W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > July to September 2004

RE: Security vs accessibility?

From: Access Systems <accessys@smart.net>
Date: Mon, 19 Jul 2004 09:43:52 -0400 (EDT)
To: Kurt_Mattes@bankone.com
Cc: poehlman1@comcast.net, w3c-wai-ig@w3.org
Message-ID: <Pine.LNX.4.58.0407190916110.31677@smart.net>

On Mon, 19 Jul 2004 Kurt_Mattes@bankone.com wrote:

> The sky is falling, the sky is falling.  Computers aren't safe,
> the Internet is a dangerous place, email should be avoided.
> Microsoft products and gasoline in most parts of the world cost
> too much.

well a little over the top I think, computers like cars are as safe as the
operators that use em. (for the most part)

> As was stated in the first part of this thread, due to shear numbers,
> Microsoft products receive the most attention from unscrupulous people.
> No other Internet related programs have experienced such focus of
> attack.  Until they are, can they really say they are more secure?

well Linux has had it's share of attacks but because there are fewer users
and no huge publicity dept they get less press, and remember almost half
of all internet servers are running on apache which is a linux program.

> The architectural "advantage" cited below could also be a weakness.

there is one advantage that linux and other forms of open source software
have that M$ can never have unless they essentially become open source.
which is highly unlikely.
  if a weakness is discovered in M$ (or other proprietary or closed source
software) you are totally dependent on M$ and their limited cadre to
discover and correct the flaw.  in open source software there are
literally thousands of programmers around the world searching for the fix
and the first one to find it, gets to name it.  not much money but for a
programmer getting their name on software is the ultimate glory.

> There is no way to know until attackers focus their attention on it.

it has had it's share of attacks, especially in the server end of things

> Any claim of greater security must be considered untested.

tested and retested, no flaw to the best of my knowledge has ever existed
more than a few days before being plugged, and you can go to anyone of
dozens of mirror sites to get the fix, and you don't have to "register"
with a single company, which can control the flow so to speak

> Reality check - the most vicious attacks on Microsoft products have at
> best resulted in a relatively small amount of harm.  NO lock, security

duh,?? ask the folks attacked how much harm has been caused, heck it is a
whole industry.  people are expected to "pay $$$" for security to norton,
to macaffee and others.  You never have to pay for security in open source
software, it is built in or free downloads

> system or software program is foolproof.  Would a user lower their

true nothing is foolproof.

> potential for exposure to an attack by using LINUX - perhaps, but when
> the potential is already fairly low, where is the motivation?

the motivation is low mainly because most malevolent hackers are aware of
the low return on investment in open source.  (and Linux is merely a
generic term for one type of open source software, another misconception)
you can buy Linux from literally dozens of different companies and if you
wish down load it for free.  not to mention BsD, and other open source
operating systems. (BTW it is free as in "Free Speech" not neccesarily
free as  in "Free Beer" another misconception about linux)

> I am not a fan of Microsoft, but respect their position.  This position
> causes the light to shine on them which leads to excessive commentary
> about any "problem" their products have.  The harm any Internet user may
> experience using Microsoft products is far less (and less likely) than
> the harm they may experience riding in a car.

but when they have an accident it frequently causes major problems to
individuals, just like a car accident.

> They have not forced themselves on us, we pay too much for their
> products because we like what they do for us - just like gasoline.

well in a way they have forced themselves on us.  they give make companies
sign exclusive contracts in order to get thier software, try buying a
laptop computer without M$ software in it.  how many people would actually
"buy" M$ software if they had to buy it seperately (even if installed) one
of the major computer sellers has a $300 credit if you buy a computer with
linux installed instead of M$ but only thru mail order. any computer they

BUT this is all academic, the topic of all of this was the avalibility of
accessibilty of Linux, and as I mentioned in my original reply (Which you
ignored) was the ready avalability of accessability for linux operating

> Kurt Mattes
> Application Development Analyst
> Technical Lead - Web Accessibility
> [302] 282-1414 * Kurt_Mattes@BankOne.com

and unlike you apperently I have no vested interest in the differences, As
long as you do your job at BankOne properly there will be no problems, and

 if 95% of your customers use M$ software would your superiors consider it
appropriate to discard 5% of their total customer base??  I own a business
that is 100% non M$ in the computer systems, (we are not a computer
company but rather an engineering company we make the railroads faster and
safer and more accessible) we have to deal with M$ operating companies
daily.  I think a better example of how things should be is like
railroads,  some are long, some are short, some have one brand of engines,
others use a different brand, some are union, some not.  but the key thing
that holds em all together is that they are all exactly the same distance
between the rails. (motto of the Short line RR association, "we may not be
as long but we are just as wide")
   the INTERNET must be like the railroads, always usable by everyone,
without concern about what version of software that is run.  Always
the same width so everybody fits...


> -----Original Message-----
> From: w3c-wai-ig-request@w3.org [mailto:w3c-wai-ig-request@w3.org]On
> Behalf Of Access Systems
> Sent: Saturday, July 17, 2004 9:53 PM
> To: david poehlman
> Cc: wai-ig list
> Subject: Re: Security vs accessibility?
> On Sat, 17 Jul 2004, david poehlman wrote:
> > We've been having this discussion and here is the most recent message of the
> > thread which has some interesting thoughts in it.
> >
> > I have not cross posted because of potential complications with replies, but
> > it might be helpful for this discussion to take place here given our
> > expertise and wide knowledge.
> >
> > Thanks!
> OK
> since this throws at least a dozen urban legends about linux around I
> guess I should take a stab at some of them.
> > ----- Original Message -----
> > From: "Gene Asner" <gsasner@RIPCO.COM>
> > Sent: Saturday, July 17, 2004 7:29 PM
> > Subject: Re: Scambusters Recommends Against Using Internet Explorer
> >
> > Catherine
> > There are two or three things to consider:
> > First, Since Internet Explorer and Outlook Express are the main browser
> > and e-mail program in use, virus writers and spyware writers focus on
> > these programs.  While Microsoft doesn't do as much as it could as fast as
> > it could to make these programs as secure as possible, any other browser
> > or e-mail program that became popular would be specifically targeted as
> BUT due to the basic structure of the operating system unless M$
> completely changes their BIOS and other critical substructures they will
> never be able to make it as secure as even the most basic UNIX or UNIX
> like system such as linux.   to describe it simply the M$ structure is
> like a giant heilium balloon., any damage any where brings the balloon
> down, linux (and other uinx like OS) are like a handfull of little
> balloons you can damage one, two or more balloons but the rest stay up.
> the linux structure is built of many many little mostly independent
> processes running pretty much autonomously.  knock out one, use another to
> fix the one. and since the kernel or core is isolated an attack can only
> get to one of the nodes and is stopped before going further.  some damage
> maybe but a total crash, next to impossible (nothings impossible)
> > Explorer and Outlook Express takes the proper precautions, then he/she is
> > not at much risk for infection by viruses nor from spyware.  While
> > identity theft is a problem, there are all sorts of ways in which that
> > occurs and the problems with spyware and viruses isn't nearly the whole
> and with the same types of firewalls and buffers etc, linux is even more
> secure
> > picture.  I bet lots more people suffer identity theft by answering scam
> > e-mails that look as though they come from legitimate companies than do by
> > being infected by viruses or spyware.  I'm not saying that people
> not much you can do for pshishing, education education education but that
> cannot be blamed on any software or hardware, that is a jellyware problem
> > Technically, the main reason that other browsers don't work well with
> > screen-readers is that in order for them to do so, screen-reader
> no they don't work well because the writers of websites don't follow the
> guidelines set down by W3C or the laws of various countries,  this is a
> compliance problem and a few good lawsuits might wake up some of the lazy
> programmers who refuse to write code correctly
> > manufacturers and designers would have to specifically program through
> > scripts, set files, perhaps with code built into the screen-reader
> > itself,the ability for the screen-reader to work with each browser.  Even
> NO,  why won't CSS, and HTML work
> > using Microsoft Active Accessibility, MSAA, wouldn't help matters in terms
> > of making more browsers accessible because for this to work, the browser
> > designer would have to encorporate MSAA into the browser ore e-mail
> or maybe (heaven forbit) M$ follows the web standards rather than try to
> create their own that forces people to buy their outragously overpriced
> bloated software
> > program and then screen-reader designers would have to [program on their
> > end to allow the browser to work properly.  I agree that blind people
> > should have a choice of more than one browser.  but how many?  My opinion
> no as far as I know all browsers work on properly coded CSS - HTML
> > is that Netscape should be the other.  Netscape is used in some work
> netscape isn't even supported anymore, the succesor is Mozila, it looks
> and feels like netscape but is more advanced and stable
> > designers of Netscape, not screen-reader designers.  With all the other
> > needs blind computer users have for access to other widely used programs,
> > I certainly wouldn't want to see screen-reader designers divert time and
> > resources away from these other programs to make more browsers accessible.
> there are quite a number of screen readers avaliable in the open source
> community.  most of these work differently from M$ in that M$ reads the
> code and if your using something other than M$ it can't read the code.
> most of the open source screen readers read the output to the monitor
> (what ever is or even is not there) the output to the monitor is pretty
> standard amoung all operating systems since they need to be able to use
> the commercially avaliable moniters.
> > What all this boils down to, in summary, is that while security is a
> > problem, it's not nearly as severe as it seems from the frightening
> from my perspective it is a huge waste of time caused by poor system
> design, why should anyone have to spend extra money for extra protection
> for an weak system, nor should one have to spend all that time constantly
> downloading patch, after patch after patch to fix the patch that wasn't
> right the last ttime you patched it.  and having to wait days, weeks
> months to even get the patch.
> linux has flaws and there are patches, but I have never seen a
> vulnerability last more than 24 hours and most even less, and visit the
> average linux patch site and find a very small fraction of the number of
> patches needed compared to that other software
> > Internet, there is no other remotely reasonable alternative if one wants
> > access to full Internet functionality.  I can't comment with much
> > knowledge about those using Linux (spelling) but I'd be very doubtful that
> > Linux screen-readers provide nearly as good access.  I use a Windows
> then let someone who has been 100% M$ free for over 5 years comment.
> there are several good screen readers for linux and something M$ doesn't
> have a full team of people who only deal with linux access lead by a
> person who is blind.
> > before either.  It's a question of what was more work, in the early days,
> > it was learning how to connect and setting up one's screen-reader.  Now
> > it's protecting yourself.
> why have to waste time doing either
> for those interested the visually impaired home page for blind linux users
> is
> http://leb.net/blinux/    (blinux  Blind+linux)
> there is also the text based screen reader that may be the most powerfull
> out there, a bit complicated to learn to use but is there any thing better
> than emacspeak.
> for those who want full graphics screen readers there is
> Gnopernicus
> http://developer.gnome.org/projects/gap
> let not the "HIGHLY PAID SALESMEN" with bloated and overpriced software
> and huge advertising budgets scare one away.
> there are lean FREE options avaliable and they don't need the latest and
> greatest and most expensive new hardware every two years to be able to
> work
> CODE PROPERLY, Follow the guidelines and laws, and ANY screenreader works
> on any website.  THE WEB IS DAMAGED, fix the web not me, I AM NOT BROKEN
> (rolling down off soapbox)
> Bob
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> CONFIGURE YOUR E-MAIL TO SEND TEXT ONLY, see http://expita.com/nomime.html
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> "They that can give up essential liberty to obtain a little temporary
> safety deserve Neither liberty nor safety",    Benjamin Franklin
> -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -
>    ASCII Ribbon Campaign                        accessBob
>     NO HTML/PDF/RTF in e-mail                   accessys@smartnospam.net
>     NO MSWord docs in e-mail                    Access Systems, engineers
>     NO attachments in e-mail,  *LINUX powered*   access is a civil right
> *#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
> THIS message and any attachments are CONFIDENTIAL and may be
> privileged.  They are intended ONLY for the individual or entity named
> **********************************************************************
> This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
> **********************************************************************

CONFIGURE YOUR E-MAIL TO SEND TEXT ONLY, see http://expita.com/nomime.html

"They that can give up essential liberty to obtain a little temporary
safety deserve Neither liberty nor safety",    Benjamin Franklin
-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -
   ASCII Ribbon Campaign                        accessBob
    NO HTML/PDF/RTF in e-mail                   accessys@smartnospam.net
    NO MSWord docs in e-mail                    Access Systems, engineers
    NO attachments in e-mail,  *LINUX powered*   access is a civil right
THIS message and any attachments are CONFIDENTIAL and may be
privileged.  They are intended ONLY for the individual or entity named
Received on Monday, 19 July 2004 09:39:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 13 October 2015 16:21:29 UTC