Well, no, this fails to be even Uri Geller kind of BS. Uri Geller was a fraud, but he knew how to put on a good show and sell an illusion that was actually quite appealing. In fact, a notion that many people wanted desperately to believe in.
And even if you didn't believe in magic, it was at least very interesting as in trying to figure out "where's the trick"? Before Randi went and showed how it's done, it wasn't obvious at all to us non-trained in the conjuror arts. It was a good trick.
But this guy and Captain Cyborg... words fail me. Really.
I'm a SF fan. I like the idea of cyborgs and all. I like the idea of transferring information directly from a machine to a human and viceversa, though I must qualify it there: to a human brain. I'm even willing to entertain the notion of human consciousness transferred to a machine -- though not to the extent of being a techno-rapture cultist or anything. Etc.
I should be exactly the market target for this kind of stuff. Except not _this_ kind of retarded stuff.
Someone thinking that implanting an RFID chip under the skin makes him Captain Cyborg, or this guy thinking that storing a computer virus on a chip under his skin makes him "infected"... isn't even funny. It's ridiculous, stupid, and just a complete non-sequitur for the actual topic of cyborgs. A guy with a pacemaker or hearing aid is actually more of a "cyborg" because those actually interface with the living tissue and perform a function. A chip that's under the skin but not actually connected to anything biological just is not it.
It doesn't even leave you thinking "what is the trick" or "good trick", because there is no trick. It's just a bad case of equivocation. It's transfer from PC to human only by virtue of the vagueness of the phrase, rather than any useful sense or interesting sense.
If we're to talk Uri Geller comparison, guys like these are more like the equivalent of some guy claiming he's the first guy to eat with his arse. So he shoves a spoon's handle up his arse, takes it out, and then eats something with that spoon.
That's not how I read that clause. While it does make the mention that you don't need to distribute any freely available or common tools required to build that source, it seems to me like they spell it out pretty clearly that otherwise you need to distribute everything needed to build, install and run that thing. (But I am not a laywyer.)
Otherwise it would be trivial to make the source need parsing through a script that only runs on my internal and proprietary modified Brainfuck interpreter, and then through a Lisp program that only runs on an old version of Autocad that's still installed somewhere in the company, before it compiles.
In your particular case, sure, you can develop with Visual Studio, but surely you can take the time to write a makefile that can be run at the command prompt. In fact, it's been years since I worked with Visual Studio, but I seem to remember it did that for me itself. And they wouldn't even force you to use gcc, since the command line versions of the MS compilers were free last I heard.
(And frankly if they don't have an automatic build machine, and the scripts that that needs, i.e., if they're in the kind of situation where tgey can only build on some dev's machine in their Visual Studio, with whatever sources they may or may not have checked out at the time... they're not the kind of company I'd want to buy anything from in the first place.)
Plus, if I understand the summary right, even if he managed to compile the binary code, the tools to install (and thus also to run it) are missing too. I'd say that's against the letter and spirit of that clause right there. The idea was to be able to make changes, not to just have a bit of source to open in an editor, but not be able to actually run any changes or, for that matter, even know if it's the right source. How would you know for something you can't even compile, and certainly not run?
And it's hard not to ascribe it to malice there. Whatever proprietery protocols they use to upload that firmware, surely they're encapsulated in a bunch of classes and functions that are just called from whatever environment they use. It's trivial to pack the same in a small command line utility.
(And again, if they're that joined at the hip to whatever environment is usually used to upload that firmware, that they can't separate the classes that do the uploading from the rest of the beast... it sure doesn't sound like the kind of company I'd trust to program my VCR, much less the firmware for anything.)
1. You have to put it into perspective though. All of the verses that posited an immovable Earth at the centre of everything are Old Testament, and by all accepted chronologies most were already 2000 years old or more at the time Copernicus got his ideas. (Though Earth being flat does get a nod in Matthew 4:8, which is late 1'st century AD. So even that would be very nearly 1500 years old in the time of Copernicus.)
I'd say that's pretty good covering their asses if it took that long before it was even possible to call them on it.
Stuff that was easier testable, well, they seem to have usually written the prophecy after the event.
2. Well, at least the Catholics seem to have given up on the throwing a fit part since the counter-reformation or so. Now it's just a mystery, or the Lord is using metaphoric language, or those who wrote it down didn't get it quite right. So when Genesis says there were trees with seed (at the earliest that would be the late carboniferous era, and even that's stretching it) before there was a sun created at all, well, the Lord was _actually_ saying there must have been some single-celled algae before the cloud cover first broke and the sun was visible.
I'm not kidding. If you listen to some of them, some verses in Genesis even describe the Theia impact. Of course, you wouldn't recognize it without being told where and how to mis-read it.
It's a more perverse setup, where falsifying it is akin to nailing jello to the wall. No matter what's written there, and how you think you finally have proof that all possible interpretations are plain old wrong, there comes the "but we're not literalists" blanket excuse and that's the end of it. If it says "black" there and you've measured it as white, well,the Lord of course meant "white" and was just metaphoric about it. So, natch, you haven't falsified it.
Of course, I also never got a good answer to "so what good is a book which really doesn't tell you anything you didn't already know? Because apparently to find X in it, you already have to know about X so you can read something as meaning X."
Actually, having actually used Win2K back in the day, it wasn't half bad if you put it into perspective. Win2K wasn't an upgrade to Windows 98. WinME was the upgrade to Windows 98. Win2K was the upgrade to Win NT 4.0.
And, really, I can't think of many things that worked worse in Win2k than on NT, other than the fact that Win2K needed more RAM. And speaking of devices and drivers, it was compatible with almost everything that used to work under NT (though not with anything that used to only work in the DOS part of '98), and it added support for USB that NT lacked completely until a much later patch, it added DirectX support, etc. Heck, it could even make a C: partition that's larger than 4GB, unlike the NT installer. (Note though: NT could install on a larger NTFS partition, if you formatted and partitioned the drive on another computer, it just couldn't make a new C: partition itself that was larger than 4GB.)
All things considered, for the actual product line it was a part of, i.e., as an upgrade to NT not to '98, I'd say Win2K was actually a huge step forward.
You don't seem to understand this newfangled "burden of proof" concept.
You are not aware, therefor it must be BS...
It's not my burden to prove the negative. Otherwise I could equally go "aliens live among us unless you can prove that they don't." If you want to claim that something exists, it's your burden to provide the evidence, not mine to check all nanny agencies and unions and make sure none of them have a policy to leave toddlers unsupervised.
IOW it's BS because it's unsupported. It's that simple. If you actually support the claim, sure, then it stops being BS.
And the same ought to apply to that slippery slope scenario. It's not my job to give you promises that it won't happen. If you think you can objectively make a case of that kind of thing happening, go ahead. Otherwise it's just another unsupported claim.
It is not any more of a "falsehood" than any other caricature.
I think you told me all I wanted to know when your baseline for how much sense it must make is "any other caricature." Because that's really what it is. It's a caricature of a slippery slope scenario in which surely laws will be based on an over-simplification, and we can't possibly think in shades of grey or make exceptions where needed. And surely stuff like a bunch of women unionizing will all be an evil bunch who plan to leave toddlers unsupervised for the sake of making a point (and obviously don't fear lawsuits or laws either.) And surely it'll be as simple as some dictatorial agency kicking in your door, and/or someone actually can afford the lawsuits to prove that half the population's ordering more X than Y is discrimination and not taste preferences, and/or somehow that burden of proving a "mens rea" (evil intent) will no longer apply in court. And surely in a democracy over half of a country will vote to do that to themselves. (Oh, wait, you're in the USA, aren't you?;)
And, since that's where we started, that surely if we object to genetic testing as a reason to discriminate, it'll lead to that kind of a caricature of a distopian future. Because, I guess, once we started forbidding something, there's no way we can stop forbidding unrelated stuff.
I'm sorry, but that's exactly the problem: it's a caricature. Wake me up when you have an argument that actually applies to genetic testing and to what is, not on what surrealistically unrelated BS it might possibly lead to.
If she (or her union) claim, she has to leave anyway, or even simply charge me "overtime" (150%, one hour minimum), I'll start looking for a new nanny immediately. And so will you.
I'm not aware of any place which rounds upwards to the nearest hour, much less it being a uniform thing for unions generally. So I take it it's another of those BS extra assumptions needed to make the case for why unions are bad. Got any more around?
At any rate, I think it was libertarians who were into everything being solved by contract not by regulation. Surely you can inquire first hand if that fee is rounded up to integer hours or not, before hiring her.
But most importantly basically, she has to do unpaid overtime? If you demand extra work from her, she has to make the loss, but god forbid that it costs _you_ anything? WTF? Seriously. You preach at me that we're all employees and employers, but... what, you are more equal than her there?
Anyway, I'm pretty sure I wouldn't start looking for a new one.
Why I actually switch a shop is irrelevant! But, if there anything about my old barber, that's "protected", a reasonably zealous anti-discrimination officer may (nay, must!) get interested anyway -- and I'd hate to live in a country, where I'd have to explain all of my, supposedly, free decisions.
"Hello. We've noticed, that over the past 12 months you've ordered pizza 5 times more often than General Tsao's chicken. We suspect, you are a White bigot discriminating against Asians. Please, hand over all of your purchase-records for a closer audit."
Let's keep it simple this time: are you aware of such a situation where anyone anywhere was sued for changing their pizzeria, or ordering more Italian than Chinese? Or do you think that repeating the same falsehood three times somehow makes it true, like in Lewis Carroll's The Hunting Of The Snark?
IOW, if your support for discrimination hinges on such false scenarios -- as it usually tends to -- colour me unimpressed.
You can shove your "support and respect" where the Sun does not shine, but your promise, that you may not send the authorities after me is insufficient. Because tomorrow you "may" change your mind...
Union-lovers, would you accept your nanny's refusal to stay an extra 10 minutes, when your train is late, because union's rules forbid her from "overworking"?
Once you accept that she too is a human being, has a family, etc, and isn't there just as some accessory to your wellbeing -- a notion that sadly some nerds seem to have trouble understanding -- then, yes, it makes sense to worry about her work conditions too. Negotiate first. And I'm sure that if it happened once that you need her to stay some more, and it really is 10 minutes, you can agree to some compromise. If you need her to do several hours of overtime every day, now that's where I damn hope that the union has something to say.
Besides, I'm in a country where unions are everywhere (Germany) and contrary to the libertarian BS I hear from over the ocean, it didn't result in either bankruptcy or slavery yet. It also turns out that the unions aren't this evil thing hell-bent on causing disruption and preventing work getting done. Most of those people still want to work, it turns out. They don't want to be shafted, but that's a whole different issue.
More to the point, I'm not aware of any major union over here which flat out prohibits overtime and demans you exit the door on the exact minute. They might however ask for overtime pay. Especially if it happens regularly, and we're talking a lot more than 10 minutes.
But, again, once you realize that that nanny is a human being too, it might not be that hard to accept.
Do you want to have to explain, why you switched your pizza-shop -- if the dumped establishment was owned by someone with cancer, you may be in trouble... Would you be willing to have to justify going to a new barber-shop? The anti-discrimination authorities may get interested, if your old barber was Black, but the new one is White...
First of all, it's a non-sequitur, since I was talking about genetic testing. If you need genetic testing to realize that your barber is black, you have bigger problems:p
Second, even as one of those "but the employer has to discriminate because the customers might" excuses, it's a dumb one in this case. If you need a genetic test to determine something about an employee, then rest assured that the customers don't know that. If there was some big "I'm at risk of alzheimer's" sign on the guy's forehead to supposedly warn the customers off, you wouldn't need genetic testing to determine that in the first place.
Third, I'm not aware of anyone anywhere who was actually sued for switching a pizza shop or barber. Care to point out any actual cases? Or is it one of those BS over-the-top slippery-slope scenarios that some people seem to need to make their case for why shafting others should be ok?
Fourth, if you'd actually switch a shop because that barber has cancer (it's not contagious, you know?) or because genetic testing has found he's at slightly higher risk of Alzheimer's (ditto, you're not bacteria, you can't just absorb his deffective genes), then you're simply put a complete idiot. Genetic diseases are always non-contagious. It doesn't care if that guy shaved your beard, or handled the dough in your pizza, or even is your lover, you can't become infected with his genes or anything. We may not send the anti-discrimination authorities after you, but don't expect much support or respect there.
It could, and probably will, be worse. I can see this kind of thing used by companies when they're supposedly testing for drugs, and it'll just so happen that down the line there'll be some "restructuring" in which everyone who is slightly more probable to need sick days down the line is silently let go. And God have mercy on you if someone does a statistic to the effect of "people with gene XYZ show a 2% higher chance of depression / drug use / paedophilia / having problems with authority / whatever."
Nah, Monsanto will just announce their new business plan: sue every farmer who has these weeds on his field for patent infringement. That should keep 'em going for another 20 years or so:P
Well, by definition of "species" not everything can cross-pollinate with everything. Not any more than one could make a minotaur by screwing a cow;)
But in practice it doesn't need to. These guys use agrobacteria to transfer those genes to plants in the first place. It's a genre of bacteria which can actually transfer genes between its own genome and a plant, e.g., to cause a tumour in which to reproduce. Incidentally, you can also load it with whatever genetic payload you wish to transfer, to create GM plant. But it can also transfer genes between wildly different species of plants on its own. And it's not like the GM guys invented it, it exists in nature around.
So I'm sure you can see how Monsanto's patented herbicide resistance genes can end up in a seed of some weed or another, transferred from their grain. So, yeah, eventually everything around might end up resistant.
Duh. He'll divert auxiliary power to the inertial dampeners. There is nothing in Star Trek that can't be solved by redirecting power there or with a strategically placed redshirt.
