OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Turn Off Automatic Script Activation In Outlook (WAS RE: [

[ Lists Home | Date Index | Thread Index ]
  • To: 'Arjun Ray' <aray@nyct.net>, xml-dev@lists.xml.org
  • Subject: RE: [xml-dev] Turn Off Automatic Script Activation In Outlook (WAS RE: [xml-dev ] Painful USA Today article (was RE: [xml-dev] ANN: R ESTTutorial))
  • From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
  • Date: Fri, 24 May 2002 08:41:08 -0500

That the feature exists is neutral.   The features are there to enable 
automation and there are features there to turn the scripting 
off.  Experience says, it should be off by default given home 
users that don't understand the threats that inherently open 
systems make to local systems.  On the other hand, should 
they be social engineering? 

So everyone is designing for security and openness helps?  
Not exactly.  It is a two edged sword.


"I've seen Ph.D. level cleverness," Manber admitted. In response, 
Yahoo has developed some sneaky countermeasures of its own. But 
although Manber provided examples of his algorithms, he asked 
attendees of the conference not to publicize them. The conflict 
between secrecy and openness is one that, as a former academic 
researcher, Manber feels keenly. On the one hand, he is fully 
aware that real progress in security comes through full disclosure 
and open, shared research. On the other hand, he knows that his 
company will suffer real and immediate damage if hackers learn 
the details of his methods."

Simon sez:

"It's (long past) time for people interested in the technology 
to push back against the people interested in the business of 
technology, even if that means biting the hand that feeds us. 
XML hype seems to be over - maybe it's time to get XML's technological 
house in order instead of chasing the big bucks. "

That gets us nowhere.  The interests of business using XML applications 
and those selling them are precisely the same: robust, secure applications 
that will ensure the kind of 24x7, 99.99 uptime demanded of business 
systems.   That means technology meeting business requirements, not 
technologists ignoring them.  For this to work, the business contracts 
must be precise, and this is where hype hurts both sides.

Open source advocates who attack vendors do themselves no good 
in the long or short term.  They end up looking like religious 
nuts trying to create an enemy that isn't there, and the communications 
that would enable both sides to share mutual concerns just break 
down.  We do well to remember that where the technologists are 
the points of communication, much of the Spy Vs Spy trickery 
goes away.   We share the Internet and if the technology of 
one group is making that unhealthy, then it is useful to point 
this out.   In the case of Microsoft, as a Microsoft customer 
and someone who has to work with the business side of contracting, 
the security vulnerabilities and the culture of virus hackers 
are a top drawer concern.   But I don't believe the solution 
is blaming Microsoft and not also pointing out that a culture 
which inspires rabid dog approaches to competition with them 
is borderline criminal, and those that go over that line to 
attack Microsoft customers, are criminals.

We have a bigger problem here than scripting in an email 
client.  Some virus hackers need to spend some long and 
uncomfortable periods as guests of the state.  The rest 
of us need to attain clarity about what it means to share 
a computing infrastructure in which interoperation and 
competition must co-exist.


From: Arjun Ray [mailto:aray@nyct.net]

|> "Bullard, Claude L (Len)" <clbullar@ingr.com> wrote:
|>| Now why not turn that feature off given the disasters created 
|>| by leaving it on?
|> Because the entire point of a non-feature is to have it turned on by
|> default.  This maximizes the propagation of stupidity.
| It should be OFF by default.  

Actually, it shouldn't be there at all.  But this is not about shoulds.
It's about the circumstances of non-feature existing to begin with.  No
one in his right mind is going to turn a non-feature on, which means the
effort to implement it will have been wasted unless it comes turned on by

It's called bullets-on-the-box marketing.

| That is one of those system designer decisions where the designer is 
| wise in the ways of the culture and does the right thing in the best 
| interest of the customer and the community at large. 

What is the relevance of this to Redmondware?


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS