Slashdot Mirror
Openness and Security on Campus
djeaux writes "The April issue of Syllabus includes an interview with Jeff Schiller, Network Manager at MIT, about openness and security in academic computing. Schiller has some interesting things to say about product liability for software, including an out for open source software and boils security down to a simple maxim: You must install patches. He also says that what makes security hard is that it's a 'negative deliverable.'"
Well I probably should of been more specific in what I wrote. In a hurry to eat lunch, free Chinese food from the Windows server admins.
;-)
I believe in an open academic network for the students, faculty and researchers.
But for the administrative computing, where I work, which does all the data processing, there is no reason for an open network.
The funny thing is is that the major research projects we have on campus, have erected firewalls to protect themselves. And basicaly have told academic computing to go screw themselves and their patch only policy. And these firewalls are being mandated by the 'personalities' and Nobel laureates that we have here. Actually we have more Nobel laureates than MIT has
The canonical example is Windows NT Service Pack 6, which broke Lotus Notes (both server and client). Note (ha ha) that Notes had at that time both the largest market share and by far the largest installed base of any corporate e-mail system. Microsoft denied the problem for about 6 weeks, then suddenly released SP6a with no explanation.
That's the worst I know of (since it was marked a security release, and since it affected so many sites), but I have certainly run across others.
And while I agree Microsoft can't test _every_ 3rd party app out there, I do think that given their 96% desktop market share (at that time; closer to 99% today) that they have a responsibility to test the leading apps of the leading functions, whether or not they are Microsoft's. Novell certainly used to do that.
sPh