carriers in the US use different and incompatible signalling technologies (most GSM carriers work fine for voice or EDGE, but get into 3G+ territory and it's a minefield, and of course Verizon and a few others use completely different tech). I suppose they could built a phone that can support many technologies simultaneously or make the radios modular, but that brings the build cost up and the phone gets bigger.
I don't think a VM is overkill at all for corporate use.
I currently carry a company smartphone, and there are all sorts of restrictions on what I can do with it. In addition, that device carries company confidential data. There is the possibility that I could install malware on the phone that compromises the data, and yet Corporate doesn't want to be ridiculously draconian about their policies because they understand we use these devices for a limited amount of personal use as well, and as long as it doesn't cost the company money (data/minutes overages, buying ringtones, etc) they are OK with it.
However, the fact that it's a company phone makes it less convenient. It locks after 15 minutes, I can't install certain apps like the latest Google Maps (because Google Maps 4 for Blackberry demands ALLOW access to everything on the phone, including company encrypted data, and no fucking way would I allow that even if my company policy didn't wisely block it). Fortunately, the Blackberry has a nice firewall system and with any apps I install I can allow/disallow access to various bits, so I routinely make sure that anything "corporate" is set to BLOCK for any "personal" apps I run, but a lot of apps still need the contacts list and others. Your idea of separating contact lists is a good one, but it's not sufficient - if a poorly-behaved app is running on the same operating system, it still might get access to something it shouldn't.
With a system like this, my company could issue me a phone with two SIM slots and two operating systems. If I want to use it for personal use, I jack in my SIM to slot #1 and I have a nice smartphone to use on my plan. The company puts their SIM in slot 2 and builds as draconian a control system as they please into it, and it's isolated from anything I might decide to do to "my" side of the phone. If I leave the company, they either take their SIM and wipe their OS and give me the phone, or I take my SIM and wipe my OS and give them the phone so they can reissue it to someone else. In either case, my personal phone remains my personal one, and the company phone ceases to exist.
The company can issue you a completely restrictive phone and you can carry a completely unrestricted phone, they just happen to be in the same device.
Sure, you could carry two devices, but then you've got to keep two devices charged, remember two devices, etc.
OK, I did miss your point about Zino, and I apologize for that.
I'll make this easy for you, with fewer words
I stop reading when the post goes from discussion to condescension. Fuck you.