Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.folklore.computers > #148047 > unrolled thread

Re: The joy of simplicity?

Back to article view | Back to alt.folklore.computers

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-08 00:27 -0300
    Re: The joy of simplicity? Anne & Lynn Wheeler <lynn@garlic.com> - 2015-07-08 09:32 -0700
      Re: The joy of simplicity? "ratsack" <ratgsack281@nospam.com> - 2015-07-10 05:28 +1000
    Re: The joy of simplicity? hancock4@bbs.cpcn.com - 2015-07-08 09:54 -0700
      Re: The joy of simplicity? scott@slp53.sl.home (Scott Lurndal) - 2015-07-08 17:43 +0000
      Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-08 15:48 -0300
        Re: The joy of simplicity? hda <agent700@ay.invalid> - 2015-07-08 22:03 +0200
          Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-09 03:14 -0300
            Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-09 07:38 +0000
            Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-09 17:40 +0000
            Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-09 16:32 -0300
            Re: The joy of simplicity? "ratsack" <ratgsack281@nospam.com> - 2015-07-10 05:35 +1000
            Re: The joy of simplicity? Mike Spencer <mds@bogus.nodomain.nowhere> - 2015-07-09 16:51 -0300
            Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-10 00:50 +0100
              Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-10 00:27 +0000
                Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-10 16:36 +0000
                  Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-10 19:01 +0100
                    Re: The joy of simplicity? Stephen Sprunk <stephen@sprunk.org> - 2015-07-10 13:13 -0500
                  Re: The joy of simplicity? Stephen Sprunk <stephen@sprunk.org> - 2015-07-10 13:20 -0500
                  Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-10 18:59 +0000
                    Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-10 21:08 +0100
                      Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-11 00:42 +0200
                        Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-11 20:47 +0100
                          Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-12 12:53 +0000
                            Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-13 05:40 +1000
                              Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-14 12:02 +0000
                                Re: The joy of simplicity? Andrew Swallow <am.swallow@btinternet.com> - 2015-07-14 13:32 +0100
                                  Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-15 12:19 +0000
                                    Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-15 12:31 +0000
                                      Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-17 05:49 +1000
                                        Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-17 18:43 +0200
                                          Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-19 09:01 +1000
                                            Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-19 13:25 +0000
                                              Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-20 06:20 +1000
                                                Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-20 13:29 +0000
                                                  Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-20 15:26 +0000
                                                    Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-21 12:53 +0000
                                                  Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-21 05:52 +1000
                                          Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-19 09:49 +1000
                                          Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-19 13:25 +0000
                                            Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-19 18:15 +0200
                                              Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-20 13:29 +0000
                                                Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-21 05:49 +1000
                                            Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-20 06:38 +1000
                                          Re: The joy of simplicity? jmfbahciv <See.above@aol.com> - 2015-07-20 13:29 +0000
                                            Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-21 05:55 +1000
                        Re: The joy of simplicity? "Hank" <hfd543@nospam.com> - 2015-07-12 06:00 +1000
                    Re: The joy of simplicity? Morten Reistad <first@last.navn> - 2015-07-11 00:38 +0200
                  Re: The joy of simplicity? "Charles Richmond" <numerist@aquaporin4.com> - 2015-07-10 15:27 -0500
                    Re: The joy of simplicity? Dave Garland <dave.garland@wizinfo.com> - 2015-07-11 00:18 -0500
                      Re: The joy of simplicity? "Rod Speed" <rod.speed.aaa@gmail.com> - 2015-07-11 19:22 +1000
                  Re: The joy of simplicity? Gene Wirchenko <genew@telus.net> - 2015-07-10 17:53 -0700
                    Re: The joy of simplicity? "Osmium" <r124c4u102@comcast.net> - 2015-07-10 22:22 -0500
                      Re: The joy of simplicity? Gene Wirchenko <genew@telus.net> - 2015-07-10 23:39 -0700
            Re: The joy of simplicity? simon@twoplaces.co.uk (Simon Turner) - 2015-07-10 08:27 +0100
      Re: The joy of simplicity? Peter Flass <peter_flass@yahoo.com> - 2015-07-09 00:29 +0000
        Re: The joy of simplicity? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2015-07-09 07:38 +0000
    Re: The joy of simplicity? Daiyu Hurst <daiyu.hurst@gmail.com> - 2015-07-08 12:57 -0700

Page 1 of 3  [1] 2 3  Next page →

#148047 — Re: The joy of simplicity?

hancock4@bbs.cpcn.com writes:

> On Sunday, February 22, 2015 at 2:49:05 PM UTC-5, gareth wrote:
> 
>> Oh, to have the simplicity of CP/M on a PC, with the
>> processor speeds and oodles of storage of today!
> 

> Now that this thread has been reactivated, I'll say that I wish
> programs wouldn't execute on a PC unless explicitly commanded by the
> user.  (Also, a much simpler O/S).  None of this open and run
> automatically, which makes it so easy for malware to its thing.

What he said!  And add to it those huge hairballs of code (such as a
browser) that go out and do stuff *on the net* without your knowledge,
let alone your authorization.  Apps that call home, distribute data or
store it in the cloud^H^H^H^H^H smog because the authors want to
engineer "improved user experience" [blech] keep me busy (if not
exactly entertained) tinkering with firewall details to prevent it.

Twent-five years ago, Nicholas Negroponte was keen on autonomous
intelligent agents, bits of software that would go "out on the net"
and do useful things for you, a la _Shockwave Rider_.  Wait!  Who's
going to agree to allow such bits of *your* code into *their* machines?

Um, well, now we all do in the form of javascript, written by web
turkeys^H^H^H^H^H^H^H designers, that can do all sorts of obnoxious
stuff while you're reading the news or whatever.  But it's not *your*
agent, it's some corporate entity's agent, doing something *that*
entity finds useful.  Programs that launch automatically and hairballs
that do their own thing while you're not looking are similar agents.
And they're not your agents nor mine.	 Feh.

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [next] | [standalone]

#148072

Andrew Swallow <am.swallow@btinternet.com> writes:
> The one organisation that can bring this under control is the
> Department of Defence. It needs much improved protection from
> hacking. Many of its hostile hackers are spies working for foreign
> governments. Computer security requires the DOD to start with
> operating systems designed to be defend against attacks.


Home Depot Has Better Cyber Security Than 25 US Defense Contractors
http://www.defenseone.com/technology/2015/07/home-depot-has-better-cyber-security-25-us-defense-contractors/116995/
Pentagon Contractors Rank Below Retailers and Banks When it Comes to
Cybersecurity
http://www.fedcyber.com/2015/07/06/pentagon-contractors-rank-below-retailers-and-banks-when-it-comes-to-cybersecurity/
Pentagon Contractors Rank Below Retailers and Banks When it Comes to
Cybersecurity
http://www.nextgov.com/cybersecurity/2015/07/pentagon-contractors-ranked-below-retailers-and-banks-when-it-comes-cybersecurity/116899/
Pentagon Contractors Ranked Below Retailers and Banks When it Comes to
Cybersecurity
http://www.fedcyber.com/2015/07/06/pentagon-contractors-ranked-below-retailers-and-banks-when-it-comes-to-cybersecurity/

and x-over from
http://www.garlic.com/~lynn/2015f.html#21 Credit card fraud solution coming to America...finally


early as 2007
http://nextbigfuture.com/2015/01/confirmation-that-china-stole-f35-f22.html
Chinese Hackers Score F-35, Black Hawk Chopper, and PATRIOT Missile Data
http://www.dailytech.com/Chinese+Hackers+Score+F35+Black+Hawk+Chopper+and+PATRIOT+Missile+Data/article31638.htm
Stolen F-35 Secrets Now Showing Up in China's Stealth Fighter; Design
data on F-35 stolen in 2007
http://freebeacon.com/national-security/stolen-f-35-secrets-now-showing-up-in-chinas-stealth-fighter/
New fear: Worm that ransacked US military PCs was blueprint for spies'
super-malware; Secret stealer spawned spooks' snoop stooge, it seems
http://www.theregister.co.uk/2014/03/12/cyber_espionage_daddy/ Stolen
F-35 Secrets Showing Up In China's Stealth Fighter
http://warnewsupdates.blogspot.com/2014/03/stolen-f-35-secrets-showing-up-in.html
Officials: Chinese Spying Helped Develop Stealth Jet
http://www.newsmax.com/newsfront/china-cyberspying-f-35-stealth-jet/2014/03/13/id/559402/
New Chinese stealth jet built with stolen F-35 component designs
http://rt.com/news/chinese-jet-cyber-espionage-stolen-718/ Chinese
Stealth Fighter Operating With Stolen U.S. Technology
http://www.theblaze.com/stories/2014/03/13/chinese-stealth-fighter-operating-with-stolen-u-s-technology/

more gov. Cyber Dumb

Government Software Project Failure
http://defense.about.com/od/prodinnovate/a/Government-Software-Project-Failures.htm
World's Biggest 'Agile' Software Project Close To Failure
http://news.slashdot.org/story/13/05/25/139218/worlds-biggest-agile-software-project-close-to-failure
The scariest software project horror stories of 2012
http://www.computerworld.com/s/article/9234581/The_scariest_software_project_horror_stories_of_2012
Billion-Dollar Flop: Air Force Stumbles on Software Plan
http://www.nytimes.com/2012/12/09/technology/air-force-stumbles-over-software-modernization-project.html?_r=0
Opinion: Does the Pentagon give contractors an incentive for slow R&D?
http://www.aviationweek.com/Article.aspx?id=/article-xml/AW_02_24_2014_p16-664173.xml
NSA director calls for stronger strategy to deter cyberattacks
http://www.washingtonpost.com/world/national-security/nsa-director-calls-for-stronger-deterrent-strategy-to-oppose-cyberattacks/2014/02/27/aabd3d92-9fd4-11e3-a050-dc3322a94fa7_story.html
Army Unit to Intel Center: DCGS Doesn't Work
http://www.dodbuzz.com/2014/03/23/army-unit-to-intel-center-dcgs-doesnt-work/
The Pentagon Spent $2.7 Billion on an Intelligence System That Doesn't
Work
http://www.thewire.com/politics/2014/03/pentagon-spent-27-billion-intelligence-system-doesnt-work/359319/
$2.7 Billion Later, the Army's Intelligence-Sharing Computer System
Still Doesn't Work
http://www.popsci.com/technology/article/2011-07/27-billion-later-army%E2%80%99s-intelligence-sharing-computer-system-still-doesn%E2%80%99t-work
Exclusive: Pentagon Withholds Internal Report About Flawed $2.7 Billion
Intel Program
http://www.foreignpolicy.com/articles/2014/03/18/exclusive_pentagon_withholds_report_2.7_billion_intel_program
International Engagement on CYBER 2014
http://lsgs.georgetown.edu/events/InternationalEngagementonCyber2014
Commander: U.S. Military Not Ready for Cyber Warfare; Gen. Alexander
tells Senate threat of major cyber attacks is growing
http://freebeacon.com/national-security/commander-u-s-military-not-ready-for-cyber-warfare/

-- 
virtualization experience starting Jan1968, online at home since Mar1970

[toc] | [prev] | [next] | [standalone]

#148156

"Andrew Swallow" <am.swallow@btinternet.com> wrote in message 
news:V6SdnVBI9pRb9gPInZ2dnUU78QmdnZ2d@giganews.com...
> On 08/07/2015 17:32, Anne & Lynn Wheeler wrote:
>> Andrew Swallow <am.swallow@btinternet.com> writes:
>>> The one organisation that can bring this under control is the
>>> Department of Defence. It needs much improved protection from
>>> hacking. Many of its hostile hackers are spies working for foreign
>>> governments. Computer security requires the DOD to start with
>>> operating systems designed to be defend against attacks.
>>
>>
>> Home Depot Has Better Cyber Security Than 25 US Defense Contractors
>> http://www.defenseone.com/technology/2015/07/home-depot-has-better-cyber-security-25-us-defense-contractors/116995/
>> Pentagon Contractors Rank Below Retailers and Banks When it Comes to
>> Cybersecurity
>> http://www.fedcyber.com/2015/07/06/pentagon-contractors-rank-below-retailers-and-banks-when-it-comes-to-cybersecurity/
>> Pentagon Contractors Rank Below Retailers and Banks When it Comes to
>> Cybersecurity
>> http://www.nextgov.com/cybersecurity/2015/07/pentagon-contractors-ranked-below-retailers-and-banks-when-it-comes-cybersecurity/116899/
>> Pentagon Contractors Ranked Below Retailers and Banks When it Comes to
>> Cybersecurity
>> http://www.fedcyber.com/2015/07/06/pentagon-contractors-ranked-below-retailers-and-banks-when-it-comes-to-cybersecurity/
>>
>> and x-over from
>> http://www.garlic.com/~lynn/2015f.html#21 Credit card fraud solution 
>> coming to America...finally
>>
>>
>> early as 2007
>> http://nextbigfuture.com/2015/01/confirmation-that-china-stole-f35-f22.html
>> Chinese Hackers Score F-35, Black Hawk Chopper, and PATRIOT Missile Data
>> http://www.dailytech.com/Chinese+Hackers+Score+F35+Black+Hawk+Chopper+and+PATRIOT+Missile+Data/article31638.htm
>> Stolen F-35 Secrets Now Showing Up in China's Stealth Fighter; Design
>> data on F-35 stolen in 2007
>> http://freebeacon.com/national-security/stolen-f-35-secrets-now-showing-up-in-chinas-stealth-fighter/
>> New fear: Worm that ransacked US military PCs was blueprint for spies'
>> super-malware; Secret stealer spawned spooks' snoop stooge, it seems
>> http://www.theregister.co.uk/2014/03/12/cyber_espionage_daddy/ Stolen
>> F-35 Secrets Showing Up In China's Stealth Fighter
>> http://warnewsupdates.blogspot.com/2014/03/stolen-f-35-secrets-showing-up-in.html
>> Officials: Chinese Spying Helped Develop Stealth Jet
>> http://www.newsmax.com/newsfront/china-cyberspying-f-35-stealth-jet/2014/03/13/id/559402/
>> New Chinese stealth jet built with stolen F-35 component designs
>> http://rt.com/news/chinese-jet-cyber-espionage-stolen-718/ Chinese
>> Stealth Fighter Operating With Stolen U.S. Technology
>> http://www.theblaze.com/stories/2014/03/13/chinese-stealth-fighter-operating-with-stolen-u-s-technology/
>>
>> more gov. Cyber Dumb
>>
>> Government Software Project Failure
>> http://defense.about.com/od/prodinnovate/a/Government-Software-Project-Failures.htm
>> World's Biggest 'Agile' Software Project Close To Failure
>> http://news.slashdot.org/story/13/05/25/139218/worlds-biggest-agile-software-project-close-to-failure
>> The scariest software project horror stories of 2012
>> http://www.computerworld.com/s/article/9234581/The_scariest_software_project_horror_stories_of_2012
>> Billion-Dollar Flop: Air Force Stumbles on Software Plan
>> http://www.nytimes.com/2012/12/09/technology/air-force-stumbles-over-software-modernization-project.html?_r=0
>> Opinion: Does the Pentagon give contractors an incentive for slow R&D?
>> http://www.aviationweek.com/Article.aspx?id=/article-xml/AW_02_24_2014_p16-664173.xml
>> NSA director calls for stronger strategy to deter cyberattacks
>> http://www.washingtonpost.com/world/national-security/nsa-director-calls-for-stronger-deterrent-strategy-to-oppose-cyberattacks/2014/02/27/aabd3d92-9fd4-11e3-a050-dc3322a94fa7_story.html
>> Army Unit to Intel Center: DCGS Doesn't Work
>> http://www.dodbuzz.com/2014/03/23/army-unit-to-intel-center-dcgs-doesnt-work/
>> The Pentagon Spent $2.7 Billion on an Intelligence System That Doesn't
>> Work
>> http://www.thewire.com/politics/2014/03/pentagon-spent-27-billion-intelligence-system-doesnt-work/359319/
>> $2.7 Billion Later, the Army's Intelligence-Sharing Computer System
>> Still Doesn't Work
>> http://www.popsci.com/technology/article/2011-07/27-billion-later-army%E2%80%99s-intelligence-sharing-computer-system-still-doesn%E2%80%99t-work
>> Exclusive: Pentagon Withholds Internal Report About Flawed $2.7 Billion
>> Intel Program
>> http://www.foreignpolicy.com/articles/2014/03/18/exclusive_pentagon_withholds_report_2.7_billion_intel_program
>> International Engagement on CYBER 2014
>> http://lsgs.georgetown.edu/events/InternationalEngagementonCyber2014
>> Commander: U.S. Military Not Ready for Cyber Warfare; Gen. Alexander
>> tells Senate threat of major cyber attacks is growing
>> http://freebeacon.com/national-security/commander-u-s-military-not-ready-for-cyber-warfare/
>>
>
> If you want to make a major change the back is a good place to start from.
>
> The right ten people should be able to produce a good but basic operating 
> system in 3-4 years. So the pilot development would cost about
> 10 * 4 * $200,000 = $8,000,000

It wouldn’t take anything like that to start with linux and strip out what 
you don’t like.

> Email with built in encryption, web browser, word processor and spread 
> sheet are needed.

You need a lot more than just that.

Civil servants will also need a form handling front
> end to a distributed database.

Not just civil servants.

No macro handlers, compilers or
> interpreters. These can be developed by a different teams.

 

[toc] | [prev] | [next] | [standalone]

#148079

On Tuesday, July 7, 2015 at 11:27:57 PM UTC-4, Mike Spencer wrote:

> Um, well, now we all do in the form of javascript, written by web
> turkeys^H^H^H^H^H^H^H designers, that can do all sorts of obnoxious
> stuff while you're reading the news or whatever.  But it's not *your*
> agent, it's some corporate entity's agent, doing something *that*
> entity finds useful.  Programs that launch automatically and hairballs
> that do their own thing while you're not looking are similar agents.
> And they're not your agents nor mine.	 Feh.

Yes, indeed.

Advocates of fancy automation say it helps the user experience.  But in reality it helps marketers sell more goods.

For instance, just the day there was an article about malware exploiting FlashPlayer.  Do we really need the Flash Player at all?  No, we do not.  Even if we did, its functionality could be far more limited, eliminating the chance of malware being attached to it or exploiting it.  Other articles point to automated modern systems being hijacked.  It's amazing security people can keep track of all this stuff; but unfortunately, they learn about it after the fact.

[toc] | [prev] | [next] | [standalone]

#148082

hancock4@bbs.cpcn.com writes:
>On Tuesday, July 7, 2015 at 11:27:57 PM UTC-4, Mike Spencer wrote:

>For instance, just the day there was an article about malware exploiting Fl=
>ashPlayer.  Do we really need the Flash Player at all?  No, we do not.  Eve=
>n if we did, its functionality could be far more limited, eliminating the c=
>hance of malware being attached to it or exploiting it.  Other articles poi=
>nt to automated modern systems being hijacked.  It's amazing security peopl=
>e can keep track of all this stuff; but unfortunately, they learn about it =
>after the fact.

If you're running firefox, go ahead and disable flash, and you'll find
that many, many sites use it without embedded video.  That's because
flash provides persistent local storage which _aren't_ cookies which
can be used for tracking purposes.

