H
Hugh Candlin
Gary
Your dialogue with Hugh and others was interesting to read <g>. May I single out part of one paragraph you wrote which, to me is the
best justification I have seen, as to why the CD will be helpful.
"I *do* see it as being extremely useful to anyone who is performing a clean install of older Windows systems. In fact, I suspect
that this CD will provide a way for persons to "over-install" an existing system, or "upgrade" from Win98 to 98SE, and be able to
restore their system to a state of sanity that until now was not usually possible after such procedures."
HC: That is true, and always was true, and was never disputed.
While this dialog (Gerry), diatribe (Gary) or proposal (Hugh)
has gone way beyond that, the original statement was intended
to comment that users needed to be aware of the time decay
inherent in the content of the CD.
Hugh's line "Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.
There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible."
This is too puritanical for my taste. Changing "the" to an "a" before "base component"
makes the first paragraph more palatable to me.
HC: While I reserve the right to change my mind once I have mulled that over,
at the moment, I can live with that change.
With the benefit of hindsight I think Microsoft should have adopted Hugh's line on security
but regrettably they did not so we need to move on.
HC: I and many others had the benefit of foresight. Security of computer systems is
and always has been a primary concern. Bill Gates was on the opposite side
of the fence. He used a computer without authorization in his salad days.
He had no concept of what security requirements were needed. I am not sure
that he understands it today, judging by Microsoft's actions and also lack of remedial action.
To say Microsoft acted irresponsibly, in my view, goes too far
HC: Time out. Nobody said that.
as it presumes that Microsoft were or should have been aware of the dangers
and should have built in more security.
HC: While I didn't make the statement that you read into this,
the presumption that you mention is indeed valid.
The cost to them of their mistake, in terms of loss of face and rectification costs,
must have been, and is continuing to be, colossal so one would hope / expect them
not to make the same mistake again.
HC: One would hope, if they know what to do and how to do it. They don't.
Not in my humble opinion. Microsoft does not and never has understood
the enterprise. Microsoft employees spend much of their time cloistered.
They have no concept of reality in terms of the problems and issues faced
by corporate employees and home consumers alike as they conduct their
business and personal affairs on their business and personal computers.
If they never get out on fact-finding missions to "learn the business",
then how can they expect to solve the problems?
--
~~~~~~
Regards.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
(e-mail address removed)
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Ummm, Hugh... How long do you think folks are going to sit around and wait for this perfect OS to be developed? Solving one problem
at a time is what computer science is all about. A computer system, secure or not, is worthless if it can't also perform tasks that
are requested of it, using the technology available, and within the environment that is currently extant. We all have perfectly
secure systems available to us. Pull the plug and you got one sitting right in front of you (so long as you can keep anyone else
from plugging it back in.) I do not know of *one_single* perfectly secure computer system in the entire world that actually does
anything or contains any data worth keeping "secure". So long as there is an interface with that data, it is not secure, almost by
definition.
Dream on. "Solid, Secure, Transparent." Mutually exclusive conditions.
I do not consider myself irresponsible or lacking a base, and I categorically refute your premise. It CANNOT be done.
There is no such system. Not even possible on paper. Thus there can be no such person or corporation, now or ever.
Probability, based upon simple understanding of business dynamics. Also irrelevant to the subject at hand.
Diatribe, yes. One which I suspect is born of understandable frustration. But if you insist on speaking in absolutes, you put most
realistic discussion beyond the pale.
Change is always inevitable. But I see nothing even remotely resembling your dream OS anywhere on the horizon (which I guess is to
be expected, since it's a mathematical impossibility.) Yup, the position is up for grabs, and always has been. And I don't see any
better candidates for an even reasonably "Secure System", anywhere. Not any that are also even remotely within the realm of
mass-production with braod consumer appeal.
If you could, I suspect you would. But can you at least establish some reasonable discussion points?
I see no real analysis, only diatribe. Sorry, Hugh. I like and respect you, but we've found your blind spot. Yes, systems that are
more secure will be developed, and paradigms will change, particularly those involving the definition and practice of computer
security. But in the end, the PC world is as close to being purely democratic as anything else I can think of--and you know what
they say about democracy.
Your dialogue with Hugh and others was interesting to read <g>. May I single out part of one paragraph you wrote which, to me is the
best justification I have seen, as to why the CD will be helpful.
"I *do* see it as being extremely useful to anyone who is performing a clean install of older Windows systems. In fact, I suspect
that this CD will provide a way for persons to "over-install" an existing system, or "upgrade" from Win98 to 98SE, and be able to
restore their system to a state of sanity that until now was not usually possible after such procedures."
HC: That is true, and always was true, and was never disputed.
While this dialog (Gerry), diatribe (Gary) or proposal (Hugh)
has gone way beyond that, the original statement was intended
to comment that users needed to be aware of the time decay
inherent in the content of the CD.
Hugh's line "Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.
There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible."
This is too puritanical for my taste. Changing "the" to an "a" before "base component"
makes the first paragraph more palatable to me.
HC: While I reserve the right to change my mind once I have mulled that over,
at the moment, I can live with that change.
With the benefit of hindsight I think Microsoft should have adopted Hugh's line on security
but regrettably they did not so we need to move on.
HC: I and many others had the benefit of foresight. Security of computer systems is
and always has been a primary concern. Bill Gates was on the opposite side
of the fence. He used a computer without authorization in his salad days.
He had no concept of what security requirements were needed. I am not sure
that he understands it today, judging by Microsoft's actions and also lack of remedial action.
To say Microsoft acted irresponsibly, in my view, goes too far
HC: Time out. Nobody said that.
as it presumes that Microsoft were or should have been aware of the dangers
and should have built in more security.
HC: While I didn't make the statement that you read into this,
the presumption that you mention is indeed valid.
The cost to them of their mistake, in terms of loss of face and rectification costs,
must have been, and is continuing to be, colossal so one would hope / expect them
not to make the same mistake again.
HC: One would hope, if they know what to do and how to do it. They don't.
Not in my humble opinion. Microsoft does not and never has understood
the enterprise. Microsoft employees spend much of their time cloistered.
They have no concept of reality in terms of the problems and issues faced
by corporate employees and home consumers alike as they conduct their
business and personal affairs on their business and personal computers.
If they never get out on fact-finding missions to "learn the business",
then how can they expect to solve the problems?
--
~~~~~~
Regards.
Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA
(e-mail address removed)
Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Gary S. Terhune said:Are you ready for a major "the way I see it" speech? Here it is--"The Way I See It", by Hugh Candlin.
Fair's fair said:Security isn't something you dink around with, "solving" one problem at a time,
until you get it right, because you are never going to get it right that way.
Ummm, Hugh... How long do you think folks are going to sit around and wait for this perfect OS to be developed? Solving one problem
at a time is what computer science is all about. A computer system, secure or not, is worthless if it can't also perform tasks that
are requested of it, using the technology available, and within the environment that is currently extant. We all have perfectly
secure systems available to us. Pull the plug and you got one sitting right in front of you (so long as you can keep anyone else
from plugging it back in.) I do not know of *one_single* perfectly secure computer system in the entire world that actually does
anything or contains any data worth keeping "secure". So long as there is an interface with that data, it is not secure, almost by
definition.
Security should be integrated into the product to the extent that Security
is the base component of the product, and the features of the product
are built upon and around that solid, secure, transparent foundation.
Dream on. "Solid, Secure, Transparent." Mutually exclusive conditions.
There is NO other way, and NO other way should be considered.
ANY suggestion that this cannot be done is baseless and irresponsible.
I do not consider myself irresponsible or lacking a base, and I categorically refute your premise. It CANNOT be done.
If the current market leader cannot and/or will not accept that fact,
then the market will turn away from them to someone who will.
There is no such system. Not even possible on paper. Thus there can be no such person or corporation, now or ever.
Many years ago, Bill Gates publicly agonized over the possibility,
that Microsoft would follow the normal corporate bell curve to oblivion.
Or was it probability?
Probability, based upon simple understanding of business dynamics. Also irrelevant to the subject at hand.
I could add a disclaimer here that, despite the probability that this missive will be
perceived as a diatribe against Microsoft, nothing could be further from the truth.
Diatribe, yes. One which I suspect is born of understandable frustration. But if you insist on speaking in absolutes, you put most
realistic discussion beyond the pale.
I am perfectly OK with Microsoft maintaining its position as the supplier
of the #1 desktop operating system. But right now, that position is up for grabs,
and if Microsoft doesn't learn to innovate and think outside the box they are in,
then change is inevitable.
Change is always inevitable. But I see nothing even remotely resembling your dream OS anywhere on the horizon (which I guess is to
be expected, since it's a mathematical impossibility.) Yup, the position is up for grabs, and always has been. And I don't see any
better candidates for an even reasonably "Secure System", anywhere. Not any that are also even remotely within the realm of
mass-production with braod consumer appeal.
I could, but I won't.
If you could, I suspect you would. But can you at least establish some reasonable discussion points?
It is easier to criticize me for being analytical than it is to address the fundamental flaws
that need to be addressed. And they WILL be addressed.
It simply remains to be seen, by whom.
I see no real analysis, only diatribe. Sorry, Hugh. I like and respect you, but we've found your blind spot. Yes, systems that are
more secure will be developed, and paradigms will change, particularly those involving the definition and practice of computer
security. But in the end, the PC world is as close to being purely democratic as anything else I can think of--and you know what
they say about democracy.