Just because you didn't take the time to understand the potential uses for the new system doesn't make it alright to bash it. One potential use case (among zillions) is to "paste" text into a form email before sending it, using their QuickLinks feature, all in a couple clicks. Or, you could share a picture (or 10) from a photo viewer to a photo editor without going through files. Sorry if I'm coming off angry; I'm just tired of random MS-bashing comments on this story.
Why did I post? Two reasons. First, in both cases I wanted the truth--I wanted to see if there was any merit to the vague claims made that I had missed. If so, great; I wouldn't miss similar ideas in the future. If not, their posts would at least be flagged with an element of doubt, and perhaps they would even be flagged as nonsense through some more discussion. For instance, this thread's first comment, which I initially responded to, currently has a rating of 1, and that only because of "Funny" ratings. Originally it was "Insightful", IIRC; now it's at best a joke.
Second, and more unconsciously, it's part of an informal social experiment of mine. Over several stories I've asked similar questions of similar comments. I almost never get a response from the original poster. I'd like to know why. Do they know something I don't know? Doubtful; they would simply have responded with clarification. Do they just not take the time to respond to comments? Also doubtful, due to the number of different users involved. Are they all trolls, and I'm just bad at spotting such posts? Perhaps, though at some point it's almost impossible to distinguish trolling from zealotry, so this is very hard to test. I imagine a troll would also want to induce me to continue the conversation with further outrageous claims, rather than giving no response. Do they realize they have no content, so to save face they simply don't respond? Maybe; I can hope. It's my best answer so far, at least.
Just because you haven't seen it doesn't mean it is a massive security threat.
And just because you make a short declarative sentence doesn't mean you've proven your point.
The Intents-based exploits listed (which were only 3 of the 7 total exploits) don't work well here. Android apps use Intents on their own, while with the Windows version the user has to tell the OS they want to Share something. They initiate everything. The exploits listed were also pretty weak. They required a malicious program on the phone in the first place; if they can intercept sensitive data, it's the sending app's fault for being insecure; if they can make apps do bad things by sending them malicious Intents, it's again that app's fault for not validating their input / not getting user permission for important actions.
I've been reading and commenting on this story off and on all night and have yet to find a credible scenario where this feature's design exposes a serious security threat. Everybody is vague to the point of uselessness, or greatly misunderstands the system.
Sort of. This mechanism allows significantly more customization of how data is transferred (using the QuickLinks feature or using custom "data import" UIs) than generic filesystem data transfers like what the GP mentioned. Everything is also much more tightly integrated. Rather than saving data from the source app, opening the target app, and opening the data, you can use the share button--much like right clicking on a picture and getting a list of installed photo editors is more tightly integrated. It's more powerful and more convenient than filesystem data sharing. They're not really that equivalent.
If you don't mind me saying, you might want to read some of the Wikipedia article on the mere exposure effect. There are several similar effects, where generally people tend to prefer a known thing they have to an unknown thing they don't. This page is worth glancing through (for anybody), since we're all full of biases.
Oh, I would love it if computer nerd culture included mechanisms for admitting ignorance. No; ignorance is to be hidden where nobody can see it, where it can quietly mangle your view of reality and the quality of your work. In computer nerd culture, you can make mistakes--how couldn't you when even the best have (by default public) bugs?--but you can never admit a lack of understanding or ask for clarification without sounding too stupid to be listened to. GRARGH, I get so tired of the huge egos that being good at coding can create. It makes me glad I'm a mathematician. That culture suffers less from the huge egos that being good at your work can create, in part because it's so polite.
Still, the guy I responded to up there was polite and I think was just trying to be helpful. They were vague to the point of uselessness, but that's a less annoying culture thing. (If you give too many details away, you're not smarter than your reader, since your reader can then follow you without difficulty. No, it looks much better for you if you record your line of reasoning with large gaps. Perhaps you'll even get to fill them in and look all the smarter! Pair that attitude with a general lack of human communication skills and the above traits to get, rather unsurprisingly, lots of strongly opinionated people who gladly share their opinions and get followers who didn't question enough. Throw in something to hate, like Microsoft, and we get strongly worded, incomprehensible, and probably flat-out wrong comments that get lauded.)
[Sorry for latching on to only one of your points. For the rest, I basically agree. Also, sorry for ranting.]
I think the hope is that it'll be a more convenient and powerful copy&paste. For instance, I write a weekly email containing a list I've jotted down in Notepad. Those notes get injected into a form email before being sent off. Right now, I actually edit a copy of the previous week's email, which works but takes, oh, a dozen clicks/key presses--getting to the sent mail folder, getting a copy of the message up, removing last week's list, and finally pasting in this week's. This way, if my email app is clever, I'll be able to tell it once to insert the "shared" Notepad text into a template I've told it about. After that it'll let me pick that template and insertion technique from a "QuickLink" in about 3 clicks.
Now I feel like making some random anti-MS rant. Those all seem to be +4 Insightful today.
Did you watch the video or read the summary article? What in the world do you mean by "add an API-call to tweet something"...? You do understand that the underlying mechanism to tweet some line of text from IE would be the same as the mechanism to stick the same text into a word processor, right? There's certainly no Twitter-specific API embedded in Windows' end of this mechanism; that goes only in the relevant target Twitter@rama app [from the presentation].
Why in the world would you want admin privileges for most of these actions? Oh God, Paint can't have my slideshow's images without admin rights! I thought your sarcasm was inverted and that "don't make it require admin privs" was what you in fact wanted, but the next sentence makes that not make sense.
I agree. "M$" just seems juvenile and petty to me. Moreover it's non-standard, which is more than a little ironic. When is any other greedy entity with S's in the name or abbreviation spelled with $? $CO anyone?
Negotatied Drag and Drop requires negotation, where the source and target app "presumably have a common private protocol". However, Windows Share has essentially no negotiation, and explicitly tries to avoid special-case private communication. Here's roughly what happens with Windows Share:
The user tells the OS "I'd like to share this thing I've (perhaps implicitly) selected from this source program I have running"
The OS asks the program for the data the user requested, including its format (text, bitmap,...; this can be customized, though hopefully still following somebody's published standard)
The OS figures out which programs accept the format of data the user requested and gives the user a choice of where to send the data
The OS sends the data to the relevant target app for further processing. The target app doesn't need to talk with the source app since the OS acts as middleman throughout
There are massive UI differences between the two as well. Negotiated Drag and Drop used existing UI elements (essentially), where as Microsoft Share requires some new interface construction for the target app to display some things. Also, Microsoft Share seems to have social networking firmly in mind while of course Negotiated Drag and Drop didn't.
I can only suppose you're trolling. How could some random (and poorly articulated) complaint about DRM have anything to do with malware and privilege exploits?
The phrase "MPP attack" appears non-standard (0 Google hits, for instance). As near as I can tell MPP stands for Massively Parallel Processing and a few other esoteric things. What precisely did you mean? And what does appending bad stuff to something shared by the system have to do with admin privileges?
Every time I get close to the meaning of your post it slips away from me. Are you worried about some sort of privilege escalation attack carried out by a malicious program sharing things? A larger code base basically always exposes more attack surface, so I don't see why somebody would bring that up unless there was particularly good reason (which I don't see here). Sharing seems user-initiated in all cases, so such an attack would be awkward. Ah, perhaps shared information could be inspected by a malicious background program, sort of like a keylogger for the clipboard? That has nothing to do with admin privileges, though....
Maybe I'm looking too hard. Perhaps your post is just what it looks like: "[words that say Microsoft is evil and will give me a metaphoric high-5 with some social acceptance]". If not, what precisely did you mean?
That's nothing like this system. Well, they're both generalized clipboards, but in different ways. In Publish and Subscribe, "changes to the original published document would be noticed and updated by the subscribers". In Share, the link between the source and target app dies off as soon as the data finishes transferring. No further updates are sent after the "paste" finishes.
Scam artists do the same thing in many specialized fields--stock-based Ponzi schemes, cherry picked or badly reported statistics (typically surveys, often with ignored error margins), crap new age philosophy promising wealth based on quantum physics, Nigerian prince bank transactions, etc. Sometimes they can be recognized from general principles, like when they come to you instead of you coming to them, or when the things they say are too good to be true. Other times it's really hard to sort out the truth from plausible fiction, like that old line that 75% of all people who have ever lived are alive now. Statistics are particularly bad in this way. They're wonderful in skilled and honest hands, but they're terrible in the hands of a novice or a manipulator.
A lot of older people just aren't used to dealing with scams. I imagine scams like these will need to become significantly more sophisticated as more tech-savvy generations age.
Ah, sorry for being unclear. The time period I meant was roughly since they started the rapid release schedule, so somewhere around 5.0 on, which was released in June of this year. I keep hearing in threads like this a bunch of complaints about Mozilla's awful (and obvious) changes which are somehow intertwined with the evils of their rapid release schedule, but I haven't seen a single such complaint with any substance. All I see is nerd rage feeding on itself. The person I was responding to said "At an absolute minimum, every new release seems to move UI entities around or delete them altogether"--which ones...? I didn't notice the status bar change they mention, but in any case on my machine text pops up where the status bar typically would be when needed--not a big deal, and screen real estate is more efficiently used that way anyway. I think there was an Update button in the Help menu a while back and there isn't anymore, but I'd be amazed if more than a handful of people cared.
The only complaint of substance due to the rapid release schedule (though not due to "awful changes" of some sort) that I've heard is how sysadmins have to push updates more frequently, which seems at least somewhat legitimate--though asking for a delay in security fixes is questionable.
They are enabled (the last one installed was 6.0.2 on Sept. 7, 2011). Could you briefly list the changes you're talking about? Usually I notice very minor changes to programs, which is part of why I'm confused.
I should give IE10 a serious chance when it comes out completely. I've liked many of MS's more recent offerings/updates--Windows 7,.NET, Xbox 360, Hotmail's interface; I've heard decent things about IE9 and Bing.
I'm confused. I typically use Firefox and haven't noticed any changes whatsoever. My father happens to use Firefox and has had the opposite experience--his menu bar morphed into a button in the upper left, and his address bar disappeared completely. I just figured he was hitting buttons without knowing what they were for, but maybe not...?
Hmm, what would "5/1 of 10" mean? I want to interpret 5/1 as a percentage, since fractions and percentages are equivalent to me (though strangely whole numbers apparently are not), which gives "5/1 of 10" = "500% of 10" = "50". Perhaps more than that, there are two alternatives: divide the numbers or multiply them. If we go with division, we compute (5/1)/10, and the 1 serves absolutely no purpose. One of the subtler things about human language is that if we said something, it is implied there is a reason behind it. [This isn't always the case, and in fact sometimes people make the mistake of looking for hidden meaning in a verbal foible.] For instance, compare "I went round about town" to "I went about town". Literally interpreted, I think these two are the same. However there's a reason I said "round about" rather than just "about"--maybe I wanted to indicate a leisurely trip, or I wanted to conform to local diction. In any case, getting back to the (5/1)/10 example, if we divide the 1 serves no purpose. If we multiply, it does serve a purpose--it flags the first quantity as a fraction of the second quantity, just like "3/2 of 10" would. So, I want to go with multiplication.
No wonder computers have trouble understanding us.
I agree that ambiguity is a big source of the awkwardness. I don't agree with the 7x = 11% translation, since the operations are different when the first noun is a fraction. If I said "5 of 10", I wouldn't mean for you to multiply the two, and my meaning (that you should divide them instead) is probably pretty clear even though the phrasing itself is still ambiguous, just because 5/10 = 1/2 so cleanly. I almost feel sorry for the person who asked this question, though. Everyone makes tons of verbal foibles each day, yet almost none of them are analyzed to this degree. He even answered his own (awkwardly phrased) question right after he asked it.
You never actually gave a reason why your translation at the end is the only one ("'7 / x = 11%' must be translated into 'seven is 11% of what number'"). You appealed vaguely to word order, and I assume you mean that English is not an SOV language. Still, I have trouble figuring out precisely why this sentence is so awkward. For instance, "7 out of how many is 11%?" seems like it might be on a grade school math worksheet and nobody would comment on it.
I interpreted it as "(seven of what number) is 11 percent?", which translates directly to algebra as 7/x = 11%. It's confusing and took me a few seconds to parse. Something simpler but with the same word order like "7 of 14 is 50%" is pretty understandable, even if it's non-standard.
He still answered his own (awkwardly phrased) question correctly:
ERIC MAY: Well, now, seven of 11 – seven of what number is 11 percent? Shouldnt that be – thats 63, correct?
Yes, in fact 7/63 = 1/9 ~= 11%. If you're gonna blame him for poor math skills, pick a place where he actually failed. If you're gonna blame him for poor English/communication skills, this is fine for that.
Slashdot Mirror
Just because you didn't take the time to understand the potential uses for the new system doesn't make it alright to bash it. One potential use case (among zillions) is to "paste" text into a form email before sending it, using their QuickLinks feature, all in a couple clicks. Or, you could share a picture (or 10) from a photo viewer to a photo editor without going through files. Sorry if I'm coming off angry; I'm just tired of random MS-bashing comments on this story.
Why did I post? Two reasons. First, in both cases I wanted the truth--I wanted to see if there was any merit to the vague claims made that I had missed. If so, great; I wouldn't miss similar ideas in the future. If not, their posts would at least be flagged with an element of doubt, and perhaps they would even be flagged as nonsense through some more discussion. For instance, this thread's first comment, which I initially responded to, currently has a rating of 1, and that only because of "Funny" ratings. Originally it was "Insightful", IIRC; now it's at best a joke.
Second, and more unconsciously, it's part of an informal social experiment of mine. Over several stories I've asked similar questions of similar comments. I almost never get a response from the original poster. I'd like to know why. Do they know something I don't know? Doubtful; they would simply have responded with clarification. Do they just not take the time to respond to comments? Also doubtful, due to the number of different users involved. Are they all trolls, and I'm just bad at spotting such posts? Perhaps, though at some point it's almost impossible to distinguish trolling from zealotry, so this is very hard to test. I imagine a troll would also want to induce me to continue the conversation with further outrageous claims, rather than giving no response. Do they realize they have no content, so to save face they simply don't respond? Maybe; I can hope. It's my best answer so far, at least.
Just because you haven't seen it doesn't mean it is a massive security threat.
And just because you make a short declarative sentence doesn't mean you've proven your point.
The Intents-based exploits listed (which were only 3 of the 7 total exploits) don't work well here. Android apps use Intents on their own, while with the Windows version the user has to tell the OS they want to Share something. They initiate everything. The exploits listed were also pretty weak. They required a malicious program on the phone in the first place; if they can intercept sensitive data, it's the sending app's fault for being insecure; if they can make apps do bad things by sending them malicious Intents, it's again that app's fault for not validating their input / not getting user permission for important actions.
I've been reading and commenting on this story off and on all night and have yet to find a credible scenario where this feature's design exposes a serious security threat. Everybody is vague to the point of uselessness, or greatly misunderstands the system.
Sort of. This mechanism allows significantly more customization of how data is transferred (using the QuickLinks feature or using custom "data import" UIs) than generic filesystem data transfers like what the GP mentioned. Everything is also much more tightly integrated. Rather than saving data from the source app, opening the target app, and opening the data, you can use the share button--much like right clicking on a picture and getting a list of installed photo editors is more tightly integrated. It's more powerful and more convenient than filesystem data sharing. They're not really that equivalent.
If you don't mind me saying, you might want to read some of the Wikipedia article on the mere exposure effect. There are several similar effects, where generally people tend to prefer a known thing they have to an unknown thing they don't. This page is worth glancing through (for anybody), since we're all full of biases.
Oh, I would love it if computer nerd culture included mechanisms for admitting ignorance. No; ignorance is to be hidden where nobody can see it, where it can quietly mangle your view of reality and the quality of your work. In computer nerd culture, you can make mistakes--how couldn't you when even the best have (by default public) bugs?--but you can never admit a lack of understanding or ask for clarification without sounding too stupid to be listened to. GRARGH, I get so tired of the huge egos that being good at coding can create. It makes me glad I'm a mathematician. That culture suffers less from the huge egos that being good at your work can create, in part because it's so polite.
Still, the guy I responded to up there was polite and I think was just trying to be helpful. They were vague to the point of uselessness, but that's a less annoying culture thing. (If you give too many details away, you're not smarter than your reader, since your reader can then follow you without difficulty. No, it looks much better for you if you record your line of reasoning with large gaps. Perhaps you'll even get to fill them in and look all the smarter! Pair that attitude with a general lack of human communication skills and the above traits to get, rather unsurprisingly, lots of strongly opinionated people who gladly share their opinions and get followers who didn't question enough. Throw in something to hate, like Microsoft, and we get strongly worded, incomprehensible, and probably flat-out wrong comments that get lauded.)
[Sorry for latching on to only one of your points. For the rest, I basically agree. Also, sorry for ranting.]
I think the hope is that it'll be a more convenient and powerful copy&paste. For instance, I write a weekly email containing a list I've jotted down in Notepad. Those notes get injected into a form email before being sent off. Right now, I actually edit a copy of the previous week's email, which works but takes, oh, a dozen clicks/key presses--getting to the sent mail folder, getting a copy of the message up, removing last week's list, and finally pasting in this week's. This way, if my email app is clever, I'll be able to tell it once to insert the "shared" Notepad text into a template I've told it about. After that it'll let me pick that template and insertion technique from a "QuickLink" in about 3 clicks.
Now I feel like making some random anti-MS rant. Those all seem to be +4 Insightful today.
Did you watch the video or read the summary article? What in the world do you mean by "add an API-call to tweet something"...? You do understand that the underlying mechanism to tweet some line of text from IE would be the same as the mechanism to stick the same text into a word processor, right? There's certainly no Twitter-specific API embedded in Windows' end of this mechanism; that goes only in the relevant target Twitter@rama app [from the presentation].
Why in the world would you want admin privileges for most of these actions? Oh God, Paint can't have my slideshow's images without admin rights! I thought your sarcasm was inverted and that "don't make it require admin privs" was what you in fact wanted, but the next sentence makes that not make sense.
I agree. "M$" just seems juvenile and petty to me. Moreover it's non-standard, which is more than a little ironic. When is any other greedy entity with S's in the name or abbreviation spelled with $? $CO anyone?
They're actually quite different.
Negotatied Drag and Drop requires negotation, where the source and target app "presumably have a common private protocol". However, Windows Share has essentially no negotiation, and explicitly tries to avoid special-case private communication. Here's roughly what happens with Windows Share:
There are massive UI differences between the two as well. Negotiated Drag and Drop used existing UI elements (essentially), where as Microsoft Share requires some new interface construction for the target app to display some things. Also, Microsoft Share seems to have social networking firmly in mind while of course Negotiated Drag and Drop didn't.
I can only suppose you're trolling. How could some random (and poorly articulated) complaint about DRM have anything to do with malware and privilege exploits?
The phrase "MPP attack" appears non-standard (0 Google hits, for instance). As near as I can tell MPP stands for Massively Parallel Processing and a few other esoteric things. What precisely did you mean? And what does appending bad stuff to something shared by the system have to do with admin privileges?
The "short (video) explanation" is an hour long. If you just want some demos, they start at about 10:33, 12:19, 14:14, and 17:44.
Every time I get close to the meaning of your post it slips away from me. Are you worried about some sort of privilege escalation attack carried out by a malicious program sharing things? A larger code base basically always exposes more attack surface, so I don't see why somebody would bring that up unless there was particularly good reason (which I don't see here). Sharing seems user-initiated in all cases, so such an attack would be awkward. Ah, perhaps shared information could be inspected by a malicious background program, sort of like a keylogger for the clipboard? That has nothing to do with admin privileges, though....
Maybe I'm looking too hard. Perhaps your post is just what it looks like: "[words that say Microsoft is evil and will give me a metaphoric high-5 with some social acceptance]". If not, what precisely did you mean?
That's nothing like this system. Well, they're both generalized clipboards, but in different ways. In Publish and Subscribe, "changes to the original published document would be noticed and updated by the subscribers". In Share, the link between the source and target app dies off as soon as the data finishes transferring. No further updates are sent after the "paste" finishes.
Scam artists do the same thing in many specialized fields--stock-based Ponzi schemes, cherry picked or badly reported statistics (typically surveys, often with ignored error margins), crap new age philosophy promising wealth based on quantum physics, Nigerian prince bank transactions, etc. Sometimes they can be recognized from general principles, like when they come to you instead of you coming to them, or when the things they say are too good to be true. Other times it's really hard to sort out the truth from plausible fiction, like that old line that 75% of all people who have ever lived are alive now. Statistics are particularly bad in this way. They're wonderful in skilled and honest hands, but they're terrible in the hands of a novice or a manipulator.
A lot of older people just aren't used to dealing with scams. I imagine scams like these will need to become significantly more sophisticated as more tech-savvy generations age.