[toc] | [prev] | [next] | [standalone]

#148091

hancock4@bbs.cpcn.com writes:

> On Tuesday, July 7, 2015 at 11:27:57 PM UTC-4, Mike Spencer wrote:
> 
>> Um, well, now we all do in the form of javascript, written by web
>> turkeys^H^H^H^H^H^H^H designers, that can do all sorts of obnoxious
>> stuff while you're reading the news or whatever.  But it's not *your*
>> agent, it's some corporate entity's agent, doing something *that*
>> entity finds useful.  Programs that launch automatically and hairballs
>> that do their own thing while you're not looking are similar agents.
>> And they're not your agents nor mine.	 Feh.
> 
> Yes, indeed.
> 
> Advocates of fancy automation say it helps the user experience.

Just setting up a Linux laptop to carry out to less secure venues than
home.  Start Firefox while off line.  Steady stream of outbound
traffic hammering eth0.  So, what's going on?

Ohhhh, yeah.  FF has scanned my home page, an HTML file on localhost, and
is doing DNS prefetch on each of the many URLs it finds there.  Have
to do arcane juju to make it stop.

Shpx!  Apparently FF may prefetch a whole page on its own initiative,
too.  How secure is that?  Your software accesses data on the net
solely because a pointer to that data happens to have been present in
*other* data?  What could go wrong?

> But in reality it helps marketers sell more goods.

Ghod nose.  Some things defy explanation on that basis, defaulting to
"Some dev's egocentric whim" followed by "User would be confused if we
made a way for him to turn it off."


-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [next] | [standalone]

#148099

On 08 Jul 2015 15:48:59 -0300, Mike Spencer 

...

>... "User would be confused if we made a way for him to turn it off."

Had a look see from [*http://about:config*] ?

[toc] | [prev] | [next] | [standalone]

#148112

hda <agent700@ay.invalid> writes:

> On 08 Jul 2015 15:48:59 -0300, Mike Spencer 
> 
> ...
> 
>>... "User would be confused if we made a way for him to turn it off."
> 
> Had a look see from [*http://about:config*] ?

Yes.  That was the "arcane juju" to which I referred.  How about a
nice ASCII text file in which I can search for "network:dnsPrefetch"
instead of a tedious interactive UI with its own usage rules
referencing an unreadable database?  Not to mention that the entries
in about:config are mostly obscure in the extreme.

And that's just whst I hit while getting things going.  The newer
FFoxen force you to about:config to disable js else you have to fetch
and install 3rd party extras to do it magically.  So I'm going to have
to deal with that.

Agreed, the now-canonical user thinks "the net" is identical with "the
web" and just wants to use all the chrome now available on port 80,
social media and video.  In fact,a substantial tranche of users says,
"I don't use the internet but I'm on Facebook all the time." (!? True,
gfy.) 

I want to disable, in a browser and at least intermittently, pretty
much *everything* that's been added since about the FF 3, Netscape
4.76 era.  Okay, I'm an eccentric but I know there are lotsa other
folks who have approximately the same perspective.

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [next] | [standalone]

#148120

On 2015-07-09, Mike Spencer <mds@bogus.nodomain.nowhere> wrote:

> I want to disable, in a browser and at least intermittently, pretty
> much *everything* that's been added since about the FF 3, Netscape
> 4.76 era.  Okay, I'm an eccentric but I know there are lotsa other
> folks who have approximately the same perspective.

Sounds like a plan.  I'm not quite so advanced - I left Firefox
for Seamonkey when release 29 changed the UI in ways I don't like.

-- 
/~\  cgibbs@kltpzyxm.invalid (Charlie Gibbs)
\ /  I'm really at ac.dekanfrus if you read it the right way.
 X   Top-posted messages will probably be ignored.  See RFC1855.
/ \  HTML will DEFINITELY be ignored.  Join the ASCII ribbon campaign!

[toc] | [prev] | [next] | [standalone]

#148144

On 2015-07-09, lawrence@cluon.com <lawrence@cluon.com> wrote:

> Mike Spencer <mds@bogus.nodomain.nowhere> writes:
>
>>>>... "User would be confused if we made a way for him to turn it off."
>>> 
>>> Had a look see from [*http://about:config*] ?
>>
>> Not to mention that the entries
>> in about:config are mostly obscure in the extreme.
>
> So, what you are saying, in essence is "This user IS confused that they
> made a way for him to turn it off"

I think it's more like: "It'll look good if we offer an option to
turn it off, but we really don't want the user to do that, so we'll
make it sufficiently difficult that he won't bother trying."

-- 
/~\  cgibbs@kltpzyxm.invalid (Charlie Gibbs)
\ /  I'm really at ac.dekanfrus if you read it the right way.
 X   Top-posted messages will probably be ignored.  See RFC1855.
/ \  HTML will DEFINITELY be ignored.  Join the ASCII ribbon campaign!

