Re: Leaving Techwhirlers

Subject: Re: Leaving Techwhirlers
From: Goober Writer <gooberwriter -at- yahoo -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Thu, 25 Sep 2003 05:59:54 -0700 (PDT)


> 1) First, you say Microsoft isn't getting any
> information about the computer other than a "non
> reversible hash" and THEN you say people obsess
> about Microsoft "obtaining marketing data." Which is
> it--or do you simply want it both ways?

The info sent back to MS during an update is a system
settings log. To my knowledge (from past conversations
with my contacts at MS) this info is only used in the
form of a "query" to determine what available patches
and updates you have already and which you don't. I
have never heard of MS saving this info for any other
purpose. Can you imagine the CMS they'd have to put in
place for this if they did save it? And the lengths
they'd go through to mine that data just to see what
they can gleen from a sysconfig log?

> 2) As you know, contact with Microsoft or anyone
> else that is initiated by the PC behind the firewall
> is *not* screened out by the corporate firewalls if
> the machine has external access at all. Again, my
> point was always that users should *not* use
> automatic update and that it was not "anal" to
> require that users not do so. You simply have
> reinforced my point, for which I thank you.

I'm still hazy on the "why not to use it" argument.

> 3) the *law* actually prohibits
> anyone not specifically authorized to be allowed
> access to machines containing confidential patient
> information.

When is MS accessing these machines? Never. The
misunderstanding is that MS scans your machine. This
simply is not true. The file that is uploaded to MS
during an update is a sysconfig log of sorts. It's
really not unlike a cookie. It traps info about how
the OS is set up so the update "wizard" knows what you
have and what you need. That's it.

> 4) The actual *code* involved in the registration
> "feature" is still present in the Enterprise
> software. As you surely know, that was a problem
> causing many malfunctions in customer sites *when
> their machines under some fairly common conditions
> demanded activation codes with no provisions to
> receive them." As I recall, this was a fairly widely
> understood problem early in the XP deployment until
> a patch was *finally* produced to correct it.

Right. An assumption was made that computers would
have connectivity to the internet. That was fixed.
What's the issue now?

> 5) The EULA for the *service pack* is unconscionable
> because it changes the agreement that theoretically
> existed between Microsoft and the customer at the
> time of original purchase. In requiring unilaterally
> that the customer restrict previously granted rights
> in order to receive corrected code, Microsoft in
> effect has entered into a "contract of adhesion" in
> which the customer had no effective choice. For you
> to say the customer can simply "reformat his hard
> drive" is simply sophistry of the highest order, and
> you should know it. If you do not, you are much more
> dim than I have ever given you credit.

I think you're grasping at straws, and, on another
note, personal attacks on the list are not only a
no-no, but detract from your argument.

> 6) It is not true that "only a small business uses
> WPA." While that may be Microsoft's intent, the
> *truth* is that even the largest corporations buy
> individual licenses quite often, especially for
> remote offices, telecommuters, and the like. Not all
> by any means, but many do. I, too, have worked
> within companies of all sizes--in my case, up to and
> including Fortune 50s. So please don't try to put
> down those who may not be so easily cowed!

Yes, but *usually* WPA is reserved for less
"confidential" networking. Having worked in the
network security field for some time, I know that most
"confidential" transactions are not only done over a
physical line, but one that is unattatched to an
external port. Many smaller companies tend not to
worry about this as much, but yes, the larger
corporations take network secutity quite seriously and
do limit the use of WPA in many ways.

> 7) Your argument that "Microsoft has better things
> to do than to concern themselves with what is on
> your PC" is also pure balderdash! Their rather
> ham-handed actions involving Windows Media Player,
> in the pursuit of new revenues from the multimedia
> producers through "digital rights management" are
> clear examples that not only *are* they interested
> in what you have on your computer, in various cases
> they are actively pursuing the issue.

The Media Player issue and the Windows Update "issue"
are very much unrelated.

> In fact, their continual push to greater
> interoperability between the operating system and
> their application programs is perhaps the largest
> indication that they have yet to "get it" regarding
> security issues. This is already making substantial
> comment both in public commentary and in various
> security organizations, as I am sure you know. If
> you don't, you're in the wrong business.

Capability and intended use go hand-in-hand. Blanket
concerns are unwarranted. The interoperability is
configurable. It is YOUR responsibility to configure
YOUR machines for YOUR business use. MS merely
supplies the means.

> Andrew, you are a "piece of work" to borrow the
> phrase! First, it is *not* FUD (a Microsoft
> innovation, one of the few) to say that *not* using
> automatic update in compliance with a company
> security policy is *not* "anal" as the original
> comment put it. As for being subject to arrest, that
> is purely a matter of law.
>
> What part of "subject to" do you not understand? It
> is *not* required that "someone be actually thrown
> in jail" to understand that a knowing (or unknowing)
> violation of law may *subject you* to arrest. It is
> up to the justice system and its officers to decide
> *whether* to arrest you--and that is another point.

I'm sorry, but I have no idea where you're going with
this. If your company wants to not allow auto-updates,
they have every right to disable the feature on your
PC prior to giving it to you and push the screened
updates to you as-needed. I am baffled as to where the
whole law issue you raise comes into play.

> As I pointed out before, either they are collecting
> "marketing data" or they are not.

And if they are, is it a bad thing to have them see
how you're using your OS and be able to better cater
to you? After all, you bought into their technology
when you bought and installed the OS. Wouldn't it then
be a good thing if they catered to your needs?

> Personally, I
> would "go after" Microsoft for taking advantage of
> its dominant market position by releasing such
> flawed software year after year, knowing full well
> that their system for testing product prior to
> release is fundamentally flawed and/or their design
> itself needs total overhaul.

Software will *always* be flawed. It is not a rigid
thing. Name one company that produces rock-solid
applications without bugs or holes release after
release.

> Consider: when Microsoft claims to "understand the
> needs of its users"--and when we have already agreed
> that ignorance on the part of the user community is
> the principal security threat--is it not *logical*
> to assume that they should already have produced a
> product which makes security *easy*?

They can't. Computer security is not "easy". Building
a modern day "Rosie" that cleans your house, brings
you your slippers, and cares for your kids would be
easier. You would need to implement logic that would
trump the most successful stabs at AI we've seen to
date.

> Andrew--tell that to the various firms that have
> been harrassed by the "Business Software
> Alliance"--which is completely dominated by Redmond!
> Businesses who have *purchased* their software but
> who may not have kept track of all the license
> documents are forced to engage in "software audits"
> and pay huge fines in many cases. *This* is being
> interested in the welfare of your customers? Please,
> Andrew, *tell* me you're not supposing your loyal
> readers are stupid enough to actually *buy* this
> nonsense?

Um, are you sayign that software audits are a *bad
thing*? It sure sounds like it. If a company cannot
keep track of its inventory, especially where
licensing is an issue, then it serves them right to
have to pay a fine for not keeping track. When you buy
and install software, you agree to a license
agreement, which dictates how many copies you are
allowed to install and in what ways you can install
and use them. If a company buys 100 licanses of
something, hands the discs out to its employees and
tells them to install as needed, and doesn't track the
installations or the media, then yes, they are to
fault for not adhering to the EULA. It doesn't get any
more basic than that.

I'm sorry, I cannot read or reply to any more of this
post. But, given what I've read, I'm not convinced
your arguments are sound.


=====
Goober Writer
(because life is too short to be inept)

"As soon as you hear the phrase "studies show",
immediately put a hand on your wallet and cover your groin."
-- Geoff Hart

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

NEED TO PUBLISH YOUR FRAMEMAKER CONTENT ONLINE?
?Mustang? (code name) is a NEW online publishing tool for FrameMaker that
lets you easily single-source content to Web, intranets, and online Help.
The interface is designed for FrameMaker users, so there is little or no
learning curve and no macro language required! See a live demo that
will take your breath away: http://www.ehelp.com/techwr-l3

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



References:
Re: Leaving Techwhirlers: From: David Neeley

Previous by Author: Re: documenting desktop to web application
Next by Author: Re: Tests for a Contract TWing Opp.
Previous by Thread: Re: Leaving Techwhirlers
Next by Thread: Re: Leaving Techwhirlers


What this post helpful? Share it with friends and colleagues:


Sponsored Ads