Hmm, now I wonder which of the two do they use when a toilet's clogged. I'm betting it's one of the situations where a redshirt dies. But diverting power to the look has a certain appeal too;)
As you probably know already, virtually any CPU manufactured in the last years has some form or another of "no execute" flag. So someone could overflow your buffer all right, and... simply not be able to execute any code injected that way. And someone from the BSD gang could even add here that in their world they had a solution for that even before that.
And someone who is security-minded, since that was the thrust of the article anyway, will have used some C++ library or another that checks string bounds. Heck, it's trivial to write one yourself if you don't find one to your liking.
So being only 99% as vulnerable as before, well, still sucks.
In the end, the point isn't "Java sucks" or anything, but that basically the largest difference is in having your people be security minded. Between the team who programs in language X and is basically a bunch of paranoid pessimists who know that Murphy rules supreme and anything that can be broken will be broken, and the team who ploughs through language Y thinking the language alone lets them not bother with that kinda stuff, generally the former is the safest bet. Regardless of whether X = Java and Y = C++, or viceversa.
And knowing that about the prepared statements, or even that SQL injection can be a problem, well, that's already one step closer to the former.
I never said that Java sucks. But it seems to me like TFA has a point. You still need to educate your devs and take security seriously. There is no magic amulet that you can just put on and be immune from security problems.
Never underestimate incompetence. Sure, Java protects you against some kinds of buffer overflows (but then a couple of versions had such vulnerabilities in their native parts of the JRE instead), but it doesn't protect against any other kind of incompetence.
There are probably a few SQL injection vulnerabilities and an XSS exploit being written somewhere right now. And someone out there is writing a servlet which reads and writes files off the hard drive, but isn't checking the paths, so really you can request the registry of that machine or anything. Someone else is putting a confidential document in there, betting on no more security than that nobody will think to look in that directory. Someone else is configuring a Lucene indexing and search which can bypass any access controls and find it. Someone else is coding a remote admin backdoor in the client's site, because it makes supporting it easier. Someone else thinks the users never reach pages except by clicking on the provided links, so he actually never checks parameters, and you can substitute your own id with the admin's ID on the page to change your password. (I've actually seen that one in a big money B2B site coded by expensive consultants from a big corporation.) Someone else out there is running half the company on the same user ID and password, because they can't be arsed to get a different password for the secretary than for the CEO, or because dealing with the IT department to get one involves more bureaucracy than that Asterix episode. (Invariably when some employee which used that account leaves the company, that account doesn't get its password changed or anything.) Yet someone else packs data the user shouldn't see or edit in hidden input fields or uses XPaths for input field ids, and blindly trusts whatever he gest back in those fields. (Then wonders why the user accepted the price for a Fiat 600 but could change the car model to a Lamborghini;)) Etc, etc, etc.
And, ironically, the myth that C is more dangerous than "sweating" dynamite while Java is physically impossible to break, only generates complacency in QA and hiring even less qualified burger-flippers for Java. I've seen I R Java Dev types which didn't even know what an SQL injection was before seeing it demonstrated to them. On the production machine.
And worse yet, you see a bunch of them arguing online, that SQL injection and XSS vulnerabilities are harmless and unavoidable, that the supposed danger is only hype, and that asking them to fix it is just stupid. And at least one such article was even linked to by Slashdot in the past.
I'd be happy to even wave my dick at that employee, if he wants a clearer look. Sure, it's only average, but I'm not ashamed of that. Plus, you don't get an oportunity to flash a rentacop every day;)
But I can see why some people would have an objection to that. For certain muslim fundies, showing yourself naked to strangers as a woman can be your own death warrant, for example. I wouldn't want to be the Saudi Arabian woman whose scanner picture ends up plastered all over the internet. And even in the west, probably most people would burst a vein if you told them that Joe Rentacop from the TSA spanked the monkey in the bathroom on his break after looking at their 7 and 11 year old daughters naked. Even if no image was stored.
It seems to me like there is no way around the fact that it does produce a naked image, and those guys get to look at it because the magical technology to just show the guns without needing an eye-scan of the body doesn't exist. And if that wasn't enough, they have a button to take a printout.
But yeah, you're right, the fact that they repeatedly lie about it, is what gets my goat the most. I keep hearing how it'll blur stuff, or how verily nobody will even see more than a stick figure of you, but then it turns out that the picture someone had posted on the Internet had some pretty clear breasts and didn't look anything like an Order Of The Stick character either. Or the guy in this story clearly saw more than a stick figure with just the gun highlighted. It seems to me like they know that what those machines really do is unacceptable, or they wouldn't go to such lengths to lie about it.
Actually, the more such stories make the point that those guys really _are_ looking at people naked, the better for the public at large.
The things have been handwaved to the public as just some magical things that see explosives and guns and not much else, and their operators are 100% profesional and would do no such thing as looking for anything else than guns anyway. (In fact, one politician in Australia even claimed that they'll produce just stick figures with just the areas to be checked marked, and nobody would see your body at all.) And obviously if you're refusing to let them look at you that way, you're probably a terrorist and don't deserve to fly. (E.g., Muslim woman barred from flight for refusing body scan)
Now it turns out that they aren't just for explosives, and they aren't that professional.
And I mean there's not just this, but also the guy at Heathrow Airport who pressed the button to take a ghostly snapshot of a female coworker's body. She seemed pretty traumatized by it too and won't go anywhere near the machine any more, so maybe now we can also have some sympathy for the others who are scared of them.
Or the actor who discovered some female employees there looking at a printout of his scans, so he autographed it for them.
The sooner Joe Average gets the idea that these kinds of things happen, and no matter what some politician says, those people aren't saints, the better.
I guess it never occurred to you that there might be a reason why I never made any claims about average users building and administering such devices. Ah, Slashdot, where people feel free to assume but the assumption is never that your positive statements and omissions are deliberate...
I guess the part where you were answering to a message about a family of clueless users must have confused me. I thought you were actually answering to that message;)
But at any rate, take a chill pill. If you think I actually care that much about your omissions, you're really overthinking it.
Mainly the fact that they need to get their cutesy screen-saver into a distribution repo to actually gain a significant level of deployment. At least most Linux users I know add very little software that isn't included in their main repo or one of very few specific extras. Anything beyond that gets treated with a certain level of suspicion.
Mainly because the current crop of Linux users are nerds. If the example Clueless family in my example exercised that level of caution, well, they wouldn't be clueless in the first place.
And if they were that cautious, they wouldn't get pwned in Windows either. I mean, it's not like that spyware crap was linked to from microsoft.com or anything.
The way they get pwned is more like:
Joe Clueless wakes up on a saturday morning, scratches his balls and goes to see if he has any email. Does he want herbal Viagra? Hmm, Jane has been faking too many headaches lately, maybe it couldn't hurt to at least look at the site. Just in case. Big fake UI popup tells him that he has 200 viruses on his system and needs to download and install the free Pwnage antivirus. Eeep, he doesn't want no nasty viruses on the computer he does his banking on, so let's hurry and do just that.
Next email tells him that the USPS couldn't deliver some package, and he has to run some attached executable to find out more details. Fuck, he wouldn't want to miss a package, so he dutifully does that.
Another emails tells him that the IRS wants something from him, so he does that again.
Next email tells him that hundreds of naked teenage babes are waiting for him at some.ru site. Well, Jane is out with the kid, maybe he has time to take a peek. Oh, he has to install this free dialer to see the pics. Well, sure, why not? He does that.
After clicking a bit around, another popup tells him that his computer has incriminating evidence against him and he needs to download and run this amazing browser history eraser. Teh oops. Jane might be pissed off if she sees porn sites in the browser history. Time to download and run this trojan too. He makes a mental note to complain about these browser devs who don't include that function already;)
Meanwhile Jane comes back and wants to see which of her friends emailed her. That computer gets to add a cutesy minigame from an attachment, and another handy-dandy utility to remember her passwords, to its growing malware collection. While she's at it, she clicks on the www.i-pwn-u.ru link in another email to confirm her Paypal password again. She makes a mental note to whine about these idiots at Paypal who forget her password every other day and keep asking her to enter it again;)
Little Timmy gets his computer time in the afternoon and gets his ass handed to him in multiplayer again. He googles for "counterstrike cheats" (or whatever game he's playing) and gets to some dodgy site where if you just download their keyboard and mouse driver, it can do a whole collection of FPS macros for you and make you play like a pro. (And also log the keypresses and send them back home, but they're not saying that.) Bweh-heh-heh, he'll show those guys in his clan who's teh uber-l337 FPS player.
Do you see any reason why in the same scenario they'd exercise caution about what they download in Linux, when they don't in Windows?
You have too much faith in the average user, if you think they'll configure and admin a whole PC instead of just buying a small appliance and forgetting that it's even there. And if you actually want them to configure and admin it _well_, now that's a whole other issue.
Actually, it seems like a reasonable assumption to me. Always code or design assuming the worst. Before you decide what hoops you make the user jump through to get his money online, assume that he's pwned in every imaginable way, that his firewall is mis-configured to be a digital goatse;) and probably he's not even who he says he is. And he's probably trying to break your system too. Because sooner or later you'll have to deal with just that. Now what can you do to mitigate such a situation?
Basically you can divide people and design philosophies into a spectrum between:
- optimistic: they expect the best possible outcome. They just know it'll be all right. The world is nice, the users do exactly the click sequence they've been told to, and his functions only receive exactly the right input.
- pessimistic: they expect that Murphy's Law is actually a law of the universe, and if something could possibly go wrong without violating the laws of physics, it will. Actually the real serious pessimists don't even exclude the laws of physics going wrong. They tend to have the speed of light as a variable;) They also tend to bring a sweater or two along when going to the beach in Florida in August. And they just know that some bastard out there will feed their program the wrong input, or will have his password stolen by a keylogger and then sue when he finds his account empty. They tend to rarely be disappointed in those expectations, actually.
Personally I like my programs and processes designed by the latter. And it seems to me like this is what those banks are doing. They're for a change starting from the worst possible scenario as an assumption. Nothing wrong with that.
I know that it's a sacred tradition to regurgitate fanboy oneliners without thinking, but in this case
1. it was even in the summary that by now even home routers are targeted by the asshats. I fail to see how a hardened Linux PC helps there.
2. Actually, it seems to me like most zombie PCs nowadays don't come from port overflow attacks any more, but because of users clicking on spam links, re-entering their bank password on some www.i-pwn-you.ru site (fictive address for example sake) because the email told them to, and installing crap.
I'm not sure how Linux would help there at all. You do know that you can download and install rootkits for Linux too, right? In fact even the term rootkit comes from the Unix world, not from Windows. What's to keep an asshat from making their rootkit masquerade as a cutesy Linux screensaver instead of a cutesy Windows screeensaver?
If user clue remains a constant, meet the Clueless family, a white suburban family whose only knowledge of computers is that the nice guy at the shop said they need the most expensive one: you'll still have Joe Clueless opening executables he received in spam mails. And his wife Jane Clueless confirming her Paypal and eBay password the fourth time this week alone, and none of them was on paypal.com or ebay.com. And downloading and installing some piece of spyware masquerading as some cutesy utility or casual game. And their son, Timmy Clueless installing what some dodgy site told him is some hack to see through walls in Counter-Strike. And of course it needs to be installed as root, in fact as a kernel module. So punkbuster (or equivalent) can't detect it, you know? *nudge* *nudge* *wink* *wink* Know what I mean, eh?
Just as they're not deterred by Windows popping up a big fat windows asking them if they really want to install stuff, they won't be deterred by whatever hoops your favourite Linux distro makes them jump through either. If they have to su -, they'll su -.
If that's the case, yes, probably that's the best course of action.
But, again, I'd advise making sure first that it's not simply the Dunning-Kruger effect. The paradox there is that while the least competent people overrate their competence (and that is the most publicized aspect,) the more competent ones tend to underrate themselves. So basically you can jolly well have the impression that you've been going up to a peak and down again ever since, when in reality you're only going up.
But I don't presume to diagnose something like that from one message. You're the best suited to judge if really you're any worse, or you've just moved on to more complex solutions, or maybe just you've got higher standards for what counts as a "good solution" to come up with.
I know _I_ in my teen years thought I was a freaking genius for coming up with some solutions that nowadays I'd consider submitting to the Daily WTF. Both then and now I was coming up with "good" solutions, but what I judged "good" back then isn't even near what I'd judge "good" today. Of course it took less time and effort to come up with those.
Plus, the problems in those times tended to be simpler too. I was so proud I could burst when I wrote a program over 10,000 lines long. But just as I was turning 30 I was writing code for a program 1,000,000 lines long. (Not alone, obviously.) And that's not even among the largest out there. But already the kind of write-only hacks that worked for a 10,000 line program that I could hold completely in my head and know exactly what line to fix if something broke, would have been unmaintainable in a 1,000,000 line program. Both were, for their time, full of "good solutions", but the latter also had to include a lot of design and refactoring and patterns to just be able to find our own arse with a map and a compass when it came to changing something. Now you could no longer do that "good solution" in 10 minutes by just splattering it wherever in the code, and topping it off with a "goto" to boot. Now you had to also think about how it fits in the framework.
Do you know it? Yep. It is very low compared to other jobs.
Actually, there is no evidence I'm aware of that programmers actually get worse with age. Or any other brain jobm, for that matter. The earliest peak I've seen in actual statistics curves is at 35 for scientific inventions, _but_, here's the important part, it doesn't mean it drops to zero afterwards or anything. The bell curve still has a ways to go. Only around the mid-50's it actually became "only" as high as when fresh out of college. In other domains it essentially only started to drop off when death started to take its toll.
