Hogswash. Look, as long as you use "simple" in a general manner, it's going to include "easy-to-use" and "clean and spare design" and all that jazz. Most people can figure out an iPod quickly (compared to another MP3 player) and this means it is simple to use. Surely simplicity of use is a type of simplicity?
Your point is that it is not simple to design. That's totally fair. We can now state that the iPod is both simple and complex. That's because we don't have good definitions.
Seems like lots of people in this thread are confusing "simplicity" with "ease-of-use". A product can be complex, yet still easy to use.
This is the kind of foolishness I'm talking about. Are people "confusing" simplicity with ease-of-use or are the terms actually related? Depends on what you want to prove, doesn't it? If you want to say "the iPod is simple" then you can point out that in common English calling a device "simple" indicates it's probably easy to use. If you want to say "the iPod is complex" you can fall back on any number of alternative definitions or paradigms.
All of this proves one thing: this conversation has NOTHING to do with the iPod. It's just a bunch of people sitting around saying "simple means this" no "simple means that". It's become an argument about semantics instead of an argument about the nature of the iPod or any other product and that, more than anything else, is why I consider this to be such a badly-written article.
1. "Your very "it may be harder to find..." comment basically acknowledges and ignores the matter at the same time."
No, I didn't ignore it. I said there's more start up complexity, but less routine use complexity. you pick the Google services you want to use. That's complex because there isn't a good, hand-holding menu. Once you pick them, however, it's far, far simpler to use the 4 or 5 that you choose to use without having to be presented the other 10 or 15 you don't want to use every time you visit the site.
2. "I think by and large Google intends for the toolbar to be the 'portal' that Joel is looking for."
Of course they are. That's the point of the beta phase. Early-adopters who don't mind paying the fee (in complexity, not dollars) to try out new programs are the guinea pigs. I have no doubt that eventually Google will offer their services in a neater package. They are, I believe, just working hard to avoid the ugly clutter that is Yahoo! Just take a look at their personalized homepage (google.com/ig) that allows you to drag-and-drop your own content. Currently "content" is limited, but eventually you could have a homepage that offered you Docs & Spreadsheets, GMail, Google Pages, etc. according to your specifications.
Currently Yahoo! is sacrificing simplicity to throw everything at everyone. Google makes you look around for the features you want, but allows you to use them on an ad hoc basis. Eventually Google will tailor the "everything at everyone" to provide the best of both worlds.
Is Google simple? No. Google is deceptive. It hides all the complexity by simply showing one search box on the main page. The main difference, is that if you want to do anything else, the other search engines let you do it from their home pages, whereas Google makes you search through other, much more complex pages. Why aren't many of these just linked together? Why isn't Google a unified application? Why are there so many odd, apparently free-standing services?
This reminds of that inane "World of Warcraft is a horrible MMO" article we had a while back. Whenever something gets really popular - iPods, Google, Warcrack - you get the inevitable beacon of intellectual purity who sets up his or her own (usually off-the-wall) criteria/definition and proceeds to roast the most popular thing around. Hilarity (and potentially profit) ensues.
My favorite is the rhetorical questions: "Why are there so many odd, apparently free-standing services?" Maybe because it's simpler, dumbass. Sure, it may take you a bit longer to find a Google offering the first time. But once you find it, it's easy to find in the future. From my mail.google.com page I have convenient links to my docs and spreadsheets, my calender, and the other google offerings I use. As for the map and other options, Google is simply letting you pick your own services ala carte. Again: the set-up may be more complex, but the actual use is simple because you're not saddled with a million and one features you could care less about (which is the reason I ditched my first email account ever at Yahoo!).
But what it really comes down to is this: if you really want to make a serious criticism of X for not being Y, when everyone around you says X is the epitome of Y, then you need to define Y. Since you're using the term in an (apparently) unique way, you have to explain why your way makes more sense/is justified. Failure to define terms you are using in non-standard way reduces a potentially interesting conversation to mere whining and ranting.
If you're using the term "simplicity" to refer to a product in which the user model corresponds closely to the program model, so the product is easy to use, fine, more power to ya. If you're using the term "simplicity" to refer to a product with a spare, clean visual appearance, so the term is nothing more than an aesthetic description much in the same way you might describe Ralph Lauren clothes as "Southampton WASP," fine, more power to ya. Minimalist aesthetics are quite hip these days. But if you think simplicity means "not very many features" or "does one thing and does it well," then I applaud your integrity but you can't go that far with a product that deliberately leaves features out.
In sum - if you're one of the vast majority of people who associate "simplicity" with "ease of use" or "clean interface" than I have nothing to say and this article was a complete waste of your time. If you're some weirdo who thinks number of features is inherently inversely proportional to quality of product, then maybe this article is for you. Because we all know there are so many people out there who are just pacing the floor at nights trying to figure out a way to make a word-processor with fewer letters.
Really there's one good point in this entire article: even if 80% of your users only use 20% of the features, it's probably not the same 20%. So you can't cut 80% of the features and have a good product. And this is supposed to mean simplicity is out? First of all, only an idiot thinks simplicity is equivalent to fewer features. And even such an idiot would still have a point: Even if the area of overlap isn't 100%, you could (possibly) still cut your features to 40%, to 50% or to 60%. I'd say reducing features by 60 - 40% is significant.
I mean really, the point of his article was to tell us that if your program does less stuff that people want it do, they might like it less?
Devotees of simplicity will bring up 37signals and the Apple iPod as anecdotal proof that Simple Sells. I would argue that in both these cases, success is a result of a combination of things: building an audience, evangelism, clean and spare design, emotional appeal, aesthetics, fast response time, direct and instant user feedback, program models which correspond to the user model resulting in high usability, and putting the user in control, all of which are features of one sort, in the sense that they are benefits that customers like and pay for, but none of which can really be described as "simplicity."
That's right: "clean and spare design" can not be described as "simplicity". Gee, Joel, way to finagle the definitions of words to make them mean what you want them to mean.
How does this guy get linked to from Slashdot so often? Is he submitting himself, getting submitted, or having an affair with CmdrTaco? A lot of the articles are good, but this one is pure "look at me" Dvorak-esque flamebait.
To be perfectly honest, I think many a person from the early 20th century would be a little disappointed if they were suddenly transported forward to the current day. Although many things have changed, a great many other things have not or are at least recognizable equivalents of devices or activities present 100 years ago. Like toilets. In the age of the Internet is that really the best we can do?
I find that VBA makes running extremely simplistic simulations really easy in Excel. I also have been able to automate some pretty complicated spreadsheets that weren't really worth writing into a "real" program. It's not a replacement for real programming by any stretch of the imagination, but it's the reason I haven't been able to replace MS Office with OpenOffice.
I'll have to try this StarBasic and see how it works. (I hate the syntax of VBA, since I'm a java/c++ type guy myself, but the integration with Excel is amazing. One of the few things MS did well.)
Because usually it's obvious from the context that they are bringing a lot of additional baggage along when they use the term "natural". Consider the original quote that started this discussion:
Then again, the mischievious part of me wonders if we should just let this gentle version of natural selection run its course.
No we should not: 1) It would not be natural. It is man-made! 2) It is precisely the smarter, more intelligent people who have a propensity to become virtuality addicts.
Notice that in this case natural is being used normatively and not descriptively. It's not merely an adjective "this suitcase is man-made/artificial/non-natural, while this fern is naturally occuring", but it's actually even worse, there's an implicit (and entirely unjustified) value assertion as well. Natural is better.
My main problem is with the normative nature of the term "natural" in general use. My second problem is that I think that all human activities are natural (because we are natural) and therefore it makes sense to call a suitcase "man-made" or "artificial", but it does NOT make very good sense to call a suitcase "non-natural". Unless you're superstitious, everything is natural.
However, if you are trying to argue that the actions/creations of humans are natural because humans are natural, I would then ask you for an example of something "unnatural".
That's the whole point! There is no example of something "unnatural". So the whole term is a waste.
Almost all definitions are arbitrary but useful=) There's no reason a spectrum of light between two certain wavelegnths ought to be called "blue". It's arbitrary, but useful. I don't see why this makes the word "unnatural" useless.
Right, it's that it's both arbitrary (doesn't proceed logically from any axioms we need to accept) AND useless because nothing is unnatural (without superstition). Thus it's a useless term and (being arbitrary) there's no reason to keep it around. One could imagine a useless term that followed logically from some accepted axioms (and thus was non-arbitrary). Such a term might not be useful, but we can't get rid of it without throwing our axioms into question.
Want to try and define justice with the same restrictions? Euthyphro tried. By your logic, justice doesn't exist. If you're will to accept that, fine.
This is a colossally mis-aimed attack. I said that there's no way to call the actions or creations of humans non-natural. I never said they didn't exist. Why would I apply these "restrictions" to defining justice? I'm not trying to define anything. You may as well have asked me to garbiculate a froobernackle with those restrictions.
Also, my periodic table also has the word "natural" on it, referring to elements not occuring in nature. By your logic, my perdiodic table's is deistic or absurd.
Do you habitually use your periodic table of the elements as a guide to philosophy? The distinction of elements as "occurring in nature" or "only created by men" is a real and valid distinction. I just think that labeling that distinction as "natural" vs. "non-natural" is absurd. It doesn't follow that the entire table of elements is absurd, by the way, just that the attempt to use some arbitrary labeling from that table in a wider philosophical sense is absurd.
Alternately, perhaps I can persuade you to use the term "man-made" instead. While crows use rocks and monkeys use sticks, there's no evidence that either of these specifically created tools to accomplish their tasks....
Then you would be substituting a ridiculous and ill-defined mythological term with an arbitrary, but entirely useful, definition. If you were to do so I would shake your hand and say "thank you for using a well-defined term and abandoning that derelict myth".
On the other hand, like any other contentious issue, it is also possible to over-react to it. More specifically, some people completely fail to acknowledge that the degree of artificiality of a thing can be highly relevant.
No no no. It's not a question of over-reaction. It's a question of whether or not the term "natural" is well-defined. It's not. Therefore it's useless. I don't think you get any additional mileage by substituting "artificial". Please present me with a definition of artificial, then we can start to talk about it. Again: it's not a question of degree. It's a question of coherence.
I'm not saying "there's nothing different from hunter-gather activities" (natural) and playing MMORPGS (artificial). I'm just saying that the differences, and there are many, have NOTHING to do with natural/artificial. You seem to think that when I dismiss the "natural/artificial" distinction I'm equating the two. I can see how you might think that, but it's not what I'm doing. I'm simply saying "this distinction is incoherent". Do you see the difference?
However, we humans have a natural fear of most of those things that are dangerous items in the natural world (or, if not, we're taught to fear it or avoid it). Most humans don't jump off cliffs unless they mean to kill themselves.
Again, you're kind of proving my point. You're using the label "natural" but you're actually referring to an altogether different concept: newness. I'm happy to admit that some things that have been around forever (like cliffs) have possibly been better encoded into our genes than things that are only 1 or 2 generations old (like computer games) but the distinction has NOTHING to do with whether or not these things are "natural". You've made this plain yourself, since clearly the only relevant difference in your example is how long we've lived with these things, not whether or not they are artificial.
I am simply advocating a balanced view. My point is not that artificial items are necessarily bad, but that they can be.
I agree that your POV is more balanced. But you aren't really getting my point. It was never about balance. I'm not trying to say we should or should not be afraid of things that are artificial as opposed to natural. You see me as trying to bring balance to that discussion - I'm not. I'm criticizing the entire dichotomy. It's simply not a useful distinction to make because it's not a coherent one to make.
Cool!! So you mean I can safely smoke all the crack I want because it is natural?
You're kind of missing the point. The whole concept of "natural" is a giant cultural myth. There's this idea that things that there is a state of nature that is healthy, safe, happy, with flowers and rainbows. I'm not just attacking the characterization of games as un-natural, I'm attacking the whole stupid myth. It's the same as the old "noble savage" stereotype, but it's applied to the world around us instead of oppressed peoples. The result is the same, however. It's like people who get so caught up in how cute animals are that they forget they are animals.
So yeah, crack is natural. But you can't smoke it without ill effect because there's nothing safe about nature. (See? It's the concept of "natural" that I'm attacking again, not any specific application of it.)Gravity is natural too. Try jumping off a cliff. See how that works for you. Black holes are natural. If you ever have a chance, why don't you pop inside and have a look around one. I can't state this firmly enough: this naive belief in "nature" (as in "natural") is a ridiculous myth with no ratinoal basis in reality. Rattlesnkaes and bunny rabbits are both natural, and it's natural when the rattlesnake eats the rabbit
If you wish to look at these sorts of games from an evolutionary point of view, then you might consider that humans do not have any adaptations to deal with it appropriately since we have not been exposed to it for generation after generation... We possess no such mechanisms to inhibit abusive behavior such as this
1. This is a good point, but you are referencing the novelty (newness) of the games without any reference to an absurd cultural myth about what it means to be "natural". There's nothing unnatural about a new set of circumstances that creatures have to adapt too.
2. In my opinion there's more to evolution than genetics. There's also behavior. This doesn't contradict your point, but it does point out that we might not necessarily need genetic adaptations to cope with the changes to our environment. Behavioral adaptation may be sufficient (and would probably operate on a much shorter time scale).
The point I'm making is simple. There are no values to evolution other than survival. The "worth" of intelligence, from the standpoint of adaptability, is entirely contingent. Sometimes it helps, sometimes it doesn't. When it helps, great. When it doesn't, too bad. It's the same as, say, coloration. Sometimes green is better (say for hiding in leaves) sometimes brown is better (say for hiding in the dirt). Intelligent isn't inherently any better than stupid than brown is better than green.
Of course, intelligence has had a lot of use for us in the past in building tools, etc. But that's because, analagously, we've been living in a desert. The second it stops being conducive to survival, it stops being advantageous.
I would say you are being unnecessarily strict about the use of the word 'natural', in a way that is not informative nor useful in the real world. If everything is natural, what use is the word?
That's kind of the point. It's a useless distinction. I find that most of the time when people use the word "natural" they are refering to something man-made, but they are ALSO assuming some non-existent distinction between something made by people and that natural state of things. Trouble is, people (and their activities and creations) are part of the natural state of things.
In this frequently-used context it is useless. That's why I wish people would stop using it.
No, in the main the responses don't actually cover this. The subject I discuss is your inane assumption that 'if you know you are going to fail, you have no need to test'.
1. In general you shouldn't pretend to quote someone (using single quotes, double quotes, quote-tags, or italics) unless you are actually, you know, quoting someone. Otherwise it looks like you are trying to put words in their mouth. Which is not very persuasive.
2. The very first response (to the same point you replied to) addressed this directly:
A penetration test... is not about determining whether an attacker can get in, but how an attacker can get in.
I responded to this (valid) point with:
Fair enough. But in that case you should plug the obvious holes first (or at least try to). Otherwise the penetration test is going to tell you what you already know.
So you see we actually have covered this. I'm not trying to be a jerk here. I realize I could have been more polite. It's just frustrating when people jump into a discussion without even reading the first reply. This isn't some 1,000-post global-warming debacle with the layers and layers of inevitably overlapping flamewars that ensue; you just had to read the first response to realize that what you wanted to say had already been said. It's OK. It happens to the best of us. But the proper response is to realize your (minor) mistake. Not to compound it by:
a - making up pretend quotes to justify your case (see above)
or
b - throwing a hissy fit: Oh, fuck it. You are stuck on your asinine assumption and oblivious to it's irrelevance to the real world.
Then again, the mischievious part of me wonders if we should just let this gentle version of natural selection run its course.
No we should not: 1) It would not be natural. It is man-made! 2) It is precisely the smarter, more intelligent people who have a propensity to become virtuality addicts.1. Yes, it is natural. Humans are natural. Unless you are supposing some fundamentalist version of creationism or other ex-nhilo origin for our species, we're basically just smart monkeys. And our use of computers is no less natural than a monkey's use of a stick or a crow's use of a rock. There's no rational basis for calling the actions or creations of human beings un-natural without recourse to superstition.
2. What does intelligence have to do with anything? Evolution has no values. It's purely about survival, adaptation, and successful procreation. The notion that we can define intelligence is barely more coherent than the idea that people or their creations are non-natural. The idea that evolution cares about intelligence is, if anything, less coherent. If intelligence helps you make tools, then great. It's a positive adaptation. If intelligence ensnares you in addiction to those tools (an addiction that clearly hampers procreation to some degree) than guess what - intelligence ceases to be an advantageous trait. Now personally I don't think it makes sense to equate intelligence with a propensity to become virtual addicts. I'd say that shows a blatant lack of intelligence in a very basic sense: the ability to make rational decisions against our own urges. But even if there is such a correlation, evolution doesn't care.
If you have an obviously insecure network (social and/or technical) a penetration test is going to find the holes you already know about. Think about a penetration test as checking a bicycle inner tube for leaks. You inflate it, then submerge it and look for bubbles to spot a tiny leak. Obviously, if you have a 1" gash, you'd want to fix that first, or the gaping hole will mask any more subtle holes. Penetration testers look for a way in, not all the ways in.
It's just common sense. Before you inspect something do your best to fix it. Otherwise you're just paying someone a lot of money to point out the obvious.
Sounds like good old-fashioned aversion therapy. And I've got to say that it doesn't sound a whole lot healthier than the behavior it seeks to rectify. On the other hand, I guess when "take a walk" doesn't work and you have to fall back on "overdose on laxatives" you really know you have a problem.
Then again, the mischievious part of me wonders if we should just let this gentle version of natural selection run its course.
OK, it certainly doesn't say they get away with it 9 times out of 10. That's the impression you get from reading this and the many articles like it. So, while I think the 90% successful penetration may very well be close to the actual number, it's certainly NOT what the article says. I read too quickly.
However it doesn't exactly say that they get caught 9 times out of 10 either. Honestly the grammar is pretty bad, so it's a bit ambiguous. I mean, "nine times out of 10 we usually get caught..." WTF? Ron Burgundy anyone? "60% of the time it works all of the time."
However if you look at the quote closely, its says "nine times out of 10 we usually get caught when that one person says..." I think that what he is trying to say is that in the cases when they are caught it's usually (9 out of 10) because some person says "I need to call someone about what you're doing".
I guess I'm just asking why you'd do your own study when there are so many more out there. Any CIO who is competent at communicating should be able to assemble the various facts, statistics, and articles and present that to the board. It's smarter to say "this is how bad the market looks, this is about where we fit in, I saved us $xx,xxx by doing research instead of our own study, let's use $xx,xxx as the starting point for making some fixes".
Honestly - if a CIO can't do that, they should not be the CIO. And if, presented with that evidence, the purse-string holders still do not relent, then you may as well find a new job 'cause this one is run by idiots.
A penetration test (at least in the cyber realm) is not about determining whether an attacker can get in, but how an attacker can get in.
Fair enough. But in that case you should plug the obvious holes first (or at least try to). Otherwise the penetration test is going to tell you what you already know. 9 out of 10 companies fail to confront a vendor rep. Chances are your company would too. As a manager, you could get a lot more bang for you buck addressing that concern first and then calling in penetration testers.
Simply put: why waste money hiring professionals to point out where the obvious holes are? Spend the money when the holes aren't quite as obvious.
I guess I'm just saying that I don't think most of the 9 really need to pay a professional to self-identify. It should be pretty plain. I work in a small company of 25. It would be a waste to call in a penetration-tester right now because I know where we have holes. A lot of them. Until they are addressed - why call in someone externally?
I've been thinking about the article. It seems to me that such an abject failure to prevent a security breach could be more demoralizing than instructive. In most companies, the employees are not going to be security-savy, and they will not question a potential intruder. When the penetration test is successful everyone just feels stupid and slightly used. That's my guess at how the bank employees would react when the boss let them know that they got totally hacked.
Instead, for those bosses with less scruples, you'd probably get more bang for your buck by faking the penetration test. Hire some dude to try to get in, and arrange some employee to "catch" him. Then you get to circulate the news that you were successful because an employee did the right thing. I think the information would be just as instructive (always ask for outside confirmation of vendor reps), but instead of being depressing (you guys all failed to do the right thing) it could be empowering (it's easy to do the right thing, and one of you managed to do it).
Is penetration testing even worth the money for a system as obviously insecure as this one? If, as the article claims, these attempts succeed 9 times out of 10, then you don't need to pay for the penetration test to know your company will fail. Does a bank manager really need to pay someone to tell them the obvious? They should take some proactive steps towards security-enhancements first, and save the penetration testing for when they actually think they have a somewhat hardened system (social and technical) to penetrate.
Slashdot Mirror
The iPod is not a simple device.
Hogswash. Look, as long as you use "simple" in a general manner, it's going to include "easy-to-use" and "clean and spare design" and all that jazz. Most people can figure out an iPod quickly (compared to another MP3 player) and this means it is simple to use. Surely simplicity of use is a type of simplicity?
Your point is that it is not simple to design. That's totally fair. We can now state that the iPod is both simple and complex. That's because we don't have good definitions.
Seems like lots of people in this thread are confusing "simplicity" with "ease-of-use". A product can be complex, yet still easy to use.
This is the kind of foolishness I'm talking about. Are people "confusing" simplicity with ease-of-use or are the terms actually related? Depends on what you want to prove, doesn't it? If you want to say "the iPod is simple" then you can point out that in common English calling a device "simple" indicates it's probably easy to use. If you want to say "the iPod is complex" you can fall back on any number of alternative definitions or paradigms.
All of this proves one thing: this conversation has NOTHING to do with the iPod. It's just a bunch of people sitting around saying "simple means this" no "simple means that". It's become an argument about semantics instead of an argument about the nature of the iPod or any other product and that, more than anything else, is why I consider this to be such a badly-written article.
-stormin
1. "Your very "it may be harder to find..." comment basically acknowledges and ignores the matter at the same time."
No, I didn't ignore it. I said there's more start up complexity, but less routine use complexity. you pick the Google services you want to use. That's complex because there isn't a good, hand-holding menu. Once you pick them, however, it's far, far simpler to use the 4 or 5 that you choose to use without having to be presented the other 10 or 15 you don't want to use every time you visit the site.
2. "I think by and large Google intends for the toolbar to be the 'portal' that Joel is looking for."
Of course they are. That's the point of the beta phase. Early-adopters who don't mind paying the fee (in complexity, not dollars) to try out new programs are the guinea pigs. I have no doubt that eventually Google will offer their services in a neater package. They are, I believe, just working hard to avoid the ugly clutter that is Yahoo! Just take a look at their personalized homepage (google.com/ig) that allows you to drag-and-drop your own content. Currently "content" is limited, but eventually you could have a homepage that offered you Docs & Spreadsheets, GMail, Google Pages, etc. according to your specifications.
Currently Yahoo! is sacrificing simplicity to throw everything at everyone. Google makes you look around for the features you want, but allows you to use them on an ad hoc basis. Eventually Google will tailor the "everything at everyone" to provide the best of both worlds.
That's my prediction anyway.
-stormin
*sigh*
And from the other article:
Is Google simple? No. Google is deceptive. It hides all the complexity by simply showing one search box on the main page. The main difference, is that if you want to do anything else, the other search engines let you do it from their home pages, whereas Google makes you search through other, much more complex pages. Why aren't many of these just linked together? Why isn't Google a unified application? Why are there so many odd, apparently free-standing services?
This reminds of that inane "World of Warcraft is a horrible MMO" article we had a while back. Whenever something gets really popular - iPods, Google, Warcrack - you get the inevitable beacon of intellectual purity who sets up his or her own (usually off-the-wall) criteria/definition and proceeds to roast the most popular thing around. Hilarity (and potentially profit) ensues.
My favorite is the rhetorical questions: "Why are there so many odd, apparently free-standing services?" Maybe because it's simpler, dumbass. Sure, it may take you a bit longer to find a Google offering the first time. But once you find it, it's easy to find in the future. From my mail.google.com page I have convenient links to my docs and spreadsheets, my calender, and the other google offerings I use. As for the map and other options, Google is simply letting you pick your own services ala carte. Again: the set-up may be more complex, but the actual use is simple because you're not saddled with a million and one features you could care less about (which is the reason I ditched my first email account ever at Yahoo!).
But what it really comes down to is this: if you really want to make a serious criticism of X for not being Y, when everyone around you says X is the epitome of Y, then you need to define Y. Since you're using the term in an (apparently) unique way, you have to explain why your way makes more sense/is justified. Failure to define terms you are using in non-standard way reduces a potentially interesting conversation to mere whining and ranting.
-stormin
Argh... more to say.
If you're using the term "simplicity" to refer to a product in which the user model corresponds closely to the program model, so the product is easy to use, fine, more power to ya. If you're using the term "simplicity" to refer to a product with a spare, clean visual appearance, so the term is nothing more than an aesthetic description much in the same way you might describe Ralph Lauren clothes as "Southampton WASP," fine, more power to ya. Minimalist aesthetics are quite hip these days. But if you think simplicity means "not very many features" or "does one thing and does it well," then I applaud your integrity but you can't go that far with a product that deliberately leaves features out.
In sum - if you're one of the vast majority of people who associate "simplicity" with "ease of use" or "clean interface" than I have nothing to say and this article was a complete waste of your time. If you're some weirdo who thinks number of features is inherently inversely proportional to quality of product, then maybe this article is for you. Because we all know there are so many people out there who are just pacing the floor at nights trying to figure out a way to make a word-processor with fewer letters.
