[OT] RE: M$ banging nails into java's coffin?Peter Crowther peter.crowther at networkinference.comFri Jul 20 08:58:41 UTC 2001
[Beware: Random musings ahead inspired by early morning lack of caffiene] > From: David Chase [mailto:chase at world.std.com] > What assurance do I have that this Squeak plug-in will not > leave me vulnerable to various hack attacks? None whatsoever. As with any other plug-in (that doesn't rely on the security features of e.g. Java), despite anything the documentation might say. In this respect, the open nature of Squeak might help; at least you can view the source! > Where can I > go to read about the security features/design of the Squeak > plug-in? Good question. There's fair amount in the mailing list archive about what *should* be implemented, but I don't know where I would go to find out what *has* been implemented and why. > Perhaps I am just a crank, but I advise anyone who asks to > not use IIS, not use Outlook, and not use Word or Excel to > exchange documents, because the security risks (both > incoming, in the form of buffer-overrun attacks and > VB viruses, and outgoing, in the form of leaked information > in my documents) are too high. Presumably you also advise them to avoid Firewall-1, Oracle, Lotus Domino, Eudora, PGP and Cisco routers? Oh, and any UNIX that uses NFS. That's not criticism of your approach, with which I broadly agree. Microsoft are undoubtedly dreadful at security, even given that the crackers target MS systems because they're widely used. But everyone makes risk/reward analyses many times a day, and it seems that for most people the reward from using standard software (in terms of achieving their purpose, support, easy exchange, can't be bothered spending the time to make an informed choice) more than balances the perceived risk of damage. So they carry on using Word and Outlook, fiddling their expenses, driving faster than the speed limit, and putting pans on the stove with the handles projecting over the edge. The naysayer here faces the same problem as does the proponent of almost any minority product or behaviour: showing that a different product or behaviour has a better balance of risk and reward. Squeak (as a general software system) faces the same problem if it is ever to be used as anything other than a toy by anyone other than its core team: how to be a system that has low perceived risk (for development) and high perceived reward (ditto). - Peter
More information about the Squeak-dev mailing list |