Re: Holy shit! in

Re: Holy shit! in http://www.dslreports.com/forum/r11596281 en Fri, 05 Dec 2008 05:22:38 EDT Fri, 05 Dec 2008 05:22:38 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11598255 Talis :

said by tcp1 :
A) Expecting a user to know that web pages get stored on their disk is hardly tantamount to having a CS degree.

Thats a true statement. But expecting users to know anything about how a particular application works internally doesn't make sense if you want general joe-blow individuals to use your application.

said by tcp1 :
B) You must not have been around computers very long. I imagine you'd be completely floored by how difficult it was to do something as simple as installing a modem ten short years ago. Hell, even five or six years ago. IRQs, TSRs, IO addresses, jumpers.. You don't know how good you have it. Things ARE easier today.

I've been working with computers for 20+ years. Things are definitely easier today, no doubt about it. But developers still do not think in terms of safety and security - defensive development would be a good way to say it, with respect to the user.

said by tcp1 :
You can only dumb down a complex system so much until it just stops working properly.

I disagree. I'm not even suggesting you dumb down anything. I'm saying you make the programs smarter, the interactions between programs smarter, to account for the lack of knowledge of the users.

said by tcp1 :
Remember, what's simple in your mind may not be so simple in practice. Think logically - HOW could Google have done this otherwise? The files are stored on your disk, by IE and Firefox, not Google, unencrypted. Google allows you to turn this feature off. Where did they fail, other than perhaps making the description of this feature blinking, rotating, and in bright red and yellow?

This isn't Googles problem, and I don't believe I ever said it was. The problem is that the data is laying around in the cache to begin with. It should not be. It isn't that difficult to build protocols that describe sensitive data and protocols that define how applications should treat that data. But the industry as a whole has not cared to address those issues. Until they do, this will continue to be a problem forever, and it isn't the users problem.]]> http://www.dslreports.com/forum/remark,11598255 Fri, 15 Oct 2004 18:02:40 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11598012 jap : I think you intended to respond to Zemus420

rather than my post??

I'm agreeing with you.]]> http://www.dslreports.com/forum/remark,11598012 Fri, 15 Oct 2004 17:28:56 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597580 Jeremy341 : Well I decided to talk about the AIM function, so that interested people could understand more about how the program works.
--
I do not trust Firefox. Spread anything besides that horrid piece of crap.]]> http://www.dslreports.com/forum/remark,11597580 Fri, 15 Oct 2004 16:34:26 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597569 tcp1 : We were talking about the WEB HISTORY function, not the AIM function. This is in regards to how it "stores" e-mails. ]]> http://www.dslreports.com/forum/remark,11597569 Fri, 15 Oct 2004 16:31:57 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597518 Jeremy341 :

said by tcp1 :
Jerw134, you are simply the most alarmist person I've ever seen on this board.

The only thing close to "sniffing" it does is with AIM chats, and it explicitly asks if you want to do that.

Not turning it on is the same as not having it installed at all.

Alarmist? I'm pointing out what the program does. You're claiming that all it does is look at files that would already be on your hard drive if the program weren't installed, and I pointed out the fact that this is not the case.

I know that you have to give the program permission before it does any of this. I wasn't taking issue with the program, I was taking issue with your misinformation. Please learn how to distinguish between those two things.
--
I do not trust Firefox. Spread anything besides that horrid piece of crap.]]> http://www.dslreports.com/forum/remark,11597518 Fri, 15 Oct 2004 16:26:26 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597335 tcp1 : Jerw134, you are simply the most alarmist person I've ever seen on this board.

The only thing close to "sniffing" it does is with AIM chats, and it explicitly asks if you want to do that.

Not turning it on is the same as not having it installed at all.

You're installing a SEARCH PROGRAM to find data on your computer. What do you expect it to do? Not look at files or data?]]> http://www.dslreports.com/forum/remark,11597335 Fri, 15 Oct 2004 16:03:03 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597223 tcp1 :

said by Jeremy341 :

said by claudeo :
Does it actually intercept communications? I don't read it that way. But if it does that would indeed be a major security issue. The last thing we need is another sniffer.
Yes, it really does. I just installed it (and uninstalled it 10 minutes later) on my computer to check it out and see for myself.

It does NOT "intercept communications". It searches files that are on your disk, and would be on your disk anyways. You are misinformed and incorrect, Jerw134.]]> http://www.dslreports.com/forum/remark,11597223 Fri, 15 Oct 2004 15:51:07 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597207 tcp1 :
I'm not trying to make you feel dumb.

I'm just saying that for the past 20 years interfaces have been becoming easier and simpler. That's not a bad thing, but the caveat is that everything gets automated, and the user is not required to have any idea what the consequences of his or her actions are.

Think of it as when the day comes when cars drive themselves -- but you don't know what the brake pedal does when that auto-pilot doesn't behave exactly as you expect.

Computers are not simple appliances. Even though the marketing pinheads would like to position them as such, and every Wal-Mart computer purchaser would like to use them as such - it will never happen. If you are storing, sending, and receiving personal information on a device, it has to be stored somewhere. Whether that's in memory or on disk..

Encryption is possible, and should be used wherever possible - but it does slow things down, and does require further engineering and user complexity - since user authentication and the concept of trusted events and resources must now be used.

Note it this way. This problem is not a problem on a computer used by only one person. So, the issue is on multiple user systems. On a multiple user system, if the cache was encrypted (this is not under Google's control), there would have to be a separately maintained cache and authentication system for each user. This adds complexity back to the user interface. Now "Joe User" is complaining as to why he has to log in to his web browser, or create a new profile when he logs on to a public machine. Follow that thread on and on.

G]]> http://www.dslreports.com/forum/remark,11597207 Fri, 15 Oct 2004 15:50:01 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11597152 tcp1 :

said by Talis :
Why should users have to know the inner workings of the programs they use? Programmers write programs that leave things laying around in a cache somewhere, and its the users fault for not knowing this?

It's not a question of them having to know EVERYTHING, but so many users have NO CLUE what's going on. "Leave things lying around in a cache?" The cache has to go somewhere. If there was no cache, the "dumb users" would be complaining that things have slowed down.

quote:

I've seen so many posts like this blaming every woe in the Internet on the 'stupid users.' How will computers and the Internet ever be ubiquitous, useful tools if programmers and industry professionals in general don't step up and start writing programs that are safe and secure?

Yes, and likewise, I imagine our highways will never be safe until cars drive themselves and prevent all accidents through mechanical engineering and sensors. The user has to take some responsibility. Thinking you can use a complex system without having even the slightest clue as to what's going on behind the scenes is insanely naive. I'm not saying users should have to be able to write an interface to a binary or flatfile database on their system and manually alter the cache. I think it's reasonable to expect them to understand that when you view a web page, it gets downloaded to your hard drive, and can be viewed by other people that use that computer if you don't take precautions. That's basic.

quote:

You are right, this has always been in cache, and Google is just finding it. But the vast majority of general computer users don't know this, and they shouldn't have to know it.

Why not? So how do you rectify this.. Outright prevent searching of the cache? Maybe some people want to search the cache. Using your logic, wouldn't offering up the option to search the internet cache (which Google does provide, and calls it "web history") just confuse people more?

Google lets you turn it off. So what's the big deal?

quote:

You can't require Joe User to have a degree in computer science in order to use a computer or a piece of software 'properly.' Thats totally unrealistic and would be antithetical to the growth of the computer industry.

A) Expecting a user to know that web pages get stored on their disk is hardly tantamount to having a CS degree.

B) You must not have been around computers very long. I imagine you'd be completely floored by how difficult it was to do something as simple as installing a modem ten short years ago. Hell, even five or six years ago. IRQs, TSRs, IO addresses, jumpers.. You don't know how good you have it. Things ARE easier today.

You can only dumb down a complex system so much until it just stops working properly.

quote:

Instead, the computer industry needs to understand who their audience is and learn how to create safe and secure products for them. Stop blaming my mother for your inability to keep her checkbook secure.

Horrible logic. Who is their audience? Strictly Wal Mart consumers who expect a computer to operate like a VCR? Sorry, if you're storing personal information you might want to know a thing or two about security. You talk about your mother keeping her checkbook secure.. Would you blame the bank for printing necessary account numbers on checks if a cashier copies down her account and routing number?

It's lovely to think the world and the internet is a simple, nice, fluffy place where your 85 year old grandmother can just hop on to AOL with no problems, and that we programmers can engineer out any pitfalls. Too bad it just ain't so, and I'm ticked off that so many armchair quarterbacks are telling engineers how to write software.

Remember, what's simple in your mind may not be so simple in practice. Think logically - HOW could Google have done this otherwise? The files are stored on your disk, by IE and Firefox, not Google, unencrypted. Google allows you to turn this feature off. Where did they fail, other than perhaps making the description of this feature blinking, rotating, and in bright red and yellow?]]> http://www.dslreports.com/forum/remark,11597152 Fri, 15 Oct 2004 15:44:33 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596971 Inflex : I'm not interested in proving someone else's baseless claim, thank you.]]> http://www.dslreports.com/forum/remark,11596971 Fri, 15 Oct 2004 15:24:48 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596866 Jeremy341 : Install the program and prove it to yourself. I don't have it installed anymore, and I'm not going to install it again.
--
I do not trust Firefox. Spread anything besides that horrid piece of crap.]]> http://www.dslreports.com/forum/remark,11596866 Fri, 15 Oct 2004 15:14:01 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596830 Inflex : Proof?]]> http://www.dslreports.com/forum/remark,11596830 Fri, 15 Oct 2004 15:10:01 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596751 Jeremy341 :

said by claudeo :
Does it actually intercept communications? I don't read it that way. But if it does that would indeed be a major security issue. The last thing we need is another sniffer.

