I just looked around for something that would let me play ogg files on my Jornada, but I couldn't find anything. Does an application to do this exist?
I use my jornada as my portable audio player, even though it's not really very good as an MP3 player. If there was an app out there, I could switch to ogg without any trouble.
Does anyone remember the fight over the clipper phones? The clipper system used mandatory private key escrows. The idea was that if you bought a clipper phone, the secret key would exist in a government db somewhere. If they wanted to wiretap you, they'd just have to look your key up and decrypt the signal.
It wasn't a rejection of the clipper ideology that sank the proposal. It was a proof that it would be possible to build counterfeit clipper phones that would interact with the system. The NSA screwed up, they built a system that wasn't strong enough.
It seems to me that palladium would face a similar challenge. How do they differentiate between a rogue board that pretends to be palladium compliant and a real one? Especially in a world with flashable BIOS?
What's to stop people from buying boards that will be palladium switchable? If you want to run Windows, you can set the BIOS one way, if you want to run Linux, you can set the BIOS to disregard it?
Or what's to stop people from making boards that accept any signature without checking it? MSs software would think it was on a palladium compliant system, but you could run whatever you wanted.
I think the community's response to DRM is wrong. I don't think that the analysis of it is wrong -- it's a very negative technology. But I think the response is a little off.
If MS wants to put the interests of the large media companies ahead of the interests of its own customers, the people who actually buy the computers and the software, why not let them take it to the market? Let's let the market decide what it thinks of that. Let's give them enough rope to hang themselves.
The thing that we have to worry about is some sort of legal framework that requires all computers to respect some DRM system.
MS is way ahead on the desktop, and their systems have gotten a lot better than they used to be. The only way they're going to get dislodged from that position is by making a really catastrophic mistake.
This could be that mistake!
I think there's a lesson in the current stock market scandals. The big companies can buy legislators. They've shown that they can derail effective regulation of accounting rules. They can set things up so that a crooked CFO who bilks people out of billions and sends the markets into a spiral that wipes out the savings of millions of people gets a lighter punishment than a punk who robs a liquor store.
But in the end, there's nothing they can do against the force of the market itself. They got cocky -- they thought they could get away with anything. It turns out that they can't.
I think that WalMart is trying to push prices lower, and that choice is a byproduct of that. They are as feared and hated in their circles as Microsoft is in the tech world.
Small computer shops in California are selling decent PCs without OSs or monitors for under $300. The cost of the OS is becoming a more significant chunk of the total price, and if you want to push the prices way down, you've got to confront it.
For all we know, this is brinksmanship, and Wal Mart is just trying to push MS into giving them special deals on OS pricing. They've done that to other suppliers.
Whatever you think about Napster, the editor's comment on this story is lame.
Putting a murderer in jail doesn't put a stop to all murders. Does that mean it's a waste of time?
We're blowing this argument, and when we lose, everyone's going to blame the record companies, but it's going to be our own fault.
Defending stealing is wrong, and as much as everyone likes free stuff, it's just not possible that the "stealing is ok" argument is going to fly in the courts and in congress over the long run.
The other lame argument that people make is that "the record companies would be better off if they allowed sharing." Maybe. Probably not. But the point is that it's their property, and they get to decide what to do with it.
There are two issues on the table. The one that everyone talks about is piracy. There's no way to win this in the law, although technology will probably make it possible to steal music and share it over the net for the foreseeable future.
The other one, and the one that is winnable, is about whether or not there will be open electronic distribution systems. Right now entertainment companies control distribution, and that's how they make their money.
Movie studios make money by controlling access to the multiplexes -- indpendent films have to make "distribution" deals if they want to be seen. And if you want your CD in the Virgin Megastore, you've got to cut a deal with a big label. That's the toll booth.
The entertainment companies are using the piracy issue to cover up their other agenda, which is to avoid open distribution at all costs.
And their biggest allies aren't corrupt senators, they're whiny assholes with a sense of entitlement, sitting on their asses, believing that the world owes them free eminem records.
The arguments for stealing marginalizes the people who make it. It marginalizes the public's interest. It's suicidal politically and morally bankrupt.
