Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Privacy Your Rights Online

Whit Diffie Comments On .NET security 258

An Anonymous Coward writes: "Whit Diffie and Susan Landu (both of Sun Microsystems) comment on why .NET is a bad idea and is in many ways in conflict with the US political struture and ideals." This is a good read, but of course Sun has their own plans and motivations in this field.
This discussion has been archived. No new comments can be posted.

Whit Diffie Comments On .NET security

Comments Filter:
  • Solid arguments (Score:2, Interesting)

    In spite of the blatant vested interest of Sun, the piece is a studied and accurate indictment of the .Net initiative.

    I would still like to see something like this come from someplace like Gartner as well, however.

    • Re:Solid arguments (Score:2, Insightful)

      by Frums ( 112820 )
      Whitfield Diffie can hardly be considered a Sun pawn, and all of the trolls implying that he is, and that this article is garbage, are just that: meanigless trolls.

      Diffie is a highly respected researcher in cryptography and security. As the article points out, in a funny way, "Diffie is also the co-inventor of public-key cryptography." The Diffie-Hellman algorithm was the first publicly known instance of public-key cryptography, AND is still used today by the like of PGP and GPG. (I say publicly known because there is some evidence that the NSA and other state security outifits in China and Britain) had created or at least researched public-key cryptography. It is safe to assume that the Diffie and Hellman knew nothing about these efforts however when they published their origin al paper, whose exact title I cannto remember but is somehting like "ideas for cryptography")

  • Propietarity (Score:3, Interesting)

    by Khopesh ( 112447 ) on Thursday October 25, 2001 @04:05PM (#2479749) Homepage Journal
    Why one propietary language should be used over another ... kind of misses the point. I say they're both bad due to being closed and propietary.
    • Re: Propietarity (Score:1, Interesting)

      by Anonymous Coward
      Cept that, in being an open standard, the .NET stuff is less proprietary than Java.
      • Re: Proprietarity (Score:2, Interesting)

        Cept that, in being an open standard, the .NET stuff is less proprietary than Java.

        Huh? Not. Sun has been completely open about every aspect of java; you can right now go and download the source for the jvms, the spec of the jvms, the source of J2EE and all the other layers of libraries... whereas Microshaft is only releasing the source to about 10% of their libraries. The main reason sun hasn't ushered java through the standards committee is because Micro$oft has too much influence over the process, and would doubtless try to warp java into something other than "the right thing".

      • Microsoft has submitted a small part of .NET for standardization. For most of it, they rely on proprietary, often incompletely documented APIs in Windows. Furthermore, there is no guarantee that Microsoft's own implementation will conform to the standard--why should it?

        There is little that is "proprietary" about the Java language or the APIs: they are very well documented and anybody can implement them. In fact, there are several third party implementations, and they do interoperate.

        Java and its libraries are much more open than C# or .NET.

    • The article doesn't mention Java once. In fact, I doubt Diffie much cares. He is concerned that .NET centralizes all your personal information on Microsoft servers (mostly written in C/C++ incidentally).
    • Why one propietary language should be used over another ... kind of misses the point. I say they're both bad due to being closed and propietary.

      Presuming you're referring to Java vs. C#, neither is proprietary.

      Java (the language) has an open specification, and RedHat 7.2 ships with a Gnu Java compiler as part of gcc 3.x. There are also many other non-Sun Java implementations. Having great free-as-in-beer development tools and runtimes doesn't hurt either!

      C# the language has been submitted to ECMA, and is also being implemented in Mono by Ximian. We'll see how things work out with it, but calling it proprietary isn't correct either. Other parts of .Net are certainly proprietary, including for instance the GUI library for C#. There are no Microsoft free-as-in-beer development tools for C#.

      Personally, I think Java is by far the better idea between those two, and that it will pick up desirable features like operator overloading and lightweight objects with time. At least it is pretty solid and fast after 6+ years of development.

      Of course there are other reasons to avoid Microsoft products and initiatives [] (my polemic for the day;).

      299,792,458 m/s...not just a good idea, its the law!

  • "This is a good read, but of course Sun has their own plans and motivations in this field. "

    We yes... not exactly an independent observer.
  • What if? (Score:3, Interesting)

    by programic ( 139404 ) on Thursday October 25, 2001 @04:06PM (#2479755)
    Sometimes I wonder what we'd all think of Sun if they were in the dominant position that Microsoft is currently in.

    Even more interesting, I wonder how they would treat their competitors (and competitors ideas). It would be a different Sun, that's for sure.
    • What commercial company wouldn't want everyone in the world buying their products and giving them money? For that matter, who here doesn't want linux on every computer in the world? Everyone thinks they have the right ideas and morals to control the world. Gates thinks he should control the software industry and get all the profits from it just as much as RMS thinks all software should be free. So who's right?
      • Good: To sacrafice oneself for the benefit of others

        Evil: To sacrafice others for the benefit of oneself.

        As virulent as RMS may be, he's alot closer to Good than Bill Gates is. (Note the cap)

        • As virulent as RMS may be, he's alot closer to Good than Bill Gates is. (Note the cap)

          You have got to be kidding. How, exactly, do you know RMS' name? That's right: Because he's out there pimping it and putting it up beside open source every chance he gets. You can selfishly get "paid" for what you do in many more ways that cash in the bank, and cult-of-personality and personal fame is one of the most powerful lures.

    • What would we think? We'd probably be cursing McNealy, Sun would probably behave towards their competitors just like IBM and Microsoft, and Sun would probably be making much worse products.

      But the fact is that Sun isn't in the position that Microsoft is. Right now, Sun does produce ideas, systems, software, and standards that are often more open, better thought through, and better specified than Microsoft's. And it is those ideas and standards that we should support if they are technically to our interest.

      You see, this isn't about Sun or Microsoft or McNealy or Gates, it's about what actually comes out of these companies.

    • If Microsoft were simply "in the dominant position" then I don't think people would hate them as much... It's how they abuse that position that has so many people riled up...

      If Sun was as dominant as Microsoft is now, and then used that power to crush other companies, then people would hate Sun just as much as they hate Microsoft.

    • Who says people think highly of Sun today?

      They've always been just as bad as Microsoft, IBM, etc.
    • Well, if Sun were dominant, everything would probably be more expensive. But it would work properly - Sun may be Yet Another Evil Proprietary Vendor, but they make well-designed, reliable stuff, unlike Microsoft.

  • MS seems to be pushing this ".NET" thing very hard, but it seems like it's just vaporware, a name for whatever the "latest and greatest" from MS is. However, they seem to be up to something with XP and Passport, but I don't think it's going to go very far, because developers aren't going to spend the time to make something for this market share, because from the looks of it, XP isn't topping the sales charts.

    • I don't think they have to push hard for .NET or XP. The majority of PC users out there live and breathe Microsoft because that's all they know. It just takes enough consumers and business managers to pick up these "enhancements". Then everyone else will have to adopt just to do business or communicate. Winner: M$. Loser: your privacy.
    • Sorry, but just another 'me too' post. I've always wondered what the hell Miguel et al. were doing in attempting to develop for this thing. It's like grasping at smoke. Every day, .NET is something new and different and wonderful.

      Maybe Steve Jobs can pull off that kinda BS ('ooh, look, an MP3 player') but Bill? I dunno...

    • XP may not be topping the sales charts at the moment. Microsoft take a long term view for this sort of thing.

      Lets not forget that most users (with the obligatory exception of enlighted individuals using a non MS OS) will eventually "upgrade" from their win9x or NT/2000 platform (either as a hardware replacement or OS replacement) to whatever Microsoft is selling, in order to run some piece of essential software.

      So yeah - developers might not ship much in the next couple of months, but lets see what it looks like in another 18 -24 months.

  • by Brontosaurus Jim ( 528803 ) on Thursday October 25, 2001 @04:09PM (#2479775) Homepage
    I think Steeler's Wheel said it best when they sung "Stuck In The Middle With You"... as, in a way, we're stuck in the middle with Sun.

    Microsoft and Congress are surrounding us, working either with monopoly power or governmental force, and, though nothing truly bad bas happened yet, it's only a matter of time.

    This strange coalition isn't good for everyone though, and Sun is aware of that. At this point we (the Open Source People) should indeed be cautious of Sun, but not overly so. They have good reason to be with us on this, and we shouldn't be so quick to dismiss them

    Not that we should worship them either... once we beat down Passport they'll probably come up with their own worse version.

    But for now... hell... they're anti-passport, and right now that's all that matters...
    • Although Sun's McNealy is one of the high-tech CEO's calling for a national identity card. At least Passport won't have your fingerprints stored in a database so that everyone can be "safe."

      (Unfortunately, that's the only good thing I can say about Passport...)
    • It seems most posts up to this point have missed out on the LARGE picture. Most have spouted about how "SUN would do the same thing as Microsoft if they could" or "ORACLE and SUN are no different". Who cares if it is Microsoft, SUN, ORACLE, or IBM? That is just a name. The concept of a centralized, PAY FOR USE, data system operated by any company or government is a dumb idea. First, there is no way to gurantee security from a hack standpoint. As the article says, MS (as other companies) has had trouble keeping out intruders. Why not just save time and publish every Passport member's SSN and Credit Card Number on

      And Second, all of this passport info is going to be opened to any site owner/developer who pays for it. Not that developers aren't good people, but I am sure one or more individuals are willing to cough up the subscription fee to passport, just to get a chance to swipe members' billing info.

      At least with each company managing their own customer data, the sheer volume of exposure is diminished.
  • Hmmm.... (Score:3, Funny)

    by jamis ( 16403 ) on Thursday October 25, 2001 @04:09PM (#2479779) Homepage
    Sun used to put the dot in .COM .... What does Microsoft put in .NET?
    • Worm.Nimda, Nimda, Nimda.c, W32.Nimda.A@mm,
      W32.Nimda.C@mm, W32/Minda@MM, W32/Nimda-C,
      W32/Nimda.eml, W32/Nimda.htm, W32/Nimda@MM, Win32.Nimda.A@mm
      W32.Allgro@mm , W32.Annoying.Worm , W32.Anset.Worm , W32.Badtrans.13312@mm , W32.Barum , W32.Blebla.worm , W32.BlueCode.Worm , W32.Dengue W32.Efortune.28672@mm , W32.Efortune.31384@mm , W32.FunLove.4099 , , W32.FunnyFiles.Worm , W32.Gspot.Worm , W32.Heyya.Worm , W32.HIV W32.HLLO.Britney , W32.HLLP.Chlamydia W32.HLLP.Semisoft W32.HLLP.Soft6 W32.HLLP.Thembe , W32.HLLP.YAI W32.HLLW.Bymer W32.HLLW.Qaz.A W32.Hyd@mm , W32.Idele W32.Kiray@mm , W32.Kriz W32.Liong , W32.LXD.Mirc W32.Magistr.24876@mm (Symantec) W32.Magistr.39921@mm , W32.Matcher , W32.Mineup.Worm , W32.Modnar.Worm@mm , W32.MsWorld@mm , W32.Naked@MM , W32.Naver.Worm@mm , W32.Navidad W32.Navidad.16896 W32.NewApt.C.Worm W32.NewApt.C2.Worm W32.NewApt.worm W32.NewApt.Worm.d W32.Nimda.A@mm , W32.Nimda.C@mm , W32.Passion.27648 W32.Peelf.2132 , W32.Pokemon.Worm W32.Prolin W32.Qint@mm , W32.Redesi@mm , W32.Sircam.Worm@mm , W32.Stator@mm , W32.Tetris.Worm W32.Toal.A@mm , W32.Unce@mm , W32.Urgent.Worm@mm W32.Video.25600.Worm W32.Vote.A@mm , W32.Vote.B@mm , W32.XTC.Worm W32/Admin W32/Allgro-A (Sophos) W32/Anset@MM W32/AntiQFX-A (Sophos) W32/Antiqfx.worm W32/Antset (Panda) W32/Apology W32/Apology-B W32/Apost-A W32/APost@MM W32/ASpam W32/Atirus@MM W32/Avupd.ow.b@M W32/AX.SerialThief.Trojan (Norman) W32/Babypic@MM W32/BadAss.worm W32/Badtrans@MM W32/Bady.worm W32/Begemot W32/Begemot.cli W32/Begemot.dr W32/BleBla.a@MM W32/BleBla.b@MM W32/BleBla@MM W32/BOLZANO.L W32/Britney.ow (McAfee) W32/Buffy.12568.Worm W32/Bugfix W32/Cheval W32/Choke (Sophos) W32/Choke.a.worm W32/Choke.b.worm W32/Choke.c.worm W32/Choke.d.worm W32/Choke.gen.worm W32/Choke.worm W32/Cholera W32/Cholera.worm W32/CIH.Spacefiller W32/CodeBlue.worm W32/CodeRed.a.worm W32/CodeRed.c W32/CodeRed.c.worm W32/CodeRed.d.worm W32/CodeRed.gen.worm W32/CodeRed.worm W32/Crackly@MM W32/Creepy.a@MM W32/Creepy.b@MM W32/Creepy@MM W32/Crypto W32/CryptoLan.gen@MM W32/CTX W32/Demig-A (Sophos) W32/Demiurg W32/Dilbert.worm W32/Disemboweler (Panda) W32/Donald.1_53.Trojan W32/Ducky@mm.90112 (Norman) W32/EMOTION W32/Esmeralda.807 W32/ExploreZip.pak W32/ExploreZip.worm.f W32/ExploreZip.worm.pak.a W32/ExploreZip.worm.pak.b W32/ExploreZip.worm.pak.c W32/Explorezip.worm.pak.IT W32/ExploreZip.worm@M W32/ExploreZipB W32/ExploreZipC W32/ExploreZipG (Sophos) W32/Fever (Sophos) W32/Fever@M W32/Fix@M W32/Fix2000 W32/Flcss (Sophos) W32/FunLove.4099 W32/Funlove.4099.dr (VirusScan) W32/ W32/FunLove.gen (VirusScan) W32/Funso@M W32/Giri.GR2 W32/Gnuman.worm W32/GnutellaMan (Sophos) W32/Gorum W32/Hadra@M W32/Hai.worm W32/Haiku.worm W32/Hello (Panda) W32/Hello.worm W32/Hermes@MM W32/Hlam@MM W32/Hll.12355 W32/HLL.ow.24590 W32/HLLP-Yai W32/HLLP.Backdoor.Yai W32/HTM.H[H04.2048 W32/Hybris.dll@M W32/Hybris.gen@MM W32/Hybris.plugin@M W32/IceCube@M W32/Idele W32/InvalidSSL@MM W32/Joined W32/Kernl W32/Killr W32/Kiray.13496 (F-Prot) W32/Kiray@MM W32/Kriz.3863 W32/Kriz.4029 W32/Kriz.4050 W32/Kriz.4270 W32/Lara.worm W32/Laziness (Sophos) W32/Leave.worm.gen W32/Lindose W32/Magistr-a (Sophos) W32/Magistr.a@MM W32/Magistr.b@MM W32/Magistr@MM W32/Mari@MM W32/Marijuana (Sophos) W32/Matcher (Panda, Sophos) W32/Matcher@MM W32/Melting.worm W32/Minda@MM W32/Mix W32/Mix.2048 W32/Mix.dll.dr W32/Modnar@MM W32/Mona.worm W32/Msinit.worm W32/MsInit.worm.a W32/MsInit.worm.b W32/MsWorld@MM W32/MTX.gen@M W32/MTX@M W32/Music@M W32/Myba@mm W32/Mypics.bat W32/ W32/Mypics.worm.25600 W32/Mypics.worm.27648 W32/Mypics.worm.34304 W32/Mypics.worm.gen W32/Naked (Sophos) W32/Naked@MM W32/Naver@MM W32/Navidad-B W32/Navidad.e@M W32/Navidad.f@M W32/Navidad.gen@M W32/Navidad@M W32/Net666 W32/NewApt.worm W32/NewApt.worm.c W32/NewApt.worm.d W32/NewsTick W32/Nimda-C (Sophos) W32/Nimda.a@MM W32/Nimda.b@MM W32/Nimda.eml W32/Nimda.htm W32/Nimda@MM W32/Nutload W32/Nymph.gen@MM W32/Oporto W32/Parrot@MM W32/Parvo W32/Parvo-A W32/PasswordStealer.A.Trojan W32/Petik@MM W32/PetTick@MM W32/Plage.worm W32/Press W32/Press.6380 W32/Press.6380.dr W32/Press.6382 W32/Press.6382.dr W32/Press.6386 W32/Press.6386.dr W32/Pretty.gen@MM W32/Pretty.Worm W32/Pretty.worm.gen@MM W32/Pretty.worm.unp W32/ProLin@MM W32/QAZ.worm W32/Qozah-3365 (Sophos) W32/Raoch.A (Panda) W32/Rast.2060 W32/Redemption W32/Redesi-A (Sophos) W32/Redesi.b@MM W32/Redesi.gen@MM W32/Resur.a W32/Resur.b W32/Resur.c W32/Resur.d W32/Roach@MM W32/RunFtp.worm W32/RunFtp.worm.exe W32/RunFtp.worm.script W32/RunFtp.worm.sfx W32/Sabi.Ins W32/Santa.1104 W32/Santana W32/Scooter W32/Scrambler.dr.a W32/Scrambler.g@MM W32/Scrambler.ini W32/Scrambler.vbs W32/Scrambler.worm.a W32/Scrambler.worm.b W32/Scrambler.worm.e W32/Semisoft.59904a W32/Shoerec W32/Shorm W32/Silver.worm W32/SirCam.bat W32/SirCam.dat W32/SirCam.gen@MM W32/SirCam@MM W32/Ska.dll W32/Ska.dll@m W32/Ska@m W32/Ska2K.worm W32/Smash W32/Soft6 W32/SoftSix.worm W32/Sonic.worm W32/Southpark.worm W32/Stator (Panda) W32/Stator.worm W32/Storm.worm W32/Sumo.a W32/Sumo.b W32/Suppl W32/Sysid.worm W32/Tetris.worm W32/Tetris.worm.gen W32/Themba W32/Trinoo w32/Troodon@M W32/Ucon@MM W32/Uncensored@MM W32/Unis.plugin W32/Unis@MM W32/Universe (Panda) W32/Verona W32/Verona-B W32/Vote.a@MM W32/Vote.b@MM W32/Vote.c@MM W32/Vote.defaced W32/Vote.vbs W32/Vote@MM W32/Wally.worm W32/White.worm W32/WinExt.worm W32/Winux (CAI) W32/Xtc W32/XTC@MM W32/Yarik (Sophos) W32/Zmk.55808.Worm (Norman) W95.Babylonia W95.Hybris.Gen.dr W95.LoveSong.988 W95.LoveSong.998 W95.Memorial.7783 W95.MTX W95.MTX.dr W95.Music W95.Smoker.Worm@mm , W95.Ussrhymn@m W95.Zperm.A W95/Anxiety W95/Arianne.1022 W95/Babylonia W95/Babylonia.bat W95/Babylonia.hlp W95/Babylonia.irc W95/Babylonia.plugin W95/Backdoor.DonaldD.Client W95/Backdoor.DonaldD.Server W95/Backdoor.Fix2001 W95/Backdoor.Stealth W95/Backdoor.Tray W95/Backdoor.WinCrash W95/Backdoor/Slydude W95/Begemont.4318 W95/Buffy-A W95/Butano W95/Champagne W95/CIH.1003 W95/CIH.1003b W95/CIH.1003dr W95/CIH.1010 W95/CIH.1019 W95/CIH.1122 W95/Dengue W95/Esmeralda W95/Esmeralda.807 W95/ExploreZip.worm.210432 W95/Firkin.worm W95/FunLove.4099 (F-Prot) W95/Gnuman.A (F-Prot) W95/Halen W95/Heathen.b W95/HLLP.60004 W95/HLLW.Buffy W95/HLLW.MyPics W95/HLLW.Trit W95/Hybris.worm W95/Icq_greets.27648 W95/Kenston W95/Kenston.1874 W95/Kriz.4029.kernel W95/Kriz.4050.kernel W95/Kuang W95/Kuang.dr W95/Kuang.GR W95/Kuang2.cli W95/Kuang2.svr W95/Letter W95/Linong@MM W95/Loader W95/Love.988 W95/Marburg W95/Marburg.b W95/Matrix W95/MTX.9244 W95/MTX.dll@M W95/MTX.gen@M W95/MTX.svr W95/MTX@M W95/Music@M W95/Parvo.13857 W95/Plage.worm W95/Prizm W95/Prizm.4428. (F-PROT) W95/Quza W95/Rainsong.3891 W95/Smash.10262 W95/Spaces W95/Spam W95/Toal@MM W95/Trojan.1_down_3_up W95/Trojan.Cool (F-Prot) W95/Trojan.Ring W95/Troodon@M W95/Urquest.24576 W95/Ussrhymn W95/Weird.10240.A W95/Worm.Nymph@mm (F-Prot) W95/Zperm.a W95/Zperm.b W97/MSteroid.Poppy W97M.Antiv.B , W97M.Automat.H W97M.Black.B , W97M.BMH W97M.Class.F W97M.Class.S W97M.Cross.E W97M.CyberHack.b W97M.DWMVCK1.C W97M.DWMVCK1/ZMK.Gen W97M.DWMVCK1/ZMK.Gen , W97M.Eeffo , W97M.Erab.A W97M.FF , W97m.freespace.a W97M.Heathen.12288.A W97M.Hlam.A , W97M.ITSC W97M.Laroux.KV W97M.Latenit.A , W97M.Lulung W97M.Madcow W97M.Melissa.BG , W97M.Melissa.w W97M.OutlookWorm.Gen W97M.Overlord W97M.Relax W97M.Satt.A W97M.Service.A W97M.Shepmah W97M.Shining.A W97M.Sin.A.intd , W97M.Snake , W97M.Sting , W97M.Syndicate.A , W97M.Taro , W97M.ThirtyFour.A , W97M.Volcano.A@mm , W97M.Vortex , W97M/Activ W97M/Afeto.A@MM W97M/Aleja W97M/Aleja.a W97M/Aleja.a1 W97M/Aleja.k W97M/Alina.a@mm W97M/Antisocial W97M/AntiSocial.e W97M/Antisocial.g W97M/Antiv.a W97M/Appder.a W97M/Appder.ah W97M/Appder.B W97M/Appder.I W97M/Appder.L W97M/Appder.w W97M/Arbeit W97M/Argh W97M/Armagidon.a W97M/Ashu.a W97M/Assilem.A W97M/Assilem.B W97M/Assilem.c W97M/Assilem.g W97M/Astia W97M/Astia.y W97M/Bablas.a W97M/Bablas.k W97M/BackHand-A W97M/BackHand.A W97M/Balloon W97M/Beast W97M/Bebop.gen W97M/Bench.g W97M/Bench.gen W97M/Berau W97M/Bethlem W97M/Bibdot W97M/Bleck W97M/Blink.worm W97M/Blowup.a W97M/Bobo W97M/Bobo.gen W97M/Bogor.b W97M/Breeze.A (F-Prot) W97M/Breeze.B W97M/Breeze.C W97M/Breeze.D W97M/Breeze.E W97M/Breeze.F W97M/Breeze.gen W97M/Brenda.A W97M/Bridge.a W97M/Buendia.A W97M/Cakes W97M/Caligula.a W97M/Camino.a@MM W97M/Candle.a W97M/Candle.gen W97M/ W97M/Chack.B W97M/Chack.BE W97M/Chack.BZ W97M/Chack.F W97M/Chack.H W97M/Chack.K W97M/Cham.A@mm W97M/Chameleon W97M/Chameleon.a W97M/Chameleon.b W97M/Chameleon.c W97M/Chameleon.gen W97M/Chameleon.src W97M/Chameleon.vbs W97M/Change.A W97M/Chantal W97M/Chantal.B W97M/Chantal.gen W97M/Chantal.src W97M/Chiao W97M/Choong W97M/Chronic (4117 DAT)
    • Sun used to put the dot in .COM .... What does Microsoft put in .NET?

  • by crumbz ( 41803 ) <<remove_spam>jus ... am>gmail DOT com> on Thursday October 25, 2001 @04:11PM (#2479798) Homepage
    The fact that Microsoft software and consequently it's databases can be cracked is not the issue. The issue is that Microsoft is controlling the database itself. The whole is greater than the sum of its parts in this case. The sheer political will that can be wielded by Microsoft as enabled by a universal database is frightening.

    At what point do the privacy activists have to take up guns (real or virtual) to stop this shit?
    • Nobody has to take up guns to stop this shit. Just don't use it. Nobody forces you to get a passport. Nobody forces you to shop at places that use passport.

      You dont need a gun, you already have your pocketbook.

      • Exactly... no way in heck a rational web-based vendor will abandon all non-Passport potential customers... they'll go from dot-net to dot-bomb hehe :)

        Besides, unless you order everything and then some online, what is the big deal in having to re-enter payment information?
      • Sure, just like Social Security cards weren't going to be used as IDs. Just try getting any sort of financial services (i.e. a savings or checking account, credit card, etc.) without one. Now, without having a savings or checking account, try cashing a check you get from your employer (companies often use out-of-state banks). You'll be gouged with a large fee (usually 1-2%) by whoever cashes it. Try investing without it. Try getting a loan. Basically, since there is no law prohibiting banks or other institutions from using your SS# as an ID, it gets done everywhere.

        When Microsoft has control over authentication on the net, the Passport ID will become the SS# of the Internet (and will almost certainly be linked to your actual SS#). Passport IDs will be required for most transactions and then everything you do, online or offline, will be tied to your SS#.

        What's the alternative? Live like a day-worker, stuffing money under your mattress and shelling out a generous portion of your paycheck to someone just so you can the money you worked for.

  • Whit may draw a salary from Sun, but to suggest he's the kind of guy to whore the Sun line at the expense of his own integrity is just plain wrong.

    Whit is one of the original Cypherpunks; and a man who would happily tell his 'boss' Scott McNelly where to sitck his Java national ID card.

    The .NET initiative is a stupid idea. Just because it's in Sun's interest to point this out does not make it any less daft.

    • Could you please point me to the location of Diffie's statement telling Scott McNelly to stick it? I haven't been able to find it.

      He is a whore. That doesn't make him wrong, but he was a founder of something great and now he has turned that into something profitable for himself. Sun gets to use his good name in return for money. Thats the veritable definition of coroporate-whoring.

      Sorry, I respect accomplishments and agree with him on several fronts but he has Zero credibility in this case.
  • Great, two tech companies duke it out to provide the infrastructure to Internet services. We can either get worked by Sun, at least that will be Unix based. Or Micro$oft and we'll just get worked. With the latest developments of XP's release (the beast is loose, the 7 seals have been broken!!) it seems M$ will be able to readily herd the masses of tech incompetent into Passport and .Net services.

    I just hope that MONO can save our souls and our bank accounts. Free open-source services can only succeed with a large enough base of users to dictate to the businesses that will provide the services. I know we spend teh money on tech stuff and /.ers are a lot of early adopters, but do we spend enough cash to make it work? Hope so.
  • How will this really be any different than a mega-corp credit buearau like EquiFax? Not only do they have your credit card numbers, but also your SS#, and your financial life history! Granted, there are more than one credit reporting firm....but they aren't really decentralized, are they?
    • Re:EquiFax? (Score:2, Informative)

      The difference is that Equifax (now Experion) doesn't draw its revenue directly from the consumer -- they don't physically rely on selling things to the mass market for revenue. In addition, Experion functions under a great deal of government restriction regarding what they can and cannot do with the information they possess.
      • A great deal of government restriction? Huh?

        Not that I've ever tried to get someone else's credit report, but I bet it's dang easy. Landlords and employers do it all the time-- as well as many other prospective "lenders" (how else would I suddenly be deluged with "pre-qualified" home equity offers?). Now maybe I'm supposed to have you sign a form authorizing me to look at this information, but I highly doubt anyone is checking for such a form at the credit agency.

        Besides one credit agency can do whatever the other have decided to do-- and as a group, they can all do pretty much whatever they want. Who's going to stop them? The idea that large corporations don't have an immense amount of control over legislation and regulation that affects them, well, is silly. The regulations are more like codified standards than anything else.

        The only thing keeping corporations in check is the fact that the people who work there are actual people themselves-- with ethical concerns and families and friends and stuff like that.
    • How will this really be any different than a mega-corp credit buearau like EquiFax?

      .Net can track not only every purchase you make, but every time you browse to a member website!

      You browse to a site and they bounce a message off of microsoft to log you in. This enhances the customer experience with easy access and customised websites. It also enables more profitable targeted advertizing and funnels users to other member sites for further profits.

      It's a WinWin situation. Microsoft wins, and the member retailers win.
      WinWin? what about the user? ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H ^H^H^H
      Where would you like to go today?

  • by megabeck42 ( 45659 ) on Thursday October 25, 2001 @04:13PM (#2479819)
    They really aren't criticizing .NET languages, software, or architecture. Microsoft is positioning it's passport system to collect phenomenal amounts of information about people without their knowledge. Hence, the attack on privacy.
    • .NET My Services and Passport are evil things. I get the idea that everyone just thinks Microsoft is out to improve programming with .NET and the CLR. This is not the case. There is a major part of .NET a lot of people aren't even aware of. This is the part which was formerly known as HailStorm []

      Sure Passport is evil but it is only the gate by which Microsoft wants to hijack your data. HailStorm is by far the most ambitious attempt ever to eliminate privacy online. Microsoft claims that it eliminates the debate of online privacy by advocating consumer choice. I guess this would be true if you trust Microsoft to protect your information, not just from hackers, but also from themselves and of course the Government which will find a legal or illegal way into this thing somehow.

      Read the white paper [] on Microsoft's plans for .NET My Services. I give Sun the benefit of the doubt right now in developing their plans to compete with this. I would hope since they have the co-inventor of Public/Private key encryption on their side that their solution will not simply be, a big centralized database that Microsoft has cleartext access to.

      I am hoping for some kind of system where if you say want to give a software company access to your Visa credit card you simply add their public key and reencrypt those SOAP objects and you are done. Similar approaches could be taken with anything else. Everyone would have a private key and you could give access to any of your information to anyone else by simply using their key.

      There would be no access controls. You would simply upload your encrypted information to a server somewhere for them to host. I suppose that allowing users to store their private key at a place they trust would have to be a small concession for convenience sake (that is until we can get this done on smart cards or something). But those of us that care about security wouldn't have to do this. []
    • If you read the news stories and press releases, you will see that Microsoft does consider this "part of .NET". That's what the analysts see. That's what the investors see. That's what the regulators see. Or should Microsoft be able to answer every criticism by saying "that's not part of .NET" just because .NET is such an amorphous project?

      The fact is that this system is part of .NET in common language, Diffie rightly criticizes it, and he uses the right terminology for doing so.

    • They really aren't criticizing .NET languages, software, or architecture.

      Exactly. We are building our next generation web applications on .NET, but this has absolutely nothing to do with the so called ".NET initiative" or Hailstorm.
  • by Pinball Wizard ( 161942 ) on Thursday October 25, 2001 @04:14PM (#2479831) Homepage Journal
    Diffie is also the co-inventor of public-key cryptography.

    He's not "just a Sun employee" with a chip on his shoulder, he is a giant in his field. Give the guy the respect he deserves.

    • Just because you are a good engineer doesn't mean you have a clue when it comes to politics (and this is a political piece). It's like a hollywood actress commenting on politics.

      Given how insightful this piece is (*cough*), he should stick to programming.

      • The article is only partly political. While it talks about the political effects passport could have, the article is also largely about privacy and security. Indeed, the political effects passport could have are largely related to privacy and security.

        • While it talks about the political effects passport could have, the article is also largely about privacy and security.

          Name one thing in that article that is about the technical aspects of privacy and security. There are none.

          It's just another biased anti-Microsoft rant. He doesn't even bother to make a point and advocate an alternative. What is he advocating? Passing a law that says Microsoft is not allowed to go into the business? Government control of authentication? Advocacy of Sun's solution?

          • Here's a technical aspect for ya... Having that many people's information in one place under the control of one company that has a BAD track record when it comes to security, is... well, fundamentally a bad idea.

            Sadly, consumers won't be aware of what is going on and will be the ones to get shafted by it.

            Now, as for what should/could be done about this... I don't know. Maybe the guv'ment should put out some kind of warning if enough techincally minded people agree, or maybe other private organizations should, I dunno. Personally, I really don't care, it's not going to affect me.

            Your sig
            "Many innocent Germans died, but that doesn't mean we shouldn't have destroyed the Nazis."

            Damn right. If it can be done, I think it's time to wipe Al Queda out, and the Taliban as well. Help the people setup a new government, try to help them develop an economy that isn't based on drugs... I'm tired of hearing from Taliban/Al Queda sympathizers...

    • He's not "just a Sun employee" with a chip on his shoulder, he is a giant in his field. Give the guy the respect he deserves

      He's a giant in his field. That means pay attention to the parts where he talks about cryptography. However, it doesn't mean he's got any particular insight into the rest of the issues covered.

      He could be like Noam Chomsky, who is a giant in the field of linguistics, but a total goofball in politics, for instance.

      • He could be like Noam Chomsky, who is a giant in the field of linguistics, but a total goofball in politics, for instance.

        Noam Chomsky is always more prepared with references, facts, and evidence to support his ideas, than any politician I have ever heard.
  • The commentary is just a rundown on the Worst Case Scenario. MS takes over the internet, keeps all your personal data on an (in)secure IIS server, and one next day three billion dollars are charged on your credit cards, your SSN is erased, your parents forget who you are, all your teeth fall out, your dog runs away, your truck breaks down...

    (cue evil hacker, chortling with glee)

    I don't think it will ever go THAT far. However, in light of recent "worst case scenarios" which have proven only too possible, I doubt a healthy dose of paranoia is entirely a bad idea...
  • of MS seems pretty obvious. Hopefully the public will discern a ploy as well.. but I think your average computer user will not be interested in their 'vision'. If what they currently use, works, that will keep them away. It's a bad economy so people are going to be less likely to grab at such tenuous upgades as XP and .Net.

  • Why are the same people who moan about the conformist nature of US society (Columbine etc), now turning around and trying to make MS confirm to US ideals?

    I know that America isn't very fond of free speech and democracy (ok, they say they are, but frankly it is one of the single most homogenous and confirmist countries in the world), but attacking MS because they 'don't confirm to American ideals' is frankly absurd.

    The article also says:

    If history has shown us anything, it's that the best protection lies in decentralizing power and promoting competition.

    Eh? Why were all the most successful Empires centrally controlled? Was the Roman Empire decentralised? Sure, they had some degree of devolution, but Rome was still the boss. The best economies have always been centrally and state controlled. For example, the USSR's economy increased 900% from a feudal economy in 1918 to a modern industrial state by 1928, under a communist regime. The US itself has put the economy under state control in wartime - the biggest growth period being WWII, which dragged america out of the depression.


    For more than two centuries Americans have prided themselves on protecting their freedom by limiting the concentration of power.

    This is completely fallacious. The history of the US is a hostory of power centralisation in the hands of federal government. The states have been emasculated, and now the same is happening in the EU wrt the nation states of Europe. America isn't about independant thought, democracy or devolved power at all - it is about centralised government control, confirmist attitudes (what other country would invent phrases like 'Anti-American' and 'The American Way' in the first place? I mean WTF?) and a lack of democracy thanks to having no real options in the democratic process.

    Lies like this article should be combatted by radical politics, IMHO. Agitate!

    • they 'don't confirm to American ideals

      Americans treat "America(TM)" as a religion. The arogance people dislike about America and their nationalism is really extreme and very telling... it speaks to why they are conformist, why McCarthyism is happening again w/ The War on Terrorism .

      Americans dont like debate, they dont like free speach, and they havnt a clue what democracy is. Americans are asleep at the wheel of a very powerfull (at this point in history) country and it is headed straight for a tree. Terrorism is as "American" as anything, think about the CIA, the Civil War and the "American Revolution" which to the British at the time was certainly "Terrorism".

    • I'd argue with the Central Empire theory.

      1. While the Soviet Union may have industrialized to a point from 1918 to 1928, Imperial Russia was not a "feudal economy". It was a curious fusion of Industrial Europe and feudalism. All the Soviet system did is change the type of feudalism. And by no means was the post-Czarist system anymore efficent than the system before the revolt. During that communist regime, the transition was just more bloodthirsty than it had been under the Czars. 20-35 million dead from starvation? Even into the 1990s during the summer the Russians have to set aside large parts of the Army to assist in harvest collection because in the last 70s years they've not figured out how to do it efficently.

      2. Much of the power in the United States remains de-centralized in the hands of the local state governments. While some of the powers that EU member states still enjoy like - Treaties, Tarrifs - were taken from the states in 1789. But, over all not that much power has been centralized in the Federal government, if you take into account it's been more than 200 years. If you look at laws from a Macro, rather than a Micro POV, you will see that States and Counties in the United States handle much more of the day to day rule of law than the Federal Government has.

      3. I would rather have a Democratic Government at the local and state level and a Republic at the Federal level simply because, a person is smart, but people are stupid. A direct democracy would turn into an anarchy or a theocracy quickly.
    • Ok, you are a troll, and here's why:

      Your name is euroderf. Get a clue, no self-respecting European would call themselves that.

      You complain about conformity, and then advocate consolidation of power. LOL. Btw, if you really had seen europe in your life, you wouldn't call their nation-states "emasculated." And if you had a brain larger than a small ferret you wouldn't compare the U.S.S.R.'s centralized military, secret police, and miscellaneous thugs to the Feds in the U.S. Ha!

      Lastly, radicals don't call themselves radical, in so many words. Your final sentence exposes you as a complete poseur. You'd be better off as a right-wing troll. Or one of the gay first posters.
    • For example, the USSR's economy increased 900% from a feudal economy in 1918 to a modern industrial state by 1928

      The Soviet economy only lasted until the late 20th century because the Soviets stripped the wealth from all of the satellite states it controlled. As time went by, they needed to steal more and more wealth from these other countries to make up for their inefficiencies. Eventually it reached the point that they could not steal anymore. This was one of the major factors in the collapse of communism.

      I won't even bother to discuss the murder of 20 million Soviet citizens to "advance" the Soviet Union.

    • *sigh* Why am I responding, ah well.

      Eh? Why were all the most successful Empires centrally controlled? Was the Roman Empire decentralised? Sure, they had some degree of devolution, but Rome was still the boss.

      The Roman Empire fell *because* of centralization. Everything was going to hell on its borders, but no one noticed, because the Emporer kept Rome itself filled with all the resources they needed. Why isn't the British Empire still with us? Sure, Britain *technically* controls a lot of territories (Canada only got its "independence" a few decades ago), but their real control is very little. Why? Because decentralizing government and allowing Canada, Australia, etc to have a prime minister was the better choice.

      Anyway, I could go on, but the whole post is so riddled with troll-lets, it's not worth it. I've got to admit I'm impressed with your user# though - happy karma-burning!
  • Despite Sun's shady dealings and anti-competitive practices, this really isn't the time for an ad hominem attack. The piece presented is very well written, and outlines the dangers of Microsoft's .NET quite thoroughly.

    My chief worry is that if .NET were to become a reality, it would be mandatory to have an entry in the Passport and Wallet databases. I have some serious issues in letting a consumer-driven company have not access to all of my personal and financial information, but complete autonomy in using it -- the EULA for Passport reads much like the standard Microsoft EULA -- e.g., Microsoft owns all of the information you put into it.

    The point about Microsoft's securty track record is also quite valid; I know I will never trust my credit card numbers to a company that can't even keep internal email, well, internal.
    • Let me ask you something, this is a serious honest to goodness question, so please answer it.

      IF MS has your CC, and then gets hacked, and someone runs off with your CC number, why do you care?

      Your maximum liability is $50. Thats it. You can never be held accountable for more than $50. Thats it. I mean, $50. Its a chunk of change, but its not $500 or $5000 or $50,000. Its only fifty-bucks.

      So whats the big deal? Send me an email and I will give you my CC number, my name, address, and even my SSN. My only big worry is identity theft, but I've been through it before and its not all that bad. So whats the big deal? What exactly are you trusting them with?
      • Your maximum liability is $50. Thats it. You can never be held accountable for more than $50. Thats it. I mean, $50. Its a chunk of change, but its not $500 or $5000 or $50,000. Its only fifty-bucks.

        Theft does not create value. If your number is stolen you personally may only be out $50 bucks, but someone is out much more. That money has to come from somewhere, and in the end it means higher interest rates, higher card fees and higher merchant fees (which effect everyone, not just people with credit cards). It is not "only fifty bucks".

  • Initially, I thought .Net was going to be a bunch of online services, but it seems to just be the marketing buzzword.

    They're slapping it onto the end of everything they own though. They have .Net plastered on the Hotmail site. So is Hotmail a part of .Net, or is .Net part of Hotmail? Is .Net a bunch of new APIs, like ADO.NET? What makes them different than the old APIs then? Is it just an ambiguous term right now so it looks like MS is creating something truly new?
  • There is much in .Net that should prove useful, particuarly with several Open Source implementations of the .Net API in the works (Microsoft even seems to be supporting these). Ultimately it will be possible to run the same software on Linux and Windows without modification - and that benefits all. The real problem is with Passport and the other efforts at centralization. Unfortunately some centralization will always be required for this type of thing, be it Visa, Microsoft, or Paypal. There may be ways to decentralize it, but it would be much more difficult and expensive to do that, which is why M$ has probably not taken that route.
  • is that while it has merit, it tries to make ".NET" a giant monolith thing.

    Its not.

    The Passport portion is the most controversial part of the .NET initiative, but a more interesting technical piece is the Web Services piece that uses UDDI/WSDL/SOAP.

    Frankly, .NET is going to be the other big player along side Java. Could it be that Sun would like to purposely indict all of .NET by using the most controversial piece of .NET to criticize it?

    I think its the equivalent of smearing Java by claiming Sun won't release it to an ISO standards body.

    Its true, its just not a complete picture of what's going on.
  • FUD, noun, from "Fear, Uncertainty, Doubt", a word coined by Apple supporters to describe a strategy used by the company's critics to spread misinformation intended to scare potential customers away from the company.

    First of all, these people don't seem to understand the difference between the .NET development platform, and the authentication service. Quite frankly, I think they DO know the distinction, and that they don't make it is indicative that this more misinformation from Sun.

    But I love some of the other quotes...

    Since all users of Microsoft's free Hotmail service have Passports, many unknowingly, there are already 160 million Passport users.

    I love the use of "unknowingly" here, as if it makes a difference whether you are in one Microsoft database or another Microsoft database. Let's spread that fear!! First of all, that's not 160 million unique users. I would be shocked if 25% of those were active users. It's probably much lower. Second of all, you need hardly any personal information to get a Hotmail account, so most of that information is not that useful.

    There are tons of other crap in that post, but I'm bored with Sun's crap already. It's just more of the same.

    This is why I far prefer Microsoft holding power over the other monopoly wannabees Sun and Oracle. At least Microsoft doesn't play games. They tell you exactly what they want to do.

  • I have the feeling this arguement is only preaching to the choir.

    If only we could boil it down to a 30-second Tom Brokhaw comment and still convey the clarity of Diffie's message.

    My off topic comments aside, I did enjoy the way passport/hailstorm are likened to the corporate monopolies of the late 19th and early 20th century.

    - RLJ

  • Recently I attended a presentation from Sun Microsystems, which among other things, covered SunOne and Project Liberty. These parts of the presentation probably weren't NDA (the SunOne might have been... so I won't go into too much detail about it).

    Basically, SunOne looks at things from the point of the individual corporation. It is an interesting way to align IT assets to face (and view) customers, vendors, equipment, etc. It has quite a number of layers, but uses open protocols all the way. Very interesting. The only downside I could see is that it would be difficult for a large company to implement because of the scope of changes that would be necessary.

    Project Liberty, in their presentation to us as a business, still stressed the important of privacy. What was the term they used? Something like a Federated... forgot... basically, a number of authorities on different things, with no one person holding all of the 'directory'. They said that in .Net My Services (or whatever name it is going by... Hailstorm, etc), Microsoft would be the holder of the directory, and therefore, in a position of extreme power.

    I'd certainly like to hear a counter-view on both, but .Net/Hailstorm's potentials for incremental billing of 'computer services' and privacy issues have got me a bit concerned. And I'm not a privacy freak.
  • I'm going to conduct a personal experiment in the coming years. I'm going to steadfastly refuse to ever log on to passport in any way, shape, or form. I'm betting that a reasonable number of web pages (not "services", thank you) will still be available to me. I assume that passport logins are - or will become - incestuously integrated into XP, so of course I won't touch that OS with a ten foot pole (among other reasons). If this ultimately means not surfing the web, I'm not ruling that out. If it means not working for a particular set of companies, I'm prepared; I'll even state contractually that as a condition of employing me I shall never log in to passport.

    Perhaps I'll just eventually do the equivalent of a survivalist who lives in a mountain cave: form my own local community LAN and have that be as much contact as I have with the web. I want to see just how hard or easy staying completely passport free turns out to be.

    Bring it on, Billy. Your rugged good looks haven't worked their magic on ME.

  • Seems like this author is pretty good at it. True, Sun has it's own motivations, but this article seemed to say exactly what I've been thinking, and did so in a much more eloquent manner than I'm capable of. This comment in particular illustrates the exact problem with Microsoft .NET:

    Just as kings got to grant or deny royal charters to businesses, the Redmond giant, if successful, may be able to say who can do business on the Net and who can't.

    In reality, that is what Microsoft is aiming for as they have already attained a similar situation with their operating system. They have also used their OS to leverage other monopolies and with the wide range of impact .NET would have if it were a monopoly, Microsoft just might position themselves to monopolize everything. Yes that is doomsday talk, but if you analyze the situation, it's really not that wild of an idea.

    It will be a sad day if retailers stop offering online purchases to those who aren't .NET members. Linux has the power to bring down the Microsoft OS monopoly. In my opinion this is a big motivation for the developmentof .NET. If .NET becomes a monopoly and there is no other way to make a purchase online, what kind of competition could bring it down?
    • So then explain to me how misinformed I am. Everything I've seen about .NET points to a centralized online purchasing center. Companies have to pay Microsoft to maintain this center and allow the companies to funnel their purchases through it. Customers sign on and can make purchases on any web site that uses this .NET. My fears arise out of the fact that Microsoft has demonstrated a propensity towards illegal action, specifically monopoly leveraging. I'm afraid they will use their monopoly in the OS to creat one for .NET, and what they will use that one for is unimaginable.
  • I'm really surprised that nobody has pointed out the obvious security problems besides the potential for your information to be leaked.

    .NET exposes programming APIs through HTTP.

    Does anyone think this INCREASES security? This increases the complexity of the exposed interface by quite a bit. Instead of having code that handles GET and PUT requests, you now have arbitrary functions exposed.

    Not only that but it's easy to create SOAP objects and "publish" them. Any monkey with a VB book can do it.

    Microsoft can't even keep IIS secure. How in hell are they going secure gazoodles of .NET services? The whole .NET is, IMHO, a security clusterf--k waiting to happen.

  • 100% agreement. Any benifit procured by of /anyone/ centralizing all my information is far outweighed by the potential security risks associated with a central store approach like .NET

    The only conceivable climate in which people would accept, in droves, this kind of information collection is if they perceive they have no choice or are unaware of the whole thing in the first place (as noted by the writeup, many hotmail users fall into this category). And guess what? MS is entrenched enough into our infrastructure such that you really /dont/ have a choice. I don't think we've seen the last of the anti-trust suits.

    Unfortunately, I suspect that MS is relatively safe until the economy is back up 'n running, for obvious reasons. But I truely do believe MS is headed for a serious butting-of-heads with the public at large following their inevitable first security fiasco.
  • but when are we going to see a passport interface to Slashdot ?
  • Forget for a second that Microsoft products suck. It still makes no sense to have inoperable products. Microsoft continues to integrate MSN and Passport into everything they make which leaves all of the rest of us scratching our heads. I don't use a Passport or MSN nor will I. It's not that it is Microsoft, it's just not what I want. So I cannot use XP and all it's supposed advantages.

    Seems to me that they don't recall the 80s and the disparate systems we all had. Tandy, Amiga, Apple, one had the same damn thing. It was nearly impossible to work unless everyone was the same. What happened? Lots of companies went under that didn't become interoperable...
  • although i think that diffie and landau make good points, they stop short of offering a solution or alternative route.

    sun would do well to step up and offer some sort of open-source super-secure passport-type solution. because there IS human need for something of the sort. people mostly have to spend way too much of their time coaxing their computers to do what they want -- setting up their DSL, filling out all those stupid forms at every single website, whatever. very few people enjoy the types of mundane tasks that passport is trying to save them from. in the same manner, whoever makes setting up a network exactly as simple as plugging in a telephone is going to be really damn rich. it doesn't make people who want such simplicity STUPID: it does mean that they think they have better things to do with their time than set up their preferences on every machine they use. microsoft is trying to capitalize on that.

    alternately, the government could pass laws that hold companies liable for letting users' personally identifying information get hacked into. maybe companies would think twice before accumulating all that data in the first place.
  • One of the things that might balance out this power is simple: proper scale of reward and punishment. If Microsoft could be punished immediately and strongly if Passport failed in its security, and if there was a second organization that could be rewarded immediately and strongly if they could cause Microsoft Passport to fail, they we might have a mechanism to keep it safe. Something like this would need to be supported unequivocably by the government. Perhaps a $1,000,000,000 bounty on the security of Passport would be appropriate, taken from Microsoft's cash reserves in trust. The reason this might be good, is that a centralized repository of information would actually be really convenient and if it was secure would provide a lot of real value to people and therefore the economy. As an aside, I thought it ironic that the authors dismiss the issue of corporate power so offhandedly. Certainly corporate power is one of the major issues of the late 20th and early 21st centuries.
  • Especially considering that their .Net "competior" not only collects just as much information, but shares it with many OTHER large businesses.

    I don't think the fact that their annoucnement a month or so came with the backing of 2 major airlines, 3 banks, a plethora of retailers, mjultiple financial institution, etc. was an accident.

    Don't get me wrong, I'm not really for the .Net plan either. However, Sun is the pot calling the kettle black here.

  • I hate to have to say this again (I hate to have to say this at all) but it is sad to see how Mr. Diffie, who in 1975 stood up against such institutions as the NSA to publish revolutionary crypto articles, is now reduced to being a mouthpiece for sun.

    The article says nothing that hasn't been said before and offers no alternatives. How can this service be offered in a secure way, in a way that will not concentrate all the power in one place yet still offer the same benefits? This is the question to be answered. We all know of Microsoft's track record, we also know of Sun's. We are aware of the obvious risks involved in such a service but we can also see that this is the way the world is heading right now.

    Several companies have tried to offer similar or partial services to what Microsoft is now suggesting, all of them failed. Now, Microsoft has never been a great innovator but once it puts its weight behind an idea it tends to lift off (eventualy). What are the checks and balances that we must demand of Microsoft (or any other would be service provider) to install in the system so that we can feel relatively free and safe to use it? Why should we choose Sun's alternative service when it is here? Simply because Sun's security is seems to have improved lately? I don't think so. When someone tries to answer me those question I'll respect their opinion, until then I can only stay disapointed.

  • Secrets & Lies (Score:2, Insightful)

    by Khelder ( 34398 )
    For more about why programs are getting less secure as time goes by, not more (and other interesting security-related topics, too), I highly recommend Secrets & Lies: Digital Security in a Networked World [] by Bruce Schneier. (/. had a review [] of it last year.)
  • by Zeinfeld ( 263942 ) on Thursday October 25, 2001 @05:26PM (#2480345) Homepage
    Reading the article again I think it is quite likely that Whitt has quite a different target in mind from the one that people think.

    Although Whitt 'invented' Public Key Cryptography he is not a cryptographer in the sense many on the list seem to think. He is not interested much in algorithms, of the 20 odd times I have heard him speak in public or private I can only recall one occasion where we were discussing an algorithm and that was in the context of the Venona decrypts.

    Whitt's almost exclusive interest is public policy concerning privacy and security. While Whitt has probably cleared his talk through Sun's PR office he is quite obviously the instigator of the piece.

    The point he is making is much broader than .NET, as I am sure Whitt will explain later on. For the time being however it makes tactical sense to identify the problems with newly proposed schemes even though the real exposure comes from existing databases.

    What I believe Whitt is up to is re-interpreting the privacy concerns of the pre 9/11 world as security threats in the post 9/11 world.

  • You're either against .NET and pro SUNW, or you're with the terrorists.

    Did anyone expect Sun to say anything other than "Not only is .NET technically inferior to our offering, but it's bad for US society". The only reason that they're not saying ".NET will cause the death of baby seals worldwide" is because you can prove that baby seals worldwide aren't dying.


    Ok ok ok ok OK!! it's a MS funded site, nevertheless, the code is available and you can judge for yourself: should you stick with Sun and their J2EE or should you prefer .NET with f.e. C# ? According to this test (the J2EE petshop example) the choice is a no-brainer.
  • Bah. Why should we listen to this "Diffie" character? I mean, what kind of a security expert is he anyway? It's not like he contributed anything useful to the field or anything... ;-)

Each new user of a new system uncovers a new class of bugs. -- Kernighan