Yes, it really does. I just installed it (and uninstalled it 10 minutes later) on my computer to check it out and see for myself.
--
I do not trust Firefox. Spread anything besides that horrid piece of crap.]]> http://www.dslreports.com/forum/remark,11596751 Fri, 15 Oct 2004 15:01:24 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596732 rchandra : I know what you mean by "behind the shiny GUI". I was listening to a radio show (supposedly the longest running computer-oriented show, "SoundBytes", on WHAM 1180 in Rochester, NY) about a guy who was having problems w/ his Internet connection. I knew precisely that he had to remove any gateway declaration in his networking configuration files ("GATEWAY=" in either /etc/sysconfig/network or /etc/sysconfig/network-scripts/ifcfg-eth0 on RHL/FC systems) and make sure pppd starts with "defaultroute" as an option, but with all kinds of GUIs and TUIs for networking, it would have been tough to tell this guy how to get things done. Virtually everyone who uses these GUI frontends has no clue whatsoever what's behind them (the ip(8) and pppd(8) commands). If they did, it'd be relatively easy to fix this sort of problem.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here
Jeopardy! replies REALLY suck!]]> http://www.dslreports.com/forum/remark,11596732 Fri, 15 Oct 2004 15:00:09 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596725 claudeo : Does it actually intercept communications? I don't read it that way. But if it does that would indeed be a major security issue. The last thing we need is another sniffer.]]> http://www.dslreports.com/forum/remark,11596725 Fri, 15 Oct 2004 14:59:17 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596703 Jeremy341 :

said by tcp1 :
That stuff is there anyways - Google is just FINDING IT, for chrissakes. Windows search would do the same thing, just slower.

You don't seem to understand how Google's program works. It installs a sniffer on the computer in order to capture certain things. How else could it log AIM conversations if you didn't have another logging program in place?

The point is, it doesn't just search files that are already on your hard drive. It also intercepts and logs network communications.
--
I do not trust Firefox. Spread anything besides that horrid piece of crap.]]> http://www.dslreports.com/forum/remark,11596703 Fri, 15 Oct 2004 14:55:49 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596536 Talis : Why should users have to know the inner workings of the programs they use? Programmers write programs that leave things laying around in a cache somewhere, and its the users fault for not knowing this?

I've seen so many posts like this blaming every woe in the Internet on the 'stupid users.' How will computers and the Internet ever be ubiquitous, useful tools if programmers and industry professionals in general don't step up and start writing programs that are safe and secure?

You are right, this has always been in cache, and Google is just finding it. But the vast majority of general computer users don't know this, and they shouldn't have to know it. You can't require Joe User to have a degree in computer science in order to use a computer or a piece of software 'properly.' Thats totally unrealistic and would be antithetical to the growth of the computer industry.

Instead, the computer industry needs to understand who their audience is and learn how to create safe and secure products for them. Stop blaming my mother for your inability to keep her checkbook secure.]]> http://www.dslreports.com/forum/remark,11596536 Fri, 15 Oct 2004 14:36:27 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596428 jap :

said by Zemus420 :
This guy make me feel DUMB :)

lol - Well don't sweat is too much. He hit the nail on the head, IMO: it's a socially engineered ignorance systemic to human relations with their computers everywhere. You've plenty of company. But tcp1 makes a good point: it's a rather tricky security problem with no technical solution and no quick & easy solution period. There's a world full of powerful systems running GUI-heavy OS's designed to be "user-friendly" at the expense of keeping users ignorant of what transpires behind the GUI. No sign of that trend reversing.]]> http://www.dslreports.com/forum/remark,11596428 Fri, 15 Oct 2004 14:24:31 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596281 Zemus420 : This guy make me feel DUMB :)]]> http://www.dslreports.com/forum/remark,11596281 Fri, 15 Oct 2004 14:08:19 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11596082 cjsmith : Here is the Features FAQ's link:
»desktop.google.com/support/bin/t···opic=111

Pay particular attention to this Q&A as it relates to your security questions:
How can I remove something from my results?

Privacy Q & A's]]> http://www.dslreports.com/forum/remark,11596082 Fri, 15 Oct 2004 13:46:17 EDT Re: Holy shit! http://www.dslreports.com/forum/remark,11595933 tcp1 : Oh, whatever. Learn how to use a computer. That stuff is there anyways - Google is just FINDING IT, for chrissakes. Windows search would do the same thing, just slower.

Dumb user interfaces and lowered expectations have raised a generation that has no idea what's going on behind their shiny browser window, and that's a problem.

Your web mail has ALWAYS been in your cache. Don't fault google just for the fact that their utility finds the damn files. ]]> http://www.dslreports.com/forum/remark,11595933 Fri, 15 Oct 2004 13:31:20 EDT Holy shit! http://www.dslreports.com/forum/remark,11595864 Phucker : big security issues here. Especially for a public machine.

It makes screen captures as well.

I found my bank statement in its cache and it just brings it up.]]> http://www.dslreports.com/forum/remark,11595864 Fri, 15 Oct 2004 13:25:27 EDT