Slashdot Mirror
Whit Diffie Comments On .NET security
An Anonymous Coward writes: "Whit Diffie and Susan Landu (both of Sun Microsystems) comment on why .NET is a bad idea and is in many ways in conflict with the US political struture and ideals." This is a good read, but of course Sun has their own plans and motivations in this field.
In spite of the blatant vested interest of Sun, the piece is a studied and accurate indictment of the .Net initiative.
I would still like to see something like this come from someplace like Gartner as well, however.
this is getting old and so are you
blog
Why one propietary language should be used over another ... kind of misses the point. I say they're both bad due to being closed and propietary.
Use my userscript to add story images to Slashdot. There's no going back.
People from Sun think .NET is a bad idea? Really?
Seriously, why even bother posting this?
"This is a good read, but of course Sun has their own plans and motivations in this field. "
We yes... not exactly an independent observer.
Cruise TT
Sometimes I wonder what we'd all think of Sun if they were in the dominant position that Microsoft is currently in.
Even more interesting, I wonder how they would treat their competitors (and competitors ideas). It would be a different Sun, that's for sure.
-- yawn. --
MS seems to be pushing this ".NET" thing very hard, but it seems like it's just vaporware, a name for whatever the "latest and greatest" from MS is. However, they seem to be up to something with XP and Passport, but I don't think it's going to go very far, because developers aren't going to spend the time to make something for this market share, because from the looks of it, XP isn't topping the sales charts.
We thought of it first and they shouldn't be allowed to do it and we came up with the whole idea of .Net and they ripped us off and we're suing!
I think Steeler's Wheel said it best when they sung "Stuck In The Middle With You"... as, in a way, we're stuck in the middle with Sun.
Microsoft and Congress are surrounding us, working either with monopoly power or governmental force, and, though nothing truly bad bas happened yet, it's only a matter of time.
This strange coalition isn't good for everyone though, and Sun is aware of that. At this point we (the Open Source People) should indeed be cautious of Sun, but not overly so. They have good reason to be with us on this, and we shouldn't be so quick to dismiss them
Not that we should worship them either... once we beat down Passport they'll probably come up with their own worse version.
But for now... hell... they're anti-passport, and right now that's all that matters...
Sun used to put the dot in .COM .... What does Microsoft put in .NET?
Oh my God! This may actually be the most hypocritical "footnote" added to any story posted on Slashdot. I'm sure that the relentless, jealousy induced harping on Microsoft around this place has no alterior motives and that you guys are nothing but philanthropists, unlike big (and thus bad) Sun.
Pretty sad, Slashbots.
The fact that Microsoft software and consequently it's databases can be cracked is not the issue. The issue is that Microsoft is controlling the database itself. The whole is greater than the sum of its parts in this case. The sheer political will that can be wielded by Microsoft as enabled by a universal database is frightening.
At what point do the privacy activists have to take up guns (real or virtual) to stop this shit?
Whit is one of the original Cypherpunks; and a man who would happily tell his 'boss' Scott McNelly where to sitck his Java national ID card.
The .NET initiative is a stupid idea. Just because it's in Sun's interest to point this out does not make it any less daft.
[Insert the usual disclaimer here]
Great, two tech companies duke it out to provide the infrastructure to Internet services. We can either get worked by Sun, at least that will be Unix based. Or Micro$oft and we'll just get worked. With the latest developments of XP's release (the beast is loose, the 7 seals have been broken!!) it seems M$ will be able to readily herd the masses of tech incompetent into Passport and .Net services.
/.ers are a lot of early adopters, but do we spend enough cash to make it work? Hope so.
I just hope that MONO can save our souls and our bank accounts. Free open-source services can only succeed with a large enough base of users to dictate to the businesses that will provide the services. I know we spend teh money on tech stuff and
How will this really be any different than a mega-corp credit buearau like EquiFax? Not only do they have your credit card numbers, but also your SS#, and your financial life history! Granted, there are more than one credit reporting firm....but they aren't really decentralized, are they?
They really aren't criticizing .NET languages, software, or architecture. Microsoft is positioning it's passport system to collect phenomenal amounts of information about people without their knowledge. Hence, the attack on privacy.
fnord.
He's not "just a Sun employee" with a chip on his shoulder, he is a giant in his field. Give the guy the respect he deserves.
No, Thursday's out. How about never - is never good for you?
The commentary is just a rundown on the Worst Case Scenario. MS takes over the internet, keeps all your personal data on an (in)secure IIS server, and one next day three billion dollars are charged on your credit cards, your SSN is erased, your parents forget who you are, all your teeth fall out, your dog runs away, your truck breaks down...
(cue evil hacker, chortling with glee)
I don't think it will ever go THAT far. However, in light of recent "worst case scenarios" which have proven only too possible, I doubt a healthy dose of paranoia is entirely a bad idea...
of MS seems pretty obvious. Hopefully the public will discern a ploy as well.. but I think your average computer user will not be interested in their 'vision'. If what they currently use, works, that will keep them away. It's a bad economy so people are going to be less likely to grab at such tenuous upgades as XP and .Net.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Huh? Not. Sun has been completely open about every aspect of java; you can right now go and download the source for the jvms, the spec of the jvms, the source of J2EE and all the other layers of libraries... whereas Microshaft is only releasing the source to about 10% of their libraries. The main reason sun hasn't ushered java through the standards committee is because Micro$oft has too much influence over the process, and would doubtless try to warp java into something other than "the right thing".
- First they ignore you, then they laugh at you, then ???, then profit.
I know that America isn't very fond of free speech and democracy (ok, they say they are, but frankly it is one of the single most homogenous and confirmist countries in the world), but attacking MS because they 'don't confirm to American ideals' is frankly absurd.
The article also says:
If history has shown us anything, it's that the best protection lies in decentralizing power and promoting competition.
Eh? Why were all the most successful Empires centrally controlled? Was the Roman Empire decentralised? Sure, they had some degree of devolution, but Rome was still the boss. The best economies have always been centrally and state controlled. For example, the USSR's economy increased 900% from a feudal economy in 1918 to a modern industrial state by 1928, under a communist regime. The US itself has put the economy under state control in wartime - the biggest growth period being WWII, which dragged america out of the depression.
Also:
For more than two centuries Americans have prided themselves on protecting their freedom by limiting the concentration of power.
This is completely fallacious. The history of the US is a hostory of power centralisation in the hands of federal government. The states have been emasculated, and now the same is happening in the EU wrt the nation states of Europe. America isn't about independant thought, democracy or devolved power at all - it is about centralised government control, confirmist attitudes (what other country would invent phrases like 'Anti-American' and 'The American Way' in the first place? I mean WTF?) and a lack of democracy thanks to having no real options in the democratic process.
Lies like this article should be combatted by radical politics, IMHO. Agitate!
? . . ! ! !
Despite Sun's shady dealings and anti-competitive practices, this really isn't the time for an ad hominem attack. The piece presented is very well written, and outlines the dangers of Microsoft's .NET quite thoroughly.
.NET were to become a reality, it would be mandatory to have an entry in the Passport and Wallet databases. I have some serious issues in letting a consumer-driven company have not access to all of my personal and financial information, but complete autonomy in using it -- the EULA for Passport reads much like the standard Microsoft EULA -- e.g., Microsoft owns all of the information you put into it.
My chief worry is that if
The point about Microsoft's securty track record is also quite valid; I know I will never trust my credit card numbers to a company that can't even keep internal email, well, internal.
--
I Hit the Karma Cap, and All I Got Was This Lousy
Comment removed based on user account deletion
Initially, I thought .Net was going to be a bunch of online services, but it seems to just be the marketing buzzword.
.Net plastered on the Hotmail site. So is Hotmail a part of .Net, or is .Net part of Hotmail? Is .Net a bunch of new APIs, like ADO.NET? What makes them different than the old APIs then? Is it just an ambiguous term right now so it looks like MS is creating something truly new?
They're slapping it onto the end of everything they own though. They have
There is much in .Net that should prove useful, particuarly with several Open Source implementations of the .Net API in the works (Microsoft even seems to be supporting these). Ultimately it will be possible to run the same software on Linux and Windows without modification - and that benefits all. The real problem is with Passport and the other efforts at centralization. Unfortunately some centralization will always be required for this type of thing, be it Visa, Microsoft, or Paypal. There may be ways to decentralize it, but it would be much more difficult and expensive to do that, which is why M$ has probably not taken that route.
is that while it has merit, it tries to make ".NET" a giant monolith thing.
.NET initiative, but a more interesting technical piece is the Web Services piece that uses UDDI/WSDL/SOAP.
.NET is going to be the other big player along side Java. Could it be that Sun would like to purposely indict all of .NET by using the most controversial piece of .NET to criticize it?
Its not.
The Passport portion is the most controversial part of the
Frankly,
I think its the equivalent of smearing Java by claiming Sun won't release it to an ISO standards body.
Its true, its just not a complete picture of what's going on.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Argument appears to be we can't trust any one single entity to database all of our data especially if it is run by an outfit with an unsecure desktop OS.
Of course the implication is that Sun can do it better and keep our data secure, and we should go out and put Sparc's on our desks so we will have secure desktops.
Just remember not to write down your password.
http://www.sun.com/research/people/slandau/
FUD, noun, from "Fear, Uncertainty, Doubt", a word coined by Apple supporters to describe a strategy used by the company's critics to spread misinformation intended to scare potential customers away from the company.
First of all, these people don't seem to understand the difference between the .NET development platform, and the authentication service. Quite frankly, I think they DO know the distinction, and that they don't make it is indicative that this more misinformation from Sun.
But I love some of the other quotes...
Since all users of Microsoft's free Hotmail service have Passports, many unknowingly, there are already 160 million Passport users.
I love the use of "unknowingly" here, as if it makes a difference whether you are in one Microsoft database or another Microsoft database. Let's spread that fear!! First of all, that's not 160 million unique users. I would be shocked if 25% of those were active users. It's probably much lower. Second of all, you need hardly any personal information to get a Hotmail account, so most of that information is not that useful.
There are tons of other crap in that post, but I'm bored with Sun's crap already. It's just more of the same.
This is why I far prefer Microsoft holding power over the other monopoly wannabees Sun and Oracle. At least Microsoft doesn't play games. They tell you exactly what they want to do.
Sometimes it's best to just let stupid people be stupid.
If only we could boil it down to a 30-second Tom Brokhaw comment and still convey the clarity of Diffie's message.
My off topic comments aside, I did enjoy the way passport/hailstorm are likened to the corporate monopolies of the late 19th and early 20th century.
Cheers,
- RLJ
Recently I attended a presentation from Sun Microsystems, which among other things, covered SunOne and Project Liberty. These parts of the presentation probably weren't NDA (the SunOne might have been... so I won't go into too much detail about it).
.Net My Services (or whatever name it is going by... Hailstorm, etc), Microsoft would be the holder of the directory, and therefore, in a position of extreme power.
.Net/Hailstorm's potentials for incremental billing of 'computer services' and privacy issues have got me a bit concerned. And I'm not a privacy freak.
Basically, SunOne looks at things from the point of the individual corporation. It is an interesting way to align IT assets to face (and view) customers, vendors, equipment, etc. It has quite a number of layers, but uses open protocols all the way. Very interesting. The only downside I could see is that it would be difficult for a large company to implement because of the scope of changes that would be necessary.
Project Liberty, in their presentation to us as a business, still stressed the important of privacy. What was the term they used? Something like a Federated... forgot... basically, a number of authorities on different things, with no one person holding all of the 'directory'. They said that in
I'd certainly like to hear a counter-view on both, but
My Mama always used to say..never to fuck a bitch from Sun..
it's impossible to verify if portions of this article were written by Whit DIffie therefore it is a hoax. nice try
I'm going to conduct a personal experiment in the coming years. I'm going to steadfastly refuse to ever log on to passport in any way, shape, or form. I'm betting that a reasonable number of web pages (not "services", thank you) will still be available to me. I assume that passport logins are - or will become - incestuously integrated into XP, so of course I won't touch that OS with a ten foot pole (among other reasons). If this ultimately means not surfing the web, I'm not ruling that out. If it means not working for a particular set of companies, I'm prepared; I'll even state contractually that as a condition of employing me I shall never log in to passport.
Perhaps I'll just eventually do the equivalent of a survivalist who lives in a mountain cave: form my own local community LAN and have that be as much contact as I have with the web. I want to see just how hard or easy staying completely passport free turns out to be.
Bring it on, Billy. Your rugged good looks haven't worked their magic on ME.
- First they ignore you, then they laugh at you, then ???, then profit.
Seems like this author is pretty good at it. True, Sun has it's own motivations, but this article seemed to say exactly what I've been thinking, and did so in a much more eloquent manner than I'm capable of. This comment in particular illustrates the exact problem with Microsoft .NET:
.NET would have if it were a monopoly, Microsoft just might position themselves to monopolize everything. Yes that is doomsday talk, but if you analyze the situation, it's really not that wild of an idea.
.NET members. Linux has the power to bring down the Microsoft OS monopoly. In my opinion this is a big motivation for the developmentof .NET. If .NET becomes a monopoly and there is no other way to make a purchase online, what kind of competition could bring it down?
Just as kings got to grant or deny royal charters to businesses, the Redmond giant, if successful, may be able to say who can do business on the Net and who can't.
In reality, that is what Microsoft is aiming for as they have already attained a similar situation with their operating system. They have also used their OS to leverage other monopolies and with the wide range of impact
It will be a sad day if retailers stop offering online purchases to those who aren't
~ now you know
Check the license. Look, but don't touch.
.NET the CLR and the core libraries are well specified and standardized, so all that is required is reimplementation, with very little reverse engineering (see MONO for proof).
So a distributable implementation of the "Open" Java "standard" would require complete reverse engineering and reimplementation; very similar to the WINE project (although to be more accurate, it would have to be WINE + a JIT compiling x86 emulator).
At least with
Did ya ever wonder why MONO has been progressing VERY quickly, while Kaffe, gcj, et all move much more slowly?
What commercial company wouldn't want everyone in the world buying their products and giving them money? For that matter, who here doesn't want linux on every computer in the world? Everyone thinks they have the right ideas and morals to control the world. Gates thinks he should control the software industry and get all the profits from it just as much as RMS thinks all software should be free. So who's right?
Outdoor digital photography, mostly in New Engl
Does anyone think this INCREASES security? This increases the complexity of the exposed interface by quite a bit. Instead of having code that handles GET and PUT requests, you now have arbitrary functions exposed.
Not only that but it's easy to create SOAP objects and "publish" them. Any monkey with a VB book can do it.
Microsoft can't even keep IIS secure. How in hell are they going secure gazoodles of
Did ya ever wonder why MONO has been progressing VERY quickly, while Kaffe, gcj, et all move much more slowly?
You mean besides the fact that Java sucks goat butt?
Sorry, but just another 'me too' post. I've always wondered what the hell Miguel et al. were doing in attempting to develop for this thing. It's like grasping at smoke. Every day, .NET is something new and different and wonderful.
Maybe Steve Jobs can pull off that kinda BS ('ooh, look, an MP3 player') but Bill? I dunno...
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Worm.Nimda, Nimda, Nimda.c, W32.Nimda.A@mm,
W32.Nimda.C@mm, W32/Minda@MM, W32/Nimda-C,
W32/Nimda.eml, W32/Nimda.htm, W32/Nimda@MM, Win32.Nimda.A@mm
W32.Allgro@mm , W32.Annoying.Worm , W32.Anset.Worm , W32.Badtrans.13312@mm , W32.Barum , W32.Blebla.worm , W32.BlueCode.Worm , W32.Dengue W32.Efortune.28672@mm , W32.Efortune.31384@mm , W32.FunLove.4099 , W32.Funlove.int , W32.FunnyFiles.Worm , W32.Gspot.Worm , W32.Heyya.Worm , W32.HIV W32.HLLO.Britney , W32.HLLP.Chlamydia W32.HLLP.Semisoft W32.HLLP.Soft6 W32.HLLP.Thembe , W32.HLLP.YAI W32.HLLW.Bymer W32.HLLW.Qaz.A W32.Hyd@mm , W32.Idele W32.Kiray@mm , W32.Kriz W32.Liong , W32.LXD.Mirc W32.Magistr.24876@mm (Symantec) W32.Magistr.39921@mm , W32.Matcher , W32.Mineup.Worm , W32.Modnar.Worm@mm , W32.MsWorld@mm , W32.Naked@MM , W32.Naver.Worm@mm , W32.Navidad W32.Navidad.16896 W32.NewApt.C.Worm W32.NewApt.C2.Worm W32.NewApt.worm W32.NewApt.Worm.d W32.Nimda.A@mm , W32.Nimda.C@mm , W32.Passion.27648 W32.Peelf.2132 , W32.Pokemon.Worm W32.Prolin W32.Qint@mm , W32.Redesi@mm , W32.Sircam.Worm@mm , W32.Stator@mm , W32.Tetris.Worm W32.Toal.A@mm , W32.Unce@mm , W32.Urgent.Worm@mm W32.Video.25600.Worm W32.Vote.A@mm , W32.Vote.B@mm , W32.XTC.Worm W32/Admin W32/Allgro-A (Sophos) W32/Anset@MM W32/AntiQFX-A (Sophos) W32/Antiqfx.worm W32/Antset (Panda) W32/Apology W32/Apology-B W32/Apost-A W32/APost@MM W32/ASpam W32/Atirus@MM W32/Avupd.ow.b@M W32/AX.SerialThief.Trojan (Norman) W32/Babypic@MM W32/BadAss.worm W32/Badtrans@MM W32/Bady.worm W32/Begemot W32/Begemot.cli W32/Begemot.dr W32/BleBla.a@MM W32/BleBla.b@MM W32/BleBla@MM W32/BOLZANO.L W32/Britney.ow (McAfee) W32/Buffy.12568.Worm W32/Bugfix W32/Cheval W32/Choke (Sophos) W32/Choke.a.worm W32/Choke.b.worm W32/Choke.c.worm W32/Choke.d.worm W32/Choke.gen.worm W32/Choke.worm W32/Cholera W32/Cholera.worm W32/CIH.Spacefiller W32/CodeBlue.worm W32/CodeRed.a.worm W32/CodeRed.c W32/CodeRed.c.worm W32/CodeRed.d.worm W32/CodeRed.gen.worm W32/CodeRed.worm W32/Crackly@MM W32/Creepy.a@MM W32/Creepy.b@MM W32/Creepy@MM W32/Crypto W32/CryptoLan.gen@MM W32/CTX W32/Demig-A (Sophos) W32/Demiurg W32/Dilbert.worm W32/Disemboweler (Panda) W32/Donald.1_53.Trojan W32/Ducky@mm.90112 (Norman) W32/EMOTION W32/Esmeralda.807 W32/ExploreZip.pak W32/ExploreZip.worm.f W32/ExploreZip.worm.pak.a W32/ExploreZip.worm.pak.b W32/ExploreZip.worm.pak.c W32/Explorezip.worm.pak.IT W32/ExploreZip.worm@M W32/ExploreZipB W32/ExploreZipC W32/ExploreZipG (Sophos) W32/Fever (Sophos) W32/Fever@M W32/Fix@M W32/Fix2000 W32/Flcss (Sophos) W32/FunLove.4099 W32/Funlove.4099.dr (VirusScan) W32/FunLove.app W32/FunLove.gen (VirusScan) W32/Funso@M W32/Giri.GR2 W32/Gnuman.worm W32/GnutellaMan (Sophos) W32/Gorum W32/Hadra@M W32/Hai.worm W32/Haiku.worm W32/Hello (Panda) W32/Hello.worm W32/Hermes@MM W32/Hlam@MM W32/Hll.12355 W32/HLL.ow.24590 W32/HLLP-Yai W32/HLLP.Backdoor.Yai W32/HTM.H[H04.2048 W32/Hybris.dll@M W32/Hybris.gen@MM W32/Hybris.plugin@M W32/IceCube@M W32/Idele W32/InvalidSSL@MM W32/Joined W32/Kernl W32/Killr W32/Kiray.13496 (F-Prot) W32/Kiray@MM W32/Kriz.3863 W32/Kriz.4029 W32/Kriz.4050 W32/Kriz.4270 W32/Lara.worm W32/Laziness (Sophos) W32/Leave.worm.gen W32/Lindose W32/Magistr-a (Sophos) W32/Magistr.a@MM W32/Magistr.b@MM W32/Magistr@MM W32/Mari@MM W32/Marijuana (Sophos) W32/Matcher (Panda, Sophos) W32/Matcher@MM W32/Melting.worm W32/Minda@MM W32/Mix W32/Mix.2048 W32/Mix.dll.dr W32/Modnar@MM W32/Mona.worm W32/Msinit.worm W32/MsInit.worm.a W32/MsInit.worm.b W32/MsWorld@MM W32/MTX.gen@M W32/MTX@M W32/Music@M W32/Myba@mm W32/Mypics.bat W32/Mypics.com W32/Mypics.worm.25600 W32/Mypics.worm.27648 W32/Mypics.worm.34304 W32/Mypics.worm.gen W32/Naked (Sophos) W32/Naked@MM W32/Naver@MM W32/Navidad-B W32/Navidad.e@M W32/Navidad.f@M W32/Navidad.gen@M W32/Navidad@M W32/Net666 W32/NewApt.worm W32/NewApt.worm.c W32/NewApt.worm.d W32/NewsTick W32/Nimda-C (Sophos) W32/Nimda.a@MM W32/Nimda.b@MM W32/Nimda.eml W32/Nimda.htm W32/Nimda@MM W32/Nutload W32/Nymph.gen@MM W32/Oporto W32/Parrot@MM W32/Parvo W32/Parvo-A W32/PasswordStealer.A.Trojan W32/Petik@MM W32/PetTick@MM W32/Plage.worm W32/Press