You think that reading the manual that comes with your PC will help? Reading ISP warnings? I don't. I think that to use a Windows PC securely, you have to be extremely dilligent, and you have to have a pretty good grasp of computer science.
This, to me, is completely unacceptable. There is simply no reason to expect people to learn so much before they use a PC.
I agree, the solution is to restrict things more. And why not? Most people, when they buy a computer, are buying a word processor, web browser, and email terminal. It doesn't need to let the user install a hundred pieces of malware by mistake.
It's perfectly possible to give the average computer user what they need/want. The fact is, what you currently get if you pay $500 for a PC is nothing like what the average user needs/wants. Hence, it's a technological problem.
Indeed, the Internet is by design unreliable. TCP fixes this, UDP doesn't.
But it's not too hard to fix it. The question which needs asking is whether it would be better to just use TCP. It sounds like they have reasons for wanting not to, though.
Well, that depends on your definition of 'virus'. For example, say a virus is a program which could potentially damage a user's documents.
This could be prevented completely by permanently linking every file to the application which created it. Only that application is allowed to access the file.
As an even simpler example, just check all programs against a whitelist and if they're not found, don't execute them.
As a simpler and easier to implement example, have an 'executable' bit and don't let anything set that bit after you're done installing the OS.
Not that I'm saying any of the above are good ideas. But the problem is far from unsolvable. In fact, if the computer is only needed for a limited range of tasks, it's a pretty easy problem to solve. (In theory, if not quite in practice...)
It's something of a scary thought that programmers are in the minority, and so it makes perfect sense that computers not be programmable...
But then I guess they wouldn't be computers:-)
Anyway, yes, it's a hard problem to solve. Hopefully more and more software will become commoditised, so it'll become easy to provide a standard set of programs that everyone wants...
Here's how to stop a computer needing maintenance, ever: put all the programs you're going to need in ROM. Clear RAM whenever you reboot.
There. That wasn't hard, was it?
The Halting Problem talks about the general case. There's nothing to stop you proving that individual programs halt. In fact, for standard applications, anything which doesn't provably halt is a bug.
How many people use an all-purpose computer as an all-purpose computers? Only the programmers. Everyone else uses it as a collection of applications. That's where the money is, that's where the customers are, so that's how they should work.
You're making good points right up until that last paragraph.
User education will never happen -- you might as well accept it. It's almost impossible to come up with circumstances under which the general population learns enough about computers to use today's machines safely. To most people, computers are confusing, annoying, useful most of the time, and of little to no importance.
Sure, it would be nice if users were educated. But it's a pipe dream. Therefore it's the technology that must change. It's a hard problem, but it's by no means unsolvable.
Most people don't need their computers to do much. The proportion of people who actually use their computer as a computer, rather than a browser-emailer-wordprocessor, is tiny. They're the majority of the market, and they should really be provided for.
Quite. Unfortunately my "solution", "make the software secure", isn't especially immediate or practical. Sadly the idea of a widely-adopted "Internet license" seems even less likely to succeed.
About the only thing I can see potentially working is if ISPs took a proactive approach: providing training, checking for security holes, and disconnecting insecure computers.
Sadly I suspect the economic factors just don't work out... there's no incentive for an ISP to abuse its customers to that extent. The bandwidth sucked up by malware is a business expense which they can easily swallow.
There needs to be some basic knowledge, yes. Currently the level of knowledge required to use a computer safely is excruciatingly high. It needs to be a lot lower before users can reasonably be expected to meet it.
If, for example, all the user had to remember was "don't type in the root password unless you're installing from a CD", that would be fair enough.
Currently you have to know about viruses, and how you might be infected; firewalls and related networking knowledge; adware and spyware, and how you might be infected with those; the various means of checking for exploits and cleaning them; the various means of keeping software up-to-date... and so on. Turning a Windows box into a secure Windows box is a good half hour's work for someone who knows what they're doing.
There's absolutely no way an average user can be expected to deal with all that.
An argument by analogy isn't an argument at all. Cars are not computers. Computers are not cars.
There is no technical reason why a computer should need any maintenance at all. Nor is there any reason why it should be possible for someone else to take over your computer if you do the wrong thing. This is a problem for the software providers to solve, not an education problem.
Computer scientists and geeks tend to think the world should revolve around computers. It shouldn't. It's the computers that need to change, not the users.
And, yes, "stupid" end users are frustrating. My family frequently drives me nuts with what, to me, are unbelievable blunders. My family is full of intelligent individuals, but as it happens none of them have an interest in computers. And they shouldn't have to to use a computer effectively.
Impossible in practice is not the same as impossible in theory. It just means we haven't got the right practices available to us yet. And, yes, you're right. It's currently impossible. That doesn't make it the end user's problem. It makes it a research problem. (Or maybe a 'trying to do too much when all people want is web and email' problem).
Also, there's a big difference between 'technically not 100% secure' and 'gets pwned by every piece of spyware or adware on the Internet'. Again, moving away from the second option is a hard problem. But it's up to the software providers to solve it, not the end users.
Er... you have that backwards. I said that it's not actually like that. But the marketing departments claim it is, and it would all work better if it was. So it should be.
It's impossible to make everyone in the world an expert on computers, so you might as well give up complaining about it. It's also impossible to prevent people who aren't experts from using computers.
It's not impossible to make computers secure. It's a very hard problem, I admit -- it's much easier if you can rely on the users to know what's going on. But it's solvable, and that's what the industry needs to be working towards.
What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.
Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.
Seems a bit of an odd score to give. Sure, it has faults... but what it does, it does better than any game that's gone before.
True, the linearity is a bit of a let-down. Something like Deus Ex is much more nicely laid out in that sense. However, Deus Ex is an RPG... HL2 is an FPS. Comparing it to other FPSs, it's groundbreaking.
Now, if they could only be persuaded to do Deus Ex 3 using the same engine... (or maybe Deus Ex 2, and pretend the existing DE2 doesn't exist)...
In two to three decades, we'll be pretty close to exhausting the world's oil supplies. I sincerely hope that the economic factors involved will force the world to see sense... and concentrate on public transport. It's more efficient and safer.
...who are also very close to the server. The speed of light is only 300,000km/s, so if you want a 1ms ping, you can only be 150km from the server, at the very most.
How's this for a way of safely conducting electronic voting...
Give everyone a GUID, a complete random key of sufficient length that you can't simply guess and get a valid GUID. Mail it to them.
When a person votes, their vote is stored against their GUID, in a publically accessable database. Anyone can check that their vote has been correctly counted by looking up their GUID in the table.
Voting would effectively be pseudonymous instead of anonymous. (With a new pseudonym for every election).
Probably not, since it's unpredictable... which could translate to, say, random 30ft drops. Which would be rather unpleasant if you happened to be 29ft from the ground.
You'd need a parachute to deploy when you got close to the ground;-)
Money isn't a resource... labour is a resource. Money is just a tool, and as such can't really be wasted. Money goes round and round. Who knows what the NYT will spend it on?
This particular $250,000 is in one place only because the Firefox people decided to do this campaign. Talking about spending it on something else is utterly meaningless.
Since the UK has stricter rules than the US (the Data Protection Act), US firms handling data from the UK have to agree to follow them. (A "safe harbour agreement"). If the Patriot Act means they can't guarantee to follow the rules... then no UK company can legally send data to America.
This would extend to any data at all in which a person is uniquely identifiable...
All these 'WTF? Linux as secure as Windows? Hahahaha' comments are completely offtopic. If you actually read the article you'll find that the current systems are Novell, Solaris and Lotus based. Linux is the easy option for migration, and Microsoft is barely even in the running.
Er... actually I'm an Opera user pretending to be a Mozilla 5.0 user. Not quite sure why, I'll change it back... there. The stats just got very slightly more accurate;-)
Slashdot Mirror
You think that reading the manual that comes with your PC will help? Reading ISP warnings? I don't. I think that to use a Windows PC securely, you have to be extremely dilligent, and you have to have a pretty good grasp of computer science.
This, to me, is completely unacceptable. There is simply no reason to expect people to learn so much before they use a PC.
I agree, the solution is to restrict things more. And why not? Most people, when they buy a computer, are buying a word processor, web browser, and email terminal. It doesn't need to let the user install a hundred pieces of malware by mistake.
It's perfectly possible to give the average computer user what they need/want. The fact is, what you currently get if you pay $500 for a PC is nothing like what the average user needs/wants. Hence, it's a technological problem.
Indeed, the Internet is by design unreliable. TCP fixes this, UDP doesn't.
But it's not too hard to fix it. The question which needs asking is whether it would be better to just use TCP. It sounds like they have reasons for wanting not to, though.
Well, that depends on your definition of 'virus'. For example, say a virus is a program which could potentially damage a user's documents.
This could be prevented completely by permanently linking every file to the application which created it. Only that application is allowed to access the file.
As an even simpler example, just check all programs against a whitelist and if they're not found, don't execute them.
As a simpler and easier to implement example, have an 'executable' bit and don't let anything set that bit after you're done installing the OS.
Not that I'm saying any of the above are good ideas. But the problem is far from unsolvable. In fact, if the computer is only needed for a limited range of tasks, it's a pretty easy problem to solve. (In theory, if not quite in practice...)
Indeed.
It's something of a scary thought that programmers are in the minority, and so it makes perfect sense that computers not be programmable...
But then I guess they wouldn't be computers :-)
Anyway, yes, it's a hard problem to solve. Hopefully more and more software will become commoditised, so it'll become easy to provide a standard set of programs that everyone wants...
Er... you might want to try reading that again.
Last I checked 'A is a lot more complex than B' and 'B is a lot simpler than A' mean the same thing.
That's irrelevant.
Here's how to stop a computer needing maintenance, ever: put all the programs you're going to need in ROM. Clear RAM whenever you reboot.
There. That wasn't hard, was it?
The Halting Problem talks about the general case. There's nothing to stop you proving that individual programs halt. In fact, for standard applications, anything which doesn't provably halt is a bug.
How many people use an all-purpose computer as an all-purpose computers? Only the programmers. Everyone else uses it as a collection of applications. That's where the money is, that's where the customers are, so that's how they should work.
You're making good points right up until that last paragraph.
User education will never happen -- you might as well accept it. It's almost impossible to come up with circumstances under which the general population learns enough about computers to use today's machines safely. To most people, computers are confusing, annoying, useful most of the time, and of little to no importance.
Sure, it would be nice if users were educated. But it's a pipe dream. Therefore it's the technology that must change. It's a hard problem, but it's by no means unsolvable.
Most people don't need their computers to do much. The proportion of people who actually use their computer as a computer, rather than a browser-emailer-wordprocessor, is tiny. They're the majority of the market, and they should really be provided for.
Quite. Unfortunately my "solution", "make the software secure", isn't especially immediate or practical. Sadly the idea of a widely-adopted "Internet license" seems even less likely to succeed.
About the only thing I can see potentially working is if ISPs took a proactive approach: providing training, checking for security holes, and disconnecting insecure computers.
Sadly I suspect the economic factors just don't work out... there's no incentive for an ISP to abuse its customers to that extent. The bandwidth sucked up by malware is a business expense which they can easily swallow.
There needs to be some basic knowledge, yes. Currently the level of knowledge required to use a computer safely is excruciatingly high. It needs to be a lot lower before users can reasonably be expected to meet it.
If, for example, all the user had to remember was "don't type in the root password unless you're installing from a CD", that would be fair enough.
Currently you have to know about viruses, and how you might be infected; firewalls and related networking knowledge; adware and spyware, and how you might be infected with those; the various means of checking for exploits and cleaning them; the various means of keeping software up-to-date... and so on. Turning a Windows box into a secure Windows box is a good half hour's work for someone who knows what they're doing.
There's absolutely no way an average user can be expected to deal with all that.
An argument by analogy isn't an argument at all. Cars are not computers. Computers are not cars.
There is no technical reason why a computer should need any maintenance at all. Nor is there any reason why it should be possible for someone else to take over your computer if you do the wrong thing. This is a problem for the software providers to solve, not an education problem.
Computer scientists and geeks tend to think the world should revolve around computers. It shouldn't. It's the computers that need to change, not the users.
And, yes, "stupid" end users are frustrating. My family frequently drives me nuts with what, to me, are unbelievable blunders. My family is full of intelligent individuals, but as it happens none of them have an interest in computers. And they shouldn't have to to use a computer effectively.
That's just plain not true.
Impossible in practice is not the same as impossible in theory. It just means we haven't got the right practices available to us yet. And, yes, you're right. It's currently impossible. That doesn't make it the end user's problem. It makes it a research problem. (Or maybe a 'trying to do too much when all people want is web and email' problem).
Also, there's a big difference between 'technically not 100% secure' and 'gets pwned by every piece of spyware or adware on the Internet'. Again, moving away from the second option is a hard problem. But it's up to the software providers to solve it, not the end users.
Er... you have that backwards. I said that it's not actually like that. But the marketing departments claim it is, and it would all work better if it was. So it should be.
It's impossible to make everyone in the world an expert on computers, so you might as well give up complaining about it. It's also impossible to prevent people who aren't experts from using computers.
It's not impossible to make computers secure. It's a very hard problem, I admit -- it's much easier if you can rely on the users to know what's going on. But it's solvable, and that's what the industry needs to be working towards.
What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.
Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.
Seems a bit of an odd score to give. Sure, it has faults... but what it does, it does better than any game that's gone before.
True, the linearity is a bit of a let-down. Something like Deus Ex is much more nicely laid out in that sense. However, Deus Ex is an RPG... HL2 is an FPS. Comparing it to other FPSs, it's groundbreaking.
Now, if they could only be persuaded to do Deus Ex 3 using the same engine... (or maybe Deus Ex 2, and pretend the existing DE2 doesn't exist)...
But personally I'm happy to be able to say that I live in a country which agreed to this.
There's something about the idea that a number of countries would work together to make the world a better place that appeals to my sense of ethics.
In two to three decades, we'll be pretty close to exhausting the world's oil supplies. I sincerely hope that the economic factors involved will force the world to see sense... and concentrate on public transport. It's more efficient and safer.
True. But I believe it's something like .7 times the speed of light. So in fact it's not that big a difference.
Remember, it's not the electrons which transfer information (they travel very slowly indeed, on average). It's waves in the electric field.
...who are also very close to the server. The speed of light is only 300,000km/s, so if you want a 1ms ping, you can only be 150km from the server, at the very most.
How's this for a way of safely conducting electronic voting...
Give everyone a GUID, a complete random key of sufficient length that you can't simply guess and get a valid GUID. Mail it to them.
When a person votes, their vote is stored against their GUID, in a publically accessable database. Anyone can check that their vote has been correctly counted by looking up their GUID in the table.
Voting would effectively be pseudonymous instead of anonymous. (With a new pseudonym for every election).
Probably not, since it's unpredictable... which could translate to, say, random 30ft drops. Which would be rather unpleasant if you happened to be 29ft from the ground.
You'd need a parachute to deploy when you got close to the ground ;-)
Money isn't a resource... labour is a resource. Money is just a tool, and as such can't really be wasted. Money goes round and round. Who knows what the NYT will spend it on?
This particular $250,000 is in one place only because the Firefox people decided to do this campaign. Talking about spending it on something else is utterly meaningless.
Since the UK has stricter rules than the US (the Data Protection Act), US firms handling data from the UK have to agree to follow them. (A "safe harbour agreement"). If the Patriot Act means they can't guarantee to follow the rules... then no UK company can legally send data to America.
This would extend to any data at all in which a person is uniquely identifiable...
All these 'WTF? Linux as secure as Windows? Hahahaha' comments are completely offtopic. If you actually read the article you'll find that the current systems are Novell, Solaris and Lotus based. Linux is the easy option for migration, and Microsoft is barely even in the running.
*checks identify settings*
Er... actually I'm an Opera user pretending to be a Mozilla 5.0 user. Not quite sure why, I'll change it back... there. The stats just got very slightly more accurate ;-)