Alex "BuckyBit" Covic

Alex "BuckyBit" Covic Alex Covic buckybit

Niner since 2009

Remember the first episodes with Scoble & Charles? I do - long time listener - shy by nature...


  • E2E: Erik Meijer and Cormac Herley - Rational Rejection of Security Advice by Users


    I thought about users and security a lot over many years...and I gave up on end-users. You, of course, cannot.


    How many, 1 billion PC's worldwide? 100s of millions financial transactions every day. It is a miracle that so little is compromised! On the other hand, you can buy (in a couple hours, every time of the day) DVDs full of legit credit card numbers and other relevant data, if you know the sources.


    End-user security will never improve, because IMHO we cannot show the users pictures of rotting carcasses or dying baby seals ... something to make them more aware, more cautious BEFORE something 'bad' happens, they lose their money or ID-theft. Who uses PGP? Who checks his own passwords with password crackers? Who encrypts his emails? Last time you updated your Key Fingerprint?


    My concern is more on the company and government side. The recent New York Times article that explained how the Google Hack was possible (including the usage of Microsoft Instant Messenger and a click to a link - ah, ActiveX Controls) made me shiver.


    Your company is as secure as your dumbest employee? But who was the real risk factor? The guy that clicked? The supervisor, that did not explain, not to use such a thing? The CTO who had no policies in place to explain the risks to the employees? etc... who's fault is it?


    When it comes to security problems, I often defend Microsoft and Windows products explaining to people "This is what you wanted" - they want easy usability, they want to drag and drop things, to copy and paste... they wanted COM and ActiveX controls - jumping between apps, shiny, Flashy, javascript web, ... do users care about the problems this may cause? No! They are no programmers! They just want to drive the car, no wait - they just want the ride! They don't want to care what the difference is between http and https...


    Blackhats who are after individuals are not my concern anymore. We need to think of the Chinese hacker madras (no offense, fellow Chinese Devs), the Cyberwars that are going on right now. The daily attacks we have to deal with on a daily basis. Industrial and military espionage is real. Our technology is used in critical areas. The vulnerability is there, too. People, who work in sensitive areas need to be educated.


    [Edit] Consumer world End-users? What can we really do for/about them?






  • TechDays 2010 Keynote by Anders Hejlsberg: Trends and future directions in programming languages

    It's my fault.


    I read the title and thought the content would match it: 'Trends and future directions in programming languages'


    So, what is the future in programming languages? Doing the /qParallel - all problems solved? 


    Sorry, but this keynote is for 5-year old programming toddlers? Nothing in there, that Anders did not say before in the videos Charles did over the years? But, I am not the audience for this. I did not want to sound too harsh.


    This sounds more like a Level 100 for marketing types who have to sell the new VS? Who is this audience?


    There are many moments when I was shaking my head, since the old discussions are popping up - this time unchallenged. Watching the power of dynamic and functional programming languages through his old 2D-OO-glasses is great for .NET, I guess.


    Again, it's my fault.