, 2005-08-08
I have nothing but the greatest respect for Jon Udell. His "Strategic Developer" column is the first thing I read when my copy of InfoWorld magazine arrives in the mail, and his blog is one of the best if you're interested in the technical aspects of web development, standards, and practices. If blogging is enjoyable because it allows us to watch an interesting mind at work, then Jon Udell's blog is definitely among the most enjoyable.
Expand all |
Post comment
> have always told users not to click anything unless they know what they're doing.
That might be the case Richard, but for years, tech people generally have had two choices when explaining concepts like, say, installation wizards to users who aren't tech savvy:
1.) Tell them to accept default settings by clicking 'Yes' or 'OK'
2.) Spend hours going into computer design and background so that they understand concepts like nested directory structure, shortcuts, start menu entries, quicklaunch entries, etc.
While the second option is the most thorough and ideal solution, it also is downright impractical much of the time.
Take a look at the second picture (situated toward the left) in this link for an example: http://www.satirewire.com/features/siliconpines/about.shtml
> I'm going to go out on a limb and guess that you're, what, mid-twenties and you've got
> a number of MS Certs? Have you ever actually worked in a world that had computers but
> didn't have Windows? Are you actually qualified to speak with authority about what
> "computer scientists" have been doing for years?
I'm going to go out on a limb and guess that you're, what, mid-forties and you've held a number of certs for different companies throughout the years. You've been shielded from any meaningful amount of direct interaction with naive end-users for about 10 years and you're a little uppity about your accomplishments. You think that people like great aunt Sue and cousin Frank don't belong online and that dealing with their problems is not your concern. Are you actually qualified to speak with authority about anything that relates to end-user computer activity?
> While the fault for Spyware as a whole certainly is not Microsoft's, the fault for the
> ability of the most simple pieces of spyware to work as well as they do rests squarely
> on their shoulders.
What tangible, architectural solution do you propose that will make spyware work less effectively while ensuring that all legitimate software remains unaffected? I welcome any meaningful answer to this -- not philosophical sound bites about Microsoft being at fault because of "how well" spyware works.
As a side note, people like you -- the ones who have been doing this since 1987 -- often fail to recognize that when the masses came online, the world of software changed. A target-rich environment made the world of hacking explode. An applicaction used to be declared bug-free when it always responded to proper inputs with proper outputs. Concepts like data validation were only meangingful where direct user-entered data had to be analyzed. Today, an application must not only meet that standard, it also must respond securely and predictably when given improper inputs at levels and in areas that have nothing to do with direct user input.
-- Daryl Shockey
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/346/32281#32281