It seemed that you were condoning all invasions of privacy because you found a few instances where it might be appropriate. I think that is the objectionable part in contention.
I apologise if I gave that impression. I am not intending to argue that position at all. In fact, my personal stance seems very similar to yours (starting where you wrote, "The problem here is not invasion of privacy per se, but unrestricted invasion of privacy.").
I had hoped that this would be clear from my repeated references throughout this discussion to questions of degree and to the need to control the reuse of data by other parties or for other purposes than those for which it might originally have been collected legitimately. I'm very sorry if that wasn't the case.
The only point I'm trying to make regarding compulsory collection of data by governments is that I think in practice some level of invasion of privacy is inevitable, and indeed desirable, for our society to function effectively. I agree that in theory we could move to a radically different form of government and government funding, but I think is not going to happen any time soon, so for now we need a fair (in the objective sense of being published and equally applicable to all citizens) set of rules for running that government and for providing resources to it. I think this inevitably requires some basic information about those citizens, for example to ensure that elections can be (and are seen to be) properly representative, even if not everyone chooses to exercise their right to vote.
Personally, I have no problem with governments collecting information for that kind of purpose. I think it's in everyone's interests, and it's possible to have information about who has a right to vote without using it for any other purpose. Things get more controversial when you start repurposing that information. For example, in the UK, the electoral roll is also used for various identity checking purposes, for identifying candidates for jury duty in courts, and for fundraising by local authorities who sell the contents of the roll to marketing organisations. The degree to which these reuses of that information are acceptable is a far more interesting debate to me than whether we should have a compulsory electoral registration process every year that requires everyone to confirm who is eligible to vote in their household.
How were my specific examples (knowing who can vote so you can hold elections and knowing enough about financial status to apply taxation objectively) using a hypothesis to prove a conclusion? What alternative do you propose in those cases that does not necessarily imply some degree of invasion of privacy? Or are you suggesting that we don't really need fair elections or any taxation at all? If so, that's a very different debate to the one I think we're having here.
Indeed it is. You can't compromise on fundamental freedoms.
Of course you can. Basic rights and freedoms, things we would consider well worth defending in isolation, come into conflict all the time. The difficult questions, whether in ethics or as practical matters of law, are very often difficult precisely because there is no answer that does not diminish some right or freedom we value even as it defends something else we choose to value more. And not everyone agrees with which rights and freedoms are the most valuable.
That has little to do with violating people's rights/privacy
Of course it does. For society to function at all, some degree of invasion of privacy is necessary. You can't hold fair elections without knowing who's allowed to vote. You can't raise taxes according to some objective standards without knowing enough about people's personal finances to establish how much tax they will be charged. More vaguely, but certainly no less practically, you can't plan civil functions like transportation and healthcare without surprisingly detailed data about what real people do in their lives.
Trying to preserve absolute privacy, in the sense that no-one knows anything about you, is a futile battle. It can't work, and even if it did, you'd hate the results.
What we should be doing is looking firstly at the extent to which any given data about someone is useful for some other specific person/organisation to have for some legitimate purpose -- if not, that person/organisation doesn't need to have the data at all. If so, we need reasonable safeguards to prevent data that was collected for the use of one party for one legitimate purpose then being redirected for use by other parties and/or for other purposes.
I personally believe that this will be one of the defining challenges of the next 10-20 years. Our understanding of why privacy is important and of what constitutes privacy need to evolve. Modern technology allows an unprecedented degree of data collection and processing that has enormous potential to affect all our lives, for better or for worse. But that technology is ethically neutral, as all technology is. What matters is how we use it, and that is a matter of what is socially acceptable, and that is an area that could benefit from a lot more healthy and informed debate than it seems to be getting so far.
I entirely agree. The amount of time, money and public attention squandered on Wars on Abstract Nouns is appalling, and it demonstrates a lamentable lack of vision/spine/leadership in our political classes.
Nevertheless, the idea that buying people off instead of protecting them is a good plan is ethically dubious to say the least. We can certainly debate the level of threat that exists from terrorist attacks, and as you rightly point out we can contrast it with the level of danger from other risks we know about. Still, to the extent that the threat is real at all, it's reasonable to ask what we could do to avoid any loss of human life in the future rather than just assigning everyone a dollar value and being done with it.
Almost no-one in the first world truly lives in isolation. The rest of us are all part of a society, and the interesting questions are about the extent to which we want to integrate with that society and to which society should be able to compel people to integrate even against their will.
Intrusion into someone's daily life is an inevitable consequence of society existing at all, so again, the interesting questions are the degree to which that intrusion is desirable or acceptable. That in turn is only something we can sensibly consider in context, knowing what the potential benefits and risks of any given intrusion might be.
In this case, it is certainly possible that the costs financially and/or in loss of privacy may not be justified. But "It's cheaper to pay off the dead" isn't much of a counter-argument.
I suspect you're exaggerating the risk of intrusive surveillance dramatically here. Of course it's always good to keep an eye on possible future uses of such technology and any danger of scope creep. However, there's just a small difference between the kind of sensor network that can tell you someone within a few hundred metres of this city centre location is working with a surprising amount of fertilizer and the kind of sensor network that can do a full chemical breakdown complete with DNA analysis on all foul waste from each house in every street.
It's hard to compensate you when you're dead, or one of your loved ones is crippled and you're going to need special care for them for the rest of their life.
Whether the cost is justified for a project like this is something you'd have to weigh up in light of both what that cost would actually be and how effectively it could detect real threats.
Still, at least this seems like an idea that might have some genuine merit in protecting people from these kinds of attacks and with minimal intrusion into everyone's daily lives under normal conditions. For that alone, it seems like an improvement on many previous ideas.
What are they going to do? We have far more military might than the EU combined
As surprising as it apparently is to a certain kind of American, not everything in international relations has to be resolved with violence.
The US is committing hostile acts against EU member states, and measures like withdrawing cooperation in these programmes are a reasonable and proportionate response. Trade sanctions would be a more serious step up: no-one would win in the short term if that happened, but the US would probably lose a lot more. There would be direct costs, of course, but also probably irreparable damage to the United States' wider international credibility and reduced cooperation from other nations who were already less predisposed to support the US on matters of mutual interest.
From the outside, it seems very strange that so many people in the US are so proud of their vast military-industrial complex and security services. Here in the UK, the most damaging coverage of the US recently had nothing to do with spying or wars, not that those are winning many friends here. The really sad stuff was shots of pathetic posturing from the political leadership of both the main US parties, juxtaposed with footage of federal workers in DC holding banners saying "Please do your jobs so we can get on with ours", and stories of couples whose wedding days were spoiled, and descriptions of children with very serious health problems who weren't getting experimental drugs that were their only hope because the programmes to trial them were suspended. The idea that such a dysfunctional government, run by politicians so completely out of touch with the basic needs of their own people, should be trusted with anything of significance, security-related or otherwise, just seems bizarre at this point.
Firefox 24 fixed 7 critical security vulnerabilities, on top of the 4 fixed 6 weeks earlier in Firefox 23, and 4 more fixed 6 weeks before that in Firefox 22, and 3 more 6 weeks earlier still in Firefox 21, and so on. Within the past year there have been Firefox releases that fixed as many as 12 critical vulnerabilities.
By your argument, since I have no reason to believe the latest Firefox will have no known vulnerabilities for the entire time that release is current, we should probably just declare Firefox to be dangerous by default and have it prompt users before opening every page from a site they didn't already OK explicitly.
In fact, Microsoft should just flag Firefox as known insecure software and push out a Windows update that warns users about this every time they try to run it, even if Firefox itself is already doing that. And then Microsoft should push out another update a few weeks later that fully removes Firefox from everyone's system for their own safety, and they should kill support completely for anyone who doesn't install that update within the next few months.
Isn't it lucky that Microsoft have an alternative technology that they'd prefer us all to use instead, which they can generously offer to us when they shut down what we've chosen to use previously?
Why should anyone spend a lot of time and money "modernizing tech" when the existing tech is tried and tested and does its job well?
Mozilla won't force the issue. It makes no commercial sense of all the big Java-using corporations to play along. Why do I think IE6 is still used? I think it's because the browser vendors tried to move the goalposts, and the corporate world told them where to go.
I think you're right about the importance of individual players, but the overall trend is unstoppable.
The thing is, it is stoppable. Businesses that rely on Java applets will simply stop upgrading their browsers, and the browser makers will have created IE6 all over again and for exactly the same reason as last time.
The large organisations are probably all running heavyweight malware scanning at the entry point to their network anyway, and the current generation of browsers and plug-ins that will still run Java applets all prompt for confirmation already. The security gains for those organisations from the pressure you're talking about are small, probably the benefits from having all the latest shiny are also small, and the cost of abandoning key intranet facilities developed over many years could be high.
Ironically, lots of people on forums like this will then complain about how their corporate employers are still running some browser from the dark ages because their intranet doesn't follow the proper standards, because they're too young to remember that Java applets predated all those new standards by well over a decade, and because they're too innocent to realise that in most cases businesses aren't installing browsers for them to surf the Internet, they're installing browsers for them to use the tools they need to do their jobs and they don't much care whether anything else works or not.
For what it's worth, I agree with much of what you wrote there. JS performance has come on dramatically in the recent past, and combined with new HTML and CSS tools, you would be much better off starting a new project today using HTML+CSS+JS in most cases.
However, it's not the demands of new software that bothers me in this situation. It's the gazillions of developer-years' worth of existing, working, "legacy" software that is getting broken. We can't have everyone rewriting their entire software portfolio every six weeks because someone at Mozilla or Google decided they don't like the current reality. Put bluntly, neither Mozilla nor Google is that important, as I suspect the former is about to realise rather painfully.
I have never had any problems getting applets to run across all the major browsers, until the recent rounds of deliberate breakage from various browser vendors and Oracle.
Similarly, I have had applets deployed in the field that kept running quite happily for years. I have current ones from the Java 5 days that worked fine well into the Java 7 era, and nothing was breaking during the updates, again until the past few months when APIs that were stable for nearly 20 years got changed and other similar silliness.
Depending on who you ask, there are about 2.5B people using the Internet now. If we assume most of them use the Web and we assume that the pattern for Chrome is representative of the general population, that means more than 200,000,000 people used a Java applet at some point in the previous month.
Even I am surprised by that, but in any case, it seems you and I have very different ideas of what "almost extinction-level rare" means.
You do understand that without those Bad Things you so hate, there probably wouldn't be a Web worth saving, right? Someone has to pay the bills, and if you're not going to pay for content, you're not going to accept advertising, you want full privacy and security when using services you're not paying anything for... Who is going to write the cheque?
I hate DRM and spammy ads and privacy invasions as much as anyone -- more that most, probably, given that I really do give up on some things most people accept because I refuse to support the intrusions. But still, we live in the real world, and you can't just wish Bad Things away without proposing Better Alternatives. BTW, "everything I want should be free and unencumbered" is not a viable Better Alternative.
If you are still developing/depending on applets, 1995 called they want their stupid ideas back.
Hi 2013, this is 1995 calling. When your new shiny toys have the portability and performance and flexibility that we had nearly two decades ago, and developers can write software using them with a reasonable expectation that it will still be working in 5 or 10 years (or even 1 or 2 years) without needing constant maintenance, then you get a vote. Until then, we'll keep our "stupid" ideas, because they've been helping us get useful work done since before you were born. Kthxbye.
Anyway, generally warning people before loading any java applet: "This plugin is insecure" is great.
No, warning people before loading an insecure plugin that it is insecure is great. Warning people that a newly updated plugin with no known vulnerabilities is insecure confuses them and teaches them that your security messages are worthless and they should just click yes.
I don't think anyone is claiming that Java is some paragon of Internet virtue that should be trusted without question, or that blocking plugins from unknown sites until the user OKs them is necessarily a bad idea. However, crying wolf and creating obscure UIs and turning everyday software into nuisanceware isn't a good response.
Must we have this troll comment every time someone mentions Java applets?
Java applets are commonly used, as they have been for many years. According to this Chromium blog post from September 2013, 8.9% of Chrome users had launched something using the Java plugin in the past month.
Among the common uses that get mentioned every time this discussion comes up are: public access to banking and government systems in various countries, games, user interfaces for devices (scientific equipment, network infrastructure, all kinds of examples), access to local hardware devices that aren't yet available via newer technologies, some popular teleconferencing and VPN software, and little demo graphics written by academics to go on their web sites a decade ago that are still just as relevant today.
In other words, just because you don't use Java applets yourself or know when they're still useful, don't assume everyone else is in the same situation.
I've also heard that their new lines are better, but by definition they don't have a long track record yet to know whether they'll stay that way.
In any case, there are other brands with much more consistent technical track records and much better customer service who also have well-reviewed recent products available.
This is the trouble with cutting corners and mistreating customers and damaging your business reputation as a result: it's a trap that your business will probably never escape, no matter what you do later. Your brand becomes toxic, and as you can see from this thread, no-one's going to shed many tears when your business eventually fails.
Sure, it's a YMMV issue. The trouble is, the people who don't know enough to pick a "safe" default setup as you're suggesting are exactly the ones who most need one.
Linux command prompts make me nervous, and I'm a professional who's been using them for years. Thankfully, I haven't (yet!) really screwed up and lost a lot of stuff, but I know similarly experienced and generally competent people who have. Sometimes all it takes is running a command without a key parameter, and that's as easy as catching the enter key at the wrong time or running a script that doesn't check how many arguments it was given before it starts substituting placeholders.
Not that I disagree with your real point about using a Linux live CD, but please be careful telling people to play around with it because it won't harm anything. Your normal Windows drives probably get mounted by default, and one mistaken command with a cryptic two-letter name could easily destroy data without even prompting for confirmation (rm, dd, etc.).
It seemed that you were condoning all invasions of privacy because you found a few instances where it might be appropriate. I think that is the objectionable part in contention.
I apologise if I gave that impression. I am not intending to argue that position at all. In fact, my personal stance seems very similar to yours (starting where you wrote, "The problem here is not invasion of privacy per se, but unrestricted invasion of privacy.").
I had hoped that this would be clear from my repeated references throughout this discussion to questions of degree and to the need to control the reuse of data by other parties or for other purposes than those for which it might originally have been collected legitimately. I'm very sorry if that wasn't the case.
The only point I'm trying to make regarding compulsory collection of data by governments is that I think in practice some level of invasion of privacy is inevitable, and indeed desirable, for our society to function effectively. I agree that in theory we could move to a radically different form of government and government funding, but I think is not going to happen any time soon, so for now we need a fair (in the objective sense of being published and equally applicable to all citizens) set of rules for running that government and for providing resources to it. I think this inevitably requires some basic information about those citizens, for example to ensure that elections can be (and are seen to be) properly representative, even if not everyone chooses to exercise their right to vote.
Personally, I have no problem with governments collecting information for that kind of purpose. I think it's in everyone's interests, and it's possible to have information about who has a right to vote without using it for any other purpose. Things get more controversial when you start repurposing that information. For example, in the UK, the electoral roll is also used for various identity checking purposes, for identifying candidates for jury duty in courts, and for fundraising by local authorities who sell the contents of the roll to marketing organisations. The degree to which these reuses of that information are acceptable is a far more interesting debate to me than whether we should have a compulsory electoral registration process every year that requires everyone to confirm who is eligible to vote in their household.
How were my specific examples (knowing who can vote so you can hold elections and knowing enough about financial status to apply taxation objectively) using a hypothesis to prove a conclusion? What alternative do you propose in those cases that does not necessarily imply some degree of invasion of privacy? Or are you suggesting that we don't really need fair elections or any taxation at all? If so, that's a very different debate to the one I think we're having here.
Indeed it is. You can't compromise on fundamental freedoms.
Of course you can. Basic rights and freedoms, things we would consider well worth defending in isolation, come into conflict all the time. The difficult questions, whether in ethics or as practical matters of law, are very often difficult precisely because there is no answer that does not diminish some right or freedom we value even as it defends something else we choose to value more. And not everyone agrees with which rights and freedoms are the most valuable.
That has little to do with violating people's rights/privacy
Of course it does. For society to function at all, some degree of invasion of privacy is necessary. You can't hold fair elections without knowing who's allowed to vote. You can't raise taxes according to some objective standards without knowing enough about people's personal finances to establish how much tax they will be charged. More vaguely, but certainly no less practically, you can't plan civil functions like transportation and healthcare without surprisingly detailed data about what real people do in their lives.
Trying to preserve absolute privacy, in the sense that no-one knows anything about you, is a futile battle. It can't work, and even if it did, you'd hate the results.
What we should be doing is looking firstly at the extent to which any given data about someone is useful for some other specific person/organisation to have for some legitimate purpose -- if not, that person/organisation doesn't need to have the data at all. If so, we need reasonable safeguards to prevent data that was collected for the use of one party for one legitimate purpose then being redirected for use by other parties and/or for other purposes.
I personally believe that this will be one of the defining challenges of the next 10-20 years. Our understanding of why privacy is important and of what constitutes privacy need to evolve. Modern technology allows an unprecedented degree of data collection and processing that has enormous potential to affect all our lives, for better or for worse. But that technology is ethically neutral, as all technology is. What matters is how we use it, and that is a matter of what is socially acceptable, and that is an area that could benefit from a lot more healthy and informed debate than it seems to be getting so far.
I entirely agree. The amount of time, money and public attention squandered on Wars on Abstract Nouns is appalling, and it demonstrates a lamentable lack of vision/spine/leadership in our political classes.
Nevertheless, the idea that buying people off instead of protecting them is a good plan is ethically dubious to say the least. We can certainly debate the level of threat that exists from terrorist attacks, and as you rightly point out we can contrast it with the level of danger from other risks we know about. Still, to the extent that the threat is real at all, it's reasonable to ask what we could do to avoid any loss of human life in the future rather than just assigning everyone a dollar value and being done with it.
Because there's no one to compensate.
Well spotted. I'm glad we cleared that up.
Minimal? It still exists, then.
Almost no-one in the first world truly lives in isolation. The rest of us are all part of a society, and the interesting questions are about the extent to which we want to integrate with that society and to which society should be able to compel people to integrate even against their will.
Intrusion into someone's daily life is an inevitable consequence of society existing at all, so again, the interesting questions are the degree to which that intrusion is desirable or acceptable. That in turn is only something we can sensibly consider in context, knowing what the potential benefits and risks of any given intrusion might be.
In this case, it is certainly possible that the costs financially and/or in loss of privacy may not be justified. But "It's cheaper to pay off the dead" isn't much of a counter-argument.
I suspect you're exaggerating the risk of intrusive surveillance dramatically here. Of course it's always good to keep an eye on possible future uses of such technology and any danger of scope creep. However, there's just a small difference between the kind of sensor network that can tell you someone within a few hundred metres of this city centre location is working with a surprising amount of fertilizer and the kind of sensor network that can do a full chemical breakdown complete with DNA analysis on all foul waste from each house in every street.
It's hard to compensate you when you're dead, or one of your loved ones is crippled and you're going to need special care for them for the rest of their life.
Whether the cost is justified for a project like this is something you'd have to weigh up in light of both what that cost would actually be and how effectively it could detect real threats.
Still, at least this seems like an idea that might have some genuine merit in protecting people from these kinds of attacks and with minimal intrusion into everyone's daily lives under normal conditions. For that alone, it seems like an improvement on many previous ideas.
Well, you know, 5 November is coming up, so here in the UK everyone is into gunpowder plots lately...
What are they going to do? We have far more military might than the EU combined
As surprising as it apparently is to a certain kind of American, not everything in international relations has to be resolved with violence.
The US is committing hostile acts against EU member states, and measures like withdrawing cooperation in these programmes are a reasonable and proportionate response. Trade sanctions would be a more serious step up: no-one would win in the short term if that happened, but the US would probably lose a lot more. There would be direct costs, of course, but also probably irreparable damage to the United States' wider international credibility and reduced cooperation from other nations who were already less predisposed to support the US on matters of mutual interest.
From the outside, it seems very strange that so many people in the US are so proud of their vast military-industrial complex and security services. Here in the UK, the most damaging coverage of the US recently had nothing to do with spying or wars, not that those are winning many friends here. The really sad stuff was shots of pathetic posturing from the political leadership of both the main US parties, juxtaposed with footage of federal workers in DC holding banners saying "Please do your jobs so we can get on with ours", and stories of couples whose wedding days were spoiled, and descriptions of children with very serious health problems who weren't getting experimental drugs that were their only hope because the programmes to trial them were suspended. The idea that such a dysfunctional government, run by politicians so completely out of touch with the basic needs of their own people, should be trusted with anything of significance, security-related or otherwise, just seems bizarre at this point.
Firefox 24 fixed 7 critical security vulnerabilities, on top of the 4 fixed 6 weeks earlier in Firefox 23, and 4 more fixed 6 weeks before that in Firefox 22, and 3 more 6 weeks earlier still in Firefox 21, and so on. Within the past year there have been Firefox releases that fixed as many as 12 critical vulnerabilities.
By your argument, since I have no reason to believe the latest Firefox will have no known vulnerabilities for the entire time that release is current, we should probably just declare Firefox to be dangerous by default and have it prompt users before opening every page from a site they didn't already OK explicitly.
In fact, Microsoft should just flag Firefox as known insecure software and push out a Windows update that warns users about this every time they try to run it, even if Firefox itself is already doing that. And then Microsoft should push out another update a few weeks later that fully removes Firefox from everyone's system for their own safety, and they should kill support completely for anyone who doesn't install that update within the next few months.
Isn't it lucky that Microsoft have an alternative technology that they'd prefer us all to use instead, which they can generously offer to us when they shut down what we've chosen to use previously?
Why should anyone spend a lot of time and money "modernizing tech" when the existing tech is tried and tested and does its job well?
Mozilla won't force the issue. It makes no commercial sense of all the big Java-using corporations to play along. Why do I think IE6 is still used? I think it's because the browser vendors tried to move the goalposts, and the corporate world told them where to go.
I think you're right about the importance of individual players, but the overall trend is unstoppable.
The thing is, it is stoppable. Businesses that rely on Java applets will simply stop upgrading their browsers, and the browser makers will have created IE6 all over again and for exactly the same reason as last time.
The large organisations are probably all running heavyweight malware scanning at the entry point to their network anyway, and the current generation of browsers and plug-ins that will still run Java applets all prompt for confirmation already. The security gains for those organisations from the pressure you're talking about are small, probably the benefits from having all the latest shiny are also small, and the cost of abandoning key intranet facilities developed over many years could be high.
Ironically, lots of people on forums like this will then complain about how their corporate employers are still running some browser from the dark ages because their intranet doesn't follow the proper standards, because they're too young to remember that Java applets predated all those new standards by well over a decade, and because they're too innocent to realise that in most cases businesses aren't installing browsers for them to surf the Internet, they're installing browsers for them to use the tools they need to do their jobs and they don't much care whether anything else works or not.
For what it's worth, I agree with much of what you wrote there. JS performance has come on dramatically in the recent past, and combined with new HTML and CSS tools, you would be much better off starting a new project today using HTML+CSS+JS in most cases.
However, it's not the demands of new software that bothers me in this situation. It's the gazillions of developer-years' worth of existing, working, "legacy" software that is getting broken. We can't have everyone rewriting their entire software portfolio every six weeks because someone at Mozilla or Google decided they don't like the current reality. Put bluntly, neither Mozilla nor Google is that important, as I suspect the former is about to realise rather painfully.
You know, I remember a world wide web where random people ran their own websites giving away free everything
...wrote mx+b for free, before sharing it via a web forum operated by a commercial organisation and funded by ads.
I have never had any problems getting applets to run across all the major browsers, until the recent rounds of deliberate breakage from various browser vendors and Oracle.
