Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.


Aparently the idea that if you say it often enough it'll be true only works when your audience isn't trained to be suspicious and eternally vigilant against assult (internal or external). I think the best part of the article has to be Spaff's quote: "With open source, there is no need to wait for a large software firm to decide if a set of changes is in its best interests." I love that about Spaff, despite the fact that he's no Open Source lover, he calls 'em like he see's em, no matter who's funding his research.

I could go on for hours about how MS really doesn't understand security and/or what security people care about, but I'll spare everyone that pain. Instead, I propose a better marketing strategy for MS with regards to the DOD: make the case that having a heterogenous network is good for them. MS can't approach the DOD they way they did the free market in that the idea of a homogenous network is a security risk and will be flatly rejected by anyone in the DOD with a lick of sense. Therefore, MS should make a strong case that security-critical systems not have single points of failure in a common codebase (defense in breadth). As a security person, I can put faith in that argument, and it'll keep MS in contracts for the forseable future now that OS X is Unix based. Will they be that cunning? No, but at least it won't be my fault that they failed...sigh...