What we -should- do is focus on things that we can actually benefit from. Instead of mass-murder, why not fix the internet by fixing javascript (ie. dis, fucking, allow, whitelist basis only), fixing flash (bye), fixing CSS (stop reading my history and stop scanning my ports!) and fixing HTML so we don't need to rely on stupid things (flash, silverlight, the thing Google made) to make browsing an enjoyable experience.
I can deliver you a browser that is virtually unexploitable. Firefox running with NoScript,
Okay, only a Professional Software Engineer can design webpages or write code. In BC, that's an actual discipline for Engineers. (I'm Electrical myself; one of my friends has her P.Eng in Software, and my alma mater was one of the first to offer it.)
See how that works?
The real problem is really your attitude, not the fact that "artsy-fartsies" are writing webpages in Dreamweaver. We can talk about the relative merits and security of Windows / OS ? / Lunix all day (which, really, is what/. is all about) but
I'm not really sure what you are running off about, but I'm fairly sure that at least a fair chunk of it is unrelated to my post which you are responding to...
I was simply indicating that getting rid of plugins like flash, locking down javascript, and in general getting the seperation of data and executable code right is never going to happen because the people who are currently calling the shots and driving the market either do not understand computer security, or do not make it a priority.
Because of that, I can see a future where active monitoring/detection of system changes is going to become more important. Maybe even services that either log into your machine and look at file size, diff, etc.. or actually make requests of your website, mimicking every possible thing a user could do, and look for unintended outcomes (file automatically downloading, for instance.)
I'm not saying that nontechnical users create security flaws, I'm saying that they demand features that cause security flaws, and the engineers that know better are not in positions to deny them the features. If a high payed media PHB demands that the website for [NEW HIT MOVIE] be made entirely with flash, a lowly engineer pointing out that flash is insecure is not going to get anywhere.
You are only "pretty sure" that there is "an" artist "somewhere" that can spell better than me? Well hell, I don't doubt it at all! In fact, I would be terribly suprised if I was a better speller than every single artist on the planet. I could even take your uncertainty as a compliment!
You are rather god-awful at this criticizing thing aren't you? You should work on your spelling nazi trolls some more if you want anyone around here to take you seriously...
Gosh that takes me back... or is it forward? That's the trouble with
time travel, you never can tell."
-- Doctor Who, "Androids of Tara"
Should Be Shot (Score:3, Insightful)
Malware and Virus authors should be lined up against a wall and shot. They are cancers and need to be irradiated.
Re: (Score:2)
I mean eradicated...although irradiated would probably work well too.
Re: (Score:3, Insightful)
What we -should- do is focus on things that we can actually benefit from. Instead of mass-murder, why not fix the internet by fixing javascript (ie. dis, fucking, allow, whitelist basis only), fixing flash (bye), fixing CSS (stop reading my history and stop scanning my ports!) and fixing HTML so we don't need to rely on stupid things (flash, silverlight, the thing Google made) to make browsing an enjoyable experience.
I can deliver you a browser that is virtually unexploitable. Firefox running with NoScript,
Re:Should Be Shot (Score:3)
The reason this will never happen (and it should) is because we have art students, not engineers, designing our websites, and thus calling the shots.
Some parts of computing should just not be done by non-technical users, designing secure systems is one of them.
Re: (Score:3, Interesting)
Okay, only a Professional Software Engineer can design webpages or write code. In BC, that's an actual discipline for Engineers. (I'm Electrical myself; one of my friends has her P.Eng in Software, and my alma mater was one of the first to offer it.)
See how that works?
The real problem is really your attitude, not the fact that "artsy-fartsies" are writing webpages in Dreamweaver. We can talk about the relative merits and security of Windows / OS ? / Lunix all day (which, really, is what /. is all about) but
Re: (Score:2)
I'm not really sure what you are running off about, but I'm fairly sure that at least a fair chunk of it is unrelated to my post which you are responding to...
I was simply indicating that getting rid of plugins like flash, locking down javascript, and in general getting the seperation of data and executable code right is never going to happen because the people who are currently calling the shots and driving the market either do not understand computer security, or do not make it a priority.
In my opinion, t
Re: (Score:2)
"We're outgunned and outnumbered."
Because of that, I can see a future where active monitoring/detection of system changes is going to become more important. Maybe even services that either log into your machine and look at file size, diff, etc.. or actually make requests of your website, mimicking every possible thing a user could do, and look for unintended outcomes (file automatically downloading, for instance.)
Re: (Score:2, Insightful)
If those non-technical users are able to create security holes, than that's the engineer's fault.
Re: (Score:3, Insightful)
I'm not saying that nontechnical users create security flaws, I'm saying that they demand features that cause security flaws, and the engineers that know better are not in positions to deny them the features. If a high payed media PHB demands that the website for [NEW HIT MOVIE] be made entirely with flash, a lowly engineer pointing out that flash is insecure is not going to get anywhere.
Re: (Score:2)
You are only "pretty sure" that there is "an" artist "somewhere" that can spell better than me? Well hell, I don't doubt it at all! In fact, I would be terribly suprised if I was a better speller than every single artist on the planet. I could even take your uncertainty as a compliment!
You are rather god-awful at this criticizing thing aren't you? You should work on your spelling nazi trolls some more if you want anyone around here to take you seriously...