Insightful my ass. As I understand it Microsoft is responding to customer requests _not_ to release patches willy nilly and instead bundles them up into one release. Catch-22 all around.
DRM, when done right, would imply that the key material isn't stored alongside the encrypted/protected data.
If implemented by the corporate entity it would be possible to use DRM to both protect accidental exposure due to lost USB drives and 'leaks' from disgruntled employees.
Yes, manual encryption etc would go a long way; but how many employees could really be expected to pay attention to rules like that? And especially CTO's would be expected to ignore such things. .
Look, I don't like DRM as much as the next geek. I wish I could put my legally purchased music onto a USB drive/MP3 player and listen to it without restrictions.
But that isn't the point here. In this situation you have a corporation which owns the data and has a vested interest in controlling exactly which devices and equipment the files can be viewed/played/copied/edited/etc on. DRM is the appropriate solution.
I've found that non-computer poeple think they _should_ automatically know and understand the computer. They feel stupid and left out and maybe a bit embarrassed that they don't.
I think explaining that the various metaphors ("desktop", "file folder", "trashcan" etc) were made up helps. The naive user can learn early on that if something doesn't makes sense it might not be their fault. This is a logical move towards getting people to experiment. They discover which metaphors the computer programmer was using, and experiment to find out how well the programmer succeeded in their implementation.
To borrow an example from the mac world sometimes the trashcan works to delete something and sometimes it doesn't. How is somebody to know which it is? You gotta try! Creating some junk, deleting it. Experimenting etc is a totally appropriate thing to do.
And what you're doing is not "being dumb" but rather figuring out what the orignal programmer was thinking. This helps peopel relax a little bit about their failures.
If you have enough faith it will persist no matter how much you learn. The *realy* faithful can do both. When you get right down to it the ID folks who feel threatened by science are actually doubters without enough faith.
Re: The most effective way to stop phishing is to educate the "phish".
I suppose while we're at it we should teach people to manually examine every IP packet they recieve? Silly idea, eh? Clearly you're thinking about this wrong.
We need to develop the technologies to help users manage their secure relationships. An authenticated connection to a web server (bank, ebay, etc) must be bidirectionally authenticated. And the web browser needs to help make this distinction clear. A couple of areas for improvement include,
1. Web browsers must have UI elements to clarify if a connection has been bidirectionally authenticated. We're starting down this path but to date have only tried to display the results of a unidirectional SSL authentication (server-auth).
2. Web browsers must have functionality that provides bidirectional authentication. For example digest-mode realm authentication, although that isn't used by many web developers. So why not? What can the browser engineers's do to provide a better mechanism for this?
Slashdot Mirror
Insightful my ass. As I understand it Microsoft is responding to customer requests _not_ to release patches willy nilly and instead bundles them up into one release. Catch-22 all around.
Does MIT provide you with a free computer?
Oh. So it's NOT free.
I guess you'll stick with library books, then.
DRM, when done right, would imply that the key material isn't stored alongside the encrypted/protected data.
If implemented by the corporate entity it would be possible to use DRM to both protect accidental exposure due to lost USB drives and 'leaks' from disgruntled employees.
Yes, manual encryption etc would go a long way; but how many employees could really be expected to pay attention to rules like that? And especially CTO's would be expected to ignore such things. .
Look, I don't like DRM as much as the next geek. I wish I could put my legally purchased music onto a USB drive/MP3 player and listen to it without restrictions.
But that isn't the point here. In this situation you have a corporation which owns the data and has a vested interest in controlling exactly which devices and equipment the files can be viewed/played/copied/edited/etc on. DRM is the appropriate solution.
I've found that non-computer poeple think they _should_ automatically know and understand the computer. They feel stupid and left out and maybe a bit embarrassed that they don't.
I think explaining that the various metaphors ("desktop", "file folder", "trashcan" etc) were made up helps. The naive user can learn early on that if something doesn't makes sense it might not be their fault. This is a logical move towards getting people to experiment. They discover which metaphors the computer programmer was using, and experiment to find out how well the programmer succeeded in their implementation.
To borrow an example from the mac world sometimes the trashcan works to delete something and sometimes it doesn't. How is somebody to know which it is? You gotta try! Creating some junk, deleting it. Experimenting etc is a totally appropriate thing to do.
And what you're doing is not "being dumb" but rather figuring out what the orignal programmer was thinking. This helps peopel relax a little bit about their failures.
If you have enough faith it will persist no matter how much you learn. The *realy* faithful can do both. When you get right down to it the ID folks who feel threatened by science are actually doubters without enough faith.
Re: The most effective way to stop phishing is to educate the "phish".
I suppose while we're at it we should teach people to manually examine every IP packet they recieve? Silly idea, eh? Clearly you're thinking about this wrong.
We need to develop the technologies to help users manage their secure relationships. An authenticated connection to a web server (bank, ebay, etc) must be bidirectionally authenticated. And the web browser needs to help make this distinction clear. A couple of areas for improvement include,
1. Web browsers must have UI elements to clarify if a connection has been bidirectionally authenticated. We're starting down this path but to date have only tried to display the results of a unidirectional SSL authentication (server-auth).
2. Web browsers must have functionality that provides bidirectional authentication. For example digest-mode realm authentication, although that isn't used by many web developers. So why not? What can the browser engineers's do to provide a better mechanism for this?