Really there's one good point in this entire article: even if 80% of your users only use 20% of the features, it's probably not the same 20%. So you can't cut 80% of the features and have a good product. And this is supposed to mean simplicity is out? First of all, only an idiot thinks simplicity is equivalent to fewer features. And even such an idiot would still have a point: Even if the area of overlap isn't 100%, you could (possibly) still cut your features to 40%, to 50% or to 60%. I'd say reducing features by 60 - 40% is significant.
I mean really, the point of his article was to tell us that if your program does less stuff that people want it do, they might like it less?
Genius. Sheer genius.
-stormin
If you think that's bad - check this out (FTA):
Devotees of simplicity will bring up 37signals and the Apple iPod as anecdotal proof that Simple Sells. I would argue that in both these cases, success is a result of a combination of things: building an audience, evangelism, clean and spare design, emotional appeal, aesthetics, fast response time, direct and instant user feedback, program models which correspond to the user model resulting in high usability, and putting the user in control, all of which are features of one sort, in the sense that they are benefits that customers like and pay for, but none of which can really be described as "simplicity."
That's right: "clean and spare design" can not be described as "simplicity". Gee, Joel, way to finagle the definitions of words to make them mean what you want them to mean.
How does this guy get linked to from Slashdot so often? Is he submitting himself, getting submitted, or having an affair with CmdrTaco? A lot of the articles are good, but this one is pure "look at me" Dvorak-esque flamebait.
-stormin
I find that VBA makes running extremely simplistic simulations really easy in Excel. I also have been able to automate some pretty complicated spreadsheets that weren't really worth writing into a "real" program. It's not a replacement for real programming by any stretch of the imagination, but it's the reason I haven't been able to replace MS Office with OpenOffice.
I'll have to try this StarBasic and see how it works. (I hate the syntax of VBA, since I'm a java/c++ type guy myself, but the integration with Excel is amazing. One of the few things MS did well.)
-stormin
Does Open Office have some kind of scripting functionality akin to VBA?
-stormin
Notice that in this case natural is being used normatively and not descriptively. It's not merely an adjective "this suitcase is man-made/artificial/non-natural, while this fern is naturally occuring", but it's actually even worse, there's an implicit (and entirely unjustified) value assertion as well. Natural is better.
My main problem is with the normative nature of the term "natural" in general use. My second problem is that I think that all human activities are natural (because we are natural) and therefore it makes sense to call a suitcase "man-made" or "artificial", but it does NOT make very good sense to call a suitcase "non-natural". Unless you're superstitious, everything is natural.
-stormin
However, if you are trying to argue that the actions/creations of humans are natural because humans are natural, I would then ask you for an example of something "unnatural".
That's the whole point! There is no example of something "unnatural". So the whole term is a waste.
Almost all definitions are arbitrary but useful=) There's no reason a spectrum of light between two certain wavelegnths ought to be called "blue". It's arbitrary, but useful. I don't see why this makes the word "unnatural" useless.
Right, it's that it's both arbitrary (doesn't proceed logically from any axioms we need to accept) AND useless because nothing is unnatural (without superstition). Thus it's a useless term and (being arbitrary) there's no reason to keep it around. One could imagine a useless term that followed logically from some accepted axioms (and thus was non-arbitrary). Such a term might not be useful, but we can't get rid of it without throwing our axioms into question.
-stormin
Want to try and define justice with the same restrictions? Euthyphro tried. By your logic, justice doesn't exist. If you're will to accept that, fine.
This is a colossally mis-aimed attack. I said that there's no way to call the actions or creations of humans non-natural. I never said they didn't exist. Why would I apply these "restrictions" to defining justice? I'm not trying to define anything. You may as well have asked me to garbiculate a froobernackle with those restrictions.
Also, my periodic table also has the word "natural" on it, referring to elements not occuring in nature. By your logic, my perdiodic table's is deistic or absurd.
Do you habitually use your periodic table of the elements as a guide to philosophy? The distinction of elements as "occurring in nature" or "only created by men" is a real and valid distinction. I just think that labeling that distinction as "natural" vs. "non-natural" is absurd. It doesn't follow that the entire table of elements is absurd, by the way, just that the attempt to use some arbitrary labeling from that table in a wider philosophical sense is absurd.
Alternately, perhaps I can persuade you to use the term "man-made" instead. While crows use rocks and monkeys use sticks, there's no evidence that either of these specifically created tools to accomplish their tasks....
Then you would be substituting a ridiculous and ill-defined mythological term with an arbitrary, but entirely useful, definition. If you were to do so I would shake your hand and say "thank you for using a well-defined term and abandoning that derelict myth".
-stormin
On the other hand, like any other contentious issue, it is also possible to over-react to it. More specifically, some people completely fail to acknowledge that the degree of artificiality of a thing can be highly relevant.
No no no. It's not a question of over-reaction. It's a question of whether or not the term "natural" is well-defined. It's not. Therefore it's useless. I don't think you get any additional mileage by substituting "artificial". Please present me with a definition of artificial, then we can start to talk about it. Again: it's not a question of degree. It's a question of coherence.
I'm not saying "there's nothing different from hunter-gather activities" (natural) and playing MMORPGS (artificial). I'm just saying that the differences, and there are many, have NOTHING to do with natural/artificial. You seem to think that when I dismiss the "natural/artificial" distinction I'm equating the two. I can see how you might think that, but it's not what I'm doing. I'm simply saying "this distinction is incoherent". Do you see the difference?
