Slashdot Mirror
Whit Diffie Comments On .NET security
An Anonymous Coward writes: "Whit Diffie and Susan Landu (both of Sun Microsystems) comment on why .NET is a bad idea and is in many ways in conflict with the US political struture and ideals." This is a good read, but of course Sun has their own plans and motivations in this field.
In spite of the blatant vested interest of Sun, the piece is a studied and accurate indictment of the .Net initiative.
I would still like to see something like this come from someplace like Gartner as well, however.
this is getting old and so are you
blog
Why one propietary language should be used over another ... kind of misses the point. I say they're both bad due to being closed and propietary.
Use my userscript to add story images to Slashdot. There's no going back.
"This is a good read, but of course Sun has their own plans and motivations in this field. "
We yes... not exactly an independent observer.
Cruise TT
Sometimes I wonder what we'd all think of Sun if they were in the dominant position that Microsoft is currently in.
Even more interesting, I wonder how they would treat their competitors (and competitors ideas). It would be a different Sun, that's for sure.
-- yawn. --
MS seems to be pushing this ".NET" thing very hard, but it seems like it's just vaporware, a name for whatever the "latest and greatest" from MS is. However, they seem to be up to something with XP and Passport, but I don't think it's going to go very far, because developers aren't going to spend the time to make something for this market share, because from the looks of it, XP isn't topping the sales charts.
I think Steeler's Wheel said it best when they sung "Stuck In The Middle With You"... as, in a way, we're stuck in the middle with Sun.
Microsoft and Congress are surrounding us, working either with monopoly power or governmental force, and, though nothing truly bad bas happened yet, it's only a matter of time.
This strange coalition isn't good for everyone though, and Sun is aware of that. At this point we (the Open Source People) should indeed be cautious of Sun, but not overly so. They have good reason to be with us on this, and we shouldn't be so quick to dismiss them
Not that we should worship them either... once we beat down Passport they'll probably come up with their own worse version.
But for now... hell... they're anti-passport, and right now that's all that matters...
Sun used to put the dot in .COM .... What does Microsoft put in .NET?
The fact that Microsoft software and consequently it's databases can be cracked is not the issue. The issue is that Microsoft is controlling the database itself. The whole is greater than the sum of its parts in this case. The sheer political will that can be wielded by Microsoft as enabled by a universal database is frightening.
At what point do the privacy activists have to take up guns (real or virtual) to stop this shit?
Great, two tech companies duke it out to provide the infrastructure to Internet services. We can either get worked by Sun, at least that will be Unix based. Or Micro$oft and we'll just get worked. With the latest developments of XP's release (the beast is loose, the 7 seals have been broken!!) it seems M$ will be able to readily herd the masses of tech incompetent into Passport and .Net services.
/.ers are a lot of early adopters, but do we spend enough cash to make it work? Hope so.
I just hope that MONO can save our souls and our bank accounts. Free open-source services can only succeed with a large enough base of users to dictate to the businesses that will provide the services. I know we spend teh money on tech stuff and
They really aren't criticizing .NET languages, software, or architecture. Microsoft is positioning it's passport system to collect phenomenal amounts of information about people without their knowledge. Hence, the attack on privacy.
fnord.
He's not "just a Sun employee" with a chip on his shoulder, he is a giant in his field. Give the guy the respect he deserves.
No, Thursday's out. How about never - is never good for you?
of MS seems pretty obvious. Hopefully the public will discern a ploy as well.. but I think your average computer user will not be interested in their 'vision'. If what they currently use, works, that will keep them away. It's a bad economy so people are going to be less likely to grab at such tenuous upgades as XP and .Net.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Huh? Not. Sun has been completely open about every aspect of java; you can right now go and download the source for the jvms, the spec of the jvms, the source of J2EE and all the other layers of libraries... whereas Microshaft is only releasing the source to about 10% of their libraries. The main reason sun hasn't ushered java through the standards committee is because Micro$oft has too much influence over the process, and would doubtless try to warp java into something other than "the right thing".
- First they ignore you, then they laugh at you, then ???, then profit.
I know that America isn't very fond of free speech and democracy (ok, they say they are, but frankly it is one of the single most homogenous and confirmist countries in the world), but attacking MS because they 'don't confirm to American ideals' is frankly absurd.
The article also says:
If history has shown us anything, it's that the best protection lies in decentralizing power and promoting competition.
Eh? Why were all the most successful Empires centrally controlled? Was the Roman Empire decentralised? Sure, they had some degree of devolution, but Rome was still the boss. The best economies have always been centrally and state controlled. For example, the USSR's economy increased 900% from a feudal economy in 1918 to a modern industrial state by 1928, under a communist regime. The US itself has put the economy under state control in wartime - the biggest growth period being WWII, which dragged america out of the depression.
Also:
For more than two centuries Americans have prided themselves on protecting their freedom by limiting the concentration of power.
This is completely fallacious. The history of the US is a hostory of power centralisation in the hands of federal government. The states have been emasculated, and now the same is happening in the EU wrt the nation states of Europe. America isn't about independant thought, democracy or devolved power at all - it is about centralised government control, confirmist attitudes (what other country would invent phrases like 'Anti-American' and 'The American Way' in the first place? I mean WTF?) and a lack of democracy thanks to having no real options in the democratic process.
Lies like this article should be combatted by radical politics, IMHO. Agitate!
Despite Sun's shady dealings and anti-competitive practices, this really isn't the time for an ad hominem attack. The piece presented is very well written, and outlines the dangers of Microsoft's .NET quite thoroughly.
.NET were to become a reality, it would be mandatory to have an entry in the Passport and Wallet databases. I have some serious issues in letting a consumer-driven company have not access to all of my personal and financial information, but complete autonomy in using it -- the EULA for Passport reads much like the standard Microsoft EULA -- e.g., Microsoft owns all of the information you put into it.
My chief worry is that if
The point about Microsoft's securty track record is also quite valid; I know I will never trust my credit card numbers to a company that can't even keep internal email, well, internal.
--
I Hit the Karma Cap, and All I Got Was This Lousy
Comment removed based on user account deletion
Initially, I thought .Net was going to be a bunch of online services, but it seems to just be the marketing buzzword.
.Net plastered on the Hotmail site. So is Hotmail a part of .Net, or is .Net part of Hotmail? Is .Net a bunch of new APIs, like ADO.NET? What makes them different than the old APIs then? Is it just an ambiguous term right now so it looks like MS is creating something truly new?
They're slapping it onto the end of everything they own though. They have
There is much in .Net that should prove useful, particuarly with several Open Source implementations of the .Net API in the works (Microsoft even seems to be supporting these). Ultimately it will be possible to run the same software on Linux and Windows without modification - and that benefits all. The real problem is with Passport and the other efforts at centralization. Unfortunately some centralization will always be required for this type of thing, be it Visa, Microsoft, or Paypal. There may be ways to decentralize it, but it would be much more difficult and expensive to do that, which is why M$ has probably not taken that route.
FUD, noun, from "Fear, Uncertainty, Doubt", a word coined by Apple supporters to describe a strategy used by the company's critics to spread misinformation intended to scare potential customers away from the company.
First of all, these people don't seem to understand the difference between the .NET development platform, and the authentication service. Quite frankly, I think they DO know the distinction, and that they don't make it is indicative that this more misinformation from Sun.
But I love some of the other quotes...
Since all users of Microsoft's free Hotmail service have Passports, many unknowingly, there are already 160 million Passport users.
I love the use of "unknowingly" here, as if it makes a difference whether you are in one Microsoft database or another Microsoft database. Let's spread that fear!! First of all, that's not 160 million unique users. I would be shocked if 25% of those were active users. It's probably much lower. Second of all, you need hardly any personal information to get a Hotmail account, so most of that information is not that useful.
There are tons of other crap in that post, but I'm bored with Sun's crap already. It's just more of the same.
This is why I far prefer Microsoft holding power over the other monopoly wannabees Sun and Oracle. At least Microsoft doesn't play games. They tell you exactly what they want to do.
Sometimes it's best to just let stupid people be stupid.
If only we could boil it down to a 30-second Tom Brokhaw comment and still convey the clarity of Diffie's message.
My off topic comments aside, I did enjoy the way passport/hailstorm are likened to the corporate monopolies of the late 19th and early 20th century.
Cheers,
- RLJ
Recently I attended a presentation from Sun Microsystems, which among other things, covered SunOne and Project Liberty. These parts of the presentation probably weren't NDA (the SunOne might have been... so I won't go into too much detail about it).
.Net My Services (or whatever name it is going by... Hailstorm, etc), Microsoft would be the holder of the directory, and therefore, in a position of extreme power.
.Net/Hailstorm's potentials for incremental billing of 'computer services' and privacy issues have got me a bit concerned. And I'm not a privacy freak.
