Security

How To Avoid Future WannaCry Style Ransomware Attacks

gregladen — Mon, 15 May 2017 07:32:51 +0000

How To Avoid Future WannaCry Style Ransomware Attacks

This is very simple, and it has more to do with the philosophy and marketing of operating systems than the technology of the operating systems themselves, though the technology does matter a great deal as well. First, lets have a look at how this ransomware attack was allowed to happen to begin with.

The vast majority of affected systems in this latest world wide cyber attack were Windows based computers that were not updated with recently available and easily deployed patch. The attack did not affect other operating systems, and Windows systems that had a recently released security patch were not affected. (I was going to put a link here to direct people to the Microsoft web page with info on what to do if you were attacked, but a minute or two of perusal on the Microsoft site mostly told me about Microsoft's new products, and I did not find any such page. If you have a link, please place it in a snark free comment below.)

Why was the patch not deployed on so many computers? For several reasons.

Some of the operating systems were running under administrative policies that did not allow patching for some reason or another. I've only heard rumors of this but it sounds like a blind-future style pre-decision, in the same category of other bone-headed human processes like no tolerance policies for knives in schools and three strikes you are out sentencing policies. It works like this: You remove thinking from the process by making all decisions in advance, and then get the heck out of there with limited liability and whatever happens happens. If you do this you are probably a member of congress or a school board member planning on retiring soon. It never goes well. Telling security IT people in advance what they can and can't do because of HR or personnel regulations is like going to a doctor and telling them what your diagnosis and treatment is going to be, in advance. You will die of something curable, eventually, if you do that regularly.

Some of the operating systems were running on computers that are, in theory, never supposed to be turned off. This is similar to the first reason in its stupidity level. For one thing, making it impossible to patch an OS ever is really not smart. For another thing, that computer you plan to never turn off is going to turn itself off now and then. But it is also bad at another level, the level of the operating system. Windows has operated, for years, under the principle that when enough stuff goes wrong, you turn off the computer and start again, and if that does not work you reinstall the operating system from scratch. Now, I know, you Windows lovers will jump in at this point and tell me that "Windows doesn't work that way any more" but you know what? After decades of hearing how Windows Past is not Windows Present, when it really is, I don't care what you say. Also, actual on the ground Windows users have been trained, by Microsoft policy, to reboot or reinstall for decades. Anyway, the point is, Windows can not be updated on the fly, and thus, the system utterly fails in a situation where updating is critical, which by the way is all the time and all machines, because even computers you use for nothing but curating recipes for muffins, if hooked to the Internet (where all the good muffin recipes are), can still be the platform for launching a secondary cyber attack.

Some of those operating systems were in health related fields (referring here to both of these first two excuses) and that is why so many health related facilities were hit initially.

Another reason, which is a bit tricky, is the problem with updating stolen software. If you stole the OS it might be hard to get an update or patch. It seems like a good idea for the company making the OS to do this, as it encourages buying the product and discourages stealing it. Yet, many tens of thousands of computers, maybe hundreds of thousands, are currently locked down by WannaCry because they were pirated, and not updated. This becomes a public health (cyber-health, eHealth) risk. It is like vaccination. We all suffer because so many others get the disease, even those of us who did not fail to do the right thing.

This is a moment when we look at something like computer operating systems and realize that they are actually a public good as much as, or more then, they are a commercial product. Think of roads and canals in the old days. Roads and canals were often privately owned (as were fire departments and police forces in many cases) and eventually it became apparent that these are all public goods, so they were essentially taken over by the government. Similarly, power companies and railroads. Not exactly taken over but made into quasi public entities through integration with public agencies and heavy regulation.

I've often argued that things like Google, Amazon.com, Facebook, Twitter, etc. have become the equivalent of public goods, like roads and the post office, etc., in a similar way. To some extent, this is also true of operating systems.

There is of course a solution to all of this. What we need is an operating system that is made by the public itself. If all interested parties simply became involved, and maybe large companies with a lot of stake in computers would put aside a meaningful amount of their own software development resources, and a few public and private agencies would provide some grants and bounties and stuff, we could have an operating system that was free, easily installed, updated every week with common updates (like, maybe, on Sunday evenings or something) with a very easy and easily automated system of updating, that would be great.

Ideally most software would come from well maintained and secure repositories that were checked for malicious code. There could be several different such repositories more or less redundant with each other but maybe tweaked to cater to different types of users. The added advantage of several different but similar repositories is this: even if some bad code gets into one repository, the fact that across users, many different repositories are used, would slow its spread.

By making the operating system free, easy, effective, powerful, flexible, and easily updated almost every one of the limitations in the way we do things that allowed WannCry to spread and ruin everything would simply not have happened. A few people would be hit, it would be a minor story.

On top of this, let's make this new operating system have a few other security related features.

For instance, monitoring code. The way it works now with Windows, is that a finite number of paid and I'm sure brilliant individuals are in charge of coding and maintaining the operating system, and updated and patches, while a much larger number of criminal-minded nefarious but also brilliant individuals are focused on breaking the security. This means that there is an uneven arms race where day to day Microsoft will always be a step ahead of the bad guys, except every now and then when the bad guys jump ahead and make a huge mess.

I propose that this ratio be reversed, that the arms race between the good and the evil become totally one sided in the other direction. Have a very large number of individuals, a proportion of the above mentioned community of private individuals and interested corporations and agencies, working on security, swamping out the nefarious bad guys. There would be very few moments when the bad guys got very far ahead of the good guys.

In addition, the operating system itself could have other security related features. For example, the basic tools inside the operating system could be well maintained, highly traditional, really clean and neat code, and free to use. So, for example, basic tasks that any new software might use are figured out, so you don't have to add your own new version of the code to do them. This means that new code will generally be fast, effective, clean, easier to maintain, and more secure.

Also, the operating system can work more like a prison than, say, a food court. In a food court, you do what you want to do (eat, meet your friends, hang out) in a rather chaotic environment where you can move freely from place to place. Someone puts their food down on a table to go back to the Azian Kuizine window to get the chopsticks they forgot, and you can grab their pot stickers, sit down at a nearby table, and no one can really figure out that you just sole their food. And so on.

In a prison, you can theoretically leave your cell and walk down the hall to the gym, then go to the cafeteria, then the law library. But, the entire route is blocked by a series of doors that only specific people have permission to open, at specific times, for specific reasons. Everything you do requires having permission at every step of of the way, and it is all constantly being carefully watched.

Life should be more like the food court. What happens inside computers should be more like the prison.

Of course, by now, most of you have figured out that I'm talking about Linux. Linux is an operating system that is already widely used when certain conditions pertain. Since the Android OS is based on Linux, and the majority of servers run Linux, and Linux is becoming the preferred desktop in China, it may well be that Linux is more widely deployed right now than any other operating system, though most Westerners think of it as nearly non-existent on desktops.

Critical tasks are often trusted to Linux or similar operating systems (Unix, BSD, etc.) because of reliability and security. When efficiency is required, Linux is often tapped because it can be deployed in a very efficient manner. Linux acts internally like the prison, not the food court. The system itself is constantly monitored open source code, and most of what runs on it is openly monitored as well. Software is usually distributed via secure repositories. The system is free and easily updated, there is no such thing as a pirated copy of Linux. There is a regular schedule of updates, they come out every Sunday.

Another important feature of Linux is the separation of the operating system and the surface appearance of the system. The operating system itself comes in a number of varieties, but most people use one of two: Red Hat or Debian (there are others). But the surface of the OS, the part the user sees, is not related to that at all. Most people use a "desktop" which provides the windows and stuff, the parts that you interface with, and there are several versions of this, from which users can more or less pick and chose.

Here is why this is important: The desktop provides the user experience, and the user experience sells the product. If you develop a proprietary operating system like Windows, many of your decisions, including when to produce major updates, etc. is driven by the marketing department. The development and deployment of the operating system is a complex process where designers and marketing gurus are at the same table, essentially, as security experts and developers concerned with efficiency.

In the Linux system, the security people and efficiency and functionality developers work most of the time independently from the equivalent of "marketers" or "designers" because of this two layer aspect of the system. It is quite interesting to visit the communities of desktop developers and hear what they are saying to each other, then visit the community of system developers and hear what they are saying to each other. They are pretty much two distinct conversations. There will never be a marketing or design decision about Linux that impacts security.

Linux is the female operating system in a patriarchic world. Refer to the appropriate John Lennon song for a starker analogy. It does a lot of the work, maybe most of the work, but is usually not recognized. When people make comparisons, Linux has to dance backwards and in high heels.

If I say, like I just said here, that "if Linux was widely in use, the WannaCry attack would have been much less severe" people will respond "Linux can be attacked too" and that will be taken by others, and possibly meant to begin with, as stating "Linux and Windows are the same, its just that attackers attack Windows and not Linux." That is a pernicious falsehood that feels a lot like many sexist comments about the limitations of women. Yes, Linux could in theory be attacked. No, Linux is pretty much not attacked very often or ever, so your fantasy about how it can be attacked has no empirical back up. No, Linux and Windows are not the same in which they are developed, designed, maintained, deployed, updated, or secured, and every single one of those differences gives Linux a huge leg up on security and Windows one or more disadvantages.

If a cyber attack is a mugger, Windows is a physically small drunken person with wads of money sticking out of his pockets, staggering down a dark ally near the convention hall during a mugger's conference, while Linux is a hundred sober and smart well trained Navy Seals each driving a separate armored car in undisclosed locations.

Yes, you can attack the Navy Seals. But if you do that, they'll make you wanna cry.

gregladen Mon, 05/15/2017 - 03:32

Tags

Categories

Whilst I'm generally in favor of Linux being used in corporate environments such as the NHS, I would mention..

IT departments are often wary of their PCs automatically updating with the latest patches and upgrades. This has been known to break things, and having things suddenly break with no prior warning is an IT debt nightmare.

And Windows is still a better consumer OS than any Linux version, and that's after extensive use of both.

I've been using Linux for many years and I've never seen an automatic update break anything.

Windows updates break things all the time. This idea that the automatic updates break things comes from windows, not Linux, yet is being used to put Linux in its place. I blame the patriarchy!

Also, Linux does not automatically update automatically, and IT departments can more easily adjust how updates happen on Linux than on any other operating system, and also, they can know exactly what every update does rather than having to hope Microsoft tells you or to guess.

No, in the area of updating and maintenance, Linux is lightyears ahead of Windows in every respect.

Regarding the consumer OS, after extensive use of both, I totally disagree. But then, some people think Windows is better than OSX, and some people thing the opposite.

There are two factors that determine the user experience: What system you use for a period of time, and personal preference. Modern linux desktops are diverse and fantastic, and between Gnome, Mate, KDE, etc. there is a style for everyone. It may well be that if a user uses each of a few Linux desktops for six months each, OSX for six months, then Windows for 6 months, that in the end they'll prefer Windows. Or, they many not. It is very personal and experience based, and the vast majority of people have never used Linux for a period of time sufficient to test the experience.

So, no, you can't really credibly state that Windows is better than Linux for the end user.

There are, however, objective reasons to state the opposite. For example, both generally require a password to sign on. Windows requires that the password be linked to a Microsoft account, and since this brings the whole password thing into a new realm, Windows has special password requriements. If you've ever used an email to establish this account, you are now stuck with the history of what you've done before wrt user names, etc.

So, when I tried the other day to set up a small Windows tablet to carry out a specific task (monitoring the acivity of a robot, not one other thing, just that one task) it took me a half hour of dicking around just to establish the account. So I switched to a Liunux system and set up my user name and password as I wanted on that machine in five seconds.

Objectively, a large percentage of the things people using Windows call their IT people about are Windows-specific problems that do not exist on LInux. I know this from using both systems as well as sitting for year on numerous IT committees and hearing all the complaints.

So, I'll allow for the use experience to be mostly subjective, but to the extent that there are objective differences, wrt to using the operating system, Windows has some serious flaws.

No, windows is a worse consumer OS than any current Linux version.

And that is after extensive use of both.

Morovere, since it's under your control, even to fixing it (or as a business owner, getting someone to fix it), I get to control whether I actually DO need to upgrade.

Tell me, if Windows was so easy to use, why is the industry spending on average 5% of their budget on training for it???

For Samba it's part of the SUSE and RHEL panel to set it up, which version you use. And that's been the case since at least 2005 when I used YAST rather than ignored it and edited /etc and told YAST to leave it alone.

Not so easy to do it in Windows

"I blame the patriarchy! "

See, if more feminists took the piss out of its over-use, it would disarm the lunatic fringe (and there's always one to find on the internet) and show one very easy method to tell the "feminists" from "feminists".

Hell, it works better than railing against the over-use of blaming patriarchy, most likely.

I can understand, at some level, a corporate policy that prohibits individual users from upgrading their system. Anything that depends on a bunch of computers having the same operating system, including in many cases patch level, will break if users can install their own software.

It makes no sense for the HR people to tell the IT people that the latter cannot upgrade operating systems. The job of the IT department is to make sure systems are up-to-date and secure. If the IT department cannot or will not do that job, then sooner or later somebody will attack their systems. It's true that Windows operating systems are most vulnerable to this problem, but give it enough time and Linux or MacOS systems will be hacked, too.

Unfortunately, there have been too many lazy programmers in the Windows world who exploit undocumented features of the operating system. Every now and then one of those undocumented features will turn out to be the basis of a vulnerability, and the security patch disables it, along with any and all software that depends on it. I can't blame Microsoft for not having the resources to do this for every Windows program out there, but sometimes Microsoft Office products have used these undocumented features. This is the reason why some IT departments are reluctant to keep their OS patches current. My understanding is that this is not an issue for Linux, mainly because everything there is documented, and much less of an issue for MacOS than Windows because MacOS is Unix-based.

Some old machines are no longer patchable but still needed for applications where it still works but it can't be fixed, changed or replaced.

So two things, both coming from closed source.

1) Windows pre-XP is still "copyrighted" and still closed source, refusing to be used to educate the next generation of OS gurus in how Bill Gates and his company solved the problems of writing a consumer OS. Despite being unusable for sales, and therefore impossible to lose sales over, the only goddamned reason why copyright is even there.

2) All apps, pretty much, written specifically for windows is closed source, so now the company is gone there's nobody who CAN update it or even do the few little fiddles that might make it work. E.g. if it still wants to write to sys.ini.

Copyrights should not exist for compiled object code. It doesn't fit the "expressive works" and any display of art it gives is a performance art between the operator and the program AS IT RUNS. So it should never have gotten copyrights.

You should be allowed copyrights only if you give out the source code. One of the limitations then has to be about creating derivative works (the object code).

And when a work is abandoned and not supported, you lose all copyrights. After all, if it isn't working 15 years later and still needs a patch, either you still owe the customer the fix so they have what they paid for, or you stole from them the cash they paid. But if they can fix it themselves, you can point to that fact as why you don't have to run full codewarrior on Win95OSR2.1 to make it work.

And if you use copyprotection, you don't get to use copyrights too. Either it's intended to be ineffective protection, or it replaces copyrights agreements and puts its own private law on the product.

"Unfortunately, there have been too many lazy programmers in the Windows world who exploit undocumented features of the operating system"

As just such a programmer, I had to. It would not work and the bug HAD to be worked with or the product would never have worked and sold.

Then when, four years later, they DO fix the bug, it's not fixed in a sane way most of the time and it needs a switch to work with the bug as it was AND detect if it's patched and work it a different way (and inevitable it will introduce other bugs that we need to code to).

Sometimes, as with UEFI or ACPI, the actual implementation given by Microsoft to code against for our application DISOBEYED THE STANDARD IT WAS SUPPOSED TO BE IMPLEMENTING. So we either code against the standard, in which case our product worked only when some manufacturer implemented THEIR product by the actual standard, or MS changed their hacks around it for their OS to run so that it could also co-exist with the standard implementation. Or we code up against what the current misimplementation (IOW bug) MS used and shipped.

Linux will never be a successful consumer OS so long as users need to use the CLI - that's why Windows and OSx are better consumer systems. For Windows the way to prevent these attacks is for the user or system administrator to use application whitelisting. If you haven't got access to Windows Group or Local Policy Editor to do this, or don't know how, then you can use the free CryptoPrevent tool at http://www.foolishit.com/download/cryptoprevent/ to do it for you

see http://support.microsoft.com/kb/310791
http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx

"Linux will never be a successful consumer OS so long as users need to use the CLI "

So Windows will no longer be a successful consumer OS because it has Power Shell?

Looking at the lack of uptake of Win Vista, 8, 10, you may be right.

Nah, you're talking shit. What you mean is "as long as there is some way to say there's a CLI, I'll insist you have to use it on Linux!".

"For Windows the way to prevent these attacks is for the user or system administrator to use application whitelisting."

And that is why Windows is worthless as a consumer OS. Hell, it's fucked as an OS for the corporate IT infrastructure, except as a honepot and training test.

And if there's one thing this incident tells us all, it's never download something from some random fuckwad on the internet's post.

":I can understand, at some level, a corporate policy that prohibits individual users from upgrading their system. Anything that depends on a bunch of computers having the same operating system, including in many cases patch level, will break if users can install their own software."

That's a common policy and a good one. It does not stop administrators from settng the policy on the user's machines to upgrade regularly.

If regular upgrades are a problem for an OS, and regular upgrades are necessary for the entire world to not get hacked by nefarious code, then that particular OS is not usable at all. I don't think that is the case ... I think admins can set this up to work, in fact, I know they can.

"It makes no sense for the HR people to tell the IT people that the latter cannot upgrade operating systems."

It certainly is a problem, and now perhaps people will think about it and solve that problem.

"" It’s true that Windows operating systems are most vulnerable to this problem, but give it enough time and Linux or MacOS systems will be hacked, too.""

That is exactly what I regard as a very dangerous and incorrect sentence. Technically it is not wrong, but it implies an equivalence between Windows and *nix based systems that is simply very very far from the truth, as I explain in the post. Given the fact that most people will interpret it as an equivalence, I reject it and object to it.

""Unfortunately, there have been too many lazy programmers in the Windows world who exploit undocumented features of the operating system. Every now and then one of those undocumented features will turn out to be the basis of a vulnerability, and the security patch disables it, along with any and all software that depends on it. I can’t blame Microsoft for not having the resources to do this for every Windows program out there, but sometimes Microsoft Office products have used these undocumented features. ""

See my discussion of the food court vs. prison analogy. Not only is it commonly the case that code is done badly in Windows, but it may be the case that to get some things done you have to do that.

Linux development over time has the annoying feature that old stuff gets scrubbed and upstream repair is a constant need. This is actually how a secure operating system is used. There is no old lurking dangerous code everyone forgot about in Linux. Again, a fundamental qualitative difference.

". This is the reason why some IT departments are reluctant to keep their OS patches current. My understanding is that this is not an issue for Linux, mainly because everything there is documented, and much less of an issue for MacOS than Windows because MacOS is Unix-based."

