The Oil Drum

I didn't worry about Y2K one bit.

I have dissassemblers (WDASM, IDA) and a debuggers (SoftIce, HView, etc. ). If my machines did ANYTHING I did not like, I would just open the program and find out why - and patch it.

This was in the era where a lot of kids were out there reversing software to remove registration codes. I figured our computing infrastructure was extremely robust and resilent when you factor in how many people out there knew assembler and exactly how the processor and kernel code works.

Today, though, I am not nearly as confident of the resilence of commercial software, albeit I still have a very high confidence of open-source software.

I have no doubt that breaches of Linux kernels would be highly discussed in tech forums and solutions explained and freely shared. I do not have this confidence for proprietary software, which relies on salesmanship, not technical understanding, for its adoption.

Leanan gave a beautiful distinction a few drumbeats ago when she discussed how resilence differs from efficiency.

IMHO, proprietary software is more efficient due to central control, but - like having all your corn all one strain - - its not very resistant to a blight that could take out the entire crop. Open Source software is more robust, providing one hires/trains/retains the skills to know it.

Its not the Y2K type stuff that I fear - rather its our own ignorance on how our systems work that would enable hostile entities to plant unseen rootkits in the commercial stuff, using botnets and snooping scripts to make google-like databases of everything companies thought was private.

My fear is also based on the suspected cooperation between our supposed antivirus vendors and the government regarding non-reporting of "approved" system intrusions, and the likelihood of hostile entities using this backdoor much like they used the famous Sony rootkit to violate systems that had played a Sony disk.

All these "hold harmless" clauses in the EULAs destroy my confidence of "trusted computing". All this lawmaking concerning the enforcement of ignorance of how our own computing infrastructure works scares the hell out of me.

Basically, I fear we are selling the resilence of our computational infrastructure for a song. Literally. Just so that knowledge can be monopolized.

When I have anything to do with proprietary OS, it seems to me like going to the the car dealership for a car, then immediately trucking it over to the Norton garage to have the wheels welded on so they don't fall off. I feel so stupid allowing the car dealership to force me into their EULA denying any guarantee the car will work, but the businessman who sent me demands that car, and I must fulfill his funded desire, not mine.

If I do not know what my own system is doing, I am wide open for someone else to control it - and I won't know who they are or what they are doing.

Geez, Monsters under the Bed all over again.

Steve