Basically, SunOne looks at things from the point of the individual corporation. It is an interesting way to align IT assets to face (and view) customers, vendors, equipment, etc. It has quite a number of layers, but uses open protocols all the way. Very interesting. The only downside I could see is that it would be difficult for a large company to implement because of the scope of changes that would be necessary.
Project Liberty, in their presentation to us as a business, still stressed the important of privacy. What was the term they used? Something like a Federated... forgot... basically, a number of authorities on different things, with no one person holding all of the 'directory'. They said that in
I'd certainly like to hear a counter-view on both, but
The difference is that Equifax (now Experion) doesn't draw its revenue directly from the consumer -- they don't physically rely on selling things to the mass market for revenue. In addition, Experion functions under a great deal of government restriction regarding what they can and cannot do with the information they possess.
--
I Hit the Karma Cap, and All I Got Was This Lousy
Seems like this author is pretty good at it. True, Sun has it's own motivations, but this article seemed to say exactly what I've been thinking, and did so in a much more eloquent manner than I'm capable of. This comment in particular illustrates the exact problem with Microsoft .NET:
.NET would have if it were a monopoly, Microsoft just might position themselves to monopolize everything. Yes that is doomsday talk, but if you analyze the situation, it's really not that wild of an idea.
.NET members. Linux has the power to bring down the Microsoft OS monopoly. In my opinion this is a big motivation for the developmentof .NET. If .NET becomes a monopoly and there is no other way to make a purchase online, what kind of competition could bring it down?
Just as kings got to grant or deny royal charters to businesses, the Redmond giant, if successful, may be able to say who can do business on the Net and who can't.
In reality, that is what Microsoft is aiming for as they have already attained a similar situation with their operating system. They have also used their OS to leverage other monopolies and with the wide range of impact
It will be a sad day if retailers stop offering online purchases to those who aren't
~ now you know
What commercial company wouldn't want everyone in the world buying their products and giving them money? For that matter, who here doesn't want linux on every computer in the world? Everyone thinks they have the right ideas and morals to control the world. Gates thinks he should control the software industry and get all the profits from it just as much as RMS thinks all software should be free. So who's right?
Outdoor digital photography, mostly in New Engl
Sorry, but just another 'me too' post. I've always wondered what the hell Miguel et al. were doing in attempting to develop for this thing. It's like grasping at smoke. Every day, .NET is something new and different and wonderful.
Maybe Steve Jobs can pull off that kinda BS ('ooh, look, an MP3 player') but Bill? I dunno...
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Worm.Nimda, Nimda, Nimda.c, W32.Nimda.A@mm,
W32.Nimda.C@mm, W32/Minda@MM, W32/Nimda-C,
W32/Nimda.eml, W32/Nimda.htm, W32/Nimda@MM, Win32.Nimda.A@mm
W32.Allgro@mm , W32.Annoying.Worm , W32.Anset.Worm , W32.Badtrans.13312@mm , W32.Barum , W32.Blebla.worm , W32.BlueCode.Worm , W32.Dengue W32.Efortune.28672@mm , W32.Efortune.31384@mm , W32.FunLove.4099 , W32.Funlove.int , W32.FunnyFiles.Worm , W32.Gspot.Worm , W32.Heyya.Worm , W32.HIV W32.HLLO.Britney , W32.HLLP.Chlamydia W32.HLLP.Semisoft W32.HLLP.Soft6 W32.HLLP.Thembe , W32.HLLP.YAI W32.HLLW.Bymer W32.HLLW.Qaz.A W32.Hyd@mm , W32.Idele W32.Kiray@mm , W32.Kriz W32.Liong , W32.LXD.Mirc W32.Magistr.24876@mm (Symantec) W32.Magistr.39921@mm , W32.Matcher , W32.Mineup.Worm , W32.Modnar.Worm@mm , W32.MsWorld@mm , W32.Naked@MM , W32.Naver.Worm@mm , W32.Navidad W32.Navidad.16896 W32.NewApt.C.Worm W32.NewApt.C2.Worm W32.NewApt.worm W32.NewApt.Worm.d W32.Nimda.A@mm , W32.Nimda.C@mm , W32.Passion.27648 W32.Peelf.2132 , W32.Pokemon.Worm W32.Prolin W32.Qint@mm , W32.Redesi@mm , W32.Sircam.Worm@mm , W32.Stator@mm , W32.Tetris.Worm W32.Toal.A@mm , W32.Unce@mm , W32.Urgent.Worm@mm W32.Video.25600.Worm W32.Vote.A@mm , W32.Vote.B@mm , W32.XTC.Worm W32/Admin W32/Allgro-A (Sophos) W32/Anset@MM W32/AntiQFX-A (Sophos) W32/Antiqfx.worm W32/Antset (Panda) W32/Apology W32/Apology-B W32/Apost-A W32/APost@MM W32/ASpam W32/Atirus@MM W32/Avupd.ow.b@M W32/AX.SerialThief.Trojan (Norman) W32/Babypic@MM W32/BadAss.worm W32/Badtrans@MM W32/Bady.worm W32/Begemot W32/Begemot.cli W32/Begemot.dr W32/BleBla.a@MM W32/BleBla.b@MM W32/BleBla@MM W32/BOLZANO.L W32/Britney.ow (McAfee) W32/Buffy.12568.Worm W32/Bugfix W32/Cheval W32/Choke (Sophos) W32/Choke.a.worm W32/Choke.b.worm W32/Choke.c.worm W32/Choke.d.worm W32/Choke.gen.worm W32/Choke.worm W32/Cholera W32/Cholera.worm W32/CIH.Spacefiller W32/CodeBlue.worm W32/CodeRed.a.worm W32/CodeRed.c W32/CodeRed.c.worm W32/CodeRed.d.worm W32/CodeRed.gen.worm W32/CodeRed.worm W32/Crackly@MM W32/Creepy.a@MM W32/Creepy.b@MM W32/Creepy@MM W32/Crypto W32/CryptoLan.gen@MM W32/CTX W32/Demig-A (Sophos) W32/Demiurg W32/Dilbert.worm W32/Disemboweler (Panda) W32/Donald.1_53.Trojan W32/Ducky@mm.90112 (Norman) W32/EMOTION W32/Esmeralda.807 W32/ExploreZip.pak W32/ExploreZip.worm.f W32/ExploreZip.worm.pak.a W32/ExploreZip.worm.pak.b W32/ExploreZip.worm.pak.c W32/Explorezip.worm.pak.IT W32/ExploreZip.worm@M W32/ExploreZipB W32/ExploreZipC W32/ExploreZipG (Sophos) W32/Fever (Sophos) W32/Fever@M W32/Fix@M W32/Fix2000 W32/Flcss (Sophos) W32/FunLove.4099 W32/Funlove.4099.dr (VirusScan) W32/FunLove.app W32/FunLove.gen (VirusScan) W32/Funso@M W32/Giri.GR2 W32/Gnuman.worm W32/GnutellaMan (Sophos) W32/Gorum W32/Hadra@M W32/Hai.worm W32/Haiku.worm W32/Hello (Panda) W32/Hello.worm W32/Hermes@MM W32/Hlam@MM W32/Hll.12355 W32/HLL.ow.24590 W32/HLLP-Yai W32/HLLP.Backdoor.Yai W32/HTM.H[H04.2048 W32/Hybris.dll@M W32/Hybris.gen@MM W32/Hybris.plugin@M W32/IceCube@M W32/Idele W32/InvalidSSL@MM W32/Joined W32/Kernl W32/Killr W32/Kiray.13496 (F-Prot) W32/Kiray@MM W32/Kriz.3863 W32/Kriz.4029 W32/Kriz.4050 W32/Kriz.4270 W32/Lara.worm W32/Laziness (Sophos) W32/Leave.worm.gen W32/Lindose W32/Magistr-a (Sophos) W32/Magistr.a@MM W32/Magistr.b@MM W32/Magistr@MM W32/Mari@MM W32/Marijuana (Sophos) W32/Matcher (Panda, Sophos) W32/Matcher@MM W32/Melting.worm W32/Minda@MM W32/Mix W32/Mix.2048 W32/Mix.dll.dr W32/Modnar@MM W32/Mona.worm W32/Msinit.worm W32/MsInit.worm.a W32/MsInit.worm.b W32/MsWorld@MM W32/MTX.gen@M W32/MTX@M W32/Music@M W32/Myba@mm W32/Mypics.bat W32/Mypics.com W32/Mypics.worm.25600 W32/Mypics.worm.27648 W32/Mypics.worm.34304 W32/Mypics.worm.gen W32/Naked (Sophos) W32/Naked@MM W32/Naver@MM W32/Navidad-B W32/Navidad.e@M W32/Navidad.f@M W32/Navidad.gen@M W32/Navidad@M W32/Net666 W32/NewApt.worm W32/NewApt.worm.c W32/NewApt.worm.d W32/NewsTick W32/Nimda-C (Sophos) W32/Nimda.a@MM W32/Nimda.b@MM W32/Nimda.eml W32/Nimda.htm W32/Nimda@MM W32/Nutload W32/Nymph.gen@MM W32/Oporto W32/Parrot@MM W32/Parvo W32/Parvo-A W32/PasswordStealer.A.Trojan W32/Petik@MM W32/PetTick@MM W32/Plage.worm W32/Press W32/Press.6380 W32/Press.6380.dr W32/Press.6382 W32/Press.6382.dr W32/Press.6386 W32/Press.6386.dr W32/Pretty.gen@MM W32/Pretty.Worm W32/Pretty.worm.gen@MM W32/Pretty.worm.unp W32/ProLin@MM W32/QAZ.worm W32/Qozah-3365 (Sophos) W32/Raoch.A (Panda) W32/Rast.2060 W32/Redemption W32/Redesi-A (Sophos) W32/Redesi.b@MM W32/Redesi.gen@MM W32/Resur.a W32/Resur.b W32/Resur.c W32/Resur.d W32/Roach@MM W32/RunFtp.worm W32/RunFtp.worm.exe W32/RunFtp.worm.script W32/RunFtp.worm.sfx W32/Sabi.Ins W32/Santa.1104 W32/Santana W32/Scooter W32/Scrambler.dr.a W32/Scrambler.g@MM W32/Scrambler.ini W32/Scrambler.vbs W32/Scrambler.worm.a W32/Scrambler.worm.b W32/Scrambler.worm.e W32/Semisoft.59904a W32/Shoerec W32/Shorm W32/Silver.worm W32/SirCam.bat W32/SirCam.dat W32/SirCam.gen@MM W32/SirCam@MM W32/Ska.dll W32/Ska.dll@m W32/Ska@m W32/Ska2K.worm W32/Smash W32/Soft6 W32/SoftSix.worm W32/Sonic.worm W32/Southpark.worm W32/Stator (Panda) W32/Stator.worm W32/Storm.worm W32/Sumo.a W32/Sumo.b W32/Suppl W32/Sysid.worm W32/Tetris.worm W32/Tetris.worm.gen W32/Themba W32/Trinoo w32/Troodon@M W32/Ucon@MM W32/Uncensored@MM W32/Unis.plugin W32/Unis@MM W32/Universe (Panda) W32/Verona W32/Verona-B W32/Vote.a@MM W32/Vote.b@MM W32/Vote.c@MM W32/Vote.defaced W32/Vote.vbs W32/Vote@MM W32/Wally.worm W32/White.worm W32/WinExt.worm W32/Winux (CAI) W32/Xtc W32/XTC@MM W32/Yarik (Sophos) W32/Zmk.55808.Worm (Norman) W95.Babylonia W95.Hybris.Gen.dr W95.LoveSong.988 W95.LoveSong.998 W95.Memorial.7783 W95.MTX W95.MTX.dr W95.Music W95.Smoker.Worm@mm , W95.Ussrhymn@m W95.Zperm.A W95/Anxiety W95/Arianne.1022 W95/Babylonia W95/Babylonia.bat W95/Babylonia.hlp W95/Babylonia.irc W95/Babylonia.plugin W95/Backdoor.DonaldD.Client W95/Backdoor.DonaldD.Server W95/Backdoor.Fix2001 W95/Backdoor.Stealth W95/Backdoor.Tray W95/Backdoor.WinCrash W95/Backdoor/Slydude W95/Begemont.4318 W95/Buffy-A W95/Butano W95/Champagne W95/CIH.1003 W95/CIH.1003b W95/CIH.1003dr W95/CIH.1010 W95/CIH.1019 W95/CIH.1122 W95/Dengue W95/Esmeralda W95/Esmeralda.807 W95/ExploreZip.worm.210432 W95/Firkin.worm W95/FunLove.4099 (F-Prot) W95/Gnuman.A (F-Prot) W95/Halen W95/Heathen.b W95/HLLP.60004 W95/HLLW.Buffy W95/HLLW.MyPics W95/HLLW.Trit W95/Hybris.worm W95/Icq_greets.27648 W95/Kenston W95/Kenston.1874 W95/Kriz.4029.kernel W95/Kriz.4050.kernel W95/Kuang W95/Kuang.dr W95/Kuang.GR W95/Kuang2.cli W95/Kuang2.svr W95/Letter W95/Linong@MM W95/Loader W95/Love.988 W95/Marburg W95/Marburg.b W95/Matrix W95/MTX.9244 W95/MTX.dll@M W95/MTX.gen@M W95/MTX.svr W95/MTX@M W95/Music@M W95/Parvo.13857 W95/Plage.worm W95/Prizm W95/Prizm.4428. (F-PROT) W95/Quza W95/Rainsong.3891 W95/Smash.10262 W95/Spaces W95/Spam W95/Toal@MM W95/Trojan.1_down_3_up W95/Trojan.Cool (F-Prot) W95/Trojan.Ring W95/Troodon@M W95/Urquest.24576 W95/Ussrhymn W95/Weird.10240.A W95/Worm.Nymph@mm (F-Prot) W95/Zperm.a W95/Zperm.b W97/MSteroid.Poppy W97M.Antiv.B , W97M.Automat.H W97M.Black.B , W97M.BMH W97M.Class.F W97M.Class.S W97M.Cross.E W97M.CyberHack.b W97M.DWMVCK1.C W97M.DWMVCK1/ZMK.Gen W97M.DWMVCK1/ZMK.Gen , W97M.Eeffo , W97M.Erab.A W97M.FF , W97m.freespace.a W97M.Heathen.12288.A W97M.Hlam.A , W97M.ITSC W97M.Laroux.KV W97M.Latenit.A , W97M.Lulung W97M.Madcow W97M.Melissa.BG , W97M.Melissa.w W97M.OutlookWorm.Gen W97M.Overlord W97M.Relax W97M.Satt.A W97M.Service.A W97M.Shepmah W97M.Shining.A W97M.Sin.A.intd , W97M.Snake , W97M.Sting , W97M.Syndicate.A , W97M.Taro , W97M.ThirtyFour.A , W97M.Volcano.A@mm , W97M.Vortex , W97M/Activ W97M/Afeto.A@MM W97M/Aleja W97M/Aleja.a W97M/Aleja.a1 W97M/Aleja.k W97M/Alina.a@mm W97M/Antisocial W97M/AntiSocial.e W97M/Antisocial.g W97M/Antiv.a W97M/Appder.a W97M/Appder.ah W97M/Appder.B W97M/Appder.I W97M/Appder.L W97M/Appder.w W97M/Arbeit W97M/Argh W97M/Armagidon.a W97M/Ashu.a W97M/Assilem.A W97M/Assilem.B W97M/Assilem.c W97M/Assilem.g W97M/Astia W97M/Astia.y W97M/Bablas.a W97M/Bablas.k W97M/BackHand-A W97M/BackHand.A W97M/Balloon W97M/Beast W97M/Bebop.gen W97M/Bench.g W97M/Bench.gen W97M/Berau W97M/Bethlem W97M/Bibdot W97M/Bleck W97M/Blink.worm W97M/Blowup.a W97M/Bobo W97M/Bobo.gen W97M/Bogor.b W97M/Breeze.A (F-Prot) W97M/Breeze.B W97M/Breeze.C W97M/Breeze.D W97M/Breeze.E W97M/Breeze.F W97M/Breeze.gen W97M/Brenda.A W97M/Bridge.a W97M/Buendia.A W97M/Cakes W97M/Caligula.a W97M/Camino.a@MM W97M/Candle.a W97M/Candle.gen W97M/Chack.am W97M/Chack.B W97M/Chack.BE W97M/Chack.BZ W97M/Chack.F W97M/Chack.H W97M/Chack.K W97M/Cham.A@mm W97M/Chameleon W97M/Chameleon.a W97M/Chameleon.b W97M/Chameleon.c W97M/Chameleon.gen W97M/Chameleon.src W97M/Chameleon.vbs W97M/Change.A W97M/Chantal W97M/Chantal.B W97M/Chantal.gen W97M/Chantal.src W97M/Chiao W97M/Choong W97M/Chronic (4117 DAT)
"History doesn't repeat itself, but it does rhyme." Mark Twain
100% agreement. Any benifit procured by of /anyone/ centralizing all my information is far outweighed by the potential security risks associated with a central store approach like .NET
/dont/ have a choice. I don't think we've seen the last of the anti-trust suits.
The only conceivable climate in which people would accept, in droves, this kind of information collection is if they perceive they have no choice or are unaware of the whole thing in the first place (as noted by the writeup, many hotmail users fall into this category). And guess what? MS is entrenched enough into our infrastructure such that you really
Unfortunately, I suspect that MS is relatively safe until the economy is back up 'n running, for obvious reasons. But I truely do believe MS is headed for a serious butting-of-heads with the public at large following their inevitable first security fiasco.
"Old man yells at systemd"
Comment removed based on user account deletion
The PGP signature is not really relevant here.
If it was said by a guy down the street, Scott McNealy himself, or Bill Joy, you should judge the arguments on their own merit.
The argument is, "aside from power and misuse, can you trust Microsoft on security"? That's raises a pretty tough question for Microsoft to answer. They can't rely on track history to pull them out of this one. And it'll be hard to come up with a rock-solid defense.
Good play by Sun.
One of the things that might balance out this power is simple: proper scale of reward and punishment. If Microsoft could be punished immediately and strongly if Passport failed in its security, and if there was a second organization that could be rewarded immediately and strongly if they could cause Microsoft Passport to fail, they we might have a mechanism to keep it safe. Something like this would need to be supported unequivocably by the government. Perhaps a $1,000,000,000 bounty on the security of Passport would be appropriate, taken from Microsoft's cash reserves in trust. The reason this might be good, is that a centralized repository of information would actually be really convenient and if it was secure would provide a lot of real value to people and therefore the economy. As an aside, I thought it ironic that the authors dismiss the issue of corporate power so offhandedly. Certainly corporate power is one of the major issues of the late 20th and early 21st centuries.
Helping with organizational effectiveness is our job.
Especially considering that their .Net "competior" not only collects just as much information, but shares it with many OTHER large businesses.
.Net plan either. However, Sun is the pot calling the kettle black here.
I don't think the fact that their annoucnement a month or so came with the backing of 2 major airlines, 3 banks, a plethora of retailers, mjultiple financial institution, etc. was an accident.
Don't get me wrong, I'm not really for the
-Jayde
What's a sig?
Check the license. Look, but don't touch.
Check the licence for UNIX -- Same deal. Note that we now have a few fully functional Unix clones, but nobody's ever gotten close with Windows.
You can say what you want about the old school "Open Standards" theory relative to "Open Source", but it's better than what you are getting from proprietary vendors.
Whenever I hear the word 'Innovation', I reach for my pistol.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
The article doesn't mention Java once. In fact, I doubt Diffie much cares. He is concerned that .NET centralizes all your personal information on Microsoft servers (mostly written in C/C++ incidentally).
Presuming you're referring to Java vs. C#, neither is proprietary.
Java (the language) has an open specification, and RedHat 7.2 ships with a Gnu Java compiler as part of gcc 3.x. There are also many other non-Sun Java implementations. Having great free-as-in-beer development tools and runtimes doesn't hurt either!
C# the language has been submitted to ECMA, and is also being implemented in Mono by Ximian. We'll see how things work out with it, but calling it proprietary isn't correct either. Other parts of .Net are certainly proprietary, including for instance the GUI library for C#. There are no Microsoft free-as-in-beer development tools for C#.
Personally, I think Java is by far the better idea between those two, and that it will pick up desirable features like operator overloading and lightweight objects with time. At least it is pretty solid and fast after 6+ years of development.
Of course there are other reasons to avoid Microsoft products and initiatives (my polemic for the day;).
299,792,458 m/s...not just a good idea, its the law!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
For more about why programs are getting less secure as time goes by, not more (and other interesting security-related topics, too), I highly recommend Secrets & Lies: Digital Security in a Networked World by Bruce Schneier. (/. had a review of it last year.)
Although Whitt 'invented' Public Key Cryptography he is not a cryptographer in the sense many on the list seem to think. He is not interested much in algorithms, of the 20 odd times I have heard him speak in public or private I can only recall one occasion where we were discussing an algorithm and that was in the context of the Venona decrypts.
Whitt's almost exclusive interest is public policy concerning privacy and security. While Whitt has probably cleared his talk through Sun's PR office he is quite obviously the instigator of the piece.
The point he is making is much broader than .NET, as I am sure Whitt will explain later on. For the time being however it makes tactical sense to identify the problems with newly proposed schemes even though the real exposure comes from existing databases.
What I believe Whitt is up to is re-interpreting the privacy concerns of the pre 9/11 world as security threats in the post 9/11 world.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
You're either against .NET and pro SUNW, or you're with the terrorists.
Did anyone expect Sun to say anything other than "Not only is .NET technically inferior to our offering, but it's bad for US society". The only reason that they're not saying ".NET will cause the death of baby seals worldwide" is because you can prove that baby seals worldwide aren't dying.
http://www.gotdotnet.com/team/compare/petshop.aspx
.NET with f.e. C# ? According to this test (the J2EE petshop example) the choice is a no-brainer.
Ok ok ok ok OK!! it's a MS funded site, nevertheless, the code is available and you can judge for yourself: should you stick with Sun and their J2EE or should you prefer
Never underestimate the relief of true separation of Religion and State.
If it was open, Microsoft could implement it their own way and bundle it with the OS, making it a new defacto standard. If I were Sun, I wouldn't want to risk that.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
When Microsoft tried calling J++ code "Java", it was guilty of false advertising. Plain and simple. Sun took away Microsoft's "right" to lie about what language it was implementing. (One of the rules of Java is about *where* you put extensions to the language such that they are obviously outside the portable portion of Java. MS could make as many additions to Java as they wanted. They just weren't allowed to lie to the public by making the additions appear to be part of the standard java.* classes. They had to call them something else. That's all. And they weren't willing to do so. They deserve NO SYMPATHY over this. NONE.)
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Actually, I was going to hit that paragraph, but I was too bored with this whole thing. But since you bring it up...
Microsoft's security record is nothing to brag about. Windows is the most widely used yet one of the least secure operating systems around.
OK, least secure "operating system". Got it.
Microsoft programs have shown themselves vulnerable to worms, viruses, and break-ins, on Microsoft's own computers and on everybody else's.
Or wait... are we talking about applications now? Apparently the guy doesn't understand the difference.
The Melissa virus spread through Microsoft's word processing and e-mail programs, sending itself to the first 50 people in each of the infected machine's address lists.
Which, of course, was a behaviorally spread virus, not a security problem. In other words, the problem was the software was too feature filled. Not to let Microsoft off the hook, but what does this have to do with Passport?
A year later the ILOVEYOU virus infected the Web through a different part of Microsoft's e-mail package.
Ditto. Again, what does this have to do with Passport?
More recently Microsoft's own internal systems were hacked, and the intruders spent over a month accessing system source code, likened to Microsoft's "crown jewels," before their unlawful entry was discovered.
Which, of course, had nothing to do with Microsoft's technology, and everything to do with their internal security policies. Political, not technical.
Absolutely nothing above has anything to do with technical flaws in Passport.
Again, I have to ask... What is the guy advocating?
Sometimes it's best to just let stupid people be stupid.
So write your own program instead of building on someone else's work. Or simply don't distribute the resulting program outside of your company after you add your module. Any way you look at it, it's still no more restrictive than copyright, and in most cases much less restrictive.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Sadly, consumers won't be aware of what is going on and will be the ones to get shafted by it.
Now, as for what should/could be done about this... I don't know. Maybe the guv'ment should put out some kind of warning if enough techincally minded people agree, or maybe other private organizations should, I dunno. Personally, I really don't care, it's not going to affect me.
Your sig
"Many innocent Germans died, but that doesn't mean we shouldn't have destroyed the Nazis."
Damn right. If it can be done, I think it's time to wipe Al Queda out, and the Taliban as well. Help the people setup a new government, try to help them develop an economy that isn't based on drugs... I'm tired of hearing from Taliban/Al Queda sympathizers...
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Bah. Why should we listen to this "Diffie" character? I mean, what kind of a security expert is he anyway? It's not like he contributed anything useful to the field or anything... ;-)
Actually currently its only for their Mobile Internet Toolkit, which is a programming environment for Internet Solutions, includig many libraries. That state that they worry that the GPL will retroactivly force MS to GPL those libraries permanently. If they are allowed to work together. Which is completly and total horeshit.
The license has to following bits
By way of example but not limitation of the foregoing, Recipient shall not distribute the Software, in whole or in part, in conjunction with any Publicly Available Software. "Publicly Available Software" means each of (i) any software that contains, or is derived in any manner (in whole or in part) from, any software that is distributed as free software, open source software (e.g. Linux) or similar licensing or distribution models; and (ii) any software that requires as a condition of use, modification and/or distribution of such software that other software distributed with such software (A) be disclosed or distributed in source code form; (B) be licensed for the purpose of making derivative works; or (C) be redistributable at no charge. Publicly Available Software includes, without limitation, software licensed or distributed under any of the following licenses or distribution models, or licenses or distribution models similar to any of the following: (A) GNU's General Public License (GPL) or Lesser/Library GPL (LGPL), (B) The Artistic License (e.g., PERL), (C) the Mozilla Public License, (D) the Netscape Public License, (E) the Sun Community Source License (SCSL), and (F) the Sun Industry Standards License (SISL).
Very true. The real "Men In Black" are a medical database called Medical Information Bureau. It has records on about 15 million Americans and Canadians, according to Privacy Rights Clearinghouse.