Yep, I hear you. Whenever I buy something out of the ordinary, Amazon seems to believe that you now want a whole bunch more of that. No, you idiots, I just bought what I needed, so now I'm good! It's really astounding how bad they often are at that. You'd think they'd have an easier time spotting the occasional outlier and figuring that it's probably a one off, and they should probably stick to recommending what I normally buy.
Yes, you move your code inside a small, easily testable component that encapsulates both a set of discrete data and the functions which operate on that data. And then you build larger objects out of those smaller, well-tested components. It's called "object oriented programming". You may not have heard of it, given that it was invented a mere fifty years ago or so.
If you know what you are doing then C itself can be used to write safe and secure code.
The difference between writing safe code in C and C++ is how the language (and by extension, the compiler) can help to keep you safe. A well-designed C++ class is almost impossible to use incorrectly or unsafely. Saying you can write safe code in C is like saying you can be safe while riding a motorcycle - you're perfectly safe until you make a mistake, and then you're not.
Back on topic, this sentence caught my eye:
"...in so far as Joe Public thinks about distributed ledgers at all, it is in the context of Bitcoin, money laundering and online drug dealing..."
I was about to laugh this off, and then I see this comment below the article:
"The problem with all this is that anyone who controls 50%+1 of the blockchain controls all of the block chain. Thus the only thing guaranteeing the integrity is that the bad guys cant control more than half. And thats the problem , for a block chain to be effective it needs to be widely decentralized, and if its widely decentralized, it has the potential to be hijacked and then bot netted. Next thing you know, your block chain belongs to someone else, and with 50%+1 control, they can start editing that blockchain."
Whelp, the author sure called it. People apparently can't distinguish between the concept of a distributed ledger and a specific implementation of one (i.e. Bitcoin). The underlying encrypting technology of preserving a history is the most important part of this system. Any alteration affects every transaction going forward, so making surreptitious changes to the transaction history are impossible.
I've always heard the mantra "electronic records can be altered", spoken as an absolute truism. I guess the proper counter is "yes, but it can't necessarily go undetected". It will be interesting to see how many ways this technology can be used when you need to guarantee the integrity of a set of data and related transactions.
Don't get too hung up on the analogy. The point I was trying to make is that there's a security vs convenience tradeoff, but it's certainly not impossible to make reasonably secure products accessible to the masses. These IoT companies aren't even trying.
Generally speaking, implementing correct security is extremely difficult, but a company that puts security as a priority can design systems that are secure by default, and strike a reasonable balance between customer ease of use and effectiveness. It doesn't have to be impossible for a soccer mom to use a device securely.
You can see the difference in two competing chat apps: Threema vs iChat. Threema is a "trust no-one" model, and requires you to actually meet face to face with a person to pre-exchange keys before you can chat with the maximum security protocol. iChat, on the other hand, "just works", relying on Apple to manage the key exchange. You're giving up a small amount of security for the convenience of a seamless experience, and trusting Apple to keep it the channel secure on your behalf.
I think most people would be fine with trusting the company they bought their devices from to actively manage the security aspects so they don't have to think too much about it, but in many cases, it's not that the security is flawed... it's completely non-existent. Anyone complaining about Shodan is simply blaming the messenger. The blame lies squarely on the companies that are selling these products with zero security in mind.
Well, seeing as my team of choice is out of the running, it's no concern of mine any more.
The threat of an attack at the stadium is always real, albeit probably fairly small. The awareness has been heightened because of the recent events in California and France, of course, but that doesn't really mean it's more likely. Any significant damage done would be purely psychological. In Tom Clancy's thriller about a nuclear blast on American soil, the terrorists chose the Superbowl as ground zero. It's a uniquely American icon, popular here the way soccer (the other "football") is in the rest of the world.
The cable cutting "threat" is really more one of revenue than anything else (aside from the irritation of fans not being able to see the game), as the Superbowl is the largest sports event in the world, at least in terms of dollars per hour - or so I've heard. I suppose there also might be an issue of loss of face at a single person or small group being able to piss off millions of Americans and fans of football around the world.
Here's the telling bit to me: "The organisers of the event say that they are on “maximum alert”, a level that has been in place since the attacks on 11th September 2001."
You'll notice that Molyneux came with a big asterisk. I'd say he earned his stripes early in his career with a number of excellent games, and has since produced well-received, competently designed games, even if they were ridiculously over-hyped. The man's biggest problem is that (apparently) he can't shut up about speculative features that may not even make it into the final product. He's probably the one that's hurt his own legacy the most, so I'd say it's questionable whether I'd put him with the other. But above Romero? Yep, no doubt.
John Romero became famous because of his work on id games, Doom and Quake mostly, but aside from that has had a somewhat pedestrian career. More critically, when he had the means and opportunity to create a game with his vision, he was unable to produce anything of real value (Daikatana). I think it's quite telling that he only manages to make news when he produces a new Doom level.
I have no personal beef with the guy, but I've worked professionally with some amazing game designers who have designed games played by millions, but who's name you've probably never even heard of. I just think the man was seriously overrated as a game designer, and proved to be out of his depth when faced with a real project.
You have any proof for that slander you're slinging around? He's pretty well known for being a super nice, soft-spoken guy. And you realize he doesn't actually own the IP for any of those games, right?
There are a few game developers I would describe as "legendary", like Shigeru Miyamoto, Sid Meier, Will Wright, Roberta Williams, maybe even Peter Molyneux (over-hyping and under-delivering aside). John Romero is famous, but hardly legendary.
I've heard it mentioned that the US tends to be a lot more conservative in terms of it's monetary designs and policies for psychological reasons. Stability and continuity gives a feeling of fiscal stability (although reducing our deficit would do a hell of a lot more in practice).
Keep in mind that US dollars, unlike many other single country's currencies, are used as a de-facto standard in many places around the world, or at least *accepted* in many more places. Even the introduction of colors and other features left our paper bills looking quite traditional, unlike some countries that have adopted more radical changes to their currency (different sizes, wildly different colors, specialized textures, etc).
Well, that's just one theory. Another reason, which I'd guess is more significant, is that it's far easier to maintain the status quo than to change anything in government, because that would involve someone actually sticking their neck out.
Yep, I didn't mean to imply otherwise. I was specifically responding to the parent's notion that "simplicity" is what's needed, but my argument is that's somewhat impractical given the size of modern software, so you need to focus more on the software that's exposed to potential attacks. And obviously, as this article points out, that includes our AV software.
It's the reason many of us were upset with Mozilla for adding that stupid "Pocket" feature - that product is likely to have security holes, and the more code you add to a web browser (which Desty rightly pointed out is generally a much bigger attack surface), the more likely it is for there to be a crack in the existing code to exploit.
I didn't mean to sound like I was blaming users - there are plenty of times users/admins do absolutely nothing wrong, like an exploit just from looking at a web page with a fully patched browser, or even just previewing an e-mail with a malicious payload. It's sort of depressing that we're still at this stage in computer security.
I'll half agree with you... I think I know what you're getting at, but I think it's worth clarifying a bit. After all, it's not like any arbitrary code on a machine is vulnerable to random attacks from the internet.
Rather than talking about simplicity - because let's face it, that will never happen - we need to focus on minimizing and hardening the attack surface. For instance, if my personal machine sits behind a router, arbitrary incoming traffic from the internet is blocked. Anything that isn't blocked then has to make it past my personal machine's built-in firewall, which would tend to reject most anything else. Thus, it's likely that 99.999 percent of the code on my machine (any modern OS is *horribly* complex by nature) is completely immune to random internet-based attacks, at least ignoring user actions like launching an infected program or script.
A good example of minimizing attack surface is Amazon's recent release of a very tiny TLS library called s2n. With only 6000 lines of code, it's *much* easier to vet and declare secure than the feature rich but dangerously bloated OpenSSL library, which may put servers at risk with features they never used. Even the name (signal to noise) indicates the intent, which is to keep the library tiny and focused. We're discovering that there's a danger to letting code grow infinitely large and complex, and not depreciating it, because even if those old features work, they still may contain security issues. I'd be extremely surprised if s2n had any serious security flaws in its implementation simply due to its small size - there's just not as much that can go wrong there.
For many years I used no-script instead of an ad-blocker, which almost amounted to the same thing, as the most obnoxious or dangerous ads rely on scripting. The difference is that the modern web utterly breaks without scripting, and it was just too much of a pain in the ass to try to figure out what to whitelist when sites are often pulling from many dozens of different domains for various javascript pieces, services, or what have you. So, I uninstalled no-script and installed ublock-origin instead, because nowadays, I figure most malware I'd see would be from ads.
We see from this that the ad networks still don't have malware under control, so I won't disable ad-blocking. That's essentially like asking me to disable my firewall or anti-virus to read an article - it will never happen, ever, unless I'm using a browser instead a disposable virtual machine image or something equally safe.
Until we get a mechanism to ensure that advertisers can't run arbitrary scripting, launch Flash or Java, or provide their own arbitrary content, I'll continue to block ads purely for safety reasons. Even static images or multimedia has proven to be dangerous, as the recent stagefright debacle on Android has shown. Honestly, most normal ads don't bother me all that much, and I'm aware they pay for a lot of content. But I'm not going to be lowering my shields to read your article, sorry. There's just too much malware out there today, and a lot of it is REALLY bad. My personal safety comes first.
I didn't word that very well. By "isn't all that impressive", I meant that it wasn't all that long ago relative to the history of many other disciplines (we were discussing the relative maturity of various professional fields). I didn't mean that what they accomplished in the 50's or 60's wasn't impressive in general. On the contrary, I remain in awe of what they managed to do given the technical restrictions of the day.
Good point... that was introduced in the HDMI 1.4 spec, right? I think it's still a largely theoretical concern for right now, as I haven't really seen any support for this. I'd bet it's probably because it's just a lot more straightforward to put a wifi receiver and ethernet port on the TV for a direct connection if there's any desire to do so. Moreover, the type of consumer who would have the equipment to connect a receiver with this type of advanced feature would probably also have equipment that would eliminate the need for the TV to be connected in the first place (a game console or other media box). So, yeah... there's a good chance this feature will never actually be widely supported, as I don't see much of a practical demand for this.
Fortunately, there's probably not a huge incentive for a smart TV to try to connect to the internet surreptitiously, because the blowback when such a thing is inevitably discovered would likely be fairly severe. Lenovo's pre-installed adware was a great object lesson for the tech industry at large. I suppose we'll see if I'm wrong and some idiotic MBA decides to screw over their own customers by spying on them.
It may be unsafe if you're actually connected to the network. But if you're not using any of the "smarts" of the system, why in the world would your TV be connected in the first place? My smart TV just acts like a dumb TV, getting input from my peripheral devices, but has no access to the internet. It's near impossible for it to be hacked via an HDMI cable coming from my own hardware devices.
And no, I don't see a near-term future where your TV must be connected to the internet because there are always going to be some use cases where it's either impractical or even impossible to do that (like the proverbial cabin in the woods). Look at the backlash against the Xbox One with the initial requirements of having to phone home once a day to remain operable. People are fine with connected devices, but it's pretty clear they hate mandatory connectivity. There are enough manufacturers so that if one is stupid enough to try that, people will likely flock to their competition.
You can simply ignore all the "smarts" of your new smart TV and just use it as an ordinary TV. If your TV works well on the day you purchased it, there's no need to ever update the software again and risk any breaking changes or performance degradation. Who cares if your TV's OS is "ignored" if it continues to work fine?
When I was going through the initial setup, my TV wanted to connect to the internet, get information about me, blah blah, and I just said "no". Fortunately, you can still do that. Anyone with a modern videogame console or other TV-enhancing device has a 100x better experience with those purpose-built devices than the utter shit software they put on those TVs anyhow.
Malware isn't magically reaching out across the airwaves to infect these devices. This is idiots being idiots and installing dodgy software from unknown sources, which is how much malware in the world gets propagated. The only news-worthiness here is that smart TVs are now ubiquitous enough that it's worthwhile for malware authors to start targeting them.
Well, I'm not going to disagree with you, as that's precisely what I stated. Compared to civil engineering, with a few thousand years of history, programming in the 50s or 60s isn't all that impressive. But compared to electrical engineering, which grew up in the 19th century and took off during the 20th, it fares better.
Agreed. And on the capitalist front, making the software illegal for them is a bad move. If I were at the helm of a software company, I'd figure out a mechanism for making my software legitimately and legally available to third-world markets who really can't afford to pay first-world prices for their software. It's a long term strategy for getting them used to a) using your software in particular, and b) using legitimate software instead of pirated software. It may seem like a simple semantic difference if the bits are the same, but I think it's an important one.
At some point, you can figure out how to monetize your market position, but it's also valuable to have a solid market position even before the money starts rolling in. Ask Google, Amazon, Twitter, or Facebook about how that's worked out for them.
Microsoft is idiotic for charging $100 for an OS on a $300 device. It virtually guarantees that many people will be interested in a free alternative simply on the basis of price (as well as the typical several percent for other reasons). $100 is a reasonable one-time expense when your PC costs a few thousand. It's ridiculous for a $160 to $500 device - and the low price is really all these things have going for them. This is the arrogance that a 95% marketplace dominance breeds.
I really wish the PC OS market were a bit more balanced, even as someone who primarily uses Windows. I'd love to see a three-way split among desktop OSes among Windows, OS X, and Linux. I'd gladly give Microsoft a third of the phone market for this, because I think the competition would be good for everyone.
You can see this in the console market, where you know that competition with Sony's PS4 was the only reason MS backed down from their initial must-check-in-once-a-day stance. I've seen this with Sony as well. Back when their PS2 was head-stomping all the other platforms, Sony was a pain in the ass to work with when getting a PS2 game certified. You couldn't believe the difference in how nice and helpful they were if you were developing a PSP game though, since that platform was lagging far behind Nintendo's handhelds.
Age matters, because CS is a relatively young discipline. We've learned many things along the way, and capabilities continue to evolve, meaning that certain tradeoffs are more relevant than others.
Would you design today C the exact same way as the original, even if the design goals were exactly the same? Of course not. You'd likely eliminate a lot of the blatant shortcomings, such as the ease in which memory is stomped, the way pointers and memory can be so easily corrupted or leaked, and the unsafe nature of many of its library functions. C++ has proven you can eliminate those faults with little to no runtime overhead. C was designed at a time when memory and run-time efficiency were given much more importance than runtime data integrity or safety. That's simply not the world we live in today, in which a set of flaws in a multimedia library can cause one of the biggest security holes of all time.
Look at how vastly different C++14 looks than C++ 98. The addition of smart pointers, move semantics, lambdas, and a few other key features mean the language almost looks like a modern managed language like C#, albeit quite a bit uglier in the syntax department. And I *still* think that the ref-counted constructor-destructor paradigm is actually more practical in many situations than garbage collection, which is really only designed for a single type of resource (memory, obviously). These days, it's incredibly rare that I actively manage memory or raw pointers in my C++ programs. We've learned that doing so is a common source of bugs and security flaws, so these days we tend to ask the compiler or the runtime to do it for us.
Why would we need nukes in Korea? We've got plenty of boomers sitting safely at the bottom of the ocean, and our land-based missiles can reach anywhere in the world in minutes. Putting nukes in S Korea would be a propaganda / political move, nothing more.
The US is already incredibly unpopular among the S Korea populous from anecdotes I've heard, although I don't believe they hold animosity towards the citizens themselves. Not that I'm uncaring about their situation (I liked the S Koreans I've met and worked with), but I say it's high time for them to take full responsibility for their own protection. The time when we should be footing *any* of the bill for their defense is long past. They're a big-boy country now, with a healthy economy that can support their own military.
Kim Jong Un's temper tantrums are because he's a paranoid nutcase and an evil fuck who starves his own people at the expense of his nuclear bomb and missile project. Not every problem around the world is the fault of the US.
We now skim everything it seems to find evidence for our own belief system. We read to comment on reality (Read: to prove our own belief system). Reading has become a relentless exercise in self-validation, which is why we get impatient when writers don’t come out and simply tell us what they’re arguing.
Of course, the notion that this is somehow new and different is utter tripe. Does anyone think that some magical, golden age existed in which wordsmiths could sway the hearts and minds of the masses? My goodness, how *dare* we have our own opinions, rather than relying on the words of others to shape our thoughts.
Typical ivory-tower nonsense. You're missing nothing by skipping this article.
Slashdot Mirror
Yep, I hear you. Whenever I buy something out of the ordinary, Amazon seems to believe that you now want a whole bunch more of that. No, you idiots, I just bought what I needed, so now I'm good! It's really astounding how bad they often are at that. You'd think they'd have an easier time spotting the occasional outlier and figuring that it's probably a one off, and they should probably stick to recommending what I normally buy.
And people are worried about the singularity...
Yes, you move your code inside a small, easily testable component that encapsulates both a set of discrete data and the functions which operate on that data. And then you build larger objects out of those smaller, well-tested components. It's called "object oriented programming". You may not have heard of it, given that it was invented a mere fifty years ago or so.
If you know what you are doing then C itself can be used to write safe and secure code.
The difference between writing safe code in C and C++ is how the language (and by extension, the compiler) can help to keep you safe. A well-designed C++ class is almost impossible to use incorrectly or unsafely. Saying you can write safe code in C is like saying you can be safe while riding a motorcycle - you're perfectly safe until you make a mistake, and then you're not.
Back on topic, this sentence caught my eye:
"...in so far as Joe Public thinks about distributed ledgers at all, it is in the context of Bitcoin, money laundering and online drug dealing..."
I was about to laugh this off, and then I see this comment below the article:
"The problem with all this is that anyone who controls 50%+1 of the blockchain controls all of the block chain. Thus the only thing guaranteeing the integrity is that the bad guys cant control more than half. And thats the problem , for a block chain to be effective it needs to be widely decentralized, and if its widely decentralized, it has the potential to be hijacked and then bot netted. Next thing you know, your block chain belongs to someone else, and with 50%+1 control, they can start editing that blockchain."
Whelp, the author sure called it. People apparently can't distinguish between the concept of a distributed ledger and a specific implementation of one (i.e. Bitcoin). The underlying encrypting technology of preserving a history is the most important part of this system. Any alteration affects every transaction going forward, so making surreptitious changes to the transaction history are impossible.
I've always heard the mantra "electronic records can be altered", spoken as an absolute truism. I guess the proper counter is "yes, but it can't necessarily go undetected". It will be interesting to see how many ways this technology can be used when you need to guarantee the integrity of a set of data and related transactions.
Don't get too hung up on the analogy. The point I was trying to make is that there's a security vs convenience tradeoff, but it's certainly not impossible to make reasonably secure products accessible to the masses. These IoT companies aren't even trying.
Generally speaking, implementing correct security is extremely difficult, but a company that puts security as a priority can design systems that are secure by default, and strike a reasonable balance between customer ease of use and effectiveness. It doesn't have to be impossible for a soccer mom to use a device securely.
You can see the difference in two competing chat apps: Threema vs iChat. Threema is a "trust no-one" model, and requires you to actually meet face to face with a person to pre-exchange keys before you can chat with the maximum security protocol. iChat, on the other hand, "just works", relying on Apple to manage the key exchange. You're giving up a small amount of security for the convenience of a seamless experience, and trusting Apple to keep it the channel secure on your behalf.
I think most people would be fine with trusting the company they bought their devices from to actively manage the security aspects so they don't have to think too much about it, but in many cases, it's not that the security is flawed... it's completely non-existent. Anyone complaining about Shodan is simply blaming the messenger. The blame lies squarely on the companies that are selling these products with zero security in mind.
showing planes coming back from having DROPPED AN ATOMIC BOMB ON THE PLANET!!! (Caption: "we own the night")
Pretty sure that's a sunrise, but it's still badass. This is a reconnaissance organization, remember.
Well, seeing as my team of choice is out of the running, it's no concern of mine any more.
The threat of an attack at the stadium is always real, albeit probably fairly small. The awareness has been heightened because of the recent events in California and France, of course, but that doesn't really mean it's more likely. Any significant damage done would be purely psychological. In Tom Clancy's thriller about a nuclear blast on American soil, the terrorists chose the Superbowl as ground zero. It's a uniquely American icon, popular here the way soccer (the other "football") is in the rest of the world.
The cable cutting "threat" is really more one of revenue than anything else (aside from the irritation of fans not being able to see the game), as the Superbowl is the largest sports event in the world, at least in terms of dollars per hour - or so I've heard. I suppose there also might be an issue of loss of face at a single person or small group being able to piss off millions of Americans and fans of football around the world.
Here's the telling bit to me: "The organisers of the event say that they are on “maximum alert”, a level that has been in place since the attacks on 11th September 2001."
In other words, it's business as usual.
You'll notice that Molyneux came with a big asterisk. I'd say he earned his stripes early in his career with a number of excellent games, and has since produced well-received, competently designed games, even if they were ridiculously over-hyped. The man's biggest problem is that (apparently) he can't shut up about speculative features that may not even make it into the final product. He's probably the one that's hurt his own legacy the most, so I'd say it's questionable whether I'd put him with the other. But above Romero? Yep, no doubt.
John Romero became famous because of his work on id games, Doom and Quake mostly, but aside from that has had a somewhat pedestrian career. More critically, when he had the means and opportunity to create a game with his vision, he was unable to produce anything of real value (Daikatana). I think it's quite telling that he only manages to make news when he produces a new Doom level.
I have no personal beef with the guy, but I've worked professionally with some amazing game designers who have designed games played by millions, but who's name you've probably never even heard of. I just think the man was seriously overrated as a game designer, and proved to be out of his depth when faced with a real project.
You have any proof for that slander you're slinging around? He's pretty well known for being a super nice, soft-spoken guy. And you realize he doesn't actually own the IP for any of those games, right?
There are a few game developers I would describe as "legendary", like Shigeru Miyamoto, Sid Meier, Will Wright, Roberta Williams, maybe even Peter Molyneux (over-hyping and under-delivering aside). John Romero is famous, but hardly legendary.
It's "halfling", not "hobbit". Wouldn't want to rouse sleeping drag... er... lawyers.
I've heard it mentioned that the US tends to be a lot more conservative in terms of it's monetary designs and policies for psychological reasons. Stability and continuity gives a feeling of fiscal stability (although reducing our deficit would do a hell of a lot more in practice).
Keep in mind that US dollars, unlike many other single country's currencies, are used as a de-facto standard in many places around the world, or at least *accepted* in many more places. Even the introduction of colors and other features left our paper bills looking quite traditional, unlike some countries that have adopted more radical changes to their currency (different sizes, wildly different colors, specialized textures, etc).
Well, that's just one theory. Another reason, which I'd guess is more significant, is that it's far easier to maintain the status quo than to change anything in government, because that would involve someone actually sticking their neck out.
Yep, I didn't mean to imply otherwise. I was specifically responding to the parent's notion that "simplicity" is what's needed, but my argument is that's somewhat impractical given the size of modern software, so you need to focus more on the software that's exposed to potential attacks. And obviously, as this article points out, that includes our AV software.
It's the reason many of us were upset with Mozilla for adding that stupid "Pocket" feature - that product is likely to have security holes, and the more code you add to a web browser (which Desty rightly pointed out is generally a much bigger attack surface), the more likely it is for there to be a crack in the existing code to exploit.
I didn't mean to sound like I was blaming users - there are plenty of times users/admins do absolutely nothing wrong, like an exploit just from looking at a web page with a fully patched browser, or even just previewing an e-mail with a malicious payload. It's sort of depressing that we're still at this stage in computer security.
I'll half agree with you... I think I know what you're getting at, but I think it's worth clarifying a bit. After all, it's not like any arbitrary code on a machine is vulnerable to random attacks from the internet.
Rather than talking about simplicity - because let's face it, that will never happen - we need to focus on minimizing and hardening the attack surface. For instance, if my personal machine sits behind a router, arbitrary incoming traffic from the internet is blocked. Anything that isn't blocked then has to make it past my personal machine's built-in firewall, which would tend to reject most anything else. Thus, it's likely that 99.999 percent of the code on my machine (any modern OS is *horribly* complex by nature) is completely immune to random internet-based attacks, at least ignoring user actions like launching an infected program or script.
A good example of minimizing attack surface is Amazon's recent release of a very tiny TLS library called s2n. With only 6000 lines of code, it's *much* easier to vet and declare secure than the feature rich but dangerously bloated OpenSSL library, which may put servers at risk with features they never used. Even the name (signal to noise) indicates the intent, which is to keep the library tiny and focused. We're discovering that there's a danger to letting code grow infinitely large and complex, and not depreciating it, because even if those old features work, they still may contain security issues. I'd be extremely surprised if s2n had any serious security flaws in its implementation simply due to its small size - there's just not as much that can go wrong there.
For many years I used no-script instead of an ad-blocker, which almost amounted to the same thing, as the most obnoxious or dangerous ads rely on scripting. The difference is that the modern web utterly breaks without scripting, and it was just too much of a pain in the ass to try to figure out what to whitelist when sites are often pulling from many dozens of different domains for various javascript pieces, services, or what have you. So, I uninstalled no-script and installed ublock-origin instead, because nowadays, I figure most malware I'd see would be from ads.
We see from this that the ad networks still don't have malware under control, so I won't disable ad-blocking. That's essentially like asking me to disable my firewall or anti-virus to read an article - it will never happen, ever, unless I'm using a browser instead a disposable virtual machine image or something equally safe.
Until we get a mechanism to ensure that advertisers can't run arbitrary scripting, launch Flash or Java, or provide their own arbitrary content, I'll continue to block ads purely for safety reasons. Even static images or multimedia has proven to be dangerous, as the recent stagefright debacle on Android has shown. Honestly, most normal ads don't bother me all that much, and I'm aware they pay for a lot of content. But I'm not going to be lowering my shields to read your article, sorry. There's just too much malware out there today, and a lot of it is REALLY bad. My personal safety comes first.
I didn't word that very well. By "isn't all that impressive", I meant that it wasn't all that long ago relative to the history of many other disciplines (we were discussing the relative maturity of various professional fields). I didn't mean that what they accomplished in the 50's or 60's wasn't impressive in general. On the contrary, I remain in awe of what they managed to do given the technical restrictions of the day.
Good point... that was introduced in the HDMI 1.4 spec, right? I think it's still a largely theoretical concern for right now, as I haven't really seen any support for this. I'd bet it's probably because it's just a lot more straightforward to put a wifi receiver and ethernet port on the TV for a direct connection if there's any desire to do so. Moreover, the type of consumer who would have the equipment to connect a receiver with this type of advanced feature would probably also have equipment that would eliminate the need for the TV to be connected in the first place (a game console or other media box). So, yeah... there's a good chance this feature will never actually be widely supported, as I don't see much of a practical demand for this.
Fortunately, there's probably not a huge incentive for a smart TV to try to connect to the internet surreptitiously, because the blowback when such a thing is inevitably discovered would likely be fairly severe. Lenovo's pre-installed adware was a great object lesson for the tech industry at large. I suppose we'll see if I'm wrong and some idiotic MBA decides to screw over their own customers by spying on them.
It may be unsafe if you're actually connected to the network. But if you're not using any of the "smarts" of the system, why in the world would your TV be connected in the first place? My smart TV just acts like a dumb TV, getting input from my peripheral devices, but has no access to the internet. It's near impossible for it to be hacked via an HDMI cable coming from my own hardware devices.
And no, I don't see a near-term future where your TV must be connected to the internet because there are always going to be some use cases where it's either impractical or even impossible to do that (like the proverbial cabin in the woods). Look at the backlash against the Xbox One with the initial requirements of having to phone home once a day to remain operable. People are fine with connected devices, but it's pretty clear they hate mandatory connectivity. There are enough manufacturers so that if one is stupid enough to try that, people will likely flock to their competition.
You can simply ignore all the "smarts" of your new smart TV and just use it as an ordinary TV. If your TV works well on the day you purchased it, there's no need to ever update the software again and risk any breaking changes or performance degradation. Who cares if your TV's OS is "ignored" if it continues to work fine?
When I was going through the initial setup, my TV wanted to connect to the internet, get information about me, blah blah, and I just said "no". Fortunately, you can still do that. Anyone with a modern videogame console or other TV-enhancing device has a 100x better experience with those purpose-built devices than the utter shit software they put on those TVs anyhow.
Malware isn't magically reaching out across the airwaves to infect these devices. This is idiots being idiots and installing dodgy software from unknown sources, which is how much malware in the world gets propagated. The only news-worthiness here is that smart TVs are now ubiquitous enough that it's worthwhile for malware authors to start targeting them.
CS is a relatively young discipline
Youth is relative.
Well, I'm not going to disagree with you, as that's precisely what I stated. Compared to civil engineering, with a few thousand years of history, programming in the 50s or 60s isn't all that impressive. But compared to electrical engineering, which grew up in the 19th century and took off during the 20th, it fares better.
Agreed. And on the capitalist front, making the software illegal for them is a bad move. If I were at the helm of a software company, I'd figure out a mechanism for making my software legitimately and legally available to third-world markets who really can't afford to pay first-world prices for their software. It's a long term strategy for getting them used to a) using your software in particular, and b) using legitimate software instead of pirated software. It may seem like a simple semantic difference if the bits are the same, but I think it's an important one.
At some point, you can figure out how to monetize your market position, but it's also valuable to have a solid market position even before the money starts rolling in. Ask Google, Amazon, Twitter, or Facebook about how that's worked out for them.
Microsoft is idiotic for charging $100 for an OS on a $300 device. It virtually guarantees that many people will be interested in a free alternative simply on the basis of price (as well as the typical several percent for other reasons). $100 is a reasonable one-time expense when your PC costs a few thousand. It's ridiculous for a $160 to $500 device - and the low price is really all these things have going for them. This is the arrogance that a 95% marketplace dominance breeds.
I really wish the PC OS market were a bit more balanced, even as someone who primarily uses Windows. I'd love to see a three-way split among desktop OSes among Windows, OS X, and Linux. I'd gladly give Microsoft a third of the phone market for this, because I think the competition would be good for everyone.
You can see this in the console market, where you know that competition with Sony's PS4 was the only reason MS backed down from their initial must-check-in-once-a-day stance. I've seen this with Sony as well. Back when their PS2 was head-stomping all the other platforms, Sony was a pain in the ass to work with when getting a PS2 game certified. You couldn't believe the difference in how nice and helpful they were if you were developing a PSP game though, since that platform was lagging far behind Nintendo's handhelds.
Age doesn't matter. Usefulness does.
Age matters, because CS is a relatively young discipline. We've learned many things along the way, and capabilities continue to evolve, meaning that certain tradeoffs are more relevant than others.
Would you design today C the exact same way as the original, even if the design goals were exactly the same? Of course not. You'd likely eliminate a lot of the blatant shortcomings, such as the ease in which memory is stomped, the way pointers and memory can be so easily corrupted or leaked, and the unsafe nature of many of its library functions. C++ has proven you can eliminate those faults with little to no runtime overhead. C was designed at a time when memory and run-time efficiency were given much more importance than runtime data integrity or safety. That's simply not the world we live in today, in which a set of flaws in a multimedia library can cause one of the biggest security holes of all time.
Look at how vastly different C++14 looks than C++ 98. The addition of smart pointers, move semantics, lambdas, and a few other key features mean the language almost looks like a modern managed language like C#, albeit quite a bit uglier in the syntax department. And I *still* think that the ref-counted constructor-destructor paradigm is actually more practical in many situations than garbage collection, which is really only designed for a single type of resource (memory, obviously). These days, it's incredibly rare that I actively manage memory or raw pointers in my C++ programs. We've learned that doing so is a common source of bugs and security flaws, so these days we tend to ask the compiler or the runtime to do it for us.
Why would we need nukes in Korea? We've got plenty of boomers sitting safely at the bottom of the ocean, and our land-based missiles can reach anywhere in the world in minutes. Putting nukes in S Korea would be a propaganda / political move, nothing more.
The US is already incredibly unpopular among the S Korea populous from anecdotes I've heard, although I don't believe they hold animosity towards the citizens themselves. Not that I'm uncaring about their situation (I liked the S Koreans I've met and worked with), but I say it's high time for them to take full responsibility for their own protection. The time when we should be footing *any* of the bill for their defense is long past. They're a big-boy country now, with a healthy economy that can support their own military.
Kim Jong Un's temper tantrums are because he's a paranoid nutcase and an evil fuck who starves his own people at the expense of his nuclear bomb and missile project. Not every problem around the world is the fault of the US.
Here seems to be the crux of his complaint:
We now skim everything it seems to find evidence for our own belief system. We read to comment on reality (Read: to prove our own belief system). Reading has become a relentless exercise in self-validation, which is why we get impatient when writers don’t come out and simply tell us what they’re arguing.
Of course, the notion that this is somehow new and different is utter tripe. Does anyone think that some magical, golden age existed in which wordsmiths could sway the hearts and minds of the masses? My goodness, how *dare* we have our own opinions, rather than relying on the words of others to shape our thoughts.
Typical ivory-tower nonsense. You're missing nothing by skipping this article.