W32/Press.6380 W32/Press.6380.dr W32/Press.6382 W32/Press.6382.dr W32/Press.6386 W32/Press.6386.dr W32/Pretty.gen@MM W32/Pretty.Worm W32/Pretty.worm.gen@MM W32/Pretty.worm.unp W32/ProLin@MM W32/QAZ.worm W32/Qozah-3365 (Sophos) W32/Raoch.A (Panda) W32/Rast.2060 W32/Redemption W32/Redesi-A (Sophos) W32/Redesi.b@MM W32/Redesi.gen@MM W32/Resur.a W32/Resur.b W32/Resur.c W32/Resur.d W32/Roach@MM W32/RunFtp.worm W32/RunFtp.worm.exe W32/RunFtp.worm.script W32/RunFtp.worm.sfx W32/Sabi.Ins W32/Santa.1104 W32/Santana W32/Scooter W32/Scrambler.dr.a W32/Scrambler.g@MM W32/Scrambler.ini W32/Scrambler.vbs W32/Scrambler.worm.a W32/Scrambler.worm.b W32/Scrambler.worm.e W32/Semisoft.59904a W32/Shoerec W32/Shorm W32/Silver.worm W32/SirCam.bat W32/SirCam.dat W32/SirCam.gen@MM W32/SirCam@MM W32/Ska.dll W32/Ska.dll@m W32/Ska@m W32/Ska2K.worm W32/Smash W32/Soft6 W32/SoftSix.worm W32/Sonic.worm W32/Southpark.worm W32/Stator (Panda) W32/Stator.worm W32/Storm.worm W32/Sumo.a W32/Sumo.b W32/Suppl W32/Sysid.worm W32/Tetris.worm W32/Tetris.worm.gen W32/Themba W32/Trinoo w32/Troodon@M W32/Ucon@MM W32/Uncensored@MM W32/Unis.plugin W32/Unis@MM W32/Universe (Panda) W32/Verona W32/Verona-B W32/Vote.a@MM W32/Vote.b@MM W32/Vote.c@MM W32/Vote.defaced W32/Vote.vbs W32/Vote@MM W32/Wally.worm W32/White.worm W32/WinExt.worm W32/Winux (CAI) W32/Xtc W32/XTC@MM W32/Yarik (Sophos) W32/Zmk.55808.Worm (Norman) W95.Babylonia W95.Hybris.Gen.dr W95.LoveSong.988 W95.LoveSong.998 W95.Memorial.7783 W95.MTX W95.MTX.dr W95.Music W95.Smoker.Worm@mm , W95.Ussrhymn@m W95.Zperm.A W95/Anxiety W95/Arianne.1022 W95/Babylonia W95/Babylonia.bat W95/Babylonia.hlp W95/Babylonia.irc W95/Babylonia.plugin W95/Backdoor.DonaldD.Client W95/Backdoor.DonaldD.Server W95/Backdoor.Fix2001 W95/Backdoor.Stealth W95/Backdoor.Tray W95/Backdoor.WinCrash W95/Backdoor/Slydude W95/Begemont.4318 W95/Buffy-A W95/Butano W95/Champagne W95/CIH.1003 W95/CIH.1003b W95/CIH.1003dr W95/CIH.1010 W95/CIH.1019 W95/CIH.1122 W95/Dengue W95/Esmeralda W95/Esmeralda.807 W95/ExploreZip.worm.210432 W95/Firkin.worm W95/FunLove.4099 (F-Prot) W95/Gnuman.A (F-Prot) W95/Halen W95/Heathen.b W95/HLLP.60004 W95/HLLW.Buffy W95/HLLW.MyPics W95/HLLW.Trit W95/Hybris.worm W95/Icq_greets.27648 W95/Kenston W95/Kenston.1874 W95/Kriz.4029.kernel W95/Kriz.4050.kernel W95/Kuang W95/Kuang.dr W95/Kuang.GR W95/Kuang2.cli W95/Kuang2.svr W95/Letter W95/Linong@MM W95/Loader W95/Love.988 W95/Marburg W95/Marburg.b W95/Matrix W95/MTX.9244 W95/MTX.dll@M W95/MTX.gen@M W95/MTX.svr W95/MTX@M W95/Music@M W95/Parvo.13857 W95/Plage.worm W95/Prizm W95/Prizm.4428. (F-PROT) W95/Quza W95/Rainsong.3891 W95/Smash.10262 W95/Spaces W95/Spam W95/Toal@MM W95/Trojan.1_down_3_up W95/Trojan.Cool (F-Prot) W95/Trojan.Ring W95/Troodon@M W95/Urquest.24576 W95/Ussrhymn W95/Weird.10240.A W95/Worm.Nymph@mm (F-Prot) W95/Zperm.a W95/Zperm.b W97/MSteroid.Poppy W97M.Antiv.B , W97M.Automat.H W97M.Black.B , W97M.BMH W97M.Class.F W97M.Class.S W97M.Cross.E W97M.CyberHack.b W97M.DWMVCK1.C W97M.DWMVCK1/ZMK.Gen W97M.DWMVCK1/ZMK.Gen , W97M.Eeffo , W97M.Erab.A W97M.FF , W97m.freespace.a W97M.Heathen.12288.A W97M.Hlam.A , W97M.ITSC W97M.Laroux.KV W97M.Latenit.A , W97M.Lulung W97M.Madcow W97M.Melissa.BG , W97M.Melissa.w W97M.OutlookWorm.Gen W97M.Overlord W97M.Relax W97M.Satt.A W97M.Service.A W97M.Shepmah W97M.Shining.A W97M.Sin.A.intd , W97M.Snake , W97M.Sting , W97M.Syndicate.A , W97M.Taro , W97M.ThirtyFour.A , W97M.Volcano.A@mm , W97M.Vortex , W97M/Activ W97M/Afeto.A@MM W97M/Aleja W97M/Aleja.a W97M/Aleja.a1 W97M/Aleja.k W97M/Alina.a@mm W97M/Antisocial W97M/AntiSocial.e W97M/Antisocial.g W97M/Antiv.a W97M/Appder.a W97M/Appder.ah W97M/Appder.B W97M/Appder.I W97M/Appder.L W97M/Appder.w W97M/Arbeit W97M/Argh W97M/Armagidon.a W97M/Ashu.a W97M/Assilem.A W97M/Assilem.B W97M/Assilem.c W97M/Assilem.g W97M/Astia W97M/Astia.y W97M/Bablas.a W97M/Bablas.k W97M/BackHand-A W97M/BackHand.A W97M/Balloon W97M/Beast W97M/Bebop.gen W97M/Bench.g W97M/Bench.gen W97M/Berau W97M/Bethlem W97M/Bibdot W97M/Bleck W97M/Blink.worm W97M/Blowup.a W97M/Bobo W97M/Bobo.gen W97M/Bogor.b W97M/Breeze.A (F-Prot) W97M/Breeze.B W97M/Breeze.C W97M/Breeze.D W97M/Breeze.E W97M/Breeze.F W97M/Breeze.gen W97M/Brenda.A W97M/Bridge.a W97M/Buendia.A W97M/Cakes W97M/Caligula.a W97M/Camino.a@MM W97M/Candle.a W97M/Candle.gen W97M/Chack.am W97M/Chack.B W97M/Chack.BE W97M/Chack.BZ W97M/Chack.F W97M/Chack.H W97M/Chack.K W97M/Cham.A@mm W97M/Chameleon W97M/Chameleon.a W97M/Chameleon.b W97M/Chameleon.c W97M/Chameleon.gen W97M/Chameleon.src W97M/Chameleon.vbs W97M/Change.A W97M/Chantal W97M/Chantal.B W97M/Chantal.gen W97M/Chantal.src W97M/Chiao W97M/Choong W97M/Chronic (4117 DAT)
"History doesn't repeat itself, but it does rhyme." Mark Twain
Good: To sacrafice oneself for the benefit of others
Evil: To sacrafice others for the benefit of oneself.
As virulent as RMS may be, he's alot closer to Good than Bill Gates is. (Note the cap)
DM
What now occurs has been forseen. The development of stable, structured areas of the web that act as gated communities do in real life - offering great convenience and a streamlined web experience with 'show' security. Rather than just diving into the web, people will increasingly be offered 'AOL' type pools of integrated services. And don't think that the majority will turn up their noses, either - they'll jump at the chance of an 'easier' web.
Hey, look on the bright side...it'll get a lot of the idiots and sunday drivers off the 'web at large'.
100% agreement. Any benifit procured by of /anyone/ centralizing all my information is far outweighed by the potential security risks associated with a central store approach like .NET
/dont/ have a choice. I don't think we've seen the last of the anti-trust suits.
The only conceivable climate in which people would accept, in droves, this kind of information collection is if they perceive they have no choice or are unaware of the whole thing in the first place (as noted by the writeup, many hotmail users fall into this category). And guess what? MS is entrenched enough into our infrastructure such that you really
Unfortunately, I suspect that MS is relatively safe until the economy is back up 'n running, for obvious reasons. But I truely do believe MS is headed for a serious butting-of-heads with the public at large following their inevitable first security fiasco.
"Old man yells at systemd"
but when are we going to see a passport interface to Slashdot ?
Comment removed based on user account deletion
Forget for a second that Microsoft products suck. It still makes no sense to have inoperable products. Microsoft continues to integrate MSN and Passport into everything they make which leaves all of the rest of us scratching our heads. I don't use a Passport or MSN nor will I. It's not that it is Microsoft, it's just not what I want. So I cannot use XP and all it's supposed advantages.
Seems to me that they don't recall the 80s and the disparate systems we all had. Tandy, Amiga, Apple, IBM...no one had the same damn thing. It was nearly impossible to work unless everyone was the same. What happened? Lots of companies went under that didn't become interoperable...
Of course we torture people, we need the information --Gen. Pinochet
Why .NET is a bad thing: it's called Passport.
Setting: the near future you are hsopping on line sing passport
We at Microsoft know you wanted us to bill you for use of our wonderful, excellent, and secure services that you just used so we took the liberty of billing you. Have a nice day.
although i think that diffie and landau make good points, they stop short of offering a solution or alternative route.
sun would do well to step up and offer some sort of open-source super-secure passport-type solution. because there IS human need for something of the sort. people mostly have to spend way too much of their time coaxing their computers to do what they want -- setting up their DSL, filling out all those stupid forms at every single website, whatever. very few people enjoy the types of mundane tasks that passport is trying to save them from. in the same manner, whoever makes setting up a network exactly as simple as plugging in a telephone is going to be really damn rich. it doesn't make people who want such simplicity STUPID: it does mean that they think they have better things to do with their time than set up their preferences on every machine they use. microsoft is trying to capitalize on that.
alternately, the government could pass laws that hold companies liable for letting users' personally identifying information get hacked into. maybe companies would think twice before accumulating all that data in the first place.
The PGP signature is not really relevant here.
If it was said by a guy down the street, Scott McNealy himself, or Bill Joy, you should judge the arguments on their own merit.
The argument is, "aside from power and misuse, can you trust Microsoft on security"? That's raises a pretty tough question for Microsoft to answer. They can't rely on track history to pull them out of this one. And it'll be hard to come up with a rock-solid defense.
Good play by Sun.
One of the things that might balance out this power is simple: proper scale of reward and punishment. If Microsoft could be punished immediately and strongly if Passport failed in its security, and if there was a second organization that could be rewarded immediately and strongly if they could cause Microsoft Passport to fail, they we might have a mechanism to keep it safe. Something like this would need to be supported unequivocably by the government. Perhaps a $1,000,000,000 bounty on the security of Passport would be appropriate, taken from Microsoft's cash reserves in trust. The reason this might be good, is that a centralized repository of information would actually be really convenient and if it was secure would provide a lot of real value to people and therefore the economy. As an aside, I thought it ironic that the authors dismiss the issue of corporate power so offhandedly. Certainly corporate power is one of the major issues of the late 20th and early 21st centuries.
Helping with organizational effectiveness is our job.
Especially considering that their .Net "competior" not only collects just as much information, but shares it with many OTHER large businesses.
.Net plan either. However, Sun is the pot calling the kettle black here.
I don't think the fact that their annoucnement a month or so came with the backing of 2 major airlines, 3 banks, a plethora of retailers, mjultiple financial institution, etc. was an accident.
Don't get me wrong, I'm not really for the
-Jayde
What's a sig?
Last I checked (about three weeks ago) the Mono project had what I considered very modest goals, and among other things seemed to be ignoring passport/authentication altogether.
Ok, so the Sun license requires that they be the final arbiter of whatever gets put into Java. Their documentation of java and the jvm is EXCELLENT. If kaffe is a slow project, perhaps its because nobody mistrusts sun (or hates java) enough to put their back into coming up with an alternative implementation.
Tell me, when was the last time you were allowed to browse 100% of any Microsoft codebase and verify that there weren't all kinds of privacy abuses and access restrictions built in?
Check the license. Look, but don't touch.
Check the licence for UNIX -- Same deal. Note that we now have a few fully functional Unix clones, but nobody's ever gotten close with Windows.
You can say what you want about the old school "Open Standards" theory relative to "Open Source", but it's better than what you are getting from proprietary vendors.
Whenever I hear the word 'Innovation', I reach for my pistol.
Bill Gates III, is a terrorist. Under current US laws, he should be stripped of his citizenship, stripped of all constitutional rights, imprisioned forever, without parol, anally abused by some good brothers, or deported to war torn Afganistan; we should put a tracking device on him, since he'd head for his kind (aka Osama Bin Ladin), once we get him with his kind, we'd block the fucking terrorist assholes off this earth. DEATH TO ALL TERRORISTS.
come on folks, compete! this aught to be a free market. if you want something to be done better, don't rely on the strong arm of potentially oppressive government legislation to punch the winner out so the loser came waddle into the ring and leave with the title belt.