[toc] | [prev] | [next] | [standalone]

#148157

hancock4@bbs.cpcn.com writes:

> On Thursday, July 9, 2015 at 2:15:06 AM UTC-4, Mike Spencer wrote:
> 
>> I want to disable, in a browser and at least intermittently, pretty
>> much *everything* that's been added since about the FF 3, Netscape
>> 4.76 era.  Okay, I'm an eccentric but I know there are lotsa other
>> folks who have approximately the same perspective.
> 
> Unfortunately, if you disable stuff, most websites simply won't work,
> or even won't let you access them.  If you have an old version of
> I/E, there are sites that block you from entering.

For idiosyncratic values of "most". I use an old browser with no js,
no IFRAMEs, no java and, because of its age, impaired HTTPS.  
Occasionally I hit a site that won't work at all.  I resort to a newer
browser for Google Maps and, just recently, since it went all-HTTPS,
for Wikipedia. Until recently, I seem to have gotten along fine with a
negligible value of "most".

That's another thorn in the oinkment [sic].  When security credential
and encryption algorithms are built in to the browser, you have to
keep updating the your browser to capture them.


> In another situation, when one accesses the Windows Task Manager, 
> there are numerous "processes" running.  The lay user can't touch
> any of them without risking serious screwup.  But some of those
> processes may be malware.  Do we really need all of those "processes"?

Not usually a problem with Linux.  But on a recent install of
Slackware 14.1, I've noticed that httpd seems to be spending a lot of
time active on an idle machine not connected to the net. An older
version on an older kernel doesn't do that. Killing httpd doesn't
cause any problem. Well, except that then I can't, of course, access
httpd on localhost.

> (They also eat up CPU cycles and disk space, forcing one to have a
> high horsepower computer, and to replace it periodically to keep up
> with the bloat.  While computers today aren't that expensive, it's
> still some serious money ($750 to me is serious), plus the inconvenience
> of transferring files, learning a new machine, etc.  For hobbyists, that
> is a desired goal in itself, but for people who just want functions,
> it's a nuisance.)

Uh-huh.

> Indeed, years ago they used to compare computers against automobiles 
> to show how faster computer progress was.  But I'm driving a 16 y/o
> car that runs just fine, yet a 16 y/o computer, if it even still 
> physically ran ok, would simply be too slow to run anything written
> today, or today's websites.

My fine and functional pickup is 26 years old.  My working electric
toaster, used daily in summer, was 100 years old in 2013; my 1925
Black & Decker drill works like a horse.  And a guestimate of the
average age of a tool in my shop is maybe 70 years, a fair collection
of new(ish :-) power tools notwithstanding.  But my new, bleeding-edge
laptop is a recursive PITA.

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [next] | [standalone]

#148158

<hancock4@bbs.cpcn.com> wrote in message 
news:b976eab8-54b1-4568-91d1-0c446885aef2@googlegroups.com...
> On Thursday, July 9, 2015 at 2:15:06 AM UTC-4, Mike Spencer wrote:
>
>> Yes.  That was the "arcane juju" to which I referred.  How about a
>> nice ASCII text file in which I can search for "network:dnsPrefetch"
>> instead of a tedious interactive UI with its own usage rules
>> referencing an unreadable database?  Not to mention that the entries
>> in about:config are mostly obscure in the extreme.
>
> One of the things I noticed in poking around is that set up files
> are harder to find and deal with, as you say.  Instead of ASCII
> with clear names, it's binary files with obscure names.
>
>
>
>
>> I want to disable, in a browser and at least intermittently, pretty
>> much *everything* that's been added since about the FF 3, Netscape
>> 4.76 era.  Okay, I'm an eccentric but I know there are lotsa other
>> folks who have approximately the same perspective.
>
> Unfortunately, if you disable stuff, most websites simply won't work,

That is overstated on the most.

> or even won't let you access them.  If you have an old version of
> I/E, there are sites that block you from entering.

But it is trivially easy to lie about what the browser is.

> In another situation, when one accesses the Windows Task Manager,
> there are numerous "processes" running.  The lay user can't touch
> any of them without risking serious screwup.  But some of those
> processes may be malware.  Do we really need all of those "processes"?

Obviously not but some of them are useful.

> (They also eat up CPU cycles and disk space,

They actually save both because that functionality is common
to whatever you run.

forcing one to have a
> high horsepower computer,

Tablets and smartphones prove that that is not correct.

and to replace it periodically to keep up
> with the bloat.  While computers today aren't that expensive, it's
> still some serious money ($750 to me is serious),

You don't have to spend anything like that to have something useful.

plus the inconvenience
> of transferring files, learning a new machine, etc.

You don't have to keep upgrading if you don't want to.

For hobbyists, that
> is a desired goal in itself, but for people who just want functions,
> it's a nuisance.)

> Indeed, years ago they used to compare computers against automobiles
> to show how faster computer progress was.  But I'm driving a 16 y/o
> car that runs just fine, yet a 16 y/o computer, if it even still
> physically ran ok, would simply be too slow to run anything written
> today, or today's websites.

That is just plain wrong with tablets, smartphones and netbooks
that all have cpus that are the same horse power as desktop systems
had 16 years ago and which all work fine. 

