nanog mailing list archives
RE: What could have been done differently?
From: "Eric Germann" <ekgermann () cctec com>
Date: Tue, 28 Jan 2003 19:10:52 -0500
XP has autoupdate notifications that nag you. They could make it automatic, but then everyone would sue them if it mucked up their system. And, MS has their HFCHECK program which checks which hotfixes should be installed. Again, not automatic because they would like the USER to sign off on installing it. On the Open Source side, you sort of have that when you build from source. Maybe apache should build a util to routinely go out and scan their source and all the myriad add on modules and build a new version when one of them has a fix to it, but we leave that to the sysadmin. Why, because the permutations are too many. Which is why we have Windows. To paraphrase a phone company line I heard in a sales meeting when reaming them, "we may suck, but we suck less ...". It ain't the best, but for the most part, it does what the user wants and is relatively consistent across a number of machines. User learns at home and can operate at work. No retraining. Sort of like the person who sued McD's when they dumped their own coffee in their lap because it was "too hot". Somewhere in the equation, the sysadmin/enduser, whether Unix or Windows, has to take some responsibility. To turn the argument around, people don't pay for IIS either, but everyone would love to sue MS for its vulnerabilities (i.e. CR/Nimda, etc). As has been said, no one writes perfect software. And again, sometime, the user has to share some responsibility. Maybe if the users get burned enough, the problem will get solved. Either they will get fired, the software will change to another platform, or they'll install the patches. People only change behaviors through pain, either mental or physical. Eric
-----Original Message----- From: Jack Bates [mailto:jbates () brightok net] Sent: Tuesday, January 28, 2003 10:36 AM To: ekgermann () cctec com; Leo Bicknell; nanog () merit edu Cc: Eric Germann Subject: Re: What could have been done differently? From: "Eric Germann"Not to sound to pro-MS, but if they are going to sue, theyshould be able tosue ALL software makers. And what does that do to open source? Apache, MySQL, OpenSSH, etc have all had their problems. Should we sue the nailgunvendor because some moron shoots himself in the head with it?With all the resources at their disposal, is MS doing enough to inform the customers of new fixes? Are the fixes and lates security patches in an easy to find location that any idiot admin can spot? Have they done due diligence in ensuring that proper notification is done? I ask because it appears they didn't tell part of their own company that a patch needed to be applied. If I want the latest info on Apache, I hit the main website and the first thing I see is a list of security issues and resolutions. Navigating MS's website isn't quite so simplistic. Liability isn't necessarily in the bug but in the education and notification. Jack Bates BrightNet Oklahoma
Current thread:
- Re: What could have been done differently?, (continued)
- Re: What could have been done differently? E.B. Dreger (Jan 28)
- Re: What could have been done differently? Eliot Lear (Jan 28)
- Re: What could have been done differently? Rubens Kuhl Jr. (Jan 28)
- Re: What could have been done differently? Ted Fischer (Jan 28)
- Re: What could have been done differently? bdragon (Jan 29)
- Re: What could have been done differently? David Howe (Jan 30)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Re: What could have been done differently? Leo Bicknell (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Jack Bates (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Valdis . Kletnieks (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Leo Bicknell (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- WANAL (Re: What could have been done differently?) Paul Vixie (Jan 28)
- OT: Re: WANAL (Re: What could have been done differently?) Rafi Sadowsky (Jan 28)
- Re: OT: Re: WANAL (Re: What could have been done differently?) Paul Vixie (Jan 28)
- Re: OT: Re: WANAL (Re: What could have been done differently?) Mike Lewinski (Jan 28)
- Re: OT: Re: WANAL (Re: What could have been done differently?) Scott Francis (Jan 28)
- RE: What could have been done differently? Vadim Antonov (Jan 28)