[Info-vax] VMS Server and WebApp future and People Power

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Sat Feb 20 10:09:33 EST 2016 

On 2016-02-20 04:23:44 +0000, David Froble said:

> Interesting synopses ..
> 
> (Did I spell that correctly?)

If you were aiming for the plural of synopsis, yes.

> In the world that we have evolved to, there seems to be a bunch of "the 
> user is too dumb to use this device properly" and such, and developers 
> therefore make decisions which sometimes a user doesn't know about, nor 
> can the user change some things.

The user has other things to do.   Getting work done, fun, etc.   
Taking care of the computer is nowhere on that list, for most folks.

What's a menu system but a way to avoid having the users need to learn 
the command line?

What's a GUI, but a way for the developers to make the command line easier?

Now various of these interfaces and tools can make the work faster, 
too.   More efficient.   Simpler.

> There are plenty of users who like things that way.  If you gave them 
> some descriptions of what's going to happen, they wouldn't read them, 
> and if they did, probably would not understand anyway.

What's BASIC but a way to avoid assembler?    Or LDAP and Kerberos 
other than a (secure) means of having the same password across multiple 
servers and to delegate access, for that matter.   Or a decent IDE, or 
any number of other tools or frameworks that I use and depend on, in 
order to avoid learning the underpinnings of the particular platform or 
tools, or to avoid dealing with those underpinnings.

> P.T. Barnum's type of people ....
> 
> But really, isn't their desires just as valid as yours and mine?  What 
> everyone is counting on is the integrity of the developers, or those 
> giving them their orders.
> 
> You know, like the NSA ....
> 
> My preferences:
> 
> If I didn't start it up, it should not be running ..
> 
> If I shut it down, it should be totally shutdown ..

Which is what can and should happen with competently coded applications 
and devices, for most situations.

But not always.   OpenVMS isn't good at this stuff, either.    This is 
also part of why I've been pointing to sandboxes and jails to 
variations such as the OpenBSD pledge API, and ASLR and NX, at better 
frameworks and tools, strl calls for C apps, at cryptographically 
secure password hashes and not the long-overdue-for-replacement Purdy, 
at making end-users work harder to even enable telnet, at distributed 
logging, kernel-integrated cryptographic random number generation... to 
the necessity of upgrading OpenVMS.   Because OpenVMS has no concept 
and no support for defending against these sorts of problems with 
untrusted or untrustworthy code, and also craptacularly bad at 
encouraging or pushing recalcitrant system managers to apply patches 
and upgrade their server security.   At enforcing application limits, 
and application access.   But I digress.

> Now, if that's not possible, then I got a problem with the device.

As for tracking and location data...   Since the advent of positioning 
data better than geolocating the nearby cell towers, cellphones have 
had the data around when you travel.   The algorithms are now 
sufficiently sophisticated to recognize when you customarily travel and 
to where — even with no appointments logged and no scheduled meetings, 
just your own routine — and your cellphone will now prompt you with the 
travel time to those locations.   Creepy to those that might notice and 
ponder, and useful to many folks.  Including some of those that think 
it's creepy.

For many routine tasks, a cellphone has become an effective personal 
assistant for a number of tasks.  Traffic, payments, navigation, 
locating friends, just finding which couch cushion I left the tablet 
in, etc.   Yes, that same device can also expose my foibles and my 
activities, can be used to advertise to me, and any number of other 
problems.   (But then some of the OpenVMS mail files I've been handed 
twenty years ago as part of troubleshooting mail-related problems would 
do the same, within the limitations of the era.)

Times change.   Problems change.  Expectations change.   
Vulnerabilities change.


-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list