So basically all you illustrate is a case of prejudice "confirming" prejudice, in a lovely example of the begging the question fallacy. (A.k.a., circular logic.) An age limit which is there only because of unsuported age-ism, is taken as proof that that age-ism is right. Basically in the same ways a witch trials were taken as evidence that witchcraft objectively exists.
Plus, there's the ever popular DunningKruger effect. When measured by someone who is still ignorant enough to have realized how much they still have to learn -- be it the stereotypical PHB whose sole competence (ever or any-more) are pr jobs in IT-for-managers ragazines, or the kind of young un' who thinks he's the greatest ever for writing his first 2000 line write-only program -- then yes, experience seems overrated.
But if you have any actual statistics, I'm all ears.
Slashdot Mirror
Well, no, this fails to be even Uri Geller kind of BS. Uri Geller was a fraud, but he knew how to put on a good show and sell an illusion that was actually quite appealing. In fact, a notion that many people wanted desperately to believe in.
And even if you didn't believe in magic, it was at least very interesting as in trying to figure out "where's the trick"? Before Randi went and showed how it's done, it wasn't obvious at all to us non-trained in the conjuror arts. It was a good trick.
But this guy and Captain Cyborg... words fail me. Really.
I'm a SF fan. I like the idea of cyborgs and all. I like the idea of transferring information directly from a machine to a human and viceversa, though I must qualify it there: to a human brain. I'm even willing to entertain the notion of human consciousness transferred to a machine -- though not to the extent of being a techno-rapture cultist or anything. Etc.
I should be exactly the market target for this kind of stuff. Except not _this_ kind of retarded stuff.
Someone thinking that implanting an RFID chip under the skin makes him Captain Cyborg, or this guy thinking that storing a computer virus on a chip under his skin makes him "infected"... isn't even funny. It's ridiculous, stupid, and just a complete non-sequitur for the actual topic of cyborgs. A guy with a pacemaker or hearing aid is actually more of a "cyborg" because those actually interface with the living tissue and perform a function. A chip that's under the skin but not actually connected to anything biological just is not it.
It doesn't even leave you thinking "what is the trick" or "good trick", because there is no trick. It's just a bad case of equivocation. It's transfer from PC to human only by virtue of the vagueness of the phrase, rather than any useful sense or interesting sense.
If we're to talk Uri Geller comparison, guys like these are more like the equivalent of some guy claiming he's the first guy to eat with his arse. So he shoves a spoon's handle up his arse, takes it out, and then eats something with that spoon.
It's freaking sad, that's what it is.
That's not how I read that clause. While it does make the mention that you don't need to distribute any freely available or common tools required to build that source, it seems to me like they spell it out pretty clearly that otherwise you need to distribute everything needed to build, install and run that thing. (But I am not a laywyer.)
Otherwise it would be trivial to make the source need parsing through a script that only runs on my internal and proprietary modified Brainfuck interpreter, and then through a Lisp program that only runs on an old version of Autocad that's still installed somewhere in the company, before it compiles.
In your particular case, sure, you can develop with Visual Studio, but surely you can take the time to write a makefile that can be run at the command prompt. In fact, it's been years since I worked with Visual Studio, but I seem to remember it did that for me itself. And they wouldn't even force you to use gcc, since the command line versions of the MS compilers were free last I heard.
(And frankly if they don't have an automatic build machine, and the scripts that that needs, i.e., if they're in the kind of situation where tgey can only build on some dev's machine in their Visual Studio, with whatever sources they may or may not have checked out at the time... they're not the kind of company I'd want to buy anything from in the first place.)
Plus, if I understand the summary right, even if he managed to compile the binary code, the tools to install (and thus also to run it) are missing too. I'd say that's against the letter and spirit of that clause right there. The idea was to be able to make changes, not to just have a bit of source to open in an editor, but not be able to actually run any changes or, for that matter, even know if it's the right source. How would you know for something you can't even compile, and certainly not run?
And it's hard not to ascribe it to malice there. Whatever proprietery protocols they use to upload that firmware, surely they're encapsulated in a bunch of classes and functions that are just called from whatever environment they use. It's trivial to pack the same in a small command line utility.
(And again, if they're that joined at the hip to whatever environment is usually used to upload that firmware, that they can't separate the classes that do the uploading from the rest of the beast... it sure doesn't sound like the kind of company I'd trust to program my VCR, much less the firmware for anything.)
1. You have to put it into perspective though. All of the verses that posited an immovable Earth at the centre of everything are Old Testament, and by all accepted chronologies most were already 2000 years old or more at the time Copernicus got his ideas. (Though Earth being flat does get a nod in Matthew 4:8, which is late 1'st century AD. So even that would be very nearly 1500 years old in the time of Copernicus.)
I'd say that's pretty good covering their asses if it took that long before it was even possible to call them on it.
Stuff that was easier testable, well, they seem to have usually written the prophecy after the event.
2. Well, at least the Catholics seem to have given up on the throwing a fit part since the counter-reformation or so. Now it's just a mystery, or the Lord is using metaphoric language, or those who wrote it down didn't get it quite right. So when Genesis says there were trees with seed (at the earliest that would be the late carboniferous era, and even that's stretching it) before there was a sun created at all, well, the Lord was _actually_ saying there must have been some single-celled algae before the cloud cover first broke and the sun was visible.
I'm not kidding. If you listen to some of them, some verses in Genesis even describe the Theia impact. Of course, you wouldn't recognize it without being told where and how to mis-read it.
It's a more perverse setup, where falsifying it is akin to nailing jello to the wall. No matter what's written there, and how you think you finally have proof that all possible interpretations are plain old wrong, there comes the "but we're not literalists" blanket excuse and that's the end of it. If it says "black" there and you've measured it as white, well,the Lord of course meant "white" and was just metaphoric about it. So, natch, you haven't falsified it.
Of course, I also never got a good answer to "so what good is a book which really doesn't tell you anything you didn't already know? Because apparently to find X in it, you already have to know about X so you can read something as meaning X."
Actually, having actually used Win2K back in the day, it wasn't half bad if you put it into perspective. Win2K wasn't an upgrade to Windows 98. WinME was the upgrade to Windows 98. Win2K was the upgrade to Win NT 4.0.
And, really, I can't think of many things that worked worse in Win2k than on NT, other than the fact that Win2K needed more RAM. And speaking of devices and drivers, it was compatible with almost everything that used to work under NT (though not with anything that used to only work in the DOS part of '98), and it added support for USB that NT lacked completely until a much later patch, it added DirectX support, etc. Heck, it could even make a C: partition that's larger than 4GB, unlike the NT installer. (Note though: NT could install on a larger NTFS partition, if you formatted and partitioned the drive on another computer, it just couldn't make a new C: partition itself that was larger than 4GB.)
All things considered, for the actual product line it was a part of, i.e., as an upgrade to NT not to '98, I'd say Win2K was actually a huge step forward.
You don't seem to understand this newfangled "burden of proof" concept.
It's not my burden to prove the negative. Otherwise I could equally go "aliens live among us unless you can prove that they don't." If you want to claim that something exists, it's your burden to provide the evidence, not mine to check all nanny agencies and unions and make sure none of them have a policy to leave toddlers unsupervised.
IOW it's BS because it's unsupported. It's that simple. If you actually support the claim, sure, then it stops being BS.
And the same ought to apply to that slippery slope scenario. It's not my job to give you promises that it won't happen. If you think you can objectively make a case of that kind of thing happening, go ahead. Otherwise it's just another unsupported claim.
I think you told me all I wanted to know when your baseline for how much sense it must make is "any other caricature." Because that's really what it is. It's a caricature of a slippery slope scenario in which surely laws will be based on an over-simplification, and we can't possibly think in shades of grey or make exceptions where needed. And surely stuff like a bunch of women unionizing will all be an evil bunch who plan to leave toddlers unsupervised for the sake of making a point (and obviously don't fear lawsuits or laws either.) And surely it'll be as simple as some dictatorial agency kicking in your door, and/or someone actually can afford the lawsuits to prove that half the population's ordering more X than Y is discrimination and not taste preferences, and/or somehow that burden of proving a "mens rea" (evil intent) will no longer apply in court. And surely in a democracy over half of a country will vote to do that to themselves. (Oh, wait, you're in the USA, aren't you?;)
And, since that's where we started, that surely if we object to genetic testing as a reason to discriminate, it'll lead to that kind of a caricature of a distopian future. Because, I guess, once we started forbidding something, there's no way we can stop forbidding unrelated stuff.
I'm sorry, but that's exactly the problem: it's a caricature. Wake me up when you have an argument that actually applies to genetic testing and to what is, not on what surrealistically unrelated BS it might possibly lead to.
I'm not aware of any place which rounds upwards to the nearest hour, much less it being a uniform thing for unions generally. So I take it it's another of those BS extra assumptions needed to make the case for why unions are bad. Got any more around?
At any rate, I think it was libertarians who were into everything being solved by contract not by regulation. Surely you can inquire first hand if that fee is rounded up to integer hours or not, before hiring her.
But most importantly basically, she has to do unpaid overtime? If you demand extra work from her, she has to make the loss, but god forbid that it costs _you_ anything? WTF? Seriously. You preach at me that we're all employees and employers, but... what, you are more equal than her there?
Anyway, I'm pretty sure I wouldn't start looking for a new one.
Let's keep it simple this time: are you aware of such a situation where anyone anywhere was sued for changing their pizzeria, or ordering more Italian than Chinese? Or do you think that repeating the same falsehood three times somehow makes it true, like in Lewis Carroll's The Hunting Of The Snark?
IOW, if your support for discrimination hinges on such false scenarios -- as it usually tends to -- colour me unimpressed.
Aaand there's the third time.
Once you accept that she too is a human being, has a family, etc, and isn't there just as some accessory to your wellbeing -- a notion that sadly some nerds seem to have trouble understanding -- then, yes, it makes sense to worry about her work conditions too. Negotiate first. And I'm sure that if it happened once that you need her to stay some more, and it really is 10 minutes, you can agree to some compromise. If you need her to do several hours of overtime every day, now that's where I damn hope that the union has something to say.
Besides, I'm in a country where unions are everywhere (Germany) and contrary to the libertarian BS I hear from over the ocean, it didn't result in either bankruptcy or slavery yet. It also turns out that the unions aren't this evil thing hell-bent on causing disruption and preventing work getting done. Most of those people still want to work, it turns out. They don't want to be shafted, but that's a whole different issue.
More to the point, I'm not aware of any major union over here which flat out prohibits overtime and demans you exit the door on the exact minute. They might however ask for overtime pay. Especially if it happens regularly, and we're talking a lot more than 10 minutes.
But, again, once you realize that that nanny is a human being too, it might not be that hard to accept.
First of all, it's a non-sequitur, since I was talking about genetic testing. If you need genetic testing to realize that your barber is black, you have bigger problems :p
Second, even as one of those "but the employer has to discriminate because the customers might" excuses, it's a dumb one in this case. If you need a genetic test to determine something about an employee, then rest assured that the customers don't know that. If there was some big "I'm at risk of alzheimer's" sign on the guy's forehead to supposedly warn the customers off, you wouldn't need genetic testing to determine that in the first place.
Third, I'm not aware of anyone anywhere who was actually sued for switching a pizza shop or barber. Care to point out any actual cases? Or is it one of those BS over-the-top slippery-slope scenarios that some people seem to need to make their case for why shafting others should be ok?
Fourth, if you'd actually switch a shop because that barber has cancer (it's not contagious, you know?) or because genetic testing has found he's at slightly higher risk of Alzheimer's (ditto, you're not bacteria, you can't just absorb his deffective genes), then you're simply put a complete idiot. Genetic diseases are always non-contagious. It doesn't care if that guy shaved your beard, or handled the dough in your pizza, or even is your lover, you can't become infected with his genes or anything. We may not send the anti-discrimination authorities after you, but don't expect much support or respect there.
It could, and probably will, be worse. I can see this kind of thing used by companies when they're supposedly testing for drugs, and it'll just so happen that down the line there'll be some "restructuring" in which everyone who is slightly more probable to need sick days down the line is silently let go. And God have mercy on you if someone does a statistic to the effect of "people with gene XYZ show a 2% higher chance of depression / drug use / paedophilia / having problems with authority / whatever."
Aye, a few fans showing up with chainsaws and cries of "Blood For The Blood God!" would probabl be scary ;)
Nah, Monsanto will just announce their new business plan: sue every farmer who has these weeds on his field for patent infringement. That should keep 'em going for another 20 years or so :P
Well, by definition of "species" not everything can cross-pollinate with everything. Not any more than one could make a minotaur by screwing a cow ;)
But in practice it doesn't need to. These guys use agrobacteria to transfer those genes to plants in the first place. It's a genre of bacteria which can actually transfer genes between its own genome and a plant, e.g., to cause a tumour in which to reproduce. Incidentally, you can also load it with whatever genetic payload you wish to transfer, to create GM plant. But it can also transfer genes between wildly different species of plants on its own. And it's not like the GM guys invented it, it exists in nature around.
So I'm sure you can see how Monsanto's patented herbicide resistance genes can end up in a seed of some weed or another, transferred from their grain. So, yeah, eventually everything around might end up resistant.
Duh. He'll divert auxiliary power to the inertial dampeners. There is nothing in Star Trek that can't be solved by redirecting power there or with a strategically placed redshirt.
Hmm, now I wonder which of the two do they use when a toilet's clogged. I'm betting it's one of the situations where a redshirt dies. But diverting power to the look has a certain appeal too ;)
As you probably know already, virtually any CPU manufactured in the last years has some form or another of "no execute" flag. So someone could overflow your buffer all right, and... simply not be able to execute any code injected that way. And someone from the BSD gang could even add here that in their world they had a solution for that even before that.
And someone who is security-minded, since that was the thrust of the article anyway, will have used some C++ library or another that checks string bounds. Heck, it's trivial to write one yourself if you don't find one to your liking.
So being only 99% as vulnerable as before, well, still sucks.
In the end, the point isn't "Java sucks" or anything, but that basically the largest difference is in having your people be security minded. Between the team who programs in language X and is basically a bunch of paranoid pessimists who know that Murphy rules supreme and anything that can be broken will be broken, and the team who ploughs through language Y thinking the language alone lets them not bother with that kinda stuff, generally the former is the safest bet. Regardless of whether X = Java and Y = C++, or viceversa.
And knowing that about the prepared statements, or even that SQL injection can be a problem, well, that's already one step closer to the former.
I never said that Java sucks. But it seems to me like TFA has a point. You still need to educate your devs and take security seriously. There is no magic amulet that you can just put on and be immune from security problems.
Never underestimate incompetence. Sure, Java protects you against some kinds of buffer overflows (but then a couple of versions had such vulnerabilities in their native parts of the JRE instead), but it doesn't protect against any other kind of incompetence.
There are probably a few SQL injection vulnerabilities and an XSS exploit being written somewhere right now. And someone out there is writing a servlet which reads and writes files off the hard drive, but isn't checking the paths, so really you can request the registry of that machine or anything. Someone else is putting a confidential document in there, betting on no more security than that nobody will think to look in that directory. Someone else is configuring a Lucene indexing and search which can bypass any access controls and find it. Someone else is coding a remote admin backdoor in the client's site, because it makes supporting it easier. Someone else thinks the users never reach pages except by clicking on the provided links, so he actually never checks parameters, and you can substitute your own id with the admin's ID on the page to change your password. (I've actually seen that one in a big money B2B site coded by expensive consultants from a big corporation.) Someone else out there is running half the company on the same user ID and password, because they can't be arsed to get a different password for the secretary than for the CEO, or because dealing with the IT department to get one involves more bureaucracy than that Asterix episode. (Invariably when some employee which used that account leaves the company, that account doesn't get its password changed or anything.) Yet someone else packs data the user shouldn't see or edit in hidden input fields or uses XPaths for input field ids, and blindly trusts whatever he gest back in those fields. (Then wonders why the user accepted the price for a Fiat 600 but could change the car model to a Lamborghini;)) Etc, etc, etc.
And, ironically, the myth that C is more dangerous than "sweating" dynamite while Java is physically impossible to break, only generates complacency in QA and hiring even less qualified burger-flippers for Java. I've seen I R Java Dev types which didn't even know what an SQL injection was before seeing it demonstrated to them. On the production machine.
And worse yet, you see a bunch of them arguing online, that SQL injection and XSS vulnerabilities are harmless and unavoidable, that the supposed danger is only hype, and that asking them to fix it is just stupid. And at least one such article was even linked to by Slashdot in the past.
I'd be happy to even wave my dick at that employee, if he wants a clearer look. Sure, it's only average, but I'm not ashamed of that. Plus, you don't get an oportunity to flash a rentacop every day ;)
But I can see why some people would have an objection to that. For certain muslim fundies, showing yourself naked to strangers as a woman can be your own death warrant, for example. I wouldn't want to be the Saudi Arabian woman whose scanner picture ends up plastered all over the internet. And even in the west, probably most people would burst a vein if you told them that Joe Rentacop from the TSA spanked the monkey in the bathroom on his break after looking at their 7 and 11 year old daughters naked. Even if no image was stored.
It seems to me like there is no way around the fact that it does produce a naked image, and those guys get to look at it because the magical technology to just show the guns without needing an eye-scan of the body doesn't exist. And if that wasn't enough, they have a button to take a printout.
But yeah, you're right, the fact that they repeatedly lie about it, is what gets my goat the most. I keep hearing how it'll blur stuff, or how verily nobody will even see more than a stick figure of you, but then it turns out that the picture someone had posted on the Internet had some pretty clear breasts and didn't look anything like an Order Of The Stick character either. Or the guy in this story clearly saw more than a stick figure with just the gun highlighted. It seems to me like they know that what those machines really do is unacceptable, or they wouldn't go to such lengths to lie about it.
Actually, the more such stories make the point that those guys really _are_ looking at people naked, the better for the public at large.
The things have been handwaved to the public as just some magical things that see explosives and guns and not much else, and their operators are 100% profesional and would do no such thing as looking for anything else than guns anyway. (In fact, one politician in Australia even claimed that they'll produce just stick figures with just the areas to be checked marked, and nobody would see your body at all.) And obviously if you're refusing to let them look at you that way, you're probably a terrorist and don't deserve to fly. (E.g., Muslim woman barred from flight for refusing body scan)
Now it turns out that they aren't just for explosives, and they aren't that professional.
And I mean there's not just this, but also the guy at Heathrow Airport who pressed the button to take a ghostly snapshot of a female coworker's body. She seemed pretty traumatized by it too and won't go anywhere near the machine any more, so maybe now we can also have some sympathy for the others who are scared of them.
Or the actor who discovered some female employees there looking at a printout of his scans, so he autographed it for them.
The sooner Joe Average gets the idea that these kinds of things happen, and no matter what some politician says, those people aren't saints, the better.
I guess the part where you were answering to a message about a family of clueless users must have confused me. I thought you were actually answering to that message ;)
But at any rate, take a chill pill. If you think I actually care that much about your omissions, you're really overthinking it.
Mainly because the current crop of Linux users are nerds. If the example Clueless family in my example exercised that level of caution, well, they wouldn't be clueless in the first place.
And if they were that cautious, they wouldn't get pwned in Windows either. I mean, it's not like that spyware crap was linked to from microsoft.com or anything.
The way they get pwned is more like:
Joe Clueless wakes up on a saturday morning, scratches his balls and goes to see if he has any email. Does he want herbal Viagra? Hmm, Jane has been faking too many headaches lately, maybe it couldn't hurt to at least look at the site. Just in case. Big fake UI popup tells him that he has 200 viruses on his system and needs to download and install the free Pwnage antivirus. Eeep, he doesn't want no nasty viruses on the computer he does his banking on, so let's hurry and do just that.
Next email tells him that the USPS couldn't deliver some package, and he has to run some attached executable to find out more details. Fuck, he wouldn't want to miss a package, so he dutifully does that.
Another emails tells him that the IRS wants something from him, so he does that again.
Next email tells him that hundreds of naked teenage babes are waiting for him at some .ru site. Well, Jane is out with the kid, maybe he has time to take a peek. Oh, he has to install this free dialer to see the pics. Well, sure, why not? He does that.
After clicking a bit around, another popup tells him that his computer has incriminating evidence against him and he needs to download and run this amazing browser history eraser. Teh oops. Jane might be pissed off if she sees porn sites in the browser history. Time to download and run this trojan too. He makes a mental note to complain about these browser devs who don't include that function already ;)
Meanwhile Jane comes back and wants to see which of her friends emailed her. That computer gets to add a cutesy minigame from an attachment, and another handy-dandy utility to remember her passwords, to its growing malware collection. While she's at it, she clicks on the www.i-pwn-u.ru link in another email to confirm her Paypal password again. She makes a mental note to whine about these idiots at Paypal who forget her password every other day and keep asking her to enter it again ;)
Little Timmy gets his computer time in the afternoon and gets his ass handed to him in multiplayer again. He googles for "counterstrike cheats" (or whatever game he's playing) and gets to some dodgy site where if you just download their keyboard and mouse driver, it can do a whole collection of FPS macros for you and make you play like a pro. (And also log the keypresses and send them back home, but they're not saying that.) Bweh-heh-heh, he'll show those guys in his clan who's teh uber-l337 FPS player.
Do you see any reason why in the same scenario they'd exercise caution about what they download in Linux, when they don't in Windows?
You have too much faith in the average user, if you think they'll configure and admin a whole PC instead of just buying a small appliance and forgetting that it's even there. And if you actually want them to configure and admin it _well_, now that's a whole other issue.
Actually, it seems like a reasonable assumption to me. Always code or design assuming the worst. Before you decide what hoops you make the user jump through to get his money online, assume that he's pwned in every imaginable way, that his firewall is mis-configured to be a digital goatse ;) and probably he's not even who he says he is. And he's probably trying to break your system too. Because sooner or later you'll have to deal with just that. Now what can you do to mitigate such a situation?
Basically you can divide people and design philosophies into a spectrum between:
- optimistic: they expect the best possible outcome. They just know it'll be all right. The world is nice, the users do exactly the click sequence they've been told to, and his functions only receive exactly the right input.
- pessimistic: they expect that Murphy's Law is actually a law of the universe, and if something could possibly go wrong without violating the laws of physics, it will. Actually the real serious pessimists don't even exclude the laws of physics going wrong. They tend to have the speed of light as a variable ;) They also tend to bring a sweater or two along when going to the beach in Florida in August. And they just know that some bastard out there will feed their program the wrong input, or will have his password stolen by a keylogger and then sue when he finds his account empty. They tend to rarely be disappointed in those expectations, actually.
Personally I like my programs and processes designed by the latter. And it seems to me like this is what those banks are doing. They're for a change starting from the worst possible scenario as an assumption. Nothing wrong with that.
I know that it's a sacred tradition to regurgitate fanboy oneliners without thinking, but in this case
1. it was even in the summary that by now even home routers are targeted by the asshats. I fail to see how a hardened Linux PC helps there.
2. Actually, it seems to me like most zombie PCs nowadays don't come from port overflow attacks any more, but because of users clicking on spam links, re-entering their bank password on some www.i-pwn-you.ru site (fictive address for example sake) because the email told them to, and installing crap.
I'm not sure how Linux would help there at all. You do know that you can download and install rootkits for Linux too, right? In fact even the term rootkit comes from the Unix world, not from Windows. What's to keep an asshat from making their rootkit masquerade as a cutesy Linux screensaver instead of a cutesy Windows screeensaver?
If user clue remains a constant, meet the Clueless family, a white suburban family whose only knowledge of computers is that the nice guy at the shop said they need the most expensive one: you'll still have Joe Clueless opening executables he received in spam mails. And his wife Jane Clueless confirming her Paypal and eBay password the fourth time this week alone, and none of them was on paypal.com or ebay.com. And downloading and installing some piece of spyware masquerading as some cutesy utility or casual game. And their son, Timmy Clueless installing what some dodgy site told him is some hack to see through walls in Counter-Strike. And of course it needs to be installed as root, in fact as a kernel module. So punkbuster (or equivalent) can't detect it, you know? *nudge* *nudge* *wink* *wink* Know what I mean, eh?
Just as they're not deterred by Windows popping up a big fat windows asking them if they really want to install stuff, they won't be deterred by whatever hoops your favourite Linux distro makes them jump through either. If they have to su -, they'll su -.
End result: they're still pwned.
If that's the case, yes, probably that's the best course of action.
But, again, I'd advise making sure first that it's not simply the Dunning-Kruger effect. The paradox there is that while the least competent people overrate their competence (and that is the most publicized aspect,) the more competent ones tend to underrate themselves. So basically you can jolly well have the impression that you've been going up to a peak and down again ever since, when in reality you're only going up.
But I don't presume to diagnose something like that from one message. You're the best suited to judge if really you're any worse, or you've just moved on to more complex solutions, or maybe just you've got higher standards for what counts as a "good solution" to come up with.
I know _I_ in my teen years thought I was a freaking genius for coming up with some solutions that nowadays I'd consider submitting to the Daily WTF. Both then and now I was coming up with "good" solutions, but what I judged "good" back then isn't even near what I'd judge "good" today. Of course it took less time and effort to come up with those.
Plus, the problems in those times tended to be simpler too. I was so proud I could burst when I wrote a program over 10,000 lines long. But just as I was turning 30 I was writing code for a program 1,000,000 lines long. (Not alone, obviously.) And that's not even among the largest out there. But already the kind of write-only hacks that worked for a 10,000 line program that I could hold completely in my head and know exactly what line to fix if something broke, would have been unmaintainable in a 1,000,000 line program. Both were, for their time, full of "good solutions", but the latter also had to include a lot of design and refactoring and patterns to just be able to find our own arse with a map and a compass when it came to changing something. Now you could no longer do that "good solution" in 10 minutes by just splattering it wherever in the code, and topping it off with a "goto" to boot. Now you had to also think about how it fits in the framework.
Actually, there is no evidence I'm aware of that programmers actually get worse with age. Or any other brain jobm, for that matter. The earliest peak I've seen in actual statistics curves is at 35 for scientific inventions, _but_, here's the important part, it doesn't mean it drops to zero afterwards or anything. The bell curve still has a ways to go. Only around the mid-50's it actually became "only" as high as when fresh out of college. In other domains it essentially only started to drop off when death started to take its toll.
So basically all you illustrate is a case of prejudice "confirming" prejudice, in a lovely example of the begging the question fallacy. (A.k.a., circular logic.) An age limit which is there only because of unsuported age-ism, is taken as proof that that age-ism is right. Basically in the same ways a witch trials were taken as evidence that witchcraft objectively exists.
Plus, there's the ever popular DunningKruger effect. When measured by someone who is still ignorant enough to have realized how much they still have to learn -- be it the stereotypical PHB whose sole competence (ever or any-more) are pr jobs in IT-for-managers ragazines, or the kind of young un' who thinks he's the greatest ever for writing his first 2000 line write-only program -- then yes, experience seems overrated.
But if you have any actual statistics, I'm all ears.