2011/7/6 Vamsee Kanakala <[email protected]> > On Wednesday 06 July 2011 07:22 AM, Yogesh Girikumar wrote: > > So I was thinking writing an open letter to those douc***ags in plain > > english on what this is all about and how and why they should rethink > about > > using proprietary software that rely on security by obscurity. > > Writing an open letter is all fine, but you have to think from their > shoes. These companies are led by bureaucrats who haven't been trained > in god knows how long and they simply don't know any better in most > cases. Most junior-level employees who can effect changes don't have any > power to do so or the will to fight the system. > > If you go and meet these guys, the response will most likely be, "thanks > for bringing it to our attention. So who can set this up and give us > SLAs, and where do we sign?". So unless you're approaching them with a > reasonably complete solution that addresses this problem, you can mostly > expect as much animosity as you're showing them in return. > > So instead of writing them an accusatory open letter that is only likely > to get them even more defensive, try meeting any of them and ask, "this > is what I do for a living, how can I help?". That would help you > understand the challenges they're dealing with, and help you propose a > more meaningful solution. >
Vamsee, I can't agree more with your point. There are people the government can turn to for help in these matters. I can think of CDAC and NRCFOSS. I'm sure that Microsoft did nothing more than to just sell them IIS. What about the guy(s) who designed and developed the site. If it's merely a website that people visit to learn more about the agencies, then there's not much to worry. But if there's sensitive data that's at risk of being "siphoned off" then it's a different story all together. -- Y _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
