Home Page
07.28.2005 (previous | next)
Voice of Reason

InfoWorld's John Udell talks about a security crisis that recently hit Firefox, and propounds the heresy that open source and Microsoft programmers can actually learn from and help each other (emphasis added):

[A] debate began, refracted through the lens of ideology. This time there was no Microsoft to blame. The open source underdogs had done this to themselves. And while some would argue it wasn’t Firefox’s fault -- since Greasemonkey is a user-installed extension -- Firefox took its share of the blame, just as Internet Explorer does when its add-ins cause trouble. . . . .

There are no perfect answers to [the] questions. At the moment, we don’t even have good ones. If you, therefore, decide to reject all rich Internet application scenarios that add risk, I won’t try to talk you out of it. Extreme conservatism is a valid stance. If, however, you believe the benefits ultimately outweigh risks, and that we can work through the issues, then let’s consider the second thread woven through last week’s discussion: the techniques and mindsets that open source developers and Microsoft developers bring to matters of security.

Some say that open source software is inherently secure because the “open source process” makes it so. Wrong. Open source software, and the collaborative culture that surrounds it, have surely enhanced Firefox’s security. But also necessary is a disciplined approach to reducing the attack surface area. And one of the most vocal and visible proponents of that discipline today is ... Microsoft.

The recent turnaround of the company’s IIS (Internet Information Services) Web server was remarkable. Version 6 is rock-solid and arguably safer than Apache. If the long-delayed refresh of Internet Explorer has been rethought along similar lines, it could prove to be an excellent platform on which to safely tap into the power of AJAX -- which, after all, Microsoft invented.

The open source and Microsoft cultures can complement one another. I hope they will. If we’re going to safely enjoy the benefits of AJAX-style computing, we’ll need all the help we can get.

posted by James DeLong @ 2:50 PM | Software

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment(0)
 
IPcentral WebLog

Blog Main

IPcentral Blogosphere Archives

Search the Blog

Recent Posts
  - IP and Marginal Cost
- Academics and Copyright
- More on Jammie Thomas from DOJ
- More Studies of Downloading
- Facebook, MySpace, and Network Externalities
- Copyright and the University: An Academic Symposium
- Tyler Cowan on Chinese Movie Piracy
- More WHO Antics--Roger Bate Reports
- Patents, Meds, and the Developing World: Clips & Links
- Jermaine Dupri's Gripe with iTunes
Archives by Month
  - December 2007
- November 2007
- October 2007
- September 2007
  - (see all)
Archives by Subject
  - Academia
- Access: Commons, Fair Use, Orphan Works, Public Domain
- Accounting
- Analog Holes
- Antitrust
- Art
- Aspen
- Big Tent
- Biotech
- Books
- Comments from Readers
- Counterfeit
- Digital Americas
- Digital Europe
- Digital Europe 2006
- DMCA
- DRM & Watermarks, etc.
- Economics, Game Theory & Public Choice
- Enforcement & Remedies
- Free Culture Movement
- Games
- General
- Infrastructure
- International
- Internet: P2P, Search Engines...
- Legislation and Legislators
- Liberty and IP
- Markets: Business, Investment & Innovation
- Media: Video, Music...
- Patents
- Pharma
- Physical Property
- Prices, Terms, and Licensing
- Privacy and Security
- Radio
- Software
- Spectrum & Wireless
- Standards
- Supreme Court
- Tax-Funded IP
- Telecom
- Theft of Service
- Universities
Links
 

Site Feed
  - Atom
- RSS 1.0
- RSS 2.0
We welcome comments by email - look for a link to the author's email address in the byline of each post. Please let us know if we may publish your remarks.


 
Home Page