Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : All About Sun Microsystems -- Ignore unavailable to you. Want to Upgrade?

To: JC Jaros who wrote (19237)	9/3/1999 2:35:00 AM
From: JC Jaros	Read Replies (1) \| Respond to of 64865

Yikes! Speaking of security issues, Hotmail has been cracked bigtime. Here's an opinion piece germane to our discussions... Turning Tides Felix Stalder 02.09.1999 The Significance of the Hotmail Hack. Two stories landed at the top of the technology news recently. One was the massive security breach at Hotmail, the other was Sun Microsystem's acquisition of Star Division, a small developer of office software. Both events are deeply connected, even though this escaped the editors who put them on the same page. Sun has been pushing for a long time the "network computer". According to this vision, applications which right now reside on our PC, e.g. word processors, are envisioned to be located remotely on powerful networks server and accessed (and paid for?) on demand. Not coincidentally Sun produces powerful network servers. This shift from the PC to the network is often portrayed as the logical next step after the shift from mainframe to the PC. However, it's a shift which turns the tide exactly in the opposite direction. PCs, which function by and large as autonomous units, brought a decentralization of computing power, and arguably an empowerment of the average user. The move to the network reverses this trend. The term "network" sounds innocently enough it means in the context of Sun's initiative in fact a few central computers that distribute applications to relatively dumb peripheral network computers, glorified monitors. With sounds almost like mainframes all over! Acquiring Star Sun plans to release its office suite as a network application to be accessed over the web whenever needed. While this cosmological drama is directed against Microsoft's dominance over the desktop, it's ironically Microsoft itself that owns the only net-based application that really holds mass appeal: Hotmail's web-based e-mail. 40 million people (give or take a few millions) are using Hotmail. This is an unprecedented centralization of the most important Internet application in one system. And why does that matter? All systems are vulnerable to attacks. In huge centralized system the effects of such attacks are greatly magnified because one single line of code can suddenly open millions of mailboxes. Furthermore, along with such a centralization comes as shift in the power balance between the provider and user of the service. Contrary to what many of the optimistic net futurist predict, the power shifts, at least in this case, towards the provider and away the user. Virtually all analysts agreed in their seemingly paradox assessment of the Hotmail hack. It is the most significant security breach on the web so far and, at the same time, it does not matter for Microsoft. The balance between the behemoth corporation and potentially damaged users is just too skewed for Microsoft to care. Yes, it's a bit an embarrassing itch, but as one analyst put it aptly "There are many flees in a 500 pound gorilla." Unfortunately, the flee is you! Or as the service agreement states: "the services is provided without warranty of any kind." There are commitments, to be sure, expressed in all kinds of privacy statements, but these are very different from obligations, as one can see now that something went wrong. In effect, this means that using the system, you do not only sign-off all rights, but given the imbalance between the two parties, protest is almost useless. But the imbalance runs deeper, it's not only in numbers but also in knowledge. The classic argument goes that if the service is too bad, then the users will go somewhere else. Unfortunately, given the nature of the computing problem, its pretty difficult to even find out when the service is bad. You have no way of knowing if someone read your e-mail. And the Microsoft statement posted is so opaque that it sounds like a Kremlin release in the late 1980s. You have to be an insider to understand it. However, to expect that every user is highly "computer literate," thus the informed consumer of the neo-liberal theory, is a) unrealistic and b) not desirable. We shouldn't be forced to become nerds just to use computers, as much as we do not have to become mechanics to drive cars. Self-regulation doesn't work anymore What this the Hotmail hack shows is that the Internet's self-regulation doesn't work anymore because it relies on the assumption of more or less equal participants. This is clearly no longer the case. There is not much guessing about what happens when you and Microsoft (or Sun, for that matter) regulate one another. You invariably end up with no rights what so ever, and you are likely not even to know it because you would have to be a computer scientist and a lawyer at the same time. Both of which are at ample supply on the side of Microsoft. What the Sun acquisition shows is that the trend which causes this imbalance is only getting stronger. But there are ways to reverse this trend. One is to develop and spread technologies which put control back into the hands of the individuals users. The open source movement is doing a lot in this direction. Cryptography is on top of the list. Free, easy to use, public domain cryptographic tools are a necessity. And with a few targeted public research grants they could become a reality rather sooner than later. An other way is to create mechanism of accountability, which replace fancy worded "commitments" with "binding obligations" so that screwing up really hurts. Like in most other areas of life. Les faits sont faits. Felix Stalder heise.de

To: JC Jaros who wrote (19237)	9/3/1999 4:23:00 AM
From: QwikSand	Read Replies (2) \| Respond to of 64865

Isn't Solaris (and Linux) SRV4? Doesn't that account for the vast majority of the nix code base?* Just as a nit: Solaris has something to do with SVR4 (not sure how much...Sun used to work with AT&T a long time ago and some of that code must be in Solaris), but Linux doesn't. Linus Torvalds was constrained from the beginning not to use anybody's intellectual property to avoid legal issues, so Linux is in effect a from-scratch "clean room" implementation of a mish-mash of various Unix quasi-standard interfaces, some of which are like SVR4, some not. However, when it comes to security, nothing beats Open Source. Recall Phil Zimmerman, the author of the well-known PGP cryptography system. He and other senior crypto-heads always remind users that, in contrast to what one might guess, cryptography implementations are most secure when their code is public; you depend for security on your algorithm, not on the secrecy of your implementation. The only time you know that an implementation is secure is after as many eyeballs and brains have looked at it as possible. Zimmerman says: don't trust crypto schemes whose code is kept secret. He went so far as to publish his PGP code in a hard-bound book sold in large chain stores (in addition to putting it out electronically to all comers). Linux is in that category. All O/S kernels may be crackable, but if you want the hardest one to crack, you go for the one with the public source. I would bet that Linux is the most secure of the popular general-purpose operating systems. Our friends at Microsoft, of course, don't even release the specifications of the NTFS file system structure (go try to find a book on it), claiming that they don't want to compromise its security measures. LOL! They actually say that. Shows how much they know. Regards, --QwikSand

To: JC Jaros who wrote (19237)	9/3/1999 9:17:00 AM
From: Reginald Middleton	Read Replies (1) \| Respond to of 64865

The MSFT server based office product has several distribution models. Traditional client/server with features on demand, thin client using the Citrix Winframe technology, Java Office, and they have limited funcionality Active x. Security is taken care of in each and every situation except for the active X, since that is the newest development. MSFT is by far the leader in distributed Office technology. It is their business model which holds them back. Unfortunately, this is a very big "issue" (several billion dollars worth). That is why time to market is of the essence.