Indeed. I am actually not sure how things go with Macs. Much of the code that matters is proprietary and Apple has an approach to honesty roughly in line with, say, airlines. They don't have a corporate rule to be honest and forthcoming. So, I imagine there are some similar problems, but the OS itself is better designed, similar to Linux.

Wow #6:

I didn't mention in the post, but yes, Linux runs in patchable maintainable form on most machines, and even after 32 bit machines get left behind by a lot of applicants, it will still be maintainable because Linux is supposed to be available for very low power and legacy machines.

Doug: #8: that ship sailed.

Until recently and it is probably still true, to fix certain things on Mac OSX or Windows, you need the CLI. I know this is true on OSX. Not esoteric things. For example, turning off and on that stupid spotlight thing, that's a CLI job.

That is and always will be true, I think for al operating systems. So, this is an example of Linux having to dance backwards and in high heels. You can deploy a Linux desktop and use it all the time and not touch the command line. Really. You can. People do it all the time.

The Command line is used more than it need to be because, simply put, it is sometimes easier to copy and past a line of code some tech person emailed you on any of these systems. It is possible that some realy bad things that hapen require the CLI, in Linux, but if you look at instance of that, it is almost always become someone who was too smart for their own good messed with stuff you shouldn't mess with and broke something. In Windows, the way to fix that is to reinstall. In Mac systems thew way to fix that is to buy more hardware. In Linux the way to fix that is a simple command line.

So, by this criterion, Linux is ready for the desktop!

Wow said a lot of the things I said but faster.

Skip a couple of letters, it speeds it up...!

Windose is a Windose does

last month i went on holiday to Sydney. I took a 25 year old laptop.

I mostly used my android device for everything but the laptop was useful for somethings

25 years old! 1 slow single core CPU. A tiny 60GB drive. A real dog of a machine.

But i had installed Linux Lite

anyone who thinks Windows is better than Linux is in the same category of people who prefer iPhones over android

MS Office over google docs

and Gucci bags over a K2

it's a no-brainer

except for no-brainers

Greg - I guess it depends on what you as a user are doing with the OS. I can't remember the last time i HAD to use the CLI in Windows, and that's what I was referring to. Sure I do use it for somethings that are not native to Win - such as WHOIS. or because I know how and can't be bothered to install apps to do it for me run tracert and ping commands. As you said to me the last time this came up Greg - Linux is for smart people. I'm sure the overwhelming vast majority of Windows users have no idea what the CLI is, how to access it, or what it is used for and if they do run across it are afraid to do anything with it. That, at least, was my experience with them when doing tech support. Can't speak for Apple OS on that. Linux, you're going to need to know.

WoW #9 - do you make a habit of misrepresenting what people say so you can diss them? Just asking because I didn't say Linux was not a consumer desktop because it has a CLI but because users have to use it. That's is not eve close to saying that because Win has Power Shell it's not a consumer OS. But I'm pretty sure you knew that.

"Sure I do use it for somethings that are not native to Win – such as WHOIS. "

Whois is part of the tcpstack operating. ftp too. Never used that, either, hmm?

"or because I know how and can’t be bothered to install apps to do it for me run tracert and ping commands."

You just googled that shit, didn't you? Come on 'fess up!

" I’m sure the overwhelming vast majority of Windows users have no idea what the CLI is,"

The vast majority of Ubuntu users have never used the CLI. It's not for me, though I've used it at times, but I HAVE passed it on to three people.

Not one of which EVER used the command line.

And that was right back in the early releases before they started with the schedule the LTS and it was all about the branding EVERYTHING brown.

And, no "your OS is for smart people" doesn't work because SMART people know shinola when it happens.

"...and if they do run across it are afraid to do anything with it"

Then why did you promote earlier that to solve this issue, they

use application whitelisting. If you haven’t got access to Windows Group or Local Policy Editor to do this

And then asked them to download some random executable from a site URL that calls itself "foolish shit/download"?

"on that. Linux, you’re going to need to know. "

No you aren't. Not at all. Not even vaguely. There are advantages to the command line, but it's as necessary as hitting "Win+F2 regedit ENTER".

"WoW #9 – do you make a habit of misrepresenting what people say so you can diss them?"

Do you make a habit of making claims up so you can whine and make out you're the victim?

"I didn’t say Linux was not a consumer desktop because it has a CLI"

No, you said,

“Linux will never be a successful consumer OS so long as users need to use the CLI ”

and I pointed out this was bullshit.

"but because users have to use it."

But that's bullshit. You know, like I said. They need to use it as much as you need to use PowerShell. Less, even, since there's more tools built in to do what PowerShell was "invented" to do. Many of them because UNIX doesn't try and hide everything from you. For example _$XXX$ files, IIRC, but it's something like that pattern, are AUTOMATICALLY HIDDEN since WinXP in Explorer. Sony's CD Rootkit relied on a file with that pattern. Drop to Dos and the command line (either cmd.exe or command.com, depending on the version), and you can see it. Got a hidden file stoping uninstalling an application with a file like that? You NEED the command line. 100% ABSOLUTELY NECESSARY.

"But I’m pretty sure you knew that."

Nope, but I'm pretty sure you know you're talking bullshit.

You need the CLI on UNIX LESS than you need PowerShell. But if having to use the command line was the death knell, then you have it "proven" in Windows7+ and PowerShell.

But you;re talking bollocks.

As I said:

Nah, you’re talking shit. What you mean is “as long as there is some way to say there’s a CLI, I’ll insist you have to use it on Linux!”.

And we BOTH know you read that, and BOTH know why you ignored its existence: that it DESTROYS your claims against me.

#2 "Windows requires that the password be linked to a Microsoft account"

No it doesn't, this is optional - and can be prevented entirely by admins.

If it's on the store it does. And some apps are store only. Some are just sold and are linked to the Store (much like some purchases from Amazon are only a code for STEAM activation).

And please let us know which homeowners of PCs at that home have an admin staff?

Hard to tell how secure is Linux because the virus writers will target Windows. It is basically security through obscurity.

No, it;s quite easy to tell how secure it is. there;s the code right out there and scores of high quality tools to assess security.

It's a fallacy to claim that windows is popular because popularity does not mean easier. And there can be no security through obscurity, but even if there were, then you'd be maligning windows closed source, not linux openness.

Think of this: most of the internet infrastructure is unix based, today mostly linux. Smart TVs usually use Linux and Busybox today. And most of the valuables is behind a linux firewall, while home PCs contain cat pics and your porn history (or private browsing settings).

Which do you go for?

Stuff that hides important valuable stuff?
Stuff that holds cat pics?

Part of what does make linux secure is that it is not a monolith, unlike windows. There's no absolute required system content for all of them apart from the very basic stuff (the stuff that used to be on the three A labeled floppy disks you downloaded for Yggdrasil), and some general closed source stuff post-added on, such as flash from Adobe.

Even though half may be close enough to similar to be counted affected, there will be enough changes even among all RHEL2016 that your surface to attack is too small to replicate efficiently, slowing it down so it will be noted and guarded against.

Doesn't always work, but it's the closest you'll get to "security through obscurity" in Linux. And that isn't all that close because this security works (a variant of opposite of monoculture vulnerability: diversity based resistance)

Doug, I think we are in basic agreement here: All operating systems can be run by the average user without the CLI, all operating systems have some sort of CLI that is either a) convenient for those so inclined or b) available when the tech support person tells you do do something special.

"Hard to tell how secure is Linux because the virus writers will target Windows. It is basically security through obscurity."

Once again: Good grief.

security in an operating system?

is linux inherently more secure than windose?

when i was studying operating system design at uni i was working on VAX systems and i was running very early versions of linux as well as older OSs, and of course whatever Microsoft and Apple had at the time. We also studied IBM systems architecture. When i say studied i mean real study - not just playing with systems to be familiar with their interfaces CLI or otherwise.

then i went working all over the world on various operating systems

since then i've used whatever has been around for one thing or another

any system is only as secure as the human element

if someone send you a link to a RedHat RPM and you install it (as root) and incapacitate the SE system

if it's malicious then you're fucked

same on windows

probably the same on any system commonly in use

there are attempts to design systems that can't be compromised with various degrees of success - and concomitant usability

want something that can be used for anything anytime you want it?

i'd say you've got problems

want something that does just one job and nothing else?

buy a toaster but not a smart toaster

No, I won't touch Linux with a barge pole, for two reasons:
1/ I have a life. I do not have time to decipher an OS that appears to have been designed by a teenager with a bad case of aspergers and no concept of ITIL. I have 2 Linux machines and I do my best to never touch them because I simply do not have the time to teach myself in-depth technical details about something I really shouldn't need to know.
2/ It's not a serious OS for a corporate environment.

I was interested to see that the NHS trust where I worked (70-hour weeks) to help bring it into the 21st century has a big notice up on its web page saying, "We are unaffected by the cyber attack, please come to your appointments as usual". We implemented patching, endpoint security, eliminated admin accounts and generic accounts and got rid of all the junk that was crippling the IT teams' ability to be proactive (Apple computers and other unmanageable OSs) and got rid of all the rubbish that was running on a "server" under people's desks.

The real issue is as Greg notes in his images: people, procedures and equipment. Do this right and Microsoft gives you the kind of low-maintenance and smooth-running computing environment you can never have with that Linux stuff.

Well, yeah, that diatribe was a load of bull.

No, Linux does not appear to be written by a teenager. One day go and ask a grown up to get a book on computer design for operating systems and run through it a bit.

It really doesn't matter what else you blew out your piehole there since the opener was 100% sufficient to determine whether the content further was going to be of any value whatsoever.

So if you want a crumb of comfort, at least you didn't do as other blowhards are liable to do and circle around making any point for ages before giving the plot away.

I do not have time to decipher an OS that appears to have been designed by a teenager with a bad case of aspergers and no concept of ITIL.

Okay, ignorant and offensive. No surprise.

I have 2 Linux machines and I do my best to never touch them because I simply do not have the time to teach myself in-depth technical details about something I really shouldn’t need to know.

Lazy and not at all interested in learning.

I don't think the system is the problem.

A fair article giving criticism where due, there's a lot of these articles going round after Wcry.

The thing missing from all I have read so far regarding situations where people cannot update due to the need for legacy support is the simple fact that: The legacy part of the system can be run in a virtual environment on top of an up-to-date operating system.

This does not mean more work for IT administrators as some might believe

Simon: Interesting point.

Also, in regards to Linux, as mentioned in the post, the legacy hardware is not much of a problem and because of the separation of different layers of the Linux system, it isn't much of a problem for software either.

Craig: LOL. I'm calling you on this. You've not sat at a Linux desktop in ten years or you would not have said what you just said.

I'm never quite sure when I see anti-Linux misinformation like that, what the heck I'm looking at. Certainly not a cogent, up to date, informed analysis !

Speaking as a non-technically inclined user, someone who needs stuff to just work, I too am dubious that Linux would be that great of a system for most end-users (though it may well be superior for behind-the-scenes stuff).

I haven't made an attempt at Linux in a long while, so my knowledge of hands-on use is cursory at best. But reading Greg's post and others my sense is that you, Greg, are a tom more tech-savvy than I am. When I was young (in the 80s) and computers were more technically difficult for most users to manipulate I would spend hours learning the ins and outs of an OS. I liked IBM-based machines because you could get into the guts, and Macs looked boring to me.

Since then I have reversed, because I have stuff to do and a limited number of hours in the day. Since most popular office programs aren't native to Linux (Word etc) it seems to me that you're adding an extra step every time I need to write an article. That's just inconvenient and guaranteed to drive me nuts.

Again, I am a stupid user. I need to turn the computer on and not have to think about what I am doing because my work -- the stuff that feeds me -- has zero, nada, bubkes to do with operating systems. Where once I loved coding (if primitively) now all that stuff just frustrates the heck out of me.

I use Mac OS now, and I suspect newer versions of Windows would be as easy (though having used both I did not find them so, but that was a few years back) but as you say YMMV.

But my question would be for those of us that see computers as effectively mysterious black boxes that are magic, can Linux function?

Understand, I do know a bit about how systems work -- I write about computer security on occasion, and technology. But in terms of my day to day get-work-done stuff, I have to be as a babe in the woods, as it were. (Just like getting yourself to work you can't be worrying about how your car works; you need it to get you from point A to B with a minimum of fuss. I know how to replace brake pads and spark plugs and a lot of that, but I simply no longer have the time to do it anymore).

So looked at from that perspective, would a massive switch to Linux be that beneficial? (In its current form, anyway). Again, I am not doubting the technological superiority of Linux here.

Am I making sense?

I'm safe. The chances that my wife will ever read this comment are very tiny.

My wife is pretty much totally inept on computers. Our 18 year old daughter taunts her about her phone never having its notifications cleared. that she can't use the remotes for the TV, that she can't do anything technical.

But she has a small laptop/notebook she's been using for about 4 years. That's pretty much the only computer she ever uses though sometimes, if she needs lots of screen space she'll use our daughters desktop because it has two big screens.

her notebook is linux - that's all she uses though she can find her way around windows well enough to find chrome

that's all she needs you know - a browser - once she's in she can do everything she needs to do

these days kids are no longer taught Microsoft at school - they are taught google - google docs, google search, youtube, - everything

no more windows

anyone who looks at an operating system with doubt is obviously old, or (sorry to say it) very ignorant, or very very indoctrinated by either their workplace or their out of date schooling

most people on planet earth get by with an android hand held using facebook, some chat app variant, and maybe google and one or two other apps especially games if they are young

chromebooks are what everybody buys (unless they are an idiot or have more money than sense)

when you install linux onto a computer the most you need is a bowser and possibly 9though i doubt it these days) open office

with the associated icons on the desktop

that's about it

the ONLY exception is if you are running either bespoke or specialist software - which incidentally you also launch from a desktop icon

if my wife can get by using linux every day for 4 years then anybody can - and i mean anybody

all those who fear it do so because they are lazy, old, probably heavily overpaid and probably a waste of taxpayers money

I'm told (by Krebs on Security) that the Microsoft patch comes via the link at the bottom of this article:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-f…

It was a long time ago, but this discussion came up at work, and a manager described how Linux is susceptible to viruses. The security thru obscurity is not that the code is obscure like Windows, but that it is so little used that hackers will target Windows. If I wanted a secure system, I would choose Linux or Mac, but I suspect if everyone started using it, a Mac would fail quickly. Not sure about Linux.

The Krebs bulletin itself is worth reading. It's here:

https://krebsonsecurity.com/tag/wanna-cry-ransomware/

It doesn't help that Microsoft's update tactics, littered with malware-type behavior, has put their own customers/clients on the defensive. MSs deserves a good deal of the blame.

Greg I agree we are pretty much in agreement here. I was just pointing out a difference as I see it. I do confess though that other that an older version of Ubuntu I have loaded on an old 32 bit laptop so that I can run BOINC on it I haven';t played with a Linux Desktop for quite awhile now - it's all been CentOS on my server.

"Whois is part of the tcpstack operating. ftp too. Never used that, either, hmm? "

WoW you are making a big fool of yourself . Tell you what take a fresh Win install (8.1 or below I haven't tried this on 10 yet) and open up the CLI and type whois - you won't get anywhere. Tracert and ping commands work but whois does not, you need to install something (like Whois v1.14 from Sysinternals) but you'll have to know how to modify your path command like I did if you want it to work from the CLI

I've been doing this shit since 1992 when I started my own 300 user BBS so get back to me when you have a clue.

You kind of lost me at "This is very simple". As someone who as example dealt with updating OpenSSL libraries on a small production environment and knows how much planning, scheduling and effort that took I cannot agree that security is simple.

OS has nothing to do here. Every system (and this goes not only for software or IT) is vulnerable at some extent in time and some vulnerabilities are far reaching.

Craig thomas wrote:

"Do this right and Microsoft gives you the kind of low-maintenance and smooth-running computing environment you can never have with that Linux stuff".

If you think it is Low-maintenance then you simply never dealt with the back-end stuff.

In general Microsoft environment is much harder, involved, convoluted and legacy heavy, overall difficult to harden in comparison to Linux and BSD.

Linux is no good for a corporate environment only when corporate environment is not serious about IT.

This is interesting, because what made me abandon Linux (Ubuntu) in it's role as a consumer OS was when applying updates trashed the graphics driver to the extent that the system would no longer boot to the GUI.

Obviously the games library was restricted, and the graphics performance was not as strong as on Windows. This is based on my direct observation. Note that games are a MAJOR consumer application for PCs.

Also used SUSE linux extensively at work (admittedly an earlier version), which again would frequently do bizarre things.

Now, IF I am doing stuff that relies on account management, requires long term stability, has 'server' in the name, does lights-out single-function stuff.. in these areas and others I would obviously choose Linux.

As far as automatic updates go.. no sane IT department of a large corporation has their computers of any sort automatically update. Because updates can and do break installed applications, on all systems. A good IT department will have test systems set up so that they can verify patches as they come out, then roll them out across the organisation. An underfunded IT department will block them and hope..

Greg, your claim that automatic updates never break things on Linux is (unfortunately) untrue. Look, I love Linux, would like nothing more than to live in your rainbows-and-unicorns-everyone-uses-Linux hypothetical future, I even once made a pledge to never again get a Windows machine.

Problem is, about twice a year I would find myself spending a day hacking around to fix stuff because, yes, an automatic update broke some stuff. I got sick of it, because I'm the kind of user who just wants shit to work, and now all my machines are Windows 10, because that's *almost* as good as Linux when it works, and it doesn't randomly break every six months.

Now, this is Ubuntu we're talking about, and I'm sure there are distros that are more stable or whatever, but at this point we're playing No True Scotsdistro. Bottom line is, Linux *does* sometimes auto-update-break.

You might want to try openSUSE Linux. I've been using it since 1997 and while occasionally in the past an update or version upgrade would glitch a program or two, it has been years since that has happened (and I support around 100 openSUSE users). I can't remember for sure how long ago I experienced an update glitch but I think it has to be at least four or five years ago. Ubuntu appears to be significantly buggier than openSUSE, so I would recommend giving openSUSE a try.

"The legacy part of the system can be run in a virtual environment on top of an up-to-date operating system."

It can also be run under WINE.

But then again, you need a full audit of the scenario, testing and compliance with laws, etc. And some things require hardware access that virtualisation and WINE don't allow (copy protection dongles for example)

And with emulation, you may still find yourself buggered by the exact same problem, since that is still the full OS there with all its flaws.

At least with WINE you have a different OS library call and therefore it's unlikely, unless the bug is part of the protocol, to be vulnerable.

"Greg, your claim that automatic updates never break things on Linux is (unfortunately) untrue. "

Uh, it wasn't said never. It is vastly less likely, and the system does the breaking only for hardware that isn't open source.

"Problem is, about twice a year I would find myself spending a day hacking around to fix stuff because, yes, an automatic update broke some stuff."

What stuff? How? And what fix worked?

It's pretty easy to fluff around with vague accusations, but I'd like to hear from the rare unicorn fart how it really exists.

"“Whois is part of the tcpstack operating. ftp too. Never used that, either, hmm? ”

WoW you are making a big fool of yourself "

MOrON CanT KeEp caPitAls WorkIng. Nope, tht statement there doesn't make a fool of me, it makes one of you. You could claim it DOESN'T make a fool of you and fails, but it doesn't make one of me.

Sorry.

"and open up the CLI and type whois – you won’t get anywhere. "

Ah, right, so since WinXP Windows has been even less of an operating system than anything else on the market except toys.

Well, I guess they want to sell you the actual tools you need to get it working rather than include them any more.

This is only a good thing if you like less for more money.

"I’ve been doing this shit since 1992"

Yeah, what? Trolling and making shit up since 1992, hm? Cool story bro, but you're talking bollocks. I can safely make this claim because there have been several claims from you that were absolutely fake and there's no reason to take anything else you claim as being any more based in reality.

"The security thru obscurity is not that the code is obscure like Windows, but that it is so little used that hackers will target Windows"

Well your manager was talking bullshit. And not even their own, they were copypasta-ing the FUD and BS from Microsoft.

He was wrong and you, like the good little cog you are, accepted your role to grind it on.

"I haven’t made an attempt at Linux in a long while,"

Then you're wrong. Your assertion is about as correct as claiming WinNT 3.0 will not be a successful home OS.

"But my question would be for those of us that see computers as effectively mysterious black boxes that are magic, can Linux function? "

Yes, and far easier and more securely than Windows, since it doesn't require you to piss about in the internals if there's anything that isn't allowed to be easily visible and touched by you, the user, that Microsoft thing is a braindead moron unable to get past the idea of the retractable cup holder.

You don't have to work against the OS to do things. Makes it a lot easier to use safely than Windows.

"So looked at from that perspective, would a massive switch to Linux be that beneficial?"

It depends on what your current system isn't doing. It works at least as well and your worries are vapour.

"but that it is so little used that hackers will target Windows"

No, they target windows because it's so easy.

And when you hack it, the OS is so petrified of letting anything "scary" be visible to the owner of the computer that MS believe to be a dangerous moron only capable of being terrified by plaintext and computer terms, that the virus is hidden from the owner by the OS making it much harder to find, let alone remove.

How many worms were of the form "nakedbutts.jpg.exe" but windows dropped off the extension because such things were "too technical" for the briandead sheeple that use windows, yourself included along with your manager, and that's not just ME saying it, but the designer of the OS you're using saying it, so they hide it in case they scare you off with this jargon. So, thinking this a piccy of booty and not a dangerous random executable, it was opened and all it needed to do to spread was display a picture of a butt so you'd pass it on to the rest of your work colleagues to infect.

jpg files were safe. And the OS told you it was a jpg.

"Operating Systems"

Once, there was a marvelous species of ape on planet Earth.

They were fearless, and adventurous, and performed incredible feats of engineering. A few even strapped themselves to the top of a giant rocket and landed on the moon, and returned.

And all of these wonders-- great cathedrals and bridges, harnessing electricity, and even learning the secrets of the atom-- were carried out with pencil and paper, and log tables, and slide rules.....

Some say there is a natural cycle of growth, and then decline, in all things....

@Craig Thomas #25:

[Linux is] not a serious OS for a corporate environment.

If ignorance was bliss you'd be euphoric.
https://en.wikipedia.org/wiki/List_of_Linux_adopters

Jesse #31:

My advice to everyone these days is, "Linux is for smart people, so maybe you want to avoid it."

That of course is meant as a joke, and smart people laugh. So, if someone doesn't laugh ...

Well, anyway, the point is that Linux has a handful of things that make it difficult for the average person to use. But, so does Windows. In fact, Windows has more. People who use windows instead of Linux specifically because Windows is easier than Linux to install, update, operate, fix, etc. are simply operating under a misconception.

Both Linux and the Microsoft operating system were once "CLI" only. The, Microsoft added a GUI that made it easier to use but that sapped the hardware so much that it was essentially useless, and for a very long time people avoided it (Windows 3.0 and 3.1) preferring the command line.

During the six month period of writing my thesis, I used Windows 3.1 now and then, in order to run Word for Windows, in order to make certain tables and print them out because I had more fonts. At the same time, I used a Mac in our lab to do half of my graphics. The other graphics were made using qPro or Harvard Graphics, all running from DOS. The text itself was produced and printed using WordPerfect for DOS. I left spaces on the printouts to literally cut and paste (using tape) the graphics produced using other methods.

What has happened in the years since then is that all three OS's, Windows, Mac, and Linux, have evolved fully functional GUI front ends that work very well and that do everything as each other. Each and every one of the three OS's has software that runs better on it than on other OS's, so no OS can claim to have some functionality that makes it the best or only choice for everyone. For me, I find Windows to be counterproductive, while Linux and Mac OSX get my jobs done for me. This is using zero fancy technical skill. When I want to apply fancy technical skills to, say, operate a robot or scrape web sites for data or whatever, I generally use Linux or I get an OSX machine to emulate Linux, essentially. There, it is really mainly a matter of which desk the computer is on in physical relationship to key variables such as where I'm sitting or where various hardware is.

Andrew #40:

First, a clarification on updates. A good IT department will do what you say. But from the end user's point of view, having things fed to you by an IT department, or being instructed to do things, is roughly the same thing as an end user having thier own process automated. In any event, I don't know how it works with Windows, maybe it is either all automatic or zero automatic, but for an IT manager managing Linux updates, there are a number of different and very good ways to make this automatic for the end user but controlled by the IT department.

Regarding the idea that updates cause problems in all systems, really, no.

This is extremely unusual for Linux. Yes, it can happen, but it very very rarely does. You had a problem with your driver and your graphics card, not with the OS. In any event, you can always start Linux after it has been trashed at the level you describe. Had that been Windows, your system may have been toast for real, but in your case, unless your boot drive was corrupted (which would have been a separate issue) you could have recovered, you just didn't know how to do it.

What you've done here is to eliminate from further consideration an entire operating system because you had a problem with it. I promise you this: If Windows was eliminated by each user, one at at time, because they had a serious problem while using it, there would be very few Windows users. You are, in fact, asking Linux to dance backwards and in high heels exactly as I describe in the post!

You are totally correct about games. As I say above in a comment, each OS has different things it is good at vs. not so good at. That is NOT something that applies only to Windows (for the good things) or Linux (for the bad things). It is true in both polar directions for each of the three main OSs.

As you say, if the main reason for using a computer is to play certain games, then by all means buy into Windows. If your main reason to use the computer is be be all smart and stuff, consider Linux!

"People who use windows instead of Linux specifically because Windows is easier than Linux to install, update, operate, fix, etc. are simply operating under a misconception. "

It's a misconception because they're being lied to by those who want to have some hippy anti-capitalist "free open communist software" thingy buried because, well, microsoft is everything good about the free market: you can just vote with your dollars and leave if you don't like it!

Of course if you DO leave, you're whined and moaned at for being an unrealistic commie hippie who wants everyone in caves and hair shirts and if only you used it you'd see it was fine.

You know, the same hypocrisy with free speech. All fine until the speech inconveniences someone, then you are disruptive and must only speak where nobody can hear.

"You are totally correct about games"

This, however, is just as true of Windows when it came out. And go to Steam or GoG to find there are a shedload of games. It's just that there's no way to buy a system without windows or hardware without windows drivers and if you aren't using it in windows, even if it's clearly an electrical fault, they'll weasel out of it and blame linux, so you have to have windows anyway.

A lot like anti-cyclists who complain about the cyclists without even caring that 90% of them have cars too, so pay for those roads.

So most of them already have Windows, 99% of the games that run on Linux also run on Windows, and the FUD bandied about really does make Linux undeservedly a niche.

But the games work, generally, BETTER because the OS is more efficient than windows so despite having to go through a translation layer to proffer Windows syscalls and then route them to the Linux syscalls that can implement them and no JIT compilation to optimise out redundant syscals or reorder them to fewer ops, it still frequently works faster on Linux.

WoW servers have been generally Linux and most of Bethesda's games where they have servers to download have been available on servers, because Linux is just faster and better at it and the lack of a driver for the latest GPU is irrelevant.

omg... where to start. Doug and others bashing ease of use for LInux desktop. My 70 year old dad, who isnt in IT but a expedite driver, has been running linux mint since version 6. He doesnt have windows on anything. He never has to go to the cli for anything. He is almost completely self sufficient. When he had windows, i was constantly helping him. Now it so long between he actually needs help, I have to study his setup just to remember how it is set up. So take your FUD elsewhere and maybe actually install a modern linux distro before you make a fool out of yourself again.

" when applying updates trashed the graphics driver to the extent that the system would no longer boot to the GUI."

This would have been a lie.

The driver would have had to be the propriatory one for NVidia. The open source one that doesn't have the latest support or the Intel driver gets tested.

You also get the VESA driver too, the fallback.

And when windows goes into rebootcycle you're even more trashed because the OS won't let you in any how.

You could, for example, hit Alt=F1 to get a command line AT ANY TIME. And it won't stop the GUI. You can swap back to that with Alt-F7. Alt-F10 is usually the kernel log where you can see it complain. And during the boot you can change from that progress bar to the text output of the bootprocess which would tell you.

So, no I don't buy the story. Not without a lot more than blank assertion, because there's either a lie or it's Nvidia's fault, which is highly unlikely.

Greg--
Thanks, that helps. Though I bristle at the "Linux is for smart people" thing a bit. I think of myself as a reasonably intelligent person, and so are you, but I would bet money that there are skills I have that you do not, and skills you have that I do not, and it's not indicative of intelligence.

Personally I find Windows to be a bit kludgy, because after 30 years I see it as still fundamentally a GUI tacked onto a CLI-type interface. IME it still behaves this way, even though theoretically Microsoft has revamped the code a lot. And the architecture of Windows made it really hard to diagnose problems.

My Mac OS is easier to run, I find problems that occur are easier to deal with. But that could be a function of more experience.

I think the issue that people like myself would have with Linux is similar to the issues with PGP, which is a perfectly servicable email encryption system. (Won't stop the NSA if they really want to read it, but it will slow them down). PGP was a big honking hassle to use, until recently when finally some good folks started writing apps that were intuitive for non-techies like me, that minimized the f-ing around when you want to send a goddamned email.

Linux I think is in a similar spot. I've seen the interface and used it a bit, and frankly I think it just needs a bit of work. Windows has things that make it tougher for average users also, but I suspect they are different things (I'd have to be more systematic about it at some point to articulate it better). But sometimes the kinds of problems Windows creates are the kinds of problems that nontechs can deal with, or at least work around, whereas Linux mayn't be in that position.

More scientifically, it'd be interesting to do some focus group / user tests with people who are not super into tech, just average people who use computers for various work tasks.

Again, I submit that it may be that behind the scenes, Linux is superior (the mac OS is based on Linux-like architecture, no?). But that doesn't matter for most people. My computer isn't as fast as a comparable Windows machine but I am not data crunching or gaming, so I don't notice. I suspect that Linux needs a tweak to its interface, and once it's something that anyone can just sit down and use without too much prompting (just as anyone can sit down at a Mac or PC and usually be fine) then it'll be in a position to really capture some end-user market share.

"Obviously the games library was restricted"

So how is your playthrough of the Windows version of The Last Of Us going? How about the Zelda series? The latest one looks great! And it'll be better on Windows with the extra hardware!

They're all restricted.

Partly because people keep trash talking Linux with lying memes.

When Win10 is the only game to play in town and people happily using a Win7 they can FINALLY work with have no choice, then Linux will come in and replace the library of games with the same things but for Linux and they'll find out that the NVidia driver is just as fast as the Windows one, the AMD one as flaky and unpredictable as the Windows one. Seriously, AMD have some quality issues with their testing. Not entirely their fault since Intel just keep undercutting and predatory pricing AMD into the ground and this leaves very little money on the also-ran stuff like graphics.

Indeed the Intel/AMD problem is a good mirror of the Windows/Linux one. Or USA/Cuba.

The problems pointed to are almost entirely due to the other agent deliberately ensuring the bad things happen to them.

Sans interference, we could actually decide if it did or did not work, but with it, we might have it that it would work, but sabotage works easier.

"Thanks, that helps. Though I bristle at the “Linux is for smart people” thing a bit."

Did you read the

ironic

description? Thin skinned and unwilling to read past what you want to see there.

This is not someone who can be trusted to use windows. It's the sort of process that leads to this worm promulgating, because they read something and then stopped when they read as much as confirmed what they wanted to see.

"More scientifically, it’d be interesting to do some focus group / user tests with people who are not super into tech, just average people who use computers for various work tasks. "

It's been done many many times. Mark Shuttleworth did it. RH do it, Mandriva did it. And would it change anything if it turned out (as it often does) that windows or the windows version is worse to use, would it result in Windows being scrapped? Hell no. People would use it "because that's what I'm used to". Because if you're used to it and therefore NOT that group you want to test against, it's harder to learn a different way than to remember the ways to avoid the pitfalls of this one.

GIMP generally pounds Adobe PS with users who have used NEITHER. But if you've used PS a fair bit, the disjoint in the way a SDI like PS and MDI like GIMP work is shocking. It's EASY to get over it, but those who use PS WANT to use PS and are primed by PR and fluffery to expect GIMP to be bad and then stop with the confirmation bias satisfied.

The problems for usability are not within the control of Adobe, though, except in so far as they have to keep adding more tickboxes otherwise they'd not sell any new versions. And each change has to supply more "eXperience" so ease of use is in competition with marketability. GIMP doesn't have that problem and it could be without that inimical influence PhotoShop would be better and easier to use than GIMP.

Then again, if GIMP had a serious amount of backing and support in industry (e.g. pantone patents GPLd), it could be better than THAT.

All we have is what we have.

And at the moment, GIMP is easier to learn if you haven't used anything like either program. If you've used either, the other one is a bit of a nightmare at best.

The discussion ultimately comes down to this linchpin:

Linux had a security architecture baked-in from the beginning. It has been shored up as needed, over time, but it's always been there.

Windows security was added only as an after-thought, requiring all kinds of retro-fits in both the kernel and applications, in order to maintain backward compatibility.

And for all you Linux-haters who talk about how "inconvenient" Linux is to the casual desktop user: My elderly mother has used Linux exclusively on her PC for 16 years and counting. She doesn't miss the instability or insecurity of Windows at all; she simply shakes her head at every proclamation that "Microsoft finally did it right!"

it;s more Linux has the design paradigm of UNIX, where the machine was a shared resource and you didn't own any of it yourself, you had to play with others and the system had to be secure against anyone even accidentally disrupting the work of others. So it had preemptive multitasking, mutliuser, "roaming profiles", network transparency, network access, accounts and privileges, and all those other things that Windows didn't even bother because

a) It was your computer and if you pegged the CPU at 100% in a bug, then you only hurt yourself, just switch it on and off again.
b) It had all resources local. A HDD, printer, keyboard, monitor, all of them local and YOURS
c) All that stuff was "scary geek", and avoid it, and if you can't avoid it, hide it, bury it deep, never to be found

They tried with NT3.5 to get an actual multiuser system working, but to market it to the crowd that wanted "It's my computer, my printer, my HDD, my desk, MY STUFF" crowd, it had to be twisted into another single-user system but this time with "privilege" as an added problem, which "had to be solved" by making anyone logged in superuser.

I can see that there were attempts to do it right but marketing overruled every attempt by the tech geeks and those who know how to make an OS to make the damned thing work better.

And since marketing were burdened with having to generate quarterly sales and easy pitches, they really didn't have a choice to do it differently either.

Understanding the problems of the people involved who may have been genuinely trying, however, doesn't change the fact that the eventual result was just a clusterfuck of bad choices.

It works DESPITE the design results, not because of them, is about the best you can say for Windows. The worst you could conclude is it works the way it does because that's how they designed it.

Mac OSX is basically a microkernel (ish) and a BSD, hence UNIX, userland, and therefore it inherits the same OS design choices.

There's a good goddamned reason why UNIX has lasted this long. And it's not fear of change.

James @#35

It doesn’t help that Microsoft’s update tactics, littered with malware-type behavior,...

You must be thinking about how MS forced a 'free' Windows 10 onto unsuspecting Windows 7 and Windows 8 users. I could explain fully what happened here but that would take too long and be familiar to anybody who suffered so I'll keep it brief.

I will say one thing, on the Windows 7 box (my wife's - she is not that computer savvy) we kept refusing Win 10 until one day a different dialogue popped up on start up asking to install or not. And not wishing her printer and scanner to be rendered unusable to make sure 10 stayed out of it and as the 'refuse' button seemed ambiguous I closed the dialogue with the close cross at top right. Now sneaky MS had programmed that to be a tacit request to install Win10 at next power up. Which it did. Luckily I was on hand to intervene and managed to roll back to Win 7 OK but then there where loads of copies of Win10 invitations waiting in the wings to install themselves including one update that kept installing itself and which triggered further Win 10 activity. After many hours of removing triggers for installing and hiding KBnnnnnn updates that could invoke an install of Win 10 some sanity exists with a small bug red flagging every time Windows update is opened.

My WIN 8 box, just about a year old and for which I had recently obtained software to make my orphaned film scanner work, was not so badly affected, but then I was watchful.

I completely agree about the respective security measure of Windows and Linux I have Ubuntu on an older PC here, 32 bit architecture so the latest version will not be installed.

The Linux limitation for me is with graphic software - Photography and vector graphic creation. Sure I have some apps on Ubuntu but they don't quite have the functionality.

The vector graphic software I use on Win 8 had one key useful feature when I first moved to XP, because it developed out of a vector graphic software on Acorn's RISC OS architecture (which had a much superior GUI at the time to anything else - font rendering was the best too) I could transfer DRAW format files across. That is of less importance now.

I used to run Win 3.1, 3.11, MS-Dos, PC-Dos and Win 95 sessions (with an Intel compatible co-processor) on my last Acorn RISC OS box (within RISC OS windows too) with scanners flatbed (OCR too) and film, external hard rives on SCSI with a CD writer, graphics tablet and modem. But that was late 1990s. The StrongArm processor didn't have the data volume handling capability for large image files and the graphic card capacity was limited.

The problem with Windows is the orphaning of peripherals which deters movement to the latest version because that is where the expense lies buying new kit and also software too. Not exactly an eco-friendly mode of operation. Good for business, for MS etc. that is but not for the planet. Just considering all those vulnerable computers upon which financial transactions take place gives pause for thought.

What sort of vector package? Inkscape is pretty much an industry standard, though not the only one.

And KDE should still have, if not as part of the default desktop in the days of the 2GB iso image, at least part of the repository, Digicam, which is a darkroom photo app that pretty much is the beginner level but actual darkroom photopress application. There are others more advanced, but I don't need more than Digicam and I'd have to look it up to point you to others with things like built in HDR compositing from a bracket image, etc. And Digicam may have that now, for all I know.

And one of the Photoshoppers' complaints about GIMP being unusable is the result of an ideology and design perspective that arose from vector programs: you have to define the stroke then ink that stroke to get a line, unlike make a line of a certain width like in PS. The system is still raster but it's operated in many cases like a vector design.

But maybe it's not drawing but layout? I can't remember the applications I've used in the past off the top of my head.

There are solutions out there, but you have to poke around a bit. Keep an eye out for Linux mags when shopping and take a look through for anything about interesting applications: most mags have at least one comparison test for "program to do X" with several of the current biggest contenders for it, and include them on the issue's DVD.

For anyone who hasn't used Linux or not for a while, an occasional purchase of a linux mag gives you usually a few live boot DVDs and several different applications to play around with.

Wow, you're correct that a lot of design decisions in Windows were influenced by marketing (something Bell Labs was forbidden to do with Unix), but Microsoft already knew the Unix security model, having licensed Unix in 1978 and marketed it as Xenix in 1980.

The constraints of the PC architecture had nothing to do with forcing such insecurity on users. The original Unix ran on 8K of RAM; SCO managed to port Xenix to the PC/XT by 1983. It's simply that Microsoft deliberately chose to push insecurity over security, as far as the eye could see. (The conspiracy theorist would then say Bill Gates cashed out and left before the folly of this decision was exposed.)

LionelA, you mention "eco-friendly." Windows comes in dead last in that regard, too. Between compatibility checks, privilege management, and DRM, running Windows consumes much more electricity than either Linux or MacOS to accomplish anything beyond simple math. Copying a file, fetching from the network, drawing on the screen, typing text, moving the mouse, everything takes more complicated code paths (ergo more electric usage) in Windows than in any other OS out there.

"The constraints of the PC architecture had nothing to do with forcing such insecurity on users."

No, it was the other way round. The constraints (design goal) of the PC forced such insecurity on users. When you only have one user, there's no difference between logged in and being admin, for one example. When there's no networrk, there's no need to protect against foreign computers.

And so on and so forth.

The design choice of windows as "your computer on your desk that only you use in isolation from all other computers" allowed insecure design choices to be benign, and these design choices were never undone (except as said before with WinNT 3.5, which was scrapped because "it was too complicated to sell (to the morons who buy our stuff)".

That has always been MS's design paradigm: you're too dumb to be allowed to use the computer, and everything should be hidden from you if at all possible.

Including file types.

"The constraints of the PC architecture had nothing to do with forcing such insecurity on users."

So, yeah, you're right, but I was saying it wasn't that either. I was saying it was the other way round.

On "Green", one way in which MS gets ahead, but really doesn't deserve to, is that ACPI is a defined standard, but pretty much every PC motherboard manufacturer ignores it and only writes to the current MS OS version's bug infested bastardisation of it instead.

So frequently, since each M/B has a different way of writing to the MS closed ACPI driver demands, linux finds itself unable to use some of the powersave features or unable to do one of the more esoteric suspend options.

When it comes to actually operating, it's better in pretty much all categories, because the design is more efficient, but ACPI is a moving and deliberately obscured target, and it can and does fail in some areas to deliver.

“but that it is so little used that hackers will target Windows”

No, they target windows because it’s so easy.

Hackers target Windows for the same reason Willie Sutton robbed banks: "That's where the money is." For the last 20 years or so, Windows has been the most widely installed operating system, so successfully hacking Windows gets the hacker access to more machines than successfully hacking Linux or MacOS. If either of the latter two OS's ever became a majority of installed OS's, they would get a lot of the attention that Windows gets.

That said, it's a lot easier to find and exploit vulnerabilities in a Windows machine than in Linux or MacOS. So I expect that, were the numbers reversed, you would still see script kiddies attacking Windows machines. The professional/criminal hackers would go after Linux boxes, and accept the lower success rate as a cost of doing business. The one benefit for Windows users in this scenario is that, because the script kiddies are mainly in it for the lulz rather than the money, they would be slower to identify and exploit previously unknown vulnerabilities.

In the actual world, only a few hackers find going after *nix boxes to be worth the effort. Your risks are not zero, but if you keep your system up to date and you get hit anyway, it will mostly be a matter of bad luck. Your chances of getting hit if you run an up-to-date Windows system are much higher, and if you don't keep your system up to date, your chances of being hit rapidly approach 1, much faster than they would for other OS's.

One more thing: Unix systems have been connected to the internet almost from the time Unix was first developed. I can remember a time when, to do anything nontrivial with the internet, you had to be on either a Unix or a VMS box. (Telnet existed for MacOS and MS-DOS, but you used those machines as a gateway to the Unix/VMS box.) The latter OS was a proprietary system, and mostly disappeared after Digital Equipment Corporation was bought out. So Unix had some of its more blatant vulnerabilities identified and patched early on. (Read The Cuckoo's Egg for more on this point.)For Windows, and pre-OS X Macs, internet connectivity was an afterthought. Apple solved many of those issues by switching to a Unix-based kernel for OS X, but Windows had to go through finding its vulnerabilities the hard way. And is still going through that process, because unlike Unix, Windows does not have a history of people outside of Microsoft looking at OS source code to figure out just what the problem was.

"Hackers target Windows for the same reaso"n Willie Sutton robbed banks: “That’s where the money is.”"

Actually, the money is behind everything BUT windows.

Sun, HP, Linux, RISCOS, the several types of RTOS, CISCO et al.

THAT is where the money is. But Windows is much easier to hack.

Look at any previous hackathon.

"gets the hacker access to more machines"

Full of cat pics, porn browser caches and muffin recipies.

Lotsamoney! LOL!

Oh, what you can do with them as a Botnet, yes, you can then use them to threaten where the REAL money is, but the fact of the matter is the money isn't in the windows machines, it's behind linux firewalls, CISCO routers, HP servers and so on.

The constraints of the PC architecture had nothing to do with forcing such insecurity on users.

Gus is correct on this point. I'm not 100% sure that Linus Torvalds wrote Linux to run on an x86 box, but Linux was running on x86 boxes pretty much from the beginning, back when Windows was on version 1.0 or thereabouts.

It was the software design of Windows, not the PC architecture, that treated security as an afterthought.

I bought a new Sony VAIO desktop on Dec 29, 1997. It had Win95 on it. I got it to replace the Win3.11WFG running in the DOS box that OS//2 offered, that I had been using
to write custom software for my clients. That Sony was crashing several times an hour and to get any work done I had to save my work every five minutes to avoid re-writing lost code. Between Jan 1 and May 1 of 1998 I had to reinstall Win95 FIVE times. I thought Sony was a piece of trash, despite its reputation for quality. I decided to return to OS/2 and Win3.11WFG and went to Barnes & Nobel to buy the most recent version, Warp, IIRC. There I saw a book by Bill Brush titled "Learn Linux in 24 Hrs". It had a RH5.0 CD in the back. For $25 how could I go wrong? It took me about 30 hours to get the hang of RH Linux. I also noticed that the Sony never crashed once. I missed the Win95 look & feel and when in September of 1998 I saw that SuSE 5..3 had KDE Beta 1.0, which had an even better GUI than Win95, I switched. I used SuSE to earn a living for the next five year, without a crash, until Novell bought them out. After a couple years trying various distros I settled on Kubuntu for six years and then two years ago I install KDE Neon with Btrfs on two drives running RAID1, which I have been using for the last 2 years. I can't recall ever having a single crash while using Linux.

This thread reminds be of the "uptime wars" of the late 1990s and early 2000. Win95 users were countering Linux user claims of several hundred days of uptimes with similar times, always in a one-up-manship response. Then, Microsoft released the patch that fixes the clock bug which automatically rebooted a Win95 machine after 47 days of uptime. it revealed that all the two & three year uptime claims of Windows users were pure malarkey.

Because of my background many of my friends who run Windows would ask me to "fix" their machine. I would. But after a while it was obvious that I was repeatedly fixing the same problems, most of which were not under their control. So, I told them that I would no longer do Windows and if they wanted my help they would have to switch to Linux. Over a dozen took me up on the offer. Support requirements declined to near zero requests for help. Only one, whose Windows machine I cleaned up several times, went back to Windows because of the WinOnly games he was playing. Since then he's paid hundreds, if not thousands, of dollars to get his box sanitized or the Windows reinstalled. The rest continued to use Linux until they died. The youngest of the bunch, and the only one of the dozen still living, is still using Linux. The only time he's called me is when he moved and needed help in setting up his laptop, printer and wireless at his new home.

I'm 76 years old and have used Linux for the last 19 years. It is even easier to install and use now than it was when I first began using RH 5.0.

"I’m not 100% sure that Linus Torvalds wrote Linux to run on an x86 box"

Oh, be 100% sure, Eric. He wanted Solaris x86 and its license was horrendously expensive and minix was only allowed as a teaching aid, and BSD was not ported and still mired in patents, so Linus started off with the GNU toolchain and the GPL license to write his own UNIX system for his own personal used, and released it for public participation in the pre-alpha coding stage as Linux 0.1.

It was not ported to any other architecture until, IIRC, about 0.3.1, where MIPS was added and the arch subdirectory added to the Linux source tree to contain all the bits that were supplying things like memorymapping and the CPU register access methods.

I wasn't saying the PC design did it, I was saying Windows. The use of PC means personal computer, not the IBM PC compatible architecture which was the hardware including the BIOS. Therefore PC and Windows is used interchangeably, as is common when talking about the IBM compatible software system.

Mind you the ISA architecture WAS badly designed, as was the memory management, leading to the "640k is enough for anyone", the ISA hole at 1M, EMM and XMM and the other 1M hole at 15M for the PCI bus MMU and register allocation, along with the lower register of 4 pages (16k), I think, that is unavailable to OS use and is today not even paged in.

Look, if you wish, at the old source code repositories for the bootup system for the DEC Alpha system. The MIPS is terrible, but x86 HORRENDOUS! Spark and Ultra aren't *great*, but x86 is insane!

Actually, the money is behind everything BUT windows.

As was noted upthread, one of the handful of good reasons there are businesses still running Windows is that they depend on software that only runs on Windows, and hasn't been ported to Linux or MacOS. There is probably less of that then there was ten years ago, but there is still a lot of business that runs on Windows.

And then there is inertia. Lots of IT departments insist on Windows because they don't want to change what they are doing. As of five years ago, that included the US Air Force: the people I know who worked at one nearby AFB who wanted to run anything but Windows had to get special permission to do so and jump through lots of procedural hoops. True, they had additional security measures, like key card access, but those were Windows machines. (That division was transferred to another base, so I no longer know anybody who works at that AFB.) I'm sure there are people who will pay good money to learn the Air Force's secrets. Insert standard jokes about military intelligence.

"This thread reminds be of the “uptime wars” of the late 1990s and early 2000. Win95 users were countering Linux user claims..."

My epiphany for the idiocy of MS proponents came when before the EU investigation, they were required to fess up to undocumented API calls in the OS used by, for example, Office. "No such thing!". And in the court case, when it concluded, and the API documentation fessed up, not a peep.

When later claims came about secret APIs, the same ones shouted out "But they've documented it all!!! The court case required it! PROVE that they have hidden API calls!".

Not having learned their lesson.

Then when an out of court settlement was the release of several more pages of API documentation that was never released to any developer, even pointing this out and their earlier protestations that no such thing existed (and twice) could even penetrate the rose tint of the specs they had embedded in their corneas.

"" Actually, the money is behind everything BUT windows."

As was noted upthread,..."

Eric, nothing that followed countered that. Not one thing. It was orthogonal, despite being true, had NOTHING to do with it.

Were you tacitly agreeing? Then why the segue? Why not post just what you put and NOT pair it to the comment I made in rebuttal to your intuit that there was money in Windows hacks?

Because what you posted had nothing to do with there being money or even anything particularly wanted in windows machines.

Power was run via Windows For Warships (tm), and possibly the fire control. But all that could be hacked was to turn the warship off. It couldn't be remote driven like Hollywood shows hackers doing.

Basically, there's no money there either.

" I’m sure there are people who will pay good money to learn the Air Force’s secrets."

They aren't held on Windows machines, and that's NOT a large target. WHATEVER machines they run, and most of their data doesn't reside or transmit via Windows boxen, there would be the same value in hacking them.

It's just and solely that Windows is EASIER to crack and, being spaghettid together to avoid the US antitrust getting IE out of Windows and avoiding fessing up, a shit-ton of userland was festered into the OS below the admin level and right down to ring-0 in some cases, so that they could claim it wasn't illegal bundling, it was a necessary part of the OS.

Therefore an error in IE was an error in the kernel.

And MS insisted on everyone using IE.

Homogenous monoculture vulnerability making it easier to crack, since one crack would infect the majority of machines, as long as it didn't require an additional install of a propriatory non-MS product, thereby making it possible the install doesn't exist to exploit.

More design decisions, and these ones not done for even vaguely reasonable reasons, that make it easier to hack windows.

It's hacked because it's easy, not because it's valuable or common.

Errata: it was SCO x86, not Solaris x86 that Linus tried to get a license for.

That was before McBride bought the trade name (but not the OS or the license or the coders, they were Tarantella) and drove it to the ground trying to do as MS directed and slow Linux adoption by a shakedown and scare tactics that it was all patented and unsafe compared to MS Windows...

If Linux were used as much as Windows,most of the interface and software issues would go away as more people are developing.

>Well your manager was talking bullshit. And not even their own, they were copypasta-ing the FUD and BS from Microsoft.\

I trust his competence over yours. He also would not be a Microsoft worshipper.

Question, what is the purpose of having autoupdates in Linux?

"I trust his competence over yours. "

Yes, but you trust your own competence over specialists in PCA or dendrochronology, so I really do not count your trust as being any value whatsoever.

Whether you trust him more than me or not, he was still talking complete and utter bollocks and was only parroting the MS FUD that they programmed him with and he swallowed for possibly ideological, possibly mental deficiency, reasons.

It's bollocks.

Fact.

"Question, what is the purpose of having autoupdates in Linux?"

So that the updates are done automatically.

Duh.

"If Linux were used as much as Windows,most of the interface and software issues would go away as more people are developing."

There aren't any interface issues, and you have not claimed any actual software issues.

However, the interfaces will still be varied and different, because there's no one place to define where you MUST place things. So each developer house is free to pursue their own decisions on what the interface should be.

I've put Linux into a number of large financial and government enterprises here in the UK. It's an easy sell; free as in freedom, and to keep the procurement team happy buy it from a reputable vendor (they don't like things that are free as in cash). I've spent many £millions in linux licenses over the years.

Often, IT depts don't want auto-updating systems - but that's easy to deal with by having various local rpm/dnf servers that will update virtual server pools as the patches are tested and so on.

The same principle can be used in IaaS with recipe driven instances that take updates from a controlled source. of course, Amazon offer their own AMI that updates using their own yum servers if that's your thing.

However, i've never managed to roll out a decent sized operation (i.e. more than a few thousand seats) to use Linux on the desktop. Might have more luck with Desktop As A Service in years to come.

We are perhaps 30 years behind development due to the PC Windows revolution. The billions of dollars wasted on the system is staggering. Academics warned everyone back in late 98 about this system and its vulnerabilities. Windows represesents one particular meme of American culture which I refer to as the "Used Car Salesman" marketing strategy. If you want to see a free market, go to China. If you want to see a closed market loop, go to the West. The western business model is the slowest economy to adapt to changes. Stick with Windows and all your proprietary business secrets will be an open book waiting to be taken advantage of. It's really that simple. Linux has far surpassed the desktop and internet experience of Windows. Those are a lot of blanket statements to throw out. To be fair, all windows needs to do is recompile all their product code under the Linux framework, create their own distribution specific version for users under a Linux, BSD or similar kernel and let the development therein move forward. Microsoft has managed to integrate some of there software products nicely in the last 5 years. People will pay for the value of good services and they would win hordes of developers for free if they actually opened up and got on the same page as everyone else. It's not a leadership trait to go against the entire social fabric of software development in the world, its a drag on progress and real competition would likely weed out the marketing of used car sales pitches which just repeat themselves over and over again. I decided to not invest any time in learning any Windows systems as of New Years Eve 1999. I do not reget that decision.

Greg,

Many thanks for your informative article, and for your thoroughly enjoyable writing style!

I started using computers circa 1972 during my formal education in applied science and mathematics. Luckily, we had a wonderful computer science lecturer whom instilled in us the importance of having our code properly peer reviewed (using code walk-throughs) before we even attempted to run it on a computer: which at the time, usage of mainframe computers was charged at the rate of tens of £ for each CPU second, or part thereof.

What I learnt way back then was that the more people we have to peer-review our work, the fewer errors will end up being in the output/outcome of our work; and that any remaining errors will be identified much faster.

I can see good reasons for charging customers for proprietary application software [problem-solving tools], but I've never been able to find an adequate justification for charging money for the computer operating systems on which these tools run. To me, copyrighting then insisting on payment for, a bug-ridden insecure non-open-source operating system is akin to the absurdity of copyrighting each fundamental particle that is discovered in the universe, each element in the periodic table, and each discovered sequence of DNA.

Intellectual property, my ass! Under some jurisdictions, ideas cannot be patented; only properly-working, via adequate proof of concept, instances of an idea can be patented.

Readers may have gathered from the above that I've long been a proponent of open-source operating systems, and many other types of mission-critical kernels and tools. Unfortunately, the Heartbleed security bug in the OpenSSL cryptography library somewhat shattered my long-held belief in the security advantages of open-source systems:
https://en.m.wikipedia.org/wiki/Heartbleed

However, I shall always be extremely grateful to Linus Torvalds, without whom I would not have been able to provide solutions to some of my clients' problems.
https://en.m.wikipedia.org/wiki/Linus_Torvalds

Thanks again for your article, Greg. Best wishes,
Pete

I think the worst thing about it was the fact that it has drained the talent. It's frequently more profitable for the market top dog to buy up talent and opposition and keep them doing nothing than to compete or let the talent work elsewhere.

MS should never have fought the breakup. It would have helped them produce better products instead of letting them fixate on a broken ideal of overwhelming and unremitting control of everyone's computer.

IMO fear kept it. Fear that in change it wouldn't work. A "Can't risk it" attitude that is is antithetical to the can-do that the USA had in the 50s and later (even if the country was as regressive as the UK had been at their worst and had been part of the reason for the collapse of the empire.

Lose top spot and you'll stop worrying about losing that position.

It's like a brand new car before the first dent: you're terrified of damaging the car. Once it's been pranged, however, you're no longer worried about it.

No, Greg, not 10 years, more like 2. Last time I logged into one of my Linux machines to do something very simple, I lost 3 days of my life. Complete waste of time. For me the OS is a platform, not a playground.

St Bart's -which was "crippled" by ransomware - is the UK's largest NHS Trust.
Do you know how many of the next 17 largest NHS Trusts were affected by this ransomware?
None.

I almost certainly know the difference between the NHS where I worked and St Bart's - our Trust ruthlessly eliminated all the kludge so that the many thousands of machines on our network were all 100% under the control of our WSUS and endpoint security systems.
When we started, malware was widespread and viruses used to hit on a frequent basis. Departments/units/wards/clinics & users were buying whatever IT hardware they felt like and attaching it to the network.
A year later all that was all history. We reduced the number of protocols running on the network from 5 down to 2, eliminated all the OSs except for two versions of Windows and two Unix clusters. Thanks to this, our IT support service was closing 80% of support tickets within 4 hours (it was more like 8 days when they were chasing their tails trying to deal with non-standard hardware). We had time to develop and put in new systems to address various technical and clinical risks. This reduced mortality AND we were detecting zero-hour viruses the instant they hit and handing them over to our endpoint security provider.

I am willing to bet that St Bart's is packed full of people who are "too special" to do their work on a standard Windows desktop and St Bart's were too gutless to repatch them into the university network where they belong.

" I lost 3 days of my life."

And nothing of value was lost.

I mean, cool story and all, bro, but it's a bloody fiction.

"I am willing to bet that St Bart’s is packed full of people who are “too special”"

I'm willing to bet that you will actually risk nothing on that bet. And it, too, is a load of bull.

Craig: ". Last time I logged into one of my Linux machines to do something very simple, I lost 3 days of my life."

You should definitely stay away from Linux machines!

Yeah, that crack cocaine really can hit some times. I remember a story from an older colleague and he lost 5 days once, just completely wasted, he still blames the booze!

Wow -

Just google 'login loop issue ubuntu'. Are they all liars as well? No, YOU are. How dare you go around calling people liars without the slightest bit of evidence. Idiot.

OK, so for some reason it's OK for one commenter (Wow) to lie, abuse people and spam threads to worthlessness, but anyone who complains about it gets their posts deleted?

I don't usually complain about such things - this coming under 'playing the ref' as some would have it, but the naked hypocrisy is not only annoying but flat out strange, progressives usually hold themselves to a higher standard and you must realize what you are doing. What gives?

OK, so Dodds is complaining about people who post on a blog are posting on a blog. And thats all he posted.

And while complaining about lying lies about its existence.

Apparently Dods is allowed to do this bullshit and lying and their posts aren't deleted. Nobody knows why, not Dodds anyway.

He usually complains about everything, but that was the first time he posted that actual post and this is somehow supposed to be significant and supporting something. But what that is is strange and nonexistent. And apparently this is something about progressives, but again, this is merely because dodds is really pissed off that there are people who don't agree with his politics and therefore they must do everything he says, even though he doesn't do any of that.

Nor, strangely, has this problem ever worried him before, at least accoeding to his current complaint by post, though he has frequently posted just the same sort of complaints against progressives not being better than he can't be bothered being himself on things he doesn't care about or even comprehend.

But you would have hoped that a party politcal line that relied on denigrating "snowflakes" and "safe spaces" and insist that there needed to be personal responsibility would have avoided being a snowflake demanding a safe space and eschew any personal responsibility.

They invent some excuse for that which they don't bother doing for anyone else unless they share the same political outlook.

Mind you a quick perusal of scienceblogs for dodds brings up why he's so salty: he's a pro nuke idiot who insists renewables are a dud.

So, really, he needs to be posting there.

Except there are far too many lies on there for him to bring himself to post that tired screed without being patently obvious as a hypocrite.

Duds, go to that link and collect a list of every claim of lie and count up who the accusation was from and about and total up the rate of lie claim. Then go through and find out each and every "misleading" deceptive claim made by everyone on that thread (remember, the thread was about renewables!) and get the full list.

Then denote how many of them are actually lies (whether outright lie or deceptive misleads).

Lastly go through each claim of moral superiority and find out if the outraged one is actually guilty of that same thing first.

You know, instead of picking out someone to silence because you don't want their view aired, actually do the work to find out of your preferred ideology is not blinkering you to your confirmation bias.

Humans are supposed to be better than you. Why aren't you?

The Cuckoo’s Egg

Now there is a blast from the past, I have just dug out my copy of Clifford Stoll's book and will give it another look over.

I recall the odure that was flying about in the late 1990s, when Win95 was revealing itself more as a revamp, if that, of Win 3.1 & 3.11 with the same old trouble from fragmentation of memory and lack of a concatenation routine with MS just increasing the amount of RAM in use for those housekeeping routines so that the problem took longer to surface. I cannot remember the jargon now (cardiac arrest and lack of oxygen made a hit) but this was all about the same time as the Halloween Documents came to the fore.

More here.

The proof is in the pudding, guys - the NHS Trusts that allow any old rubbish are dysfunctional. St Bart's failed because they let the ITIL-ignorant affect policy.
The Trust I worked at - and I was in meetings where Apple-ideologues were pretty much demanding a punch-up to defend their idiotic romance with overpriced and unmanageable machines - decided to switch off appletalk and cease providing network connectivity to any machine that wasn't on the single approved current Windows OS.That trust has not had any cyber security incidents since Nachi. 15 years later, St Bart's with their splatter of nonsensical OSes have been crippled by an easily avoidable threat.

"The proof is in the pudding, guys – the NHS Trusts that allow any old rubbish are dysfunctional"

According to you, they let you work there, so, yeah, proof enough you're an incompetent idiot and the reason why the NHS got hosed.

" Apple-ideologues"

Ah, your issue is not that it's "open sores" but that it's not Microsoft.

Craig, your attempts to deflect attention from your admitted unwillingness to learn new things is getting old.

* are getting old.

I wonder if he'll tell us what Linux systems he had and what he tried to do and see if anyone here can, from memory, figure out what he could have done in less than three days....

I promise not to use google, though that promise may mean that the command name may have the wrong switch, or the actual GUI button to click is incorrectly described if he insists it must be done by GUI and never CLI. It WILL be from memory after all.

I would also like to hear how appletalk caused SMBv1 bugs to be exploitable.

I use Linux at home and it's so much better than Windows there's simply no comparison.

With every install Windows' registry gets more corrupt, and with Linux I can wipe out installs with no trace using easy package managers - also installs are far easier - Google search to find the package name & issue an apt-get install command. It downloads/installs in two seconds, done.

Windows breaks all the time. Linux rarely if ever randomly breaks. I rarely have to reboot if I don't want to (maybe I'll save some power when I leave home, etc).

Why have a company that doesn't respect your rights as a consumer, forcing updates down your throat of a completely new version of the OS without your permission, giving governments all over the world their source code but not you? Use open source and open your world back up.

I run Linux on my personal machines. I do have a Windows drive in a desktop at home that my brother uses to run certain games that only run in Windows. I run the same machine with Linux, and only ever log into Windows on it for maintenance tasks.

Here are a few observations regarding things mentioned in this thread:

I have set up Linux machines for several people who don't use the command line, but somehow still manage to use their Linux machines regularly. Ease of maintenance and good performance on old hardware are the things they like best about it.

A normal update in Linux (rather than a distribution version upgrade, which tends to be a more involved undertaking) is not very likely to cause problems on the system as long as none of your low level system software has been replaced by software from a third party. Translated, that means that basically anything other than running a proprietary video card driver that you got somewhere other than your distribution's repository (which you can do if you know what you're doing) or mixing software from a repository for another distribution is not likely to cause a serious issue with your system. In my experience, it is much, much less likely to cause a serious issue than a Windows update is.

Games have a negligible effect on the desktop computer market. Games follow users. Users don't follow games. There are users who are exceptions to this, but they are a smaller minority than a lot of people seem to think. If users followed games, the Commodore Amiga would have dominated the desktop computer market. (The game console market is entirely different of course.)

Craig, the bottom line when it comes to your story about places that have been kept free from malware problems is that any environment which is very tightly controlled is easier to secure than one which is not. That doesn't say much of anything about the operating systems involved (incidentally, when was the last time Apple computers needed Appletalk for network communication? My guess would be while they were still on 68xxx series processors in the eighties. They certainly haven't needed it since the introduction of OS X.) I think your stories about Linux difficulties would have to be more specific to be taken seriously.

Most people who aren't running some specific software that is not available for Linux could do OK on a properly set up Linux box. When it comes to Linux equivalent software you enter into complexities of what users need and what they want. Not every user will have equivalent software available. and some will not like the closest equivalent that exists.

Windows is easier to use if you don't care if your computer is part of a botnet, with all the resource and legal problems that means.

Because at base windows OS is predicated on the idea that the user is a moron (and they will learn to be one, if only out of a desire to fit in or merely avoid risking it "proven" to be true) and must be protected from anything going on in the computer. So as long as you only bow your head and don't try to do something that is computer-ey (and if it gets difficult, stop doing that and either buy a bit of extra software to do it or claim it's not needed to save the cash), windows is easy to use.

But that still doesn't make it easier to use than Linux.

Buy a Linux Dell laptop and it's EASIER to use than windows since you don't have to deal with the problems of having your computer used as part of a botnet, which will at least slow your computer down and use some of your bandwidth. But if you don't care about that either, then they're both equally easy to use.

It's just that Linux doesn't fight you when trying to use it in case you screw things up. It assumes you're smart enough to use it rather than assumes you're too dumb.

Problem for windows is there's no such thing as fool-proof.

If you said FU to MS and stuck to XP, you may be slightly better off since there's a tool which may decrypt your machine without paying the ransom. However this titbit from the slashdot story was interesting:

The recovery technique is also of limited value because Windows XP computers weren't affected by last week's major outbreak of WCry.

For one it makes it even weirder that Appletalk could have had anything to do with it, but it also makes it realy weird that it's claimed to be an old SMB v1 protocol bug.

But WinXP had SMBv1.

Bebox was cool. Let you power off the processors individually, including all of them.

Osama bin Laden 1; Railroads 0

gregladen — Tue, 25 Aug 2015 07:01:59 +0000

Osama bin Laden 1; Railroads 0

The terrorists have defeated the railroads, and by extension, the people. Well, not totally defeated, but they won a small but important battle.

We have a problem with the wholesale removal of petroleum from the Bakken oil fields, and the shipping of that relatively dangerous liquid mainly to the east coast on trains, with hundreds of tanker cars rolling down a small selection of tracks every day. I see them all the time as they go through my neighborhood. These trains derail now and then, and sometimes those derailments are pretty messy, life threatening, and even fatal.

There has been some effort in Minnesota to get the train companies to upgrade their disaster plans, which is important because about 300,000 Minnesotans live in the larger (one half mile) disaster zone that flanks these track. A smaller number, but not insignificant, live int he blast zone, the place where if a couple of train cars actually exploded you would be within the blast area. For the last couple of years, my son was at a daycare right in that blast zone. I quickly add that the chance of being blasted by an oil train is very small, because the tracks are in total thousands of miles long, derailments are rare(ish), and the affected areas can be measured in city blocks. So a blast from a Bakken oil train may be thought of as roughly like a large air liner crash, or may be two or three times larger than that, in terms of damage on the ground.

But yes, the trains derail at a seemingly large rate.

Now, here is where the terrorists come in. And by terrorists I specifically mean Osama bin (no relation) Laden, or his ghost, and that gang of crazies that took down the world trade center in New York. When that happened, we became afraid of terrorism, and everyone who could use that fear for personal gain has since exploited it. I'm pretty sure that the rise of the police state in America has been because of, facilitated by, and hastened due to this event. For years the American people let the security forces and related government agencies do pretty much whatever they wanted. The Patriot Act, you may or may not know, is a version of a law that conservatives have been pushing in the US for decades, a draconian law that gives great power to investigative and police agencies. That law never got very far in Congress until 9/11. Then, thanks to Osama bin Laden, it seemed like everyone wanted it. Only now, years later, are we seriously considering rolling it back (and to some extent acting on that consideration).

So now, the railroads have been forced to come up with a disaster plan related to the oil shipments. And they did. But for the most part they won't let anyone see it. Why? Because, according to one railroad official, "... to put it out in the public domain is like giving terrorists a road map on how to do something bad."

What does he mean exactly? As far as I can tell, the disaster plan pinpoints specific scenarios that would be especially bad. These scenarios, if they fell into the hands of terrorists, would allow said terrorists to terrorize more effectively.

I'm sure this is true. But I'm also sure this is not a reason to keep the plans secret. There are three reasons, in my view, that the plans should be totally available for public review.

1) If you want to know what the worst case scenarios for a rail tanker disaster are, don't read this report. It is easier to get out a map, maybe use some GIS software if you have it, and correlate localities where the train tracks cross over bridges, cross major water sources, and go through dense population areas. A high bridge through an urban area over an important river, for instance. This is not hard. Indeed, I call on all social studies teachers with an attitude (and most of the good ones have an attitude) to make this a regular project in one of your classes. Have the students try to think like terrorists and identify the best way to terrorize using oil trains. The reason to do this is to point out how dumb the railroads are being.

2) Secret plans are plans that can be exploited or misused by those who make them. We will see security measures taken that, for example, limit public access to information unrelated to oil trains, with the terroristic threat used as an excuse. I'm sure this has already happened. It will continue to happen. It is how the police state works.

3) The plans can be better. How do I know this? Because all plans can be better. That's how plans work. How can you make the plans better? Scrutiny. How do you get scrutiny? Don't make the plans secret.

MPR news has a pretty good writeup on this situation here. MPR is fairly annoyed at the secrecy, as they should be, but frankly I'd like to seem this and other news agencies, as well as the state legislators involved, and everyone else, more fired up. We should all be working harder against the police state.

I want to end with this: I like trains, and you should too. Trains are among the most efficient ways to move stuff across the landscape. Those of us concerned with things like climate change should be all for trains. Ultimately, I think we can increase the use of trains to move goods and people, and at the same time take the trains off fossil carbon. They are already mostly electric, using liquid fuel to run generators. That liquid fuel could be made, largely, from renewable biodiesel and a bit of grown biodiesel, and more of the trains can probably go all electric. But this secrecy thing is not OK.

gregladen Tue, 08/25/2015 - 03:01

Tags

“… to put it out in the public domain is like giving terrorists a road map on how to do something bad.”

If that is the best excuse they can come up with I would guess the plan is just as shitty: based on recent history, any terrorist, domestic or otherwise, who is worth his or her salt already knows how to do something bad. If these trains haven't yet been targeted it's likely because of a decision that there are better targets around.

I'll simply add that it isn't just bridges over water that we need to be concerned about: here in Michigan there is on-going concern over an oil pipeline Enbridge (the folks who fouled the Kalamazoo River a few years ago) have beneath the Straights of Mackinac. Apparently the data they have concerning it is "too complex" for state officials to make hide or hair of. (From other sources the problem seems to be an incredibly badly written report from Enbridge, with no real effort to summarize or explain aspects of the data.)

http://www.mlive.com/news/grand-rapids/index.ssf/2015/08/enbridge_line_…

“… to put it out in the public domain is like giving terrorists a road map on how to do something bad.”

These officials seem not to have heard. There is this thing on the internet called Google Maps. It offers options for street view and satellite view, the latter of which is based at least partly on public domain images. Anybody can look at these maps and find target locations of the sort Greg describes. No assistance from the railroad companies is needed.

Security through obscurity might work with information that only two or three people know. I suspect that many more than three people were involved in producing the report. The chances that someone will talk rapidly approach 100% as you add people beyond the third. And that's even before you consider the possibility of somebody figuring it out independently.

As soon as the Patriot Act was put in place I heard the american people scream in terror....Osama YOU WIN!!! We are terrified!!!! Please Protect our zero lives oh great uncle. Here are my freedoms!
And The TT was a great political statement, but the oil & freight RR are a better economical target. Passenger targets not so much.

Trains have weaknesses and strengths. On the down side artfully damaging the tracks can lead to a wreck. Doing it at or near a population center or a vital resource can multiply the damage.

On the up side there is the fact that by virtue of using tracks trains can be, if we were so inclined and willing to allocate resources, routed away from the most sensitive areas. If a train wreck happens at a sensitive spot it is, at least in part, because someone put the tracks there. Where it is unavoidable the tracks and associated systems and controls can be designed to drastically lower the chances of an accident and/or the damage done.

Also, by virtue of the trains transporting their cargo in individual cars there is some potential to limit the numbers and amounts of volatile cargo involved in any accident. In WW2 it wasn't uncommon for trains carrying explosives to have a short train ahead of them to detect problems with the track and for the railway cars on the back train to have buffer cars, often cars filled with sand, inserted between cars carrying explosives. even in a massive derailment two or three cars filled with gravel or sand can compartmentalize the destruction.

This isn't meant to be a manual, but merely to point out that train wrecks are engineering problems that can managed through allocations of resources like any other issue. They don't have to happen as often as they do, and they don't have to be as destructive as they are.

It also has to be pointed out that pipelines are not without their own issues. Railroad issues are obvious and so they will, in time, and as political capital is allocated, be handled. Pipeline issues are less obvious, more treacherous, and are at least as dangerous.

That isn't to say that they can't be managed.

Thanks, Osama!

Yes, any terrorist worth his salt knows how to blow up stuff and create terror without having been given a "road map" — just as he knows, without being told in a newspaper story, that the NSA is monitoring his communications and therefore he will use cell phones very little, if at all, and avoid online financial transactions.

Withholding these plans from the public may indeed prevent some terrorists from coming up with really devastating attacks. But they aren't the terrorists officials should be worried about. The dangerous terrorists are fully capable of designing and executing devastating attacks all by themselves.

Once upon a time the public was asked to be vigilant about likely attack sites: transportation nexuses, power plants, cultural symbols like the Statue of Liberty, etc. The same policy should apply to these railroad scenarios.

On the other hand, I do see reasons for keeping them private. One would be to minimize public knowledge of oil tank car traffic. There's already considerable opposition to such traffic, and railroad execs know it. IIRC, it was in Seattle that a private citizen personally counted the oil trains daily for a period of time; this was the only way he could get information on them.

Ownit Deploys Wifi Routers With Security Hole Across Sweden

aardvarchaeology — Sun, 19 Oct 2014 12:07:21 +0000

Ownit Deploys Wifi Routers With Security Hole Across Sweden

My whole housing development recently changed Internet Service Providers. We now have optical fibre from Ownit, offering hundreds of megabits per second. It works just fine. But there's a security issue and Ownit aren't taking it seriously.

All over Sweden, Ownit are deploying wifi routers that work out of the box. If you want to change any settings on your router (such as the name of the access point or the wifi password), you'll find a URL in the manual which brings up a set of admin menus. Same URL on all their routers. All over Sweden.

Actually, Ownit holds the password to the “admin” account and won't tell you what it is. But if asked, they will happily tell you that there's a “user” account with a lot of the same capabilities, and give you its extremely easily guessed preset password. Which is the same on all their routers. All over Sweden. In order to change the “user” account's password you have to take independent action on that point, tell the new password to user support and ask them to change it for you.

Some users may want to run an unprotected wifi access point. Almost all users will want to give their wifi password to friends and family members, even to casual acquaintances. In either case, most people will believe that all they're opening up there is the link from people's laptops and smartphones out onto the net. But unless special care has been taken by a semi-knowledgeable owner, they are also in effect giving the same people access to the router's (limited) admin menus.

Let's say your teenage son Jack gives the family wifi password to his girlfriend Jill so she can watch YouTube on her smartphone. Three months later, Jill dumps Jack because of what he did with Zuleika behind the crafts building. Jill then walks past your house one day, stops outside the fence, sets the name of your wifi access point to “Jack.Has.A.Tiny.Penis” and changes the wifi password. All computers in your house are now off the internet. And in order to do something about this, the family's tech person will need a certain amount of knowhow and an IP cable. Note that the people most likely to end up in this situation are the ones with little knowhow who would't even recognise an IP cable.

Someone might say, "That's why people need to change their wifi passwords often!" Well, Ownit's customers aren't given the admin login info for their routers unless they ask for it. The easily guessed admin login info they need to change their wifi passwords. The login info that heartbroken and disgruntled Jill already has, for all intents and purposes, since it's the same on every Ownit router across the country.

Summing up: Ownit gives new customers unique wifi passwords. But they also need to start giving them unique passwords for the “user” account on their routers.

aardvarchaeology Sun, 10/19/2014 - 08:07

Tags

tech

Security

tech

Have these people never read The Cuckoo's Egg? Or the safecracker story in Surely You're Joking, Mr. Feynman!? Gaining access via default passwords is an exploit that has been known since at least the 1940s, as Feynman's anecdote shows: a locksmith brought in to drill a safe found he didn't need to, because the officer who had gone to some trouble to obtain that safe didn't bother to set the combination on the lock. Somebody on Ownit's payroll should have known better.

I guess they didn't want to confuse the customers or empower them to make changes that tech support will have to deal with.

They should also allow admin access only from ethernet or USB connections. No wireless. That's how my cable modem works. Check your manual.

BTW, if the URL is something like "http::/192.168.0.1", don't worry. The IP address block 192.168/16 is private, and doesn't get routed in the Internet. You can't access your neighbour's base station with it.

Sure I can, if he opens his access point or gives me his wifi password.

Thanks for highlighting the fuckwittery employed and deployed by Onwit. Hopefully, ISPs across the globe will learn something useful from this gross incompetence.

Also, I hope that people will learn to refuse sharing passwords and other account details with their (temporary) partners.

Sharing nude photos is another silly thing to do that can result in having deep regrets.

Maybe they should change their name to Unwit?

hur menar du att det på något sätt skiljer sig mot andra routrar som du både köper i butik och får från andra isp:er. Har comhem idag och det fungerar på exakt samma sätt du nämner.
Ger du ut lösenordet och inte byter det så kan personen komma åt nätet.
Skapa ist upp ett gäst nätverk som du låter folk ansluta till ist.

Två viktiga skillnader. 1) Om jag köper en router så kan jag ändra admin-lösenord på den utan att blanda in användarsupporten hos min ISP. 2) Ownit förser hela bostadsområden med identiska routers på ett bräde, alla med samma login på admin-menyerna.

Och problemet är inte att folk kan komma åt nätet. Problemet är att alla som kan komma åt nätet via din router också kan komma åt admin-menyerna på routern.

admin lösenordet lämnade de inte ut? Använderlösenordet är alltså det du vill kunna byta men det går inte?

Alla comhem kunder som kör Netgear har admin som användarnamn och password som lösenord. Det är även standard på allt från Netgear.

Hur menar du att alla kan komma åt nätet via din router? De kräver ju fortfarande din wpa kod. Den koden är unik för din router och som du nämner kan du även själv byta den?

Admin-lösenordet lämnar de inte ut. User-lösenordet kan de byta åt en om man frågar efter det.

Jag upprepar: problemet är inte att folk kan komma åt nätet. Problemet är att alla som kan komma åt nätet via din router -- för att du ger dem wifi-lösenordet, exempelvis till dina kompisar och dina barn och dina barns kompisar -- också kan komma åt admin-menyerna på routern.

Okej och du kan inte själv på något sätt byta det menar du?

"Problemet är att alla som kan komma åt nätet via din router — för att du ger dem wifi-lösenordet" Vad skiljer sig där mot vilken router du ens har? Ger du någon till gång till ditt nät så ger du dom till gång till det.

Ifall du inte vill ge folk tillgång till varken menyer eller nätverket via din router så är det väl bara att sluta lämna ut wpa koden? Ifall du vill ge folk tillgång till enbart internet men inte till ditt lokala nätverk eller webgränsnintet så aktiverar du enbart gästnätverket och låter gästerna använda det. Sen håller du hårt på wpa koden till ditt huvudnätverk, eller gör en maclåsning så enbart de du godkänner kan ansluta.

Återigen förstår jag inte hur du menar att det här är ett unikt problem för en ISP.

Nej, jag kan inte byta user-lösenordet utan måste be användarsupporten göra det åt mig.

"Aktivera gästnätverket" är långt bortom det begripliga för de flesta av mina 200 grannhushåll, där många är pensionärer. Jag tror för övrigt inte man kan göra det från user-kontot. Och att user-kontot existerar står inte i bruxen.

Jag kallar det ett problem, men om det är unikt vet jag inte.

"“Aktivera gästnätverket” är långt bortom det begripliga för de flesta av mina 200 grannhushåll, där många är pensionärer. "

Du ser inte att det är ett problem då rent allmänt att de antagligen inte klarar av att byta varken wifilösenord eller admin lösenord? Om vi ska generalisera så skulle jag säga att den stora massan på sin höjd logga in i sin router vid ett tillfälle och det är när de köper den för att lägga lösenord på sitt trådlösa, vid de tillfällen de inte har ett från fabrik.

Jag återkommer imorn efter jag varit hos min far som har Ownit och router ifrån dom, sist jag loggade in så tyckte jag att det fanns möjlighet att aktivera just ett gästnätverk. Men jag kan minnas fel. Lösenordet för användargränssnitt tänkte jag inte ens på, då jag personligen aldrig ändrat det på någon av mina routrar. Då det fortfarande krävs att jag släpper in någon på mitt nätverk för att de ska ha åtkomst till den delen.

När en säkerhetslösning inte funkar så är det lösningens fel, inte användarnas. Tekniken skall funka för dem på deras nivå.

Jag är tonårsförälder och har ett stort umgänge. Tro mig: folk delar ut sina WPA-koder / wifi-lösenord till höger och vänster. Den står på en klisterlapp på routern.

Jag förstår absolut hur du menar, men det är exakt samma säkerhetslöning som i alla andra routrar. Det blir aldrig säkrare än du låter det vara, skyddar du inte din nyckel så är det osäkert. Maskera över nyckeln om den står oskyddat på routern. Jag antar att du inte lämnar bilnyckeln till någon du inte vill ska köra din bil heller?

Sen tillbaka till problemet att alla nu skulle ha samma user-logg in. Det är ju bransch standard? Ifall du finner att det är ett så stort problem bör du väl rikta fokuset på rätt ställe och inte på en liten svensk isp?

Ingen aning. Jag skriver om det problem jag är medveten om.

Martin, what happens to your telephone if the power is out for a week, such as during a natural disaster? How do you get help in an emergency?

In the quest for unlimited entertainment, we destroyed a network that was robust, resilient, and reliable. And what we've ended up with is a network architecture that is totally broken. From spam to cyber-theft to identity theft to cyber-stalking, viruses, worms, spyware, malware, to the ultimate threats of cyberterrorists or hostile nation states taking down entire countries' infrastructure.

All so we can have a gazillion channels of TV on demand and post selfies. Ugh.

That's not the original internet that was supposed to facilitate scientific and other academic pursuits, or usher in a new age of universal literacy.

Instead, what we've ended up with is a sewage system infested with psychopaths, facilitated by the inherently fatally flawed architecture, and fed upon by an entire parasitic layer of badguys and expensive security band-aids.

Really: It's time for an entirely new network architecture.

(OT) Hong Kong leader complains: Allowing democracy would let poor people dominate elections http://www.rawstory.com/rs/2014/10/hong-kong-leader-complains-allowing-…
isn't it sweet that members of the rich oligarchy and the Chinese communist party are on the same page?

Är det samma tillverkare (Tilgin) som det rapporterades om redan för 5 år sedan?

http://www.tbg.nu/news_show/142018/1

Nej, det här är en annan.

Going off on a tangent (but relevant for internet)
Interview with William Gibson: The Future Will View Us "As a Joke" http://www.motherjones.com/media/2014/10/william-gibson-peripheral-visi…

Grain elevators, terror plots, and what's actually risky

lborkowski — Wed, 07 Sep 2011 13:01:00 +0000

Grain elevators, terror plots, and what's actually risky

American Public Media's Marketplace program is taking a look at "the economic legacy of 9/11" this week, and this morning's story focused on security spending in the private sector. Marketplace's Jeff Horwich highlighted an unexpected example: security for grain elevators.

For you city-folk, grain elevators are America's rural skyscrapers. Farmers dump their corn, wheat, soybeans. Trucks haul it out to feed the country. Even though elevators are mostly in the middle of nowhere, Bob Zelenka of the Minnesota Grain and Feed Association says you never know.
Bob Zelenka: It's on the edge of town, so could somebody step in here and adulterate some grain? I guess it might be easy enough to do. But those are the kind of things we've changed -- in terms of locking down, which we never used to do, being aware and vigilant.

9/11 meant new fences, lighting; training on what to do with suspicious requests for ammonium nitrate, a fertilizer that can be used make a bomb. Many grain elevators also store farm chemicals. Zelenka says elevators are now required to track every kernel -- where it came from, and where it's going.

Zelenka: It's been thousands of dollars that elevators have spent. You take that times 14,000 elevators nationwide, and that's a big chunk of dough.

Ohio State professor John Mueller suggests to Horwich that huge investments in security are not worth it for facilities that are very unlikely to be targets. He notes that nearly every terrorist plot that's been foiled since 9/11 has had a government target, and none has targeted the food supply.

There may be a very low risk of grain elevators figuring into a terrorist plot, but that doesn't mean grain elevators aren't deadly. Each year, several workers get engulfed by grain at elevators and storage facilities -- sometimes because they fall into a bin full of grain, sometimes because they're ordered to walk on the grain to get it flowing. Some of these trapped workers are rescued, often after being buried in several feet of grain for hours. Others suffocate. (We've written in more detail about the problem here, here, and here.)

Purdue University's Agricultural Safety & Health Program documents US grain entrapment cases, and noted earlier this year that these events are happening more frequently than they used to:

Based upon the cases documented to date, no less than 51 grain entrapments occurred in 2010. In addition, there was at least one reported incident of a first responder who required medical treatment due to respiratory issues occurring during a rescue and recovery operation. This is the highest number ever recorded; the previous highest number of cases occurred in 1993 when 42 were documented. The 2010 total compared to 33, 34 and 38 cases documented during 2007, 2008 and 2009 respectively.

We know how to prevent grain bin entrapments, and it doesn't take huge infusions of money. Last year, after two teenagers were killed in an Illinois elevator, Assistant Secretary for Occupational Safety and Health David Michaels sent a letter to operators of grain storage facilities and reminded them what they should be doing to protect their workers. One of the requirements is to provide employees who enter bins with body harnesses and lifelines (which cost money), and the rest are sensible practices: turn off augurs and other powered equipment when workers enter storage bins, prohibit employees from walking on grain to make it flow, have an observer to watch employees when they enter the bin and provide assistance if necessary, etc.

I hope the grain facility operators who've gone to a lot of trouble to guard against terrorism have invested as much time and money in the security of their workers. Equipment and training for grain-bin safety is one investment that we know saves lives.

lborkowski Wed, 09/07/2011 - 09:01

Tags

Occupational Health & Safety

Hear hear. The hypothetical boogeyman of terrorists poisoning our food earns lots of money and concern, yet no serious efforts have been made to reduce the fatalities that occur every year because of grain elevators being extremely dangerous places to work. Heck, I'd think a terrorist would be more likely to get himself killed than to succeed in poisoning America, just based on what happens to experienced grain elevator employees every year. Safety harnesses and tagout procedures should be mandatory. A grant to buy harnesses would go a long way to reducing the deaths, and would cost less than the insurance payouts to the families of those who lose loved ones. Yet this seems to be invisible to the people who decide where to send money, unlike terrorism, which remains visible and much feared despite its relative rarity. Perhaps it's like how there was massive media coverage of the seven astronauts killed on Columbia, but when a NASA minivan went off an embankment, killing the seven employees inside, there was barely a paragraph. We are blase about certain risks, because we face them every day, and so we resist doing anything about them.

Grain elevators (and mills) are prone to accidental explosion. The hazard is caused by dust, flour, and corn starch. Elevators are large, imposing structures, and their collapse (accidental or otherwise) makes a big difference to the local landscape. Explosions are usually quite loud, and there are large plumes of dust and smoke. Intentional grain elevator explosions, perhaps at Great Lakes port cities with substantial populations to witness them, could certainly fulfill the aims of a terror campaign.

How much overlap is there between terrorism fear related security and more general food supply security?

For instance, when there is a pathogen in the food suppy, if they are really tracking every kernel of corn, that could be good.

Callie, that's a great example of NASA minivan vs. shuttle fatalities. And people's attitudes towards different risks is indeed often irrational (to say the least!).

Mike, you may have hit on a way to get better action on combustible dust, which is a hazard in many workplaces. Too many employers let combustible dust build up and don't seem concerned about the (very real) possibility that a single spark could turn into a massive explosion - maybe they'd feel more inclined to clean up their facilities if it were pitched as a homeland security issue? Or security rhetoric might help OSHA fast-track its combustible dust standard, which seems to be stuck in the slow lane.

Greg, I had the same reaction to the bit about tracking every kernel of corn - that's exactly the kind of info necessary for tracing and stopping foodborne illness outbreaks, which occur pretty regularly (and not due to sabotage).

When I saw the title of the post, I thought it would be about the high-but-ignored risk of grain elevator explosions through routine negligence vs. the low-but-popular risk of terrorist bombings.

But those are the kind of things we've changed -- in terms of locking down, which we never used to do,

I don't suppose the shift from $2.00 a bushel corn to $7.00 a bushel corn had anything to 'locking down'.MoM

To the author and Calli,
I work for an agricultural products manufacturer and know with certainty that grain storage facilities are investing a lot of money to improve the safety of their facilities. Not every facility has upgraded safety features yet, but progress is definitely being made. Improvements are being made in both equipment and policies. It is misinformed to claim that the everyday risks are being ignored.

Demography, Destiny, and the Need for Family Planning Worldwide

lborkowski — Mon, 23 May 2011 18:00:59 +0000

Demography, Destiny, and the Need for Family Planning Worldwide

The saying "demography is destiny" reportedly dates back to 19th-century social scientist Auguste Comte, and it's still popular among journalists. Earlier this year, for instance, Alan Wheatley of Reuters warned about the challenges Asian countries (especially Japan) will face as over-60 residents make up ever-larger shares of their populations. His article also touches on the challenges for countries that face the opposite problem: a large proportion of young residents, or "large cohorts of angry, unemployed young men" prone to causing turmoil.

A recent Council on Foreign Relations report, Family Planning and U.S. Foreign Policy, describes the relationship between rapid population growth and civil unrest and recommends that US foreign policy and assistance focus more specifically on fertility rates. Authors Isobel Coleman and Gayle Tzemach Lemmon explain the issue this way (references omitted):

The connection between demography and political instability is not linear, and there is certainly no demographic threshold that when met "dooms a state to upheaval or tyranny." However, rapidly growing populations are more prone to outbreaks of civil conflict and undemocratic governance.
The age structure of a country is a particularly useful indicator for analyzing the risk of conflict in a certain country. A population age structure refers to the relative proportion of different age groups within a country's total population and reflects a country's progression through the demographic transition. Countries characterized by a very young or youthful age structure--where at least 60 percent of the total population is under the age of thirty--are more likely to experience civil conflict or undemocratic governance than those with a more balanced age structure.

They note that these demographic factors are intertwined with the global trend toward urbanization:

Urban growth and the youth bulge are connected. In countries where agriculture is declining, many young adults migrate to urban centers in search of education, employment, and opportunities for immigration. Urban centers, which are fertile grounds for the expression of political protest, tend to have unusually high proportions of young adults in their working-age populations. This same research has shown that growing trends of urbanization, along with a growing youth bulge in many countries, are exacerbated by low levels of per capita cropland and/or fresh water. Taken independently, these two factors are not seen to be a risk factor in civil conflict, but paired with the known risks of urbanization and a youthful population, they can become destabilizing. In the 1990s, approximately half of all countries with high proportions of young adults and low levels of one or both of the critical resources of crops and fresh water experienced an outbreak of civil conflict.

Other researchers have argued that scarcities of critical natural resources undermine the ability of agricultural economies to absorb the available labor pool, which promotes landless poverty and accelerates the growth of urban slums. When jobs are scarce, a large and growing youth bulge can lead to increased discontent, crime, political unrest, and radicalism. High rates of urbanization can also produce slum housing and inadequate services, increasing the risk of crime and civil unrest.

Slower population growth can reduce these pressures, and over the past few decades several countries have succeeded in reducing fertility rates by expanding access to family-planning services. Coleman and Lemmon report that fewer than 10% of women of reproductive age in the developing world were using modern family planning in 1965; by 2005, that number jumped to 53% (and this excludes China). As a result, the average number of children born per woman has dropped from more than six to slightly more than three.

Family planning isn't just about ensuring that fewer babies are born; it's about allowing women to time and space their children's births to improve health and survival prospects for mothers and babies alike. Girls who give birth when they're between the ages of 15 and 20 face double the risk of death of women in their twenties - and nearly 1,000 women are dying each day from pregnancy-related causes, Coleman and Lemmon remind us. And the spacing of pregnancies is also important:

Pregnancies occurring less than six months after a preceding live birth are associated with a 150-percent increased risk of maternal death. The risk of newborn mortality is also very high for children conceived six months after the birth of the preceding child--this risk is three times that for a child born at least thirty-six months after the preceding birth.

High-quality family planning has been demonstrated to reduce maternal, infant, and child mortality - and these positive outcomes can lead to other benefits:

High fertility rates can lead to a vicious cycle of poverty at the community, regional, and national levels. The quality and availability of family planning services is instrumental in interrupting this cycle and creating stronger, more stable families and communities. Increased access to modern family planning allows men and women to lead healthier lives and has a positive domino effect on their socioeconomic environment, including a decrease in the high costs of social services (such as health services, education, and social safety nets), a decline in the burden of unemployment, and reductions in stresses on infrastructure needs (such as water, sanitation, energy, transportation, and housing).

In addition, research has shown that slowing population growth is an effective strategy for reducing greenhouse gas emissions. One recent paper states: "Using an energy-economic growth model that accounts for a range of demographic dynamics, we show that slowing population growth could provide 16 to 29 percent of the emissions reductions suggested to be necessary by 2050 to avoid dangerous climate change."

The authors cite research that calculates fulfilling today's unmet family-planning needs would cost $3.6 billion more than what's already being spent - but that investment would save $1.5 billion.

"In 2007 alone, U.S. international family planning assistance enabled modern contraceptive use by more than 56 million women in the developing world," Coleman and Lemmon write. Still, we could do more. The report closes with five recommendations for the US:

Prioritize family planning in U.S. foreign policy
Increase U.S. family planning funding
Increase access to family planning
Encourage political support for women's health within countries receiving aid
Expand resources into countries with highest unmet need

As Coleman notes in a blog post at The New Security Beat, international family planning is a controversial issue in US politics. If we reduce or withhold family-planning assistance based on economic or political concerns, though, we'll be missing out on a cost-effective way to promote a healthier, safer, and more prosperous world.

lborkowski Mon, 05/23/2011 - 14:00

Tags

Public Health - General

urbanization

Council on Foreign Relations

Is Your Love Enough? Loving Your Neighbors and Working With Them Whether You Like Them Or Not

sastyk — Tue, 09 Nov 2010 08:45:08 +0000

Is Your Love Enough? Loving Your Neighbors and Working With Them Whether You Like Them Or Not

Variations on the obligation to love one's neighbor show up across both the religious and secular spectrum. They tend to provoke a range of responses - from those who attempt to sort out what loving people who are not part of your immediate tribe would mean, to those who reject the necessity. This is not an easy idea - and even if you can sort out what it means to love people who you may not know well, or like much, or even trust, or know how to get to knowing, liking and trusting - it is a damned hard thing to put into practice. I want to talk a bit more about why even use the word love, or why we might want do the hard work of finding a way to love others.

Because rather than talking about "working" with your neighbors or "getting along" or "building community" - all languages I use at times, I did want to talk about the problem of actually loving them, despite the difficulties that the word "love" evokes. I think it is the correct word, in fact. Instead of thinking of "love" as a particular feeling you have to evoke, we think of it as a larger structure for our relationships, an economy if you will, in the, literal sense of the world, a way of organizing our world.

The danger, of course, of speaking about love is that it evokes a range of things - religious beliefs, romantic and familial feelings, and occasionally a certain dippy, intellectually vacant inspecificity, the idea that our relationships will all be productive if we do group hugs and sing in a circle regularly. But in fact, I'd make the case for a language and world of love that is as rigorous as any mathematics, as formally structured as any economy.

That is, it is not loving people to express things lovingly all the time. It is not loving one another simply to articulate your common ground, or to allow everyone to "express" their differences, being universally supportive, or falling backwards off a chair. Love is needing each other - not in easy or cheap ways, but really, truly needing one another. It does not require that you share beliefs, or even like each other - all of us can call examples from our biological families that support this fact.

In this, love is not a feeling, or a particular social practice. It is the replacement, at least when possible, of a world that thinks in terms of maximization of personal profit and extraction with one that maximizes interdependence and the well-being of the group, not just the individual. And it requires that we risk depending on one another - that we give up the personal washing machine, and trust that our neighbors will share. That we trust that our children will care for us when we grow old, and they trust that we will help them as they get started. It requires, that is, that we extend outside of our most intimate world our need - and allow others to fulfill it, knowing that things may never come up truly even.

I think it may be that the most frightening thing about the loss of our fossil energies is that we will again be thrown back upon our own resources - and if we think of our personal lives as having to replace each and every watt and gallon, we know we can never make it happen. So "our own" has to expand into a larger community. We have to be able to risk that to survive. And that risk is ugly and frightening if we think that all it is is a risk - but it changes when we begin to think about that vulnerability as both creating the conditions to be loved, but also, creating and increasing the capacity to love.

I think a lot of people find the notion of being dependent upon others frightening, and not without reason. Other people are, after all, much less reliable and far more complicated than lawn mowers, dishwashers and private cars. And when, as often happens, the balance of what they do for me shifts, and I've done less and they've done more, I'm grateful, but uncomfortable with the necessity of gratitude at times. Risking owing someone more than you can pay is frightening. Indebtedness is difficult. No one wants to be the one who owes more, and most of us are on some level afraid of being taken advantage of as well. But more than being owed, I think we're afraid of owing.

We have this notion that all debts must be paid, when in fact, the only way all debts can be paid is if you live wholly and purely in a money economy, and never at all in the economy of love. We probably cannot love one another if we are too afraid to share. And we cannot go forward by replacing in each private home, a full set of low energy, private infrastructure. As Auden put it, the stakes are simply these - we must love one another or die.

And in fact, the economy of human love is what we're moving towards as we give up our electric tools and our reliance on the grocery stores and replace them with reliance on our neighbors, our families (biological or chosen) and our communities - that is the basic nature of community, or family - an unbalanced, imperfect, inadequate set of exchanges. Barter, and sharing and community are, as people often point out, far less efficient than money. That lack of efficiency is entirely the point.

Money allows you to figure out what things are "worth" - with barter or simple sharing, there are things that can never be quite worked out. Is that firewood equivalent to 20 dozen eggs and a bushel of plums? Was it really enough for me to babysit in exchange for the help getting the gutters cleaned out? Should I make some cookies too? What is the correct repayment to some for loving your child, or helping care for your elderly parents, or for chasing the local pest dog across an icy field to rescue your chicken, or pulling your car out of that ditch, other than someday doing it for them, or for someone else in need?

Things never come out evenly. You always have to be grateful, and thus, dependent. If we give up all the things that have stood as barriers between ourselves and the people we need, that have enabled us never to be dependent, we're never again going to be square. The only hope is that the person you are working with or bartering with or sharing with is secretly afraid that she/he hasn't done his fair share either.

But then again, that's what love is, isn't it? I've never met anyone who loved someone, or was truly loved by someone else who didn't secretly think that their spouse (or parents, or child or friend) was crazy to love them, that if they could really see all the way through, they'd realize how inequitable things are, and how little they deserve that love. So you end up just being grateful, feeling damned lucky that this time, you got more than you ever deserved. That some miracle, or gift appeared to you, and someone loves you.

Now we may never feel love for the guy down the street who leaves his motor running all morning in the same way we love our partners or children or parents. But we can have with him and with most people (not all, but most) those same moments of feeling we haven't done enough to deserve the help we get, the trust we can have in him when he drops off the kids at school or helps you fix the roof. You don't have to even like him to feel that moment of certainty - that you have gotten better and more than you truly deserve. And then you find a way to return that feeling, to make him say "Well, they are weird, but we're lucky to have them."

That is the love economy - the sense that you can never quite be even, that you never get only what you deserve or what you earned. It is hard to articulate what it is that you do get - that along with the eggs or the hands or the shoulder to cry on, came something that most of us know now only through lovers, children, parents, G-d, if that's your sort of thing. I think the easiest, although religiously laden word for it is "Grace."

My claim is not that the money economy is going away, not that we will all have the energies to live entirely in the world of love every moment, that every exercise in dependency and community will be a success. It is simply this - we will learn to love each other, or we will face a much harder and darker world. And our success in that world will almost certainly depend on the space we can find for an economy of love in the economy of money, and a culture of love in the culture of distance.

Sometimes all you and your neighbors will have is is "I've got honey, will you give me carrots?" And sometimes all neighbors are are someone you can ask to help pound the fence pole in. And sometimes all friends are is the person you sit down at the table with you and laugh. But the day you start to trust that your neighbor will remember that you need some carrots, and the day that your neighbors step away from their own work, no matter how urgent, because keeping you secure and your sheep in is more important than their work, and the day that the friend sits at your table, and shares the fruits of her garden and you the fruits of yours, and you eat and you eat and you eat and you are full together of what you share, you have achieved not just community, but grace, and an economy of love.

Sharon

sastyk Tue, 11/09/2010 - 03:45

Tags

These sentiments and philosophy apply to 'most' people, but that leaves plenty of the other type around. By that I mean the person that takes and feels no need to 'pay back', or simply is so unpleasant they get what they want to make them go away/shut up.

I have noticed that both approaches work very well for many people. It is annoying in times of plenty, but what to do when this describes your neighbor in hard times?

To me, love is reciprocated. If not, the act of ___ is simply for your own pleasure. Which is not a bad thing! I certainly enjoy the feeling when I help someone, tip my hat, and walk away. But it is not love in any context beyond a cosmic/karmic love. And that will not be putting dinner on the table tonight! If one believes in the rule of three, or some other system of rewards for good deeds, one can attribute a later event to your actions now. But in a strictly pragmatic sense, there is no connection. So how much love do you put out there without demanding a return?

Good stuff. Good points.

Some experience to offer: a couple decades ago I founded a conservation oriented non-profit. It's thriving today; and has a working membership that crosses all political barriers; I know we've got flaming liberals and tea partiers and Reagan Republicans, in close to equal numbers. They all get along absolutely fine, inside the boundaries of the organization.

I set it up that way; and was lucky enough to get it to work, and to keep working. A basic rule is - forbearance. We KNOW we'll disagree like crazy on politics; ergo; we just don't go there, at all, in this place. The amount of work they get done is huge.

And the "love" bit is there, though they wouldn't call it that. The members trust each other, and would certainly help each other out, outside the boundaries, now that the personal connections exist.

It does, and always will, take constant awareness, and work, to maintain the "forbearance" policy. It can be done.

Your "economy of love" reminds me of a gift economy; something I learned about by reading Kim Stanley Robinson's Mars trilogy. In a gift economy, one has an obligation to give to others; if one instead hoards, then either there are social sanctions or one's possessions lose value in some way. The classic examples of gift economies, I believe, are found in some Pacific Northwest Native cultures.

Robinson also points out that science functions through a gift economy: when a scientist writes a paper, she isn't trading the knowledge for something else concrete, she's contributing it to the scientific community as a whole. And science also requires a certain amount of not-directly-compensated work (e.g. refereeing journal articles) to function well. Is science an economy of love?

When my grandfather died and the entire extended family came from all over to our small house for the funeral, I was overwhelmed by the gifts of food that the church people sent - platters of vegetables, ready to eat, frozen lasagne so all we had to do was reheat it, one friend even said "any night you want, just order Chinese and pizza - I'll pick up the bill". I said to my mother, "How will we ever repay these people?"

She said something that has stayed with me ever since: "We will never be able to repay them - we are making a withdrawal from the Bank of Human Kindness ... and when we are able, we'll make deposits. It doesn't matter if we pay *these* people back - it matters that when we can do something for someone, we do it."

I have had many occasions to make withdrawals from the Bank of Human Kindness - and thankfully, many opportunities to make deposits. It always makes me feel good to help someone else, knowing that some day, it might be me. Where I live, it's icy and snowy much of the year ... everyone hits the ditch at some point, and someone always stops to pull you out if they can, or at least to see if you're okay and call a tow truck if your phone's not working or something. Inevitably, when you say thank you, the person says, "hey, next time, it might be me."

It's a good attitude - I guess you could say it's a loving attitude.

Love your neighbour ... even if they're weird. :)

I have noticed that both approaches work very well for many people. It is annoying in times of plenty, but what to do when this describes your neighbor in hard times?

@Bunchberry:

if one instead hoards, then either there are social sanctions or one's possessions lose value in some way.

Basic principle of a demurrage currency.

Sharon, Thanks for putting this into words. It is as valuable to me to love neighbors and strangers as is knowing how to grow food or tend my little flock. It is all part of one whole, I would not do without any of it if I had a choice.

As my body becomes less "wash and wear" and more "high maintenance," I reflect on how my needs for help are increasing.

Already there are younger people helping me out from time to time. That indeed is grace, to me.

..science functions through a gift economy..

The "scientist" submits a grant proposal to the National Science Foundation or National Institute of Health, it is reviewed and perhaps funded with taxpayer dollars. I wouldn't exactly call paying taxes a "gift." Once funded, very poorly paid graduate students & post-docs, operating in what essentially amounts to a serf economy, do the actual research. At this point the "scientist" or "primary investigator" (PI) has already lost interest in the project and is busy writing another grant proposal. The only thing that matters when it comes to promotion to full professor or attainment of tenure is how much grant money the PI is able to obtain for his or her department. It isn't even about how much they publish. It's solely about one's track record at bringing in the bucks. If novel information gets added to the aggregate of human knowledge that's fine, but is actually incidental to the real objective which is to transfer wealth from the taxpayer to the university department where one is employed. If you want to call such a system a "gift economy," Bunchberry, or an "economy of love," go right ahead but be aware that by doing so, you're certainly adding novel twists to the definitions of the terms "gift" and "love."

darwinsdog -- of course, you are right, in the sense that in my original comment I ignored the fact that (most) scientists are paid by somebody.

I have to say I disagree with your cynicism about how science actually works: I don't think it is universally true that "the only thing that matters...is one's track record at bringing in the bucks." But it is also certainly true that much of how science currently functions (in the US, say, to be concrete) deserves cynicism: it's dehumanizing to the people involved and also leads to overly narrow and ``safe'' science being done. And often your summary is only too accurate: in particular, there is certainly much too much of a "serf economy" in science and in academia in general. I would argue that often the anti-social elements that you point out distort the quality of the science that gets done.

Let me talk about my own experience. I'm funded currently by a combination of a grant and by the university where I work. The university pays me to teach, straight up. That feels to me like a money economy thing. Not a problem, just what it feels like.

But part of my job is to do research. I don't wake up in the morning and think, "If I discover something really impressive today, I'll get my grant renewed/get tenure/whatever." When I publish a paper, yes, of course I want it to contribute to future grant renewals and to tenure/promotion decisions, but that isn't what motivates me day-to-day. Day-to-day, I want to figure things out, and that's what motivates me. And when I figure something out, I want to let other people know about it. The "exchange" between making scientific progress and maybe a future grant renewal feels pretty tenuous. On a day-to-day level, the research part of my work is done in some sort of gift economy.

Now, all of this is from my perspective: early-career, just started a tenure-track job, and I'm a mathematician, so I don't have grad students or postdocs doing experiments for me. I acknowledge the possibility that I am not seeing the way that science is actually done clearly or that I'm being overly idealistic. But I think that this sense of wanting to get knowledge out there and of informal obligation to the community of scientists and to science does motivate others, not just myself.

For me, reading Robinson's thoughts on science as a gift economy was a pretty transformative experience. I encourage you to look at what he has to say for yourself.

darwinsdog,

I am sure you are correct in many institutions - including the local public school board.

But . . there is room. When the president of the board/university uses a different measure for what is good for the institution and community - there is room for treasuring skill and aptitude, for effectiveness in furthering whichever goals the administration sets. Teacher's unions permitting, of course, 'cause often the Dept of Ed and teachers unions pull schools at all levels in directions to further goals not treasured in the community.

So rather than denigrate all university environments, and trade schools, and public schools, and corporations, and communities and counties and states - look to the leadership, and denigrate those that actually, by their performance, instituted reigns of terror, of neglect, of abuse of community and those they should be serving.

@ Sharon,

I am not comfortable with the notion of an economy of love. I think the issue I have comes from childhood teachings, that we are each responsible for ourselves, for our "spirit". I think love is an action of our spirit, a binding of us to "them" - whoever "they" are. Sometimes we discover that the binding - love - has formed without our being aware, other times we deliberately look around, and not just notice but actually see those around us, and act to sustain their joy and well being as well as support ourselves.

Sometimes we bind ourselves to a mirage we create of who the person is, and the love or binding is fragile. The better we see and know one another, the less chance the love breaks apart because we deceived ourselves. I think the first part is to learn to know one another.

One aspect of affluence is to have control over the resources one needs for comfort and necessities. Much of the interpersonal, community action you mention are reminders of times of affluence - that is, resources are available to support everyone in the community, but no cash to use to measure one's affluence - or needs.

What you call an economy of love, I think I call a healthy spirit. I can choose to embrace the needs of those around me, and choose to pay attention to who those around me are, and what their needs are, and then to act when their needs arise or my abundance overflows my own needs. That, I consider, is a healthy spirit, with regard to my community and my place in that community.

"Well, they are weird, but we're lucky to have them." And that "lucky to have them" part is an important observation. Looking beyond what is strange (or even, *gasp*, actually "weird"!) is an important step. You put aside trust for the moment, and look for something to respect, or even treasure, in a mature act of kindness, of responsibility, of deliberately acting to nurture your own spirit. (I could do with a bunch more of such actions.)

Blessed be!

Thank you, Bunchberry, for your thoughtful response.

A couple of things you say stand out for me. First, things may be different in a mathematics department than they are in departments of the empirical sciences. Also, although you don't describe the institution you work for, things are undoubtedly different in smaller state schools that emphasize undergraduate instruction than they are in large research institutions. My description of the academic environment primarily pertains to the latter. In large research institutions one's prestige is measured by how little one actually teaches. Teaching is considered an odious task to be left to TAs or adjuncts.

Another thing is that you describe yourself as being early-career. No doubt that young people are drawn to the sciences & to math out of love for the subject matter and desire to discover novel knowledge, to figure things out, to gain understanding of how the world works and to share that knowledge and understanding with others. After all, if wealth was their motive they wouldn't go into the sciences at all. But if one's graduate student experience fails to instill cynicism in the academic grind, early immersion in departmental politics surely will. I hope that as your career progresses you will retain your zeal. If you manage to pull that off, you will constitute a distinct minority, perhaps a minority of one. This in itself can be disheartening. Hang in there Bunchberry. Probably the truth lies somewhere between your "idealism" and my "cynicism." Best wishes.

Life is relationship. Love is unconditional relationshup.

Good topic, nice comments.
Reminds me of a friend on holiday in Fair Isle (find a small dot north of Scotland) where an old man told her; "You don't always expect to like your neighbor here, but you surely need to love them."
My personal view is that if actually we got "what we deserve" we would all have severe problems.
best
phil

This is a beautiful, inspiring post that I keep coming back to read again. Thank you.

One thing's for sure. We'll discover how much we love one another when Yellowstone blows up. Then, I hope it'll be all for one and one for all. We're at our best when things are at their worst.

Sharon - I appreciated your post, and agree in general with your conclusions, and I thank you for raising this topic. However I do quibble with your definition of love...

Love is a very over-used word: the English language really needs more than one word to cover all of the meanings attributed to "love", but the primary definition centres around affection.

To define love as "needing each other" is to seriously misunderstand the nature of love.

Affection, compassion, giving, caring: these are all aspects of love. Needing, wanting, taking: these are not love.

Love is about giving. It comes from the heart. Love is selfless - it flows from the centre of our being outwards to other beings.

Love is not about "needing each other". It is about giving selflessly to others, with no thought or expectation of return.

123456 most common password?

razib — Thu, 21 Jan 2010 03:53:34 +0000

123456 most common password?

If Your Password Is 123456, Just Make It HackMe:

Back at the dawn of the Web, the most popular account password was "12345."

Today, it's one digit longer but hardly safer: "123456."

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google's e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like "abc123," "iloveyou" or even "password" to protect their data.

...

Imperva found that nearly 1 percent of the 32 million people it studied had used "123456" as a password. The second-most-popular password was "12345." Others in the top 20 included "qwerty," "abc123" and "princess."

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

Many people are assuming that Google's current row with China has more to do with protecting the reputation of its cloud computing services than idealistic motives. But really, the end user is the root of some of the problems of security within the cloud.

razib Wed, 01/20/2010 - 22:53

Tags

Technology

Passwords

Security

Obama's Ridiculous Airline Security Proposal: Fly Naked

grrlscientist — Mon, 28 Dec 2009 01:15:19 +0000

Obama's Ridiculous Airline Security Proposal: Fly Naked

tags: airline security, homeland security, Umar Farouk Abdulmutallab, Lagos Murtala Muhammed International Airport, LOS, President Obama, politics

Helping Airport Security: Fly Naked.

(orphaned image)

By now, you all are aware that yet another privileged young extremist man, 23-year-old Nigerian Umar Farouk Abdulmutallab, boarded an airplane bound for the United States with the intention of blowing the plane up and in doing so, ending hundreds of innocent civilian lives. If you know that, then you also know that several passengers and the authorities caught Abdulmutallab as he tried to detonate explosives shortly before the Northwest Airlines flight was scheduled to land in Detroit -- explosives smuggled in his underpants. What was President Obama's reaction? Astonishingly, instead of reacting in a thoughtful way, he "did a George W. Bush" by reacting in the same mindless, kneejerk way that Bush was famous for: attacking the civil rights of innocent people by ordering that all air travelers in America undergo yet more invasive and degrading security checks.

Nevermind that such increased security screening would not have stopped Abdulmutallab since he was flying into the USA and had already passed through at least two security checks already.

Instead of asking how Abdulmutallab managed to board this flight, President Obama instead accepts that he deserved to board the plane -- he paid for his ticket, didn't he? Nevermind the fact that Abdulmutallab originally boarded his flight in Lagos, Nigeria -- an airport that is recognized internationally as having generally subpar security. Nevermind that Abdulmutallab paid more than $2000 in cash for his ticket -- a considerable sum of cash in any country. Nevermind that he did not carry or check any baggage for this long international flight. Nevermind that he was already on an international watchlist after being barred from entering the UK for claiming he was studying at a bogus college there. Nevermind that embassy officials were warned several weeks ago by Abdulmutallab's own father regarding his growing concerns over his son's increasingly extremist ideas.

All of this information was already known by airport security personnel. Any one of these behaviors is a "red flag" to airline security indicating an increased potential for terrorist behavior. Taken together, all of these "red flags" are sufficient to be added to an international "no fly" list. Yet all of these "red flags" were ignored at the Nigeria airport and at the Amsterdam airport, where Abdulmutallab boarded his connecting flight to Detroit.

Instead of using the information that they already have in their possession, President Obama openly advocates attacking every airline passenger's civil rights through the use of full-body scans, which are expensive, time-consuming, ineffective and are a gross invasion of personal privacy.

One such full-body scan technology are "backscatter" machines, which cost more than $200,000 per unit. These machines reveal anything that a person is concealing on their body -- from lost tailor's pins in their suit jacket linings and nipple and belly button rings to sanitary napkins in women's panties. These items appear on the scan as a "as kind of a gray mass," according to Douglas Laird, former security director for Northwest airlines. When these "grey masses" show up on a scan, do I need to tell you what the inevitable reaction will be?

But full-body scans are yet another kneejerk reaction. Need I point out that few existing scanners can detect weapons carried inside a person's body? Shall we require a complete body cavity search for every passenger prior to boarding their flights?

Need I point out that few existing scanners can detect chemical weapons? The equipment that we currently have can only detect one chemical at a time and must be recalibrated for each substance. How many weeks prior to our scheduled flights must we show up at the airport?

Worse, biological weapons are undetectable using current scanning technology -- remember anthrax?

Oh, and need I mention that every pervert and misogynist will immediately leave the Catholic priesthood to receive training as a body scan screener at their local airport?

Where will this renewed demand for increased "security" bring us? Will all airline passengers be required to strip down completely and fly naked? This scenario isn't as tongue-in-cheek as you might think. Don't forget we are required to remove our shoes before passing through security due to infamous "shoe bomber" Richard Reid's attempt to smuggle explosives aboard a flight in his shoes in December 2001. We aren't allowed to bring liquids on board flights because of the 2006 plot to blow up jetliners using explosive liquids, discovered in the UK. Don't forget that new mothers were forced to drink their own breast milk meant for their babies due to this particular security requirement.

Thanks to Abdulmutallab, I expect that the next time I fly, I will be required to take my panties off and send those through whatever security inspections are required, which will probably include a sniff test administered by a specially-trained pervert with a keen nose.

grrlscientist Sun, 12/27/2009 - 20:15

Tags

"All of this information was already known by airport security personnel. Any one of these behaviors is a "red flag" to airline security indicating an increased potential for terrorist behavior. Taken together, all of these "red flags" are sufficient to be added to an international "no fly" list."

No, they are NOT sufficient for 'no fly' list. We shouldn't have no-fly lists AT ALL, exactly because they don't work.

If you try to be very restrictive, such people will slip through cracks. If you try to be very aggressive, then watch list will be littered with false positives.

There's no way they can work.

Don't forget that new mothers were forced to drink their own breast milk meant for their babies due to this security requirement.

Breast milk is that dangerous?! Why don't they set up a breast milk removal station, where the boobs are emptied? The officials must to be highly trained to make sure they get all milk. When necessary they shall be authorized to squeeze hard, and use their own lips.

They've won. The terrorists have won. They wanted us in the West to suffer, to destroy our freedom, our way of life, and they have done just that.

With each new stupid rule brought in by our "officials" there's another nail in the coffin for our freedom.

Don't our politicians see that?

Did Obama actually proposed naked travel or was your title constructed to rouse indignance?

I thing such incidents take place to the least attention of the security, and no need of more security.

Oh, and need I mention that every pervert and misogynist will immediately leave the Catholic priesthood to receive training as a body scan screener at their local airport?

And yet you've managed to be far more insulting in one sentence than any 'body screen' could be. I certainly hope you were being hyperbolic with...

Well. Nearly everything you just said, because you're sounding just as ridiculous as you're claiming Obama's proposals are.

First, 'never mind' is two words, not one. 'Nevermind' is the name of a famous Nirvana album. But not a word.

Second, most of what you accuse Obama of doing in this post was either (a) not done, or (b) not done by Obama.

It's maddening. It's a state dept/embassy oversight (didn't the guy's father contact them with concerns about his son's extremism?), an airline security issue (2,000 cash for a ticket without luggage?) and an airport security issue - in Lagos and Amsterdam. But it's your every day American - the flying public - that has to pay. With all due respect, I think we're solving the wrong problem.

Whether Obama, or anyone else, actually proposed we should travel in the nude, they should have done! We should do everything in the nude. And if we did we'd all be a lot better adjusted, better in tune with our bodies, less freaked at talking to medics, and more knowledgeable about how things work. That has to be good as it would reduce incidence of undiagnosed serious illness, reduce hang-ups and also reduce teenage/unwanted pregnancies.

One thing missing one thing off the list of things we'd be if we did everything in the nude - colder!

Curiously, this biased political rant is posted on a science blog. Not much scientific method apparent in the author's assumption of facts, nor are the conclusions based on logical analysis.

Your profiling suggestions are off base. Nigerians routinely keep cash and buy things with cash. You would, too, if your country's currency devaluated like a West African currency. Moreover, $2000 is around the going rate for a Nigeria-US ticket. It's a large sum of cash in Nigeria, but among the elites of Nigeria with London houses it is no big deal to spend that kind of money on flying. If you want to bar people with this kind of profile you are going to bar most of the (wealthy) West Africans who like to fly. Good luck with that. Flying without luggage is not some kind of crime, either.

The embassy gets a lot of reports about a lot of things. Other than creating a file and putting someone on a watch list, there is not much else they can do. Do you expect the US embassy to arrest Nigerians in Nigeria on the mere suspicion that they MAY have extremist views? Do you have any idea how much of Africa that includes!?!?

Why not let him on the plane? It's not good enough just that he is a black, or a Muslim, or a Nigerian, or that he did not check a bag. Fundamentally, the reason not to let him on is because he has explosives sewn into his underwear. But how can we detect that without actually searching anybody?

The inviolability of your stupid panties to x-rays hardly trumps the rights of all Africans to fly, and your suggestion hardly addresses the problem of people bringing explosives onto planes.

Mam, why dont you stop flying if you are so worried of your privacy and perverts ? Some people like me rather be alive than dead and private.

Will wonders never cease. Not only do I, as a libertarian no less, agree with everything you say (which is somewhat unusual), but the majority of the comments think you are being unreasonable? So very strange...

The problem doesn't need more security measures. It's just that existing, reasonable (and that don't involve stupid things like absurd liquid restrictions) security measures need to actually be followed! They're often not, even here in the US. A friend who collects various sorts of weaponry flew this summer and at her destination realized she had both one of her knives and a gun clip, and she'd gone through two security stations. It's nuts the kind of very basic stuff that gets through security while completely innocent people get harassed.

freedom: indeed. sad, but very true.

Stephen Downes: i am a seattle native, and was a fan of nirvana before the world knew of their existence, so i am entitled to take the name of their most famous album in vain. furthermore, 'nevermind' appears in my online dictionary, so using that criterion, it IS a word.

Bob's Big Brother: my freezing appendages agree with your observation.

MDTaz: i agree. by increasing airline security precautions, the authorities are reducing average americans' desire to travel, especially abroad. this means that americans will develop ever more insular ideas and less tolerant views of other people and nations. not only is this damaging to american intellectual and cultural lives, but it is very unsafe for the rest of the world.

andy: you make a false (and laughable) dichotomy by stating that we need to choose between either having strangers sniffing our underwear or surviving a flight to visit to aunt martha.

firebyrd: i am not a libertarian by any stretch of the imagination, but i am practical and i do think that part of being an american involves protecting people's civil rights. it is silly to throw more money and technology at this problem and to further destroy our civil rights before we've fully invested our money and technology into using existing -- and less invasive -- methods of identifying potential terrorists.

Be aware--No terrorist group has started to have the bomber have surgery and inplant the bomb inside their body. you might not even see the scars. The terrorist are winning by us good people getting restricted opon. We need to restrict flights from countries that allow people to buypass securites checkpoints like this one did.

Understanding that the within three weeks to be installed full body scan at Amsterdam Schiphol Airport cannot detect weapons inside the body, and accepting that the Al Qaeda terrorists have the same habit as non-terrorist people, in a sense that they learn from past experiences and that they adapt to new technological innovations as the full body scan, effectively putting the chemicals inside their bodies (they are going to die anyway), it is unbelievable that the Dutch Minister of Interior Affairs, a social democrat notably, has taken this decision. The above mentioned simple logic is easily and convincingly passed over to the public on tv within one minute. I know the Dutch social democrats are hurt by continuous political attacks by the small right, and that I can imagine the pressure from political America being high in this case, but I feel that the public would have understood the logic. It seems like a weak decision of Minister Ter Horst.

hmmm, I have 36" long locks and get targeted for secondary screening routinely even though I carry DC government ID, and a background check would reflect time spent in counter-terrorism with the British military- when I ask, TSA quite often admits I was profiled because of my locks even though they are supposed to be concentrating on micro-expression recognition and those apparently innocent general questions like "how was your trip" etc. (the answers for which don't matter because they are trying to elicit micro-expressions to interpret) but before any questions or other screening, my locks draw then to the same assumptions...

in fact I was not stopped three days ago traveling from Florence to Tampa, but the only passenger who was, had locks... but then this morning I did get stopped in Tampa (on the return half of a known domestic trip) and agreed to the MMW whole body scan procedure but I felt that that whole body imaging was not a violation of my privacy nor invasive (images cannot be printed, stored, or transmitted, and are then permanently deleted- in fact, the viewer can't even see the actual person who is being screened [faces get blurred] to correlate image with person), it's simply security screening at a time when so many items like knives, catridges, etc. are often mistakenly left in our luggage and get missed...

But the real issue was not the scan but the profiling- if everyone went through that sort of screening, claims and perceptions of discrimination would have no ammunition and TSA and the US government could rest easy on that score, however they would also be continuing to tackle this whole thing the wrong way by trying to guess "target and tactic" instead of proactively gathering (or as in this case, acting upon) intelligence

Let us not forget that TSA does not hire the cream of the crop to begin with. I flew on Christmas day, and all the TSA agents were goofing off, not really paying attention, and having an involved discussion of what men's cologne's were essential to have, including the person checking the bags on the xray screen. The technological "fix" is fairly useless if the operators of that fix are goofing off as if it were the last day before winter break in elementary school...

Yuck! This coffee tastes like poison!

revere — Wed, 28 Oct 2009 05:47:36 +0000

Yuck! This coffee tastes like poison!

Medical institutions in the US northeast have always been competitive, and Harvard has always been toward the top of the list in that category. I don't mean just competitive to get into. I mean competitive, period. I went to another big research medical school in the northeast in the sixties and we used to joke that at Harvard if someone put on his dorm light (it was pretty male in those days) in the middle of the night to go to the bathroom, all the other lights on the floor would go on, too, on the theory someone was getting ahead of them. Put that down to prestige envy, perhaps, but as a resident of the northeast I can attest that the whole region is a pressure cooker, even more so for academics. Whenever we travel to other parts of the country it takes us a couple of weeks to decompress, and then we marvel at how much slower -- read that saner -- the pace of life is elsewhere. I mention this because it was the first thing that crossed my mind when I read in Nature magazine's blog, The Great Beyond, about what looks to be the intentional poisoning of six Harvard researchers via the water reservoir in a single-serve espresso machine. The agent was a common preservative found in many labs, sodium azide:

When Lidia Bosurgi, a 25-year-old Harvard Medical School doctoral student from Italy, took a sip of coffee Aug. 26 during a research break, she immediately knew something was strange.
First, she noticed the java tasted odd, then she felt burning in her throat and her ears began ringing.

“I had just a sip of the coffee and my blood pressure went down and I had all the symptoms that I was fainting,” she said in a Herald interview two weeks ago.

It wasn’t until weeks later that she would learn the cause of her symptoms: sodium azide, a toxin often compared with cyanide and commonly used in medical laboratories as a preservative.

Bosurgi, who declined to speak to the Herald when called back yesterday for a follow-up interview, was one of six researchers, students and doctors who fell ill in Harvard’s pathology department after drinking from the same coffee machine that day. She and her colleagues were all sent to the emergency room, at least one stayed overnight after passing out.(Boston Herald)

Yikes. So what is sodium azide? It's a pretty simple molecule, formula NaN₃ and has some amusing properties other than being a novel way to flavor coffee. Contact with metal makes it explode (not a good thing to dump down the drain), as does heating it to 300 degrees C. The latter property is used in your car to make the airbags inflate -- explosively. When you hit something it triggers an igniter and the sudden conversion of those three nitrogens in the salt to nitrogen gas inflates the airbag in 50 milliseconds. Outside of airbags, it is usually found in the form of easily dissolved white crystals. Its poisonous properties come from its ability to knock out cytochrome c oxidase by binding competitively to its heme moietie like carbon monoxide or cyanide. Cytochrome c oxidase is the last step in the mitochondrion's bucket brigade system of transferring an electron from a food to the final acceptor, oxygen. When you knock out cytochrome oxidase, in essence the cell asphyxiates even though there is plenty of oxygen. It affects human cells that way, but also bacteria and fungi, so it is used in laboratories as a biocide in reagents and stock solutions to prevent growth of gram-negative bacteria. It's also used for pest control in agriculture.

So how did it get in the coffee?

A Harvard Medical School spokesman says university police are trying to determine whether the coffee was intentionally or accidentally tainted.

David Benjamin, PhD, a Chestnut Hill toxicologist, says it appears to him to have been intentional. "You would have to take the chemical and add the chemical to the reservoir in the coffee maker," says Benjamin who consults in legal cases. "It's a remote possibility that it's accidental," he says. (WBZ-TV, Boston)

Remote or not, it could have been an accident. If it was in the water reservoir, the most likely way for this to happen was that a container that had sodium azide residue or a small amount of stock solution in it was used to fill the reservoir with water. Possible. But now the going theory is that it was foul play. Perhaps it was an attack on someone known to use the common room's coffee machine. Or some malicious attack on the lab or the institution.

Or maybe just another way to gain that ever important competitive edge.

revere Wed, 10/28/2009 - 01:47

Tags

Academia

safety

Security

I seem to remember hearing of a case at the NIH in Bethesda in the mid-90s where someone contaminated a water cooler with a radio-isotope (some info in this article). When I worked in NIH Building 10 a few years later (97-98) there were no water coolers in any of the research areas of Building 10 (the Clinical Center}, and several people told me they had all been banned after the incident. Apparently the investigation never got to the bottom of who had done it or why.

Oops - link got scrambled:

http://jnm.snmjournals.org/cgi/reprint/37/6/15N.pdf

I'm glad I don't drink coffee.

Austin @1: Wow. Talk about closing the barn door after the horse is out.

Is there any chance someone might have stuck it in the reservoir to stop algal growth in the tank? Either someone with technical knowledge who was having a bad day (or got interrupted in the middle of cleaning the machine), or a cleaner who misunderstood a label?

stripey_cat: Possible but sort of unlikely. But never underestimate human stupidity.

Someone tried that with coffee and acrylamide, a neurotoxin, with David Katz. Talk about competitive, Katz will do anything for a paper. After he got out of the hospital, he wrote a paper about it.

Once at UCSF, a female postdoc walked in front of a geiger counter. No big deal but the counter went crazy. She was loaded with a radioactive isotope....

Once in Toronto,...oh forget it, these incidents happen every few years. I've never heard of them tracking down the perpetrators.

it is important to know whether a means for introduction other than the coffee machine could have been involved here --

given the characteristics of this substance, perhaps it could have been introduced into to an open container of sugar or powdered coffee creamer rather than through the coffee

Modern Fear, Modern Security

ejohnson — Thu, 08 Oct 2009 11:24:11 +0000

Modern Fear, Modern Security

What moves human beings to innovate measures of security? History will tell us that the most inventive and industrious times are fraught with warfare, uncertainty, and widespread fear. Greg Laden, a longtime ScienceBlogger, helps tackle this topic this month on the new Collective Imagination blog with Peter Tu, a systems design engineer who has developed algorithms for the FBI Automatic Fingerprint Identification System, and is the principle investigator for the ReFace Program at the Visualization and Computer Vision Group at the GE Global Research Center. Greg and Peter discuss the important relationship between your browser's cookies and your web-surfing experience, the Internet Worm's deadliest enemy, parallel cultural responses to fear-driven security, and the "knee-jerkiness" behind cultural elements of security, particularly in the post-9/11 world.

ejohnson Thu, 10/08/2009 - 07:24

Tags