"Most people don't care about the browser. They'll just use whatever is easiest. If IE comes with the computer it's what they'll use. John Q Averageuser doesn't care about the politics or rhetoric behind Firefox or the security issues associated with IE. (S)He just wants to buy a new set of hubcaps on eBay"
Blah, blah, blah, let's continue to insult joe sixpack to show how technical we are, blah, blah, blah.
The average user gets infected by a virus, can't use their computer, and either has to pay loads of money to get it fixed, or can't access the web anymore.
Do I care? Not likely. Anyone I think is important enough not to have that happen to them, is using Firefox anyway. Problem solved. And you can continue trying to convert the proverbial sixpack family if you like, but whining that they won't use it until it's installed by default on Dells is just irrelevant. People download winzip and winamp and the MS-Office crack, and a ton of other software just as soon as they get a computer, and you think they're going to baulk at downloading a decent browser?
"I think Mozilla's biggest problem is their marketing strategy, or lack thereof."
www.spreadfirefox.com is the marketing campaign, whom you might remember from such features as "raising $250000 in a month from donations and buying a NYTimes advert" covered recently.
The marketing probably won't be as obvious as companies which pour that much money into advertising every month, but it's doing okay for a non-profit foundation.
The people who use it (i.e. everyone technical) probably helps too, as they tend to recommend it at every opportunity.
"Given that someone on MSDN said that Microsoft is seriously looking at developing a new standalone version of Internet Explorer, don't be surprised that before 2004 ends Microsoft will announce the public beta of Internet Explorer 7.0. 1. Much tighter security. 2. Multi-level ad blocking (that includes blocking Flash and Shockwave animations in addition to pop-up and pop-under blocking). 3. Tabbed browsing. 4. Full Sidebar controls. 5. Totally redesigned toolbar."
And let me guess, the people who use Microsoft will wait another year for this mythical program, rather than getting something Free which shipped yesterday?
" You insensitive clod! What if i'm on a 300 baud acoustic coupler?"
Then this slashdot article would have taken 83 minutes to load (at a comment limit of 3), yet you posted a reply 47 minutes after the article appeared. Assuming you refresh the front page constantly, you can do so every 24 minutes, which means that on average you'll have seen the story 12 minutes after it appeared, giving you only 35 minutes to reply.
So if you are on a 300-baud modem, then you must be in the same room as the slashdot server. Since your UID is not much more than your bandwidth, that may well be possible.
I thought slashdot's bandwidth was higher than that though...
"Well, I know I will get hit hard for this but have to bring it up.... What about the flood written about in the bible, in ancient writings of India, written about by the ancient peoples of middle america and in many other old cultures? Could this have been it? Could they have all drown?"
"Let's try this again: * What is Zope * What does it do?"
Zope is a web-app framework.
It allows you one of those rare moments where your boss can't quite tell whether you're taking the piss, or whether he's completely lost it with regards to technology.
"If they want the treaty to be approved it has to treat everyone the same, this one doesn't."
Stop moaning about details -- every country listed except yours and australia has agreed to reduce their CO2 emissions, and most of them are well on the way to doing so. The countries which have taken this step are reducing the amount of pollution in the air, which we hope, has great benefits worldwide.
Some people are doing their bit to help the pollution problem. Others are busy finding excuses.
"A small coloring book of images from the Abu Ghraib prison in Iraq."
I know it's already appeared on slashdot, but this hallowe'en costume was a real w.t.f.?!? moment...
Re:Solution: You authorise the bank first
on
Fishing for Phishers
·
· Score: 2, Insightful
"What the hell has secure-email delivery got to do with it? Unless the phishers have somehow gotten hold of an email from your bank to you, they wont know your phrase, simple as that."
Okay, and how do the spammers get somebody's email address to start with? Oh yes, a virus emails the contents of their inbox to a russian server"
Along with your special code.
And don't pretend that you can just secure your computer -- there have been 5 major windows viruses already this year, and as far as I can tell, nearly every windows user I know has been infected.
As to secure delivery, have you noticed the number of people buying wireless networking kit? Most of those people are transmitting their POP and IMAP connections in cleartext to anyone within range. Dumpster-diving doesn't even require getting dirty any more.
A code could work well, I admit. But it might need some small changes, such as sending a numbered list of codes in the mail, and writing something like "this is email #403 from us and code 403 is blah" in each email. But anything which relies on computers, inboxes, and emails being perfectly secure starts to sound like a bad idea when you mix it with banking.
"Why not give consumers one time access (through pads)?"
Ok, look at the story from the perspective of a real-world bank, rather than a mythically secure one.
There's a bank in the UK called cahoot (part of abbey national) which offers one-time credit cards that you can use over the internet. For those of us who use the same card for foreign pr0n sites, that sounds quite useful, right?
That's the smart bit. That was the good idea. Their security goes downhill for the rest of the story.
It's an unencrypted website, and the browser requirements are Internet Explorer 5 or later. From their email: "If you are using Netscape 6.0, you will not able to use the cahoot webcard". So, they require a known-insecure browser. I'm starting to have bad feelings already about their lack of clue.
To use the 'webcard' facility, you need to have Flash installed. The web-form isn't HMTL, it's flash. As most of us know, the encryption status of plugins on a page won't show-up in the padlock icon. Nor will it show-up when looking at the page's certificate.
In fact, their pages open in a new borderless window, so the security information, menus, and tools in your browser just aren't available. And like all popups, you have no real idea which website launched it. There's no URL bar, so even if you're using a non-Microsoft browser where the URL is trustworthy, you won't see it. It's a full-page flash animation, so no right-click menu to check who the page is.
Alternatively, you can download special software to access their website. "Currently, the cahoot webcard download software is not compatible with computers running Unix or MacOS." Uh-huh. Not compatible with MacOS? I think you misspelled "REQUIRES WINDOWS XP WITH IE6"
Oh, if you want a good laugh, email customer services. They have an email disclaimer like this: Internet communications are not necessarily secure and may be intercepted or changed after they are sent. cahoot does not accept liability for any such changes. If you wish to confirm the origin or content of this communication, please contact the sender using an alternative means of communication."
Phishing alert anyone? Even the bank itself acknowledges that their internet-security is non-existant, yet they still use it!!! I think it was the cheek of demanding that their users take responsibility for their lack of security which astounded me.
Re:Solution: You authorise the bank first
on
Fishing for Phishers
·
· Score: 4, Insightful
"When you sign up, the bank asks you for your 'personalised code', and that will be displayed in every email you recieve from the bank. If you dont see that code in your email, or it's wrong, you know its fraudulent."
And this code would be sent through which secure email-delivery system exactly? Plaintext SMTP on the internet, like all the other emails from your bank?
Hell, banks don't even sign their emails. Many of them don't even know what PGP is. How many of us have had conversations with our banks along the lines of:?
You: I just got an email purporting to be from you
Bank: Yes, that's right
You: So how do I know it's real without phoning you
Bank: Because it's got our name in the From field
You: Did you ever consider signing your emails
Bank: OUR INTERNET IS SECURE, WE USE HTTPS WEBSITE!!!
"The rules of engagement become tricky in a "war on terror", where the opponent looks like any other civilian and aren't afforded the normal protections of the Geneva Convention. See "enemy combatant" and Guantanamo."
Out of interest, what part of the Geneva Convention doesn't apply to ununiformed troops?
As I understand it, there may be some distinction between people who openly carry weapons and those who don't, but it's not "well we don't know what to do now so we'll ignore the whole Geneva Convention" as it seems to have been interpreted by the American newsreaders.
Re:Some humour from the past I enjoyed...
on
Humor in Games?
·
· Score: 1
"Wasn't there one called "Deer's Revenge" where the deers go around with high-powered rifles/scopes and shot hunters?"
In Myth2, there was a 'hidden' level (the long-awaited drinking party) where you and a group of pissed-up poachers go out to kill deer with blunderbusses. Problem is, the deer are (a) explosive, and (b) run towards you. I never managed to finish that level...
You reach the level by going out of your way to kill 3 frogs with grenades. Which is, apparently, the only reliable way to kill frogs.
Thing is, everyone in a vaguely "secure" workplace knows that neither the BSA nor the FSF, will ever be able to audit them for illegal software. Given that, what chance is there that any military user gives a shit about what the software author wants or what the license says?
From the article: You will never be without your favourite music with ZEN MICRO. Squeezed into its micro-sized casing is the capacity to store an astounding 2,500 songs on its 5GB hard drive (1)
From the footnote: (1) 2500 songs at 64kbps WMA. 1250 songs at 128kbps MP3. 1 GB = 1,000,000,000 bytes. Available capacity will be less. Reported capacity will vary.
We hear: (1) We're misleading. We're misleading. We're using incorrect units. We're blantly lying about the size. Your computer might know we're lying.
"More importantly, does it work with OggVorbis? Apparently not."
I have the Zen (non-mini) if that gives any indication of past performance, and it seems to like MP3s.
Although with Creative's usual multi-gigabyte driver for this, you'd imagine that it would offer more features than just "copy MP3s, unreliably"
Don't expect to syncronise between machines (only one license to install the driver on one machine), or to synchronise with anything not running Windows.
Slashdot Mirror
"Most people don't care about the browser. They'll just use whatever is easiest. If IE comes with the computer it's what they'll use. John Q Averageuser doesn't care about the politics or rhetoric behind Firefox or the security issues associated with IE. (S)He just wants to buy a new set of hubcaps on eBay"
Blah, blah, blah, let's continue to insult joe sixpack to show how technical we are, blah, blah, blah.
The average user gets infected by a virus, can't use their computer, and either has to pay loads of money to get it fixed, or can't access the web anymore.
Do I care? Not likely. Anyone I think is important enough not to have that happen to them, is using Firefox anyway. Problem solved. And you can continue trying to convert the proverbial sixpack family if you like, but whining that they won't use it until it's installed by default on Dells is just irrelevant. People download winzip and winamp and the MS-Office crack, and a ton of other software just as soon as they get a computer, and you think they're going to baulk at downloading a decent browser?
"I think Mozilla's biggest problem is their marketing strategy, or lack thereof."
www.spreadfirefox.com is the marketing campaign, whom you might remember from such features as "raising $250000 in a month from donations and buying a NYTimes advert" covered recently.
The marketing probably won't be as obvious as companies which pour that much money into advertising every month, but it's doing okay for a non-profit foundation.
The people who use it (i.e. everyone technical) probably helps too, as they tend to recommend it at every opportunity.
"Is it possible that Bush will appoint a more conservative replacement for Ashcroft?"
And where exactly would you find someone more conservative than Ashcroft? (yeah I know, we just captured someone in Iraq who's a possibility)
"Given that someone on MSDN said that Microsoft is seriously looking at developing a new standalone version of Internet Explorer, don't be surprised that before 2004 ends Microsoft will announce the public beta of Internet Explorer 7.0.
1. Much tighter security.
2. Multi-level ad blocking (that includes blocking Flash and Shockwave animations in addition to pop-up and pop-under blocking).
3. Tabbed browsing.
4. Full Sidebar controls.
5. Totally redesigned toolbar."
And let me guess, the people who use Microsoft will wait another year for this mythical program, rather than getting something Free which shipped yesterday?
" You insensitive clod! What if i'm on a 300 baud acoustic coupler?"
Then this slashdot article would have taken 83 minutes to load (at a comment limit of 3), yet you posted a reply 47 minutes after the article appeared. Assuming you refresh the front page constantly, you can do so every 24 minutes, which means that on average you'll have seen the story 12 minutes after it appeared, giving you only 35 minutes to reply.
So if you are on a 300-baud modem, then you must be in the same room as the slashdot server. Since your UID is not much more than your bandwidth, that may well be possible.
I thought slashdot's bandwidth was higher than that though...
"Well, I know I will get hit hard for this but have to bring it up....
What about the flood written about in the bible, in ancient writings of India, written about by the ancient peoples of middle america and in many other old cultures? Could this have been it? Could they have all drown?"
How recent do you think this was?
"I lie... I dont tell the exit pollers who I voted for
But why is it only the places with electronic voting machines where the numbers are so skewed, and the places with paper polls look reasonable?
Do you only lie to the exit-pollers if you've voted electronically?
"Let's try this again:
* What is Zope
* What does it do?"
Zope is a web-app framework.
It allows you one of those rare moments where your boss can't quite tell whether you're taking the piss, or whether he's completely lost it with regards to technology.
him: What technology are you planning to use?
you: Zope and Python.
"If they want the treaty to be approved it has to treat everyone the same, this one doesn't."
Stop moaning about details -- every country listed except yours and australia has agreed to reduce their CO2 emissions, and most of them are well on the way to doing so. The countries which have taken this step are reducing the amount of pollution in the air, which we hope, has great benefits worldwide.
Some people are doing their bit to help the pollution problem. Others are busy finding excuses.
"A small coloring book of images from the Abu Ghraib prison in Iraq."
I know it's already appeared on slashdot, but this hallowe'en costume was a real w.t.f.?!? moment...
"What the hell has secure-email delivery got to do with it? Unless the phishers have somehow gotten hold of an email from your bank to you, they wont know your phrase, simple as that."
Okay, and how do the spammers get somebody's email address to start with? Oh yes, a virus emails the contents of their inbox to a russian server"
Along with your special code.
And don't pretend that you can just secure your computer -- there have been 5 major windows viruses already this year, and as far as I can tell, nearly every windows user I know has been infected.
As to secure delivery, have you noticed the number of people buying wireless networking kit? Most of those people are transmitting their POP and IMAP connections in cleartext to anyone within range. Dumpster-diving doesn't even require getting dirty any more.
A code could work well, I admit. But it might need some small changes, such as sending a numbered list of codes in the mail, and writing something like "this is email #403 from us and code 403 is blah" in each email. But anything which relies on computers, inboxes, and emails being perfectly secure starts to sound like a bad idea when you mix it with banking.
"Why not give consumers one time access (through pads)?"
Ok, look at the story from the perspective of a real-world bank, rather than a mythically secure one.
There's a bank in the UK called cahoot (part of abbey national) which offers one-time credit cards that you can use over the internet. For those of us who use the same card for foreign pr0n sites, that sounds quite useful, right?
That's the smart bit. That was the good idea. Their security goes downhill for the rest of the story.
It's an unencrypted website, and the browser requirements are Internet Explorer 5 or later. From their email: "If you are using Netscape 6.0, you will not able to use the cahoot webcard". So, they require a known-insecure browser. I'm starting to have bad feelings already about their lack of clue.
To use the 'webcard' facility, you need to have Flash installed. The web-form isn't HMTL, it's flash. As most of us know, the encryption status of plugins on a page won't show-up in the padlock icon. Nor will it show-up when looking at the page's certificate.
In fact, their pages open in a new borderless window, so the security information, menus, and tools in your browser just aren't available. And like all popups, you have no real idea which website launched it. There's no URL bar, so even if you're using a non-Microsoft browser where the URL is trustworthy, you won't see it. It's a full-page flash animation, so no right-click menu to check who the page is.
Alternatively, you can download special software to access their website. "Currently, the cahoot webcard download software is not compatible with computers running Unix or MacOS." Uh-huh. Not compatible with MacOS? I think you misspelled "REQUIRES WINDOWS XP WITH IE6"
Oh, if you want a good laugh, email customer services. They have an email disclaimer like this:
Internet communications are not necessarily secure and may be intercepted or changed after they are sent. cahoot does not accept liability for any such changes. If you wish to confirm the origin or content of this communication, please contact the sender using an alternative means of communication."
Phishing alert anyone? Even the bank itself acknowledges that their internet-security is non-existant, yet they still use it!!! I think it was the cheek of demanding that their users take responsibility for their lack of security which astounded me.
"When you sign up, the bank asks you for your 'personalised code', and that will be displayed in every email you recieve from the bank. If you dont see that code in your email, or it's wrong, you know its fraudulent."
And this code would be sent through which secure email-delivery system exactly? Plaintext SMTP on the internet, like all the other emails from your bank?
Hell, banks don't even sign their emails. Many of them don't even know what PGP is. How many of us have had conversations with our banks along the lines of:?
You: I just got an email purporting to be from you
Bank: Yes, that's right
You: So how do I know it's real without phoning you
Bank: Because it's got our name in the From field
You: Did you ever consider signing your emails
Bank: OUR INTERNET IS SECURE, WE USE HTTPS WEBSITE!!!
"At one point he held in his hand the five memory cards containing all of his precinct's votes"
Okay, has anyone here ever seen an illusionist?
Do any of those people believe that this method is secure from such a person?
"The rules of engagement become tricky in a "war on terror", where the opponent looks like any other civilian and aren't afforded the normal protections of the Geneva Convention. See "enemy combatant" and Guantanamo."
Out of interest, what part of the Geneva Convention doesn't apply to ununiformed troops?
As I understand it, there may be some distinction between people who openly carry weapons and those who don't, but it's not "well we don't know what to do now so we'll ignore the whole Geneva Convention" as it seems to have been interpreted by the American newsreaders.
"Wasn't there one called "Deer's Revenge" where the deers go around with high-powered rifles/scopes and shot hunters?"
In Myth2, there was a 'hidden' level (the long-awaited drinking party) where you and a group of pissed-up poachers go out to kill deer with blunderbusses. Problem is, the deer are (a) explosive, and (b) run towards you. I never managed to finish that level...
You reach the level by going out of your way to kill 3 frogs with grenades. Which is, apparently, the only reliable way to kill frogs.
"That's interesting, because the last time I installed firefox, it required a clickthrough acceptance of the GPL"
while Mandrake Linux has a click-through non-GPL license... reminds you of certain other operating-systems...
So, you're saving up for something special, huh?
Yep, had my eye on a turnip for quite some time now
A turnip?
Not just any turnip. The world's biggest turnip.
Uh-huh. So what will you do - eat it?
You don't just eat the world's biggest turnip.
What, you make a wish on it or something?!?
"If you don't want a piece of code you wrote to be used in a certain way, then license it in a way that takes that into consideration."
Military... observing software licenses... nice one!
Thing is, everyone in a vaguely "secure" workplace knows that neither the BSA nor the FSF, will ever be able to audit them for illegal software. Given that, what chance is there that any military user gives a shit about what the software author wants or what the license says?
From the article:
You will never be without your favourite music with ZEN MICRO. Squeezed into its micro-sized casing is the capacity to store an astounding 2,500 songs on its 5GB hard drive (1)
From the footnote:
(1) 2500 songs at 64kbps WMA. 1250 songs at 128kbps MP3. 1 GB = 1,000,000,000 bytes. Available capacity will be less. Reported capacity will vary.
We hear:
(1) We're misleading. We're misleading. We're using incorrect units. We're blantly lying about the size. Your computer might know we're lying.
"I do want to report that my Nomad Zen Xtra Jukebox works great with Linux if you use the the gnomad2 program."
sudo apt-get install gnomad2
Password:
Reading Package Lists... Done
Building Dependency Tree... Done
E: Couldn't find package gnomad2
I also seem to remember that it wouldn't compile on Mandrake 9 or Mandrake 10. Is there a trick to installing it?
"Why waste the time for OggVorbis support? So that the 0.0005% consumers who use it can be happy?"
Ok, go ask 200000 people about their preferred music format, and if even two of them say OGG, you're lying.
"More importantly, does it work with OggVorbis? Apparently not."
I have the Zen (non-mini) if that gives any indication of past performance, and it seems to like MP3s.
Although with Creative's usual multi-gigabyte driver for this, you'd imagine that it would offer more features than just "copy MP3s, unreliably"
Don't expect to syncronise between machines (only one license to install the driver on one machine), or to synchronise with anything not running Windows.
"Surely there should be a solution to this."
Well yeah...
"I'd like an email client that automatically runs programs which were sent to me by email"
Is it just my imagination, or is that an utterly retarded way for an email client to behave?
"4) An anonymous non-smoking bystander breathes some of the remaining nicotine that the user expelled a few moments.
5) Some of the nicotine is deposited in his lungs against his will."
6) Both people leave and drive home, poisoning hundreds of cyclists against their will.