if the person is connecting to sites in which security is a must then SSL makes a VPN a moot point
Granted.
it's ignorant to assume that he's all safe and sound if he just runs a VPN to his home or a VPS.
It's equally ignorant to suggest that such a setup offers no additional security at all. The original question was:
Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information?
So, some examples might be: Suppose a vulnerability is discovered in his software update system. Or suppose there are things he'd like to access which don't support SSL. There are a number of minor risks like that which are somewhat mitigated by routing everything through a VPN.
maybe in your head it's more secure then a WiFi hotspot
So it looks like, again, that you don't see the difference.
it's not secure to begin with so in that case who cares if it is more secure then a WiFi hot spot.
It really can't occur between me and my VPS-provider's DNS servers. The question is, can it occur between a well-run DNS server and a DNSSEC-hardened domain?
DNSSEC is based on SSL. SSL is flawed for many reasons which cryptographer DJ Bernstein has pointed out
Then spell them out for me here, otherwise this is a meaningless appeal to authority.
[slashdot.org] Nov 16th, 2009 at 18:30 EST
From that page:
recently discovered vulnerability in the SSL protocol.
That is why I was making a distinction between added and discovered/fixed. If the protocol has been mostly stable, then there are a finite number of vulnerabilities present. Every time we discover and fix one, it gets more secure, not less -- this is a simple matter of arithmetic.
Now, if the protocol is constantly changing, and the rate of vulnerabilities discovered is increasing, we might suspect that it's getting less secure. Key word is might -- we might just be getting better at discovering vulnerabilities. But this isn't what's happening here -- in your own link, you've presented a vulnerability which has existed for as long as TLS renegotiation has existed. I wasn't able to verify how long this is, but I doubt it's a new feature that was added in the last few years.
The issue is that they are both suspect connections.... To simply state that you are moving you're connection from one suspect connection to another does not mitigate....
I cannot believe you are really trying to claim that all suspect connections are equal. They aren't.
The amount of effort required to eavesdrop, let alone MITM you, on a properly admin'd, switched network, or on the public Internet, is far greater than the amount of effort required to casually eavesdrop and MITM you on a wireless connection in a coffee shop.
In other words: Yes it does mitigate.
only where the vulnerability occurs.
You are casually dismissing this -- it's fairly important. Put another way:
And that gives you a secure connection inside your LAN. Agreed!
You are treating security as though it's boolean (it isn't), and you are assuming that I believe my LAN is absolutely secure.
I have a crappy little Netgear switch. It may be possible for people to 0wn this switch. No one's currently plugged into it, but you never know.
In addition, there are others who have the wireless keys, in order to get online. The wireless security prevents neighbors from stealing my Internet access, it doesn't really protect me.
In other words: it is quite possible someone could attack me within my LAN.
Do you see why it's extremely unlikely that someone would do so? They'd have to break into my house, find my equipment, and know exactly what they were doing, and they'd have to do all of this without me noticing.
It is also quite possible that someone could attack me at my ISP. This is somewhat more feasible -- anyone working for the ISP could do it, which is significantly more people than live in my house. Additionally, people could break into the ISP, which is bigger and thus probably easier to hide something. All it would take is one of those Linux-servers-in-an-Ethernet-jack.
This is more likely than someone breaking into my house, but less likely than someone compromising some system, somewhere on the public Internet.
Now, the public Internet, I would hope, operates as a giant switched network, only much more controlled -- many system administrators for the backbone routers, lots of fiber connections which can't really be tapped in the middle without cutting the traffic off. It's also a massively complex system, which makes it that much more difficult to execute an attack like this -- but that much easier
I seem to recall a Lisp kernel where the only secondary storage was a block device mapped to the address space like swap, but preserved between boots. And everything was just transparently kept as lisp objects.
Very interesting. Also fairly useless for a browser that's already designed to work with filesystems.
I suppose the lesson here is, those who don't understand Unix are destined to reinvent it, poorly. The point of the filesystem and process model is that they're incredibly simple, and easy to tune to whatever you want. Maybe one part of the browser just wants to store some JSON. Maybe another wants a full sqlite database. Maybe a plugin wants some proprietary key/value store of its own. When a file is just a stream of bytes, they can all get along just fine.
As for "heavyweight", if Grub has filesystem support -- that's right, the fscking bootloader has filesystem support, and not just one filesystem, but multiple filesystems...
Not to mention, dropping filesystem support entirely would kill one of the current features of Chrome OS -- plug in a USB key or an SD card and you can browse the files on it, opening them in web apps.
flash without a filesystem is pretty easy to get working. plenty of us have had to do a lot of tricks to get it to run on a read-only flash filesystem. it's not a huge stretch to get it to run without a traditional filesystem at all.
Have you got it working without a filesystem? This is ambiguously working -- it sounds like you're saying "It's not that hard, but no one's ever done it before."
And if so, great, now how about Java?
Oh, and what about extensions? Currently, the extension format is a signed zipfile, which, upon installation, gets unpacked to the filesystem. Inside, you'll find html files, javascript files, json files, and maybe some.so files (or dlls) which can be loaded as plugins. I like this system a lot.
And this system is then exposed as URLs to the browser. That is, it's something like chrome://extension/someUUID/somepage.html -- which means you can build extensions with all the tools you used to build webpages -- probably even XHR to load other parts of that extension, if you really want to.
fork is a reasonable solution. although you still don't get isolation from filesystem hacks when you've forked a process as the same user. fork and chroot might be an interesting option for something hardened.
Yes -- fork, chroot, then drop privileges. Now, I'm not absolutely sure, but it looks very much like this is how Chrome currently works on Linux -- though I'm not sure the sandboxed processes end up running as completely unprivileged users.
And yes, I'm aware that some browsers use separate/flash processes to plug-ins don't bring down the whole browser.
My point was that Chromium specifically does this. Since we're talking about Chrome OS, it's kind of relevant, in that they seem to already be doing exactly what you're suggesting to protect themselves.
no virtualization necessary.
You're the one who mentioned a hypervisor, but ok.
without help from the kernel you can't do Read-Copy-Update. User space applications in Linux just plain can't do it.
Wikipedia is ambiguous about this, but it looks as though the Linux kernel supports it. I'm not sure how it helps, though -- Chrome seems to be built around message passing, and I don't really see Chrome OS needing multiple cores.
The only point I was trying to make is that there is a lot in Unix you can discard if you only need to run one application.
I can agree with that. The point I'm trying to make is that it's usually not worth it to do so. There's a lot of the Linux kernel that you can di
VPN's can sometimes end up being pretty touchy especially over high latency connections
I remember finding a few relatively easy settings to change in the OpenVPN config -- tls-timeout and hand-window, I think, though there might've been others. Once I changed these, I had a pretty solid (if unbearably slow) connection through a satellite link.
I hope to never use satellite Internet again, but it can be done.
there is no such thing as absolute authentication of a host in this world.
Pretty damned close.
DNS spoofing can occur
You can route the DNS through the VPN. To be fair, this may still be possible, but they're working on that -- I think the whole point of dnssec is to prevent it.
SSL is becoming weaker with more exploits by the month
Those exploits have always been there. They are just now being discovered and fixed. SSL is therefore becoming more secure by the month.
Please give an example of an SSL exploit that has been added at all recently -- even one which has been added within the past two years.
the best you can do is use SSL and hope for the best at home or abroad.
Consider the case where you're not using SSL, or can't trust it. (Example: Slashdot.)
Would you rather broadcast your password over the fucking air for anyone with AirSnort to hear? Or would you rather send it over the still suspect, but much more reliable switched networks of your ISP, the server's ISP, and the public Internet?
Where you connect to from your end point that isn't in the LAN that OpenVPN is connected to is the same as connecting from home or abroad.
Except at home, I use relatively secured Wifi, and mostly, physical ethernet cables. Abroad, I use coffee shop Internet and other relatively-untrusted networks.
So hell yes, I trust Slicehost more than I trust every Starbucks customer.
OpenVPN was not designed to provide a proxy service to secure all your connections to everything else in the world but only between locations that you own.
And Unix was not designed to be a multi-user system, or a multiprocessing system.
By the way, it would be much easier to read your post if you used paragraphs, or at least finished your sentences once in awhile, because reading long run-on sentences like this without even the help of a comma somewhere can get very annoying and make you feel like you're out of breath so if you wonder why no one's replying to you then this might have something to do with it.
after digging into the Plan9 kernel, I realize that most of these drivers are not really that complicated if you can accept a basic level of functionality and less than optimal level of performance.
Not really going to cut it for a netbook. I suppose it depends how much of a performance hit it is...
a filesystem that is more like a simple memory mapped key-value pair database (using critbit, hash table, b+tree, whatever).
This is why I like ZFS -- you can build things like that, which live on the same phyiscal disk as your POSIX-like filesystem, with a common allocator for both. You want that common allocation, so you don't need to partition your drive, but it's nice to not have to go through the POSIX layer.
What value would a custom kernel/OS have over a specialized Linux? Well I think you could focus on implementing abstractions most suitable for a browser
Can you think of anything specific?
instead of trying to fit a filesystem or sqlite library to your design.
They already built it this way for the desktop. Why complicate things?
The filesystem makes it easier to manage, even if it's just a browser. Updates, for instance -- or extensions, etc.
You need sqlite anyway if you're going to implement the HTML5 SQL Storage.
Mostly I suspect you could optimize the boot of a very primitive system pretty easily.
At the cost of other things you'd like to have working, including, among other things, Flash -- which again, already works with a filesystem. A faster boot into nothing isn't a faster boot -- the speed of a nonworking system is irrelevant -- and that assumes you get there anyway, since you've got slower drivers to begin with.
And you could do things where isolation of the browser in memory can be done in a way much finer grain than the Unix scheme of dividing everything into a user process or kernel mode thread.
If you can do that in the OS, you can do it in-process. However, there are threads within user processes, and Chrome uses fork to create separate threads.
In fact, I'm becoming convinced that the fork model is really the second-best model for web security, and the best model is incredibly difficult to build. That is, if a new tab is as quick as a fork(2), it's damned-near instantaneous on Linux (COW pages), and separate processes for everything means that you can isolate things to the point where no bug or security vulnerability in one page can possibly affect another. This is a Good Thing.
Perhaps the browser would be more like a root user, but individual tabs would have permissions controlled by a kernel or hypervisor that would be in isolation of one another. One page may not be able to hijack the rest of your browser or access cookies or passwords unless specifically authorized.
Sounds exactly like how Chromium currently works, except you're using virtualization unnecessarily.
And it could be done in such a way that is still relatively fast and low overhead, but more secure than current schemes.
It doesn't really sound more secure than the current scheme, but it does sound like it'd be relatively slower.
Put another way: The multiprocess model as I'd implement it (I haven't actually read the Chromium code, so I don't know if they do it this way) would be to keep a master process which forks off a process for each tab. Each such process immediately chroots and drops privileges, so it is completely sandboxed. This is not a new model -- it's exactly how Postfix works, for example.
Imagine if plug-ins like flash and video codecs had to run through a socket or some fast IPC messaging scheme. where you could just close it to force the process on the end to shut down.
The BIGGEST data plan here is whole 35Gb a month, with it costing $1.50 a GB for anything over than. There isn't any fiber here, and if I go business plan that is bumped to a whole 75Gb and costs me over $200 a month. So your Amazon idea is right out the door, end of story. Not to mention the fastest upstream here is about 256k, yeah no thanks.
That's a fair point. Also, ew. I mean, I complain about my small town in Iowa, but I get 100 mbit fiber. Yes it's capped (per my sig), but they don't seem to enforce the cap at all.
As far as size, I was figuring multiple drives in play. With a 1.5TB drive running $125 I figure 2 of those minimum, plus again I'd need to build a machine to run backups on.
You can get a dedicated NAS box. Regarding prices, I see 1 TB from Newegg for $65, 1.5 TB for $89, and 2 TB for $140.
while you can ignore the free space, do you have any idea how much crap folks have on their drives?
Generally, yes -- a lot of crap, but it still doesn't add up to that much for most people.
with Vista or Windows 7 you are looking at another 20Gb there
Which compresses down to, what, 7?
But let's run with your numbers for a minute -- let's pretend that it's actually typical to see a machine come in with 300 gigs of crap on it, and let's ignore compression. How many machines do you work on per month? In other words, how long would that image last if you rotated them? Again -- $65 for a terabyte, so $130 for two terabytes, which is almost seven of those.
plus you are gonna have to scan every. single. file. because there are many bugs out there that can infect all kinds of files.
Make the fileserver Linux. Scan the files you restore. It's physically impossible for them to be harmful if you're just treating them as data, literally dumping them on a fileserver and doing nothing with them -- especially if they're inside a compressed image. It's only once they actually need them that you have to scan them.
You also make it sound like that's any work at all, to scan every file. If your antivirus tool doesn't let you run a single command to scan the entire tree, or right-click on the drive and click "scan", your antivirus tool sucks.
If I were to do as you suggest my prices would have to be $150 minimum for a basic clean and wipe,
Wait, huh? So you'd have to raise prices on your existing service which does none of what I suggested? Remind me not to hire you...
add another $75-100 for data backup, virus cleaning of the nasty drive, and restoring the data,
I'm sorry, which parts of these can't be automated more than your current process already is?
The only possible claim you've got there is data backup, and I'm sorry, the numbers don't match up -- $75 is already $10 more than it would cost you to store the data of three customers forever, and you don't have to store it forever.
Do you think I have enough money to afford a 12TB server?
Where did 12TB come from? Did you pull it out of your ass, or do you have actual numbers to back that up? (Hint: any decent imaging tool can be told to ignore free space. I like ntfsclone on Linux for backing up recent Windows drives.)
