[cap-talk] Midori in The Register

Wed Aug 6 08:44:43 CDT 2008

On Wed, 2008-08-06 at 13:58 +0100, Toby Murray wrote:
> On Wed, 2008-08-06 at 13:04 +1000, J
> > Driver crashes get blamed on Microsoft Windows, even
> > though they should not be.
> 
> Why? In a microkernel, a driver crash is not guaranteed to corrupt the
> rest of the system, particularly if the kernel has been written to
> maintain defensive consistency in the face of driver failures, which it
> should be....

Not so. In the presence of hardware providing physical DMA -- which is
to say, all current commodity hardware -- it is impossible for the
operating system to ensure defensive consistency of this form.

> >   Viruses and Trojans do not
> > get blamed on Microsoft Windows, even though they should
> > be.
> 
> Viruses and Trojans should *not* be blamed on Microsoft any more than
> crime should be blamed on an inept police force.

On this point we do not agree entirely. I agree with the philosophy that
the criminal is to blame for their actions. But I also agree with the
philosophy that it is the responsibility of every person to exercise
prudence. I believe that the responsibility to engage in prudence rises
with pertinent knowledge. I believe that a knowledgeable party who sells
a sufficiently imprudent product to an ignorant party is engaged in a
swindle, and should be treated accordingly. Finally, I believe that the
expectation and burden of responsibility should be increased
exponentially when the parties engaged in the transaction are so
mismatched in their powers of redress that one effectively dictates
terms to the others.

Microsoft is clearly the only powerful party in a transaction concerning
MS software. Nation states have been consistently unable to impose
sensible terms on MS. MS clearly is in a position of pertinent
knowledge, and has been for many many years. MS clearly has a long
history of engaging in imprudent software construction, and has clearly
swindled many customers in the sense that I defined the term above.
Given this, Microsoft clearly bears great responsibility for the current
situation, and should carry both some amount of blame and a certain
amount of fiduciary culpability. In effect, MS has passively conspired
with the criminals through failure to satisfy the obligations that go
with its role. Worse, MS has consistently imposed terms and technical
means that undermine the ability of the victims to engage in prudence
independently of MS. Even worse, MS has lobbied for and successfully
caused the passage of legislation that further amplifies the imbalance
of power between MS and its customers.

But all that being said, it is is also important to note that MS has
changed its technical approach significantly over the last several
years. The company is clearly making a very real attempt to change its
practices in connection with existing products, and is consistently
(granted, with some false starts) trying to build new products using
better techniques, tools, and disciplines. The present effort may not
work, but it is by all accounts an honest effort.

I do not think that MS should be let off the hook (ethically speaking)
for the consequences of its past actions. But I also think that MS is
changing, and that we should try to assist that constructively.

shap