Lists Home |
Date Index |
- To: 'Arjun Ray' <email@example.com>, firstname.lastname@example.org
- Subject: RE: [xml-dev] Turn Off Automatic Script Activation In Outlook (WAS RE: [xml-dev ] Painful USA Today article (was RE: [xml-dev] ANN: R ESTTutorial))
- From: "Bullard, Claude L (Len)" <email@example.com>
- Date: Fri, 24 May 2002 08:41:08 -0500
That the feature exists is neutral. The features are there to enable
automation and there are features there to turn the scripting
off. Experience says, it should be off by default given home
users that don't understand the threats that inherently open
systems make to local systems. On the other hand, should
they be social engineering?
So everyone is designing for security and openness helps?
Not exactly. It is a two edged sword.
"I've seen Ph.D. level cleverness," Manber admitted. In response,
Yahoo has developed some sneaky countermeasures of its own. But
although Manber provided examples of his algorithms, he asked
attendees of the conference not to publicize them. The conflict
between secrecy and openness is one that, as a former academic
researcher, Manber feels keenly. On the one hand, he is fully
aware that real progress in security comes through full disclosure
and open, shared research. On the other hand, he knows that his
company will suffer real and immediate damage if hackers learn
the details of his methods."
"It's (long past) time for people interested in the technology
to push back against the people interested in the business of
technology, even if that means biting the hand that feeds us.
XML hype seems to be over - maybe it's time to get XML's technological
house in order instead of chasing the big bucks. "
That gets us nowhere. The interests of business using XML applications
and those selling them are precisely the same: robust, secure applications
that will ensure the kind of 24x7, 99.99 uptime demanded of business
systems. That means technology meeting business requirements, not
technologists ignoring them. For this to work, the business contracts
must be precise, and this is where hype hurts both sides.
Open source advocates who attack vendors do themselves no good
in the long or short term. They end up looking like religious
nuts trying to create an enemy that isn't there, and the communications
that would enable both sides to share mutual concerns just break
down. We do well to remember that where the technologists are
the points of communication, much of the Spy Vs Spy trickery
goes away. We share the Internet and if the technology of
one group is making that unhealthy, then it is useful to point
this out. In the case of Microsoft, as a Microsoft customer
and someone who has to work with the business side of contracting,
the security vulnerabilities and the culture of virus hackers
are a top drawer concern. But I don't believe the solution
is blaming Microsoft and not also pointing out that a culture
which inspires rabid dog approaches to competition with them
is borderline criminal, and those that go over that line to
attack Microsoft customers, are criminals.
We have a bigger problem here than scripting in an email
client. Some virus hackers need to spend some long and
uncomfortable periods as guests of the state. The rest
of us need to attain clarity about what it means to share
a computing infrastructure in which interoperation and
competition must co-exist.
From: Arjun Ray [mailto:firstname.lastname@example.org]
|> "Bullard, Claude L (Len)" <email@example.com> wrote:
|>| Now why not turn that feature off given the disasters created
|>| by leaving it on?
|> Because the entire point of a non-feature is to have it turned on by
|> default. This maximizes the propagation of stupidity.
| It should be OFF by default.
Actually, it shouldn't be there at all. But this is not about shoulds.
It's about the circumstances of non-feature existing to begin with. No
one in his right mind is going to turn a non-feature on, which means the
effort to implement it will have been wasted unless it comes turned on by
It's called bullets-on-the-box marketing.
| That is one of those system designer decisions where the designer is
| wise in the ways of the culture and does the right thing in the best
| interest of the customer and the community at large.
What is the relevance of this to Redmondware?