Re: [fw-wiz] Personal Firewall Day?
From: Adam Shostack (adam_at_homeport.org)
To: "Marcus J. Ranum" <email@example.com> Date: Tue, 7 Oct 2003 13:33:53 -0400
On Tue, Oct 07, 2003 at 11:39:00AM -0400, Marcus J. Ranum wrote:
| Systems like AOL and some of the massively multiplayer games
| approach truly effective distribution. The designers of those systems
| have also discovered another property of such systems that
| probably would scare a lot of you, if you think it through: the
| provider of the backend "owns" the system - the software
| revenue model pushes toward a rental/service model rather
| than an outright purchase as we have under the current
| general purpose computing model. That means you'd never really
| "own" your software environment... If you didn't pay your
| bills your files would no longer be accessible, etc. That would
| doubtless make some people extremely uncomfortable but
| oddly they are comfortable with exactly that model with cable
| TV, cellular, etc. Anyplace where you have an expensive
| backend system that represents a large sunk cost, frontended
| by a commercial appliance that is relatively "disposable" you
| move toward the leased service model.
| I don't think we're ready to go there with computing but I
| think that's where we should be going.
I think software as a service may be a big win over software as a
product. (I'm going to ignore free software for a bit.) Software as
a product is nice because you pay for it once, and you're done. But
that means that software companies must employ enourmous effort to get
more customers on an ongoing basis. Once they've gotten all the
customers they can, they need to create new revs of the software that
old customers will pay for again. This creates waves of
feature-laden, and security-probelm-rich releases, with several extra
costs, such as deployment, retraining, and compatability issues.
If you buy your software as a service, then the vendor is no longer
motivated by their internal economics to create waves of upgrades;
they may be motivated by market competition, where someone else
produces a better product, and they respond, but that is a customer
(or market) driven upgrade.
If you buy your software as a service, then the vendor's goal is to
keep making small improvements to make the software slightly better in
ways that cut the product support cost, such as bug fixes, ease of use
enhancements, and better docs. These are all things that make sense
in light of service payments.
So, I think that a transition from the version grind to service may
also entail better security and reliability, because the economics
line up that way.
| > Have these people taken a genetics course in the last twenty
| >years? ;)
| Most of the guys who wrote the "monoculture" paper are
| friends of mine and some of them invited me to participate.
| I didn't because, honestly, I think they're not writing about
| computers and computer security - they're complaining
| about customers' purchasing habits, they're complaining
| about the "monopoly of mediocrity" and they're rooting for
| a non-existent underdog. In other words, that paper was
| a political document masquerading as a technical document.
Customer's purchasing habits? Would the analysis hold true if MS were
just leasing you software? (I'm not sure that a desktop package makes
sense as a lease, but then, I'm not sure that it makes sense as a
product which hides a flight simulator, either.)
-- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards