Rosio Pavoris

You have to love the significant overlap between people who talk too much and outright bigots. I finally got three people who have been getting on my nerves for months (the sort of people who also think I’m kidding when I call them worthless bottom feeders) to stop talking to me entirely, just by pointing out I am, in fact, bisexual.
I didn’t think that even worked in Belgium.

Random meme to fill space. I forgot where I found this. Output of history | awk '{a[$2]++} END {for (i in a) { print a[i] " " i } }' | sort -rn | head:

104 vi
93 ls
76 cd
33 javac
27 apt-get
21 java
15 su
11 less
10 rm
8 tar

(This is essentially a list of the ten commands I use the most in bash. Only from the last two weeks or so, since that’s when I reinstalled Debian, but it wouldn’t be that different if it were a year’s worth.)

After watching a few more videos by and about creationists on the YouTube, I realised that not only do I have more computing power at my fingertips than most scientists in history could ever have dreamed of and a greater-than-average ability to use said power, I also have a neat, educational, and easily implemented project to use it for.

Perhaps you remember the weasel program, but in case you don’t, here’s how my implementation worked:
The user enters a string consisting of characters from a certain pool (in our case, just capital letters and spaces). The program generates a random string of character from that pool, of the same length as the string the user entered. Every “generation”, the program takes one character in that string at random, and replaces it with another random character from the pool; it then compares the new string to the string the user entered, and compares the old string as well, and discards the string that’s least like the user’s target string. It continues until its own initially random string matches the users own.

It’s a very simplistic example of Darwinian evolution, and while the point of it can be missed by people aiming to miss it, it demonstrates the power of evolution quite well.

Of course, casually running the program, seeing the number, and nodding absent-mindedly before forgetting all about it is no way to treat a nice algorithm, so I decided to drive the point home by modifying it a bit.

I decided to do a series of tests with successively longer strings (starting with one character, working up to fifty), and record how long it took on average to get from the random starting string to the target string (which is now just a series of As; I hope you realise why this doesn’t matter). The pool of characters was brought down from 27 possible characters to 10, to speed up execution times¹, and each test was then run five thousand times, to get rid of statistical artifacts.
The results were then plotted on a graph:

The X axis is the length of the string. The Y axis is the number of generations it took to get from a random starting string to the target. The blue line is the results my program found. The red line is how long you’d expect to take on average if you just rerolled the string entirely, which is how most creationists seem to think evolution works.
For a string of length 50 this number is (10⁵⁰)/2, so forgive me for cutting it off the graph pretty early on.

There are some odd spikes the large sample size should have gotten rid of, which I blame on java.util.Random crapping out², but the trend is pretty clear all the same. (Edit: yeah, the problem was indeed that, and specifically how Java caches things in ways that breaks seeding random number generators. I fixed the issue as best I could and ran the program again; the results are here, and the spikes are indeed gone.)
It took about half an hour to run on my laptop, and the results are even clearer than I expected. Rather than the exponential growth in the number of generations needed so many creationists “predict”, there’s a linear one, which is much healthier.

You can debate how directly this applies to real-life evolution, since organisms tend to have genomes rather larger than fifty base pairs (though their pool of characters is only four, not ten), but they also tend to have more than one kid, and evolution is a trend over an entire population, not just one lineage, and they tend to have more than one mutation per generation (not to mention a bunch of other ways to stir things up, like chromosomal crossover), and sexual reproduction makes a whole new mess of everything.
The point, though, is to show the power of the Darwinian process; specifically, that it’s not just random chance, but something much, much more powerful.

Of course, people can show you all kinds of graphs and give you all kinds of programs to run, but it’s much more satisfying if you do it yourself and understand what you’re doing.
So I’m not going to post my code. Do it yourself. You have the algorithm (and if you think it sucked, improve on it (and post in the comments)), write your own code. It’s simple enough, it’s fun, and it’s quite gratifying.

¹ I also made a multi-threaded version of the program which works with a pool of fifty characters and goes up to string lengths of 500, and it’s been running on my reasonably pathetic cluster for the past two hours. I expect it to finish in a few weeks, unless the fans give out again and the entire cluster shuts down.

² ENTERPRISE TURKEY SOLUTIONS

Judging from this network traffic, it took my dad seventeen days to make his new computer part of a botnet. Unless Windows has this new feature where it saturates the network with encrypted SMTP traffic when it’s idle.

Good thing it’s only a virtual machine.

A while ago I got tired of messing with ndiswrapper to get my wireless internets to work, so I switched from Debian back to Ubanto Ubuntu, because despite everything else, the restricted drivers manager is pretty nice. Today a new edition of Ubuntu came out (8.04, Hardy Heron), and while these new editions tend to add needed features (for instance, in 7.04, the restricted drivers manager couldn’t deal with my video card; 7.10 fixed that), each new edition also seems to go out of its way to break things in creative ways, and packs on tons of bloat, so I was rather wary of upgrading.
And rightly so, it turns out.

For one thing, my wireless stopped working again. No idea why. My video card driver (also non-free) still worked, though.
Then I noticed Firefox was much slower, and the standard buttons were more Web 2.0, and the address bar was completely useless for entering URLs, and all of my buttons in the status bar were missing: for some reason, Hardy Heron comes with Firefox 3.0b5, which broke all of my installed extensions (to wit: Flashblock, Live HTTP Headers, Long Titles, NoScript, QuickJava, TorButton, Web Developer; AdBlock Plus claimed to still work, but didn’t).
And suddenly half the websites I frequent looked like ass, either because of Firefox 30b5’s default settings or because Hardy Heron decided to randomly drop some fonts.
And it seems my screen’s brightness was stuck on maximum, with no way to adjust it. I’ve never been able to adjust it under Ubuntu (though Debian deals with it just fine), but it used to be stuck on a much lower brightness, which was suitable for both dark bedrooms and dusty classrooms. Maximum brightness just gives me a headache and drains my battery.

So I reinstalled Debian. The wireless doesn’t work there either, but at least it doesn’t take three minutes to boot (seriously, three minutes; 7.04 went from power-on to fully running in fifteen seconds flat).
Hardy Heron might be marginally alright for desktops, but for laptops it’s once again worthless. Which sucks, because now I have to find a different distro to advise newbies to use, and PCLinuxOS is a stupid, stupid name.

People need to stop fucking with my cats.

A while ago I mentioned we had cats now. What actually happened was that my neighbors had cats (two of them), but their kids abused them and they couldn’t be bothered to house-train them so they spent most of their time in our backyard and, eventually, inside our house. Eventually my neighbors noticed and the guy just gave us the paperwork and told us we could have them.
Then, a few months ago, the wife moved out and took the kids, and the kids took our fucking cats. The neighbor wouldn’t tell us where they went (and possibly didn’t know himself), and it didn’t seem worth the hassle of a lawsuit, so we eventually let it go.

We thought that was the end of it, until my sister noticed this.
“Belleke” (we called her Walter, which is a rather more dignified name, I think) was left at the animal shelter because she “didn’t get along with the other cat of the house” (whom we called Evarist; I think they called her Mousti), which is obviously bullshit.
That’s just rude. It’s not like they don’t have our phone number.

We’re seeing about getting her back tomorrow. And after that people seriously need to stop fucking with my cat.

Update: It’s a different cat, people. My sister is blind.

In case you’re one of the three remaining peope who doesn’t know what Tor is, it’s basically an anonymising proxy on steroids.
Any request you make over a network (say, to retrieve a web page to display in your browser) is sent to a random node in the network, which then passes it on to the next node, which passes it on to the next node, and so on, until it finally reaches its destination. Each node only knows about the previous and the next node in the chain, so it becomes impossible to trace who made the original request.

Everything’s encrypted except for the final step between the last node and the webserver (for example), so some care should be taken when entering passwords and things, as a malicious exit node can intercept those if you don’t use things like TLS or other end-to-end encryption.
This is, of course, just as much of a risk on the internet in general (and one too many people aren’t aware of, too).

It’s pretty slow, since far more people are running clients than nodes (I’ll be setting up a node myself as soon as my ISP stops sucking; I’m giving it another week), but it’s not meant for general browsing (and certainly not filesharing) anyway; there’s a plug-in for Firefox that lets you turn it on briefly when you need it, and disable it when you don’t.

As with all privacy-preserving tools, genuinely undesirable activity is an issue (see picture), but the potential for good is considerable. While it may seem paranoid in (much of) the West (though maybe not even), much of China, for instance, depends on tools like these.
And you never know, you may need it yourself one day, and it’s better to become acquainted with it now than when it’s too late.

Get it here, if you don’t have it already. You don’t have to run a node (you can just set up the client (complete instructions for configuring Firefox to use it are there)), but if you can, please do. People depend on it.

So my dad had dinner with his cousin on Tuesday, and they talked about computers at one point. It turns out said cousin’s father (my great-uncle Joseph, the brother of my late grandmother) had similar issues, and so they brought over their machine, with the message that if I could just retrieve (some of) their data, I could have it.
Who says having to play tech support to your entire family is necessarily a bad thing?

Turns out the HD was fine, but the motherboard is fried, and as it turns out, the motherboard is the only remaining usable part left in my dad’s computer after I scavenged it for parts.
The machine’s exactly ten years old (333 MHz CPU, 32 MB RAM, 56 kbps modem, &c.) and running Windows 95, but with some extra RAM (and maybe an ethernet card) it should be a neat toy. And unlike my grandfather’s iMac, it’s an x86 processor, so I should be able to install Plan 9, which I’ve been meaning to play around with forever (I know there’s a PowerPC port, but it has some issues).
Now I just need to find a blank CD-ROM, because obviously it doesn’t have a DVD drive.

Not bad for half an hour of work, at least (fully twenty-five minutes of which were spent just trying to get the case open; Packard Bell is twattery).

I need a hobby.

(Also this.)

My grandfather (not the dead one) came over for lunch for Easter, which was fun. He complained about foreign people and the fact people treat the elderly as if they’re children, but not about homosecksuals or socialists this time.

My mom invited him because my dad had invited my uncle over for lunch on Monday. He usually lives in Roeselare, so we don’t see a lot of him, but with the inheritance and everything he needed to go through some stuff with us.
We spent most of the afternoon looking through boxes upon boxes of ancient pictures.

There were a lot of pictures of the grandchildren, but most were actually from the ’50s and earlier. It turns out my grandmother was actually really hot when she was my age, which is something no grandchild should ever be confronted with.
And there was a batch of even older pictures, which is interesting. Most of those are over a century old and maybe some of the earliest examples of film photography (cities were prettier before overpopulation and the invention of the car), and there are a few odd framed ones I suspect of actually being daguerreotypes.
We went to order my dad’s new computer today, and we ordered a scanner while we were at it, so I’ll probably share a few of them soon. I hope I’ll be able to scan them without damaging them; they’ll probably be donated to some museum afterwards.

The rest of the afternoon was spent looking at the furniture in my grandparents’ apartment (the measuring of which my dad gave me 100 € for, which I spent on an external 120 GB HD today), guesstimating the values of various paintings (including a particularly ugly one by Pierre Paulus, who also designed the Walloon flag), and talking about family scandals.
Good times were had by all.

My uncle also invited me along to Montreal for a few weeks in the near future (we have family there which needs to be visited, apparently). I declined for obvious reasons.

Apparently my mom managed to hose my parents’ computer’s hard drive on Wednesday, and apparently passing all of my computer-related classes finally convinced them I know something about them, so I was charged with recovering their data, if possible.
The problem was that it would boot, but then halfway into loading Windows it would make a grinding noise and error out.

The first thing I tried was just to boot the Lunix from a live CD, but apparently the DVD drive had been broken for five or six years, and the CD-ROM drive they added below it (rather than replace the DVD drive, for whatever reason) wasn’t recognised by the BIOS at all.
So I tried a bootable USB stick, as the BIOS purported to support booting from USB devices, but apparently it was full of lies.
Since there was a separate option for booting from “USB CD-ROM”, I even brought down my eleven-year-old external CD-R drive, but no dice.

By then my dad managed to find a Windows 95 rescue floppy, which got me into DOS, but then I realised I don’t actually know a whole lot about DOS, and if there’s a way to manually mount drives it fails to, I couldn’t figure it out in under five minutes.
It did, however, confirm the floppy drive worked, so I proceeded to make a Damn Small Linux boot floppy (after spending twenty minutes looking for a floppy that wasn’t either full of what my dad considered to be important data or degraded beyond usability), which also failed in interesting ways.
By then it was midnight and I had a headache, so I gave up.

The next day, my dad decided he was going to buy a new computer regardless of what happened to the old one, so I just took out the hard drive and mounted it in my own deskop. I didn’t originally want to do that because I’d never fucked around with hardware before, but it was actually pretty straightforward (though I had to guess at the jumper settings; the drive was old enough that the company that made it had been bought out by a company which was subsequently bought out by Maxtor, which, as you know, was bought out by Seagate in early 2006; documentation was rather hard to find).
Nearly all of their data was still intact, so I made back-ups and proceeded to scavenge the rest of the computer for usable parts.

Slim pickings, though. It was seven or eight years old, though other than the HD and the DVD drive, it was in remarkably good condition.

I did get a new PSU out of it; my old one had been moderately broken for ages, and profoundly broken since last August (it refused to boot without considerable prodding for five to ten minutes, making noises like crap cars starting on cold mornings, which was actually rather funny; this is also why I got a laptop). It’s only 300 Watt compared to my old one’s 350, but that’s still rather more than my desktop actually uses.
I also added their RAM to my own, bringing the total to 768 MB (from 512; I’m not sure who decided that would be a proportionate amount of RAM for a 3.2 GHz CPU). The HD is legitimately shot, or I’d have kept that as well. Too noisy anyway.

What I really needed, though, is a new video card, but interestingly, there was none in my parents’ computer, even though they did pay for one, and they were given a box and manuals and everything.
My dad went to the store we got it today to see about prices for a new one and confronted them about this, and they told him the motherboard didn’t support video cards, and anyway the on-board graphics controller was more powerful than the dedicated €500 card they were supposed to get. When asked why they still charged for the card and gave us the box and manuals, they changed the subject.

Forgetting to plug in a card I can sort of understand. Lying about it when you’re confronted with it, though, just smells like fraud, especially considering the exact same thing apparently happened to my sister’s boyfriend (who did notice fairly quickly; as for why my parents didn’t notice until eight years later: presumably you have parents who own a computer; they could forget the monitor and it’d still be weeks before they’d complain).

As such, I am now also charged with finding a new computer-selling place. Since the options are fairly limited in Tienen itself, I’ll probably just ask around in Leuven.
Which will have to happen tomorrow, since Easter vacation starts next week. Wooh.

In unrelated news, there’s something considerably entertaining about randomly finding pictures of people you used to sort of know on websites dedicated to archiving pictures of camwhores. Themightytango is prettier with no clothes on.

In equally unrelated news, I am not a meme.

Nearly all cultures have historically used numeral systems in base-10 (that is, the decimal system) or some multiple thereof (Mayans used base-20, Babylonians base-60), supposedly because a human hand has ten fingers.¹ If that’s the case, the ancients suffered from a severe lack of imagination.
If you count on your fingers in base-1 (that is, the normal way), you can count to ten. However, there is a way you can get up to 1023 using just both of your hands.

How? Use binary, of course.

It’s actually really easy once you get used to it. If your finger is up, that bit is set. If it’s down, it’s not.
For example, the following are the numbers 0, 24, 17, and 31 (only one hand is shown, because it’s easier; 31 is the highest you can go on one hand, obviously).²

Counting on your fingers in binary is a skill well worth picking up, especially if you intend to use computers more often than never, but also just because.
You can even count with negative numbers, if you use two’s complement or similar.

It might be harder to expand this to also use your toes, but every toe you add doubles your range of numbers (you can count up to 2ⁿ - 1, where n is the number of digits; including 0, that means you can represent 2ⁿ numbers), so you probably wouldn’t need all of them. If you’re counting up to 1,048,575 (or 2,097,151 if you’re a guy, hurr), you’re better off grabbing a calculator anyway.

¹ The Native American Yuki tribe actually used a base-4 system, because they counted the spaces between the fingers of one hand, which is interesting. Some Nigerian tribes use a duodecimal system (that is, base-12), because they are mutants.
(Actually, base-12 exists in a lot of places, mostly in the Imperial system of measurement (twelve rods to a hogshead, and all), and in various forms in time-keeping (twelve zodiac signs, twelve hours on the clock).)

² These hand pictures are actually repurposed from a chart detailing some variety of sign language.

This video may just make up for the past seven years of bullshit.

(Via Bruce Schneier.)

There’s something profoundly frightening about the type of person who takes a story about all life on Earth (except for a violent drunk and his dysfunctional family and the handful of critters they take with them on their boat) drowning in a catastrophical global flood brought on by a spiteful god, and tells it to his children as a happy story about happy animals and a loving God and his promise of a pretty, pretty rainbow to a happy Noah and his happy, happy family.

Or who tells stories about their god turning rivers to blood, inflicting disease on livestock and unhealable boils on people, bringing plagues of frogs, lice, flies, and locusts, bringing down a rain of fire, and killing all of a nation’s first-born, while maintaining that said god is “Love and Mercy”.

Or who takes the message that all unbelievers should be shunned and hated and will burn in Hell for all eternity, and by the way so will believers unless they’re really, really good, but that’s impossible since we’re all filthy, sinful wastes of flesh, and calls it Good News.

But no, religion is not a mental illness, and suggesting it is is hyperbole and we’re all big meanies for doing it.

(Based on this comment, which also makes a good point with regards to abstinence-only education. And if you think Christianity is the only religion this applies to, or this is the worst of it, you’re deluding yourself.)

There’s this sentiment, primarily in the US, that civilians owning guns is a good thing because it keeps their government afraid of them. This is mostly repeated by the idiots at the NRA, but also by people who are supposed to know better (such as Penn and Teller in their Bullshit! episode on gun control), so it bears addressing.

There are two things fundamentally retarded about the statement. The first is that the government should be afraid of the populace.
This meme is surprisingly popular in the US, but almost unheard of outside it, at least in the Western world, and with good reason. The idea that the government is the enemy in a democratic society is mind-boggling. Protip: the government isn’t the enemy of the people. It is the people.

Unfortunately, it’s become a self-fulfilling prophecy in the US, which, of course, has only helped the popularity of the meme.
I don’t think it’s a reversible trend for as long as a significant portion of the voting population keeps believing it can’t be any other way, though. The American populace doesn’t seem to have a clue what a democratic society is anymore (if they ever did), and wide-spread apathy creates fun vicious cycles.

Anyway. The second flawed assumption here is that an armed populace scares the government.
This is just a schoolboy fantasy that sadly carried over into adulthood, and its considerably more harmful than you might think.

What are you going to do when the police knock on your door, with or without a warrant? Refuse them entry? They’ll break down your door, regardless of whether you’re armed. Are you going to open fire? That’s a great way to get yourself (and your family) killed rather than detained for a bit. Yeah, you may take one or two of them down with you. I’m sure the families of the victims will appreciate that as well. At “best”, this mentality leads to situations like Waco.

Or maybe you’d like to organise an armed revolution? Get a few of your buddies together and burn down city hall? Depending on the city and the number of buddies you can gather, you may succeed, until they call in the military.
Most people seem to forget half the global military expenditure is the US’s, and despite efforts to cripple science on all fronts, they still have the most advanced army on the planet. Iraq may tie up a lot of resources, but you can be pretty sure they’ll be able to scrounge up enough firepower to take out your little insurgency.

Or maybe you think a nation-wide revolution is on the table? Surely even the US military wouldn’t be able to counter that!
If you really think you can organise that many people, why not just vote? The US is still nominally a democracy, despite your best efforts, and while vote fraud can fudge the numbers a bit (and has in the past), you don’t just disappear the opinion of, say, two hundred million people.

But no, what this basically boils down to is puerile schoolboy fancy. Surprisingly, though, owning big guns does not give you a bigger penis, it just advertises your insecurity to the rest of the world.
If there are good arguments against gun control (and I haven’t seen any yet, except possibly to defend against a zombie plague, and everyone knows only shotguns work for that), this is very much not one of them. Grow the fuck up.

So I probably should too.
This video describes a simple but effective attack again whole disk encryption and similar cryptosystems, based on the fact that, contrary to popular belief, modern DRAM retains its data for some time after power is cut, and the encryption key is stored in said DRAM.

There’s some more information in the full paper.

There are some obvious ways to defend against this as a user. One is to not leave your computer unattended while you’re logged in, or for several minutes after you’ve logged out and powered down.
The former should be obvious, but isn’t, and BitLocker’s thing that lets you boot straight to log-in makes it less than straightforward. Though if you use Vista, chances are you’re only doing the encryption thing because your boss made you anyway, and you don’t care about security or privacy.
Basically, if you aren’t typing the encryption password as well as your account password every time you boot, you have a problem.

It shouldn’t be too difficult to have the OS or some hardware device clear the entire RAM (or just a given area of it) as soon as a power failure is detected (it can keep running for a few milliseconds after the PSU sends the power failure signal, which is still a few thousand clock cycles), but that would be just as easy to get around, so it’s not worth the effort.

Another option is to just not store the key in RAM, but in a CPU register or the cache or something. I’m not sure how long their retain their information, but presumably it’s not nearly as long; possibly short enough to prevent this attack.
Of course, keeping something in the cache or the registers all the time isn’t something most OSes will play nice with, so that will require some OS-level retooling, and encryption keys tend to be comparatively large (128 to 256 bits may not seem like a lot, but a CPU register is 32 or 64 bits wide nowadays, and there aren’t that many of them), so that’s only going to increase the performance hit of whole disk encryption (which isn’t as big as people expect, but big enough that you don’t want to increase it).

The easiest thing is just to keep people away from your precious RAMs.

When stories like this break, which they do every few months, weeks, or days, depending on which corner of the internets you live in, it’s important to wonder not just why this particular product was crap (I’m guessing a severe case of NIH), but also why there are so many crap security products on the market in the first place.
The answer isn’t just that it’s hard to develop good security products; it is (and it’s complicated by Schneier’s Law), but that doesn’t explain how many of these crap products are actually quite popular.
At least part of the answer is in the concept of a lemon market.

George Akerlof famously discussed this in his 1970 paper The Market for Lemons: Quality Uncertainty and the Market Mechanism, and Bruce Schneier himself has been mentioning it in his talks for some time now, but since few people can be bothered to read an entire paper on economics or listen to hour-long talks, I thought I’d sum it up.

The example Akerlof used was of the used car market. Suppose that there are crappy used cars (”lemons”) worth $2,000, high-quality used cars worth $6,000, and everything in between, and that the buyer cannot reliably tell the difference between them before buying them.
Naturely, crappy cars will be worth less than high-quality cars, but the buyer, not being able to distinguish between them (price is not a reliable indicator, since car salesmen aren’t known for their honesty), will generally only be willing to pay what an average car is worth (in our simplified example, $4,000, say). This will be the equilibrium price for used cars in this market.

However, there’s a problem. The user car salesmen can accurately assess the value of the cars they sell, and they know very well that the high-quality cars are worth more than $4,000, so they won’t sell them at that price. However, the buyer, not having a way to distinguish overpriced crap cars from correctly priced good cars, won’t buy them at the higher price.
The result is that the high-quality cars don’t sell, and are driven out of the market by lower-quality cars.

The basic criterion that makes a lemon market possible is information asymmetry. That is, sellers are aware which of their products are crap, but buyers cannot accurately determine a product’s value before buying it.
I’m sure you can see how this applies to many other markets, not just security. Operating systems comes to mind. So does the MP3 player market.

This is one of the points where the free market breaks down. For the free market to work, it is required that consumers are informed. In practice, they very rarely are.

So how do you solve this?

One of the ways to do it is through government regulation. Laws against false advertising exist in many countries, and you can regulate the quality of many products directly.
While this is certainly part of the answer, there are other ways.

Another way, which may not work for all markets, is through warranties and guarantees offered by the seller. A car salesman can offer to let the customer use the car for a while, and if he doesn’t like it, he can bring it back and get his money back.
This is trickier to do in the security business, since most people aren’t in any position to evaluate the quality of the product even after getting to use it for quite a while (really, you generally don’t notice when your firewall protects you; you only notice when it fails to, and that might not happen for months, or even years), and things like penetration tests are expensive. It does work for some products, though.
These warranties can also be enforced through government regulation.

What probably works best in the security market is public quality assurances.
While individual buyers can’t really assess the quality of their products even after buying them, security researchers certainly can. The buyer could then rely on reviews by these researches to assess the quality (or lack thereof) of a product. Quality labels are already used in many industries, and are basically a quicker form of the same thing.
Of course, this isn’t a perfect system. Unscrupulous companies could buy good reviews from unscrupulous researchers or computer magazines (which is something that happened a lot in the firewall market of the ’90s, which is one of Schneier’s favorite examples), seriously confusing market signals. Then it’s up to the publication to establish them as reliable, probably in much the same way as the security products.

There is no silver bullet.
Educating users would at least weed out the obviously retarded products, and would increase security across the board even with mediocre products, but most users just aren’t very interested (which would be fine by me, if it was only themselves they’re harming; however, as botnets prove, it very obviously isn’t), and snake oil products will always be around either way.
It seems the only thing to do is to pay attention to security researchers, and to sue people who make crap products into oblivion, forever.

So apparently I own an iMac now.
I didn’t spend any money on it, obviously; I inherited it from my grandfather, who was given it by my uncle for his fiftieth wedding anniversary six or seven years ago. I think if you’re going to get a Mac, it should involve death in some capacity.

It’s a G3, but a relatively late model, so it’s still almost usable; 450 MHz CPU, 128 MB RAM, 20 GB HD, DVD drive.
It also came with Mac OS 9.1, which is painful. I was initially going to dualboot with a real OS, but Mac OS turned out to be too impossible to use to keep, so I just wiped the whole thing and installed Debian.

I just realised this was actually the first time I installed Debian; I’d used it before, and I’ve installed other Linux distributions (Ubuntu on my laptop, Fedora and Gentoo on my desktop), but never Debian itself.
The installer is straightforward to use, though obviously it lacks Ubuntu’s shiny buttons, so it’s “too difficult for the average user”. What surprised me, though, is that it supports encrypted partitions at install-time (it has for a while now, I just haven’t used it in so long I didn’t know).

I doubt my mom, who wants to use that computer for random typings, is going to appreciate having to blindly enter a 40ish-letter passphrase (in English) every time it boots, but whatever. Encryption is shiny.

(Incidentally, my low opinion of Apple products has only been reinforced by this iMac. The G3 form factor makes it impossible to cool adequately, so it smells vaguely like burning plastic most of the time (though it hasn’t started smoking yet), and the input devices it came with are fucktarded.
The keyboard I can deal with, though I question the placement of the ⌘ keys, the labelling of the Home, End, Page Up, and Page Down keys (which just have cryptic arrows on them), and the replacement of those three keys at the top by F13 through F15 (because we really need more F keys; not that the ones that were there originally saw much use, though (except Print-Screen)).
The mouse, though, is actively user-hostile: no right-click (Ctrl + click isn’t a valid alternative), no scrollwheel (and the fact that it’s seven years old is no excuse), literally painful to use for any length of time because of its shape, and it cost $59 new. Oh, but you can adjust the intensity of the light!
Jesus fucking Christ. Good thing I have plenty of USB back-up mice.)

I’ve complained about my “college” before (though not nearly as much as they deserve), but this time they’ve outdone themselves.
Our department is moving to a new building this semester, for reasons I’m not entirely clear on (I’d think it’s because the old building is falling apart, but apparently the KUL (that is, the parent university) is kicking them out because they want to use it themselves; or so I’ve been told), so they’ve been building said building for forever now.
Today, the first day of the semester, we were expected to gather at the old building for one last time, and then we’d all walk to the new building (despite the fact that it’s quite literally on the other side of the city). The direct route would’ve taken us about twenty minutes, but we took a ridiculously circuitous one so as not to interfere with bus traffic, so it ended up taking well over an hour.

The new building itself, though. Holy fuck, it should be legal to shoot architects that crap.

It very obviously isn’t finished, first of all. By what I’ve seen, it needs at least another two months of work, though I admit I haven’t seen a lot, since the ventilation was out (and natural ventilation or windows that fucking open were apparently beyond them), and there wasn’t nearly enough oxygen to sustain all of us. I think some of the girls actually fainted.
None of the toilets work, many of the doors still need to be installed (though a lot of places that really need doors won’t get any, because heaven forbid students could have a quiet place to study that’s more modern), there’s concrete dust everywhere (though a lot of the walls are painted to give an indication of what floor you’re on (the bottom three are blood red (which is very conducive to avoiding school shootings, really), another one’s orange, and the top one is green, IIRC), which I’m pretty sure will have to be redone soon), and it would surprise me very much if any of the computer labs had actual computers in them.
We were all crammed into one of the “polyvalent” rooms for a welcoming speech, and when the person giving it (I still don’t know what it is she actually does) mentioned she was so relieved it was finally finished, the students (which I’m sure I’ve mentioned aren’t exactly known for their perceptiveness) burst into laughter and applauded. It’s that obviously unfinished.

But even if it were finished, the building is just complete and utter crap.
One of the reasons they gave us for the move is that the new building is much bigger (which is also why they’re cramming another department in there as well). As it turns out, they didn’t mean it has more rooms; in fact, it has fewer computer labs than the old one (which certainly didn’t have an excess of them).
It does, however, have much higher ceilings, which ruin the acoustics to the point where they had to install microphones in each room (though they don’t, obviously, work yet). It also has a lot more corridors and dead space, including a rather large (but inaccessible, and godawfully ugly) courtyard. Well, not so much courtyard as courtsteelgrid.

The adequate if not excessive parking space available behind the old building has been replaced with an underground bicycle dungeon (which requires student ID to enter, much like the building itself; they should have spent the money they wasted on that on a better architect). Cars and motorbikes are expected to rent parking space from the nearby hospital.
You can’t fucking make this stuff up.

And then there are the entertaining little details.
The various stairs, which consist of fuck-off big slabs of concrete stacked roughly on top of each other, vibrate visibly when people walk on them. The concrete slabs that are trying to pass as walls and floors are already cracked in places. The bike dungeon is very obviously going to flood at the first sign of rain, and the path down to it is slippery as fuck even when it’s dry.
And of course, the whole building is a giant fucking Faraday cage, so cell phone reception is non-existent. Which means that if you forget your student ID, you can’t even call someone inside to let you in.
And going back home to retrieve it is non-trivial, since it’s in the middle of fucking nowhere, unlike the old building, which was within walking distance of everything.

I was planning to move to Leuven next semester so it wouldn’t take a fucking hour to get to class every day, but that appears to be pointless, as the closest residential area is still way too far away to bother. It looks like I’m going to have to take the train to Leuven every day (which I already did), and then the bus from the train station to aforementioned hospital.

Expert fucking planning, KHL.
Maybe the next building could be designed by four-year-olds, and built on the fucking moon.