Comments: 2006, and beyond...

just FWIW ... http://finance.yahoo.com/q/bc?s=AAPL&t=1y&l=off&z=m&q=l&c=

Posted by JPM at December 8, 2004 10:26 AM

Holy Dooley! So the stock market agrees... To be fair, there are other factors: the iTunes success, the iPod success, and the IBM rumours. But, right now, I suspect that Apple could no wrong.

(I stuck the link into the body above, thanks!)

Posted by Iang at December 8, 2004 10:29 AM

I have to say that I think this is a pretty outrageous prediction, although I'll give you credit for not holding back. Microsoft will have only 50% of the desktop market in two years? I don't think even the most wild-eyed Linux and Mac enthusiasts would dare to make such a prediction.

As for email dying, maybe it's a generational thing, but I don't find that chat or phones are suitable replacements. Chat and phone calls are ephemeral, here today and gone tomorrow. It's fine for asking for a date but for anything more substantive you want something where you can keep records, and where you can compose a message. Blogs and their comments are much more like email in nature than chat. They produce an archive and a record that you can refer to, can link to. (These stupid tiny little blog comment boxes are barely adequate - why do you think 10 lines is enough of a window? Do you set your own text windows to one inch by three inches?)

As far as Microsoft's rewriting efforts, from what I understand they began that about three years ago. And we're beginning to see the fruits of that labor, as in XP SP2. I expect that we'll see continued security updates going forward, gradually improving the situation.

But much of what you're talking about, spyware, is actually installed voluntarily by users in exchange for software that they want to use. Spyware is not technically a security problem, since it was accepted voluntarily. It's an education problem, and pretty soon people will wise up. They'll use P2P software that doesn't install spyware, and that by itself will go a considerable way towards fixing the situation. They'll use SP2 browsers that aren't vulnerable to drive by spyware installs, and that will help too.

Like so many people, you're extrapolating linearly instead of recognizing that the nature of progress is oscillatory. Every action triggers an opposite (if not precisely equal) reaction. Spam and spyware are the latest triggers, and the reaction is only beginning.

I'll go out on my own limb (easy with a pseudonym) and predict that in two years, spam will be yesterday's news, and something else will be the new problem. And it won't be because people have stopped using email. It may have changed its nature, there may be a parallel protocol that's not precisely RFC2822, but there will still be a communication medium with the key properties of email that I've outlined above.

Posted by Cypherpunk at December 9, 2004 06:14 PM

Cypherpunk: "But much of what you're talking about, spyware, is actually installed voluntarily by users in exchange for software that they want to use. Spyware is not technically a security problem, since it was accepted voluntarily. It's an education problem, and pretty soon people will wise up."

I guess that means phishing isn't a security problem, because the users volunteer their information up to whosoever asks for it !?!

What can I say, other than ... "gone phishing!" In a sense I agree with you in that it isn't a simple technical crypto problem. But, it is a security problem. It's like a car that rolls over if driven too fast around a corner; saying "drive more slowly around corners" might be the right response, or it might not be.

In the case of phishing, it isn't the right response. Banks secured their sites with SSL, browser manufacturers hid all the SSL and cert stuff, and everyone told the users it was safe to use the net. Now that's changed and everyone is pointing fingers like mad.

How fast should the browsers drive around this corner? The answer is in the security model for browsing: spoofing is covered, check the advertising literature. So the browser manufacturers need to get back and figure out why spoofing slips through. The lucky answer is that it is actually really easy to address. It just requires thinking about it instead of trying to blame someone else.

(It's really very easy. About 1% of the work in SP2 would knock phishing on the head. 2 programmers for a month. Basic apple pie stuff.)

Posted by Iang at December 9, 2004 08:52 PM

But, getting back to the big picture: oscillatory, straight line, whatever ...

My big point was that it is actually too late to address phishing alone. The money derived from phishing has now been re-invested and there is an industry addressing *all* the weaknesses in the Microsoft OS. Which means that they are now fighting a two front war against a well funded attacker: IE is being breached but so is the OS, and any weaknesses will be exploited more quickly than they can fix them.

Then, we have SP2. Yes, they started 3 years back. How far have they got? Not so far it seems to me: URL goes from scammer to user to browser and back to scammer. They haven't even acknowledged the link between phishing and the browser, can you offer any evidence that Microsoft are really thinking about security?

Secondly, think of it from a systems point of view. Assume for a wild moment that SP2 is safe at the OS level. What about all those users out there that are not upgraded? It might be easy to dismiss them ... but they are also more and more likely to dismiss Microsoft.

To that, I fear, there is no answer that bodes well for Microsoft.

Posted by Iang at December 9, 2004 09:05 PM
MT::App::Comments=HASH(0x9f7890) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.