[plug] Can of Tuna

Christian christian at amnet.net.au
Sat Apr 7 12:48:24 WST 2001 

On Sat, Apr 07, 2001 at 10:56:39AM +0800, hooli wrote:
> Sheesh!
> 
> Take it as you may, but the West Australian's Technical Article Journalist 
> N.M annoys the crap out of me...

Me too.  Actually, most technical journalists (now THERE'S an oxymoron
for you!) annoy the crap out of me but the West's journalists seem to be
much better at it than most.

> Take N.M's article in today's (Saturday) West Australian about the Lexmark 
> printers for example.
> Any further comments?  (Other than for me to re-read Linux Advocacy HOWTO 100 
> times more...)

His article about Lexmark printers and tuna (p. 49 of Classifieds) seems
pretty bizarre and pointless to me but it's the article above that
really gets me.  He's doing a "Good Thing" (tm) but doing it in an
awkward and only partially effective way.  The article is about how,
in Windows, if you share part of your hard drive and you bind file
sharing to TCP/IP then anyone in the world can browse the share.
Definitely a risk and worthy of an article, right?  Unfortunately the
article in question:

 - Doesn't actually provide a solution: my understanding is this can be
   fixed in the Network section of control panel by removing the binding
   for "File and print sharing" from TCP/IP.  Pretty easy and surely worth
   mentioning?  (I could be wrong about exactly how to fix it, after
   all, I don't really have to worry about it since it doesn't affect me.)

 - Talks about unrelated topics as if they are related: network
   eavesdropping has nothing to do with the above problem but it is
   still discussed in detail before getting to the rest of the
   article.  Sure to confuse plenty of people.  Does the journalist
   understand these two things aren't related and is trying to show off or
   is he just confused himself?

 - Confuses privacy with security: giving anyone in the world access to
   your files is clearly a security issue first and a privacy issue
   second (if at all).  Once again this is bound to confuse readers but
   what hope do they have if the "expert" journalist doesn't understand the
   distinction.  

Of course, I've seen much worse technical articles in the West before.
A few weeks ago they previewed technology supposedly developed in Perth
that's claimed to provide a revolutionary new method of securing files.
Unfortunately in their efforts to get some good publicity for the
company concerned they didn't bother to check any facts or get any
expert/independent opinions on whether this technology was either
revolutionary or secure.  From the very few details that have been
released about it so far it certainly doesn't look like it is either.
Unfortunately the West's article gave no indication of that.  I would
suggest that most security experts would be at least cautious as to the
effectiveness of what is described.  Of course, since very limited
detail is available (never a good sign where security is concerned) and
there has been no independent evaluation of the technology, what other
conclusion could anyone reasonably reach?  In fact, it all looks very
suspicious to me.  The only thing certain about the company involved is
that they want publicity and investors.  Their technology looks very
much like snake oil to me.  Of course, the article in the West gave no
indication of this either. (If anyone wants to know more, email me off
list.) 

At the time I was going to write a letter to the West pointing out
numerous technical irregularities with the technology concerned and the
naivety shown by the journalist but given previous experiences I
decided not to bother.  I've written to them before about deficiencies
in their technical articles, particularly those security-related, and have
basically just been ignored.  Personally I think that a newspaper like
the West has a responsibility to help to educate users about important
technical issues that affect them -- in particular issues such as
security problems where their understanding and repsonse to the problem
play a major role in determining its impact.  If ordinary users knew not
to run strange email attachments, would Melissa, ILOVEYOU et al have been
such a problem?  Traditional media outlets must accept a significant
proportion of the blame for these continuing problems.

Regards,

Christian.

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C

More information about the plug mailing list