Re: [fw-wiz] Personal Firewall Day?

From: Adam Shostack (adam_at_homeport.org)
Date: 10/07/03

  • Next message: R. DuFresne: "Re: [fw-wiz] Personal Firewall Day?"
    To: "Marcus J. Ranum" <mjr@ranum.com>
    Date: Tue, 7 Oct 2003 13:33:53 -0400
    
    

    On Tue, Oct 07, 2003 at 11:39:00AM -0400, Marcus J. Ranum wrote:
    | Systems like AOL and some of the massively multiplayer games
    | approach truly effective distribution. The designers of those systems
    | have also discovered another property of such systems that
    | probably would scare a lot of you, if you think it through: the
    | provider of the backend "owns" the system - the software
    | revenue model pushes toward a rental/service model rather
    | than an outright purchase as we have under the current
    | general purpose computing model. That means you'd never really
    | "own" your software environment... If you didn't pay your
    | bills your files would no longer be accessible, etc. That would
    | doubtless make some people extremely uncomfortable but
    | oddly they are comfortable with exactly that model with cable
    | TV, cellular, etc. Anyplace where you have an expensive
    | backend system that represents a large sunk cost, frontended
    | by a commercial appliance that is relatively "disposable" you
    | move toward the leased service model.
    |
    | I don't think we're ready to go there with computing but I
    | think that's where we should be going.

    I think software as a service may be a big win over software as a
    product. (I'm going to ignore free software for a bit.) Software as
    a product is nice because you pay for it once, and you're done. But
    that means that software companies must employ enourmous effort to get
    more customers on an ongoing basis. Once they've gotten all the
    customers they can, they need to create new revs of the software that
    old customers will pay for again. This creates waves of
    feature-laden, and security-probelm-rich releases, with several extra
    costs, such as deployment, retraining, and compatability issues.

    If you buy your software as a service, then the vendor is no longer
    motivated by their internal economics to create waves of upgrades;
    they may be motivated by market competition, where someone else
    produces a better product, and they respond, but that is a customer
    (or market) driven upgrade.

    If you buy your software as a service, then the vendor's goal is to
    keep making small improvements to make the software slightly better in
    ways that cut the product support cost, such as bug fixes, ease of use
    enhancements, and better docs. These are all things that make sense
    in light of service payments.

    So, I think that a transition from the version grind to service may
    also entail better security and reliability, because the economics
    line up that way.

    [...]

    | > Have these people taken a genetics course in the last twenty
    | >years? ;)
    |
    | Most of the guys who wrote the "monoculture" paper are
    | friends of mine and some of them invited me to participate.
    | I didn't because, honestly, I think they're not writing about
    | computers and computer security - they're complaining
    | about customers' purchasing habits, they're complaining
    | about the "monopoly of mediocrity" and they're rooting for
    | a non-existent underdog. In other words, that paper was
    | a political document masquerading as a technical document.

    Customer's purchasing habits? Would the analysis hold true if MS were
    just leasing you software? (I'm not sure that a desktop package makes
    sense as a lease, but then, I'm not sure that it makes sense as a
    product which hides a flight simulator, either.)

    Adam

    -- 
    "It is seldom that liberty of any kind is lost all at once."
    					               -Hume
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: R. DuFresne: "Re: [fw-wiz] Personal Firewall Day?"

    Relevant Pages

    • Dear Microsoft
      ... assuption that your customers are bad people. ... People aren't stealling your operating ... justify the cost. ... You have so many security measures in place that if you ...
      (microsoft.public.windowsxp.general)
    • Re: Dear Microsoft
      ... assuption that your customers are bad people. ... People aren't stealling your operating ... justify the cost. ... You have so many security measures in place that if you ...
      (microsoft.public.windowsxp.general)
    • Re: Dear Microsoft
      ... assuption that your customers are bad people. ... stealling your operating system, they are trying to get the cost down ... put it on more than one machine to justify the cost. ... many security measures in place that if you just replace your video ...
      (microsoft.public.windowsxp.general)
    • Re: Dear Microsoft
      ... assuption that your customers are bad people. ... stealling your operating system, they are trying to get the cost down ... put it on more than one machine to justify the cost. ... many security measures in place that if you just replace your video ...
      (microsoft.public.windowsxp.general)
    • Re: [fw-wiz] Security dumming down - the kings clothes
      ... these networks we have: "it's a trifle chaotic out there". ... responsible for the security portion of this overall process our ... me that our greatest weakness as an industry is not that our customers are ... >>marketing or rhetoric PhD. ...
      (Firewall-Wizards)