Slashdot videos: Now with more Slashdot!
To clarify, I think it's pretty obvious to anyone who isn't dumb, and isn't being intentionally obtuse, that Gmail does not provide the level of security I'm suggesting.
So I guess the question is, which are you? An idiot, or an asshole?
Who said those were the things that I wanted?
I don't see any usability problem for a token usage of encryption already for a few years. Only problem is with real usage of encryption, and that necessitates third parties / intermediaries to be unable to decrypt.
I'm not sure whether this is what you mean, but I think you may be missing the point with your talk about "real encryption". It is not necessary that no third parties can decrypt your data or messages in order to have encryption be useful. Security is not about absolutes. In almost all real-life security scenarios, there are requirements that you allow certain vulnerabilities, and that you trust some people.
For example, you can say, "With GPG, I don't have to trust anyone. I encrypt a message, and then the only person who can read it is the recipient."
But that's not strictly true. First, you're still trusting the recipient. That recipient could decrypt your message and make it public. Technology doesn't help you there. Additionally, you're trusting the recipient's security. If that recipient has malware that snoops on communications or grabs their private keys, the message can be decrypted. If that recipient has an untrustworthy spouse with access to the recipient's computers and passwords, then your information isn't completely safe.
Beyond that, you're trusting the makers of GPG. You're trusting that they know what they're doing-- that when they say their encryption can't be broken, they're right about that. You're also trusting that those people are not malicious themselves, and haven't left any backdoors available. You might argue that people can audit the code, but then you're just trusting the auditors. Even if you audit the code yourself, you're trusting your own understanding, which relies on the accuracy of your education on the topic.
So I'm getting kind of picky here, but the point is, if you understand security, then you understand that there is no situation without trust and vulnerability. The trick is to understand your vulnerabilities, and to be careful in choosing who to trust.
So if, in order to protect yourself from the data loss that would result in losing your keys, you choose to trust some other third party, that is not necessarily bad security. The trick would be in making sure you understood the vulnerabilities it exposed, and to choose the right people to trust. I'd rather trust Google to secure my email then I would trust the internet in general not to read my unsecured email.
I guess they're still trying to prove that they can ignore overwhelming customer feedback in a way that's uniquely suited to mega corporations.
Except that a lot of people really like the flat look. That's why Google, Apple, and Microsoft have all adopted it. They're not ignoring customer feedback, they're chasing after it.
Don't assume that just because you think something is ugly, everyone else agrees.
I just want to interject an opposing point of view here. It's very easy to think that icons don't matter, and that the only thing that matters is some kind of 'objective functionality'. Like, "Windows boots up, it runs the things I want, it has the features I want, therefore icons are irrelevant." I can think of few reasons, off the top of my head, why we shouldn't be so dismissive of design.
First, design matters for the sake of clarity. In the example of icons, you want to make sure that it's clear which image is an icon, and which is some other design element. Which images are clickable? What does that image represent? Those questions are important for UI design. Further, it's important that icons are distinguishable from each other.
As much as possible, you want icons to provide a cue to the user as to what will happen when you click on that icon. If you're going to have one icon for a folder that contains music, and another for a folder that contains images, you don't want them to look close enough that they can be confused. Going further down the line of thinking, if you're going to use the "folder" metaphor, then you probably want to make all 'folders' have folder icons, and have no applications have icons that look like folders. Consistency is also very important in making a UI intuitive and usable.
But all of that is still a bit in the realm of 'practical' and 'functional', and I'd want to make an additional argument that it matters whether a UI is 'pretty'. In short, you have people sitting in a chair looking at these images for 8-12 hours per day, and design aspects of the interface have to have a psychological impact on a person. It would be subtle, in that I would bet small changes have essentially no effect, but still important, in that I would bet that a drastic change in UI 'prettiness' could have a major impact on a person's mood and even productivity over time.
It's just a mess before you even get to key management, and there's not really a good, iron-clad key management system.
