lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200401232153.i0NLrvqp004710@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Anti-MS drivel 

On Fri, 23 Jan 2004 12:58:34 CST, Bart.Lansing@...ls.com  said:

> Tobias, I have to tell you that >>Customer is king. When a customer "makes
> a mistake" then it's not his
> own but the vendor's mistake.<< is getting old.
> 
> 1.  If the customer decided to 

> 1.  If the customer decided to  make a sharp left turn at 120 kph on an icy
> mountain road and slid his car off the side of the cliff...or...

We have a hundred years of experience and hand-me-down knowledge that let
people know this is a Bad Idea.  It's in enough lifetime-experience that it's
safe to assume that by the time somebody goes to get a driver's license,
they've been passengers in enough cars and seen enough movies and TV where cars
go sliding off the road during high-speed chases to know that "normal speeds
the car tends to stay on the road, high-speed car goes ballistic".

It's only been about 5 or 6 years since "Aunt Tilly" was the canonical user,
and Aunt Tilly didn't learn about the hazards from daily experience because the
hazards didn't exist. I learned a lot about cars from my father, and I learned
a lot about things that mattered 50 years ago, were still important enough for
him to teach me about 30 years ago, but don't matter at all now, and I
certainly didn't learn much about things that came along after *I* hit middle
age.

> 2.  If the customer decided to ignore the product warnings and popped that
> can of beans in the microwave then stood there with his face against the
> window to watch...or...

Bad Example.

A can of beans probably won't be that interesting, as the can will probably
generate enough sparks and similar that you'll say "Holy S**T" and turn it off
within 5 seconds.

Trying to make a hard-boiled egg in a microwave... now *that* is less obviously
a Bad Idea (as the cooking will appear to progress quite normailly), and
particularly dangerous because it's possible for the Bad Things to happen
*after* you've removed it from the microwave...

> 3.  If the customer decided to go scuba diving at 100 meters, ignored the
> guages that told him he was out of air, then decided to rocket to the
> surface as fast as he could so he could get a breath...

Which is why dive instructors will beat this into you over and over and over.

> THE CUSTOMER MADE A MISTAKE

"If a customer pops a chocolate in their mouth, they hardly expect to have
their cheeks pierced". It's the rare software package that says "Caution: Real
Crunchy Dead Frog inside" on the packaging.  

I don't think you can say "the customer made a mistake" when they are using
the product in accordance with the manufacturer guidelines they received with
the product.

http://www.microsoft.com/security/protect/default.asp

1) When did Microsoft start shipping operating systems?
2) When did Microsoft start publicizing the above URL?
3) When did Microsoft start shipping systems pre-configured that way?
4) When did Microsoft make that URL the "first time connected" default for IE?

Now if the information that's on that web page was in a big READ THIS FIRST
that came with the computer, I'd agree.. But until that day....

The closest comparison I can think of is the state of tobacco advertising before
the mandatory Surgeon General warnings - the manufacturers were spending lots
of money saying it was cool, and not informing of the risks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040123/dc29eda7/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