|Home » Industry Watch (» The Technological » Hall of Monkeys » Heroes Banquet)
When your back's to the wall - use a big word that doesn't exist.
Think things on the Apple side are tough? You ain't seen nothing yet. Remember that scary web browser Internet Explorer? For Windows? People still use it. Yes they do. Unbelievably enough. No amount of rhetoric seems to keep the terminally lame away.
Think things like the MOAB #15 hole are a bit much to tolerate? To be sure they are. But look for a second to see how the other 95% have it.
Here's My Clipboard
Brian Krebs calls these inexcusable bloopers 'what were they thinkings': before the turn of the year he outed a rather embarrassing fact about the Microsoft Windows web browser: for some unknown - indefensible - reason it actually turns over the contents of the user's clipboard to remote sites the user surfs to.
This sounds strange to say the least. And dangerous to boot. As many surfers are aware their Windows boxes can be compromised by keystroke loggers they've taken to copying and pasting their passwords in rather than typing them. And of course the clipboard can at any one given moment contain all sorts of other goodies.
And above all the question remains: what good is this supposed to be? And even a further question: shouldn't the Redmond vendor have told users about this?
Note the subtle 'yin yang' artwork on the title bar here. Note the portent of the message. You're looking at Internet Explorer 7 for Windows. Which now gives you the option - hallelujah - of not sending your clipboard data to a remote site. And note the correct button is made default. It's called 'progress'.
'Welcome to Toyota! Would you prefer your automobile not explode today?'
Still over half a year later it's not known #1) why this was ever done; and #2) why it's not been scrapped altogether. But the feature's been around forever and it's still not gone.
M$FTP & Embedded Login Authentication
Here's another shocker: some people actually not only use Windows but use Internet Explorer for Windows to do their FTP!!1! Yes it's truly unbelievable. But they do.
Now here's the next shocker: if you fetch web pages with IE6 or IE7 to your computer those wonderful programs embed your username and password inside the documents. And you wouldn't know it - and you'd edit the files and put them back on the server again and anyone privy to that little tidbit could crack into your network - just like that.
This 'curiosity' was brought to the attention of Microsoft in the year 2004. According to Krebs by someone working in security for a midwest broker house. He wrote to Microsoft of course - and got a reply.
There was no way the 'bug' could be fixed as a fix would require a 'rearchitecture' of the 'feature'.
Irresponsibility in Design
Where these people get these ideas is unknown: the idea any code at all can be injected into any running application at all sans authentication (OS X input managers). The idea any code at all can be made a candidate to run in single user mode (OS X startup items). The idea SUID root executables can be overwritten by other users (OS X MOAB #15). The idea root processes can reset permissions on files from on disk directives that are not root protected (OS X MOAB #15).
The idea a connected user would in his wildest dreams want to turn over the contents of his clipboard to a remote site; the idea of storing authentication credentials inside published web pages fully accessible by the public at large; they're such stupid ideas it's hard for ordinary people to even fathom why supposedly serious companies would want to allow such things in the first place.
It's even more difficult to fathom why they'd want to keep things as they are in light of the fact the whole world - including the black hats - knows about them by now.
But there you have it - they do want things this way. And all they have to say in their defence is that fixes would require a 'rearchitecturing'.
No known reputable dictionary of any dialect of the English language has an entry for 'rearchitecturing'. It's a made up word. Perhaps it's meant to convey the sad fact that the operating system vendors have painted themselves into a corner through bad design decisions. But no matter, for the word's not been defined anywhere and no one will ever know.
Using a word like that is no better excuse than anything else but when your colleagues have really put their noses in it there's perhaps nothing more you can do but USE BIG (NONEXISTENT) WORDS.