Even on the "el cheapo" PCs that walk through my door you are looking at 300-500GB, and do you have ANY idea how long it takes to image a drive that size?
Yes, actually -- the same 5-10 minutes of your time, then leave it overnight. And again, you can ignore free space.
I make a flat $75 for a standard wipe and reinstall, $125 if they want anything more than my docs backed up.
That actually covers it already, and that's if you don't figure out some amount more.
So your idea simply wouldn't work, as if I said "pay me $$$ more and I will back up your entire drive" I would get MAYBE 1 out of 100 that would take the deal.
Even after you explain to them, quite clearly, that the alternative is the potential total loss of something on their drive?
And again, it's not that much more.
I would need to spend a good $300 up front on drives, another $200 building a box to contain them and do the imaging...
So outsource it. Consider Amazon S3. Suppose they've got 100 gigs of data -- that's $10 to upload it, $15/mo to store it, and $17 to download it again.
Now, you've already admitted to automating the install process, and charging $75 for a wipe, $125 to back up more than my docs. That's $50 extra. $42 pays for the Amazon services for one month. If they can't find anything they want after a month, delete it from S3 or remind them it'll be another $15 for another month.
Keep in mind, the entire process can be automated except for the "find my old files" part. Probably the biggest pitfall from this scheme is that it doesn't account for the time you'd spend hunting for their files -- but presumably, if there's a file they're looking for (and they can't find it), they'll have some idea of where you should look for it.
occasionally you get those that just WILL NOT let you wipe the drive. I had one guy come in with well over 1000 bugs. I told him I would have to wipe the drive, he said no. I said it would cost $500 for me to remove that many infections, and even then I could make no guarantees, he cut me a check right there.
I can't really complain with that -- though I don't know I'd have the balls to ask for $500, as I don't work with windows enough to have good instincts about where to look.
Oh, and as for your "recover their data" part? BWA HA HA HA HA HA HA! Do you have any idea how many times I have had to deal with asking customers MULITPLE times if they had any "weird" places they kept data, only to have them say no and later come back with "oh by the way..." I even had one moron who kept important data in the recycle bin!
So image their drive?
Seriously, it's a bit unprofessional to lose data, ever.
So now if I gotta wipe I tell them "name anything you wanted backed up RIGHT NOW" you don't name it, it is gone"
They won't be able to. Hell, I wouldn't be able to, unless you could back up my entire home directory.
Now, what you can do is say "If you aren't ABSOLUTELY SURE, pay me $x more so I can store an image of all your data. That way, you won't lose ANYTHING until you tell me you're absolutely sure."
I think I really appreciate the "fix Windoze" people (if they know what they are doing), because I sure wouldn't want to do it.
I'd love to, I just don't think the users would love me back. My solution to "fix windoze" is "Reformat, and take an image and backups this time so it isn't as traumatic the next time."
To take your automobile example, you can only drive certain types of automobiles due to the increased danger certain designs present to others driving,
And that is the key.
Also, you're wrong -- you can drive whatever you want, and I'm not even sure the age restriction applies. Laws restricting driving apply to what you do on public roads, not what you do on your own property.
In addition, your belief that knowledge will solve all problems is ludicrous.
When have I ever claimed this?
All I am saying is that education has a much greater chance of working than flat-out prohibition. For example: If you spread misinformation and propaganda, like Sex Madness, you hurt your cause. So, don't tell kids that Marijuana is addictive, or that it'll kill them, etc. Tell them instead that it'll make them stupid, hungry, and probably cause some damage to long-term memory.
I encourage an impartial, well funded cost/benefit analysis on the hard drugs as well.
I would, also, but I maintain that these are still a choice, and that it's very likely that prohibition of them does nothing to decrease the number of people using them.
And really, who are we to make that choice for the potential user?
But if you really want to go down that road, how about a cost/benefit analysis of smoking? It tends to more directly kill people -- most drugs, you can die from an overdose, whereas with smoking, you will die of cancer -- and according to some, it's harder to quit nicotine than cocaine.
Now, I will agree that drugs should be regulated -- in fact, I think that's going to have better results than outright prohibition. Someone else on this thread pointed out that it's far easier for teens to get drugs than liquor, because the drug dealer doesn't ask for ID.
A Linux/BeOS hybrid would be very interesting, but that doesn't look like what's happening with Syllable.
Instead, Syllable is a Linux distribution in their Server edition, and something built on AtheOS for their desktop edition. Their AtheOS page clarifies:
Unlike many people seems to believe AtheOS is *not* a BeOS clone. The two OS's are not compatible at binary level nor source-code level. Making a BeOS clone has never been a goal (I started working on AtheOS before the first BeBox was shipped), it is not a goal now, and it will not be a goal in the future.
If you don't apply the calculus correctly then you could argue that murder is hard to prosecute, therefore we should just allow it.
Murder directly hurts another human being. More technically, it denies them of basic rights, like the right to live.
Neither alcohol nor gambling does this. A father might beat his kid in a drunken rage, or bankrupt the family (even make them homeless) from gambling debts, but in this case, it is the father who is doing each of these. The alcohol, for one, is an inanimate object.
Ditto for all hard drugs. Should we allow unrestricted use of heroin and cocaine?
Yes.
Why shouldn't we?
the reality is that many youth don't know what's good for them,
And that is the real problem -- so educate them on what's good for them.
And again, drugs are inanimate objects. It's possible to abuse cough medicine, after all, just as it's possible to use cocaine properly -- consider coca tea.
need to have access to hard drugs removed to protect themselves
So, that works about as well as prohibition.
That is: These kids have about as much access as they always did. As causality says, these drugs may be easier to obtain than alcohol. Telling them "don't try it" is about as effective as abstinence-only education.
Now, I still haven't tried drugs and alcohol, but my parents actually went out of their way to explain the differences between drugs. They made it clear that they don't approve, but they also didn't lie to me about things like marijuana, which probably wouldn't be that harmful, versus cocaine and heroin, which would probably destroy my life.
to protect themselves from making poor decisions in the period they are still learning to evaluate choices maturely.
If it's about maturity, why are hard drugs illegal at any age, but alcohol is legal at 21?
It's also worth mentioning: The war on drugs, like prohibition, has significant collateral damage. Leaving drug convictions aside, there's still the massive network of organized crime that would utterly collapse if we started making and selling drugs legally. It would also cut the balls off of the real, bloody war that's happening in Mexico -- seems we can tolerate drug prohibition because the violence is down there, rather than in our back yard, as it was with alcohol prohibition -- but with Americans growing their own drugs, there wouldn't be so much traffic through Mexico.
There's also the deal the American government has struck with Peru, which includes an attempt to eradicate the Coca plant from Peru. Coca, as you may know, can be used to make cocaine, if processed and insanely concentrated. By itself, though, the coca leaf makes a mild tea, much milder than coffee -- and it's an important part of their culture, which we are killing off, because someone might make cocaine out of it.
