"'You tell me, should I allow it?' Depends on what you find on Google. I don't know off the top of my head."
And you are unwilling to find out by either paying attention when I tell you two paragraphs later, or by googling it yourself. Yet you think it reasonable to expect Joe Sixpack to google it in order to check the weather.
"So there's no possibility that someone might actually make the right choice given enough information? That's kind of cynical" In the example at hand, there is not enough information. It isn't there. No amount of searching will reveal it. Norton doesn't have enough information to make the decision, so it is asking you to make the decision, based on the information it has, which is not enough information. The information does not exist. With a little of research, one can understand exactly why there is no way to know whether to click OK or Block. One can make the right decision only by chance. "SvcHost.exe is trying to access the internet" is not enough data, because SvcHost.exe is a program that runs other programs, and that other program could be anything.
"'Do I click OK?' You tell me, you're the expert:)"
I reason that it is more likely that this is legit traffic than malware, I'm feeling lucky, so I click OK. Then I realize that I will make the same estimation every time I get such a prompt, so I uninstall Norton to avoid wasting my time.
"This I agree with; software firewalls do have their limitations, but they're better than nothing." This is the crux of my point: They are not better than nothing. they are worse than nothing because they give you a false sense of security and waste your time, while not providing any benefit, because it will never be reasonable to have them block traffic based on the information they give you.
"Why should I have to put up with a dumber system because people can't be bothered to learn the most basic information about using their computer safely? Not to mention the more we dumb down the systems, the less useful they are."
Do you feel todays computer systems are "dumbed down" or "less useful" than say, a circa-1990 dos box? I had to know a heck of a lot to get a box like that on a network, and it wasn't nearly as useful as the box I can just plug in today. Making it so average users can do X without knowing Y, means I can do X without wasting my time caring about Y, even though I know about it.
Nobody is ever going to do 5 minutes Google reseach before they click OK and get their weather report, when they can spend no time at all and probably be OK. I'm sorry that's upsetting to you, but it's true.
"Why are 'user education' and 'prevention/detection/isolation' mutually exclusive?"
They're not. Prevention can be done by pre-installed software, off-system detection/isolation can be done without the users cooperation. "User Education" requires effort by the user, which they aren't going to expend, because their computer works well enough, and in the example at hand, it doesn't help any anyway.
"We need all of those" I don't think we need the user education, because I don't think it helps. Which is good, because we're not going to get it.
"The only real difference between a republic and a democracy is in the spelling."
Nah, a republic is a political order whos head of state is not a monarch. The United States, China, and Iran are all Republics. Canada and Sweden are democracies, but not Republics. Republic is an essentially useless term in the modern world.
But really, I'm agreeing with you, people who say "The United States of America (USA) is a REPUBLIC, not a DEMOCRACY." are a pet peve of mine. It's like saying "Toyota is a Corporation, not a car manufacturer."
"A phone number feels more physical than a web presence so it should be easier to track"
It's not easier to track, because it only feels more physical. It's not really, or doesn't have to be. Since the people setting it up are apparently pretty technically sophisticated Phishers, I'm guessing the phone number leads, via VoIP, to an (abandonable) automated system in a foreign country that then throws the stolen data up where anyone who knows the right IP address can download it, which the phishers do from yet a third country.
It's international wire fraud just as it always has been, and probably fantastically illegal, and punishable by terrible things in several countries. But there is still basically no chance of catching the Phishers if they are careful.
Re:Didn't stop the use of 'Nintendo' either...
on
Both Sides of Wii
·
· Score: 1
What's so weird about Nintendo? An average american-english speaker can just read 'Nintendo' or 'Atari' and pronounce them in the most obvious phonetic way, and get the names more or less right. Indeed, that's the whole basis of how they are spelled. You say those words to english speakers who haven't heard them before, and they'll spell them right. I never heard anyone drop the 'N' from "Nintendo", nor can I imagine why they would. I dunno, "Nintendo" never seemed very "foriegn" sounding to me. Say "Wii" to an english speaker with any pronounciation you want and ask how they think it is spelled. You'll never get "Wii". "Wii" is not foreign sounding, because for that I'd have to have some idea how it should sound. It is not a transliteration of a foriegn word. It's an attempt at a play on an english word. You can't just pronounce it phonetically, because english doesn't put two 'i's in a row. For the way they want to pronounce it ("We"), it's just misspelled. Three other pronounciations come to my mind before that one, not that I think any of them are right, because in english, "ii" is just a typo, every time. Actually, my first thought was the roman numeral posibility, i.e. that it should be pronounced "double-u two" because that's the only time you see two 'i's in english.
"So they don't tell you which program or.dll is trying to access the network? Plugging that into Google will get you what you need."
It tells me "SvcHost.exe is trying to access the internet". This is all the information that is provided. You tell me, should I allow it?
A novice user won't know what it means. If they click OK, they'll get their weather report, and almost certainly won't have any problem. If they do have a problem, it will happen days later, and they won't connect it to the prompt. Asking them to do something other than click OK, is, in my opinion, hopelessly unrealistic.
