Saturday, July 08, 2006


The life of an international chinchilla smuggler is not always easy or predictable. Sometimes I am just too busy flitting through the seedy underworld of exotic pet trade to expatriate my furry leetle amigos and dodging customs agents to blog much. Its not like I can just FedEx them to their new homes around the world - though we all know I'd never use FedEx, they have no sense of humor.

While offline and transporting cargo, I am reading The Presentation of Self in Everyday Life. If I'm going to mither on about identity here on the Hideaway, I should probably do a bit of organized reading on the topic. Surely there will be more soul-searching posts once I'm done feeding my brain.

In the meantime, a lot of interesting stuff has happened in the world. Dan Kaminsky has an interesting article about Net Neutrality on ComputerWorld that I highly recommend reading. Once you've read that, check out Adam Shostack's thoughts on how net neutrality impacts innovation. Adam, if you get someone to make chocolate toothpaste, I will soooooo buy some. HD Moore has announced July as the Month of Browser Bugs, I guess it is like the Year of the Dog for software. HD is a smart guy, and while I'm quite sure he is looking at all browsers, it does appear that Microsoft might have pissed him off a bit recently... whoops. surely unintentional, seeing as they've invited him to speak at not one but two of their hoity-toity BlueHat events...

There was something else interesting but I've temporarily forgotten what it was, and I've got to get back to the chinchillas. Another time...


Labels: , , , , , ,


Anonymous Anonymous said...

Offending Moore was surely an unintentional, unfortunate and unforeseeable consequence of calling him irresponsible, and accusing him of breaching industry practice, aiding criminals and potentially harming computer users.

All the while, none of it is remotely true. The community can see through Microsoft's PR games. Microsoft released yet another broken patch with still more silent fixes. So, when Moore found them and released the details, pleasing Microsoft's enterprise customers became more important than a constructive relationship with the community.

So long as this is accepted practice at Microsoft, Microsoft should not only anticipate, but should expect that researchers with a balanced view of reality will be pissed off. Moore is no exception, and referring to the obviously-forseeable consequences of Microsoft's reckless and irresponsible rhetoric on this issue as "unintentional" is a bit ridiculous, at the least.

6:42 PM  
Blogger Nicholas Borelli said...

Are you really a chincilla smuggler?

6:47 PM  
Blogger Elphaba said...

I think the issue at hand is one not of personal feelings but professional divergence of philosophy. Individuals at Microsoft may like Moore and respect his talent, but in the end the company is a responsible disclosure shop and have to handle any public disclosure that could in their mind put customers at risk consistently. The reason I thought the offense might be unintentional is because their response was so routine. Look at any issue that went public in the last year or two, I bet the language is very similar. They didn't make it personal, the way Mary Ann Davidson often does when David Litchfield, Cesar Cerrudo, Alexander Kornbrust, or (enter researcher name here) points out a vulnerability in Oracle's products or patches.

As for releasing *yet another* broken patch, I simply cannot believe that MSFT releases broken patches out of greed, malice, or incompetence. Maybe I've got the rose-colored glasses on, but the MSFTies I know are smart hard working people, so I think it is more likely that they are guilty of nothing more than a lack of omnipotence and being (gasp!) human beings, who despite their best efforts to build a bulletproof patch, sometimes miss one of the infinite ways to break it. As far as I can tell, there is no upside for any vendor to release a bad patch since bad patches have to be reissued. This costs both the vendor and their customers money - not a recipe for financial success.

I guess I just give them a bit more benefit of the doubt than you do. Are they doing everything perfectly all the time? no. will they ever? probably not. But everything I've seen in the last year or two suggests that they are trying to do the right thing and are making an effort to improve. I'm not the only one who is seeing this.

Thanks for your comments, while I may disagree with you, its good to have divergent opinions and discussion. I'm considering posting a blog entry on OIS in the coming weeks, I hope you'll come back and discuss that with Hideaway readers as well.


12:41 AM  
Blogger Elphaba said...

Nicholas -
hi, and welcome to the Hideaway! I only smuggle chinchillas in the spring and summer. The rest of the year I traffic in black market beagles.


12:45 AM  

Post a Comment

<< Home