Yeah Boy! Yah Suck! – David Pogue | Microsoft

December 11, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Yeah Boy! Yah Suck! 

This week’s, Yeah Boy!!!

I don’t know if you’ve heard of David Pogue, New Technology Columnist for NyTimes.Com. His website is aptly named: DavidPogue.com. I first got turned on to him (no he did not turn me on :-P ) when he did the keynote for a marketing conference I attended in Las Vegas about 2 years ago. The man has proven that he had the gift for writing, the gift of gab, he delivers his stuff in a very down-to-earth and funny fashion (both in text and in speech) and as he demonstrated in that keynote speech, he got musical skills, too. He explained that Music was actually his major in college and becoming one of the most recognized and respected tech reviewer in the web today is quite a feat indeed.

But that is not what earned him the Yeah Boy from me this week. The Yeah Boy was due to an article he wrote in New York times entitled: Free Speech (Recognition).

Okay, the Yeah Boy was not from his little joke about Palm and Dragon Naturally Speaking or his review of the iPhone App from Nuance (Dragon), but rather from this little snippet:

If you look at the reviews for this app on the iTunes store, though, you’ll be astonished–there are over 1,000 one-star reviews! What’s going on? They’re not judging the app on its design or effectiveness, that’s for sure.

Instead, people are freaked out by that “your audio is converted by Nuance’s servers” part. They think this is a privacy violation. They fear that someone at Nuance might listen in to the audio. (Nuance says nope, it’s just a bunch of computers, maintained in a secure facility, and the audio and transcriptions are not saved.)

They’re also alarmed by the welcome screen’s note that the names in your address book are uploaded to Nuance, too. Eeks! Nuance will know the names of the people we know!

This piqued my attention, because of two reasons, (1) I was just reading a whole bunch of stuff about Facebook and Privacy last night and how freaked out some people were about how Facebook is very intrusive to their privacy and have been described as a tyrannical big brother (not the exact words, but essentially that’s how I took it), and (2) This sounded so familiar and I just can’t put my finger on it, and then….

OK, first of all, this business of your audio being sent to Nuance for transcription rings a very familiar bell. Remember the Gmail brouhaha? When Gmail debuted, it offered a fantastic e-mail account, paid for by small text ads on the side whose subjects are matched to the e-mail contents.

At the time, everyone was hysterical about the supposed privacy violation: Google will be reading my e-mail! Of course, no humans were looking at your e-mail. It was just a bunch of servers analyzing keywords. Today, everybody’s forgotten all about it. But now the issue rises again with Dragon Dictation.

As for the names in your Contacts: they’re sent to Nuance so that the app will recognize the names when you dictate them. No other information (phone numbers, e-mail, addresses, etc.) is transmitted.

Ahhh. Yes. The “Gmail brouhaha.” Whatever happened to that concern? And is Yahoo! Mail or Hotmail any different? How about your DSL or cable e-mail? How about that e-mail address that your company is hosting on that $7.99/month webhost? Hmmmm…. Are they more benign than the evil people at Google? Anyway, Mr. Pogue continues:

What I don’t understand is: Why don’t these same people worry that Verizon or AT&T is listening in to their cellphone calls every single day? Why don’t they worry that MasterCard is peeking into their buying habits? How do they know Microsoft and Apple aren’t slurping down private documents off the hard drive and laughing their heads off?

I mean, if you’re gonna be paranoid, at least be rational about it.

Uhmmmm…. So… How’d you like them apples? Folks unless you become a hermit and move to the top of Everest or dive and hide into the deep trenches of the Marianas or simply disappear from the face of the planet, have a name change and have plastic surgery and stop using every single modern ammenities i.e. the Grocery Store, Your Credit Card and what-have-you altogether, you’ve already either knowingly or unknowingly given up your privacy for someone else to control in some form or another. How do you differentiate which of these companies are benign and which are malicious? I sure can’t think of one specific answer or can’t see any silver bullet solution. Simply put this is the price we all pay for the convenience inter-connectivity provides us.

The main driving force on how privacy is handled in the Internet does not really rely on the law (seriously regulators and policy makers are light years behind with what is happening) nor that it truly relies on the so-called Privacy Policy of the company or the third party audits that some of them are supposed to go  through (see Trust-e). It all comes down to TRUST and to you. It all comes down to whether you will trust a certain company or organization to handle your private information properly. It is up to you if you will trust a company with the Trust-e logo, or Nuance, or Apple or Facebook or Google and trust them that they will respect the privacy settings that you set-forth in your account and trust them not to snoop into your private conversations… If you don’t trust them, well don’t use them, but really don’t be a doomsday prophet about another company when you can’t even tell if the system you are now using actually is truly secure and trustworthy…

So log on, resistance is futile… And Mr. Pogue, YEAH BOY!!!

