RE: Security vs accessibility?

The sky is falling, the sky is falling.  Computers aren't safe, 
the Internet is a dangerous place, email should be avoided.  
Microsoft products and gasoline in most parts of the world cost 
too much.  

As was stated in the first part of this thread, due to shear numbers, 
Microsoft products receive the most attention from unscrupulous people.  
No other Internet related programs have experienced such focus of 
attack.  Until they are, can they really say they are more secure?  
The architectural "advantage" cited below could also be a weakness.  
There is no way to know until attackers focus their attention on it.  
Any claim of greater security must be considered untested.

Reality check - the most vicious attacks on Microsoft products have at 
best resulted in a relatively small amount of harm.  NO lock, security 
system or software program is foolproof.  Would a user lower their 
potential for exposure to an attack by using LINUX - perhaps, but when 
the potential is already fairly low, where is the motivation?

I am not a fan of Microsoft, but respect their position.  This position 
causes the light to shine on them which leads to excessive commentary 
about any "problem" their products have.  The harm any Internet user may 
experience using Microsoft products is far less (and less likely) than 
the harm they may experience riding in a car.

They have not forced themselves on us, we pay too much for their products because we like what they do for us - just like gasoline.  

Kurt Mattes
Application Development Analyst
Technical Lead - Web Accessibility
[302] 282-1414 * Kurt_Mattes@BankOne.com


-----Original Message-----
From: w3c-wai-ig-request@w3.org [mailto:w3c-wai-ig-request@w3.org]On
Behalf Of Access Systems
Sent: Saturday, July 17, 2004 9:53 PM
To: david poehlman
Cc: wai-ig list
Subject: Re: Security vs accessibility?



On Sat, 17 Jul 2004, david poehlman wrote:


> We've been having this discussion and here is the most recent message of the
> thread which has some interesting thoughts in it.
>
> I have not cross posted because of potential complications with replies, but
> it might be helpful for this discussion to take place here given our
> expertise and wide knowledge.
>
> Thanks!

OK

since this throws at least a dozen urban legends about linux around I
guess I should take a stab at some of them.

> ----- Original Message -----
> From: "Gene Asner" <gsasner@RIPCO.COM>
> To: <BLIND-L@LISTSERV.UARK.EDU>
> Sent: Saturday, July 17, 2004 7:29 PM
> Subject: Re: Scambusters Recommends Against Using Internet Explorer
>
> Catherine
> There are two or three things to consider:
> First, Since Internet Explorer and Outlook Express are the main browser
> and e-mail program in use, virus writers and spyware writers focus on
> these programs.  While Microsoft doesn't do as much as it could as fast as
> it could to make these programs as secure as possible, any other browser
> or e-mail program that became popular would be specifically targeted as

BUT due to the basic structure of the operating system unless M$
completely changes their BIOS and other critical substructures they will
never be able to make it as secure as even the most basic UNIX or UNIX
like system such as linux.   to describe it simply the M$ structure is
like a giant heilium balloon., any damage any where brings the balloon
down, linux (and other uinx like OS) are like a handfull of little
balloons you can damage one, two or more balloons but the rest stay up.

the linux structure is built of many many little mostly independent
processes running pretty much autonomously.  knock out one, use another to
fix the one. and since the kernel or core is isolated an attack can only
get to one of the nodes and is stopped before going further.  some damage
maybe but a total crash, next to impossible (nothings impossible)

> Explorer and Outlook Express takes the proper precautions, then he/she is
> not at much risk for infection by viruses nor from spyware.  While
> identity theft is a problem, there are all sorts of ways in which that
> occurs and the problems with spyware and viruses isn't nearly the whole

and with the same types of firewalls and buffers etc, linux is even more
secure

> picture.  I bet lots more people suffer identity theft by answering scam
> e-mails that look as though they come from legitimate companies than do by
> being infected by viruses or spyware.  I'm not saying that people

not much you can do for pshishing, education education education but that
cannot be blamed on any software or hardware, that is a jellyware problem

> Technically, the main reason that other browsers don't work well with
> screen-readers is that in order for them to do so, screen-reader

no they don't work well because the writers of websites don't follow the
guidelines set down by W3C or the laws of various countries,  this is a
compliance problem and a few good lawsuits might wake up some of the lazy
programmers who refuse to write code correctly

> manufacturers and designers would have to specifically program through
> scripts, set files, perhaps with code built into the screen-reader
> itself,the ability for the screen-reader to work with each browser.  Even

NO,  why won't CSS, and HTML work

> using Microsoft Active Accessibility, MSAA, wouldn't help matters in terms
> of making more browsers accessible because for this to work, the browser
> designer would have to encorporate MSAA into the browser ore e-mail

or maybe (heaven forbit) M$ follows the web standards rather than try to
create their own that forces people to buy their outragously overpriced
bloated software

> program and then screen-reader designers would have to [program on their
> end to allow the browser to work properly.  I agree that blind people
> should have a choice of more than one browser.  but how many?  My opinion

no as far as I know all browsers work on properly coded CSS - HTML

> is that Netscape should be the other.  Netscape is used in some work

netscape isn't even supported anymore, the succesor is Mozila, it looks
and feels like netscape but is more advanced and stable

> designers of Netscape, not screen-reader designers.  With all the other
> needs blind computer users have for access to other widely used programs,
> I certainly wouldn't want to see screen-reader designers divert time and
> resources away from these other programs to make more browsers accessible.

there are quite a number of screen readers avaliable in the open source
community.  most of these work differently from M$ in that M$ reads the
code and if your using something other than M$ it can't read the code.
most of the open source screen readers read the output to the monitor
(what ever is or even is not there) the output to the monitor is pretty
standard amoung all operating systems since they need to be able to use
the commercially avaliable moniters.

> What all this boils down to, in summary, is that while security is a
> problem, it's not nearly as severe as it seems from the frightening

from my perspective it is a huge waste of time caused by poor system
design, why should anyone have to spend extra money for extra protection
for an weak system, nor should one have to spend all that time constantly
downloading patch, after patch after patch to fix the patch that wasn't
right the last ttime you patched it.  and having to wait days, weeks
months to even get the patch.

linux has flaws and there are patches, but I have never seen a
vulnerability last more than 24 hours and most even less, and visit the
average linux patch site and find a very small fraction of the number of
patches needed compared to that other software

> Internet, there is no other remotely reasonable alternative if one wants
> access to full Internet functionality.  I can't comment with much
> knowledge about those using Linux (spelling) but I'd be very doubtful that
> Linux screen-readers provide nearly as good access.  I use a Windows

then let someone who has been 100% M$ free for over 5 years comment.

there are several good screen readers for linux and something M$ doesn't
have a full team of people who only deal with linux access lead by a
person who is blind.

> before either.  It's a question of what was more work, in the early days,
> it was learning how to connect and setting up one's screen-reader.  Now
> it's protecting yourself.

why have to waste time doing either

for those interested the visually impaired home page for blind linux users
is

http://leb.net/blinux/    (blinux  Blind+linux)
there is also the text based screen reader that may be the most powerfull
out there, a bit complicated to learn to use but is there any thing better
than emacspeak.

for those who want full graphics screen readers there is
Gnopernicus
http://developer.gnome.org/projects/gap

let not the "HIGHLY PAID SALESMEN" with bloated and overpriced software
and huge advertising budgets scare one away.

there are lean FREE options avaliable and they don't need the latest and
greatest and most expensive new hardware every two years to be able to
work

CODE PROPERLY, Follow the guidelines and laws, and ANY screenreader works
on any website.  THE WEB IS DAMAGED, fix the web not me, I AM NOT BROKEN

(rolling down off soapbox)
Bob
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONFIGURE YOUR E-MAIL TO SEND TEXT ONLY, see http://expita.com/nomime.html
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

"They that can give up essential liberty to obtain a little temporary
safety deserve Neither liberty nor safety",    Benjamin Franklin
-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -
   ASCII Ribbon Campaign                        accessBob
    NO HTML/PDF/RTF in e-mail                   accessys@smartnospam.net
    NO MSWord docs in e-mail                    Access Systems, engineers
    NO attachments in e-mail,  *LINUX powered*   access is a civil right
*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
THIS message and any attachments are CONFIDENTIAL and may be
privileged.  They are intended ONLY for the individual or entity named



**********************************************************************
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
**********************************************************************

Received on Monday, 19 July 2004 08:04:15 UTC