Comment Re:turtles all the way down (Score 4, Informative) 271
That is Douglas Adams theory, one of many brilliant theories in The Hitchhikers Guide to the Galaxy (http://www.amazon.com/Hitchhikers-Guide-Galaxy-Douglas-Adams/dp/0345391802).
That is Douglas Adams theory, one of many brilliant theories in The Hitchhikers Guide to the Galaxy (http://www.amazon.com/Hitchhikers-Guide-Galaxy-Douglas-Adams/dp/0345391802).
Football is a simple game; 22 men chase a ball for 90 minutes and at the end, the Germans win.
-Gary Lineker
Could it be that since Linux has become somewhat mainstream kernel developement is considered a "solved problem" to young programmers looking for an interesing project? Maybe new programmers are tackling other open source problems instead.
These are all US court cases, and courts in the US are a lot less forgiving than the European when you sign an unreasonable contract.
In Norway for instance, it is generally assumed by lawyers (but untested) that EULAs can be ignored. Only proper SLAs and such constitute binding contracts.
So it kind of depends on which contry's laws you try it under.
The arctic is hardly a desert, most of the area north of the arctic circle is sea. Maybe you are thinking of inland Greenland?
Let's assume for a second we've educated each and every single user and made them security conscious on the Internet. An educated user browses a site which contains an image that is constructed to exploit a security flaw in the browser without the user ever doing anything but viewing the image. Unknowingly the user's browser is compromised and in the hands of the attackers despite the fact that the user is well educated and security conscious, which means education alone is not the solution. Better software is the solution.
Absolutely. But what we stated was that, as of right now, users are the weakest link in the security chain. By educating users, you strengthen that link and make another link the weakest. Even so, you have by training improved the security of the system.
To get exploited in your scenario, assuming the user now sticks to "honest" sites and doesn't follow all email links) would require something like a web server exploit such a XSS. This is more difficult than simply tricking the user into executing a trojan.
Normally to safely cross the street you only need to look left and right to check for traffic, you don't have to look up for falling objects, you don't have to check the road for mines, tripwires or other booby traps, you don't have to check for sniper fire
We should not ignore software security just because the user is the weakest link. But to borrow your analogy: the problem today is that pedestrians don't look left and right before crossing the street. Training them to do this would save more lives than any piano transportation safety regulation.
Users are the weakest link in the security chain. And the least trained users are normally those on the de facto standard of Windows with IE, which implies a higher infection rate on thos systems.
If we substitute eg. Firefox for IE as the default browser in Windows, unskilled users will still remain unskilled users. They will still follow any shady link they come over, some of which will undoubtedly manage to poke a hole in FF's security.
The challenge and solution to security in the current environment is to educate the "average person."
What the gods would destroy they first submit to an IEEE standards committee.