Ah, sorry for being unclear. The time period I meant was roughly since they started the rapid release schedule, so somewhere around 5.0 on, which was released in June of this year. I keep hearing in threads like this a bunch of complaints about Mozilla's awful (and obvious) changes which are somehow intertwined with the evils of their rapid release schedule, but I haven't seen a single such complaint with any substance. All I see is nerd rage feeding on itself. The person I was responding to said "At an absolute minimum, every new release seems to move UI entities around or delete them altogether"--which ones...? I didn't notice the status bar change they mention, but in any case on my machine text pops up where the status bar typically would be when needed--not a big deal, and screen real estate is more efficiently used that way anyway. I think there was an Update button in the Help menu a while back and there isn't anymore, but I'd be amazed if more than a handful of people cared.
The only complaint of substance due to the rapid release schedule (though not due to "awful changes" of some sort) that I've heard is how sysadmins have to push updates more frequently, which seems at least somewhat legitimate--though asking for a delay in security fixes is questionable.
They are enabled (the last one installed was 6.0.2 on Sept. 7, 2011). Could you briefly list the changes you're talking about? Usually I notice very minor changes to programs, which is part of why I'm confused.
I should give IE10 a serious chance when it comes out completely. I've liked many of MS's more recent offerings/updates--Windows 7, .NET, Xbox 360, Hotmail's interface; I've heard decent things about IE9 and Bing.
I'm confused. I typically use Firefox and haven't noticed any changes whatsoever. My father happens to use Firefox and has had the opposite experience--his menu bar morphed into a button in the upper left, and his address bar disappeared completely. I just figured he was hitting buttons without knowing what they were for, but maybe not...?
Hmm, what would "5/1 of 10" mean? I want to interpret 5/1 as a percentage, since fractions and percentages are equivalent to me (though strangely whole numbers apparently are not), which gives "5/1 of 10" = "500% of 10" = "50". Perhaps more than that, there are two alternatives: divide the numbers or multiply them. If we go with division, we compute (5/1)/10, and the 1 serves absolutely no purpose. One of the subtler things about human language is that if we said something, it is implied there is a reason behind it. [This isn't always the case, and in fact sometimes people make the mistake of looking for hidden meaning in a verbal foible.] For instance, compare "I went round about town" to "I went about town". Literally interpreted, I think these two are the same. However there's a reason I said "round about" rather than just "about"--maybe I wanted to indicate a leisurely trip, or I wanted to conform to local diction. In any case, getting back to the (5/1)/10 example, if we divide the 1 serves no purpose. If we multiply, it does serve a purpose--it flags the first quantity as a fraction of the second quantity, just like "3/2 of 10" would. So, I want to go with multiplication.
No wonder computers have trouble understanding us.
I agree that ambiguity is a big source of the awkwardness. I don't agree with the 7x = 11% translation, since the operations are different when the first noun is a fraction. If I said "5 of 10", I wouldn't mean for you to multiply the two, and my meaning (that you should divide them instead) is probably pretty clear even though the phrasing itself is still ambiguous, just because 5/10 = 1/2 so cleanly. I almost feel sorry for the person who asked this question, though. Everyone makes tons of verbal foibles each day, yet almost none of them are analyzed to this degree. He even answered his own (awkwardly phrased) question right after he asked it.
You never actually gave a reason why your translation at the end is the only one ("'7 / x = 11%' must be translated into 'seven is 11% of what number'"). You appealed vaguely to word order, and I assume you mean that English is not an SOV language. Still, I have trouble figuring out precisely why this sentence is so awkward. For instance, "7 out of how many is 11%?" seems like it might be on a grade school math worksheet and nobody would comment on it.
I interpreted it as "(seven of what number) is 11 percent?", which translates directly to algebra as 7/x = 11%. It's confusing and took me a few seconds to parse. Something simpler but with the same word order like "7 of 14 is 50%" is pretty understandable, even if it's non-standard.
ERIC MAY: Well, now, seven of 11 – seven of what number is 11 percent? Shouldnt that be – thats 63, correct?
Yes, in fact 7/63 = 1/9 ~= 11%. If you're gonna blame him for poor math skills, pick a place where he actually failed. If you're gonna blame him for poor English/communication skills, this is fine for that.
I was hoping it was just a misclick.