I think we're mostly agreed... I prefer open-source for the reasons you outlined.
I feel that closed-source, proprietary releases can be a little scary and I wish that more commonly used software was truly open.
You say "Inability to Control = No Provable Security". I agree completely. Trust isn't about proof, you're simply BELIEVING that the controller of the source knows what they're doing, has your security in mind, and is on your side.
If you a trust a source completely, you don't need provable security. If you've been burned before and are unlikely to trust, you'll want more control because you he no confidence in the "security" that they say it has.
Sometimes you can't afford to control, and you're willing to trust someone, even if it's only a little bit of trust.
By the way, I definitely used to trust Apple more than I do now -- I now trust them with few things.
IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.
This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security. Depending on who it is and what their experience is, I often prefer to trust.
Regardless, one of the big issues that I've seen in this area is that although yes, you CAN jailbreak iPhone or install custom firmware on whatever device you want, you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store. They want to leverage the existing distribution network for the product and application distribution for software packages. They want to piggyback off the commercial world with minimal development effort and cost. What you're proposing a better model from a secure perspective, but is massively more expensive.
I noticed this recently when whiteboarding at work: I can see the bright yellow marker on the whiteboard clearly as can be (it really stands out) but my co-workers can barely see it unless they're within a few feet and even then, they're squinting. I can read it from across the room.
I was trying to figure out why this was and had no idea. Any thoughts?
I get this all the time from my software engineer coworkers trying to resolve problems. They notice something that seems unusual and they also note a decrease in performance. They assume that the one caused the other immediately without any other reason and then spend hours trying to resolve the unusual condition that they first saw. It's amazing how often the unusual condition is completely unrelated. In fact, it seems like when something goes wrong, it's easy to spot a whole bunch of problems in your configuration even though none of them are causing the problem.
For developing interfaces that let "grandmas" out there do things easily, the workflow shouldn't necessarily be tied to a mouse OR a keyboard. I've been using Quicksilver under Mac OS X and I've been pleasantly surprised that I can use my keyboard (it uses a hotkey to start the application) and start typing "itunes" or "safari" or whatever and the appropriate application can be loaded. It's fast, it's easy (despite the fact that I don't use my mouse), and it seems easy to learn. Maybe there's a linux equivalent in use currently, but it seems trivial to build something like this that would allow you to type " install ". I fail to see how mouse clicking is better than this.
However, the lack of options that I have when installing Windows applications as a "power user" is aggravating. I'd much rather have my command line apt-get (or even better, emerge!) in addition to some front-end like I've described above.
P.S. I'll also mention that I don't tend to run Safari or iTunes using Quicksilver since there's an even easier way to run these (drag the mouse to the appropriate icon on the screen). However, for programs that aren't on the OS X dock or for running complicated commands, Quicksilver is very appropriate.
Once when I was in Hawaii, on the island of Kauai, I met a mysterious old stranger. He said he was about to die and wanted to tell someone about the treasure. I said, "Okay, as long as it's not a long story. Some of us have a plane to catch, you know." He stared telling his story, about the treasure and his life and all, and I thought: "This story isn't too long." But then, he kept going, and I started thinking, "Uh-oh, this story is getting long." But then the story was over, and I said to myself: "You know, that story wasn't too long after all." I forget what the story was about, but there was a good movie on the plane. It was a little long, though.
The more advanced and complex our communication systems get the more confusing and time-consuming and frustrating it becomes to communicate. It's odd how many people I know that will send emails to people, or chat online, but barely talk to people in person -- or at least with any real depth. The more "advanced" our communication, the more time we spend dealing with all the problems of communication that crop up (spam, caller id spoofing, junk mail, etc.)
I know this whole group of people who are barely seen by other people and do nothing but communicate with random people from all over the world on a website.
The picture on this page http://www.novinit.com/plan_uk.html shows that they started with $45M but on the main Jackito-TDA site, it says $50M! http://www.jackito-pda.com/about_us/who_we_are.php
This combined with numerous typos sufficiently scares me away...
Actually, if you look in the "legal terms" they incorrectly spell Paypal as "PayPad". The legal terms also contain many other typos which leads me to think that this is completely bogus...
Slashdot Mirror
I think we're mostly agreed... I prefer open-source for the reasons you outlined. I feel that closed-source, proprietary releases can be a little scary and I wish that more commonly used software was truly open. You say "Inability to Control = No Provable Security". I agree completely. Trust isn't about proof, you're simply BELIEVING that the controller of the source knows what they're doing, has your security in mind, and is on your side. If you a trust a source completely, you don't need provable security. If you've been burned before and are unlikely to trust, you'll want more control because you he no confidence in the "security" that they say it has. Sometimes you can't afford to control, and you're willing to trust someone, even if it's only a little bit of trust. By the way, I definitely used to trust Apple more than I do now -- I now trust them with few things.
IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.
This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security. Depending on who it is and what their experience is, I often prefer to trust.
Regardless, one of the big issues that I've seen in this area is that although yes, you CAN jailbreak iPhone or install custom firmware on whatever device you want, you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store. They want to leverage the existing distribution network for the product and application distribution for software packages. They want to piggyback off the commercial world with minimal development effort and cost. What you're proposing a better model from a secure perspective, but is massively more expensive.
I'm red/green colorblind...
I noticed this recently when whiteboarding at work: I can see the bright yellow marker on the whiteboard clearly as can be (it really stands out) but my co-workers can barely see it unless they're within a few feet and even then, they're squinting. I can read it from across the room.
I was trying to figure out why this was and had no idea. Any thoughts?
I get this all the time from my software engineer coworkers trying to resolve problems. They notice something that seems unusual and they also note a decrease in performance. They assume that the one caused the other immediately without any other reason and then spend hours trying to resolve the unusual condition that they first saw. It's amazing how often the unusual condition is completely unrelated. In fact, it seems like when something goes wrong, it's easy to spot a whole bunch of problems in your configuration even though none of them are causing the problem.
If you want to sound a little pedantic, this logical fallacy has a name: Post hoc ergo propter hoc.
Why don't they teach logic at these schools?
For developing interfaces that let "grandmas" out there do things easily, the workflow shouldn't necessarily be tied to a mouse OR a keyboard. I've been using Quicksilver under Mac OS X and I've been pleasantly surprised that I can use my keyboard (it uses a hotkey to start the application) and start typing "itunes" or "safari" or whatever and the appropriate application can be loaded. It's fast, it's easy (despite the fact that I don't use my mouse), and it seems easy to learn. Maybe there's a linux equivalent in use currently, but it seems trivial to build something like this that would allow you to type " install ". I fail to see how mouse clicking is better than this.
However, the lack of options that I have when installing Windows applications as a "power user" is aggravating. I'd much rather have my command line apt-get (or even better, emerge!) in addition to some front-end like I've described above.
P.S. I'll also mention that I don't tend to run Safari or iTunes using Quicksilver since there's an even easier way to run these (drag the mouse to the appropriate icon on the screen). However, for programs that aren't on the OS X dock or for running complicated commands, Quicksilver is very appropriate.
Once when I was in Hawaii, on the island of Kauai, I met a mysterious old stranger. He said he was about to die and wanted to tell someone about the treasure. I said, "Okay, as long as it's not a long story. Some of us have a plane to catch, you know." He stared telling his story, about the treasure and his life and all, and I thought: "This story isn't too long." But then, he kept going, and I started thinking, "Uh-oh, this story is getting long." But then the story was over, and I said to myself: "You know, that story wasn't too long after all." I forget what the story was about, but there was a good movie on the plane. It was a little long, though.
:-)
From Jack Handy
The more advanced and complex our communication systems get the more confusing and time-consuming and frustrating it becomes to communicate. It's odd how many people I know that will send emails to people, or chat online, but barely talk to people in person -- or at least with any real depth. The more "advanced" our communication, the more time we spend dealing with all the problems of communication that crop up (spam, caller id spoofing, junk mail, etc.)
I know this whole group of people who are barely seen by other people and do nothing but communicate with random people from all over the world on a website.
Oh wait... damn ... nevermind
It's a rookery not a "colony" of penguins!!!
The picture on this page http://www.novinit.com/plan_uk.html shows that they started with $45M but on the main Jackito-TDA site, it says $50M! http://www.jackito-pda.com/about_us/who_we_are.php
This combined with numerous typos sufficiently scares me away...
Actually, if you look in the "legal terms" they incorrectly spell Paypal as "PayPad". The legal terms also contain many other typos which leads me to think that this is completely bogus...