We all know that Linux (especially in combination with Apache) rules the server space. However, widespread adoption in other spaces seems elusive; only developers and geeks run it as a desktop OS, microkernel architectures tend to be preferred for embedded applications (where I'm betting the Hurd will do well), and nobody outside of IBM uses Linux to run a wristwatch.
Where do you see future growth for Linux? Do you think ease-of-use issues (e.g., recompiling the kernel to support a newly-installed device) will eventually be conquered, allowing broader desktop adoption, or will Wine be the key, by pushing back application availability horizons? Will my consumer appliances run linux anytime soon? My car's dashboard?
You know, if customers were really demanding the product because it was better (by whatever standards) than alternatives, I'd buy the argument. Unfortunately, much of the "demand" exists because Microsoft has suppressed alternatives in the market and engaged in predatory licensing practices that limit OS offerings from major PC vendors.
For those reasons, I don't buy the "customer oriented" argument at all. They don't drive demand, they reduce choice.
My question was not about individual security flaws. Everyone knows that every product has those. I don't know why (if you actually read the article and the rest of this thread) you think I don't understand that mistakes get made.
My question was about the set of attitudes and practices that systematically ignore the most basic security principles and lead to frequent releases of software with gaping security holes. Note the difference: honest mistakes vs. deliberate adoption of poor doctrine and practices. If you don't get it now, I can't be bothered to explain it to you further.
Anonymous cowards like you hurt the whole site. So why don't you shut the fuck up?
First off, my argument was neither vague nor hand-waving, and I happened to give a concrete example. I brought up a pretty basic issue with how Microsoft builds software that affects corporate security the world over.
My response? He gave me some hand-waving bullshit about how Microsoft is "sensitive to the growing security threats to [their] customers", and answered my specific example by saying that a patch made it all better (which, you may have noticed, it did not). He did not address the larger concern - and the thrust of my question - which was how such ill-designed software got out the door in the first place.
So, he did not answer my question. He dodged it, hoping that saying "Microsoft is conscious of security" would make it so.
I know the pitfall you're speaking of, but I don't think I'm doing that here. I really don't feel like I got anything out of this that I couldn't have read in any of Microsoft's content-free press releases. For example, just saying that "Microsoft has always been a customer focused company" neither makes it so nor does it represent an answer (or even a useful part of an answer) to a question about how the anti-trust case has affected MS's interoperability strategy. It's a feel-good non sequitur.
It sounds neat, for sure, but pair programming is the one part of XP I don't buy into. It would drive me nutz - there would be constant conflict over which Slashdot articles to look at while goofing off...
More seriously, I find (from working in a couple places) that frequent and vigorous code reviews coupled with a reasonable coding standard fill the "constant QA" gap rather well - no need to set two employees to cramping each other's style.
OTOH, historical examples aside, when was the last time you heard about an active-content worm trashing some significant portion of all *nix mail servers? Not that worms or insecure mail software don't exist on *nix platforms, but I think a case can be made for singling out Microsoft's negligence, especially in light of their unresponsiveness to security issues that don't get lots of press.
This sounds like Microsoft finally figured out that users hated it when Windoze's "plug-and-play" functionality misdetected or failed to detect new hardware, and generally made upgrades a nightmare. So rather than make it easier, they simply forbid upgrades, thus removing this blemish on the user's "experience".
Will the Mac (or OS/2, or any other computing platform) ever again achieve better than Ugly Stepsister status as regards Microsoft's application development efforts?
Why does it seem that Microsoft routinely ignores glaringly obvious security concerns in favor of "convenience"-related features? Is this a false impression, and if so, why is that the impression so many security professionals form when confronted with the history of security in Microsoft products?
As an example, I'd single out (though it is by no means the only example) Microsoft Outlook. The inclusion of active code (scripts, ActiveX controls) in what was formerly static data (SMTP email) combined with defaulting to the least secure configuration (opening and running emails without user intervention) left the door wide open for the Melissa virus and its desendants. What happened here?
If Microsoft is not a monopoly (or at any rate, a company having equivalent power in the market), why then have numerous MS flacks promulgated the idea that the economy would be irretrievably harmed by breaking up the company or hindering its operations in any way?
And what about public domain titles, or those titles that the copyright holder has released for free distribution? Or those titles that a independent, non-RIAA copyright holder WANTS pirated to increase his exposure?
Where does the RIAA get off thinking they should be the sole aribter of what it's OK to distribute?
This just gives me that much more motivation to continue my payware music boycott - only pirated music for me until the big record companies back off on content control and actually start paying the artists instead of screwing them.
You bring up an interesting point, but OTOH, we are in fact asking the man about that very work. I mean, committees and voting on bills and writing legislation are what the man does, and that's why he was courted for this interview in the first place. I don't think it should come as a surprise that his answers to our questions about technology legislation should get into specifics like this.
My question made it! I feel cooler than I've felt since last Thursday...
More seriously, kudos to Rep. Boucher for his candid answers and for Getting It. I, for one, will be getting on his "activists" mailing list, as well as dropping him a personal thank-you note.
If this doesn't wake people up to the problems with the very idea of certification authorities, I don't know what will. Any public key infrastructure hinging on trust of a central authority like this is doomed to fail, and in exactly this spectacular manner.
That may sound like a bold statement, but if you think about it for a moment, can you ever trust an automated software update again, even a "secure" one?
MSNBC (and a few Greenpeace cranks) are probably the only ones who think so. Those assholes will publish anything if they think it will inspire enough fear to impel people to read more MSNBC "news" and get "informed".
I had heard (though I have no substantiation for it just now) that the Blair Witch fansite hype was also partially manufactured by the film's creators.
you just pointed to a group of less than 600 people and said, "Most of you are corrupt".
Yes, I did. Most of them are. I still don't understand why you think I should be dishonest in my assessment of the performance of people whose services I am paying for. I simply won't lie about it, and I won't treat them like porcelain figurines just because they happen to be elected officials. They put their pants on the same way the rest of us do...
Try telling a salesman, "Most of you guys cheat the customer" and see what kind of service you get.
On the other hand, a good and self-examining Congressperson (or salesman, for that matter) might actually have noted the problem and be willing to take pains to differentiate himself from the pack.
The fact of the matter is, if he's honest and even half wise, then logically he should understand the question, not take it personally and address the issue. If he balks, then that doesn't mean he's dishonest, but might suggest that he hasn't thought through (or does not wish to think through) what is probably the single largest issue that concerned and engaged citizens have with the U.S. Congress.
First, I didn't attack him personally. Admittedly, I did make a statement about his profession and peers, but one with a great deal of evidence supporting it.
And secondly, yes, this is exactly how I address a United States Congressman. If the relationship is unclear, allow me to spell it out for you: He works for us, and however much I might like Representative Boucher's enlightened approach to technical issues, I don't feel the need to couch my deep and irate dissatisfaction with the poor practices and performance of the U.S. Congress in genteel terms.
Further, I'm interested to see how he responds - will he dodge the issue, or address it? Whether you're too shy or cowardly to bring it up to a Congressman's face or not, well-monied special interests do buy legislation, and that is a problem. Since I personally get screwed out of tax dollars and civil liberties when this happens, I don't think I'm out of line to bring up the issue in a plain-spoken manner and ask that it be addressed.
That, and today I'm just in the mood to take advantage of the First Amendment while it still exists in substantially it's current form. So go screw, Miss Manners.
Much recent technology legislation - most notably the DMCA and UCITA - seem unreasonably skewed toward large corporate interests seeking copyright, patent, and licensing protections in the digital world they don't enjoy in the analog world. I don't think it's a secret to anyone that such legislation is all but purchased outright through campaign contributions and soft-money party donations.
Many American citizens, unfortunately, don't have sufficient education or interest to be able to assess how technology legislation affects them, their wallets, and the media they consume, and the mainstream media don't help them understand the technical issues, the legislative process, or the influence of money in politics any better.
My question related to this is: What can the more technically-aware citizenry do to steer the law back to a more reasonable course? How can we convince or coerce our elected representatives into replacing sane limits on copyright, sane policy toward retail taxation in digital markets, and a sane approach to regulating the Internet that recoginizes the opportunites and limitations inherent in the medium?
Slashdot Mirror
We all know that Linux (especially in combination with Apache) rules the server space. However, widespread adoption in other spaces seems elusive; only developers and geeks run it as a desktop OS, microkernel architectures tend to be preferred for embedded applications (where I'm betting the Hurd will do well), and nobody outside of IBM uses Linux to run a wristwatch.
Where do you see future growth for Linux? Do you think ease-of-use issues (e.g., recompiling the kernel to support a newly-installed device) will eventually be conquered, allowing broader desktop adoption, or will Wine be the key, by pushing back application availability horizons? Will my consumer appliances run linux anytime soon? My car's dashboard?
Thanks for your time.
- Brad "Toaster: Kernel panic" Heintz
--
fp?
OK,
- B
--
Thanks! You make the point well.
--
For those reasons, I don't buy the "customer oriented" argument at all. They don't drive demand, they reduce choice.
OK,
- B
--
My question was not about individual security flaws. Everyone knows that every product has those. I don't know why (if you actually read the article and the rest of this thread) you think I don't understand that mistakes get made.
My question was about the set of attitudes and practices that systematically ignore the most basic security principles and lead to frequent releases of software with gaping security holes. Note the difference: honest mistakes vs. deliberate adoption of poor doctrine and practices. If you don't get it now, I can't be bothered to explain it to you further.
OK,
- B
--
First off, my argument was neither vague nor hand-waving, and I happened to give a concrete example. I brought up a pretty basic issue with how Microsoft builds software that affects corporate security the world over.
My response? He gave me some hand-waving bullshit about how Microsoft is "sensitive to the growing security threats to [their] customers", and answered my specific example by saying that a patch made it all better (which, you may have noticed, it did not). He did not address the larger concern - and the thrust of my question - which was how such ill-designed software got out the door in the first place.
So, he did not answer my question. He dodged it, hoping that saying "Microsoft is conscious of security" would make it so.
OK,
- B
--
OK,
- B
--
More seriously, I find (from working in a couple places) that frequent and vigorous code reviews coupled with a reasonable coding standard fill the "constant QA" gap rather well - no need to set two employees to cramping each other's style.
OK,
- B
--
OK,
- B
--
OTOH, historical examples aside, when was the last time you heard about an active-content worm trashing some significant portion of all *nix mail servers? Not that worms or insecure mail software don't exist on *nix platforms, but I think a case can be made for singling out Microsoft's negligence, especially in light of their unresponsiveness to security issues that don't get lots of press.
OK,
- B
--
This sounds like Microsoft finally figured out that users hated it when Windoze's "plug-and-play" functionality misdetected or failed to detect new hardware, and generally made upgrades a nightmare. So rather than make it easier, they simply forbid upgrades, thus removing this blemish on the user's "experience".
Anyone buy that theory?
OK,
- B
--
--
As an example, I'd single out (though it is by no means the only example) Microsoft Outlook. The inclusion of active code (scripts, ActiveX controls) in what was formerly static data (SMTP email) combined with defaulting to the least secure configuration (opening and running emails without user intervention) left the door wide open for the Melissa virus and its desendants. What happened here?
OK,
- B
--
OK,
- B
--
Where does the RIAA get off thinking they should be the sole aribter of what it's OK to distribute?
This just gives me that much more motivation to continue my payware music boycott - only pirated music for me until the big record companies back off on content control and actually start paying the artists instead of screwing them.
OK,
- B
--
OK,
- B
--
More seriously, kudos to Rep. Boucher for his candid answers and for Getting It. I, for one, will be getting on his "activists" mailing list, as well as dropping him a personal thank-you note.
OK,
- B
--
That may sound like a bold statement, but if you think about it for a moment, can you ever trust an automated software update again, even a "secure" one?
OK,
- B
--
Feh.
OK,
- B
--
Anyone have links or more info?
OK,
- B
--
OK,
- B
--
Yes, I did. Most of them are. I still don't understand why you think I should be dishonest in my assessment of the performance of people whose services I am paying for. I simply won't lie about it, and I won't treat them like porcelain figurines just because they happen to be elected officials. They put their pants on the same way the rest of us do...
Try telling a salesman, "Most of you guys cheat the customer" and see what kind of service you get.
On the other hand, a good and self-examining Congressperson (or salesman, for that matter) might actually have noted the problem and be willing to take pains to differentiate himself from the pack.
The fact of the matter is, if he's honest and even half wise, then logically he should understand the question, not take it personally and address the issue. If he balks, then that doesn't mean he's dishonest, but might suggest that he hasn't thought through (or does not wish to think through) what is probably the single largest issue that concerned and engaged citizens have with the U.S. Congress.
OK,
- B
--
And secondly, yes, this is exactly how I address a United States Congressman. If the relationship is unclear, allow me to spell it out for you: He works for us, and however much I might like Representative Boucher's enlightened approach to technical issues, I don't feel the need to couch my deep and irate dissatisfaction with the poor practices and performance of the U.S. Congress in genteel terms.
Further, I'm interested to see how he responds - will he dodge the issue, or address it? Whether you're too shy or cowardly to bring it up to a Congressman's face or not, well-monied special interests do buy legislation, and that is a problem. Since I personally get screwed out of tax dollars and civil liberties when this happens, I don't think I'm out of line to bring up the issue in a plain-spoken manner and ask that it be addressed.
That, and today I'm just in the mood to take advantage of the First Amendment while it still exists in substantially it's current form. So go screw, Miss Manners.
OK,
- B
--
OK,
- B
--
Many American citizens, unfortunately, don't have sufficient education or interest to be able to assess how technology legislation affects them, their wallets, and the media they consume, and the mainstream media don't help them understand the technical issues, the legislative process, or the influence of money in politics any better.
My question related to this is: What can the more technically-aware citizenry do to steer the law back to a more reasonable course? How can we convince or coerce our elected representatives into replacing sane limits on copyright, sane policy toward retail taxation in digital markets, and a sane approach to regulating the Internet that recoginizes the opportunites and limitations inherent in the medium?
Thanks,
- Brad Heintz
--