/not cool/ and choose to abstain from it, others will. businessmen will look at it and say, "i want to own my assets, damn it! i don't want to spend /more/ money on expenses that aren't investments!"
the market will sort it self out. think about it. if we can see that the stuff that microsoft is doing is
focus your energy on providing superior alternatives. work on the mono project. work on gnome. work on better interfaces to drivers. linux has a long way to go before it is a truly useful solution. have you ever tried to put your network card in full duplex mode under linux? didn't think so.
compete, don't just point fingers. hopeful thinking on microsoft's part isn't going to make linux dissapear, and we shouldn't allow ourselves the same luxury. do not support any legislation that would let a governing body meddle in private affairs. fans of objectivism, voice yourself!
linux will have to compete with its virtues, not with the cries of "hey! no fair!" from its followers.
I hate to have to say this again (I hate to have to say this at all) but it is sad to see how Mr. Diffie, who in 1975 stood up against such institutions as the NSA to publish revolutionary crypto articles, is now reduced to being a mouthpiece for sun.
The article says nothing that hasn't been said before and offers no alternatives. How can this service be offered in a secure way, in a way that will not concentrate all the power in one place yet still offer the same benefits? This is the question to be answered. We all know of Microsoft's track record, we also know of Sun's. We are aware of the obvious risks involved in such a service but we can also see that this is the way the world is heading right now.
Several companies have tried to offer similar or partial services to what Microsoft is now suggesting, all of them failed. Now, Microsoft has never been a great innovator but once it puts its weight behind an idea it tends to lift off (eventualy). What are the checks and balances that we must demand of Microsoft (or any other would be service provider) to install in the system so that we can feel relatively free and safe to use it? Why should we choose Sun's alternative service when it is here? Simply because Sun's security is seems to have improved lately? I don't think so. When someone tries to answer me those question I'll respect their opinion, until then I can only stay disapointed.
limbo.
move along, there is nothing to see here
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Man, I'm tired of hearing about M$'s many faults. Can someone give me a rundown on what is GOOD about XP and .NET so that I amy have a balanced meal of information? (I'm in the wrong place?) As it is I'm getting indigestion.
And please no jokes about my stupid analogy.
If voting could really change things, it would be illegal.
Nets have holes. If they didn't, we'd call them sheets.
The article doesn't mention Java once. In fact, I doubt Diffie much cares. He is concerned that .NET centralizes all your personal information on Microsoft servers (mostly written in C/C++ incidentally).
Check the licence for UNIX -- Same deal. Note that we now have a few fully functional Unix clones, but nobody's ever gotten close with Windows.
Uh, check the license for Windows — it's not a standard. That's why nobody's gotten close with Windows. If I can refresh your memory, it's .NET that we're talking about, and C# and the CLR are open standards, which is why the Mono guys are happily chugging along in their work.
I signed up to Passport quite happily a couple of years ago. If ever I am asked to provide an email address on a web form, I give my hotmail address. Passport thus provides me with a valuable service that simplifies my online experience (although they haven't listed it yet): .NET My Spam.
.NET has a very good chance of taking off: Microsoft can say to companies: "Sign up with us and we will bring the customers to you. Spending money will be easier for them and you won't have to worry about bogus orders. Furthermore, we'll take the burden and expense of security issues off your shouolders". I can't see companies turning down the opportunity to make more money because of some anti-Microsoft principle. If they can make money out of "jumping on the bandwagon", they will. If we get to the point where just one company (Microsoft excluded - but I bet they'll try sometime!) only accepts payment through the passport system, then we can be pretty sure that there'll be no turning back...
More seriously,
To the poiunt of sicking its lawyers on companies that have the temerity to develop their own extensions in their own way.
The point of having open source is so that you have control. With Java the control is firmly under the thumb of Sun. Ergo, Java is not open, nor will it ever be open if Sun gets its way.
It isn't just Microsoft who have been shut out of any influence on how the language develops. It has from start to finish been a sun only program.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
From the words of Bill Gates himself, he is trying to create "a programmable network, programs talking to programs. and server to server or server to client. .. including peer to peer..".. based on XML and other languages such as VB.Net and a whole lotta other stuff (C# and stuff) to tie in different programs and allow these "services" to communicate with each other.. I know I didn't get what this whole .NET thing was either, until I read what Bill himself said in PCMagazine, September 4, 2001 issue (page 164) I know this may not make sense now, but I do think he's a bit on to something.. One thing's for sure, in the past couple of years, you gotta remember never to underestimate Bill.
I support publik eduscatation!
Ever since Sun came out with a statement saying they want a national ID card to prevent terrorism, I've decided they're no better than Oracle or Microsoft. Just another big corp that doesn't give a rat's behind about rights.
If these two Sun employees really care about our rights, they can show me by quitting Sun.
fifth sigma, inc.
out, but use mostly for testing email software. I
decided to check it out and see how it behaved. My
browser is Mozilla 0.9.5
What I found is that, first, I couldn't log in. It
just said "login failure" and gave me a few links to
pages that might help. When I followed a number of
these links, I got a lot of copies of pages that
said:
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Has anybody else realized that .NET is NOT My Services? The only security problems with .NET are source code visibility. My Services are a whole different story.
If you fall off a building, go real limp, because maybe you'll look like a dummy and people will be like hey, free dummy
.NET is a bad idea and is in many ways in conflict with the US political struture and ideals.
It would seem to be totally in-line with the U.S. political structure and ideals: being 0wn3d by large corporations.
"And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name." -- Revelations 13:17, referring to Microsoft® Passport®
Presuming you're referring to Java vs. C#, neither is proprietary.
Java (the language) has an open specification, and RedHat 7.2 ships with a Gnu Java compiler as part of gcc 3.x. There are also many other non-Sun Java implementations. Having great free-as-in-beer development tools and runtimes doesn't hurt either!
C# the language has been submitted to ECMA, and is also being implemented in Mono by Ximian. We'll see how things work out with it, but calling it proprietary isn't correct either. Other parts of .Net are certainly proprietary, including for instance the GUI library for C#. There are no Microsoft free-as-in-beer development tools for C#.
Personally, I think Java is by far the better idea between those two, and that it will pick up desirable features like operator overloading and lightweight objects with time. At least it is pretty solid and fast after 6+ years of development.
Of course there are other reasons to avoid Microsoft products and initiatives (my polemic for the day;).
299,792,458 m/s...not just a good idea, its the law!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
For more about why programs are getting less secure as time goes by, not more (and other interesting security-related topics, too), I highly recommend Secrets & Lies: Digital Security in a Networked World by Bruce Schneier. (/. had a review of it last year.)
Although Whitt 'invented' Public Key Cryptography he is not a cryptographer in the sense many on the list seem to think. He is not interested much in algorithms, of the 20 odd times I have heard him speak in public or private I can only recall one occasion where we were discussing an algorithm and that was in the context of the Venona decrypts.
Whitt's almost exclusive interest is public policy concerning privacy and security. While Whitt has probably cleared his talk through Sun's PR office he is quite obviously the instigator of the piece.
The point he is making is much broader than .NET, as I am sure Whitt will explain later on. For the time being however it makes tactical sense to identify the problems with newly proposed schemes even though the real exposure comes from existing databases.
What I believe Whitt is up to is re-interpreting the privacy concerns of the pre 9/11 world as security threats in the post 9/11 world.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
> For most of it, they rely on proprietary, often incompletely documented APIs in Windows.
.Net that let you talk with what could only be addressed by the MFCs before? Or is it something else?
.NET.
.Net is being implemented by the Gnome group as MONO or anything, right? Because Java is standardized as, uh. By, uh. Exactly where?
Are you talking the parts of
> Java and its libraries are much more open than C# or
Ah, of course. Not that C# is an ECMA pending standard and
And how many hoops did Kaffe, gcj and the other 3rd party implementations of Java have to jump through to get it right?
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
You're either against .NET and pro SUNW, or you're with the terrorists.
Did anyone expect Sun to say anything other than "Not only is .NET technically inferior to our offering, but it's bad for US society". The only reason that they're not saying ".NET will cause the death of baby seals worldwide" is because you can prove that baby seals worldwide aren't dying.
http://www.gotdotnet.com/team/compare/petshop.aspx
.NET with f.e. C# ? According to this test (the J2EE petshop example) the choice is a no-brainer.
Ok ok ok ok OK!! it's a MS funded site, nevertheless, the code is available and you can judge for yourself: should you stick with Sun and their J2EE or should you prefer
Never underestimate the relief of true separation of Religion and State.
Actually, the difference is that .Net and Passport are opt-in measures that you can avoid. I never signed anything saying that Equifax could have my credit information, but I bet they do.
Never? Then you must not have a bank acct, credit card, phone, any utilities in your name? I suggest you read the fine print on those contracts you signed when you aquired these things. If you have any credit information(which you implied you did), equifax has it.
The previous has been a secret message to my comrades.
Let's make something perfectly clear, since no one else seems able to do it: .NET is NOT the same as Passport or myServices or any of that crap. Passport and a database that would be built from them are applications built ON TOP of the .NET platform. .NET in and of itself is actually a very good idea, something that every major player in the industry today is trying to do (read: WEB SERVICES). There's nothing wrong with that model and most people with half a brain realize that.
.NET doesn't understand what the hell it is. Hate Passport all you want. Hate any of the services MS is building, because they SHOULD be hated. But don't hate a platform that is actually quite good and holds a great deal of potential.
Now, Passport and all the services Microsoft is trying to force down are throats are absolutely evil and will corrupt absolutely (as if THAT isn't the case ALREADY).
But please, for the love of all that is good and holy, get the facts, or at least the terminology straight. Anyone that is against
Gee, no one hates Linux here, but if I built Passport using things available on Linux now (maybe mySQL and PHP and Apache let's say), would that be a problem for anyone? No, of course not. You'd separate the discussion between the platform and the service build on top of the platform.
Same damned thing here. Everyone is so anxious to hate Microsoft (for good reason) that they don't want to give them ANY credit for what they might actually have done a good job on.
.NET != Passport. GET IT STRAIGHT FROM NOW ON!!
"Microsoft's security record is nothing to brag about. Windows is the most widely used yet one of the least secure operating systems around. Microsoft programs have shown themselves vulnerable to worms, viruses, and break-ins, on Microsoft's own computers and on everybody else's. The Melissa virus spread through Microsoft's word processing and e-mail programs, sending itself to the first 50 people in each of the infected machine's address lists. A year later the ILOVEYOU virus infected the Web through a different part of Microsoft's e-mail package. More recently Microsoft's own internal systems were hacked, and the intruders spent over a month accessing system source code, likened to Microsoft's "crown jewels," before their unlawful entry was discovered.
"Why should Passport be any different? Early security analyses show that compromises made for the sake of universal availability make Passport less secure than it might have been, less secure than it should be, and perhaps just plain insecure. The My Services databases will be a particularly ripe target for hackers. (Since all users of Microsoft's free Hotmail service have Passports, many unknowingly, there are already 160 million Passport users.)"
Perhaps a bit more that one thing...
"One man can change the world with a bullet in the right place."
- Mick Travis, "If..."
Total lack of anything but speculation in this article, and coming from the source, it seems like Whit is making a future career for himself as a troll if he ever decides to quit his day job.
Moo
.Net is a framework. To say that
There's definately something to say about MS security record. I have concerns (as I sure eveyone does) about MS storing all that private information in their shop in Redmond. So I would agree with the Commentary on that level. People have been too quick to mistake the
If it was open, Microsoft could implement it their own way and bundle it with the OS, making it a new defacto standard. If I were Sun, I wouldn't want to risk that.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
When Microsoft tried calling J++ code "Java", it was guilty of false advertising. Plain and simple. Sun took away Microsoft's "right" to lie about what language it was implementing. (One of the rules of Java is about *where* you put extensions to the language such that they are obviously outside the portable portion of Java. MS could make as many additions to Java as they wanted. They just weren't allowed to lie to the public by making the additions appear to be part of the standard java.* classes. They had to call them something else. That's all. And they weren't willing to do so. They deserve NO SYMPATHY over this. NONE.)
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
The control over computer software that Microsoft has achieved through its dominance of operating systems has limited competition and innovation throughout the computer field. Through .NET, it is attempting to exert the same control over all Internet commerce. Just
as kings got to grant or deny royal charters to businesses, the Redmond giant, if
successful, may be able to say who can do business on the Net and who can't.
.NET, for example - our lives, and (2) the position of being able to technologically implement such control.
Sure, Microsoft may fail the first time. And the second time. But when governments and other megacorporations band together and get behind such an effort, then even Windows may be up to the job :).
And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
(Revelation 13:16-17)
Now... I'm not saying that Bill Gates (or anyone else, for that matter) is "the beast", but such an infrastructure as this brings us (as in "people" especially the ignorant sheep that are the majority) closer to (1) acceptance of complete centralized control over our finances, commerce, and eventually - when, e.g., you can only buy gas or a 'plane ticket, or even food through
Too radical? Too extreme? I'm sure people scoffed at the idea of Hitler bringing the world to war and exterminating 6 million Jews, too... and central control doesn't look half so bad on the surface, unless you value your freedom.
Revelation 13.
Wasn't this Valley company proposing just a few weeks ago that it be the host of the system that would hold the National Identity system? So, let me get this straight... Sun has servers, and presumably the support contract for the NI system that has data on all 260M Americans (and a good few others besides), and thinks this is less intrusive that M$ with Passport on "160 Million" users systems (spread across occasional and repeat users throughout the world - only about 20 million of whom reside in the USA) I for one don't have passport - deleting MSN and its cohorts is a favourite pastime.
More Sun FUD.
Microsoft programs have shown themselves vulnerable to worms, viruses, and break-ins, on Microsoft's own computers and on everybody else's.
Not only that, the vulnerable and cracked Microsoft servers keep advertising themselves in my Apache logs.
They advocate decentralizing power and promoting competition. Somhow I don't think Susan Landau would apreciate being referred to as "He".
I have to supress a laugh every time I hear Bill, Larry, or oh what's his name... talk about anything. And it's even funnier when their underlings voice their opinions. While I am a user of many Microsoft software applications, I can't say that everything they do makes me all warm inside. But I am getting sick of everyone whining about everything MS puts out, expecially all the controversy over .NET and XP. Yes XP has WPA and it sucks (here's a little tip, install on A, wait 120... maybe 121 days and install on B), but XP is a step in the right direction (albeit all the MS and MSN plugs).
Now on .NET, as in a previous post (which I was actually surprised to see), there's nothing evil or such about it. It is simpley a set of technologies and frameworks that enable developers to do so actually cool... stuff, and let's consumers/users access that cool... stuff. Now what MS builds on top of and using .NET is what should worry everyone, although I'm not one who things that everything that comes from the beast is bad or junk. My question is, would everyone rather the alternatives?
I shouldn't have to remind everyone that not too long ago Sun was a big bad wolf, one that wanted (and still does) everyone to work on thin clients/terminals connected to huge Sun mainframes running, you guessed it, Sun software (at least they would hope so). What does everyone actually thing Java was created for? It was developed to be a write once, run everywhere development solution (which I will admit, I love) that would also be a basis for thin client/terminal systems.
And then there's Oracle and the great dumpster diving Larry Ellison. His latest idea is to create a giant database of user information to be used by the government and whoever else, in addition to issuing everyone some sort of digital ID and ID card. The scary part is that there's alot or work and time going into this.
My point is that we shouldn't align ourselves to closely to any one of the companies, and others. Technology changes to quickly and unpredictably for anyone company to keep a stranglehold for too long... just ask IBM. If you don't like something, don't use it. If you hear something bad about a product or technology, don't take someone's word for it (this really applies to this who get news from the likes of ZDNet and CNet), reasearch it and draw your own conclusions.
Let the flames being...
Hmmm. I can download Java from IBM. There's also kaffe, jikes and probably a few others. Doesn't look like the control is under anybodys thumb.
To the point of sicking its lawyers on companies that have the temerity to butcher the language, more power to 'em.
You've just gotta take this sort of thing with a grain of salt.
.NET and PASSPORT is rather small at the moment.
Remember when Win95 came out with MSN access loaded and all you had to do was click on the MSN icon to get onto the "Internet" ? Remember all of the doom-and-gloom analysts predicting that Microsoft would take over the Internet because of this ?
Well, look around you. Microsoft hasn't taken over the Internet, and the fact they haven't probably means that they can't.
For any technology to be successful, it obviously has to be well designed - but most impotrantly ther has to be a demand for that technology. As far as I can see - the demand for
You can't start a pervasive market by hype alone.
So, I have yet to read the article (yeah, yeah, slashdot no-no), but how is this different from MS saying that open source is un-American?
>>It's the same old "Microsoft products are full of security holes" argument ...
And I'm still getting the same old requests for cmd.exe and friends.
The argument is old. The holes are old. The requests from unpatched Microsoft servers are quite fresh.
The argument may be old, but it doesn't seem like it's getting any less valid.
Don't forget that someone can always break into Microsoft and steal a few of their .NET Database RAID drives.
Or even worse... an internal employee drops a WLAN bug behind their security or accidentally puts a few holes in their security system for a price from government X or company Y.
Do you think M$oft security would be weary of this? Don't you think this sort of information should be kept on your own premises where the OWNER is responsible for the security?
This solution will never work and if it does, I pity anyone that uses it....
So, what's the difference?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Is it just me, or does anyone else find it annoying when people use that terminology? It's like that "homeland" office after the terrorist attacks, never heard it before then, now it's all over the place.
That it's being used in a paper presented as being from some major eggheads makes it worse, I can understand the mass media giving into the trend, but not these guys. Mayhaps there was a little editing..
Sadly, consumers won't be aware of what is going on and will be the ones to get shafted by it.
Now, as for what should/could be done about this... I don't know. Maybe the guv'ment should put out some kind of warning if enough techincally minded people agree, or maybe other private organizations should, I dunno. Personally, I really don't care, it's not going to affect me.
Your sig
"Many innocent Germans died, but that doesn't mean we shouldn't have destroyed the Nazis."
Damn right. If it can be done, I think it's time to wipe Al Queda out, and the Taliban as well. Help the people setup a new government, try to help them develop an economy that isn't based on drugs... I'm tired of hearing from Taliban/Al Queda sympathizers...
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Yeah, besides that.
You were close with "Ideas for Cryptography" but it was actually New Directions in Cryptography
Bah. Why should we listen to this "Diffie" character? I mean, what kind of a security expert is he anyway? It's not like he contributed anything useful to the field or anything... ;-)
Always nice to hear from somebody who is jumping to the defence of someone who is only mentioned incidentally!
So, as you are well versed on Mr Chomsky's career, please could you give us all a reminder on the motivation for his rationalisation of Pol Pot's actions?
I'm incredibly amazed that nobody realizes what the real problem with .net is. As with the win32 api, microsoft tries to be the central gatekeeper on another thing, again. Their important role is not in providing internet services, but in controlling the way net applications and your data work together.
What we need is a fresh initiative that creates an Open Netapplication API for which other companies can create applications for. These include:
- storage providers
- data processing providers
- interface providers (these 3 can be the same)
- programmers
- data creators
Please, if anybody reads this - react! It's the same game like with OSs in the early 1980s (the bigger will get bigger, no chance for a 2nd place). Do you want to have MS dominating the next 15 years in Net applications, too, with all the subsequent problems? If not, then spread these ideas, and do something for it!
Thanks,
ppps
The whole point of public key cryptography is to allow secure transactions and verified identities without the need for a central controlling database like Passport. The alternative you're asking for is a distributed net of parties able to check each other's credentials, just like PGP and SSL work today.
To stress the inherent vulnerability of this approach, the article makes the point that Microsoft's software cannot be expected to be without flaws. This is where you see Sun speaking. We all know that Sun software isn't really any better, and it would be foolish to suggest that this problem can be solved by using different software, or improving the implementation. Note that the article doesn't do this.
If by 'technical' arguments you mean arguments concerning how .NET or Passport is implemented, you've missed the point - they are not the issue here.
(a) Fuck off Zico, you fucking trolling loser
.NET equivalent of the non-GUI java classes are standardised. Thus, MS is sacrificing a little bit of token server-side space "look it is possible to use FreeBSD to SERVE .NET" to maintain their stranglehold on the client side.
(b) Only the
I'm sticking with Java thankyouvermuch.
Sun may just be another evil proprietary company, but they're one with an incredibly good record of engineering and technical excellence. Unlike Micro$oft, who consistently produce insecure garbage.
*160 million* Passport users. HOLY CRAP!
.NET initiative and solid operating systems (WinXP, etc) presents an unmatched, omnipresent, and formidable platform that will eventually displace Sun, Oracle, et al. to niche/smaller markets. Microsoft looks poised to become greater than ever before, shrugging off anti-trust suits like rain protected under its shield of lawyers.
The synergy between MS's current services and developer/user base coupled with the whole
This sucks. Unless... unless the "chosen one" appears, uniting the house of Sun, the Oracle and Apple, and the elders of IBM/AOL/Yahoo, binding them all with the Open Source to fight the unknown darkness that is Microsoft! lol... bleh...
a case of Microsoft being a cancer?
.NET more secure, implement it on unix.
In anycase, lets make
The current Slashdot moderation system is made by gay communists!
the servers, I mean.
I'd never have any of that shit on any of my linux or sun boxes.
The current Slashdot moderation system is made by gay communists!
is the punctuation! How can you write anything about that ridiculous piece of M$ trash and make it readable! You never know where one sentence ends and another starts!
- Sig this!
I have written an editorial with some further opinions. It is located here: http://www.keystreams.com/COMMENTARY/2001-10-26/ta ke_the_red_pill.php
You are an anonymous coward and a troll. You'll elicit no further input from me.
Did anyone else notice that this thread suddenly got very very flat?
/., I suppose...
Back to the old