Consider a world in which coffee was illegal. Sure, if you drink too much coffee, you get jittery, and the withdrawal headaches are painful. If you drink enough coffee, you could probably kill yourself. And coffee is fairly dilute -- suppose you took the syrup used to make fountain drinks, and just drank that straight, or snorted it. Don't you think that'd be dangerous? Clearly, we should regulate coffee to protect kids from themselves.
Apply the prohibition lesson liberally, until it sinks in. If you can't tell the difference between murder and alcoholism, you clearly haven't learned the lesson of prohibition.
Callously worded, I'll grant you, but I don't think it's entirely wrong. That is:
You are not a victim of the fact that gambling exists. You are a victim of your stepfather's addiction. This doesn't make it any better for you, but it's worth realizing.
Trying to outlaw gambling to prevent that is a bit like trying to outlaw alcohol -- there are many victims of people in a drunken rage, but it doesn't get better when we try to outlaw it, and there are plenty of people who can drink responsibly. The problem is not the alcohol itself, it's the people who can't tolerate it.
In fact, if we try to outlaw everything that might be a dangerous addiction, we could start with alcohol, then move on to World of Warcraft, caffeine, television, and so on. I'd be amazed if we had anything left by the end of it.
The linksys I had was unable to host a multiplayer FPS server on my 4mbps symetrical DSL...
See, that's a bit disturbing to me -- it's not as though it would've been terribly expensive, even then, to build a machine that can handle routing at 100 mbits.
Like most technology, they assume it's never going to be used to its potential. Take my laptop -- only when I actively cool it or balance it precariously several inches off the desk can I max out both cores. Try that with it sitting on its little rubber feet, and it overheats and throttles itself to 800 mhz. Try that when using the video card for anything stressful at all, and it shuts off.
Anyway, more on-topic, I've had a Linksys router (WRT54G) crash repeatedly when I attempt to run BitTorrent through it to a 100 mbit fiber connection. The solution was to replace it with a Linux box, and let the Linksys router only handle the wireless.
It's the same mentality that they've used to sell you 100 mbits -- works great if you just want to browse faster, maybe watch the occasional YouTube video. Sucks if you want to actually use it -- BitTorrent, maybe a Freenet node, or just transferring files between two machines connected to 100 mbit Internet -- before you know it, they're throttling it and bitching that you're a "bandwidth hog". In other words, they wanted to sell you 100 mbits because it sounds faster than 30 mbits, not because they expect people to actually need it.
I think in generalizations like "do this to every X" or "if there is a Y", but even Ruby requires me to code in terms of loops, iterating over a set of objects one at a time.
Not quite -- part of the point of #each is to get you thinking in terms of "do this to every x", rather than "loop over every x", even if that's technically what's going on.
Some relations, properties, etc. (like containment) are included as part of the standard world model, but you'd need to define the others first:
When you add all that up, I don't really see the net win. After all, I could just as easily add a layer of abstraction which does say "do this to every x". In fact, if "this" is a single method, I can do just that:
beans.each(&:jump!)
Generally, each is implemented as a loop which iterates over each item, but that part is up to the method itself. I could just as easily implement an each method which executes its block in parallel. That's the kind of thing I'm talking about -- it's already at about the same level of abstraction you're describing, it's just expressed more concisely, less ambiguously, and with syntax highlighting (though maybe inform does that, too)...
So, in addition to having to learn to program anyway, I also need to learn to teach the environment about parts of speech. Maybe there's something to it, but right now, I don't really see the point.
menu_items.each do |item|
if item.checked? && current_font.provided_styles.include?(item.style)
item.uncheck!
end end
I see your point -- I think that reads pretty clearly, but maybe that's only because I'm used to it. What do you think?
I'm also skeptical of this approach:
if the Style menu contains a checked item (called X) corresponding to a font style which is not provided by the current font, now X is not checked;
It's not as clear how and why this works -- "not provided by the current font" -- how does Inform know what you're talking about here? English is pretty big and ambiguous.
And again, this doesn't deal with the fact that it doesn't remove any of the learning curve. I still need to know about strings, integers, the difference between integer and floating-point math, etc, etc. That's the point of the article I linked to.
I haven't actually seen this language, so I can't say for sure, but I would argue that many programming concepts are easier to express in actual code, or at least pseudocode, than in anything truly resembling English. Even when we talk to other programmers, we talk about concepts like strings and characters, which are ultimately the language of the machine, not us.
So, this could make it easier to learn to program, but this should not be seen as something in the same vein as Excel, Access, Filemaker, or anything of that nature. Those are tools that let non-programmers make a program, and non-DBAs make a database -- but they are both inferior for real programmers to use, and even when they aren't, they mean the programmer doesn't have to learn what's going on under the hood.
But as a programmer, you do need to know what's going on under the hood. When the abstraction breaks down, you need to know how and why. It's one thing to let the garbage collector handle memory management, but if you understand what it's doing, you can make little tweaks to make your program smaller and faster, while still letting the garbage collector do the heavy lifting.
In other words, read The Law of Leaky Abstractions. As Joel says:
The law of leaky abstractions means that whenever somebody comes up with a wizzy new code-generation tool that is supposed to make us all ever-so-efficient, you hear a lot of people saying "learn how to do it manually first, then use the wizzy tool to save time." Code generation tools which pretend to abstract out something, like all abstractions, leak, and the only way to deal with the leaks competently is to learn about how the abstractions work and what they are abstracting. So the abstractions save us time working, but they don't save us time learning.
So, in other words, the real question we should be asking is whether this tool is better than existing tools, like Python or Ruby. There have been other attempts at RAD which I think fall far short of that goal.
To answer the question "why not", you have to understand the damage that is done by allowing non-programmers to try to program. Think of the damage which is done with this simple Visual Basic command:
On Error Resume Next
I mean, that's almost as bad as GOTO, probably worse, because that leads to silent errors. It leads to growing a codebase full of errors that happen all the time, of dead code, and of random Bad Things happening, all of which would at least make your app raise a noisy error during development (so you'd fix the problem). But no, you silently ignore them...
That isn't strictly VB's fault, but there seem to be so many crappy VB coders for whom this was the next logical step after Excel formulas. Since the actually decent coders tend to prefer things like C# (in the MS world, at least), I don't see much of a reason for VB to exist, and it seems to actually be causing more harm than good.
That's where I view every attempt at a "dumbed down" language -- if it doesn't improve things for actual programmers, it'll probably do more harm than good.
Slashdot Mirror
if the person is connecting to sites in which security is a must then SSL makes a VPN a moot point
Granted.
it's ignorant to assume that he's all safe and sound if he just runs a VPN to his home or a VPS.
It's equally ignorant to suggest that such a setup offers no additional security at all. The original question was:
Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information?
So, some examples might be: Suppose a vulnerability is discovered in his software update system. Or suppose there are things he'd like to access which don't support SSL. There are a number of minor risks like that which are somewhat mitigated by routing everything through a VPN.
maybe in your head it's more secure then a WiFi hotspot
So it looks like, again, that you don't see the difference.
it's not secure to begin with so in that case who cares if it is more secure then a WiFi hot spot.
Because, again, security is not boolean.
DNS spoofing can occur anywhere
It really can't occur between me and my VPS-provider's DNS servers. The question is, can it occur between a well-run DNS server and a DNSSEC-hardened domain?
DNSSEC is based on SSL. SSL is flawed for many reasons which cryptographer DJ Bernstein has pointed out
Then spell them out for me here, otherwise this is a meaningless appeal to authority.
[slashdot.org] Nov 16th, 2009 at 18:30 EST
From that page:
recently discovered vulnerability in the SSL protocol.
That is why I was making a distinction between added and discovered/fixed. If the protocol has been mostly stable, then there are a finite number of vulnerabilities present. Every time we discover and fix one, it gets more secure, not less -- this is a simple matter of arithmetic.
Now, if the protocol is constantly changing, and the rate of vulnerabilities discovered is increasing, we might suspect that it's getting less secure. Key word is might -- we might just be getting better at discovering vulnerabilities. But this isn't what's happening here -- in your own link, you've presented a vulnerability which has existed for as long as TLS renegotiation has existed. I wasn't able to verify how long this is, but I doubt it's a new feature that was added in the last few years.
The issue is that they are both suspect connections.... To simply state that you are moving you're connection from one suspect connection to another does not mitigate....
I cannot believe you are really trying to claim that all suspect connections are equal. They aren't.
The amount of effort required to eavesdrop, let alone MITM you, on a properly admin'd, switched network, or on the public Internet, is far greater than the amount of effort required to casually eavesdrop and MITM you on a wireless connection in a coffee shop.
In other words: Yes it does mitigate.
only where the vulnerability occurs.
You are casually dismissing this -- it's fairly important. Put another way:
And that gives you a secure connection inside your LAN. Agreed!
You are treating security as though it's boolean (it isn't), and you are assuming that I believe my LAN is absolutely secure.
I have a crappy little Netgear switch. It may be possible for people to 0wn this switch. No one's currently plugged into it, but you never know.
In addition, there are others who have the wireless keys, in order to get online. The wireless security prevents neighbors from stealing my Internet access, it doesn't really protect me.
In other words: it is quite possible someone could attack me within my LAN.
Do you see why it's extremely unlikely that someone would do so? They'd have to break into my house, find my equipment, and know exactly what they were doing, and they'd have to do all of this without me noticing.
It is also quite possible that someone could attack me at my ISP. This is somewhat more feasible -- anyone working for the ISP could do it, which is significantly more people than live in my house. Additionally, people could break into the ISP, which is bigger and thus probably easier to hide something. All it would take is one of those Linux-servers-in-an-Ethernet-jack.
This is more likely than someone breaking into my house, but less likely than someone compromising some system, somewhere on the public Internet.
Now, the public Internet, I would hope, operates as a giant switched network, only much more controlled -- many system administrators for the backbone routers, lots of fiber connections which can't really be tapped in the middle without cutting the traffic off. It's also a massively complex system, which makes it that much more difficult to execute an attack like this -- but that much easier
Filesystems are the wrong way to go.
Yes, you've said this. I disagree.
I seem to recall a Lisp kernel where the only secondary storage was a block device mapped to the address space like swap, but preserved between boots. And everything was just transparently kept as lisp objects.
Very interesting. Also fairly useless for a browser that's already designed to work with filesystems.
I suppose the lesson here is, those who don't understand Unix are destined to reinvent it, poorly. The point of the filesystem and process model is that they're incredibly simple, and easy to tune to whatever you want. Maybe one part of the browser just wants to store some JSON. Maybe another wants a full sqlite database. Maybe a plugin wants some proprietary key/value store of its own. When a file is just a stream of bytes, they can all get along just fine.
As for "heavyweight", if Grub has filesystem support -- that's right, the fscking bootloader has filesystem support, and not just one filesystem, but multiple filesystems...
Not to mention, dropping filesystem support entirely would kill one of the current features of Chrome OS -- plug in a USB key or an SD card and you can browse the files on it, opening them in web apps.
flash without a filesystem is pretty easy to get working. plenty of us have had to do a lot of tricks to get it to run on a read-only flash filesystem. it's not a huge stretch to get it to run without a traditional filesystem at all.
Have you got it working without a filesystem? This is ambiguously working -- it sounds like you're saying "It's not that hard, but no one's ever done it before."
And if so, great, now how about Java?
Oh, and what about extensions? Currently, the extension format is a signed zipfile, which, upon installation, gets unpacked to the filesystem. Inside, you'll find html files, javascript files, json files, and maybe some .so files (or dlls) which can be loaded as plugins. I like this system a lot.
And this system is then exposed as URLs to the browser. That is, it's something like chrome://extension/someUUID/somepage.html -- which means you can build extensions with all the tools you used to build webpages -- probably even XHR to load other parts of that extension, if you really want to.
fork is a reasonable solution. although you still don't get isolation from filesystem hacks when you've forked a process as the same user. fork and chroot might be an interesting option for something hardened.
Yes -- fork, chroot, then drop privileges. Now, I'm not absolutely sure, but it looks very much like this is how Chrome currently works on Linux -- though I'm not sure the sandboxed processes end up running as completely unprivileged users.
And yes, I'm aware that some browsers use separate/flash processes to plug-ins don't bring down the whole browser.
My point was that Chromium specifically does this. Since we're talking about Chrome OS, it's kind of relevant, in that they seem to already be doing exactly what you're suggesting to protect themselves.
no virtualization necessary.
You're the one who mentioned a hypervisor, but ok.
without help from the kernel you can't do Read-Copy-Update. User space applications in Linux just plain can't do it.
Wikipedia is ambiguous about this, but it looks as though the Linux kernel supports it. I'm not sure how it helps, though -- Chrome seems to be built around message passing, and I don't really see Chrome OS needing multiple cores.
The only point I was trying to make is that there is a lot in Unix you can discard if you only need to run one application.
I can agree with that. The point I'm trying to make is that it's usually not worth it to do so. There's a lot of the Linux kernel that you can di
It helps everyone in the long run, and it helps this guy when he transfers to a bank which does what he needs.
VPN's can sometimes end up being pretty touchy especially over high latency connections
I remember finding a few relatively easy settings to change in the OpenVPN config -- tls-timeout and hand-window, I think, though there might've been others. Once I changed these, I had a pretty solid (if unbearably slow) connection through a satellite link.
I hope to never use satellite Internet again, but it can be done.
there is no such thing as absolute authentication of a host in this world.
Pretty damned close.
DNS spoofing can occur
You can route the DNS through the VPN. To be fair, this may still be possible, but they're working on that -- I think the whole point of dnssec is to prevent it.
SSL is becoming weaker with more exploits by the month
Those exploits have always been there. They are just now being discovered and fixed. SSL is therefore becoming more secure by the month.
Please give an example of an SSL exploit that has been added at all recently -- even one which has been added within the past two years.
the best you can do is use SSL and hope for the best at home or abroad.
Consider the case where you're not using SSL, or can't trust it. (Example: Slashdot.)
Would you rather broadcast your password over the fucking air for anyone with AirSnort to hear? Or would you rather send it over the still suspect, but much more reliable switched networks of your ISP, the server's ISP, and the public Internet?
Where you connect to from your end point that isn't in the LAN that OpenVPN is connected to is the same as connecting from home or abroad.
Except at home, I use relatively secured Wifi, and mostly, physical ethernet cables. Abroad, I use coffee shop Internet and other relatively-untrusted networks.
So hell yes, I trust Slicehost more than I trust every Starbucks customer.
OpenVPN was not designed to provide a proxy service to secure all your connections to everything else in the world but only between locations that you own.
And Unix was not designed to be a multi-user system, or a multiprocessing system.
By the way, it would be much easier to read your post if you used paragraphs, or at least finished your sentences once in awhile, because reading long run-on sentences like this without even the help of a comma somewhere can get very annoying and make you feel like you're out of breath so if you wonder why no one's replying to you then this might have something to do with it.
after digging into the Plan9 kernel, I realize that most of these drivers are not really that complicated if you can accept a basic level of functionality and less than optimal level of performance.
Not really going to cut it for a netbook. I suppose it depends how much of a performance hit it is...
a filesystem that is more like a simple memory mapped key-value pair database (using critbit, hash table, b+tree, whatever).
This is why I like ZFS -- you can build things like that, which live on the same phyiscal disk as your POSIX-like filesystem, with a common allocator for both. You want that common allocation, so you don't need to partition your drive, but it's nice to not have to go through the POSIX layer.
What value would a custom kernel/OS have over a specialized Linux? Well I think you could focus on implementing abstractions most suitable for a browser
Can you think of anything specific?
instead of trying to fit a filesystem or sqlite library to your design.
Mostly I suspect you could optimize the boot of a very primitive system pretty easily.
At the cost of other things you'd like to have working, including, among other things, Flash -- which again, already works with a filesystem. A faster boot into nothing isn't a faster boot -- the speed of a nonworking system is irrelevant -- and that assumes you get there anyway, since you've got slower drivers to begin with.
And you could do things where isolation of the browser in memory can be done in a way much finer grain than the Unix scheme of dividing everything into a user process or kernel mode thread.
If you can do that in the OS, you can do it in-process. However, there are threads within user processes, and Chrome uses fork to create separate threads.
In fact, I'm becoming convinced that the fork model is really the second-best model for web security, and the best model is incredibly difficult to build. That is, if a new tab is as quick as a fork(2), it's damned-near instantaneous on Linux (COW pages), and separate processes for everything means that you can isolate things to the point where no bug or security vulnerability in one page can possibly affect another. This is a Good Thing.
Perhaps the browser would be more like a root user, but individual tabs would have permissions controlled by a kernel or hypervisor that would be in isolation of one another. One page may not be able to hijack the rest of your browser or access cookies or passwords unless specifically authorized.
Sounds exactly like how Chromium currently works, except you're using virtualization unnecessarily.
And it could be done in such a way that is still relatively fast and low overhead, but more secure than current schemes.
It doesn't really sound more secure than the current scheme, but it does sound like it'd be relatively slower.
Put another way: The multiprocess model as I'd implement it (I haven't actually read the Chromium code, so I don't know if they do it this way) would be to keep a master process which forks off a process for each tab. Each such process immediately chroots and drops privileges, so it is completely sandboxed. This is not a new model -- it's exactly how Postfix works, for example.
Imagine if plug-ins like flash and video codecs had to run through a socket or some fast IPC messaging scheme. where you could just close it to force the process on the end to shut down.
Sounds a bit like how Chromium currently works.
The BIGGEST data plan here is whole 35Gb a month, with it costing $1.50 a GB for anything over than. There isn't any fiber here, and if I go business plan that is bumped to a whole 75Gb and costs me over $200 a month. So your Amazon idea is right out the door, end of story. Not to mention the fastest upstream here is about 256k, yeah no thanks.
That's a fair point. Also, ew. I mean, I complain about my small town in Iowa, but I get 100 mbit fiber. Yes it's capped (per my sig), but they don't seem to enforce the cap at all.
As far as size, I was figuring multiple drives in play. With a 1.5TB drive running $125 I figure 2 of those minimum, plus again I'd need to build a machine to run backups on.
You can get a dedicated NAS box. Regarding prices, I see 1 TB from Newegg for $65, 1.5 TB for $89, and 2 TB for $140.
while you can ignore the free space, do you have any idea how much crap folks have on their drives?
Generally, yes -- a lot of crap, but it still doesn't add up to that much for most people.
with Vista or Windows 7 you are looking at another 20Gb there
Which compresses down to, what, 7?
But let's run with your numbers for a minute -- let's pretend that it's actually typical to see a machine come in with 300 gigs of crap on it, and let's ignore compression. How many machines do you work on per month? In other words, how long would that image last if you rotated them? Again -- $65 for a terabyte, so $130 for two terabytes, which is almost seven of those.
plus you are gonna have to scan every. single. file. because there are many bugs out there that can infect all kinds of files.
Make the fileserver Linux. Scan the files you restore. It's physically impossible for them to be harmful if you're just treating them as data, literally dumping them on a fileserver and doing nothing with them -- especially if they're inside a compressed image. It's only once they actually need them that you have to scan them.
You also make it sound like that's any work at all, to scan every file. If your antivirus tool doesn't let you run a single command to scan the entire tree, or right-click on the drive and click "scan", your antivirus tool sucks.
If I were to do as you suggest my prices would have to be $150 minimum for a basic clean and wipe,
Wait, huh? So you'd have to raise prices on your existing service which does none of what I suggested? Remind me not to hire you...
add another $75-100 for data backup, virus cleaning of the nasty drive, and restoring the data,
I'm sorry, which parts of these can't be automated more than your current process already is?
The only possible claim you've got there is data backup, and I'm sorry, the numbers don't match up -- $75 is already $10 more than it would cost you to store the data of three customers forever, and you don't have to store it forever.
Do you think I have enough money to afford a 12TB server?
Where did 12TB come from? Did you pull it out of your ass, or do you have actual numbers to back that up? (Hint: any decent imaging tool can be told to ignore free space. I like ntfsclone on Linux for backing up recent Windows drives.)
Even on the "el cheapo" PCs that walk through my door you are looking at 300-500GB, and do you have ANY idea how long it takes to image a drive that size?
Yes, actually -- the same 5-10 minutes of your time, then leave it overnight. And again, you can ignore free space.
I make a flat $75 for a standard wipe and reinstall, $125 if they want anything more than my docs backed up.
That actually covers it already, and that's if you don't figure out some amount more.
So your idea simply wouldn't work, as if I said "pay me $$$ more and I will back up your entire drive" I would get MAYBE 1 out of 100 that would take the deal.
Even after you explain to them, quite clearly, that the alternative is the potential total loss of something on their drive?
And again, it's not that much more.
I would need to spend a good $300 up front on drives, another $200 building a box to contain them and do the imaging...
So outsource it. Consider Amazon S3. Suppose they've got 100 gigs of data -- that's $10 to upload it, $15/mo to store it, and $17 to download it again.
Now, you've already admitted to automating the install process, and charging $75 for a wipe, $125 to back up more than my docs. That's $50 extra. $42 pays for the Amazon services for one month. If they can't find anything they want after a month, delete it from S3 or remind them it'll be another $15 for another month.
Keep in mind, the entire process can be automated except for the "find my old files" part. Probably the biggest pitfall from this scheme is that it doesn't account for the time you'd spend hunting for their files -- but presumably, if there's a file they're looking for (and they can't find it), they'll have some idea of where you should look for it.
occasionally you get those that just WILL NOT let you wipe the drive. I had one guy come in with well over 1000 bugs. I told him I would have to wipe the drive, he said no. I said it would cost $500 for me to remove that many infections, and even then I could make no guarantees, he cut me a check right there.
I can't really complain with that -- though I don't know I'd have the balls to ask for $500, as I don't work with windows enough to have good instincts about where to look.
Oh, and as for your "recover their data" part? BWA HA HA HA HA HA HA! Do you have any idea how many times I have had to deal with asking customers MULITPLE times if they had any "weird" places they kept data, only to have them say no and later come back with "oh by the way..." I even had one moron who kept important data in the recycle bin!
So image their drive?
Seriously, it's a bit unprofessional to lose data, ever.
So now if I gotta wipe I tell them "name anything you wanted backed up RIGHT NOW" you don't name it, it is gone"
They won't be able to. Hell, I wouldn't be able to, unless you could back up my entire home directory.
Now, what you can do is say "If you aren't ABSOLUTELY SURE, pay me $x more so I can store an image of all your data. That way, you won't lose ANYTHING until you tell me you're absolutely sure."
I think I really appreciate the "fix Windoze" people (if they know what they are doing), because I sure wouldn't want to do it.
I'd love to, I just don't think the users would love me back. My solution to "fix windoze" is "Reformat, and take an image and backups this time so it isn't as traumatic the next time."
The burden of legislation should be reversed; in other words, is there a legal reason for something to exist? Then it should be legal.
I think that's a bit dangerous. It's not hard to come up with things for which you can't make a compelling case for why they should legally exist.
Gambling, firearms, etc., should not be criminalized...
I'm pretty sure GP is explicitly agreeing with you here.
To take your automobile example, you can only drive certain types of automobiles due to the increased danger certain designs present to others driving,
And that is the key.
Also, you're wrong -- you can drive whatever you want, and I'm not even sure the age restriction applies. Laws restricting driving apply to what you do on public roads, not what you do on your own property.
In addition, your belief that knowledge will solve all problems is ludicrous.
When have I ever claimed this?
All I am saying is that education has a much greater chance of working than flat-out prohibition. For example: If you spread misinformation and propaganda, like Sex Madness, you hurt your cause. So, don't tell kids that Marijuana is addictive, or that it'll kill them, etc. Tell them instead that it'll make them stupid, hungry, and probably cause some damage to long-term memory.
I encourage an impartial, well funded cost/benefit analysis on the hard drugs as well.
I would, also, but I maintain that these are still a choice, and that it's very likely that prohibition of them does nothing to decrease the number of people using them.
And really, who are we to make that choice for the potential user?
But if you really want to go down that road, how about a cost/benefit analysis of smoking? It tends to more directly kill people -- most drugs, you can die from an overdose, whereas with smoking, you will die of cancer -- and according to some, it's harder to quit nicotine than cocaine.
Now, I will agree that drugs should be regulated -- in fact, I think that's going to have better results than outright prohibition. Someone else on this thread pointed out that it's far easier for teens to get drugs than liquor, because the drug dealer doesn't ask for ID.
It may be a fine point, and I'm certainly not trying to dismiss anyone...
I'm trying to draw a distinction between a victim of the vice itself, and a victim of a person who has that vice.
I'm not entirely sure why I'm doing that, though, as I wouldn't use that argument either.
A Linux/BeOS hybrid would be very interesting, but that doesn't look like what's happening with Syllable.
Instead, Syllable is a Linux distribution in their Server edition, and something built on AtheOS for their desktop edition. Their AtheOS page clarifies:
Unlike many people seems to believe AtheOS is *not* a BeOS clone. The two OS's are not compatible at binary level nor source-code level. Making a BeOS clone has never been a goal (I started working on AtheOS before the first BeBox was shipped), it is not a goal now, and it will not be a goal in the future.
Even if it was, though, it's hardly a "hybrid".
If you don't apply the calculus correctly then you could argue that murder is hard to prosecute, therefore we should just allow it.
Murder directly hurts another human being. More technically, it denies them of basic rights, like the right to live.
Neither alcohol nor gambling does this. A father might beat his kid in a drunken rage, or bankrupt the family (even make them homeless) from gambling debts, but in this case, it is the father who is doing each of these. The alcohol, for one, is an inanimate object.
Ditto for all hard drugs. Should we allow unrestricted use of heroin and cocaine?
Yes.
Why shouldn't we?
the reality is that many youth don't know what's good for them,
And that is the real problem -- so educate them on what's good for them.
And again, drugs are inanimate objects. It's possible to abuse cough medicine, after all, just as it's possible to use cocaine properly -- consider coca tea.
need to have access to hard drugs removed to protect themselves
So, that works about as well as prohibition.
That is: These kids have about as much access as they always did. As causality says, these drugs may be easier to obtain than alcohol. Telling them "don't try it" is about as effective as abstinence-only education.
Now, I still haven't tried drugs and alcohol, but my parents actually went out of their way to explain the differences between drugs. They made it clear that they don't approve, but they also didn't lie to me about things like marijuana, which probably wouldn't be that harmful, versus cocaine and heroin, which would probably destroy my life.
to protect themselves from making poor decisions in the period they are still learning to evaluate choices maturely.
If it's about maturity, why are hard drugs illegal at any age, but alcohol is legal at 21?
It's also worth mentioning: The war on drugs, like prohibition, has significant collateral damage. Leaving drug convictions aside, there's still the massive network of organized crime that would utterly collapse if we started making and selling drugs legally. It would also cut the balls off of the real, bloody war that's happening in Mexico -- seems we can tolerate drug prohibition because the violence is down there, rather than in our back yard, as it was with alcohol prohibition -- but with Americans growing their own drugs, there wouldn't be so much traffic through Mexico.
