New Crypto-Gram 5
TRingstad writes: "The newest issue of Bruce Schnier's Crypto-Gram is out and available here. It has more on Microsoft's Bastardization of Kerberos, and includes their request to Slashdot to remove the postings. He also threw in another link to a mirrored copy of the Kerberos specification. Funny. Also good is an article on why companies like Microsoft aren't held responsible for pushing out poor products, the way a company would be in any industry other than the Software industry, and another article about "ILOVEYOU" and the problems with scripting languages like VB."
Customers ask us to (Score:2)
Do these "customers" really specifically ask for fully general scripts that attachments can execute, or do they only ask for certain features that can be implemented in many ways, some of which involve attachments that execute scripts? Do the customers who supposedly ask for these crazy things understand the consequences of them?
I think this is an underestimation of Microsoft's users. Sure, this stuff is dangerous to have and some of the things Melissa and ILOVEYOU have done should have been anticipated by the original designers of VBA and the ones integrating it into their product. But still, I have used scripting a lot to automate all kinds of tasks in a Windows-environment and I have to say it actually works quite well. People here don't just run attachments in an e-mail called "ILOVEYOU" and consequently turn off macros in a document unless they know beforehand what they do. But once you know what you're doing, the scripting environment that allows all these things is very powerful.
I think the main problem of Windows is that the design goal is to create an OS that is easy for everybody but turns out only to be safe for experienced users. Because apart from the occasional hole that turns up in the software directly (but that happens in all software), a Windows NT or 2000 box can be customized and used very safely.
Re:Customers ask us to (Score:1)
Why do we put up with this carp? (Score:1)
"According to studies, 90% to 95% of all bugs are harmless. They're never discovered by users, and they don't affect performance. It's much cheaper to release buggy software and fix the 5% to 10% of bugs people find and complain about."
This brings up some good points! Why do we put up with this from software companies?
I expect my car to run right whenever I need it. I expect mechanical failures once in a while, but with proper maintainence, any mechanical system can be kept running properly. But if the airbags deploy when I tune the radio to a certain frequency, I'd get a little miffed!
I shouldn't have to try many products out because; "oh, Lotus Notes has better security that Outlook, but Outlook is free.." or "Star Office is free, but Management wants Office,r even though it creates more down time..."
Software isn't perfect, but it should be a matter of pride, whether it's free or not, that is works as advertised.
I already vote with my wallet. I don't use Microsoft at home, and since I make decisions for my companies choice of software, we don't use IE or Outlook. And recently I converted several servers from NT to RH. I prefer software that people take a little pride in.
Specs On Gnutella (Score:1)
In the meantime, keep searching for ms-kerberos-spec.txt on Gnutella.
This doesn't explain anything (Score:1)
Chris Hagar