[toc] | [prev] | [next] | [standalone]

#148162

lawrence@cluon.com writes:

> Mike Spencer <mds@bogus.nodomain.nowhere> writes:
>>>>... "User would be confused if we made a way for him to turn it off."
>>> 
>>> Had a look see from [*http://about:config*] ?
>>
>> Not to mention that the entries
>> in about:config are mostly obscure in the extreme.
> 
> So, what you are saying, in essence is "This user IS confused that they
> made a way for him to turn it off"

Now, now....

Variant 1:  Switch on dashboard that says Klaxon ON/OFF.

Variant 2.  Fuse in fuseblock labled "klaxon". Removing it disables
            the klaxon and changes nothing else

Variant 3: You have to find a backyard mechanic fanboy of your car to
           tell you that there is an About:User- Manual available.
           The manual has no index and is arranged alphabetically by
           mother's maiden name of each item's author.

           On page 371, para 26, subsection 31, that manual say, 

           Failure to follow these instruction exactly will void your
           warrantee, subject you to ridicule on alt.diy.cars and
           cause the air bags to deploy simultaneously.

           Open hood, locate yellow wire connecting the Vapor
           Diffusion Module to the Service Block. Short that wire to
           ground.  Then remove the red wire from the Temperature
           Division Sender Filter.  Remove the ground from the yellow
           wire.  Disconnect klaxon override hose and plug the
           fitting. Snip red & green kaxon wire and tape it. Do NOT
           disturb the klaxon adjusting ring which controls emergency
           braking. 

Given that pop-{up,down} menus create more or less infinite "dashboard"
real estate, I'm more saying that this user is cvffrq bss that they
chose Variant 3 instead of Variant 1.

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [next] | [standalone]

#148167

On 09/07/2015 15:20, hancock4@bbs.cpcn.com wrote:
{snip}

> Unfortunately, if you disable stuff, most websites simply won't work,
> or even won't let you access them.  If you have an old version of
> I/E, there are sites that block you from entering.

The US Government is big enough and powerful enough to say make you 
website work with our secure browser or our agencies and suppliers will 
not work with you.

[toc] | [prev] | [next] | [standalone]

#148169

Andrew Swallow <am.swallow@btinternet.com> wrote:
> On 09/07/2015 15:20, hancock4@bbs.cpcn.com wrote:
> {snip}
> 
>> Unfortunately, if you disable stuff, most websites simply won't work,
>> or even won't let you access them.  If you have an old version of
>> I/E, there are sites that block you from entering.
> 
> The US Government is big enough and powerful enough to say make you
> website work with our secure browser or our agencies and suppliers will not work with you.

They need a secure browser first, and I don't think such a beast exists. 
Security conflicts with a major goal of the internet project -openness.

-- 
Pete

[toc] | [prev] | [next] | [standalone]

#148192

On 2015-07-10, Peter Flass <peter_flass@yahoo.com> wrote:

> Andrew Swallow <am.swallow@btinternet.com> wrote:
>
>> On 09/07/2015 15:20, hancock4@bbs.cpcn.com wrote:
>> {snip}
>> 
>>> Unfortunately, if you disable stuff, most websites simply won't work,
>>> or even won't let you access them.  If you have an old version of
>>> I/E, there are sites that block you from entering.
>> 
>> The US Government is big enough and powerful enough to say make you
>> website work with our secure browser or our agencies and suppliers
>> will not work with you.
>
> They need a secure browser first, and I don't think such a beast exists. 
> Security conflicts with a major goal of the internet project -openness.

Still, there's nothing that says an open-source system can't be secure,
provided you keep the keys secret.  Knowing how a lock works doesn't
automatically mean you can crack it.  And what's the alternative?
Certainly not closed source, which can contain all sorts of back doors
whose existence can never be disproved.  "Security through obscurity"
has been pretty much discredited (except among True Believers, of course).

-- 
/~\  cgibbs@kltpzyxm.invalid (Charlie Gibbs)
\ /  I'm really at ac.dekanfrus if you read it the right way.
 X   Top-posted messages will probably be ignored.  See RFC1855.
/ \  HTML will DEFINITELY be ignored.  Join the ASCII ribbon campaign!

[toc] | [prev] | [next] | [standalone]

#148194

On 10/07/2015 17:36, Charlie Gibbs wrote:
> On 2015-07-10, Peter Flass <peter_flass@yahoo.com> wrote:
>
>> Andrew Swallow <am.swallow@btinternet.com> wrote:
>>
>>> On 09/07/2015 15:20, hancock4@bbs.cpcn.com wrote:
>>> {snip}
>>>
>>>> Unfortunately, if you disable stuff, most websites simply won't work,
>>>> or even won't let you access them.  If you have an old version of
>>>> I/E, there are sites that block you from entering.
>>>
>>> The US Government is big enough and powerful enough to say make you
>>> website work with our secure browser or our agencies and suppliers
>>> will not work with you.
>>
>> They need a secure browser first, and I don't think such a beast exists.
>> Security conflicts with a major goal of the internet project -openness.
>
> Still, there's nothing that says an open-source system can't be secure,
> provided you keep the keys secret.  Knowing how a lock works doesn't
> automatically mean you can crack it.  And what's the alternative?
> Certainly not closed source, which can contain all sorts of back doors
> whose existence can never be disproved.  "Security through obscurity"
> has been pretty much discredited (except among True Believers, of course).
>

For government agencies other than defence, intelligence and diplomacy 
the email encryption would be AES. The same for encryption of personal data.

[toc] | [prev] | [next] | [standalone]

#148197

On 10-Jul-15 13:01, Andrew Swallow wrote:
> On 10/07/2015 17:36, Charlie Gibbs wrote:
>> On 2015-07-10, Peter Flass <peter_flass@yahoo.com> wrote:
>>> Andrew Swallow <am.swallow@btinternet.com> wrote:
>>>> The US Government is big enough and powerful enough to say make
>>>> you website work with our secure browser or our agencies and
>>>> suppliers will not work with you.
>>> 
>>> They need a secure browser first, and I don't think such a beast
>>> exists. Security conflicts with a major goal of the internet
>>> project -openness.
>> 
>> Still, there's nothing that says an open-source system can't be
>> secure, provided you keep the keys secret.  Knowing how a lock
>> works doesn't automatically mean you can crack it.  And what's the
>> alternative? Certainly not closed source, which can contain all
>> sorts of back doors whose existence can never be disproved.
>> "Security through obscurity" has been pretty much discredited
>> (except among True Believers, of course).
> 
> For government agencies other than defence, intelligence and
> diplomacy the email encryption would be AES. The same for encryption
> of personal data.

The NSA now specifies AES-128 for Secret and AES-256 for Top Secret
material.  I don't know if State has their own standards, but there's no
reason to use anything different, and they usually piggyback on military
communications channels anyway.  For instance, embassies and consulates
have DPO (formerly APO/FPO) addresses served by the Military Postal
Service Agency.

S

-- 
Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

[toc] | [prev] | [next] | [standalone]

#148198

On 10-Jul-15 11:36, Charlie Gibbs wrote:
> On 2015-07-10, Peter Flass <peter_flass@yahoo.com> wrote:
>> They need a secure browser first, and I don't think such a beast
>> exists. Security conflicts with a major goal of the internet
>> project -openness.
> 
> Still, there's nothing that says an open-source system can't be
> secure, provided you keep the keys secret.  Knowing how a lock works
> doesn't automatically mean you can crack it.  Certainly not closed
> source, which can contain all sorts of back doors whose existence can
> never be disproved. "Security through obscurity" has been pretty much
> discredited (except among True Believers, of course).

"In cryptography, Kerckhoffs's principle ... was stated by Auguste
Kerckhoffs in the 19th century: A cryptosystem should be secure even if
everything about the system, except the key, is public knowledge.

Kerckhoffs's principle was reformulated (or perhaps independently
formulated) by Claude Shannon as "the enemy knows the system", [1] i.e.,
"one ought to design systems under the assumption that the enemy will
immediately gain full familiarity with them". In that form, it is called
Shannon's maxim. In contrast to "security through obscurity", it is
widely embraced by cryptographers."

https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

S

-- 
Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking

[toc] | [prev] | [next] | [standalone]

#148200

Charlie Gibbs <cgibbs@kltpzyxm.invalid> wrote:
> On 2015-07-10, Peter Flass <peter_flass@yahoo.com> wrote:
> 
>> Andrew Swallow <am.swallow@btinternet.com> wrote:
>> 
>>> On 09/07/2015 15:20, hancock4@bbs.cpcn.com wrote:
>>> {snip}
>>> 
>>>> Unfortunately, if you disable stuff, most websites simply won't work,
>>>> or even won't let you access them.  If you have an old version of
>>>> I/E, there are sites that block you from entering.
>>> 
>>> The US Government is big enough and powerful enough to say make you
>>> website work with our secure browser or our agencies and suppliers
>>> will not work with you.
>> 
>> They need a secure browser first, and I don't think such a beast exists. 
>> Security conflicts with a major goal of the internet project -openness.
> 
> Still, there's nothing that says an open-source system can't be secure,
> provided you keep the keys secret.  Knowing how a lock works doesn't
> automatically mean you can crack it.  And what's the alternative?
> Certainly not closed source, which can contain all sorts of back doors
> whose existence can never be disproved.  "Security through obscurity"
> has been pretty much discredited (except among True Believers, of course).

The problem is you have to secure a lot of things.  Obviously javascript
and java are out, unless it would be acceptable to download stuff from
approved sites.  Flash is out.  What else is commonly used that would have
to be redesigned to be secure?


-- 
Pete

[toc] | [prev] | [next] | [standalone]

Page 1 of 3  [1] 2 3  Next page →

Back to top | Article view | alt.folklore.computers

csiph-web