lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: Yes, user education is a lost cause ;-)


> > There is nothing wrong with end users. THEY are the 
> > customers. The consumers. Remember? They buy OUR products. WE 
> > have to adapt to them, not they to us.
> >
> This I completely disagree with.  Let me give you a real world example.
> An individual who owned a small, private airplane entered the plane and
> took off while so drunk that his alcohol level was three times the legal
> limit.  In his drunken stupor he didn't close the cockpit door and latch
> it properly.  At 10,000 feet the door suddenly popped open, he lost
> control of the aircraft, crashed and was killed instantly.
> 
> Is this the aircraft manufacturer's fault?  Keep in mind, they *could*
> have built the plane so that it was impossilbe to fly unless the door
> was securely latched.  Does the pilot carry any of the blame?  Or is the
> manufacturer entirely at fault?  Due to this one "accident", should the
> manufacturer be forced to redesign the door mechanism?


This analogy would be *perfect* if every unsecured and exploited
workstation on the Internet was driven by a drunk (we do know of
at least one this mailling list -- keep those spam reports coming ;-)

There's no need to speculate on these issues.  If people want to 
blame Microsoft for the quality or state of the product sold into the
market-place, then refer to the terms of Trade for your sovereign
state.  Australia has the 1974 Trade Practices Act; there is a 
summary of the legislation made available on the Australian 
Competition and Consumer Commission web site;

    http://www.accc.gov.au/content/index.phtml/itemId/325781

  Businesses have rights and obligations, and Consumers have
rights too.  If you have a ligitimate claim to blame, then the court 
will hear your story.  If you believe we all have a claim to blame,
then we (I own my copy of XP) all have a shiny big class action
to lodge.


  A quick search shows that the US has some good resources
on this very topic (who's to blame for "bad software");

    http://www.badsoftware.com/
    
    Abstract
    A new law will probably be introduced into state legislatures in the 
    fall of 1998. It will govern all contracts for the development, sale, 
    licensing, and support of computer software, and of most other 
    information-related products. Customers' advocates, such as Ralph
    Nader, Consumers Union, and the Society for Information 
    Management (which represents big customers) have been heavily
    critical of this proposed law. I've played a leading role on the
    customer side for the last two years. I believe that over the long 
    term, this law will severely injure the competitive position of the 
    American software industry by making it easier for software 
    publishers to sell lower quality merchandise.

    From; http://www.badsoftware.com/asqcirc.htm



  However, I suspect that the License Agreements that we (Microsoft
customers) have all agreed to, will help resolve any grey (gray) areas
that may be of concern.




--
Ian Latter
Internet and Networking Security Officer
Macquarie University


Powered by blists - more mailing lists