I'm not sure what you mean by that? But yes, it's not optimal on Windows. For us Linux users it's much easier because gpg is usually installed by default and every thing we need is a "yum install" or "apt-get install" away
What I meant by that last point is something that I imagine will be pretty controversial: I think that if you'd like to see encryption be more widespread, we not only need very easy software that supports it by default, but some key-management services that guarantees that you access to your keys across platforms, at all times, and that your keys are safe and backed up. Even if it means trusting your private keys to a 3rd party like Lastpass or Google or Microsoft, and they could theoretically decrypt all of your files and communication, most people simply cannot be trusted to secure their own keys. And most people will need support in making sure their keys are set up right, backed up, and revoked in case of a problem.
There are a lot of different ways that this could be handled, but a lot of people who favor GPG seem to like the fact that they can encrypt everything end-to-end, keep hold on their own keys, etc. The idea of trusting a 3rd party to safeguard your key might seem antithetical to the whole idea. However, most people are not so thorough or patient. Most people don't even want to think about keys. They would like encryption, but they want it to be complete transparent, so that everything is encrypted without them noticing, and without danger of data loss. Systems that are not set up that way will not succeed with the general public.
Using crypto is hard. People lose keys, forget passwords, don't transmit keys in a secure way, don't store keys in a secure way, revoking keys, checking for revocation, using third party services like webmail and so on. Strong crypto is like losing your house key and being told that sucks, but since it's an impenetrable bunker with an unpickable lock there's nothing you can do but start from scratch.
I agree that this is roughly the problem. I don't use GPG to encrypt my email, for example, because nobody I know has anything installed capable of decrypting is or even verifying the signature.
I could tell them to download/install things, and even if they were somewhat willing to give it a try, there's a big problem.
So I'll admit that I haven't bothered with it in years, but I suspect that it hasn't improved dramatically because (and this is part of the problem) usability for these kinds of things never seem to improve. So what I'm going to say may not be 100% accurate, based on past experience, here's a general overview of the sort of thing that happens:
Joe Sixpack hears that he can encrypt his email and read friends' encrypted email if he just installs Enigmail for Thunderbird. He's a little confused by this, since he doesn't know what Enigmail or Thunderbird is, and he just uses Gmail. But let's assume Joe Sixpack is smart, interested, and persistent, so he goes looking for answers.
He locates and installs Thunderbird. Ok, weird. It's a weird old-style email application of the kind that Joe doesn't use anymore, and it has tabs for some reason. Joe doesn't really know what to do with that, but he ignores it for now. He gets his email set up and working.
Joe goes looking for Enigmail, and finds out that it's a plugin of some kind. He finds a site with an install button. He clicks it, and... it downloads some weird file. Joe doesn't know what to do with this. He double-clicks on it, and it doesn't run. He drags it to the Thunderbird window, and nothing happens. Confused, Joe googles around for answers, and finally finds install instructions. Yay! Enigmail is installed.
Joe runs Thunderbird and tries to click on the buttons that Engimail added, and... nothing happens. Is it working? No, there's some weird error message. Joe googles that error message, and finds that he needs to install GPG, too. Nobody told Joe about GPG. Oh well. He googles GPG, and downloads an installer. He runs it, GPG is installed, and he tries again. Now he gets a different error. On researching that, it turns out that he downloaded the wrong GPG installer. He needs a different one, though it's not clear why. Joe locates the correct installer, downloads and installs that, and bingo, things seem to be working now.
But now Joe is being prompted for information about... I don't know, something about fish? There are lots of letters and what Joe thinks are acronyms or something. Who knows. He needs to enter a password, and there's something about "keys"....?
