You answered a different question, that's superficially similar, but not one that supports the argument that automated updates themselves are a security problem. Automatic updates cause a lot of problems, yes, and I would rather Microsoft backed away from them... but unless you know of a specific attack vector that they enable then focussing on them is ignoring the underlying problems and stopping them won't fix the underlying problems.
The biggest systematic design flaws in Windows are, in no particular order:
(1) The lack of the ability to control the interfaces that services are directly bound to, because services can not be run from a UNIX style superserver (like inetd, xinetd, tcpwrapper, or tcpserver) and so they can not be systematically re-bound to ONLY the interface that they need to use, nor is there (as a result) a tradition that services NOT run from a superserver also have the ability to control bindings. The result of this is that a firewall, which provides a second layer of protection (defense in depth) on UNIX systems, is the only layer between an untrusted network and a service.
(2) Wrapping a non-IP network protocol under TCP/UDP in a way that multiple services are exposed at the same TCP/UDP port via different addresses (named pipes) in the wrapped protocol. This means that opening up any of these services in a layer 3 packet filter opens up all of them.
(3) Integrating the Internet and the desktop in a way that puts the security model under the HTML control rather than under the application, so the HTML control has to use ad-hoc security zones updated as (inevitably) holes are found in the zone model to decide on the rights that objects will be granted.
(4) The use of an insecure API to pass a set of parameters to applications, whereby programmers have to guess how other applications (outside their control, and often written after the fact) will parse quotes to securely pass parameters to applications.
(5) The use of a single set of application bindings for helper applications, whether the binding is used by an application displaying internal content generated directly by components that already have local execute rights (and are therefor trusted) or by an application displaying untrusted content.
(6) The lack of a formal system call API. Instead of having a small set of fixed system calls that can in principle be verified not to expose internal OS APIs, the equivalent of system calls are made via arbitrary call gates.
Of these flaws, only #s 5 and 6 have equivalents in any other currently used desktop OS, and the exposure from #5 is significantly lower outside Windows.
Fixing these problems should be given far greater priority than automatic updates.
I don't have any inside information about why they decided to make the connector rotationally symmetrical from the outside, so I limited my comment to what I did know. I was mostly making the point that they were already a massive improvement over existing connectors, most of which used *circular* connectors that were only keyed by fragile, easily bent wires.
I plead guilty to excess brevity. If I've gone to far the other way, it's only in response to relentless interrogation.
Given that Firefox and Netscape are just different shells around the same basic application (a browser core is a lot more than just a rendering engine, it's an application), I think distinguishing Netscape and Firefox isn't very useful...
Here's the interesting number to watch: IE market share
??? 2004 91% ??? 2005 87% -4% Jan 2006 85% -2% Jan 2007 80% -5% Dec 2007 76% -4%
So what we're looking at here is IE down another 4% since the beginning of the year. I don't think it's Firefox that's "struggling".
Here's some longer term numbers from w3schools.com:
Given how much Hollywood and pop music industry profits from anti police-state motifs, one would imagine it their duty not to suggest, promote, and force the bringing about of a police-states,
Huh, when it comes down to duty versus interest, the profit ain't on the side of duty. Consider the famous phrase attributed to a man seen as profiting mightily from conflict: "Please remain. You furnish the pictures and I'll furnish the war." -- William Randolph Hearst.
The most important line from the article got into the summary: "Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit."
Unfortunately that's not limited to transport command and control systems.
I like that, though you left out the guy who explains why he did it that way... and it makes sense.
I've had a few situations where I've had trouble figuring out some code, because I was making a wrong assumption somewhere, and at least once I've cleaned up some code and then gone back and put it back where it started once I figured out what was really going on, learned more about the technology or the problem area, or otherwise educated myself out of a hole.
I suppose you could say this was a matter of bad documentation, the code should have had better comments or something, but it's not always that simple. And, yes, that sounds like a pretty good place to start.
I'd love to have gotten a question like that, even though I'd probably hate it at the time. You need to be careful, though: one of the things that makes it nasty is that programmers who actively work with the end-users to get the kind of feedback they need (and that you presumably need them to get) are going to be the most frustrated with it... because you're playing the role of the very worst kind of customer for them: the information sponge who never provides any feedback at all.
Reliability is an indication that certain kinds of security flaws are less likely, yes, but... oh, here, have an analogy on me... your car has never accidentally shifted into reverse, I would assume. Does that tell you anything about whether you can pop the trunk open by whacking the bumper in the right place?
Your knuckles (from poking around behind your desk) and your sanity are another matter.
If you can't handle plugging USB connectors in without looking at them, you're no way going to have any better luck plugging in anything else by feel. You really think they're worse than mini-DB15, HD50, RJ11/RJ45, or DIN connectors?
What did you use, a hammer?
D-shell connectors frequently only have a few live pins actually inserted (for example, it was common for RS232 and EIA to only have 5 live pins, and it wasn't THAT rare to only have 3), so if the shell is even slightly flexible it didn't take much of a bad entry angle to trash them. Mini-D is even worse because the pin layout is rotationally symmetrical, and if the shell is loose or worn.
Having an asymmetric that can't be plugged in the wrong way is not that hard.
First, even the USB-A satisfies that. The only place it falls down is being *visually* distinct.
Second, I didn't even *imply* it was hard. I said it was uncommon to have one that you could tell the orientation by touch back in the early '90s. It still is. I just went around every computer in my house, and the only connector that I'd be confident orienting both plug and jack by touch is the AC power cord... and needless to say that's not one I'd recommend trying.
why didn't they do that with the USB-A plug
Because they didn't have your fearsome 15 years of hindsight.
For example, right off the bat, for the Commodore 64: "The computer's anti-ergonomic 2-inch height made it extremely hard on the wrists of untrained typists."
One of the best typewriters ever, the IBM Selectric, had a higher keyboard than the Commodore 64 or any of teh other devices shown. The hight of the keyboard has very little to do with its ergonomics, and a high keyboard does not strain your wrists. Desks have a greater than two inch variance in height, and desk chairs can be adjusted to match.
What will cause problems is a keyboard with a "wrist rest", or a too low profile keyboard that encourages you to pick up the bad habit of resting your wrists on the table as you type.
Not that I'm going to defend the chickenhead 64, it's got plenty of issues without making new ones up. I'll take the C=64's keys over the ones on my Macbook Pro any day.
What the OPs are saying is that this is not universally true.
1. The OP didn't say any such thing. He said, and I quote, "Either that or do the this-way-or-that maneuver every time you plug something in." Which is true of pretty much any connector that you're inserting by feel, and a lot safer with these connectors than most.
2. Nothing is "universally true". I'm sure there's kids that have broken their Game Boys in all kinds of weird ways, too, even if they're kid-proof. Yes, you can break USB connectors. But even if they're flexible I really can't see it happening without some gormless blighter forcing it.
More recent variants of the same kind of connector design have improved quite a bit.
I'd bloody hope so, mate. My point isn't that this is the best possible design they could have come up with, it;s that compared to the other connectors around at the time they were a major step forward... flat or not.
They're flat because it doesn't matter if they're flat, because the physical design is foolproof.
It doesn't matter if you plug it in the wrong way around... you can't do it, and you won't damage it if you try. When you're plugging in a connector in the back of your computer, by feel, you can't tell if you're plugging it in the right way up or not by the shape... you can only tell by the fact that it won't go in the wrong way around. Try it with a firewire connector, which is both internally and externally keyed, and the USB-A connector, which is only internally keyed. You'll go through the same process: plug it in the right way, it goes in. Plug it in the wrong way, it won't go, you'll turn it around, and try again.
Contrast this to DB-n connectors, which are externally keyed, but far from foolproof. I've managed to accidentally plug in DB-9, DB-25, DB-15, and mini-DB-15 connectors the wrong way around despite the external keying... and wrecked a few in the process.
I've yet to trash a USB connector the same way. Though my kid has, for an MP3 player that plugged in directly until she dropped a textbook book on it and broke it right off... I don't think I would care to try and design a connector that would survive that.
Yes, it would probably be better to have them *also* externally keyed. It would save a few seconds of frustration now and then when plugging them in where you can see them, if you haven't figured out that the USB logo goes "up". But it's not important, because they're foolproof. They're even almost kidproof.
Say what? Firewire connectors are not flat. I don't believe gamelink connectors are either.
I didn't say they were. I said the mechanical design was based on the Gamelink connector. Of course the firewire and USB connectors (all three) have different cross sections (different "shape of the plug" if you like), but the robust physical design of the connector came from the Gameboy.
Yep, they promised 40 acres and a flying car, and they haven't even shipped an affordable personal jetpack yet... and they had THAT in "Lost in Space"!
Having behind us the producing masses of this nation and the world, supported by the commercial interests, the laboring interests and the toilers everywhere, we will answer their demand for a gold standard by saying to them: You shall not press down upon the brow of labor this crown of thorns, you shall not crucify mankind upon a cross of gold.
Both USB and Firewire connectors were based on the connectors in the Nintendo Gameboy. The Gameboy "gamelink" cables had proven so reliable and successful - literally childproof - that the physical design was adopted pretty much straight.
The available "desktop" environments on Linux seem to largely be trying to reproduce an environment that's more like Windows desktop/application centered approach than like a traditional user-centered UNIX environment.
This has the advantage of familiarity, but it does raise the question of why the average user would be attracted to a poor copy of Windows (no matter how good it is under the hood) that's more of a hassle to use and also suffers from a shortage of applications.
Smaller labels sold unprotected MP3 files through sites like eMusic.com, gambling that the increased sales and notoriety that would come with easier access to their music would outweigh sales lost through unauthorized copying.
That argument eventually won favor with Apple [...]
You mean "that argument eventually won favor with EMI". Apple was MAKING that argument to the music industry before they even opened the iTunes Music store, according to the Rolling STone interview with Steve Jobs just a few months after the iTunes Music Store opened:
Because of their technological innocence, I would say. When we first went to talk to these record companies -- you know, it was a while ago. It took us 18 months. And at first we said: None of this technology that you're talking about's gonna work. We have Ph.D.'s here, that know the stuff cold, and we don't believe it's possible to protect digital content. -- Steve Jobs, 2003.
More recently, after EMI finally made the break:
We've always known Steve's view on the subject, long before his open letter. [...] We remain optimistic that in due course digital growth will outstrip physical decline. It hasn't happened yet but clearly we think this is a big step in helping to promote digital sales. Don't ask me to predict exactly when it will happen because I can't. It's important to say that digital is still very much in its infancy. Despite the sensational job that iTunes has done over the last four years, this is an industry in its infancy. The opportunity is massive. -- EMI chief exec Eric Nicolai.
I don't see any link that has really been broken because people have always been able to take music that they've gotten from elsewhere, such as ripping their CD collection, and put it on iTunes or any other music player. People have always been able to buy music on iTunes, burn it to a CD, burn it and rip it, and put it on any player they wanted to. -- Steve Jobs
Some countries employ complete morons who can't read, so explain how being deported is such a bad thing.
...
Some companies employ complete morons who can't read, so explain how being fired is such a bad thing.
Some insurance companies employ complete morons who can't read, so explain how losing your insurance is such a bad thing.
So Web 2.0 is Usenet 1.0?
You didn't answer my question.
You answered a different question, that's superficially similar, but not one that supports the argument that automated updates themselves are a security problem. Automatic updates cause a lot of problems, yes, and I would rather Microsoft backed away from them... but unless you know of a specific attack vector that they enable then focussing on them is ignoring the underlying problems and stopping them won't fix the underlying problems.
The biggest systematic design flaws in Windows are, in no particular order:
(1) The lack of the ability to control the interfaces that services are directly bound to, because services can not be run from a UNIX style superserver (like inetd, xinetd, tcpwrapper, or tcpserver) and so they can not be systematically re-bound to ONLY the interface that they need to use, nor is there (as a result) a tradition that services NOT run from a superserver also have the ability to control bindings. The result of this is that a firewall, which provides a second layer of protection (defense in depth) on UNIX systems, is the only layer between an untrusted network and a service.
(2) Wrapping a non-IP network protocol under TCP/UDP in a way that multiple services are exposed at the same TCP/UDP port via different addresses (named pipes) in the wrapped protocol. This means that opening up any of these services in a layer 3 packet filter opens up all of them.
(3) Integrating the Internet and the desktop in a way that puts the security model under the HTML control rather than under the application, so the HTML control has to use ad-hoc security zones updated as (inevitably) holes are found in the zone model to decide on the rights that objects will be granted.
(4) The use of an insecure API to pass a set of parameters to applications, whereby programmers have to guess how other applications (outside their control, and often written after the fact) will parse quotes to securely pass parameters to applications.
(5) The use of a single set of application bindings for helper applications, whether the binding is used by an application displaying internal content generated directly by components that already have local execute rights (and are therefor trusted) or by an application displaying untrusted content.
