Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Ah, Damnit... (Score 1) 447

by nine-times (#49136663) Attached to: Users Decry New Icon Look In Windows 10

I guess they're still trying to prove that they can ignore overwhelming customer feedback in a way that's uniquely suited to mega corporations.

Except that a lot of people really like the flat look. That's why Google, Apple, and Microsoft have all adopted it. They're not ignoring customer feedback, they're chasing after it.

Don't assume that just because you think something is ugly, everyone else agrees.

Comment: Re:If you hate Change so much...... (Score 3, Insightful) 447

by nine-times (#49136589) Attached to: Users Decry New Icon Look In Windows 10

I just want to interject an opposing point of view here. It's very easy to think that icons don't matter, and that the only thing that matters is some kind of 'objective functionality'. Like, "Windows boots up, it runs the things I want, it has the features I want, therefore icons are irrelevant." I can think of few reasons, off the top of my head, why we shouldn't be so dismissive of design.

First, design matters for the sake of clarity. In the example of icons, you want to make sure that it's clear which image is an icon, and which is some other design element. Which images are clickable? What does that image represent? Those questions are important for UI design. Further, it's important that icons are distinguishable from each other.

As much as possible, you want icons to provide a cue to the user as to what will happen when you click on that icon. If you're going to have one icon for a folder that contains music, and another for a folder that contains images, you don't want them to look close enough that they can be confused. Going further down the line of thinking, if you're going to use the "folder" metaphor, then you probably want to make all 'folders' have folder icons, and have no applications have icons that look like folders. Consistency is also very important in making a UI intuitive and usable.

But all of that is still a bit in the realm of 'practical' and 'functional', and I'd want to make an additional argument that it matters whether a UI is 'pretty'. In short, you have people sitting in a chair looking at these images for 8-12 hours per day, and design aspects of the interface have to have a psychological impact on a person. It would be subtle, in that I would bet small changes have essentially no effect, but still important, in that I would bet that a drastic change in UI 'prettiness' could have a major impact on a person's mood and even productivity over time.

Comment: Re:Another bad omen for privacy and security (Score 1) 274

by nine-times (#49130389) Attached to: Moxie Marlinspike: GPG Has Run Its Course

It's just a mess before you even get to key management, and there's not really a good, iron-clad key management system.

I'm not sure what you mean by that? But yes, it's not optimal on Windows. For us Linux users it's much easier because gpg is usually installed by default and every thing we need is a "yum install" or "apt-get install" away

What I meant by that last point is something that I imagine will be pretty controversial: I think that if you'd like to see encryption be more widespread, we not only need very easy software that supports it by default, but some key-management services that guarantees that you access to your keys across platforms, at all times, and that your keys are safe and backed up. Even if it means trusting your private keys to a 3rd party like Lastpass or Google or Microsoft, and they could theoretically decrypt all of your files and communication, most people simply cannot be trusted to secure their own keys. And most people will need support in making sure their keys are set up right, backed up, and revoked in case of a problem.

There are a lot of different ways that this could be handled, but a lot of people who favor GPG seem to like the fact that they can encrypt everything end-to-end, keep hold on their own keys, etc. The idea of trusting a 3rd party to safeguard your key might seem antithetical to the whole idea. However, most people are not so thorough or patient. Most people don't even want to think about keys. They would like encryption, but they want it to be complete transparent, so that everything is encrypted without them noticing, and without danger of data loss. Systems that are not set up that way will not succeed with the general public.

Comment: Re:Another bad omen for privacy and security (Score 1) 274

by nine-times (#49127999) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Using crypto is hard. People lose keys, forget passwords, don't transmit keys in a secure way, don't store keys in a secure way, revoking keys, checking for revocation, using third party services like webmail and so on. Strong crypto is like losing your house key and being told that sucks, but since it's an impenetrable bunker with an unpickable lock there's nothing you can do but start from scratch.

I agree that this is roughly the problem. I don't use GPG to encrypt my email, for example, because nobody I know has anything installed capable of decrypting is or even verifying the signature.

I could tell them to download/install things, and even if they were somewhat willing to give it a try, there's a big problem.

So I'll admit that I haven't bothered with it in years, but I suspect that it hasn't improved dramatically because (and this is part of the problem) usability for these kinds of things never seem to improve. So what I'm going to say may not be 100% accurate, based on past experience, here's a general overview of the sort of thing that happens:

Joe Sixpack hears that he can encrypt his email and read friends' encrypted email if he just installs Enigmail for Thunderbird. He's a little confused by this, since he doesn't know what Enigmail or Thunderbird is, and he just uses Gmail. But let's assume Joe Sixpack is smart, interested, and persistent, so he goes looking for answers.

He locates and installs Thunderbird. Ok, weird. It's a weird old-style email application of the kind that Joe doesn't use anymore, and it has tabs for some reason. Joe doesn't really know what to do with that, but he ignores it for now. He gets his email set up and working.

Joe goes looking for Enigmail, and finds out that it's a plugin of some kind. He finds a site with an install button. He clicks it, and... it downloads some weird file. Joe doesn't know what to do with this. He double-clicks on it, and it doesn't run. He drags it to the Thunderbird window, and nothing happens. Confused, Joe googles around for answers, and finally finds install instructions. Yay! Enigmail is installed.

Joe runs Thunderbird and tries to click on the buttons that Engimail added, and... nothing happens. Is it working? No, there's some weird error message. Joe googles that error message, and finds that he needs to install GPG, too. Nobody told Joe about GPG. Oh well. He googles GPG, and downloads an installer. He runs it, GPG is installed, and he tries again. Now he gets a different error. On researching that, it turns out that he downloaded the wrong GPG installer. He needs a different one, though it's not clear why. Joe locates the correct installer, downloads and installs that, and bingo, things seem to be working now.

But now Joe is being prompted for information about... I don't know, something about fish? There are lots of letters and what Joe thinks are acronyms or something. Who knows. He needs to enter a password, and there's something about "keys"....?

Joe's thinking, "Wait, so I need to make 'keys' and back them up? Where do I back them up. I'm being warned that if I lose them, I lose all of my info, but there's no clear way to back them up so that I can't lose them." He forges ahead, creates the keys. Uploads something to a server somewhere-- public keys. "I guess that's fine for them to be uploaded. It says they're public. But then were did those keys go? I can't find the files. How do I back them up if I can't find the files." Finally, "Ok, fuck this. I don't want to deal with this. I don't even know anyone else who encrypts their email, so why am I doing all this?"

Joe calls it quits for a couple of months, and then gets curious and decides to try again. By this time, he's lost his keys, and he realizes that losing keys is a real danger. Meanwhile, in the process of screwing around with things, he finds that his old public keys are still on a server somewhere. They have no revocation date, and he doesn't have any means to revoke them, so they're just there, potentially confusing. Joe spends a couple hours trying to figure out that little problem, and then gives up for good this time.

Sorry, I rambled on a bit there, but the point is, there's no real support or infrastructure for this kind of encryption. There's no friendly GUI. It's not built into the applications that people already use, so they have to get multiple plugins, and then other supporting files for those plugins. It's just a mess before you even get to key management, and there's not really a good, iron-clad key management system.

Comment: Re:What he really said (Score 1) 668

by nine-times (#49111041) Attached to: Bill Nye Disses "Regular" Software Writers' Science Knowledge

I didn't read it, but I would also guess that part of his reason for calling out programmers might be in order to refute the whole concept of "STEM" as a coherent subject. Like, "I learned to program, so that must mean that I understand particle physics," or "I'm an engineer, so I understand all science in general."

Comment: Re:Huh? (Score 2, Informative) 220

by nine-times (#49079501) Attached to: Obama Says He's 'A Strong Believer In Strong Encryption'

It's funny. On the one hand, you have people screaming bloody murder because Obama is acting like a dictator, giving people healthcare that they don't want, and obviously, as an elected official, the President should follow the will of the people.

On the other hand, he's a spineless pandering lame-duck who is unable to make unpopular choices.

I don't know what to make of it. Ah, except maybe this little statement that you quoted is actually relevant here: "The first time that an attack takes place in which it turns out that we had a lead and we couldn't follow up on it, the public's going to demand answers." So what he's pointing out is that, with all the people demanding privacy and encryption and whatever else, those very same people will be looking for his head on a platter the first time encryption works against them. What he's pointing out here is that people are fickle and inconsistent, and it's foolish to run around satisfying today's whims without considering tomorrows reality.

Turns out he understands the nature of this "making hard choices" than you do.

Comment: Bad examples (Score 1) 809

by nine-times (#49049869) Attached to: Ask Slashdot: What Portion of Developers Are Bad At What They Do?

I'm going to echo what others are saying and say that I think your examples are bad. I wouldn't necessarily expect a developer to understand public key encryption unless they had a background of working with public key encryption. You don't necessarily need to understand that sort of thing to make web applications or iOS apps, so it really depends on the kind of development you're doing.

Regarding file encryption, I find the question to be reasonable. If you want to send an encrypted Excel file to someone, it's probably smarter to just use the built-in password protection and encryption. If you can trust that someone has Excel enough to send them an Excel file, then you can assume they have Excel enough to open a password protected file. I would not, however, trust that someone has GPG installed.

Getting back to your question, I generally estimate that roughly 80% of people are bad at their jobs, whatever they do. This is based on a couple decades of anecdotal evidence in the professional world, but it's borne out with the new experience I continue to have, and other people seem to share the experience.

Comment: Failure mode? (Score 3, Insightful) 73

by KlomDark (#49049641) Attached to: EU Preparing Vast Air Passenger Database

Perhaps we are entering another species failure mode that we will have to solve for. Computers and the internet are great gifts to humanity, but it seems lately to have taken a bad turn. Instead of uplifting the human race, it's starting to look more like a trap.

I've spent my whole life involved with computers and networking. Now at times I wonder if I will eventually regret my contributions to building this better mouse trap.

I personally find that the risk of a dark totalitarian period that lasts for hundreds or thousands of years to be more threatening than any terrorist threat these dark systems purport to protect us from.

Humanity needs to figure out how we want to use these new tools. All this surveillance mode machinery is not good. It just takes one evil dictator to get control of this to trap us in ten thousand years of darkness.

It's a sad fearful reality we are marching towards these days.

Whom the gods would destroy, they first teach BASIC.