You'd like them to put that into Google. If they do they'll get a wealth of pages; some will mention virusses, some will not. Depending which they read, they'll click OK, or not, or worry about it, or not. Either way, the actual results of clicking OK will be as above, clicking "block" will almost certainly break something the user didn't want broken.
I've got considerable knowledge in this area. Compared to the average user, I am an expert. Without Googling I already know for sure that ServiceHost.exe accessing the internet could be my weather-report-fetching widget, half a dozen other legitimate parts of my operating system doing network stuff, or any of 20+ virusses and Trojans phoning home for attack instructions. Again, you tell me: Do I click OK?
"either users will learn the basics or people will stop using computers."
Or, systems will be designed that don't rely on users knowing stuff; particularly stuff it is not possible for even the knowledgeable expert users to know. While you throw up your hands and say there is no solution except an unrealistic, and in this case, insufficient one, others will continue looking for better solutions. For example, on an already-compromised system, preventing the spread of malware by blocking outbound traffic in software on that same system (which, if you'll recall, is what this article is about) is obviously futile. No amount of user education will make it a less stupid aproach, and focussing on user-education will prevent you from realizing you need to attack the problem in other ways (prevention beforehand, and off-system detection & isolation, for example).
People are not going to stop using computers. In fact, more and more people are using computers all the time. Because more and more people "know what they are doing"? No. Because the amount of stuff you need to know to use a computer has been drastically reduced.
"In the whole range of accepted sources of fact, Wikipedia is somewhere below politically-oriented Blogs, the New York Post and CBS news"
I disagree.
Politicallty oriented blogs only cover topics someone is interested in promoting their own slant on. Anyone can write one, and prevent any other points of view, or uncomfrortably contraditory facts, from being expressed. Wikipedia covers many topics somone may be interested in promoting their own spin on. It is harder for someone to lock out all dissent on Wikipedia than on their own blog, so it's better even there. Still, one should be cautious, and read such articles with a critical eye.
However, Wikipedia contains a stupefyingly huge number of articles on a vast array of topics that nobody in their right mind would be interested in promoting their own spin on. Wikipedia is valuable for these articles. News organizations are valuable for factual information on current events (but look out for spin). Most political-oriented blogs are just spin; they are bad for the readers thinking skills, and society at large.
"he's been given the information he needs to make the decision"
Do you even read the posts you're replying to? The messages provided by Norton (and I'm told, ZoneAlarm) do not provide the information needed to make the decision. Not even to someone who has all the background knowledge they need.
You think average users knowing details about networking protocols before they check the weather online is like having a drivers license before driving. I think it's more like knowing how to set your engines ignition timing.
It doesn't really matter though; it's not going to happen. Saying the only solution to network security issues is for average users to have detailed knowlege of networks before they use computers is just another way of saying there is no solution.
Given the current state of security software though, even having the background knowledge isn't enough.
Joe average wants to check the weather report online without knowing what a UDP port is, and that's "not OK" with you? He's "stupid" because he clicks OK, gets his weather report, and goes on with his life. To be not-stupid, in your estimation, he should spend several weeks in an intensive course on computers and networking. Then, when the prompt pops up asking him if "MeaninglessName.dll" should be allowed to access the network, he can spend a couple hours tracking down what "MeaninglessName.dll" is, so he'll know it's part of some networking library, and is just passing on the request of some higher level program the security system doesn't have the name of. At this point he will fully understand that he doesn't know enough about the network request being made to decide if it is legit, and can, from an informed position, cross his fingers, blindly hit ok, and get on with his life.
"Needless to say, the problem will not improve anytime soon." Needless to say, I don't expect YOU to improve the situation anytime ever. Some of the rest of us may try to build systems that operate in the real world, rather than blaming users for being stupid because they don't care about problems they shouldn't have to care about, and couldn't solve if they did.
Whose the more moronic, the moron, or the moron who knows the first one is a moron, but depends on him for security decisions anyway?
Prompts to ask whether certain traffic should be allowed are not are idiotic if the person you are asking doesn't know. Most users don't know, care, want to know, or wish to have to care what a UDP port is. You can call them "ignorant morons" for this if you like, they probably don't care waht you think of them either. Regardless, if ZoneAlarm derives it's "security" by asking such users to make technical security decisions, it's not adding anything. I've not used ZoneAlarm, but have used Norton. Because I have much more knowledge than most of their users would be expected to, I actually do know what the prompts were talking about. So I know for sure they weren't providing enough information to know whether to allow the traffic or not.
I could write you a program that pops up a prompt every 30 seconds or so. This propmt will say "Flang the Zip-Zop-zoodle?". If you click "OK", nothing will happen. If you click "Cancel" it will kill a randomly selected process (which could be malware after all). After the first day, do you think you'll hit "cancel" much? This script will add exactly as much value as the "security suites" I have seen.
I had Norton for a bit. It would pop up every few seconds saying such-and-such was trying to do this-and-that, and asking if I wanted to allow it or not. But the descriptions of what was trying to do what were such that most users wouldn't have the foggiest idea what they were talking about. I'm a very technical boy, which let me devine that they were asking me to make these decisions based on techy-jargon that didn't possibly contain enough information to make the call. I guess you're just supposed to hit "allow" and feel like it's doing something? Pointless.
In the US, as far as I am aware, in living memory, peaceful protesters have been arested quite a few times, shot once, and never literally run over by tanks.
The Newark Riots were quite a tragedy, though I don't think they qualify as criticising and trying to change the government by peaceful means.
Now, the Kent State massacre is a bit more on point. People peacefully criticising the government were shot and killed. It was a terrible thing. But here's a couple things that strike me about it: - While the government put under-trained National Guard troops in a position that created the atmosphere in which the shooting occiurred, the shooting was strictly against orders. The governemnt did not authorize it in advance or condone it afterwards. - The Kent state massacre is the topic of several folk songs, one of which gets regular radio play to this day. - No one has ever tried to hide it from anyone, indeed, Government funded museums have made documentaries about it.
Would you care to contrast any of this with Tiannamen square?
"...Rosa Parks, anyone? I heard she was just pardoned..." Where do you get this stuff? The laws in question were invalidated long before I was born. The 'crime' of supporting democracy in China has been punished by death in my childrens lifetime.
"you do have the right to criticize the Chinese government and also change it, although the mechanisms are different than what you are used to."
Ahh! You can critisize the government, just do it in an officailly approved manner. My neighbor has their garage door painted as a great big billboard calling various US government officials murderers and crooks; it's an eyesore, but what you going to do? Think that would fly very long in china?
"Of course, the police arrived and threatened me with the death penalty unless I wore clothes" But they didn't really, you're exagerating. Maybe they threatened you with a fine, which I'll agree is silly. I know of no jurisdiction in the US where indecent exposure goes beyond a misdemeanor.
In any case, I think you should be able to run around the park naked, sleep with hookers, and sell drugs if you want, and it bugs me that the US is imperfect on these fronts. I'll readily agree you may be more free to do these things in China. I'd rather vote.
"I have lived in both countries, so I should have a clue about it." I'm sure you enjoyed the whores, how was the voting?
Frankly, how opressive the US is or isn't doesn't strike me as particularly relevant to the question of whether it is mindless china bashing to say the chinese governement are a bunch of totalitarian thugs. Independent of anyone else, strictly on their own merits, the Chinese government are a bunch of totalitarian thugs.
Wax lyrical about the wonderful freedoms in whatever country all you want. If the government can't be voted out, it's bullshit; they're totalitarian thugs.
And what do you have to do in China to get stripped of your political rights? Oh, right: live there. Prostitution is legal in some places in the US; I'm not aware of a jurisdiction where the customers get 15 years, and stripped of property and political rights.
In any case, while I think charging/paying for sex ought to be left to the two people involved, if I were to list rights in oreder of importance, the right to "fuck a whore" would not exactly be on top. In fact, I think the top would be the right to criticise the government and seek to change it (by peaceful means). That right is the key to all others after all.
In the US, we mostly have that right, so we should be most vigilant, and scream bloddy murder any time someone tries to restrict it even a little bit.
In China, excercising that right will get jailed, shot or just run over by a tank, so anyone who dismisses complaints about the opressive nature of the Chinese government as ignorant bashing is an idiot. An idiot with access to whores, perhaps; but still an idiot.
Ineffective (dare I say corrupt?) enforcemnet of laws whose violation doesn't threaten the government does not strike me as mitigating wholesale oppression of dissidents.
You "needed the information" and did "research", but failed to find information I got from every one of the first three pages in a google search? So you made up a number that was off by an order of magnitude, and now are happily taking my word for it? And you do this professionally?
Actually, Pi is the ratio of a circles circumference to it's diameter, in a euclidean space. Mathematicians extend the definitions of things beyond their typical bounds, because that's what they do. One of them may have noted that the limit of that sum was pi, and that that sum didn't depend on a euclidean space. But it didn't "just happen" to be thae ratio of the circumference of the unit circle in euclidian geometry. Rather, the fact that the sum equals pi is the whole reason mathematicians found that sum interesting in the first place. There are various other ways to derive pi as well. But the one that gets pi a greek letter to call it's own is the circle circumference/diameter one.
"There's something like 20 in operation currently around the world (mostly in Europe) and they work great."
Is this an example of the quality of data your opinions on nuclear power are based on? There are hundreds of nuke plants in operation world-wide. For what it's worth, they do work great; just not as cheaply as their proponents often suggest.
"Which definition of "operating system" do you prefer so that we can agree on semantics?"
For evalutaing Cringleys prediction, the definition of "operating system" I prefer is *Cringleys*. Indeed, I assert that that is the only one that is at all relevant. I do not know exactly what that definition is. However, there are certainly some reasonable definitions that would include stuff Apple might do within OSX and would not include Wine. If you choose to apply a definition of "operating system" that is not in this category, you have chosen one that is clearly not the intended definition. You have chosen the wrong one.
"My definition of an operating system agrees with the American Heritage Dictionary's definition of 'system' as 'A group of interacting, interrelated, or interdependent elements forming a complex whole.'"
As does any collection of software whatsoever, amongst innumerable other things. Surgeons and nurses working together fit American Heritages definition of 'system' and they even 'operate', but I wouldn't call them an operating system in the context of this discussion, so let's forget the appeals to the dictionary, OK? Sorry, but I'm going to continue to regard as bizzare any definition of "operating system" that includes the 30 day AOL trial on my pc when I take it out of the box, and not the virus scanner I install immediately thereafter. I also regard as bizzare any definition that includes absolutely all software.
"Where did I say 'clueless'?"
My mistake, you didn't. Cringley said Apple would support the Win32 API directly in their operating system instead of using middleware like WINE. The original poster way on up top of this thread implied he was clueless for saying that because WINE supports the Win32 API. Others pointed out that that was a silly thing to say, because Cringleys whole prediction was that they would do it in the operating system. You went back and forth with some other guy about whetehr WINE counted as being part of the operating system. I chimed in that I thought your definition of operating system was not very useful in this context, and we've now beaten this horse well past expiration.
You misunderstand, I'm not marketing anything, I'm installing software on one computer for my personal use; does that make it part of the operating system? I don't see how it makes any difference whether I install it or Dell does. I don't think "put on the computer by a company that sold it and not the end user" is a very useful definition of "operating system". By that definition, many Linux boxes have no OS at all.
In any case, my point remains: You've taken the words Cringley used and assigned them bizarre definitions that clearly aren't what he meant, and declared him clueless on that basis. That's silly; trollish even.
So then if I install some software it becomes part of the "Microsoft Windows as presented by Dell and tweaked by 2Short" operating system? I guess I can see that, but in that case the term "operating system" is not very useful. I'm fairly sure Cringley intended some definition of "operating system" that was more restrictive, not to mention more commonly accepted. You might argue that definition is needlessly arbitrary. Calling him clueless because his statement isn't true using your bizzare definitions of his words seems a bit disingenuous. Certainly plenty of the rest of us understood what he meant by saying they would do it in the operating system as opposed to the way wine does it.
Pi is the ratio of a circles circumference to it's diameter, in a euclidean space. If you extend the idea of Pi into a non-euclidean space, it is up to you to define that extension. Pi has no commonly accepted definition in a non-euclidean space. In any case, Pi, or any mathematical constant, is a "constant" in a much different sense than the "constant" in the article, which ought to be called a "strikingly consistent observed value". Mathematical constants do not vary the way the value in the article is reported to.
They already know that the content will end up on Usenet and P2P almost imediately, just like their main-stream "non-burnable" content does. Because one person with the know-how/equiptment to get around the DRM and upload it is all it takes. They can't do much about that, and they know it.
Making it "non-burnable" annoys some people, but defeats the large number of people who would give or lend all their buddies a copy, but don't have the ability to burn them. This is not as big an issue with porn, because people don't typically do a lot of lending porn to their friends; so the industry may as well let you burn it.
"The market will decide what succeeds or fails" is a silly tautology, "the market" is just a personification of such decisions after the fact.
"The market will decide what is good" is false; the market makes dumb, short-sighted decisions all the time. The market doesn't care about "good" the market cares about "profitable", in the very short term.
"The market" is just the collective decisions of lots of people, deciding things for various reasons, presumably including the FCC commisioners endorsement of an idea. So implying it doesn't matter if the FCC commisioner steps outside her authority to push a particular idea because "The market will decide", is crazy. The market is deciding; Government officials using their offices to push something, and others calling them on it is part of that process.
DRM will succeed if it is profitable for device/content creators in the very short term. If the next gen of DVD players is the only way to watch movies for even a short period, people will take it's cumbersomeness as unavoidable and we'll be stuck with it forever.
"Therefore, if we are to have a militia to protect us against the federalists, we need to do a much better job of bearing arms than we currently do."
I was going to disagree with all manner of things in your screed, but I'll settle for this one: If you want people to take your ideas about the constitution and the framers intent seriously, you should probably figure out what "federalist" means.
The federalists are coming! The federalists are coming! We must stop them before they constitute the nation as a federation of seperately soveriegn states! Send out the militia!
See, now that's an interesting discussion we could have, were he identified that way, rather than trying to discuss why a "Greenpeace Founder" would promote nuclear power.
From what I can tell, an "Exxon-Mobil shill" would promote nuclear power because he's a whore, and will promote whatever he's paid to promote. Since the thing he's got going for him is the ability to get news outlets to identify him as a "Greenpeace founder", the people who will pay him to promote stuff is anyone who needs to spike an eco-image problem. So he has lobbied in favor of gas & mining companuies, nuke plants, bio-tech, etc.
What he's saying about nuclear power is not particularly notable.
The fact that a "Founder of Greenpeace" is saying it is what is news-worthy. Who he (supposedly) is is the story. So it's perfectly reasonable to point out that "Founder" is a stretch, and "longtime paid lobbyist for any well-heeled industry with eco-image problems that will cut him a check" is a much more relevant description of who he is.
What he is actually saying about nuclear power is not terribly worth discussing; it's the nuke-industry party line he's paid to spout. It's as irrationally pro-nuclear as the actual founders of Greenpeace are anti-nuclear. Neither makes a good starting point for discussion.
Slashdot Mirror
"'You tell me, should I allow it?'
:)"
Depends on what you find on Google. I don't know off the top of my head."
And you are unwilling to find out by either paying attention when I tell you two paragraphs later, or by googling it yourself. Yet you think it reasonable to expect Joe Sixpack to google it in order to check the weather.
"So there's no possibility that someone might actually make the right choice given enough information? That's kind of cynical"
In the example at hand, there is not enough information. It isn't there. No amount of searching will reveal it. Norton doesn't have enough information to make the decision, so it is asking you to make the decision, based on the information it has, which is not enough information. The information does not exist. With a little of research, one can understand exactly why there is no way to know whether to click OK or Block. One can make the right decision only by chance. "SvcHost.exe is trying to access the internet" is not enough data, because SvcHost.exe is a program that runs other programs, and that other program could be anything.
"'Do I click OK?'
You tell me, you're the expert
I reason that it is more likely that this is legit traffic than malware, I'm feeling lucky, so I click OK. Then I realize that I will make the same estimation every time I get such a prompt, so I uninstall Norton to avoid wasting my time.
"This I agree with; software firewalls do have their limitations, but they're better than nothing."
This is the crux of my point: They are not better than nothing. they are worse than nothing because they give you a false sense of security and waste your time, while not providing any benefit, because it will never be reasonable to have them block traffic based on the information they give you.
"Why should I have to put up with a dumber system because people can't be bothered to learn the most basic information about using their computer safely? Not to mention the more we dumb down the systems, the less useful they are."
Do you feel todays computer systems are "dumbed down" or "less useful" than say, a circa-1990 dos box? I had to know a heck of a lot to get a box like that on a network, and it wasn't nearly as useful as the box I can just plug in today. Making it so average users can do X without knowing Y, means I can do X without wasting my time caring about Y, even though I know about it.
Nobody is ever going to do 5 minutes Google reseach before they click OK and get their weather report, when they can spend no time at all and probably be OK. I'm sorry that's upsetting to you, but it's true.
"Why are 'user education' and 'prevention/detection/isolation' mutually exclusive?"
They're not. Prevention can be done by pre-installed software, off-system detection/isolation can be done without the users cooperation. "User Education" requires effort by the user, which they aren't going to expend, because their computer works well enough, and in the example at hand, it doesn't help any anyway.
"We need all of those"
I don't think we need the user education, because I don't think it helps. Which is good, because we're not going to get it.
"The only real difference between a republic and a democracy is in the spelling."
Nah, a republic is a political order whos head of state is not a monarch. The United States, China, and Iran are all Republics. Canada and Sweden are democracies, but not Republics. Republic is an essentially useless term in the modern world.
But really, I'm agreeing with you, people who say
"The United States of America (USA) is a REPUBLIC, not a DEMOCRACY."
are a pet peve of mine. It's like saying
"Toyota is a Corporation, not a car manufacturer."
"A phone number feels more physical than a web presence so it should be easier to track"
It's not easier to track, because it only feels more physical. It's not really, or doesn't have to be. Since the people setting it up are apparently pretty technically sophisticated Phishers, I'm guessing the phone number leads, via VoIP, to an (abandonable) automated system in a foreign country that then throws the stolen data up where anyone who knows the right IP address can download it, which the phishers do from yet a third country.
It's international wire fraud just as it always has been, and probably fantastically illegal, and punishable by terrible things in several countries. But there is still basically no chance of catching the Phishers if they are careful.
What's so weird about Nintendo? An average american-english speaker can just read 'Nintendo' or 'Atari' and pronounce them in the most obvious phonetic way, and get the names more or less right. Indeed, that's the whole basis of how they are spelled. You say those words to english speakers who haven't heard them before, and they'll spell them right. I never heard anyone drop the 'N' from "Nintendo", nor can I imagine why they would. I dunno, "Nintendo" never seemed very "foriegn" sounding to me.
Say "Wii" to an english speaker with any pronounciation you want and ask how they think it is spelled. You'll never get "Wii".
"Wii" is not foreign sounding, because for that I'd have to have some idea how it should sound. It is not a transliteration of a foriegn word. It's an attempt at a play on an english word. You can't just pronounce it phonetically, because english doesn't put two 'i's in a row. For the way they want to pronounce it ("We"), it's just misspelled. Three other pronounciations come to my mind before that one, not that I think any of them are right, because in english, "ii" is just a typo, every time. Actually, my first thought was the roman numeral posibility, i.e. that it should be pronounced "double-u two" because that's the only time you see two 'i's in english.
"So they don't tell you which program or .dll is trying to access the network? Plugging that into Google will get you what you need."
It tells me "SvcHost.exe is trying to access the internet". This is all the information that is provided. You tell me, should I allow it?
A novice user won't know what it means. If they click OK, they'll get their weather report, and almost certainly won't have any problem. If they do have a problem, it will happen days later, and they won't connect it to the prompt. Asking them to do something other than click OK, is, in my opinion, hopelessly unrealistic.
You'd like them to put that into Google. If they do they'll get a wealth of pages; some will mention virusses, some will not. Depending which they read, they'll click OK, or not, or worry about it, or not. Either way, the actual results of clicking OK will be as above, clicking "block" will almost certainly break something the user didn't want broken.