O'Reilly's Safari lets you read books online. It's a lot cheaper than buying the books, and for things you don't absolutely need on your shelf, it's a good deal.
It's really easy to use basic SSH, but managing keys and using the more advanced forms of authentication is more of a hassle. You can read the docs, search the web for tutorials, or you can spend a safari point (a couple of bucks) to get full access to the book online.
I haven't read the book, but I imagine that it would be helpful for people who want to do things like run automatic backups over the network through a SSH tunnel.
People have been arguing about the balance between standard formats that are easy to parse and move between systems and complex formats that make searching easier.
What we need is a standard DTD or schema for mail data that all well written email systems can understand. If everything can import and export XML representations of email, the internals aren't so important.
Linux seems to be drifiting, very slightly and relatively slowly now, towards a place where a couple of companies exert a kind of defacto control over it.
The licenses are still open, but as a practical matter, most of the core development is being done by corporate people that are concentrated in a few companies like RedHat, and to a lesser extent, IBM.
Do we low end users have cause to worry about this? Does IBM worry about the control that a company like RedHat has over IBM's Linux initiative? And is it really possible, as a pratical matter, for technology as complex as GCC to be forked by volunteers?
The problem I have with the media companies is that they're trying to construct electronic delivery systems that have two characteristics.
The first is that piracy would be difficult, although not impossible. In my view, this is pretty hard goal to argue against.
The second goal is the one I have trouble with. They're trying very hard to avoid electronic distribution systems that would mitigate their existing advantages.
Right now the big media companies are the gatekeepers of the existing distribution system. If you want to get a record into the stores, or if you want to get a movie into the multiplex, you need a big company's help, and in practice, that means you have to give them more than half of the money.
There has always been piracy -- I'm 40, and I used to make extensive use of my cassette deck, as did everyone else I knew. Piracy is nothing new. What's new is the potential for media distribution systems that give individuals and small independent companies the same sorts of access to the public that the big companies have.
The media companies want to prevent piracy. But I think that we have to do what we can to shift the emphasis away from piracy, and towards the creation of open distribution systems.
Now one problem with open systems is that people will buy something and resell it or give it away. My argument is that this inevitable fact doesn't outweigh the overwhelming public interest that would be served by open distribution systems.
Let the media companies go after pirates after the fact. Give them stiff peanalties, something that will defer people from sharing songs for free on the net. Why give something away when there's a real downside, and no upside?
Let the media companies choose the formats they use for their products -- if MS wants to make a player that will try to validate the user as an authorized owner, and they want to use that, that's great. Let them come out with new electronic audio players that will police their media rights.
People whine about the new celine dion cd coming out in copy protected format, but that's the right of everyone involved. Celine Dion doesn't owe me free music, and neither does her record company.
But it's fundamentally unfair for the government to get between you and I, and say that we can't exchange a song that one of us created over a network in a specific format, because that format doesn't provide the media companies with assurances that the song wasn't pirated. That's an unreasonable burden to put on us, and it will, to use a MS phrase, "stifle innovation."
It seems to me that the core problem here is that the media companies take a big bite out of the transaction because they control access to the distribution system. Without that gatekeeping role, they don't produce enough value to justify their cut.
Unfortunately for them, computer networks are going to wipe out that gatekeeping role unless people like your Representative vote for laws that provide artificial support for it.
It sucks for them, just like automobiles sucked for buggy whip manufacturers. But it's good for the world.
Let them build whatever system they want (crippled cd's and authenticating players and all), but don't force everyone to use it.
Make sure that we preserve the ability to build alternative systems.
The site www.christopherrjones.com is running Apache/1.3.20 Sun Cobalt (Unix) PHP/4.2.0 mod_ssl/2.8.4 OpenSSL/0.9.6b mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 on Linux
The sun cobalt stuff is a little confusing. I think it's a linux box, though.
First of all, if MS isn't confronted on its monopolistic tactics, it might not be possible to run other software. The guy in the article was arguing for that ability.
Second of all, people are doing a lot of work to make linux better. Herculean efforts are underway as we speak. Hang out at the dot (dot.kde.org), or at any number of sites at sourceforge if you're missing out on it. Or at freshmeat. Or any one of hundreds of other sites.
Finally, the line about "microsoft and its gayness" was kind of offensive.
I suggest that when/. stories are approved, they be visible only to subscribers for 15 minutes. During that time, posting would be locked, so subscribers wouldn't dominate the discussions. It would be a Bad Idea to let people who pay have an edge in the debate.
The idea behind the suggestion is that subscribers would be able to actually read the stories before the/. effect shuts down the affected sites.
This is the only thing I can think of that would induce me to pay for/. I'm sorry, but I'm cheap, and that's the reality of the situation.
This is the beginning of the revolution
on
Google to Offer API
·
· Score: 5, Insightful
This is really fantastic. I can already think of a dozen scripts or so that I'd like to write to take advantage of this. I love the fact that this is from a Ruby list, and it's about Google. It's not MSDN and MSN.
They'll need a business model of some sort -- without the ads, and with the potential this has to hammer their servers, they'll need to meter access to the API in some way. But I'll pay -- where do I sign up?
I'll bet that this is how they'll end up making most of their money a couple of years from now.
"When it comes to business vs design decisions, MS has always gone for biz."
That's true, and I think that a lot of these security holes are a direct result of MS making bad design decisions for technical reasons.
They're not stupid -- they know that "leveraging" one product by including hooks for another creates security problems, but they know it also creates business opportunities. That's they they did it.
But I also think we're seeing a realization from MS that they're going to take some hits on the business side if they don't address security concerns.
The question that Schnier rasies, implicitly, is this:
How much disruption of their current business strategies is MS willing to tolerate for the sake of security?
In the end, I suspect it will come down to a cost benefit analysis. Let's hope the numbers come down on the side of security.
Obviously Bill Joy knows a lot more about this stuff than I do; but I think he, and many of Microsoft's critics as well as supporters, are missing a crucial piece of the puzzle.
Many of the features that have contributed to MS's insecurity were there not because MS's engineers were too dumb to think clearly about security, but because other people decided that there was an overriding business interest that the features would serve.
Specifically, these features usually tend to be part of the MS strategy of leveraging success in one sector into another. If you use office, it makes sense to choose VB as your scripting language. If you know VB, it makes sense to run IIS. That's why there's a VB interpreter inside every office app.
I think that what we've seen from MS is an official change in policy -- they're saying that business considerations now suggest that security should be the #1 priority. They're admitting that the market will punish them for security holes, and that they can't sacrifice security to establish leverage from one sector to another.
MS has always put business concerns over technical ones. For that reason, a lot of/. posters have make comments to the effect that MS isn't capable of delivering technically. It used to be the conventional wisdom here, for example, that any MS OS was destined to crash repeatedly.
It turned out that when MS saw Unix and Linux as a threat, and when they decided that reliability was one of the biggest advantages that Unix/Linux offered, they took reliability seriously and made enormous progress in a relatively short period of time. This suggest that Windows crashed not because MS *couldn't* make it reliable, but because it wasn't a *priority* for them to do so. As soon as they saw a change in the business climate on the edge of their radar screen, they changed their behavior.
Windows and its applications haven't been secure because MS hasn't felt it was worth making security a priority until now. There is no evidence that they couldn't cover a lot of ground very quickly in security if that's what they decided to do. And it seems as if they've decided to do just that.
I do agree that.NET and C# are technologies that predate this new ordering of MS's priorities, and that they probably won't be very secure. Passport, the most important.NET application yet written, coded by people who ought to know the technology best, has been hacked (and patched, it's only fair to point out). If MS's people don't write secure apps with.NET, are the low end VB coders the platform is designed for going to do a better job?
But the problem that Sun faces is that MS has proven time and time again that they're willing to spend lots of money and go through lots of iterations to take a market. They're relentless. They usually don't get it right the first time, but they usually do get it right after four attempts or so.
I'll say something else that will probably get me modded down. After the recent flirtation between AOL and RedHat, I'm not sure that the moralistic arguments against MS hold up so well. Linux has been at the center of some pretty slimey stock swindles -- our gracious hosts, here at/., work for one of those companies.
Meanwhile, the Bill and Melinda Gates foundation is giving extraordinary sums of money to real nuts and bolts making the world a better place kinds of causes. Gates could literally turn out to be the most significant philanthropist in the history of the world. They're giving so much money that you can almost see a chunk of what you spend on MS going to a good cause.
All of which suggests to me that politics and the morality play that have always clouded the linux vs. windows debate should probably be put to rest.
Windows is horribly insecure -- viruses do incredible damage in the real world, especially among the least sophisticated users. That's not political, that's a fact.
But they're saying they're trying to clean up the mess. Sure, it's a big mess, and sure it's going to be a big job to clean it up. I give them credit for admitting it, and to taking on the task.
I've ripped a couple of hundred of my cd's to my hard disk. I never play cd's -- I use the computer as a jukebox. I have my desktop box plugged into my stereo, and I use my laptop, running vnc over a wireless network, as a remote control.
It's kind of short sighted to look only at Winamp. Sure, it's a great program, and it's swell of them to distribute it. But they're doing it because they think it fits into their agenda.
And on the other hand, they're gutting Time Magazine and using it to shill their movies and records. Are people who pick the bottom line over journalistic integrity going to pick the integrity of a linux distro over that same bottom line?
I hope that this is just a pissing contest, and that they don't buy redhat. It's really hard to make a coherent argument that MS is more evil than AOL/Time-Warner -- these guys are the worst possible people to buy RH.
Gosling made an interesting point about Linux's licenses. Sure, in theory anyone could fork the kernel. But on a practical level, Linus gets to decide what goes in. There are enormous barriers in place that make forking key components very difficult, and RedHat pays an awful lot of developers -- the Cygnus group was a key aquisition. They control gcc.
Don't kid yourself -- if AOL buys RH, they'll have a lot of power over the Linux universe, as much as anyone. It won't be absolute, completely unchallengable power, but it will be real and substantial, and it will be wielded in AOL's interests, not in ours.
What's important? Beating MS at all costs? Is it worth it to have AOL ship a kazillion Linux cds to mopes around the world, even if the Linux on those CDs is philosophically different from what we have now?
Do we want the guys who are shooting for the $230/month cable bill standing on our necks?
I agree with you about the reliability -- they've made great strides. For a long time it seemed that they just didn't care, but as soon as linux appeared on the distant edge of the radar screen they started to get serious.
In this sense, linux has already done the vast majority of PC users a great service.
They still don't seem to be taking security seriously, though, and I think it's going to hurt them. The problem isn't buffer overflows, or individual programming mistakes -- the problem is that they pick business models and marketing strategies even if those models and strategies entail inherently unsecurable designs.
All of the virus problems flow out of MS's desire to link products -- that's why word processor documents can contain VB programs, and why email clients used to open up office docs automatically.
As other people have pointed out, MS has plenty of smart engineers working for them -- there had to have been people there complaining about this. But they didn't have the clout to carry the day. It must be frustrating as hell to be a security wonk at MS.
I predict that.NET is going to be the biggest security quagmire in the industry's history, and as MS has said repeatedly, they're "betting the company on.NET".
The whole.NET idea is to allow developers to build programs VB style, except that the components can live anywhere on the Internet. By "VB" style, we're talking about low end programmers who don't cost as much as the other guys -- are these guys going to be able to think about threats in a sophisticated way?
The security seems to be tacked on to this model as an afterthought, and it doesn't inspire much confidence in me. Passport's already had problems, and that service was designed by MS itself, and it's at the very center of their business model.
Who believes that the low end visual developers who populate so many corporate offices are going to do a better job than the elite MS employees who built Passport?.NET is a train wreck waiting to happen.
Slashdot Mirror
I just looked around for something that would let me play ogg files on my Jornada, but I couldn't find anything. Does an application to do this exist?
I use my jornada as my portable audio player, even though it's not really very good as an MP3 player. If there was an app out there, I could switch to ogg without any trouble.
