Mean my role
Some old pre-Blogspot.com posts, recycled.
Friday, March 19, 2004
Things not to say at seminars.
Went to the Microsoft Security Seminar here in Perth the other day. It was a truly scary thing, Perth has such a small population and here were so many IT types, sikhs geeks the chic and the ponytailed... I can't even estimate how many, a lot is all I can say.
The keynote dragged on and on. I mean that. Well past the point where bums had turned to painful leaden knots that one was sitting on, beyond the point that drinks were supposed to be being served, and somewhere just short of eternity, it dragged. And a lot of it sucked.
For example, you DO NOT BLAME YOUR CUSTOMERS FOR NOT PATCHING IN TIME. You write better code without effing great holes in it... This theme recurred, so I am feeling less pro-Microsoft than ever before. You just don't say things like that, that's plain rude and evasive of the real issues.
A lot of acronyms got served up in that speech along with the reminiscences (ah, at 47 years of age myself I feel so impressed that they can reach back - what, six years, eight?) and I wondered how either of those related to security. I'd heard all the same stories anyway, but told much better on the Reg or the Onion...
Mentioned parents and how they, poor wee things, can't actually function in the digital world and have to be protected by us far more knowledgable geeks. Bullshit.
Dad was 78 when I bought him a PC, and, aside from having to explain the concept of spyware to him, he managed very well despite never even having used a typewriter before that. He was 81 when a massive stroke rendered him unable to use a PC or anything, and if it weren't for that he'd still be up there with the technology.
Keep your patronising for your parents, Microsoft. I know kids of 14 and 15 who are more clueless than most old folk about computers.
That said, I can appreciate that there are people (of ANY age) who will never know the difference between a trusted program and malware, and there are malware writers out there doing an excellent job of making their wares look like trustworthy software. Sticking a certificate on it ain't gonna make it trustworthy.
Bright Spot
Jesper Johansen. At least he *knew* wtf he was talking about, despite breaking Rule One. An evangelist, sure, but a damn knowledgable one. And speaking of evangelism. Why did they set things up to emulate a church to such a large degree? But with 13 seats per row? Hmmmmm.....
Anyway - Jesper made a comparison between a clueless user and a clueless auto owner. How come, he said, a person who drives a car with bald tyres in the snow and ice (at which point I yelled that we have a lot of that in Australia, sure) and they hit and kill someone, they are a criminal. On the other hand, someone who doesn't patch their PC and it gets used to DDOS someone, well they are a victim. How does that follow? Jesper asked.
I thought about that, and how it breaks the don't blame the customer rule, and Geoff expressed it perfectly: "Toyota also don't sell cars with bald tyres!" he yelled, to a few snickers.
People, how can a company like Microsoft say "oops, we got it wrong, buy the latest version instead!" when anyone else has to issue a recall at their own expense? When all those SUV tyres started failing a while back, were people asked to just go and BUY a version 2 set of tyres to replace the faulty version 1 tyres? Nuh-uh!
But aside from beating up their customers in so many ways, Microsoft still do know a thing or two about their software. Which is a lucky thing because no-one else does!
And the seminar was most useful, as it taught me a whole series of new approaches to things. I'm impressed at Jesper's knowledge of the whole environment.
A lot of the matters that were security concerns, I can understand that Microsoft started off doing certain things a certain way to get around problems and now other manufacturers and the users rely on those things being there. But it's still called knowingly selling a car with bald tyres and leaky brakes...
At one point Jesper mentioned that he wanted to know of better ways to secure a PC. And it occurred to me - install Linux, switch the machine off, and entomb it in concrete - and you *might* just have a secure system, but even this extreme would only be a matter of time...
So I've left the seminar with even more doubts than before, but at least now I've got more tools to deal with those doubts... %)
These are random blog posts I recently rescued from a text dump of my earliest recorded blog posts from Ye Good Ole Days of writing stuff in Notepad and using some weird software that basically uploaded your entire blog every time you added a new article or edited an old one.
I'm shamelessly adding that little mini-banner graphic with links for you to donate, check my newsletter site, and generally get more entangled in my weird world.
No comments:
Post a Comment