I've got considerable knowledge in this area. Compared to the average user, I am an expert. Without Googling I already know for sure that ServiceHost.exe accessing the internet could be my weather-report-fetching widget, half a dozen other legitimate parts of my operating system doing network stuff, or any of 20+ virusses and Trojans phoning home for attack instructions. Again, you tell me: Do I click OK?
"either users will learn the basics or people will stop using computers."
Or, systems will be designed that don't rely on users knowing stuff; particularly stuff it is not possible for even the knowledgeable expert users to know. While you throw up your hands and say there is no solution except an unrealistic, and in this case, insufficient one, others will continue looking for better solutions.
For example, on an already-compromised system, preventing the spread of malware by blocking outbound traffic in software on that same system (which, if you'll recall, is what this article is about) is obviously futile. No amount of user education will make it a less stupid aproach, and focussing on user-education will prevent you from realizing you need to attack the problem in other ways (prevention beforehand, and off-system detection & isolation, for example).
People are not going to stop using computers. In fact, more and more people are using computers all the time. Because more and more people "know what they are doing"? No. Because the amount of stuff you need to know to use a computer has been drastically reduced.
"In the whole range of accepted sources of fact, Wikipedia is somewhere below politically-oriented Blogs, the New York Post and CBS news"
I disagree.
Politicallty oriented blogs only cover topics someone is interested in promoting their own slant on. Anyone can write one, and prevent any other points of view, or uncomfrortably contraditory facts, from being expressed. Wikipedia covers many topics somone may be interested in promoting their own spin on. It is harder for someone to lock out all dissent on Wikipedia than on their own blog, so it's better even there. Still, one should be cautious, and read such articles with a critical eye.
However, Wikipedia contains a stupefyingly huge number of articles on a vast array of topics that nobody in their right mind would be interested in promoting their own spin on. Wikipedia is valuable for these articles. News organizations are valuable for factual information on current events (but look out for spin). Most political-oriented blogs are just spin; they are bad for the readers thinking skills, and society at large.
"he's been given the information he needs to make the decision"
Do you even read the posts you're replying to? The messages provided by Norton (and I'm told, ZoneAlarm) do not provide the information needed to make the decision. Not even to someone who has all the background knowledge they need.
You think average users knowing details about networking protocols before they check the weather online is like having a drivers license before driving. I think it's more like knowing how to set your engines ignition timing.
It doesn't really matter though; it's not going to happen. Saying the only solution to network security issues is for average users to have detailed knowlege of networks before they use computers is just another way of saying there is no solution.
Given the current state of security software though, even having the background knowledge isn't enough.
Joe average wants to check the weather report online without knowing what a UDP port is, and that's "not OK" with you?
He's "stupid" because he clicks OK, gets his weather report, and goes on with his life. To be not-stupid, in your estimation, he should spend several weeks in an intensive course on computers and networking. Then, when the prompt pops up asking him if "MeaninglessName.dll" should be allowed to access the network, he can spend a couple hours tracking down what "MeaninglessName.dll" is, so he'll know it's part of some networking library, and is just passing on the request of some higher level program the security system doesn't have the name of. At this point he will fully understand that he doesn't know enough about the network request being made to decide if it is legit, and can, from an informed position, cross his fingers, blindly hit ok, and get on with his life.
"Needless to say, the problem will not improve anytime soon."
Needless to say, I don't expect YOU to improve the situation anytime ever. Some of the rest of us may try to build systems that operate in the real world, rather than blaming users for being stupid because they don't care about problems they shouldn't have to care about, and couldn't solve if they did.
Whose the more moronic, the moron, or the moron who knows the first one is a moron, but depends on him for security decisions anyway?
Prompts to ask whether certain traffic should be allowed are not are idiotic if the person you are asking doesn't know. Most users don't know, care, want to know, or wish to have to care what a UDP port is. You can call them "ignorant morons" for this if you like, they probably don't care waht you think of them either. Regardless, if ZoneAlarm derives it's "security" by asking such users to make technical security decisions, it's not adding anything. I've not used ZoneAlarm, but have used Norton. Because I have much more knowledge than most of their users would be expected to, I actually do know what the prompts were talking about. So I know for sure they weren't providing enough information to know whether to allow the traffic or not.
I could write you a program that pops up a prompt every 30 seconds or so. This propmt will say "Flang the Zip-Zop-zoodle?". If you click "OK", nothing will happen. If you click "Cancel" it will kill a randomly selected process (which could be malware after all). After the first day, do you think you'll hit "cancel" much? This script will add exactly as much value as the "security suites" I have seen.
I had Norton for a bit. It would pop up every few seconds saying such-and-such was trying to do this-and-that, and asking if I wanted to allow it or not. But the descriptions of what was trying to do what were such that most users wouldn't have the foggiest idea what they were talking about. I'm a very technical boy, which let me devine that they were asking me to make these decisions based on techy-jargon that didn't possibly contain enough information to make the call. I guess you're just supposed to hit "allow" and feel like it's doing something? Pointless.
