Microsoft: Our strategy with Silverlight has shifted

Ouch

Update: Or not.

Google: 95% of users ignore warnings of bad site

According to Google security researcher Fabrice Jaubert 95% of users ignore the warning page that Google presents when they try to access a website that is likely to harm their system. It used to be that this warning offered a button which allowed them to proceed to the page, and it is this button that users clicked.Google thus changed the page so that users must copy and paste the URL.

We've long known that users will click through, presumably without reading, any dialogs or alerts that are in the way of them getting what they want. I think this confirms it.

Just wow.

Related article: A peek into Google's anti-malware operation

Favourite place #3

Parliament Buildings

Bikes/cars/peds in NY

The article A unified theory of New York biking and the subsequent comments are very good. Bike Snob has a bit of rebutal here which I also recommend.

 

Favourite place #2

Sulpher Spring Road

43.07892, -79.30187

Bell Canada Area Code 905: totally retarded user experience

My mom lives in area code 905, which is in the Niagara region of Ontario. While at her place, I phone my sister-in-law at her work land line, about 5 blocks distant, and also in the 905 area code. I dial 7 digits and am told I must dial the area code. I dial 11 digits (adding 1 905) and a voice says "this number is not long distance", and that I must redial without the 1. She's not answering so I call her cell phone using 10 digits. I'm told that's long distance. I must dial a 1, or 11 digits. In all cases, why couldn't they just route the call? There's is no extra charge if it's long distance or not, so what the hell?

What this means is you must know before dialing if a number is long distance or not, else you roll the dice on whether to dial 10 or 11 (not 7) digits, and if you get it wrong you have to redial all 11 or 10 digits. I don't think you could create a less welcoming user experience. For someone making a bunch of calls this must be extremely painful. I'd be curious to hear from local businesses to see how much time they waste every year playing this game.

On top of this, on one occasion, I phoned my sister-in-law at work and I swear it first told me it was long distance so I must dial a 1, then when I dialed a 1 it told me it was not long distance so I must not dial a 1, then I didn't dial a 1 and it told to dial a 1, and it so on for about 5 attempts, at which point I gave up. I can't believe this one actually happened. My 79 year old mother managed to make the call. It happened again while I was in Ottawa, making local calls there. The mistake in that instance was the recording saying not to dial a 1, when in fact I was meant to only dial 7 digits.

Wired: Facebook privacy

Continuing on my theme of whinging about Facebook privacy policies, I thought this was a pretty good article.

Art

I’m wondering if this would qualify as art?

Unintended consequences of computer viruses

The Spanish newspaper elpais.com  last week reported that the crash two years ago of Flight JK 5022, killing 154 of 172 on board, was indirectly caused by malicious software.

A computer, located at the airline's headquarters, was responsible for sounding an alarm if the plane registered three faults. In this case a tube had twice reported as overheated, but the third instance was not received because the computer was infected with a Trojan virus.

Three things come to mind here:

The first is that critical systems should be more secure. Ultimately, however, it is very difficult to make a system that is completely secure that also connects in any way with the outside world. Certainly such systems should not be based on a consumer OS that allows injected DLLs such as Microsoft Windows.

The second is that there should be consequences for those perpetrating such cyber crimes. We are well beyond the point in history where viruses are generated by kids working from their bedrooms. Today such acts are those of organized criminals, hidden behind levels of indirection and international borders. It is perhaps the verdict of murder that might galvanize action against these activities.

The third is the global threat we now face from politically driven cyber attacks. The recent Stuxnet virus illustrates just how sophisticated and dangerous these attacks can be. If you weren't paying attention, this virus is first spread via USB drive, then exploits four zero-day vulnerabilities to enable remote code execution, escalate priviledge, and pass itself between computers. This worm has burrowed it's way into some of the most secure and critical control systems in the world including, famously, a few thousand computers in Iran.

I'd like to close with an uplifting statement of how governments are taking cyber crime and cyber warfare very seriously, which they are, and how things will be alright. But I'm not optimistic enough to do this.

Update: A NYTimes article on the cost to Google of handling attacks

You've received a message from you doctor

Did I really? Which doctor? Who is RelayHealth? Am I supposed to click on that link, maybe provide some personal information to confirm my identity?

It’s shocking that it’s 2010 and the enterprises you care most about, such as your doctor, your bank, your investment manager, don’t have a simple electronic way to securely communicate with you. Except for FAX of course!