Yah Suck of the Week.

First off, for the record, I have never really been a Microsoft Hater despite how many techies out there who live and survive at bashing Microsoft. I’ve always thought that Microsoft is good at what they do and what they’ve done is to provide a good majority of us with a simple way to work with computers. Really who among you can write a bash command faster than I could right-click for the properties of the document? Nuff-said…

Then the common attack of MS-bashers  is the security flaws of its products. Well, the answer to that really if you look at the big picture is that being that MS controls the PC and the Server Market, they are a big target and any flaw is noticed fast since it affects a whole bunch of people and organizations. We don’t see this with other products like Linux or Unix or Apple because it only affects a few and low bang-for-the-buck for the hackers. A little geek tour for you folks and visit the National Vulnerability Database, which is the main repository for reporting flaws and vulnerabilities of every major software out there. If you do some searches you will notice that you will find about as much if not more vulnerabilities on Linux and other OS than that of Windows. Okay enough of that.

Last point is usability and cost. MAC really I am a fan, but damn you are expensive. Linux, yes you are cheap, but damn you are a pain to set-up. Moving forward…

So after all that why do I give Microsoft a Yah Suck! Well first I still could not get over Vista. Really that OS gave me Windows ME flashbacks and still is. But I guess, they now have Windows 7, which I got a chance to place with the beta version and Yes in my view Windows 7 Beta performed a whole lot better than my current version of Vista.

But Vista is old news. What made me give them a Yah Suck is what I discovered this week.

Really Mr. Ballmer with all the money Microsoft has, you can’t put some resources to clean-up what could be a very useful resource for your user base? Dude, simply put, YAH SUCK!!!

Bookmark and Share

Thought you should know, etc... Update

Exit...Stage Left

I’ve changed houses.  Instead of Suzhou, Jiangsu, China, I’mon the Southern Outer Banks of North Carolina.  Instead of skyscrapers, cranes and car horns honking, it’slittle buildings, quaint shops and a Jimmy Buffet-like atmosphere… 

“Welcome back Sanity…you werea missed chum...

Project Management Lite: Estimating–Preparing non-human Resource Cost Estimates

1. Objective •    To produce estimates of the non-human resource costs of the project (computer hardware, communications hardware, systems software, package software, etc.). 2. Responsibilities •    The Project M...

What Email Faux Pas Do You Commit?

Email—it’s a part of our everyday lives as business people.  Do you send emails that your co-workers take seriously?  Do you find some incoming emails off putting?  This humorous video by

Business Benefits Realisation – The Unfortunate Truth

By Craig Wilkins, Gareth Byatt, Gary Hamilton, and Jeff Hodgkinson Gareth, Gary and Jeff would like to thank Craig for agreeing to partner with us and share his expertise as the primary author for this article. Business Benefits Realisation for programs and projects should be tackled very early in their lifecycle...

When IT Is Your Company’s “Piggy Bank”

When IT Is Your Company’s “Piggy Bank” By Vaughan Merlyn First, my apologies – this is old news! But I was talking to a CIO last week and he made a statement I’ve heard many times over the years: “The company views IT as ‘the piggy bank’ – it’s a place they can reliably come to when [...

Tags: , , , , , , , , , , , ,

Comments

Leave a Reply




  • Your Shopping Cart

    Your cart is empty

  • Calendar

    December 2009
    M T W T F S S
    « Nov   Jan »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  

  • RSS From the National Vulnerability Database

    • CVE-2011-3958 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]
      nvd@nist.gov
    • CVE-2012-1033 (bind) February 7, 2012
      The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]
      nvd@nist.gov
    • CVE-2011-3971 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]
      nvd@nist.gov
    • CVE-2011-3954 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]
      nvd@nist.gov
    • CVE-2011-3970 (chrome, libxslt) February 7, 2012
      libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012
      The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]
      nvd@nist.gov
    • CVE-2011-3969 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]
      nvd@nist.gov
    • CVE-2011-3956 (chrome) February 7, 2012
      The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]
      nvd@nist.gov
    • CVE-2011-3968 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]
      nvd@nist.gov
    • CVE-2012-1035 (ada_web_services) February 7, 2012
      AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes