News story has me laughing

[Peter L. Peres]

> Great article. The only thing that got me is that M$ will show the code
> under an NDA, Non-comp, whatever... so you can see the code, but can't do
> anything about it that means anything. And they could never put it up for
> a public code audit because all the little script kiddies would find
> millions of vulnerabilities, and M$ would be in deep shite. Until they do
> that, their code is suspect.

You mean, it isn't, now ? And the pace the script kiddies find holes at
now, without the source, is too slow for you ;-( ? <intended as a pun>

I believe that they will never release source openly because they have
calculated that they cannot afford to fix all the holes, ever. Open
sourced Windows would be a feast for evil dudes who would find and exploit
holes faster than the white hats fighting them. Remember all the Windows
holes found so far were fixed after they were publicly exploited at least
once. I think that one must resign to live on a swiss cheese kind of
foundation with Windows. Occasionally a hole caves in. Oops.

On Linux most holes are found in the beta process (of continous source
review by users) and get fixed before evil code is deployed. Of course
there are exceptions.

F.ex. postfix keeps being improved and there are regular patch rejects
from the author wrt patches that weaken the system. They appear before
anybody does any attacks on it. I find this very impressive.

Peter
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml