On Sun, 2003-07-27 at 12:25, David R. Piegdon wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > IMHO it is TIME to sue corporations like microsoft for their stupidity > - and their believe that people/customers are even more stupid. > they sell their software and tell about their "great security-concepts", > but they actually do nothing about it.
Actually, much as I absolutely despise microsoft (I'd be overjoyed for weeks if they closed doors permanently), they -are- doing a lot about security. For the short term, they're sending (have sent?) all their programmers to security training. This is but a band aid, but it is considerably better than nothing, and better than the opensource movement is likely to emulate (fully), simply because the places where programmers learn programming generally don't take this seriously. For the long term, and more importantly, they're pushing a move to interpreted languages, meaning .net. .net is evil. .net must die. But .net makes a lot of sense which we should not fail to learn from. I cannot emphasize enough that the opensource crowd (of which I am a part) needs to learn from this. Stop writing software in crappy languages like C if you want it to sit next to the network on a machine, and possibly even if you're only running in the soft, chewy center. Give up languages that make buffer overflows too damn easy. It's not enough to say "the programmer should know better", because OBVIOUSLY many do not. Use python. Use ML or a variant. Use lisp. If you have to use that excuse for line noise called perl, go ahead. Anything that doesn't put the programmer perilously close to buffer overflows! Turing (which is designed from the beginning for safe systems programming) or Modula-3, or Eiffel or Sather are good too, if you absolutely cannot give up the speed of a compiled language. The latter three all have respectable free implementations available for linux and others, as do all of the interpreted languages mentioned. They make vastly more sense than C. Even if -you- know what you're doing as a developer, that -doesn't- mean that every last maintainer that comes after you will. So yes, microsoft reeks to the sky, but it's not true to say that they're doing nothing about their security problems. Weak arguments against microsoft posed as strong ones hurt opensource's credibility. -- Dan Stromberg DCS/NACS/UCI <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