Similarly, I have had applets deployed in the field that kept running quite happily for years. I have current ones from the Java 5 days that worked fine well into the Java 7 era, and nothing was breaking during the updates, again until the past few months when APIs that were stable for nearly 20 years got changed and other similar silliness.
Depending on who you ask, there are about 2.5B people using the Internet now. If we assume most of them use the Web and we assume that the pattern for Chrome is representative of the general population, that means more than 200,000,000 people used a Java applet at some point in the previous month.
Even I am surprised by that, but in any case, it seems you and I have very different ideas of what "almost extinction-level rare" means.
The number of support e-mails in my inbox this week from those users suggests that they aren't too happy about being "defended" in this way.
You do understand that without those Bad Things you so hate, there probably wouldn't be a Web worth saving, right? Someone has to pay the bills, and if you're not going to pay for content, you're not going to accept advertising, you want full privacy and security when using services you're not paying anything for... Who is going to write the cheque?
I hate DRM and spammy ads and privacy invasions as much as anyone -- more that most, probably, given that I really do give up on some things most people accept because I refuse to support the intrusions. But still, we live in the real world, and you can't just wish Bad Things away without proposing Better Alternatives. BTW, "everything I want should be free and unencumbered" is not a viable Better Alternative.
If you are still developing/depending on applets, 1995 called they want their stupid ideas back.
Hi 2013, this is 1995 calling. When your new shiny toys have the portability and performance and flexibility that we had nearly two decades ago, and developers can write software using them with a reasonable expectation that it will still be working in 5 or 10 years (or even 1 or 2 years) without needing constant maintenance, then you get a vote. Until then, we'll keep our "stupid" ideas, because they've been helping us get useful work done since before you were born. Kthxbye.
Anyway, generally warning people before loading any java applet: "This plugin is insecure" is great.
No, warning people before loading an insecure plugin that it is insecure is great. Warning people that a newly updated plugin with no known vulnerabilities is insecure confuses them and teaches them that your security messages are worthless and they should just click yes.
I don't think anyone is claiming that Java is some paragon of Internet virtue that should be trusted without question, or that blocking plugins from unknown sites until the user OKs them is necessarily a bad idea. However, crying wolf and creating obscure UIs and turning everyday software into nuisanceware isn't a good response.
Must we have this troll comment every time someone mentions Java applets?
Java applets are commonly used, as they have been for many years. According to this Chromium blog post from September 2013, 8.9% of Chrome users had launched something using the Java plugin in the past month.
Among the common uses that get mentioned every time this discussion comes up are: public access to banking and government systems in various countries, games, user interfaces for devices (scientific equipment, network infrastructure, all kinds of examples), access to local hardware devices that aren't yet available via newer technologies, some popular teleconferencing and VPN software, and little demo graphics written by academics to go on their web sites a decade ago that are still just as relevant today.
In other words, just because you don't use Java applets yourself or know when they're still useful, don't assume everyone else is in the same situation.
I've also heard that their new lines are better, but by definition they don't have a long track record yet to know whether they'll stay that way.
In any case, there are other brands with much more consistent technical track records and much better customer service who also have well-reviewed recent products available.
This is the trouble with cutting corners and mistreating customers and damaging your business reputation as a result: it's a trap that your business will probably never escape, no matter what you do later. Your brand becomes toxic, and as you can see from this thread, no-one's going to shed many tears when your business eventually fails.
Sure, it's a YMMV issue. The trouble is, the people who don't know enough to pick a "safe" default setup as you're suggesting are exactly the ones who most need one.
Linux command prompts make me nervous, and I'm a professional who's been using them for years. Thankfully, I haven't (yet!) really screwed up and lost a lot of stuff, but I know similarly experienced and generally competent people who have. Sometimes all it takes is running a command without a key parameter, and that's as easy as catching the enter key at the wrong time or running a script that doesn't check how many arguments it was given before it starts substituting placeholders.
Not that I disagree with your real point about using a Linux live CD, but please be careful telling people to play around with it because it won't harm anything. Your normal Windows drives probably get mounted by default, and one mistaken command with a cryptic two-letter name could easily destroy data without even prompting for confirmation (rm, dd, etc.).