Skip to content

Blog

Moving to Mountain Lion and Beyond

Mountain Lion pre-release logo

In my most recent article for For Mac Eyes Only, I ponder the implications of the remarkably speedy scheduled release of Apple’s OS X Mountain Lion on the longer term viability of older Mac hardware. Mountain Lion is due to arrive just a year after the release of Lion.

We now await OS X 10.8, Mountain Lion. Scheduled to be released a mere year after Lion, we are promised even more features ‘inspired by iPad’.

Wait a second. What was that? It is due to arrive this summer. Just one year after Lion was released.

A new release of OS X hasn’t come so quickly since the operating system was very young and was still being established and stabilised.

This strikes me as quite a shift, and it brings me to an important issue — how does this affect the lifespans of the Apple products we buy?

You can read the full article over on the For Mac Eyes Only site.

My Rant on the ‘Ribbon’

I’m not a fan of the new ‘Ribbon’ interface that debuted in Office 2007. I have been playing around with the new beta of Office 2010, where the Ribbon is now the standard user interface across the suite.

In this short screencast rant, I explain why I just don’t like this new user interface and how I don’t think it actually solves the issue it was designed to solve.

Apologies for the poor resolution and audio quality of this screencast; in future screencasts done using this method I’ll be sure to optimise things better.

Comments here or over on YouTube are welcome. I realise many people are happy with, or even passionate about the new Ribbon for good reasons too. I just can’t see how it does any good, yet requires extensive retraining of users!

On Teaching Computer Security to Non-Geeks

I can’t stand the attitude of “there’s nothing important on my computer, so I don’t care about whether it is secure or not”. The simple fact of the matter is that any infected computer connected to the internet is probably at the mercy of a malicious third party. Even if you don’t care about the impact of your computer being infected, your lazy attitude is affecting innocent other people’s computers, potentially in the form of sending mass spam and attacking unwitting websites.

Computer security is hard and very complex.

How we explain computer security and insecurity to average computer users, non-geeks if you will, is really important. And I really think that we are taking the wrong approach at the moment.

We teach computer users that in order to keep their computer secure and clean, they must have:

  • An anti-virus program
  • A firewall
  • Up-to-date software
  • … and other practical, simple steps

While these are all very important steps to encourage (especially keeping software up-to-date, in my mind), I think that we are making this advice a bit too practical. We’re ignoring complexity and only ever offering the most basic practical steps.

In my mind, a lot of computer security comes down to a model of trust. For example, I feel confident that a conversation with my internet bank is secure because:

  • I trust the integrity of the SSL connection for the purposes of keeping my information private and untampered with as it goes across the internet
  • I trust my local machine to be ‘clean’
  • I trust the remote machine at the bank is genuine and set up properly

All three of those things must be in place for me to have that ‘safe’ feeling. A safe SSL connection to your bank is meaningless if there’s nasty software on your local machine sending your keystrokes to a third party.

I’d like to see this model of trust be encouraged amongst all computer users. It maybe does take a little bit more time and effort to understand the basic principles of what is going on, but looking at security this way round, rather than from an entirely practical viewpoint, allows people to make informed security decisions, rather than blindly trusting some ‘security’ software to do everything.

Social engineering is a very easy way to get some nasty inside someone’s computer. It’s disappointing, but oftentimes you can trick the human into deliberately giving permission to something more easily than you can find a hole in software to do the same thing. Instead of relying on ‘last resort’ antivirus programs to catch known malicious programs running at the last minute, we should encourage people to ask questions:

  • Why am I being asked to run this software?
  • Where did it come from? Do I trust the group of people that wrote this program?
  • Is there anything suspicious or unusual about this? Is it really coming from who it says it is?

Obviously, you need to combine this with practical advice and some knowledge to enable people to spot things that are ‘out of place’. But I think if we did, people would be in a much better position to make sensible informed decisions and to understand better what is actually going on.

This rant only really covers one aspect of computer security. As I said at the start, computer security is really complex and really hard to get right. So this approach isn’t necessarily the answer and it isn’t going to be applicable everywhere. There are going to be groups of people for whom this will be too complex, and groups of people that ‘won’t care’. But I’d like to see it done more often.

Photo is Secure. by Wysz from Flickr. Licensed under Creative Commons BY-NC.

On FAIL

I was pleasantly surprised to read that The Times Magazine for the 9th February includes a section on the latest internet meme of FAIL (page 12, left hand box if you’re interested).

I was not so pleasantly surprised to notice that half way down, you are invited to “Visit timesonline.co.uk/microtrends for an epic shipment of fail”.

Why? Well, in my opinion, FAIL is subject to special grammar requirements. It should have been “a shipment of epic fail”, not “an epic shipment of fail”.

The lack of capitalisation also concerns me, but it might be a little harsh to be critical on that point as well – and the capitalisation of the word isn’t necessarily a set-in-stone rule, either.

You can read the article that appears in print over on their site.