Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: Jack Whitley who wrote (28039)	9/9/1999 7:55:00 AM
From: Frederick Smart	Read Replies (1) \| Respond to of 42771

Analysis: Microsoft and the consequences of misplaced trust By Peter Coffee, PC Week Labs August 31, 1999 10:12 AM ET If the headlines of the past 10 days could have been foretold a few years ago, there would be fewer perplexed and angry Internet users reading those headlines today. (See "Related Links" at right.) Had awareness of Internet risks been greater in, say, the fall of 1996, consumers and enterprise IT architects would have waited for a more robust framework to support the next generation of personal and commercial communications and transactions. But that's not how things happened, and now we have to find a way to make these things work -- because it would cost too much to start over. What frustrates long-time members of the Internet community is that these recent events -- e-mail exposure, security loopholes and the like -- were inevitable, in general if not in all details. The vulnerabilities of "classic" Internet technologies were never kept secret. Net cognoscenti often warned that the Internet had its origins as a cooperative environment, a sort of electronic faculty lunchroom. The early Internet was a meeting place for people who had common goals of cheap, reliable, vendor-neutral connectivity among diverse and dispersed computing resources. Given these origins, it's not surprising that the Internet relied on obscurity and inconvenience, rather than intrinsically strong technologies, to provide some measure of data privacy. Anyone could sniff packets bearing unencrypted data, with plainly labeled origins and destinations, but gentlemen did not read each other's mail. It will take the built-in caution of IPv6, along with cryptographic protections and other anti-spoofing measures, to make IP a safer neighborhood and to make electronic mail as trustworthy as its paper equivalent. The insecure design of desktop PC operating systems was likewise apparent to anyone who cared to compare a DOS PC against, say, a personal minicomputer such as a DEC MicroVAX. But when memory was expensive and processors were slow, the leaner hardware demands and higher performance that came with optimistic software design made PC platforms look like compelling bargains. 'Taking candy from strangers' Given this history, it's not surprising that active Web-page content was crafted as a fragile and trusting extension of single-user interapplication data exchange, that Microsoft's ActiveX technology gave unlabeled software, from unknown sources, the same privileges as anything else on a user's machine. Java has the potential to be far more secure, but every statement about Java's inherent security carries an implicit qualifier: "when implemented according to specifications." What's mildly surprising, though, is that consumers placed so much trust in vendors in an era when so many industries have failed to be trustworthy. In the post-Thalidomide era, Web users "took candy from strangers," in the metaphor of a Microsoft official, commenting on his own company's approach to active content. In the era of the exploding Pinto, PC users behaved as if no reputable company would ever sell a product whose design compromised safety in the pursuit of more rapid time-to-market. The abstractions of bits and protocols, and the overwhelming pace of obvious technical improvement, seem to have numbed normal skepticism concerning vendors' claims. If an editor at a publishing house had been handed a manuscript that narrated the past 10 days of Internet revelations, the aspiring author might well have received a prompt rejection letter. "You strain the reader's credulity with this pyramid of negligence and incompetence," the editor might have admonished. "Companies don't risk their reputations by building their business on such shaky foundations." Except, it seems, that they do. But buyers, rather than sellers, wind up paying the price for vendors' lack of care -- and lack of pride in their products.