However, we humans have a natural fear of most of those things that are dangerous items in the natural world (or, if not, we're taught to fear it or avoid it). Most humans don't jump off cliffs unless they mean to kill themselves.
Again, you're kind of proving my point. You're using the label "natural" but you're actually referring to an altogether different concept: newness. I'm happy to admit that some things that have been around forever (like cliffs) have possibly been better encoded into our genes than things that are only 1 or 2 generations old (like computer games) but the distinction has NOTHING to do with whether or not these things are "natural". You've made this plain yourself, since clearly the only relevant difference in your example is how long we've lived with these things, not whether or not they are artificial.
I am simply advocating a balanced view. My point is not that artificial items are necessarily bad, but that they can be.
I agree that your POV is more balanced. But you aren't really getting my point. It was never about balance. I'm not trying to say we should or should not be afraid of things that are artificial as opposed to natural. You see me as trying to bring balance to that discussion - I'm not. I'm criticizing the entire dichotomy. It's simply not a useful distinction to make because it's not a coherent one to make.
-stormin
Cool!! So you mean I can safely smoke all the crack I want because it is natural?
You're kind of missing the point. The whole concept of "natural" is a giant cultural myth. There's this idea that things that there is a state of nature that is healthy, safe, happy, with flowers and rainbows. I'm not just attacking the characterization of games as un-natural, I'm attacking the whole stupid myth. It's the same as the old "noble savage" stereotype, but it's applied to the world around us instead of oppressed peoples. The result is the same, however. It's like people who get so caught up in how cute animals are that they forget they are animals.
So yeah, crack is natural. But you can't smoke it without ill effect because there's nothing safe about nature. (See? It's the concept of "natural" that I'm attacking again, not any specific application of it.)Gravity is natural too. Try jumping off a cliff. See how that works for you. Black holes are natural. If you ever have a chance, why don't you pop inside and have a look around one. I can't state this firmly enough: this naive belief in "nature" (as in "natural") is a ridiculous myth with no ratinoal basis in reality. Rattlesnkaes and bunny rabbits are both natural, and it's natural when the rattlesnake eats the rabbit
If you wish to look at these sorts of games from an evolutionary point of view, then you might consider that humans do not have any adaptations to deal with it appropriately since we have not been exposed to it for generation after generation... We possess no such mechanisms to inhibit abusive behavior such as this
1. This is a good point, but you are referencing the novelty (newness) of the games without any reference to an absurd cultural myth about what it means to be "natural". There's nothing unnatural about a new set of circumstances that creatures have to adapt too.
2. In my opinion there's more to evolution than genetics. There's also behavior. This doesn't contradict your point, but it does point out that we might not necessarily need genetic adaptations to cope with the changes to our environment. Behavioral adaptation may be sufficient (and would probably operate on a much shorter time scale).
-stormin
The point I'm making is simple. There are no values to evolution other than survival. The "worth" of intelligence, from the standpoint of adaptability, is entirely contingent. Sometimes it helps, sometimes it doesn't. When it helps, great. When it doesn't, too bad. It's the same as, say, coloration. Sometimes green is better (say for hiding in leaves) sometimes brown is better (say for hiding in the dirt). Intelligent isn't inherently any better than stupid than brown is better than green.
Of course, intelligence has had a lot of use for us in the past in building tools, etc. But that's because, analagously, we've been living in a desert. The second it stops being conducive to survival, it stops being advantageous.
-stormin
I would say you are being unnecessarily strict about the use of the word 'natural', in a way that is not informative nor useful in the real world. If everything is natural, what use is the word?
That's kind of the point. It's a useless distinction. I find that most of the time when people use the word "natural" they are refering to something man-made, but they are ALSO assuming some non-existent distinction between something made by people and that natural state of things. Trouble is, people (and their activities and creations) are part of the natural state of things.
In this frequently-used context it is useless. That's why I wish people would stop using it.
-stomrin
No, in the main the responses don't actually cover this. The subject I discuss is your inane assumption that 'if you know you are going to fail, you have no need to test'.
1. In general you shouldn't pretend to quote someone (using single quotes, double quotes, quote-tags, or italics) unless you are actually, you know, quoting someone. Otherwise it looks like you are trying to put words in their mouth. Which is not very persuasive.
2. The very first response (to the same point you replied to) addressed this directly:
A penetration test... is not about determining whether an attacker can get in, but how an attacker can get in.
I responded to this (valid) point with:
Fair enough. But in that case you should plug the obvious holes first (or at least try to). Otherwise the penetration test is going to tell you what you already know.
So you see we actually have covered this. I'm not trying to be a jerk here. I realize I could have been more polite. It's just frustrating when people jump into a discussion without even reading the first reply. This isn't some 1,000-post global-warming debacle with the layers and layers of inevitably overlapping flamewars that ensue; you just had to read the first response to realize that what you wanted to say had already been said. It's OK. It happens to the best of us. But the proper response is to realize your (minor) mistake. Not to compound it by:
a - making up pretend quotes to justify your case (see above)
or
b - throwing a hissy fit: Oh, fuck it. You are stuck on your asinine assumption and oblivious to it's irrelevance to the real world.
-stormin
No we should not:
1) It would not be natural. It is man-made!
2) It is precisely the smarter, more intelligent people who have a propensity to become virtuality addicts.1. Yes, it is natural. Humans are natural. Unless you are supposing some fundamentalist version of creationism or other ex-nhilo origin for our species, we're basically just smart monkeys. And our use of computers is no less natural than a monkey's use of a stick or a crow's use of a rock. There's no rational basis for calling the actions or creations of human beings un-natural without recourse to superstition.
2. What does intelligence have to do with anything? Evolution has no values. It's purely about survival, adaptation, and successful procreation. The notion that we can define intelligence is barely more coherent than the idea that people or their creations are non-natural. The idea that evolution cares about intelligence is, if anything, less coherent. If intelligence helps you make tools, then great. It's a positive adaptation. If intelligence ensnares you in addiction to those tools (an addiction that clearly hampers procreation to some degree) than guess what - intelligence ceases to be an advantageous trait. Now personally I don't think it makes sense to equate intelligence with a propensity to become virtual addicts. I'd say that shows a blatant lack of intelligence in a very basic sense: the ability to make rational decisions against our own urges. But even if there is such a correlation, evolution doesn't care.
-stormin
Right, fine. We've covered this. Try reading responses first.
If you have an obviously insecure network (social and/or technical) a penetration test is going to find the holes you already know about. Think about a penetration test as checking a bicycle inner tube for leaks. You inflate it, then submerge it and look for bubbles to spot a tiny leak. Obviously, if you have a 1" gash, you'd want to fix that first, or the gaping hole will mask any more subtle holes. Penetration testers look for a way in, not all the ways in.
It's just common sense. Before you inspect something do your best to fix it. Otherwise you're just paying someone a lot of money to point out the obvious.
-stormin
Sounds like good old-fashioned aversion therapy. And I've got to say that it doesn't sound a whole lot healthier than the behavior it seeks to rectify. On the other hand, I guess when "take a walk" doesn't work and you have to fall back on "overdose on laxatives" you really know you have a problem.
Then again, the mischievious part of me wonders if we should just let this gentle version of natural selection run its course.
-stormin
That's not WoW addiction. That's stupid addiction.
-stormin
OK, it certainly doesn't say they get away with it 9 times out of 10. That's the impression you get from reading this and the many articles like it. So, while I think the 90% successful penetration may very well be close to the actual number, it's certainly NOT what the article says. I read too quickly.
However it doesn't exactly say that they get caught 9 times out of 10 either. Honestly the grammar is pretty bad, so it's a bit ambiguous. I mean, "nine times out of 10 we usually get caught..." WTF? Ron Burgundy anyone? "60% of the time it works all of the time."
However if you look at the quote closely, its says "nine times out of 10 we usually get caught when that one person says..." I think that what he is trying to say is that in the cases when they are caught it's usually (9 out of 10) because some person says "I need to call someone about what you're doing".
-stormin
I guess I'm just asking why you'd do your own study when there are so many more out there. Any CIO who is competent at communicating should be able to assemble the various facts, statistics, and articles and present that to the board. It's smarter to say "this is how bad the market looks, this is about where we fit in, I saved us $xx,xxx by doing research instead of our own study, let's use $xx,xxx as the starting point for making some fixes".
Honestly - if a CIO can't do that, they should not be the CIO. And if, presented with that evidence, the purse-string holders still do not relent, then you may as well find a new job 'cause this one is run by idiots.
-stormin
A penetration test (at least in the cyber realm) is not about determining whether an attacker can get in, but how an attacker can get in.
Fair enough. But in that case you should plug the obvious holes first (or at least try to). Otherwise the penetration test is going to tell you what you already know. 9 out of 10 companies fail to confront a vendor rep. Chances are your company would too. As a manager, you could get a lot more bang for you buck addressing that concern first and then calling in penetration testers.
Simply put: why waste money hiring professionals to point out where the obvious holes are? Spend the money when the holes aren't quite as obvious.
-stormin
I guess I'm just saying that I don't think most of the 9 really need to pay a professional to self-identify. It should be pretty plain. I work in a small company of 25. It would be a waste to call in a penetration-tester right now because I know where we have holes. A lot of them. Until they are addressed - why call in someone externally?
-stormin
I've been thinking about the article. It seems to me that such an abject failure to prevent a security breach could be more demoralizing than instructive. In most companies, the employees are not going to be security-savy, and they will not question a potential intruder. When the penetration test is successful everyone just feels stupid and slightly used. That's my guess at how the bank employees would react when the boss let them know that they got totally hacked.
Instead, for those bosses with less scruples, you'd probably get more bang for your buck by faking the penetration test. Hire some dude to try to get in, and arrange some employee to "catch" him. Then you get to circulate the news that you were successful because an employee did the right thing. I think the information would be just as instructive (always ask for outside confirmation of vendor reps), but instead of being depressing (you guys all failed to do the right thing) it could be empowering (it's easy to do the right thing, and one of you managed to do it).
Is penetration testing even worth the money for a system as obviously insecure as this one? If, as the article claims, these attempts succeed 9 times out of 10, then you don't need to pay for the penetration test to know your company will fail. Does a bank manager really need to pay someone to tell them the obvious? They should take some proactive steps towards security-enhancements first, and save the penetration testing for when they actually think they have a somewhat hardened system (social and technical) to penetrate.
-stormin