(6) The lack of a formal system call API. Instead of having a small set of fixed system calls that can in principle be verified not to expose internal OS APIs, the equivalent of system calls are made via arbitrary call gates.
Of these flaws, only #s 5 and 6 have equivalents in any other currently used desktop OS, and the exposure from #5 is significantly lower outside Windows.
Fixing these problems should be given far greater priority than automatic updates.
What exploits have automated updates, initiated by the software being updated, enabled?
Perhaps the court of public opinion can lend a hand.
I don't have any inside information about why they decided to make the connector rotationally symmetrical from the outside, so I limited my comment to what I did know. I was mostly making the point that they were already a massive improvement over existing connectors, most of which used *circular* connectors that were only keyed by fragile, easily bent wires.
I plead guilty to excess brevity. If I've gone to far the other way, it's only in response to relentless interrogation.
Here's the interesting number to watch: IE market share So what we're looking at here is IE down another 4% since the beginning of the year. I don't think it's Firefox that's "struggling".
Here's some longer term numbers from w3schools.com: That one's actually looking more hopeful for IE holding on to the market share they have remaining. Not in business, but in academia.
Given how much Hollywood and pop music industry profits from anti police-state motifs, one would imagine it their duty not to suggest, promote, and force the bringing about of a police-states,
Huh, when it comes down to duty versus interest, the profit ain't on the side of duty. Consider the famous phrase attributed to a man seen as profiting mightily from conflict: "Please remain. You furnish the pictures and I'll furnish the war." -- William Randolph Hearst.
The most important line from the article got into the summary: "Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit."
Unfortunately that's not limited to transport command and control systems.
I would give Bjarne more credit if he'd shown a better understanding of C before he started designing C++.
Not to mention... Java vs C++? This is like arguing the merits of Lincolns vs. Fords. The languages are kissing cousins.
I like that, though you left out the guy who explains why he did it that way... and it makes sense.
I've had a few situations where I've had trouble figuring out some code, because I was making a wrong assumption somewhere, and at least once I've cleaned up some code and then gone back and put it back where it started once I figured out what was really going on, learned more about the technology or the problem area, or otherwise educated myself out of a hole.
I suppose you could say this was a matter of bad documentation, the code should have had better comments or something, but it's not always that simple. And, yes, that sounds like a pretty good place to start.
I'd love to have gotten a question like that, even though I'd probably hate it at the time. You need to be careful, though: one of the things that makes it nasty is that programmers who actively work with the end-users to get the kind of feedback they need (and that you presumably need them to get) are going to be the most frustrated with it... because you're playing the role of the very worst kind of customer for them: the information sponge who never provides any feedback at all.
Reliability is an indication that certain kinds of security flaws are less likely, yes, but... oh, here, have an analogy on me... your car has never accidentally shifted into reverse, I would assume. Does that tell you anything about whether you can pop the trunk open by whacking the bumper in the right place?
Your knuckles (from poking around behind your desk) and your sanity are another matter.
If you can't handle plugging USB connectors in without looking at them, you're no way going to have any better luck plugging in anything else by feel. You really think they're worse than mini-DB15, HD50, RJ11/RJ45, or DIN connectors?
What did you use, a hammer?
D-shell connectors frequently only have a few live pins actually inserted (for example, it was common for RS232 and EIA to only have 5 live pins, and it wasn't THAT rare to only have 3), so if the shell is even slightly flexible it didn't take much of a bad entry angle to trash them. Mini-D is even worse because the pin layout is rotationally symmetrical, and if the shell is loose or worn.
Having an asymmetric that can't be plugged in the wrong way is not that hard.
First, even the USB-A satisfies that. The only place it falls down is being *visually* distinct.
Second, I didn't even *imply* it was hard. I said it was uncommon to have one that you could tell the orientation by touch back in the early '90s. It still is. I just went around every computer in my house, and the only connector that I'd be confident orienting both plug and jack by touch is the AC power cord... and needless to say that's not one I'd recommend trying.
why didn't they do that with the USB-A plug
Because they didn't have your fearsome 15 years of hindsight.
For example, right off the bat, for the Commodore 64: "The computer's anti-ergonomic 2-inch height made it extremely hard on the wrists of untrained typists."
One of the best typewriters ever, the IBM Selectric, had a higher keyboard than the Commodore 64 or any of teh other devices shown. The hight of the keyboard has very little to do with its ergonomics, and a high keyboard does not strain your wrists. Desks have a greater than two inch variance in height, and desk chairs can be adjusted to match.
What will cause problems is a keyboard with a "wrist rest", or a too low profile keyboard that encourages you to pick up the bad habit of resting your wrists on the table as you type.
Not that I'm going to defend the chickenhead 64, it's got plenty of issues without making new ones up. I'll take the C=64's keys over the ones on my Macbook Pro any day.
What the OPs are saying is that this is not universally true.
1. The OP didn't say any such thing. He said, and I quote, "Either that or do the this-way-or-that maneuver every time you plug something in." Which is true of pretty much any connector that you're inserting by feel, and a lot safer with these connectors than most.
2. Nothing is "universally true". I'm sure there's kids that have broken their Game Boys in all kinds of weird ways, too, even if they're kid-proof. Yes, you can break USB connectors. But even if they're flexible I really can't see it happening without some gormless blighter forcing it.
More recent variants of the same kind of connector design have improved quite a bit.
I'd bloody hope so, mate. My point isn't that this is the best possible design they could have come up with, it;s that compared to the other connectors around at the time they were a major step forward... flat or not.
They're flat because it doesn't matter if they're flat, because the physical design is foolproof.
It doesn't matter if you plug it in the wrong way around... you can't do it, and you won't damage it if you try. When you're plugging in a connector in the back of your computer, by feel, you can't tell if you're plugging it in the right way up or not by the shape... you can only tell by the fact that it won't go in the wrong way around. Try it with a firewire connector, which is both internally and externally keyed, and the USB-A connector, which is only internally keyed. You'll go through the same process: plug it in the right way, it goes in. Plug it in the wrong way, it won't go, you'll turn it around, and try again.
Contrast this to DB-n connectors, which are externally keyed, but far from foolproof. I've managed to accidentally plug in DB-9, DB-25, DB-15, and mini-DB-15 connectors the wrong way around despite the external keying... and wrecked a few in the process.
I've yet to trash a USB connector the same way. Though my kid has, for an MP3 player that plugged in directly until she dropped a textbook book on it and broke it right off... I don't think I would care to try and design a connector that would survive that.
Yes, it would probably be better to have them *also* externally keyed. It would save a few seconds of frustration now and then when plugging them in where you can see them, if you haven't figured out that the USB logo goes "up". But it's not important, because they're foolproof. They're even almost kidproof.
Say what? Firewire connectors are not flat. I don't believe gamelink connectors are either.
I didn't say they were. I said the mechanical design was based on the Gamelink connector. Of course the firewire and USB connectors (all three) have different cross sections (different "shape of the plug" if you like), but the robust physical design of the connector came from the Gameboy.
Yep, they promised 40 acres and a flying car, and they haven't even shipped an affordable personal jetpack yet... and they had THAT in "Lost in Space"!
Having behind us the producing masses of this nation and the world, supported by the commercial interests, the laboring interests and the toilers everywhere, we will answer their demand for a gold standard by saying to them: You shall not press down upon the brow of labor this crown of thorns, you shall not crucify mankind upon a cross of gold.
Both USB and Firewire connectors were based on the connectors in the Nintendo Gameboy. The Gameboy "gamelink" cables had proven so reliable and successful - literally childproof - that the physical design was adopted pretty much straight.
I figure you're pretty much on the money there.
We had to upgrade to Windows 2000 from NT4 to get reliable USB support, and Microsoft never did come out with a Bluetooth stack for Windows 2000.
1. Ogg is just as available on OS X as on Linux. It's a third party plugin, but then so is EVERYTHING on Linux when you think of it.
4. What kind of "hacking" are you doing on Linux that you think doesn't involve being a coder?
The available "desktop" environments on Linux seem to largely be trying to reproduce an environment that's more like Windows desktop/application centered approach than like a traditional user-centered UNIX environment.
This has the advantage of familiarity, but it does raise the question of why the average user would be attracted to a poor copy of Windows (no matter how good it is under the hood) that's more of a hassle to use and also suffers from a shortage of applications.
That argument eventually won favor with Apple [...]
You mean "that argument eventually won favor with EMI". Apple was MAKING that argument to the music industry before they even opened the iTunes Music store, according to the Rolling STone interview with Steve Jobs just a few months after the iTunes Music Store opened:
More recently, after EMI finally made the break: