I have found a number of places where people have exaggerated the effect of DRM on their use cases far beyond reality. Others have quoted officers of corporations who were clearly lying about the reasons they made business decisions to restrict access, and attempting to direct the blame to other companies. I wish people wouldn't do this, because these errors of fact are clear to anyone with a reasonable familiarity with the situation, and cast any argument against DRM... even the many many valid ones... into disrepute.
when they arrive, it will be a good idea to have some protection installed beforehand
Antivirus software has to by its very nature integrate itself deeply into the OS and libraries and modify many many calls to insert checks for viruses. Even setting aside the fact that these programs are using unsupported and internal APIs, and the OS vendor does not get to update them as they update the APIs they depend on, they are additional code in a critical path AND they are designed to make normal operations by applications fail when they trigger a signature.
The result is that it is impossible for this kind of software to NOT reduce the performance and stability of your system. Installing AV software WILL cause a certain amount of failures and data loss among the people who use it. Until the risk of data loss from malicious worms and viruses (currently zero) increases to the point where it's greater than the risk from antivirus software (currently non-zero), you are better off without AV software.
This is not theoretical: antivirus companies have been pushing AV software for Palms and Windows CE handhelds since about 2000. In that time there have been zero examples of malware for these handhelds propagating in the wild, and a number of cases where false positives led to data loss.
Do I need to do original research to compare X, Y and Z or do I just need to pick the right fucking one?
Who said anything about "doing original research". I'm just talking about understanding the theory. We're talking about something that is as fundamental to computer science as atoms are to physics.
If you don't understand WHY X, Y, or Z is best for A, B, or C, you're going to make the wrong choice.
It's fucking elitist and wrong to require a computer science background for programming
I didn't say that. Taking courses in theory doesn't mean "having a CS background" any more than taking freshman physics courses means you're a physicist.
Knowing compiler theory, understanding memory allocation optimisation mechanisms, being able to reverse engineer public key encryption mechanisms.. sure, this is all good fun. I'd far rather give a job to someone that knows how to talk to people from a non-computing background and translate their needs into working software.
Are you looking for an engineer or an architect? Either way, you don't want to pick one who doesn't know the kind of carpet to put in high traffic areas, but you also don't want to pick one who thinks you can use balloons full of phlogiston to support a balcony. You need BOTH... the article I was responding to was dismissing something as fundamental as atomic theory as "irrelevant".
It doesn't really matter. If the downloaded file does not automatically open people are rarely "caught" by it... and in the past decade I have only had one user come to me a second time after explicitly opening a downloaded file saying they had gotten a virus from it... I've had several people repeatedly come to me telling me they "clicked the wrong button" again and their computer was acting funny. Not just two or three times, some of them.
The exposure from downloaded files that do not automatically open or unpack is very low, and virtually everyone learns not to open files in their download folder they didn't expect to see there. The security problem is caused by automatically opening or unpacking downloaded files, and is best fixed by simply not doing that.
It's not like most people are going to be seeing this warning on a daily basis.
My experience supporting a large range of users as a network and system administrator indicates that people perform operations that lead to these kinds of dialogs... even ones who have NO business-related reason to be downloading ANYTHING... far more often than you would suspect. Certainly far more than *I* would suspect if I didn't have to clean up after them.
File extensions have nothing to do with the contents of a file,
Since according to the human interface guidelines applications should not modify or set Finder Info for other applications, unless the browser is violating the HIG the only thing that LaunchServices has to go on for a freshly downloaded file is the extension.
Unless you have "Open 'Safe' Files After Downloading" set, and the file is an archive type that is set as being "safe", Downloading a file should not set Finder info, or the execute bit, the icon, or anything else that could lead a user to misinterpreting the file type other than a double extension.
"Open 'Safe' files after downloading" is now off by default.
Unless you explicitly turn that on or you have upgraded Safari from a version that had that flag enabled, there should be no way for any of the attacks described to be made via downloading a file and opening it in Finder. If you have this flag enabled, then I can see adding a warning (but include a note that you can get rid of it by removing that unsafe option).
If there are, if Apple has left a backdoor that allows files to be unpacked automatically after downloading, then that is the security flaw that needs to be fixed, instead of making a dialog come up for every downloaded file you open.
In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography".
Either they're using a really broad definition of 'involves' or a narrow definition of 'internet crime', or I'm on a lot more target lists than I'd have thought. Given how much of the mail that gets through my server-side spam filters is even illegal in Nigeria, I'd really have thought the plain old confidence game was #1.
in that case they would also have to stop supporting running unix executable files from within Finder
I would accept that. They don't (or didn't used to) support running shell scripts from Finder... I had to add a handler for ".sh" to run some scripts I'd created from Finder. That comes back to "instead of asking if you should do some stupid thing, make it not stupid".
Depending on point of view, launching a downloaded application for the first time could be considered rare and could definitely result in something irreversible.
If they only did it for downloaded UNIX executable files, I might agree, but they do it for EVERYTHING. Multiple times, sometimes. That is NOT a rare action, nor a rare dialog. It's training people to answer "Yes" when a program asks "I'd like to install a botnet node on your computer, is that OK?".
I don't know what you think FrontPage has to do with anything.
If you're just gluing components together without understanding them, as the OP seemed to be suggesting, you might as well be using that kind of canned office-automation application. Because that's basically what they do, and you won't be safe doing anything more.
but we don't need four years of that while ignoring more important topics.
You don't need four years to learn calculus, but we don't need engineers who can't integrate a school (that's school squared plus a constant).
You don't need four years to learn the computer science a programmer needs, but we don't need programmers who don't understand the theory.
An engineer still needs to take quite a bit of physics.
I don't want an engineer who doesn't know what "specific heat" means, and I don't want a programmer (whatever you call him) who doesn't understand computability and complexity.
Software engineers need to know a lot of mathematics in order to make software. That doesn't mean that civil engineers are physicists or that software engineers are computer scientists.
The OP was arguing that "software engineers" didn't need to know the mathematics. They just needed to know how to glue bits of working code together. That's what you do when you use desktop publishing tools... my point isn't that they need to be computer scientists, but rather that they still needed that knowledge. BOTH practical and theoretical understanding of the subject are absolutely necessary.
Software engineers need to know how to pick a good enough algorithm and use it. They don't need to know how to compare such algorithms
Um, yes, they absolutely do. How the hell can you pick an algorithm if you don't know how to compare them?
Programmers need to understand engineering, AND they need to understand mathematics. That's why I took CS from an engineering school, instead of a math department... but it's also why I took CS at all.
Oh, Apple is not as bad as Windows yet, by an order of magnitude. But they were already too far down the slippery slope when they tried to avoid fixing the 'Open "Safe" Files' hole by adding a dialog instead of turning off 'Open "Safe" files' by default, and Leopard just put them on ice skates.
At least they can learn. They did make 'Open "Safe" files' off by default, eventually... maybe they'll figure out that this is ALSO a stupid idea.
But not when so many people think anyone criticizing a decision by Apple must be a Microsoft shill, instead of thinking about the real problem.
The Mac bugs you exactly once. If you really hate it, you can add a folder action to your downloads folder to fix it.
Depending on the file, it may bug you more than once... I've had it hit me three times for an application in a disk image in a zip file.
And using the folder action means that Finder wakes up and steals focus.
And, finally, the problem isn't what I'm doing, it's all the people Apple is training to reflexively approve security dialogs because they see so many of them and they're almost always wrong. I've watched the rot on Windows for a decade, as a system administrator, and that's EXACTLY what it does.
The reason for the dialog you get when launching a downloaded application for the first time is to counter an otherwise existing flaw where an application could be disguised a document.
So fix the bloody flaw. STOP HIDING FILE EXTENSIONS.
Adding a warning before doing something that is almost always the correct thing just trains people to approve dialogs where it's usually the wrong thing.
Warning dialogs should ONLY be brought up before *rare* and *irreversible* actions. Not common ones.
UAC in Windows Vista is there to protect users from themselves.
I'm not talking about UAC. Apple's already got that, sudo and the password dialog... and it comes up a lot less than UAC because OS X is based on UNIX... which has had that kind of protection for almost 40 years now.
I'm talking about using dialog boxes as if they're a security system.
I'm talking about "Internet Explorer wants to do something really stupid, that nobody would ever want to do, but we're going to wrap it up in a bunch of jargon that sounds complicated so you just hit the 'allow' button." "Allow" "Cancel".
I'm talking about "Automatically open 'Safe' files after downloading". At least Safari lets you turn that off. To turn off the equivalent in IE you have to make the "stupid security dialog" problem worse!
I'm talking about "Let's pretend software installers and disk images are 'Safe' files." Not as stupid as Microsoft's ActiveX mess, but still pretty damn stupid.
I'm talking about "Let's warn about EVERY downloaded file, to train people to automatically approve all the dialogs they see." In 20 years as a system administrator, I never had anyone download an infected file and run it twice. I've had a number of people, including PhD programmers and engineers, come to me with "I hit OK *AGAIN* and now my computer's acting funny" multiple times.
If Windows was an airplane, when you got to 20,000 feet a dialog would pop up on the seat in front of you saying "Should the aircraft explode now?"... and someone would ALWAYS press "yes".
THAT is the kind of security theatre I'm talking about. Not UAC, but the decade of absolutely daft and criminally stupid design decisions that went before it, and that have now infected Apple with the meme that "asking before we do something that might be dangerous makes it OK".
Software Engineering, then, is what you do when you write a document using Microsoft Word or create a website using Front Page? Well, that's certainly consistent with the definition of engineering, but it's got nothing to do with writing software.
Once you start actually writing code knowing the mathematics behind computation is pretty much essential. Otherwise you inevitably end up with code that's got non-linear processing requirements, sooner or later, and that's a hole Moore's Law can't dig you out of.
I am increasingly annoyed by Apple's following Microsoft in "Security Theatre" techniques like the Leopard "OMG you downloaded that file from TEH INTERWEBS!" dialogs, but this is going too far.
Antivirus software does not make any difference to the virus writing process. It can only detect and block existing exploits. Until there ARE active exploits in the wild all it can do is cause time and data loss through false positives.
You prevent shoplifting by putting the games behind the counter and putting the empty boxes on the shelf. It's low tech, reliable, and not a lot more manual than activation.
Provide the dealer with a printed card the size of the jewelbox they can put on the shelf without having to open the game and put the CD into storage like they do now. Problem solved, cheaply.
Slashdot Mirror
I have found a number of places where people have exaggerated the effect of DRM on their use cases far beyond reality. Others have quoted officers of corporations who were clearly lying about the reasons they made business decisions to restrict access, and attempting to direct the blame to other companies. I wish people wouldn't do this, because these errors of fact are clear to anyone with a reasonable familiarity with the situation, and cast any argument against DRM... even the many many valid ones... into disrepute.
If you read the article, that's what they're doing.
The laptop in the stock photo for the article sure looks like didn't come with Windows in the first place.
when they arrive, it will be a good idea to have some protection installed beforehand
Antivirus software has to by its very nature integrate itself deeply into the OS and libraries and modify many many calls to insert checks for viruses. Even setting aside the fact that these programs are using unsupported and internal APIs, and the OS vendor does not get to update them as they update the APIs they depend on, they are additional code in a critical path AND they are designed to make normal operations by applications fail when they trigger a signature.
The result is that it is impossible for this kind of software to NOT reduce the performance and stability of your system. Installing AV software WILL cause a certain amount of failures and data loss among the people who use it. Until the risk of data loss from malicious worms and viruses (currently zero) increases to the point where it's greater than the risk from antivirus software (currently non-zero), you are better off without AV software.
This is not theoretical: antivirus companies have been pushing AV software for Palms and Windows CE handhelds since about 2000. In that time there have been zero examples of malware for these handhelds propagating in the wild, and a number of cases where false positives led to data loss.
Sounds like a cross between Dune and Star Wars Episode 1.
With all the fast-moving action of the former and all the rich storytelling of the latter.
DON'T drive towards the light!
Do I need to do original research to compare X, Y and Z or do I just need to pick the right fucking one?
Who said anything about "doing original research". I'm just talking about understanding the theory. We're talking about something that is as fundamental to computer science as atoms are to physics.
If you don't understand WHY X, Y, or Z is best for A, B, or C, you're going to make the wrong choice.
It's fucking elitist and wrong to require a computer science background for programming
I didn't say that. Taking courses in theory doesn't mean "having a CS background" any more than taking freshman physics courses means you're a physicist.
Knowing compiler theory, understanding memory allocation optimisation mechanisms, being able to reverse engineer public key encryption mechanisms.. sure, this is all good fun. I'd far rather give a job to someone that knows how to talk to people from a non-computing background and translate their needs into working software.
Are you looking for an engineer or an architect? Either way, you don't want to pick one who doesn't know the kind of carpet to put in high traffic areas, but you also don't want to pick one who thinks you can use balloons full of phlogiston to support a balcony. You need BOTH... the article I was responding to was dismissing something as fundamental as atomic theory as "irrelevant".
It doesn't really matter. If the downloaded file does not automatically open people are rarely "caught" by it... and in the past decade I have only had one user come to me a second time after explicitly opening a downloaded file saying they had gotten a virus from it... I've had several people repeatedly come to me telling me they "clicked the wrong button" again and their computer was acting funny. Not just two or three times, some of them.
The exposure from downloaded files that do not automatically open or unpack is very low, and virtually everyone learns not to open files in their download folder they didn't expect to see there. The security problem is caused by automatically opening or unpacking downloaded files, and is best fixed by simply not doing that.
It's not like most people are going to be seeing this warning on a daily basis.
My experience supporting a large range of users as a network and system administrator indicates that people perform operations that lead to these kinds of dialogs... even ones who have NO business-related reason to be downloading ANYTHING... far more often than you would suspect. Certainly far more than *I* would suspect if I didn't have to clean up after them.
File extensions have nothing to do with the contents of a file,
Since according to the human interface guidelines applications should not modify or set Finder Info for other applications, unless the browser is violating the HIG the only thing that LaunchServices has to go on for a freshly downloaded file is the extension.
Unless you have "Open 'Safe' Files After Downloading" set, and the file is an archive type that is set as being "safe", Downloading a file should not set Finder info, or the execute bit, the icon, or anything else that could lead a user to misinterpreting the file type other than a double extension.
"Open 'Safe' files after downloading" is now off by default.
Unless you explicitly turn that on or you have upgraded Safari from a version that had that flag enabled, there should be no way for any of the attacks described to be made via downloading a file and opening it in Finder. If you have this flag enabled, then I can see adding a warning (but include a note that you can get rid of it by removing that unsafe option).
If there are, if Apple has left a backdoor that allows files to be unpacked automatically after downloading, then that is the security flaw that needs to be fixed, instead of making a dialog come up for every downloaded file you open.
In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography".
Either they're using a really broad definition of 'involves' or a narrow definition of 'internet crime', or I'm on a lot more target lists than I'd have thought. Given how much of the mail that gets through my server-side spam filters is even illegal in Nigeria, I'd really have thought the plain old confidence game was #1.
DAMN YOU MICROSOFT, STOP TAKING MY TOYS AWAY.
(Filter error: Don't use so many caps. It's like YELLING.)
(Yeh, I'm yelling. Wanna make something of it?)
in that case they would also have to stop supporting running unix executable files from within Finder
I would accept that. They don't (or didn't used to) support running shell scripts from Finder... I had to add a handler for ".sh" to run some scripts I'd created from Finder. That comes back to "instead of asking if you should do some stupid thing, make it not stupid".
Depending on point of view, launching a downloaded application for the first time could be considered rare and could definitely result in something irreversible.
If they only did it for downloaded UNIX executable files, I might agree, but they do it for EVERYTHING. Multiple times, sometimes. That is NOT a rare action, nor a rare dialog. It's training people to answer "Yes" when a program asks "I'd like to install a botnet node on your computer, is that OK?".
Then again, maybe it's just because my team has alternating making me want to kill them and myself for the better part of the semester...
You're ready for a job in the software industry!
I don't know what you think FrontPage has to do with anything.
If you're just gluing components together without understanding them, as the OP seemed to be suggesting, you might as well be using that kind of canned office-automation application. Because that's basically what they do, and you won't be safe doing anything more.
but we don't need four years of that while ignoring more important topics.
You don't need four years to learn calculus, but we don't need engineers who can't integrate a school (that's school squared plus a constant).
You don't need four years to learn the computer science a programmer needs, but we don't need programmers who don't understand the theory.
An engineer still needs to take quite a bit of physics.
I don't want an engineer who doesn't know what "specific heat" means, and I don't want a programmer (whatever you call him) who doesn't understand computability and complexity.
Software engineers need to know a lot of mathematics in order to make software. That doesn't mean that civil engineers are physicists or that software engineers are computer scientists.
The OP was arguing that "software engineers" didn't need to know the mathematics. They just needed to know how to glue bits of working code together. That's what you do when you use desktop publishing tools... my point isn't that they need to be computer scientists, but rather that they still needed that knowledge. BOTH practical and theoretical understanding of the subject are absolutely necessary.
Software engineers need to know how to pick a good enough algorithm and use it. They don't need to know how to compare such algorithms
Um, yes, they absolutely do. How the hell can you pick an algorithm if you don't know how to compare them?
Programmers need to understand engineering, AND they need to understand mathematics. That's why I took CS from an engineering school, instead of a math department... but it's also why I took CS at all.
Oh, Apple is not as bad as Windows yet, by an order of magnitude. But they were already too far down the slippery slope when they tried to avoid fixing the 'Open "Safe" Files' hole by adding a dialog instead of turning off 'Open "Safe" files' by default, and Leopard just put them on ice skates.
At least they can learn. They did make 'Open "Safe" files' off by default, eventually... maybe they'll figure out that this is ALSO a stupid idea.
But not when so many people think anyone criticizing a decision by Apple must be a Microsoft shill, instead of thinking about the real problem.
The Mac bugs you exactly once. If you really hate it, you can add a folder action to your downloads folder to fix it.
Depending on the file, it may bug you more than once... I've had it hit me three times for an application in a disk image in a zip file.
And using the folder action means that Finder wakes up and steals focus.
And, finally, the problem isn't what I'm doing, it's all the people Apple is training to reflexively approve security dialogs because they see so many of them and they're almost always wrong. I've watched the rot on Windows for a decade, as a system administrator, and that's EXACTLY what it does.
The reason for the dialog you get when launching a downloaded application for the first time is to counter an otherwise existing flaw where an application could be disguised a document.
So fix the bloody flaw. STOP HIDING FILE EXTENSIONS.
Adding a warning before doing something that is almost always the correct thing just trains people to approve dialogs where it's usually the wrong thing.
Warning dialogs should ONLY be brought up before *rare* and *irreversible* actions. Not common ones.
UAC in Windows Vista is there to protect users from themselves.
I'm not talking about UAC. Apple's already got that, sudo and the password dialog... and it comes up a lot less than UAC because OS X is based on UNIX... which has had that kind of protection for almost 40 years now.
I'm talking about using dialog boxes as if they're a security system.
I'm talking about "Internet Explorer wants to do something really stupid, that nobody would ever want to do, but we're going to wrap it up in a bunch of jargon that sounds complicated so you just hit the 'allow' button." "Allow" "Cancel".
I'm talking about "Automatically open 'Safe' files after downloading". At least Safari lets you turn that off. To turn off the equivalent in IE you have to make the "stupid security dialog" problem worse!
I'm talking about "Let's pretend software installers and disk images are 'Safe' files." Not as stupid as Microsoft's ActiveX mess, but still pretty damn stupid.
I'm talking about "Let's warn about EVERY downloaded file, to train people to automatically approve all the dialogs they see." In 20 years as a system administrator, I never had anyone download an infected file and run it twice. I've had a number of people, including PhD programmers and engineers, come to me with "I hit OK *AGAIN* and now my computer's acting funny" multiple times.
If Windows was an airplane, when you got to 20,000 feet a dialog would pop up on the seat in front of you saying "Should the aircraft explode now?"... and someone would ALWAYS press "yes".
THAT is the kind of security theatre I'm talking about. Not UAC, but the decade of absolutely daft and criminally stupid design decisions that went before it, and that have now infected Apple with the meme that "asking before we do something that might be dangerous makes it OK".
Sheesh.
Software Engineering, then, is what you do when you write a document using Microsoft Word or create a website using Front Page? Well, that's certainly consistent with the definition of engineering, but it's got nothing to do with writing software.
Once you start actually writing code knowing the mathematics behind computation is pretty much essential. Otherwise you inevitably end up with code that's got non-linear processing requirements, sooner or later, and that's a hole Moore's Law can't dig you out of.
I am increasingly annoyed by Apple's following Microsoft in "Security Theatre" techniques like the Leopard "OMG you downloaded that file from TEH INTERWEBS!" dialogs, but this is going too far.
Antivirus software does not make any difference to the virus writing process. It can only detect and block existing exploits. Until there ARE active exploits in the wild all it can do is cause time and data loss through false positives.
This is about preventing shoplifting.
You prevent shoplifting by putting the games behind the counter and putting the empty boxes on the shelf. It's low tech, reliable, and not a lot more manual than activation.
Provide the dealer with a printed card the size of the jewelbox they can put on the shelf without having to open the game and put the CD into storage like they do now. Problem solved, cheaply.
I hereby donate this idea to the public domain.