There's also the deal the American government has struck with Peru, which includes an attempt to eradicate the Coca plant from Peru. Coca, as you may know, can be used to make cocaine, if processed and insanely concentrated. By itself, though, the coca leaf makes a mild tea, much milder than coffee -- and it's an important part of their culture, which we are killing off, because someone might make cocaine out of it.
Consider a world in which coffee was illegal. Sure, if you drink too much coffee, you get jittery, and the withdrawal headaches are painful. If you drink enough coffee, you could probably kill yourself. And coffee is fairly dilute -- suppose you took the syrup used to make fountain drinks, and just drank that straight, or snorted it. Don't you think that'd be dangerous? Clearly, we should regulate coffee to protect kids from themselves.
Apply the prohibition lesson liberally, until it sinks in. If you can't tell the difference between murder and alcoholism, you clearly haven't learned the lesson of prohibition.
Callously worded, I'll grant you, but I don't think it's entirely wrong. That is:
You are not a victim of the fact that gambling exists. You are a victim of your stepfather's addiction. This doesn't make it any better for you, but it's worth realizing.
Trying to outlaw gambling to prevent that is a bit like trying to outlaw alcohol -- there are many victims of people in a drunken rage, but it doesn't get better when we try to outlaw it, and there are plenty of people who can drink responsibly. The problem is not the alcohol itself, it's the people who can't tolerate it.
In fact, if we try to outlaw everything that might be a dangerous addiction, we could start with alcohol, then move on to World of Warcraft, caffeine, television, and so on. I'd be amazed if we had anything left by the end of it.
It depends which ones. The ones I learned from the Geomancers were metal, wood, earth, fire, water.
It's a Dell and a Core 2 Duo, and it wasn't cheap.
it sounds like you have a crappy lappy
Yeah, probably. Time to call Dell.
The linksys I had was unable to host a multiplayer FPS server on my 4mbps symetrical DSL...
See, that's a bit disturbing to me -- it's not as though it would've been terribly expensive, even then, to build a machine that can handle routing at 100 mbits.
Like most technology, they assume it's never going to be used to its potential. Take my laptop -- only when I actively cool it or balance it precariously several inches off the desk can I max out both cores. Try that with it sitting on its little rubber feet, and it overheats and throttles itself to 800 mhz. Try that when using the video card for anything stressful at all, and it shuts off.
Anyway, more on-topic, I've had a Linksys router (WRT54G) crash repeatedly when I attempt to run BitTorrent through it to a 100 mbit fiber connection. The solution was to replace it with a Linux box, and let the Linksys router only handle the wireless.
It's the same mentality that they've used to sell you 100 mbits -- works great if you just want to browse faster, maybe watch the occasional YouTube video. Sucks if you want to actually use it -- BitTorrent, maybe a Freenet node, or just transferring files between two machines connected to 100 mbit Internet -- before you know it, they're throttling it and bitching that you're a "bandwidth hog". In other words, they wanted to sell you 100 mbits because it sounds faster than 30 mbits, not because they expect people to actually need it.
I think in generalizations like "do this to every X" or "if there is a Y", but even Ruby requires me to code in terms of loops, iterating over a set of objects one at a time.
Not quite -- part of the point of #each is to get you thinking in terms of "do this to every x", rather than "loop over every x", even if that's technically what's going on.
Some relations, properties, etc. (like containment) are included as part of the standard world model, but you'd need to define the others first:
When you add all that up, I don't really see the net win. After all, I could just as easily add a layer of abstraction which does say "do this to every x". In fact, if "this" is a single method, I can do just that:
Generally, each is implemented as a loop which iterates over each item, but that part is up to the method itself. I could just as easily implement an each method which executes its block in parallel. That's the kind of thing I'm talking about -- it's already at about the same level of abstraction you're describing, it's just expressed more concisely, less ambiguously, and with syntax highlighting (though maybe inform does that, too)...
So, in addition to having to learn to program anyway, I also need to learn to teach the environment about parts of speech. Maybe there's something to it, but right now, I don't really see the point.
In Ruby, this would probably be:
I see your point -- I think that reads pretty clearly, but maybe that's only because I'm used to it. What do you think?
I'm also skeptical of this approach:
if the Style menu contains a checked item (called X) corresponding to a font style which is not provided by the current font, now X is not checked;
It's not as clear how and why this works -- "not provided by the current font" -- how does Inform know what you're talking about here? English is pretty big and ambiguous.
And again, this doesn't deal with the fact that it doesn't remove any of the learning curve. I still need to know about strings, integers, the difference between integer and floating-point math, etc, etc. That's the point of the article I linked to.
I haven't actually seen this language, so I can't say for sure, but I would argue that many programming concepts are easier to express in actual code, or at least pseudocode, than in anything truly resembling English. Even when we talk to other programmers, we talk about concepts like strings and characters, which are ultimately the language of the machine, not us.
So, this could make it easier to learn to program, but this should not be seen as something in the same vein as Excel, Access, Filemaker, or anything of that nature. Those are tools that let non-programmers make a program, and non-DBAs make a database -- but they are both inferior for real programmers to use, and even when they aren't, they mean the programmer doesn't have to learn what's going on under the hood.
But as a programmer, you do need to know what's going on under the hood. When the abstraction breaks down, you need to know how and why. It's one thing to let the garbage collector handle memory management, but if you understand what it's doing, you can make little tweaks to make your program smaller and faster, while still letting the garbage collector do the heavy lifting.
In other words, read The Law of Leaky Abstractions. As Joel says:
The law of leaky abstractions means that whenever somebody comes up with a wizzy new code-generation tool that is supposed to make us all ever-so-efficient, you hear a lot of people saying "learn how to do it manually first, then use the wizzy tool to save time." Code generation tools which pretend to abstract out something, like all abstractions, leak, and the only way to deal with the leaks competently is to learn about how the abstractions work and what they are abstracting. So the abstractions save us time working, but they don't save us time learning.
So, in other words, the real question we should be asking is whether this tool is better than existing tools, like Python or Ruby. There have been other attempts at RAD which I think fall far short of that goal.
To answer the question "why not", you have to understand the damage that is done by allowing non-programmers to try to program. Think of the damage which is done with this simple Visual Basic command:
I mean, that's almost as bad as GOTO, probably worse, because that leads to silent errors. It leads to growing a codebase full of errors that happen all the time, of dead code, and of random Bad Things happening, all of which would at least make your app raise a noisy error during development (so you'd fix the problem). But no, you silently ignore them...
That isn't strictly VB's fault, but there seem to be so many crappy VB coders for whom this was the next logical step after Excel formulas. Since the actually decent coders tend to prefer things like C# (in the MS world, at least), I don't see much of a reason for VB to exist, and it seems to actually be causing more harm than good.
That's where I view every attempt at a "dumbed down" language -- if it doesn't improve things for actual programmers, it'll probably do more harm than good.
Apparently, some people like that.