News from PANUG/BizNix - October 8, 2003 http://panug.org - http://biznix.org BIZNIX MEETING The October BizNix meeting is tomorrow night at 6:30 pm at Novells office. Directions are here: http://biznix.org/meetings The main presentation will cover a promising alternative to the ancient SMTP e-mail protocol. The new protocol promises not only reduced spam but message authentication as well. There will also be a Q&A session. Bring your questions. PDXTEX A few people who are PANUG, BizNix, and PLUG members have created a special interest group nicknamed PdXTeX whose focus is on TeX, LaTeX, LyX, and other software related to document processing and desktop publishing. The next meeting is October 21 at 7:00 pm at Novell's office. Meetings start out by bringing new members up to speed on the software and the concepts. Anyone may attend and there are no dues. CONFIGURATION COMPLEXITY by Ed Sawicki - Accelerated Learning Center / Tailored Computers Computerworld interviewed Dan Geer, the CTO of @Stake who was fired because of his part in the monoculture report published last week and reported here: http://panug.org//44 Here's an excerpt from the interview: CW: Many people say they agree with the fundamental premise of the report, but some point out that heterogeneous IT environments may pose just as many security problems from poor configurations. Geer: The reason one has configuration difficulty is because most large systems have too many knobs to adjust. When you have too many knobs to adjust, you don't adjust them. The reason default settings [aren't] changed is because there are too many of them. ... Speaking as an engineer, simplicity is a goal of good design, it is never the starting point. Geer is correct. If the computer industry is not making computers simpler for people to use, it's moving in the wrong direction. Computer systems today are so complex that users are like deer in the headlights. But what happens when users want (or are sold) so much functionality that complex configuration is unavoidable? This subject and its solution will be covered in next week's PANUG meeting. MONOCULTURES AND SOFTWARE QUALITY by Ed Sawicki - Accelerated Learning Center / Tailored Computers There's been quite a bit of activity as a result of the monoculture report. In a Computerworld article, Alan B. Salisbury, chairman of the Center for National Software Studies in Camp Springs, Md. said "Fighting the monoculture is really tilting at windmills. The real issue is poor software quality, and that's where I would focus my criticisms of Microsoft." Mr. Salisbury is correct when he points out the real issue is poor software quality. If a company were to replace some of their Microsoft software, they would be in better shape. If they replaced ALL of their Microsoftsoftware, they would be in still better shape, even if the result was another monoculture. Monocultures are bad when the software is bad. When the software is good, we don't worry too much about monocultures, though it still represents a risk that should be considered. ICANN GIVES VERISIGN AN ULTIMATUM by Robert Brown The following excerpt is from http://panug.org/45: "Please consider this a formal demand to return the operation of the .com and .net domains to their state before the 15 September changes, pending further technical, operational and legal evaluation. A failure to comply with this demand will require ICANN to take the steps necessary under those agreements to compel compliance with them." CLASS ACTION SUIT by Ed Sawicki - Accelerated Learning Center / Tailored Computers A woman in California has started a class action suit against Microsoft over security issues. The details are here: http://www.sans.org/resources/mscomplaint.pdf One problem with the suit is that it claims that one reason for the massive security problems with Microsoft software is its popularity. Unfortunately, this feeds the argument that any software with Microsoft's share of the market would be just as vulnerable, which is a false assumption. OFFSHORE SUPPORT by Ed Sawicki - Accelerated Learning Center / Tailored Computers I've had to deal with offshore technical support a few times recently. One example is tech support for my Lexar USB memory drive that Lexar calls a JumpDrive. I use it with Linux and it had been working but it recently stopped working. Support is available only via e-mail so I sent a message describing the problem. A day later, I received a response from someone at tauraweb.com who asked which operating system I was using. I did a whois lookup on his IP address (from the e-mail headers). It was India. I responded that I was running Linux. The next day, he told me that Linux is not one of the supported operating systems. I wrote back saying that the product's packaging doesn't say which operating systems are supported and that the JumpDrive also doesn't work with Windows. Another day passes and he sends me a procedure for mounting the JumpDrive on a Linux system (Step 1. Click on the footprint in the lower left hand corner of the screen....) I respond by telling him that his procedure would work if the JumpDrive would work - but it doesn't. My JumpDrive is broken as I had mentioned in my original message. It's now days later and our dialog has gone on with clockwork precision. He sends me one message a day and I respond. Even when I respond immediately after receiving his message, it's 24 hours before I hear from him again. I'm not sure when he'll come to the conclusion that it's broken. This one-message-a-day interactive e-mail dialog is maddening. Fortunately, it's only a USB memory device - I have others. I will certainly not purchase a more expensive and/or more critical product from a company with offshore support. DISCLAIMER PANUG and BizNix welcome contributions from all members. Member contributions do not necessarily represent the official positions of PANUG or BizNix. The views of members that contribute frequently may appear to be the official position of the group(s). If you contribute, you'll be adding vital diversity of opinion and outlook to these broadcasts.