[svlug] [Fwd: Warning: could not send message for past 4 hours]

[Don Marti]

On Mon, Oct 30, 2000 at 01:32:44AM -0800, kmself at ix.netcom.com wrote:

> Still, if you do run across any illicit MSFT sources, you're probably
> best advised *not* to view them if you're actively involved in free
> software deveopment.

Or ever want to be.  If you were hiring someone to do free software
development, would you hire somebody who had seen Microsoft code?

> Also, FWIW, the fundamental issues of Legacy MS Windows insecurity
> largely remain -- the crack's alleged low severity is more a matter of
> luck and (by appearances) a dilligent security team, not any inherent
> security of Microsoft networking and systems protocols.

There's always a tradeoff between security and convenience. Microsoft
just draws the line further toward the latter than most OS vendors
do. (Except the crack-addled "Install everything the University of
Washington ever released plus this nifty remote root web admin thingy
we just wrote but didn't read" Linux distributions, which deserve a
swift kick in the behind and should be sentenced to run their own
crack-me-ware on their external web sites, but that's another story.)

Most of us, however, would say that Microsoft's decision of where to
draw the line is beyond the point of diminishing returns -- they're
giving up too much security in exchange for too little convenience.

-- 
Don Marti                               dmarti at linuxjournal.com
Technical Editor, Linux Journal                    650-962-9601
Published by SSC                            http://www.ssc.com/