LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2002, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2002, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Why software is so bad, and what's being done about
From:	[log in to unmask]
Reply To:	[log in to unmask][log in to unmask]
Date:	Fri, 12 Jul 2002 12:36:57 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (79 lines)

> Certainly the legal system may appear senseless when people
> successfully sue companies for cutting their own findgers off
> hefting a lawnmower up to trim a hedge (Sunbeam) or spilling
> coffee in their lap (McDonalds) but the fact remains that
> without the coercive effect of court ordered remedies our
> lives would all be a lot more hazardous, and ultimately more
> costly, than otherwise.
Unfortunately, this is almost certainly exactly what you would get. I'll
take my chances with a script kiddie over a law firm in our court system
most days (Canada's various differences are a large topic in their own
right). One can let one's imagination run wild with the frivolous lawsuits
that could quickly and easily arise. Add to our lexicon "failure to save
your work may result in data loss", after "coffee is served extremely hot"
and before "gas with oily discharge", as splash screens begin to carry
verbiage heretofore seen in EULAs and pharmaceutical commercials.

While software does have a long way to go, how many patches are in response
to real attacks, versus some theoretical vulnerability that some partner
software company found? I would rather SANS monitor and announce problems
and solutions, than have the 9th Circuit Court (who are, by the way, nine
justices short of a full bench) declare that government institutions cannot
use email, rewriteable media, electricity, clothing, fire, or the wheel.

> Someday, some large firm or organized group of software users
> is going to look at the real total costs of having bought
> into Microsoft or whatever and is going to go looking for
> their money back.
Or maybe they should invest in typewriters and file cabinets. And
photocopiers and fax machines. And paper and postage. And offsite storage.
And fire detection / suppression equipment. And a rider on their insurance
against such loss. And a large secretarial staff to "support" all of this.

> It wasn't part of the bargin that by buying
> a word processing package you necessarily open your corporate
> networks to being shut down for several days by a script
> virus. Consequential losses like that are solely attributable
> to poor software design and negligence.
Or administrative negligence. I am amazed that users who cannot resist the
double-click reflex when they get an email attachment (which are themselves
a bad idea to begin with, and needlessly overused) are allowed to continue
to use email, without at least taking remedial training. If they had said
something inappropriate to a member of a protected class, they might have to
take sensitivity training. If they wrecked a company vehicle, they might
never drive one again, or at least have to take remedial training. But bring
down a corporate email system with a virus that they launched by reflex,
hey, they may get a little good-natured kidding, and lots of help recovering
their PC or laptop.

I've said on this list before that, after inspecting them, I always open
suspect attachments. Another list member asked, "WHY?!?!". Because, once I
have determined that it has been rendered harmless by AV scanners (local and
server-based) or disabled by readily available security patches, I want to
prove that these WORK! I've never had any system I am responsible for
infected with a virus, in spite of my confrontational attitude toward them.

I also recommend buckling your seat belt, flossing, getting an annual
physical, and checking buffers to prevent overruns. And blaming support
staff that have not figured out how to keep folks patched and protected by
something better than sneakernet and emailed AV definition updates.

> Blaming the script
> kiddies for pitching stones at a glass house only diverts
> attention from the architect's decision to build a glass
> house to begin with.  Architects and engineers are supposed
> to build for the environment that exists, not some
> unachivable ideal.
Which is what the courts would decree, an unachievable ideal. The court
cases against IBM and Microsoft were amazing enough, for the ability to
simultaneously get so much right and so much wrong. IIRC, the DOJ determined
that MS charged too little for Windows, which hurt competition; and that
they made too much money selling so many copies, so in the future, they
should charge less.

Greg Stigers
http://www.cgiusa.com

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU