Ideas for products or services are not valuable: they are dime-a-dozen. The only ideas that are valuable are scientific breakthroughs. Product or service ideas are not valuable because the real challenge is to overcome the barriers to implementing an idea. The barriers include patent procedures, development costs, marketing costs, competition from entrenched players, etc. It is an unfair world in this regard, because established companies have a tremendous advantage; and if it were easy everyone would be inventing all the time because lots and lots of people have ideas. If you can overcome the challenges of filing a patent, then you might have something - if the idea is a good one. Even better, produce and market the product or service. That's the real challenge. Thinking of an idea is not a challenge. And no, no one will pay you for your good ideas unless you are a proven producer of ideas that have made money.
I don't agree that the fault was in insufficient training. A device such as this one should have been built to operate in an appliance-like manner. It should not have been possible to set the machine to a setting that was dangerous.
So many devices are not properly tested. We talk about the Therac-25: what about the Apple TV? I use a Mac and so I prefer Apple products over the commercial alternatives, but the Apple TV is one of the most poorly engineered devices I have ever used, and the problems are all in the software. It simply was not tested (it seems) to handle all of the many asynchronous conditions that occur during use. Ironically it is designed to be appliance-like. It doesn't even have an on-off switch, yet I have to unplug the thing to reset it every single time I use it. It clearly relies on procedural routines that test for this and that and if some condition is true it sets that state, only to have the condition turn false a moment later, but the thing cannot detect that and it gets stuck in undefined states and so it then can't access the Internet (because it thinks it is not available when it actually is) or it thinks your library has been deleted when it hasn't or it "forgets" your iTunes password until you reset the machine, and so on and so on. Whoever designed the software does not understand real-time programming and it clearly was not tested properly.
This is common within our industry. Programmers think procedurally. They check some variable and then go on to assume that the variable retains that value for the remainder of the current method, when in fact it might change if the variable can be set by another routine due to an asynchronous event such as user input or a change initiated by another part of the system.
Testing needs to be extensive and planned out, and it needs to consider all of the failure modes and events that might occur, including the unlikely ones, because in real use a one in a million event that causes a death does matter if the system is going to be used by the thousands across the globe. Anyone who does not properly test such a system should be liable for that death.
"...easier and faster for corporations to enforce their intellectual property rights around the world."
Corporations - that says it all: to exclude lone inventors.
They just want the ability to build patent firewalls around their products, so that no upstart inventor can threaten them. Basically, they want to make it impossible for anyone to start a company around a new idea. They want big corporations like Microsoft to be the only ones who can have products. Everyone else will be crushed by their attorneys.
Claims that IT is mature are the result of a lack of imagination.
At the turn of the 20th century there were similar claims that the automobile was mature and could not be improved any more.
What about the fact that Moore's Law has no end in sight?
What about the need to shift the focus on design instead of programming, in order to finally be able to create secure and reliable systems?
What about the prospect of autonomous robots - getting more credible every day?
What about the likelihood that CPU-based systems will see their last days when it becomes feasible to reprogram hardware architecture dynamically, in real time?
What about the emergence of massive parallelism on the desktop (and laptop), leading to real-time ray traced graphics and simulation?
What about the prospect of real-time 3D displays?
What about the prospect of intelligent machines? (In this area, there is much to fear.)
If anything, IT is dynamic, and what will come is likely to be more transforming than what has already occurred.
Apple's argument against "Why should Apple stop people from downloading from non-Apple stores, if that user wants?" is that it requires hacking the OS, and I have pointed out that doing so does in fact put the handset at risk (from installed malware), and that it is possible that a vulnerable handset could compromise the other users on the network if not the network itself. Knowing which of the latter scenarios applies requires an in-depth analysis of the security model of the iPhone and the network protocol. So I think I have been on point. From a philosophical point of view, I am in agreement that we should be allowed to install what we want on something that we own; but the unfortunate fact is that this stuff is just too unreliable and insecure. It's like allowing people to drive race cars on the highway. Anyone should be allowed to drive any car they want at any speed they want - but not on a public highway. The mobile networks are public highways. To put a device on one of these networks there should be a certification regime of some kind, to ensure that the other devices on the network and the network itself are protected from a rogue device. Apple's app system is a certification regime. It is proprietary and that is not good, but until we have a non-proprietary system to replace it, we should abide by it.
That's reassuring. I would hope they would care about quality. But then again, I have an Apple TV, and it has to be restarted about once every two days or it can no longer connect to the Internet, starts running very slowly (memory leak???), and so on. A beautifully conceived but unreliable product - from Apple. My motto for the thing: It just doesn't work.;-) But I use it because I won't run Windows as a media center because I expect it would be worse (since it's Windows underneath), and I don't have the time to fiddle with Linux unfortunately.
In 1993 I had a Compaq Concerto. It was my favorite computer of all time (even more than my Macs that I have now). It was a pen-based machine and also had a keyboard. (Contrary to popular opinion, handwriting recognition actually worked: the catch is that it required the user to adapt and learn how to write so that the system can read your writing. If you were willing to do that, it had a very high rate of recognition.) The machine came with 4Mb or RAM but I put 12Mb in it - and that was considered HUGE at that time. (The battery lasted for four hours, and I had two so I could go for eight hours.) I ran Photoshop with NO PROBLEM on the machine, and many apps at once, including Netscape, etc. - which as you might recall had Java and lots of things bundled into it. I used to program in C++, Java, and Pascal on the thing. I seem to recall that it had a 128Mb disk drive.
So what the heck is the 16Gb of Windows 7 for????? In terms of the value of my computing experience, they are about the same - except that the Concerto would not have been able to handle the large media files of today unless you increased the RAM and disk space - but the OS certainly would not have minded as long as the codecs were installed. And let's not say it is because Windows is now multi-tasking where as Win 3.1 wasn't, because the original Unix was multi-tasking, and it fit in 4k or something like that.
I recall that I once installed Photoshop 3 on a Windows ME machine at a time when the latest version of Photoshop was 7. (Photoshop 7 was designed to run on Macs and Windows 3.1.) It started and was ready to use in under one second!!! And it was lightning fast. Using the current Photoshop of that time required the usual 30 seconds to start up. Yet, Photoshop 3 did everything - it just did not have some of the bells and whistles of later versions that one normally does not use - things that should not be part of the runtime anyway. In any case, any new features were not worth a factor of 20+ in startup time and a similar factor in memory footprint!
So my conclusion is that the current bloatware is somehow designed to be bloated. Something is fishy! Is it the large OS libraries that must be linked in now? The.Net, layered on top of the Win API? (talking about Windows here - similar questions for other OSs.) I suspect that our software could be much leaner, and run on much smaller footprints, and start and run much, much faster, and therefore use much less power - and therefore run for much longer without recharging. Again, I wish someone would decompile the code of some of these programs (and OSs) and see what the extra bloat is actually doing and what the source of it is.
Exactly. The huge bloat defies explanation. I wish someone would decompile the code and see exactly why it is so friggin huge!!! In terms of value per byte, it seems way out of whack with what we had a decade ago.
How rude, to describe me as "ignorant". I am not ignorant: I have degrees in two branches of engineering, have studied EE extensively (both analog and digital signal processing, and have written microcode silicon compilers), and am quite familiar with many branches of telecommunications, although I admit that cell networks are not an area I know in depth. I have also written a book on application security. Please don't call me ignorant: it is very trailer-parkish to do so.
Back to the discussion:
The fundamental security issue is: If the infrastructure trusts the platform, and the platform is compromised, then the infrastructure can be compromised. It is possible (I defer to you on this, since you are a professed expert on cell networks) that the cell network does not trust the parts of the handset that are accessible to the handset OS - that is, that the interactions are in firmware or on another chip. But, I will point out that it is not only the cell tower that is at risk. A handset app can communicate with other users across the network, using the network as a mere conduit, without compromising the network. Imagine a bot herd of a hundred million cellphones....
If Apple has built a secure system to protect against this, then there is nothing to worry about; but I am not so sure that is the case.
You are right - I don't disagree. I am not saying they are fair. I am just saying that in addition to rejecting apps they don't want, they also (hopefully) reject apps that are a risk. That is the QA that has value. Of course, I don't know what they are actually doing behind the scenes....
I really wish that some posters here would resist the urge to be rude and grandstand in order to bully their point. I am not "misinformed" as you say (I am very familiar with BSD), and my comment is indeed relevant. If it were not, you would not have had so much to say about it.;-)
But back to the discussion:
You appear to be confusing the issue of "jailbreaking" with the issue of having an open platform. I agree that an open platform is a good thing in theory; and I agree that Apple is acting in its own interests when it approves or disapproves apps. What I am saying is that I agree (reluctantly) with Apple's argument that hacking the system (the OS) in order to install apps puts the system - and the underlying infrastructure - at risk.
With regard to whether the iPhone should be open, yes, it should, ideally. But we have to realize that an open platform introduces risk. Windows is an open platform, and look at the disaster we have there. If OS X had the same market penetration that Windows has, I would expect that we would have a similar security debacle. Android is too new. Windows Mobile - I don't know enough about that platform to comment.
I looked at the G1 (Android) before getting an iPhone. I was very reluctant to give all of my personal data to Google. Given the disastrous breach at Network Solutions recently, I don't think it is unwise to be reluctant to want to keep one's data on one's own system.
The issues are really quite simple: (1) hacking (jailbreaking) the OS puts the system at risk, as well as any part of the infrastructure that trusts the system; and (2) a platform should not be open unless the platform is secure and supports the secure installation of insecure apps.
The reason that I myself am willing to download and install an app onto my iPhone is because I am sure that Apple has done some QA on it, and that the author values their relationship with Apple and so would not likely risk it by embedding malware. This QA that Apple provides is of great value.
The root problem is that OSs - including phone OSs - are not very secure to begin with, and to have people hacking the OS means that they are bypassing any "sandbox" technology that protects the phone - and the infrastructure - against malware.
On the other hand, if the OS were very secure, then Apple could - and should - be willing to open the platform to non-Apple approved apps. But I don't trust that the iPhone OS is secure enough to allow this. If someone can prove that it is, then they have a case for opening up the iPhone.
I believe that if programmers are told that PII is important to think about, then they will care. And they should be told that it is important.
The problem with a definition of "PII" is that the term kind of implies that it is information that can identify a person. That is not the real issue. The problem is that it is usually the correlations across information that are used to identify people. Thus, PII is really about the whether the data (the "information") can be correlated with other available information, and thereby identify someone.
Thus, you can't really create a list of "PII data elements" and leave it at that. If the data can be correlated with other public data and used to identify people with the data, thereby uncovering facts about people that are not expressly published, then the data should be considered to contain PII. This is not well understood in the industry.
PII is any information that can be used to identify a person, directly or indirectly. In most cases, it is information about activities such that correlations can be used to derive the activities of individuals or information about those individuals. IP addresses certainly fall into this category. PII is NOT particular data fields: it is data that can be correlated to infer information about individuals or their activities. That is the new view of PII.
Organizations often - indeed almost always - need to store PII. It is their responsibility to safeguard that information. We can't expect that they won't store it, but we can expect them to treat it as highly sensitive. That means compartmentalizing it (breaking it up so that if some is stolen it is not the whole set), encrypting it, limiting access to it, etc.
A dead-simple web tablet. That's like saying that the iPhone will be just a simple to use phone.
I believe the real appeal of the thing will be in the simplicity and elegance of its design, but also in its ability to do just about everything once one installs add-on apps to it. After all, it has a CPU and Linux - why woundn't one do other things on it?
Now if only it can eventually have a super low power display (like the Kindle, but color), so that we are finally free of the tyranny of being near an electric outlet.
I guess I am lamenting that if a device can be made this lightweight, with a battery that lasts for weeks, and it is actually a computer underneath, then how come we are being deprived of that as a computer? Why is it locked, so that we can't load new apps on it? I would like to have a computer that goes for weeks without recharging.
Thanks for correcting me that Kindle has Internet access. I did not know that, and you are right that I don't have one.
My point is still valid I think though. It is that the Kindle is a computer on the inside, so why not provide basic apps on it, and allow one to install more apps, just as an iPhone allows one to install more apps? I don't think that Apple thought, "the iPhone is a phone - no need to do other things on it." I would bet that if the Kindle allowed one to install more apps, just as the iPhone does, it would quickly become a more general purpose computer - with battery life of weeks. Now that is something I would buy.
A book reader is a computer. Why not make it full-featured?
I would love to have a computer that had an e-ink (persistent) display, internet access, and could also read books, with the battery life of an e-book (with internet turned off).
Why purposely limit the machine to only being able to read books? It makes no sense.
Well you are right Damon that it is all about shades of gray. Not every piece of hardware has to go to the Moon.
But, if you consider that computers are now ubiquitous, all running programs that are somewhat unreliable, what you have is a situation in which the environment around you is always somewhat broken.
True, most of the time my cell works, and most of the time my Mac works, and most of the time my routers work, and most of the time Comcast and Bind and DNS work, and most of the time my Apple TV works, and most of the time our home network works, and most of the time my office's network works, and most of the time the websites I use work, and so on and so on, but if you put all this together, the chance that something is broken on any given day is now quite high; and it is often a show-stopper for whatever I am trying to do at that moment. A true appliance should *always* work, except when it wears out after years of use.
If CPUs become ubiquitous, then we really need programs to be more reliable. The measure of reliability that matters is no longer at the device level: it is at the environment level. The environment needs to be 99% reliable (not 99.999). But that means that each device in it needs to be 99.999. That is not currently the case.
Yes, there are people who care; but they are stymied by the preponderance of those who don't and by the forces of industry that lock in bad approaches. For example, the success of the PC created a situation in which better approaches cannot be introduced because we are locked into the standards established by the PC. We are locked into the big (and ever growing) OS approach and von Neumann computing. Nothing else can enter. We are stuck on a railroad track careening through junkyards of broken stuff.
For this reason, every time I see something new come along, I now think, "but that's just more complexity when the core problem of how to build it securely has not been solved" and "now we'll just have more stuff that will not really work". Consider the Federal CIO's desire to put government data on the Web. I saw him talk at a breakfast recently. My thought was, "Using today's Web standards!?" and "I can only imagine the security disaster that will create!" It is really too bad, because he has a really great idea, but the technology is not robust enough.
Yes, Microsoft has been a big contributor to the problem, but as you say they are now providing a solution - and no one on the developer side cares. Vista's main value proposition was increased security, and all you heard in developer-focused groups (like slashdot) was how worthless it is. The fact is, today Microsoft is one of the most advanced providers in terms of its security methods. (And believe me, I am no Microsoft fan! I personally use a Mac.)
Another example: in the Linux world we have SeLinux. It is embedded in many major distros, but do any developers care? Very, very few, and the main security features of that OS are not even used and go to waste.
Developers just don't care about reliability or security until their boss tells them to care, and with the short-term focus of industry and the poor understanding that people outside of IT have of this stuff, it never gets asked for. So nothing works. People are starting to accept that things like phones and OSs and websites are broken half the time and are not trustworthy, as if that is how it must be.
I am sorry. Now I am starting to rant, not saying much new. I think you get that I am disappointed!;-) Instead of ranting, let me take a particular issue: I think the fundamental design paradigms are wrong. I think that computers should be event-based, not von-Neumann. I think that OSs should provide lots of support for application-defined event management. I think that OSs and hardware should directly support object composition so that it is possible to tell which nodes in a graph belong to which other nodes (would solve a major cause of "alias errors"). I think that languages should support the specification of enforceable patterns so that one could design secure and reliable patterns and use them and reuse them, and be sure that the resulting apps are secure and reliable. These tools are missing. And if these tools were created (they have been in some cases), they would not leave academia because developers are not interested in them and so there will be no grass-roots adoption.
And then there is of course the market side that is driving everything. That is very broken. There needs to be better industry-wide management of standards, instead of what we have today which is consortiums that let the vendors conspire to take advantage of you and me to sell new stuff. Let's take IETF for example: they have created a massive collection of inter-woven specs (pretty good specs, quality wise) but these specs have no overall architecture. They are vendor-initiated by and large, to serve special interests. So there is no overall architecture for the Internet. Maybe IP6 will fix this at the core level, but currently we have a mess of overly complex RFCs so that now to write a simple mail program one has to search through who knows how much stuff to find anything. W3C and OASIS are ten times worse: the massively complex Web standards are a disaster, from an architecture perspective; just look as WSDL, 100 times more complex than what it needs to be. All people want to do is send messages or do RPC, for crying out loud. It is a disaster, but programmers don't even realize what a bloated overly complex mass it is. And now we have HTML 5 (they finally got it right), after countless overly complex specs that are each a massive mess. Nowadays to write a friggin browser you have to be a large organization with a team of programmers. A browser should not be so large and complex!!! We are wasting energy on the wrong things, and raising the barrier to entry.
Hi dkf - you are right, but I was not trying to describe a taxonomy of languages. The fact is, most programming today is imperative and procedural, done from an OO language such as Java, Ruby, or C++/C#, etc. My point was that procedural programming (regardless of whether it is OO) is very challenging when writing software that has asynchronous aspects. So I am not in disagreement with you.
I am aware that functional and other programs can be reduced to a procedural program. After all, this is the theory behind the halting problem and the concept of a universal state machine, a-la Roger Penrose, and more recently Stephen Wolfram. Everything can be reduced to a sequential program that may or may not terminate; but a sequential program is not the best paradigm for creating the design. From your comments I think you are astute enough to know this.
You make some very, very excellent points. For example, that knowing the algorithm doesn't mean that you understand the problem. I suspect that you have dealt with real-time systems. The gap between theory and experiment is a substantial one!
Gosh, I don't think my post was worded that way, but in any case I am sorry and did not intend any personal offense. After all, I am a member of the industry, so I assumed that I could make critical commentary on my own industry.
But I did intend an indictment of the profession as a whole, if not any individual. I feel that the profession has become very unprofessional. I am not alone in this. Alan Kay for example laments that each generation of CS folks seem to completely forget what the prior generation learned. I also did intend to criticize the main infrastructures including OSs. I once was driving Warwick Ford (then CTO of Verisign) to the airport and asked him what the greatest vulnerability with regard to security is and he said "the [mainstream] OSs".
While I agree that not all people in CS produce crap, I stand by my assertion that most of the implementation "out there" is crap. The other day I called Comcast and complained that lately my DNS lookups were slow, and so their "online chat" assistant (not sure if it was human) then changed my DNS configuration while I was waiting - without telling me - and as a result all of my routers got confused (and I lost the chat session!) and in order to get the routers to let go of their leases I had to reset them all. What crap. What a system of protocol garbage that this stuff is so easily confused and can't detect that the configuration has changed and automatically trigger a new DHCP request. And it seems like every product that I buy has problems of getting confused, having to be restarted, or memory leaks. Just look at the postings about issues for _any_ major product. As Bob Dylan said, "Everything is broken". It seems that way. Everything that is programmed seems to be broken by design. My assertion that it is all crap is based on the personal experience of myself as the end user. I am not criticizing any individual: I am criticizing our (my) industry.
You might think, "Well then do something about it". I have tried. I wrote a book called High-Assurance Design. It did very poorly sales-wise, even though colleagues of mine who are very knowledgeable who read it feel that it hit the mark and that it covers security and reliability in a way that no other book does, but I have found that programmers are generally (not all cases) not interested in reliability. Most (not all) programmers just want to find a quick way to get their code done and play with the latest cool APIs or tools. That has been my experience. My prior books were about the latest cool stuff (Java Enterprise stuff at that time) and they did very well. I rest may case.
So given that, it means to me that we need programming tools (including languages) that allow one to hack together an app and have it be reliable and secure regardless. We don't have such tools today. Programmers use general purpose languages, and the programmers (generally) are not trained or inclined to perform adequate design when necessary. (Yes, there are exceptions.) We need languages with built-in patterns for concurrency and security, instead of requiring the programmer to craft those things in. In the meantime, (almost) everything is destined to be crap.
Slashdot Mirror
Ideas for products or services are not valuable: they are dime-a-dozen. The only ideas that are valuable are scientific breakthroughs. Product or service ideas are not valuable because the real challenge is to overcome the barriers to implementing an idea. The barriers include patent procedures, development costs, marketing costs, competition from entrenched players, etc. It is an unfair world in this regard, because established companies have a tremendous advantage; and if it were easy everyone would be inventing all the time because lots and lots of people have ideas. If you can overcome the challenges of filing a patent, then you might have something - if the idea is a good one. Even better, produce and market the product or service. That's the real challenge. Thinking of an idea is not a challenge. And no, no one will pay you for your good ideas unless you are a proven producer of ideas that have made money.
I don't agree that the fault was in insufficient training. A device such as this one should have been built to operate in an appliance-like manner. It should not have been possible to set the machine to a setting that was dangerous.
So many devices are not properly tested. We talk about the Therac-25: what about the Apple TV? I use a Mac and so I prefer Apple products over the commercial alternatives, but the Apple TV is one of the most poorly engineered devices I have ever used, and the problems are all in the software. It simply was not tested (it seems) to handle all of the many asynchronous conditions that occur during use. Ironically it is designed to be appliance-like. It doesn't even have an on-off switch, yet I have to unplug the thing to reset it every single time I use it. It clearly relies on procedural routines that test for this and that and if some condition is true it sets that state, only to have the condition turn false a moment later, but the thing cannot detect that and it gets stuck in undefined states and so it then can't access the Internet (because it thinks it is not available when it actually is) or it thinks your library has been deleted when it hasn't or it "forgets" your iTunes password until you reset the machine, and so on and so on. Whoever designed the software does not understand real-time programming and it clearly was not tested properly.
This is common within our industry. Programmers think procedurally. They check some variable and then go on to assume that the variable retains that value for the remainder of the current method, when in fact it might change if the variable can be set by another routine due to an asynchronous event such as user input or a change initiated by another part of the system.
Testing needs to be extensive and planned out, and it needs to consider all of the failure modes and events that might occur, including the unlikely ones, because in real use a one in a million event that causes a death does matter if the system is going to be used by the thousands across the globe. Anyone who does not properly test such a system should be liable for that death.
Mainframe transaction platforms are rock solid - much more than one can say for most web app platforms.
"...easier and faster for corporations to enforce their intellectual property rights around the world."
Corporations - that says it all: to exclude lone inventors.
They just want the ability to build patent firewalls around their products, so that no upstart inventor can threaten them. Basically, they want to make it impossible for anyone to start a company around a new idea. They want big corporations like Microsoft to be the only ones who can have products. Everyone else will be crushed by their attorneys.
That is how "IP" is used today.
Claims that IT is mature are the result of a lack of imagination.
At the turn of the 20th century there were similar claims that the automobile was mature and could not be improved any more.
What about the fact that Moore's Law has no end in sight?
What about the need to shift the focus on design instead of programming, in order to finally be able to create secure and reliable systems?
What about the prospect of autonomous robots - getting more credible every day?
What about the likelihood that CPU-based systems will see their last days when it becomes feasible to reprogram hardware architecture dynamically, in real time?
What about the emergence of massive parallelism on the desktop (and laptop), leading to real-time ray traced graphics and simulation?
What about the prospect of real-time 3D displays?
What about the prospect of intelligent machines? (In this area, there is much to fear.)
If anything, IT is dynamic, and what will come is likely to be more transforming than what has already occurred.
Apple's argument against "Why should Apple stop people from downloading from non-Apple stores, if that user wants?" is that it requires hacking the OS, and I have pointed out that doing so does in fact put the handset at risk (from installed malware), and that it is possible that a vulnerable handset could compromise the other users on the network if not the network itself. Knowing which of the latter scenarios applies requires an in-depth analysis of the security model of the iPhone and the network protocol. So I think I have been on point. From a philosophical point of view, I am in agreement that we should be allowed to install what we want on something that we own; but the unfortunate fact is that this stuff is just too unreliable and insecure. It's like allowing people to drive race cars on the highway. Anyone should be allowed to drive any car they want at any speed they want - but not on a public highway. The mobile networks are public highways. To put a device on one of these networks there should be a certification regime of some kind, to ensure that the other devices on the network and the network itself are protected from a rogue device. Apple's app system is a certification regime. It is proprietary and that is not good, but until we have a non-proprietary system to replace it, we should abide by it.
That's reassuring. I would hope they would care about quality. But then again, I have an Apple TV, and it has to be restarted about once every two days or it can no longer connect to the Internet, starts running very slowly (memory leak???), and so on. A beautifully conceived but unreliable product - from Apple. My motto for the thing: It just doesn't work. ;-) But I use it because I won't run Windows as a media center because I expect it would be worse (since it's Windows underneath), and I don't have the time to fiddle with Linux unfortunately.
In 1993 I had a Compaq Concerto. It was my favorite computer of all time (even more than my Macs that I have now). It was a pen-based machine and also had a keyboard. (Contrary to popular opinion, handwriting recognition actually worked: the catch is that it required the user to adapt and learn how to write so that the system can read your writing. If you were willing to do that, it had a very high rate of recognition.) The machine came with 4Mb or RAM but I put 12Mb in it - and that was considered HUGE at that time. (The battery lasted for four hours, and I had two so I could go for eight hours.) I ran Photoshop with NO PROBLEM on the machine, and many apps at once, including Netscape, etc. - which as you might recall had Java and lots of things bundled into it. I used to program in C++, Java, and Pascal on the thing. I seem to recall that it had a 128Mb disk drive.
So what the heck is the 16Gb of Windows 7 for????? In terms of the value of my computing experience, they are about the same - except that the Concerto would not have been able to handle the large media files of today unless you increased the RAM and disk space - but the OS certainly would not have minded as long as the codecs were installed. And let's not say it is because Windows is now multi-tasking where as Win 3.1 wasn't, because the original Unix was multi-tasking, and it fit in 4k or something like that.
I recall that I once installed Photoshop 3 on a Windows ME machine at a time when the latest version of Photoshop was 7. (Photoshop 7 was designed to run on Macs and Windows 3.1.) It started and was ready to use in under one second!!! And it was lightning fast. Using the current Photoshop of that time required the usual 30 seconds to start up. Yet, Photoshop 3 did everything - it just did not have some of the bells and whistles of later versions that one normally does not use - things that should not be part of the runtime anyway. In any case, any new features were not worth a factor of 20+ in startup time and a similar factor in memory footprint!
So my conclusion is that the current bloatware is somehow designed to be bloated. Something is fishy! Is it the large OS libraries that must be linked in now? The .Net, layered on top of the Win API? (talking about Windows here - similar questions for other OSs.) I suspect that our software could be much leaner, and run on much smaller footprints, and start and run much, much faster, and therefore use much less power - and therefore run for much longer without recharging. Again, I wish someone would decompile the code of some of these programs (and OSs) and see what the extra bloat is actually doing and what the source of it is.
Exactly. The huge bloat defies explanation. I wish someone would decompile the code and see exactly why it is so friggin huge!!! In terms of value per byte, it seems way out of whack with what we had a decade ago.
Lighter weight Windows XP - now that is a contradiction in terms!!!
How rude, to describe me as "ignorant". I am not ignorant: I have degrees in two branches of engineering, have studied EE extensively (both analog and digital signal processing, and have written microcode silicon compilers), and am quite familiar with many branches of telecommunications, although I admit that cell networks are not an area I know in depth. I have also written a book on application security. Please don't call me ignorant: it is very trailer-parkish to do so.
Back to the discussion:
The fundamental security issue is: If the infrastructure trusts the platform, and the platform is compromised, then the infrastructure can be compromised. It is possible (I defer to you on this, since you are a professed expert on cell networks) that the cell network does not trust the parts of the handset that are accessible to the handset OS - that is, that the interactions are in firmware or on another chip. But, I will point out that it is not only the cell tower that is at risk. A handset app can communicate with other users across the network, using the network as a mere conduit, without compromising the network. Imagine a bot herd of a hundred million cellphones....
If Apple has built a secure system to protect against this, then there is nothing to worry about; but I am not so sure that is the case.
You are right - I don't disagree. I am not saying they are fair. I am just saying that in addition to rejecting apps they don't want, they also (hopefully) reject apps that are a risk. That is the QA that has value. Of course, I don't know what they are actually doing behind the scenes....
I really wish that some posters here would resist the urge to be rude and grandstand in order to bully their point. I am not "misinformed" as you say (I am very familiar with BSD), and my comment is indeed relevant. If it were not, you would not have had so much to say about it. ;-)
But back to the discussion:
You appear to be confusing the issue of "jailbreaking" with the issue of having an open platform. I agree that an open platform is a good thing in theory; and I agree that Apple is acting in its own interests when it approves or disapproves apps. What I am saying is that I agree (reluctantly) with Apple's argument that hacking the system (the OS) in order to install apps puts the system - and the underlying infrastructure - at risk.
With regard to whether the iPhone should be open, yes, it should, ideally. But we have to realize that an open platform introduces risk. Windows is an open platform, and look at the disaster we have there. If OS X had the same market penetration that Windows has, I would expect that we would have a similar security debacle. Android is too new. Windows Mobile - I don't know enough about that platform to comment.
I looked at the G1 (Android) before getting an iPhone. I was very reluctant to give all of my personal data to Google. Given the disastrous breach at Network Solutions recently, I don't think it is unwise to be reluctant to want to keep one's data on one's own system.
The issues are really quite simple: (1) hacking (jailbreaking) the OS puts the system at risk, as well as any part of the infrastructure that trusts the system; and (2) a platform should not be open unless the platform is secure and supports the secure installation of insecure apps.
I reluctantly agree with them.
The reason that I myself am willing to download and install an app onto my iPhone is because I am sure that Apple has done some QA on it, and that the author values their relationship with Apple and so would not likely risk it by embedding malware. This QA that Apple provides is of great value.
The root problem is that OSs - including phone OSs - are not very secure to begin with, and to have people hacking the OS means that they are bypassing any "sandbox" technology that protects the phone - and the infrastructure - against malware.
On the other hand, if the OS were very secure, then Apple could - and should - be willing to open the platform to non-Apple approved apps. But I don't trust that the iPhone OS is secure enough to allow this. If someone can prove that it is, then they have a case for opening up the iPhone.
I believe that if programmers are told that PII is important to think about, then they will care. And they should be told that it is important.
The problem with a definition of "PII" is that the term kind of implies that it is information that can identify a person. That is not the real issue. The problem is that it is usually the correlations across information that are used to identify people. Thus, PII is really about the whether the data (the "information") can be correlated with other available information, and thereby identify someone.
Thus, you can't really create a list of "PII data elements" and leave it at that. If the data can be correlated with other public data and used to identify people with the data, thereby uncovering facts about people that are not expressly published, then the data should be considered to contain PII. This is not well understood in the industry.
- Cliff (author of High-Assurance Design)
Very insightful. I agree.
The last thing we need is to brainwash kids into the current dead-end methods of implementing software: "coding".
PII is any information that can be used to identify a person, directly or indirectly. In most cases, it is information about activities such that correlations can be used to derive the activities of individuals or information about those individuals. IP addresses certainly fall into this category. PII is NOT particular data fields: it is data that can be correlated to infer information about individuals or their activities. That is the new view of PII.
Organizations often - indeed almost always - need to store PII. It is their responsibility to safeguard that information. We can't expect that they won't store it, but we can expect them to treat it as highly sensitive. That means compartmentalizing it (breaking it up so that if some is stolen it is not the whole set), encrypting it, limiting access to it, etc.
A dead-simple web tablet. That's like saying that the iPhone will be just a simple to use phone.
I believe the real appeal of the thing will be in the simplicity and elegance of its design, but also in its ability to do just about everything once one installs add-on apps to it. After all, it has a CPU and Linux - why woundn't one do other things on it?
Now if only it can eventually have a super low power display (like the Kindle, but color), so that we are finally free of the tyranny of being near an electric outlet.
Will do. I will check it out.
I guess I am lamenting that if a device can be made this lightweight, with a battery that lasts for weeks, and it is actually a computer underneath, then how come we are being deprived of that as a computer? Why is it locked, so that we can't load new apps on it? I would like to have a computer that goes for weeks without recharging.
No need to be rude here.
Thanks for correcting me that Kindle has Internet access. I did not know that, and you are right that I don't have one.
My point is still valid I think though. It is that the Kindle is a computer on the inside, so why not provide basic apps on it, and allow one to install more apps, just as an iPhone allows one to install more apps? I don't think that Apple thought, "the iPhone is a phone - no need to do other things on it." I would bet that if the Kindle allowed one to install more apps, just as the iPhone does, it would quickly become a more general purpose computer - with battery life of weeks. Now that is something I would buy.
I fail to see the logic in a book reader.
A book reader is a computer. Why not make it full-featured?
I would love to have a computer that had an e-ink (persistent) display, internet access, and could also read books, with the battery life of an e-book (with internet turned off).
Why purposely limit the machine to only being able to read books? It makes no sense.
Well you are right Damon that it is all about shades of gray. Not every piece of hardware has to go to the Moon.
But, if you consider that computers are now ubiquitous, all running programs that are somewhat unreliable, what you have is a situation in which the environment around you is always somewhat broken.
True, most of the time my cell works, and most of the time my Mac works, and most of the time my routers work, and most of the time Comcast and Bind and DNS work, and most of the time my Apple TV works, and most of the time our home network works, and most of the time my office's network works, and most of the time the websites I use work, and so on and so on, but if you put all this together, the chance that something is broken on any given day is now quite high; and it is often a show-stopper for whatever I am trying to do at that moment. A true appliance should *always* work, except when it wears out after years of use.
If CPUs become ubiquitous, then we really need programs to be more reliable. The measure of reliability that matters is no longer at the device level: it is at the environment level. The environment needs to be 99% reliable (not 99.999). But that means that each device in it needs to be 99.999. That is not currently the case.
Yes, there are people who care; but they are stymied by the preponderance of those who don't and by the forces of industry that lock in bad approaches. For example, the success of the PC created a situation in which better approaches cannot be introduced because we are locked into the standards established by the PC. We are locked into the big (and ever growing) OS approach and von Neumann computing. Nothing else can enter. We are stuck on a railroad track careening through junkyards of broken stuff.
For this reason, every time I see something new come along, I now think, "but that's just more complexity when the core problem of how to build it securely has not been solved" and "now we'll just have more stuff that will not really work". Consider the Federal CIO's desire to put government data on the Web. I saw him talk at a breakfast recently. My thought was, "Using today's Web standards!?" and "I can only imagine the security disaster that will create!" It is really too bad, because he has a really great idea, but the technology is not robust enough.
Yes, Microsoft has been a big contributor to the problem, but as you say they are now providing a solution - and no one on the developer side cares. Vista's main value proposition was increased security, and all you heard in developer-focused groups (like slashdot) was how worthless it is. The fact is, today Microsoft is one of the most advanced providers in terms of its security methods. (And believe me, I am no Microsoft fan! I personally use a Mac.)
Another example: in the Linux world we have SeLinux. It is embedded in many major distros, but do any developers care? Very, very few, and the main security features of that OS are not even used and go to waste.
Developers just don't care about reliability or security until their boss tells them to care, and with the short-term focus of industry and the poor understanding that people outside of IT have of this stuff, it never gets asked for. So nothing works. People are starting to accept that things like phones and OSs and websites are broken half the time and are not trustworthy, as if that is how it must be.
I am sorry. Now I am starting to rant, not saying much new. I think you get that I am disappointed! ;-) Instead of ranting, let me take a particular issue: I think the fundamental design paradigms are wrong. I think that computers should be event-based, not von-Neumann. I think that OSs should provide lots of support for application-defined event management. I think that OSs and hardware should directly support object composition so that it is possible to tell which nodes in a graph belong to which other nodes (would solve a major cause of "alias errors"). I think that languages should support the specification of enforceable patterns so that one could design secure and reliable patterns and use them and reuse them, and be sure that the resulting apps are secure and reliable. These tools are missing. And if these tools were created (they have been in some cases), they would not leave academia because developers are not interested in them and so there will be no grass-roots adoption.
And then there is of course the market side that is driving everything. That is very broken. There needs to be better industry-wide management of standards, instead of what we have today which is consortiums that let the vendors conspire to take advantage of you and me to sell new stuff. Let's take IETF for example: they have created a massive collection of inter-woven specs (pretty good specs, quality wise) but these specs have no overall architecture. They are vendor-initiated by and large, to serve special interests. So there is no overall architecture for the Internet. Maybe IP6 will fix this at the core level, but currently we have a mess of overly complex RFCs so that now to write a simple mail program one has to search through who knows how much stuff to find anything. W3C and OASIS are ten times worse: the massively complex Web standards are a disaster, from an architecture perspective; just look as WSDL, 100 times more complex than what it needs to be. All people want to do is send messages or do RPC, for crying out loud. It is a disaster, but programmers don't even realize what a bloated overly complex mass it is. And now we have HTML 5 (they finally got it right), after countless overly complex specs that are each a massive mess. Nowadays to write a friggin browser you have to be a large organization with a team of programmers. A browser should not be so large and complex!!! We are wasting energy on the wrong things, and raising the barrier to entry.
Gotta to go to my office now....
Cheers!
Hi dkf - you are right, but I was not trying to describe a taxonomy of languages. The fact is, most programming today is imperative and procedural, done from an OO language such as Java, Ruby, or C++/C#, etc. My point was that procedural programming (regardless of whether it is OO) is very challenging when writing software that has asynchronous aspects. So I am not in disagreement with you.
I am aware that functional and other programs can be reduced to a procedural program. After all, this is the theory behind the halting problem and the concept of a universal state machine, a-la Roger Penrose, and more recently Stephen Wolfram. Everything can be reduced to a sequential program that may or may not terminate; but a sequential program is not the best paradigm for creating the design. From your comments I think you are astute enough to know this.
You make some very, very excellent points. For example, that knowing the algorithm doesn't mean that you understand the problem. I suspect that you have dealt with real-time systems. The gap between theory and experiment is a substantial one!
Gosh, I don't think my post was worded that way, but in any case I am sorry and did not intend any personal offense. After all, I am a member of the industry, so I assumed that I could make critical commentary on my own industry.
But I did intend an indictment of the profession as a whole, if not any individual. I feel that the profession has become very unprofessional. I am not alone in this. Alan Kay for example laments that each generation of CS folks seem to completely forget what the prior generation learned. I also did intend to criticize the main infrastructures including OSs. I once was driving Warwick Ford (then CTO of Verisign) to the airport and asked him what the greatest vulnerability with regard to security is and he said "the [mainstream] OSs".
While I agree that not all people in CS produce crap, I stand by my assertion that most of the implementation "out there" is crap. The other day I called Comcast and complained that lately my DNS lookups were slow, and so their "online chat" assistant (not sure if it was human) then changed my DNS configuration while I was waiting - without telling me - and as a result all of my routers got confused (and I lost the chat session!) and in order to get the routers to let go of their leases I had to reset them all. What crap. What a system of protocol garbage that this stuff is so easily confused and can't detect that the configuration has changed and automatically trigger a new DHCP request. And it seems like every product that I buy has problems of getting confused, having to be restarted, or memory leaks. Just look at the postings about issues for _any_ major product. As Bob Dylan said, "Everything is broken". It seems that way. Everything that is programmed seems to be broken by design. My assertion that it is all crap is based on the personal experience of myself as the end user. I am not criticizing any individual: I am criticizing our (my) industry.
You might think, "Well then do something about it". I have tried. I wrote a book called High-Assurance Design. It did very poorly sales-wise, even though colleagues of mine who are very knowledgeable who read it feel that it hit the mark and that it covers security and reliability in a way that no other book does, but I have found that programmers are generally (not all cases) not interested in reliability. Most (not all) programmers just want to find a quick way to get their code done and play with the latest cool APIs or tools. That has been my experience. My prior books were about the latest cool stuff (Java Enterprise stuff at that time) and they did very well. I rest may case.
So given that, it means to me that we need programming tools (including languages) that allow one to hack together an app and have it be reliable and secure regardless. We don't have such tools today. Programmers use general purpose languages, and the programmers (generally) are not trained or inclined to perform adequate design when necessary. (Yes, there are exceptions.) We need languages with built-in patterns for concurrency and security, instead of requiring the programmer to craft those things in. In the meantime, (almost) everything is destined to be crap.