Does anyone remember the fight over the clipper phones? The clipper system used mandatory private key escrows. The idea was that if you bought a clipper phone, the secret key would exist in a government db somewhere. If they wanted to wiretap you, they'd just have to look your key up and decrypt the signal.
It wasn't a rejection of the clipper ideology that sank the proposal. It was a proof that it would be possible to build counterfeit clipper phones that would interact with the system. The NSA screwed up, they built a system that wasn't strong enough.
It seems to me that palladium would face a similar challenge. How do they differentiate between a rogue board that pretends to be palladium compliant and a real one? Especially in a world with flashable BIOS?
What's to stop people from buying boards that will be palladium switchable? If you want to run Windows, you can set the BIOS one way, if you want to run Linux, you can set the BIOS to disregard it?
Or what's to stop people from making boards that accept any signature without checking it? MSs software would think it was on a palladium compliant system, but you could run whatever you wanted.
I think the community's response to DRM is wrong. I don't think that the analysis of it is wrong -- it's a very negative technology. But I think the response is a little off.
If MS wants to put the interests of the large media companies ahead of the interests of its own customers, the people who actually buy the computers and the software, why not let them take it to the market? Let's let the market decide what it thinks of that. Let's give them enough rope to hang themselves.
The thing that we have to worry about is some sort of legal framework that requires all computers to respect some DRM system.
MS is way ahead on the desktop, and their systems have gotten a lot better than they used to be. The only way they're going to get dislodged from that position is by making a really catastrophic mistake.
This could be that mistake!
I think there's a lesson in the current stock market scandals. The big companies can buy legislators. They've shown that they can derail effective regulation of accounting rules. They can set things up so that a crooked CFO who bilks people out of billions and sends the markets into a spiral that wipes out the savings of millions of people gets a lighter punishment than a punk who robs a liquor store.
But in the end, there's nothing they can do against the force of the market itself. They got cocky -- they thought they could get away with anything. It turns out that they can't.
Neither can the DRM boys.
I think that WalMart is trying to push prices lower, and that choice is a byproduct of that. They are as feared and hated in their circles as Microsoft is in the tech world.
Small computer shops in California are selling decent PCs without OSs or monitors for under $300. The cost of the OS is becoming a more significant chunk of the total price, and if you want to push the prices way down, you've got to confront it.
For all we know, this is brinksmanship, and Wal Mart is just trying to push MS into giving them special deals on OS pricing. They've done that to other suppliers.
Is inciting murder wrong?
What does that have to do with Napster?
I'm not saying that the RIAA is right across the board -- far from it. They are evil leeches. Fair use should be protected.
The only way they look good is when they're standing next to apolgists for theft.
Whatever you think about Napster, the editor's comment on this story is lame.
Putting a murderer in jail doesn't put a stop to all murders. Does that mean it's a waste of time?
We're blowing this argument, and when we lose, everyone's going to blame the record companies, but it's going to be our own fault.
Defending stealing is wrong, and as much as everyone likes free stuff, it's just not possible that the "stealing is ok" argument is going to fly in the courts and in congress over the long run.
The other lame argument that people make is that "the record companies would be better off if they allowed sharing." Maybe. Probably not. But the point is that it's their property, and they get to decide what to do with it.
There are two issues on the table. The one that everyone talks about is piracy. There's no way to win this in the law, although technology will probably make it possible to steal music and share it over the net for the foreseeable future.
The other one, and the one that is winnable, is about whether or not there will be open electronic distribution systems. Right now entertainment companies control distribution, and that's how they make their money.
Movie studios make money by controlling access to the multiplexes -- indpendent films have to make "distribution" deals if they want to be seen. And if you want your CD in the Virgin Megastore, you've got to cut a deal with a big label. That's the toll booth.
The entertainment companies are using the piracy issue to cover up their other agenda, which is to avoid open distribution at all costs.
And their biggest allies aren't corrupt senators, they're whiny assholes with a sense of entitlement, sitting on their asses, believing that the world owes them free eminem records.
The arguments for stealing marginalizes the people who make it. It marginalizes the public's interest. It's suicidal politically and morally bankrupt.
Take my karma. I don't care.
O'Reilly's Safari lets you read books online. It's a lot cheaper than buying the books, and for things you don't absolutely need on your shelf, it's a good deal.
It's really easy to use basic SSH, but managing keys and using the more advanced forms of authentication is more of a hassle. You can read the docs, search the web for tutorials, or you can spend a safari point (a couple of bucks) to get full access to the book online.
I haven't read the book, but I imagine that it would be helpful for people who want to do things like run automatic backups over the network through a SSH tunnel.
People have been arguing about the balance between standard formats that are easy to parse and move between systems and complex formats that make searching easier.
What we need is a standard DTD or schema for mail data that all well written email systems can understand. If everything can import and export XML representations of email, the internals aren't so important.
Linux seems to be drifiting, very slightly and relatively slowly now, towards a place where a couple of companies exert a kind of defacto control over it.
The licenses are still open, but as a practical matter, most of the core development is being done by corporate people that are concentrated in a few companies like RedHat, and to a lesser extent, IBM.
Do we low end users have cause to worry about this? Does IBM worry about the control that a company like RedHat has over IBM's Linux initiative? And is it really possible, as a pratical matter, for technology as complex as GCC to be forked by volunteers?
Anyone got a link to the ECMA report Gosling mentioned?
The problem I have with the media companies is that they're trying to construct electronic delivery systems that have two characteristics.
The first is that piracy would be difficult, although not impossible. In my view, this is pretty hard goal to argue against.
The second goal is the one I have trouble with. They're trying very hard to avoid electronic distribution systems that would mitigate their existing advantages.
Right now the big media companies are the gatekeepers of the existing distribution system. If you want to get a record into the stores, or if you want to get a movie into the multiplex, you need a big company's help, and in practice, that means you have to give them more than half of the money.
There has always been piracy -- I'm 40, and I used to make extensive use of my cassette deck, as did everyone else I knew. Piracy is nothing new. What's new is the potential for media distribution systems that give individuals and small independent companies the same sorts of access to the public that the big companies have.
The media companies want to prevent piracy. But I think that we have to do what we can to shift the emphasis away from piracy, and towards the creation of open distribution systems.
Now one problem with open systems is that people will buy something and resell it or give it away. My argument is that this inevitable fact doesn't outweigh the overwhelming public interest that would be served by open distribution systems.
Let the media companies go after pirates after the fact. Give them stiff peanalties, something that will defer people from sharing songs for free on the net. Why give something away when there's a real downside, and no upside?
Let the media companies choose the formats they use for their products -- if MS wants to make a player that will try to validate the user as an authorized owner, and they want to use that, that's great. Let them come out with new electronic audio players that will police their media rights.
People whine about the new celine dion cd coming out in copy protected format, but that's the right of everyone involved. Celine Dion doesn't owe me free music, and neither does her record company.
But it's fundamentally unfair for the government to get between you and I, and say that we can't exchange a song that one of us created over a network in a specific format, because that format doesn't provide the media companies with assurances that the song wasn't pirated. That's an unreasonable burden to put on us, and it will, to use a MS phrase, "stifle innovation."
It seems to me that the core problem here is that the media companies take a big bite out of the transaction because they control access to the distribution system. Without that gatekeeping role, they don't produce enough value to justify their cut.
Unfortunately for them, computer networks are going to wipe out that gatekeeping role unless people like your Representative vote for laws that provide artificial support for it.
It sucks for them, just like automobiles sucked for buggy whip manufacturers. But it's good for the world.
Let them build whatever system they want (crippled cd's and authenticating players and all), but don't force everyone to use it.
Make sure that we preserve the ability to build alternative systems.
I'm not sure what the netcraft output means:
The site www.christopherrjones.com is running Apache/1.3.20 Sun Cobalt (Unix) PHP/4.2.0 mod_ssl/2.8.4 OpenSSL/0.9.6b mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25 on Linux
The sun cobalt stuff is a little confusing. I think it's a linux box, though.
First of all, if MS isn't confronted on its monopolistic tactics, it might not be possible to run other software. The guy in the article was arguing for that ability.
Second of all, people are doing a lot of work to make linux better. Herculean efforts are underway as we speak. Hang out at the dot (dot.kde.org), or at any number of sites at sourceforge if you're missing out on it. Or at freshmeat. Or any one of hundreds of other sites.
Finally, the line about "microsoft and its gayness" was kind of offensive.
I suggest that when /. stories are approved, they be visible only to subscribers for 15 minutes. During that time, posting would be locked, so subscribers wouldn't dominate the discussions. It would be a Bad Idea to let people who pay have an edge in the debate.
/. effect shuts down the affected sites.
/. I'm sorry, but I'm cheap, and that's the reality of the situation.
The idea behind the suggestion is that subscribers would be able to actually read the stories before the
This is the only thing I can think of that would induce me to pay for
Where did they get the codecs?
Are there open source real audio servers?
This is really fantastic. I can already think of a dozen scripts or so that I'd like to write to take advantage of this. I love the fact that this is from a Ruby list, and it's about Google. It's not MSDN and MSN.
They'll need a business model of some sort -- without the ads, and with the potential this has to hammer their servers, they'll need to meter access to the API in some way. But I'll pay -- where do I sign up?
I'll bet that this is how they'll end up making most of their money a couple of years from now.
Prof. Denning used to be one of the chief supporters of the government's Clipper key escrow system:
Click here to read a letter she wrote at the time.
"When it comes to business vs design decisions, MS has always gone for biz."
That's true, and I think that a lot of these security holes are a direct result of MS making bad design decisions for technical reasons.
They're not stupid -- they know that "leveraging" one product by including hooks for another creates security problems, but they know it also creates business opportunities. That's they they did it.
But I also think we're seeing a realization from MS that they're going to take some hits on the business side if they don't address security concerns.
The question that Schnier rasies, implicitly, is this:
How much disruption of their current business strategies is MS willing to tolerate for the sake of security?
In the end, I suspect it will come down to a cost benefit analysis. Let's hope the numbers come down on the side of security.
Obviously Bill Joy knows a lot more about this stuff than I do; but I think he, and many of Microsoft's critics as well as supporters, are missing a crucial piece of the puzzle.
/. posters have make comments to the effect that MS isn't capable of delivering technically. It used to be the conventional wisdom here, for example, that any MS OS was destined to crash repeatedly.
.NET and C# are technologies that predate this new ordering of MS's priorities, and that they probably won't be very secure. Passport, the most important .NET application yet written, coded by people who ought to know the technology best, has been hacked (and patched, it's only fair to point out). If MS's people don't write secure apps with .NET, are the low end VB coders the platform is designed for going to do a better job?
/., work for one of those companies.
Many of the features that have contributed to MS's insecurity were there not because MS's engineers were too dumb to think clearly about security, but because other people decided that there was an overriding business interest that the features would serve.
Specifically, these features usually tend to be part of the MS strategy of leveraging success in one sector into another. If you use office, it makes sense to choose VB as your scripting language. If you know VB, it makes sense to run IIS. That's why there's a VB interpreter inside every office app.
I think that what we've seen from MS is an official change in policy -- they're saying that business considerations now suggest that security should be the #1 priority. They're admitting that the market will punish them for security holes, and that they can't sacrifice security to establish leverage from one sector to another.
MS has always put business concerns over technical ones. For that reason, a lot of
It turned out that when MS saw Unix and Linux as a threat, and when they decided that reliability was one of the biggest advantages that Unix/Linux offered, they took reliability seriously and made enormous progress in a relatively short period of time. This suggest that Windows crashed not because MS *couldn't* make it reliable, but because it wasn't a *priority* for them to do so. As soon as they saw a change in the business climate on the edge of their radar screen, they changed their behavior.
Windows and its applications haven't been secure because MS hasn't felt it was worth making security a priority until now. There is no evidence that they couldn't cover a lot of ground very quickly in security if that's what they decided to do. And it seems as if they've decided to do just that.
I do agree that
But the problem that Sun faces is that MS has proven time and time again that they're willing to spend lots of money and go through lots of iterations to take a market. They're relentless. They usually don't get it right the first time, but they usually do get it right after four attempts or so.
I'll say something else that will probably get me modded down. After the recent flirtation between AOL and RedHat, I'm not sure that the moralistic arguments against MS hold up so well. Linux has been at the center of some pretty slimey stock swindles -- our gracious hosts, here at
Meanwhile, the Bill and Melinda Gates foundation is giving extraordinary sums of money to real nuts and bolts making the world a better place kinds of causes. Gates could literally turn out to be the most significant philanthropist in the history of the world. They're giving so much money that you can almost see a chunk of what you spend on MS going to a good cause.
All of which suggests to me that politics and the morality play that have always clouded the linux vs. windows debate should probably be put to rest.
Windows is horribly insecure -- viruses do incredible damage in the real world, especially among the least sophisticated users. That's not political, that's a fact.
But they're saying they're trying to clean up the mess. Sure, it's a big mess, and sure it's going to be a big job to clean it up. I give them credit for admitting it, and to taking on the task.
I've ripped a couple of hundred of my cd's to my hard disk. I never play cd's -- I use the computer as a jukebox. I have my desktop box plugged into my stereo, and I use my laptop, running vnc over a wireless network, as a remote control.
It's kind of short sighted to look only at Winamp. Sure, it's a great program, and it's swell of them to distribute it. But they're doing it because they think it fits into their agenda.
And on the other hand, they're gutting Time Magazine and using it to shill their movies and records. Are people who pick the bottom line over journalistic integrity going to pick the integrity of a linux distro over that same bottom line?
I hope that this is just a pissing contest, and that they don't buy redhat. It's really hard to make a coherent argument that MS is more evil than AOL/Time-Warner -- these guys are the worst possible people to buy RH.
Gosling made an interesting point about Linux's licenses. Sure, in theory anyone could fork the kernel. But on a practical level, Linus gets to decide what goes in. There are enormous barriers in place that make forking key components very difficult, and RedHat pays an awful lot of developers -- the Cygnus group was a key aquisition. They control gcc.
Don't kid yourself -- if AOL buys RH, they'll have a lot of power over the Linux universe, as much as anyone. It won't be absolute, completely unchallengable power, but it will be real and substantial, and it will be wielded in AOL's interests, not in ours.
What's important? Beating MS at all costs? Is it worth it to have AOL ship a kazillion Linux cds to mopes around the world, even if the Linux on those CDs is philosophically different from what we have now?
Do we want the guys who are shooting for the $230/month cable bill standing on our necks?
Kudos to the folks at ORA for speaking up.
Either that, or Gates.
I agree with you about the reliability -- they've made great strides. For a long time it seemed that they just didn't care, but as soon as linux appeared on the distant edge of the radar screen they started to get serious.
.NET is going to be the biggest security quagmire in the industry's history, and as MS has said repeatedly, they're "betting the company on .NET".
.NET idea is to allow developers to build programs VB style, except that the components can live anywhere on the Internet. By "VB" style, we're talking about low end programmers who don't cost as much as the other guys -- are these guys going to be able to think about threats in a sophisticated way?
.NET is a train wreck waiting to happen.
In this sense, linux has already done the vast majority of PC users a great service.
They still don't seem to be taking security seriously, though, and I think it's going to hurt them. The problem isn't buffer overflows, or individual programming mistakes -- the problem is that they pick business models and marketing strategies even if those models and strategies entail inherently unsecurable designs.
All of the virus problems flow out of MS's desire to link products -- that's why word processor documents can contain VB programs, and why email clients used to open up office docs automatically.
As other people have pointed out, MS has plenty of smart engineers working for them -- there had to have been people there complaining about this. But they didn't have the clout to carry the day. It must be frustrating as hell to be a security wonk at MS.
I predict that
The whole
The security seems to be tacked on to this model as an afterthought, and it doesn't inspire much confidence in me. Passport's already had problems, and that service was designed by MS itself, and it's at the very center of their business model.
Who believes that the low end visual developers who populate so many corporate offices are going to do a better job than the elite MS employees who built Passport?