Related link: http://www.wired.com/news/technology/0,1282,46272,00.html
Microsoft released Microsoft Personal Security Advisor (MPSA), a web-based tool that scans PCs for security holes, available patches, and insecure system settings, and reports problems and solutions to the user. Surprise! Experienced users who thought they were vigilant about security — installing patches, checking security alerts, and using anti-virus software — found themselves blown away by the results:
“Oh my god, I can’t believe all these holes,” said Terry Montono, a high school computer lab teacher. “I lecture my kids about keeping up with patches and I thought I was doing a good job of keeping my computer clean. But it’s like there’s a secret basement in Windows 2000 that’s filled with huge cracks that will let people enter my computer.”
I see this as a gargantuan chink in the .Net armor; how in the world will you make people entrust all their personal information to Microsoft, while revealing (by hook or by crook) the swiss-cheese security that plagues their web server, OS and web browser? Invasions of the Sircam and Code Red internet worms within Microsoft itself have proved MS to be unable to secure their own corporate servers, even after releasing patches that “fix” the exploits crackers use against them.
Yet again, a reason to use an Open Source OS.
Related link: http://www.siliconvalley.com/docs/news/depth/mp3082101.htm
Hard to know whether these copyright hounds are complaining about the existence of a database, or about the basic technology that made digital music popular.
Related link: http://news.cnet.com/news/0-1005-200-6881773.html?tag=owv
I can’t even count the number of things broken on my Windows machines by installing Windows Media Player or previous IE Service Packs, including disabled DVD drives, crashing loops, and all-out reinstalls of the OS. Now, anyone who uses Windows Update in any normal fashion (or, with Windows ME, is repeatedly pounded over the head to update their system) will lose the ability to use Quicktime and other plugins in IE. Infuriating.
There are two disconcerting effects of this move: first, Microsoft has already decided to leave out Java from Windows XP, so ActiveX will be the only glue for desktop-to-web connectivity, web apps, and other client-side applications where plugins or Java are usually deployed.
Secondly, ActiveX is a notorious security hazard. Like no other browser component, MS has had to release security patch after security patch to plug the holes in ActiveX. Considering the recent damages created by the Code Red virii, which exploited Microsoft’s IIS, and the recent discovery of another security hole in Hotmail, Microsoft’s reputation for security is atrocious.
Sadly, the process by which security problems are fixed — Service Packs and Windows Update — is the same process MS has just used to disable compatability with competing technology, and require the use of a less secure alternative. How does this bode for a .Net future, where MS controls the flow of entire applications, databases of personal information, and the authentication mechanism — Passport — to access them?
Related link: http://razor.sourceforge.net
Using nothing fancier than some cryptographically-secure hashing, and a distributed database or two, Vipul’s Razor might just be the new millenium’s best hope in the war on spam.
From the project homepage: “Vipul’s Razor is a distributed, collaborative, spam detection and filtering network that exploits the broadcast characteristic of spam distribution to limit its propagation. The primary focus of the system is to identify and disable an email spam before its injection and processing is complete.”
Have you ever played a game called Jenga? The idea behind Jenga is that
you start by making a tower of blocks. Each player removes a block from
somewhere in the tower, and moves it to the top of the tower. The top of
the tower looks tidy, but it’s very heavy and the bottom of the tower is
growing more and more unstable. Eventually, someone’s going to take away
a block from the bottom and it’ll all fall down.
I came into Perl development quite late, and I saw a very intricate,
delicate interplay of ideas inside the Perl sources. It amazed me how
people could create a structure so complex and so clever, but which
worked so well. It was only much later that I realised that what I was
seeing was not a delicate and intricate structure but the bottom end of
a tower of Jenga. For example, fields in structures that ostensibly
meant one things were reused for completely unrelated purposes, the equivalent of taking blocks from the bottom and putting them on the top.
One man’s elegance is another man’s collection of dirty hacks - the
reason the tower of Perl’s source code looked as intricate as a paper
doily was because, like the doily and like the Jenga tower, it was full
of holes! New advancements in Perl meant that the tower climbed ever
higher, but at cost of stability to the base of the tower.
Pseudohashes were pretty much the last straw. When pseudohashes were
implemented, a whole heap of blocks were taken from the very bottom of
the tower and dumped rudely on the top. Unsurprisingly, the whole
structure got top-heavy, more unstable and more difficult to manage.
Thankfully, unlike the game, we as Perl developers can take the bricks
back and put them where they were - pseudohashes are being excised from
the Perl core.
But as we progress in our development and add shiny new things to the
top of Perl’s tower, we’re making the bottom more unwieldy. One of these
days, at least some part - if not all - of the tower is going to collapse.
This is why we need Perl 6. We now know what our tower should look like,
and we need to build it from that design right from the start.