Joe's thinking, "Wait, so I need to make 'keys' and back them up? Where do I back them up. I'm being warned that if I lose them, I lose all of my info, but there's no clear way to back them up so that I can't lose them." He forges ahead, creates the keys. Uploads something to a server somewhere-- public keys. "I guess that's fine for them to be uploaded. It says they're public. But then were did those keys go? I can't find the files. How do I back them up if I can't find the files." Finally, "Ok, fuck this. I don't want to deal with this. I don't even know anyone else who encrypts their email, so why am I doing all this?"
Joe calls it quits for a couple of months, and then gets curious and decides to try again. By this time, he's lost his keys, and he realizes that losing keys is a real danger. Meanwhile, in the process of screwing around with things, he finds that his old public keys are still on a server somewhere. They have no revocation date, and he doesn't have any means to revoke them, so they're just there, potentially confusing. Joe spends a couple hours trying to figure out that little problem, and then gives up for good this time.
Sorry, I rambled on a bit there, but the point is, there's no real support or infrastructure for this kind of encryption. There's no friendly GUI. It's not built into the applications that people already use, so they have to get multiple plugins, and then other supporting files for those plugins. It's just a mess before you even get to key management, and there's not really a good, iron-clad key management system.
I didn't read it, but I would also guess that part of his reason for calling out programmers might be in order to refute the whole concept of "STEM" as a coherent subject. Like, "I learned to program, so that must mean that I understand particle physics," or "I'm an engineer, so I understand all science in general."
It's funny. On the one hand, you have people screaming bloody murder because Obama is acting like a dictator, giving people healthcare that they don't want, and obviously, as an elected official, the President should follow the will of the people.
On the other hand, he's a spineless pandering lame-duck who is unable to make unpopular choices.
I don't know what to make of it. Ah, except maybe this little statement that you quoted is actually relevant here: "The first time that an attack takes place in which it turns out that we had a lead and we couldn't follow up on it, the public's going to demand answers." So what he's pointing out is that, with all the people demanding privacy and encryption and whatever else, those very same people will be looking for his head on a platter the first time encryption works against them. What he's pointing out here is that people are fickle and inconsistent, and it's foolish to run around satisfying today's whims without considering tomorrows reality.
Turns out he understands the nature of this "making hard choices" than you do.
I'm going to echo what others are saying and say that I think your examples are bad. I wouldn't necessarily expect a developer to understand public key encryption unless they had a background of working with public key encryption. You don't necessarily need to understand that sort of thing to make web applications or iOS apps, so it really depends on the kind of development you're doing.
Regarding file encryption, I find the question to be reasonable. If you want to send an encrypted Excel file to someone, it's probably smarter to just use the built-in password protection and encryption. If you can trust that someone has Excel enough to send them an Excel file, then you can assume they have Excel enough to open a password protected file. I would not, however, trust that someone has GPG installed.
Getting back to your question, I generally estimate that roughly 80% of people are bad at their jobs, whatever they do. This is based on a couple decades of anecdotal evidence in the professional world, but it's borne out with the new experience I continue to have, and other people seem to share the experience.
I'm not saying that I don't understand the filesystem. I'm used to it, and I often forget how random and silly it is. My point is that if you try to look at it with fresh eyes, it is a bit silly.
And people tend to do what you've just done, which is to make up an order and arrangement that almost makes sense. But the truth is, the whole thing evolved over time, and almost none of those things were the original intention. As someone pointed out,
But those are just the names, and my point wasn't just "Oh, I don't particularly care for the names". My point was, this is a structure that's grown organically over decades, and it is not really "clean". Do we really need
And fine, whatever. It works. People are used to it. Why change for the sake of change? But don't pretend like it was an elegant planned organization.
/usr is so called because it is where user installed programs and their supporting stuff usually go, in contrast to
Exactly. So there are never non-binary scripts in
And then some things go into "opt", because fuck you that's why.
Honestly, you're not even arguing with me. People don't need to know what
And I'm just talking about one simple little factor of the design-- directory naming structure. There's lots of messiness and nonsense. We just usually ignore it and forget about it in favor of maintaining conventions and compatibility.