In the US, as far as I am aware, in living memory, peaceful protesters have been arested quite a few times, shot once, and never literally run over by tanks.
The Newark Riots were quite a tragedy, though I don't think they qualify as criticising and trying to change the government by peaceful means.
Now, the Kent State massacre is a bit more on point. People peacefully criticising the government were shot and killed. It was a terrible thing. But here's a couple things that strike me about it:
- While the government put under-trained National Guard troops in a position that created the atmosphere in which the shooting occiurred, the shooting was strictly against orders. The governemnt did not authorize it in advance or condone it afterwards.
- The Kent state massacre is the topic of several folk songs, one of which gets regular radio play to this day.
- No one has ever tried to hide it from anyone, indeed, Government funded museums have made documentaries about it.
Would you care to contrast any of this with Tiannamen square?
"...Rosa Parks, anyone? I heard she was just pardoned..."
Where do you get this stuff? The laws in question were invalidated long before I was born. The 'crime' of supporting democracy in China has been punished by death in my childrens lifetime.
"you do have the right to criticize the Chinese government and also change it, although the mechanisms are different than what you are used to."
Ahh! You can critisize the government, just do it in an officailly approved manner. My neighbor has their garage door painted as a great big billboard calling various US government officials murderers and crooks; it's an eyesore, but what you going to do? Think that would fly very long in china?
"Of course, the police arrived and threatened me with the death penalty unless I wore clothes"
But they didn't really, you're exagerating. Maybe they threatened you with a fine, which I'll agree is silly. I know of no jurisdiction in the US where indecent exposure goes beyond a misdemeanor.
In any case, I think you should be able to run around the park naked, sleep with hookers, and sell drugs if you want, and it bugs me that the US is imperfect on these fronts. I'll readily agree you may be more free to do these things in China. I'd rather vote.
"I have lived in both countries, so I should have a clue about it."
I'm sure you enjoyed the whores, how was the voting?
Frankly, how opressive the US is or isn't doesn't strike me as particularly relevant to the question of whether it is mindless china bashing to say the chinese governement are a bunch of totalitarian thugs. Independent of anyone else, strictly on their own merits, the Chinese government are a bunch of totalitarian thugs.
Wax lyrical about the wonderful freedoms in whatever country all you want. If the government can't be voted out, it's bullshit; they're totalitarian thugs.
And what do you have to do in China to get stripped of your political rights? Oh, right: live there. Prostitution is legal in some places in the US; I'm not aware of a jurisdiction where the customers get 15 years, and stripped of property and political rights.
In any case, while I think charging/paying for sex ought to be left to the two people involved, if I were to list rights in oreder of importance, the right to "fuck a whore" would not exactly be on top. In fact, I think the top would be the right to criticise the government and seek to change it (by peaceful means). That right is the key to all others after all.
In the US, we mostly have that right, so we should be most vigilant, and scream bloddy murder any time someone tries to restrict it even a little bit.
In China, excercising that right will get jailed, shot or just run over by a tank, so anyone who dismisses complaints about the opressive nature of the Chinese government as ignorant bashing is an idiot. An idiot with access to whores, perhaps; but still an idiot.
Ineffective (dare I say corrupt?) enforcemnet of laws whose violation doesn't threaten the government does not strike me as mitigating wholesale oppression of dissidents.
You "needed the information" and did "research", but failed to find information I got from every one of the first three pages in a google search? So you made up a number that was off by an order of magnitude, and now are happily taking my word for it? And you do this professionally?
Actually, Pi is the ratio of a circles circumference to it's diameter, in a euclidean space. Mathematicians extend the definitions of things beyond their typical bounds, because that's what they do. One of them may have noted that the limit of that sum was pi, and that that sum didn't depend on a euclidean space. But it didn't "just happen" to be thae ratio of the circumference of the unit circle in euclidian geometry. Rather, the fact that the sum equals pi is the whole reason mathematicians found that sum interesting in the first place. There are various other ways to derive pi as well. But the one that gets pi a greek letter to call it's own is the circle circumference/diameter one.
"There's something like 20 in operation currently around the world (mostly in Europe) and they work great."
Is this an example of the quality of data your opinions on nuclear power are based on? There are hundreds of nuke plants in operation world-wide. For what it's worth, they do work great; just not as cheaply as their proponents often suggest.
"Which definition of "operating system" do you prefer so that we can agree on semantics?"
For evalutaing Cringleys prediction, the definition of "operating system" I prefer is *Cringleys*. Indeed, I assert that that is the only one that is at all relevant. I do not know exactly what that definition is. However, there are certainly some reasonable definitions that would include stuff Apple might do within OSX and would not include Wine. If you choose to apply a definition of "operating system" that is not in this category, you have chosen one that is clearly not the intended definition. You have chosen the wrong one.
"My definition of an operating system agrees with the American Heritage Dictionary's definition of 'system' as 'A group of interacting, interrelated, or interdependent elements forming a complex whole.'"
As does any collection of software whatsoever, amongst innumerable other things. Surgeons and nurses working together fit American Heritages definition of 'system' and they even 'operate', but I wouldn't call them an operating system in the context of this discussion, so let's forget the appeals to the dictionary, OK? Sorry, but I'm going to continue to regard as bizzare any definition of "operating system" that includes the 30 day AOL trial on my pc when I take it out of the box, and not the virus scanner I install immediately thereafter. I also regard as bizzare any definition that includes absolutely all software.
"Where did I say 'clueless'?"
My mistake, you didn't. Cringley said Apple would support the Win32 API directly in their operating system instead of using middleware like WINE. The original poster way on up top of this thread implied he was clueless for saying that because WINE supports the Win32 API. Others pointed out that that was a silly thing to say, because Cringleys whole prediction was that they would do it in the operating system. You went back and forth with some other guy about whetehr WINE counted as being part of the operating system. I chimed in that I thought your definition of operating system was not very useful in this context, and we've now beaten this horse well past expiration.
You misunderstand, I'm not marketing anything, I'm installing software on one computer for my personal use; does that make it part of the operating system? I don't see how it makes any difference whether I install it or Dell does. I don't think "put on the computer by a company that sold it and not the end user" is a very useful definition of "operating system". By that definition, many Linux boxes have no OS at all.
In any case, my point remains: You've taken the words Cringley used and assigned them bizarre definitions that clearly aren't what he meant, and declared him clueless on that basis. That's silly; trollish even.
So then if I install some software it becomes part of the "Microsoft Windows as presented by Dell and tweaked by 2Short" operating system? I guess I can see that, but in that case the term "operating system" is not very useful. I'm fairly sure Cringley intended some definition of "operating system" that was more restrictive, not to mention more commonly accepted. You might argue that definition is needlessly arbitrary. Calling him clueless because his statement isn't true using your bizzare definitions of his words seems a bit disingenuous. Certainly plenty of the rest of us understood what he meant by saying they would do it in the operating system as opposed to the way wine does it.
Pi is the ratio of a circles circumference to it's diameter, in a euclidean space. If you extend the idea of Pi into a non-euclidean space, it is up to you to define that extension. Pi has no commonly accepted definition in a non-euclidean space. In any case, Pi, or any mathematical constant, is a "constant" in a much different sense than the "constant" in the article, which ought to be called a "strikingly consistent observed value". Mathematical constants do not vary the way the value in the article is reported to.
They already know that the content will end up on Usenet and P2P almost imediately, just like their main-stream "non-burnable" content does. Because one person with the know-how/equiptment to get around the DRM and upload it is all it takes. They can't do much about that, and they know it.
Making it "non-burnable" annoys some people, but defeats the large number of people who would give or lend all their buddies a copy, but don't have the ability to burn them. This is not as big an issue with porn, because people don't typically do a lot of lending porn to their friends; so the industry may as well let you burn it.
"The market will decide what succeeds or fails" is a silly tautology, "the market" is just a personification of such decisions after the fact.
"The market will decide what is good" is false; the market makes dumb, short-sighted decisions all the time. The market doesn't care about "good" the market cares about "profitable", in the very short term.
"The market" is just the collective decisions of lots of people, deciding things for various reasons, presumably including the FCC commisioners endorsement of an idea. So implying it doesn't matter if the FCC commisioner steps outside her authority to push a particular idea because "The market will decide", is crazy. The market is deciding; Government officials using their offices to push something, and others calling them on it is part of that process.
DRM will succeed if it is profitable for device/content creators in the very short term. If the next gen of DVD players is the only way to watch movies for even a short period, people will take it's cumbersomeness as unavoidable and we'll be stuck with it forever.
"Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
Considering my kid sister is a mathematician at NSA... Hmm, maybe he meant a hypothetical kid sister?
"Therefore, if we are to have a militia to protect us against the federalists, we need to do a much better job of bearing arms than we currently do."
I was going to disagree with all manner of things in your screed, but I'll settle for this one: If you want people to take your ideas about the constitution and the framers intent seriously, you should probably figure out what "federalist" means.
The federalists are coming! The federalists are coming! We must stop them before they constitute the nation as a federation of seperately soveriegn states! Send out the militia!
See, now that's an interesting discussion we could have, were he identified that way, rather than trying to discuss why a "Greenpeace Founder" would promote nuclear power.
From what I can tell, an "Exxon-Mobil shill" would promote nuclear power because he's a whore, and will promote whatever he's paid to promote. Since the thing he's got going for him is the ability to get news outlets to identify him as a "Greenpeace founder", the people who will pay him to promote stuff is anyone who needs to spike an eco-image problem. So he has lobbied in favor of gas & mining companuies, nuke plants, bio-tech, etc.
What he's saying about nuclear power is not particularly notable.
The fact that a "Founder of Greenpeace" is saying it is what is news-worthy. Who he (supposedly) is is the story. So it's perfectly reasonable to point out that "Founder" is a stretch, and "longtime paid lobbyist for any well-heeled industry with eco-image problems that will cut him a check" is a much more relevant description of who he is.
What he is actually saying about nuclear power is not terribly worth discussing; it's the nuke-industry party line he's paid to spout. It's as irrationally pro-nuclear as the actual founders of Greenpeace are anti-nuclear. Neither makes a good starting point for discussion.