Bill Joy had an article in Wired about the hazards of technology. He was interviewed by Ubiquity, the ACM newsletter. I found one of his comments singularly inappropriate, and submitted the following reply, which I was promised would be posted in a subsequent issue (I will provide the hyperlink when it is published). The title of this response was "Pots, kettles, and degrees of blackness".
The original Bill Joy interview is on http://www.acm.org/ubiquity/interviews/b_joy_1.html
Unfortunately, Ubiquity, in an apparent attempt to not annoy Bill Joy and/or Sun, edited my response out of recognition, including changing the title. The salient point, which was the last paragraph, was deleted entirely. I have decided that Ubiquity editors are seriously compromised, or perhaps just humor-impaired, since the whole point of the essay was the last paragraph. Without it, the response they published makes no sense. I'm reminded of the Steve Martin line from the movie "Roxanne", which goes something like "Irony. Oh yes. We don't get much of that around here. We had some back in 1955, but people didn't get it, so we don't see much of it these days".
I find Bill Joy's comments about Microsoft seriously misplaced. For example, he claims that LoveBug was the consequence of Microsoft not getting economic signals correct.
Microsoft is delivering to customers what the customers say they want, which is wide-open, security-free environments capable of executing "cool" graphics from the Web. The economic signals from the marketplace are quite strong. In fact, Microsoft characterizes one major difference between their "professional" offerings and their "consumer" offerings being the "consumer" offerings have no security or file protection, because consumers don't want it.
In discussing the Web-content problem with a friend a couple days ago, he told me that it was Netscape that introduced the concept of active scripting in Web pages; Microsoft had to play catch-up on this one. So if there is any one party that can be accused of compromising the security of millions of computers, it is Netscape. But we're not allowed to say bad things about Netscape because They're The Poor Downtrodden Competitor. This would not be Politically Correct.
I have turned off all active scripting, removed the Windows Scripting Host from my machines, and refuse to open any attachments that have active content, period. This makes a number of Web sites inaccessible to me, and I can't convince various WebMasters that active content on the Web is a first-class stupid idea. Why do they use active scripting? Because they say it makes their Web site more attractive, or easier to use, or some such balderdash. To me, it means they are willing to conspire to either be virus vectors or demand that we compromise our immune systems. I consider active Web content to be a sign of social irresponsibility.
Until we start boycotting Web sites that require that we open our computers to penetration, they won't get the message. This is not a Microsoft problem. This is the result of hundreds of thousands of completely irresponsible WebMasters creating an environment in which systems must be inherently vulnerable.
But the deeply hypocritical aspect of the comments Bill Joy made is that back in the early 1980s we refused to install email on our Unix system, because there were several massive, well-known, security holes in the email system. This caused our sysadmin a lot of grief, but he held the line and required everyone to get email on our mainframe, which didn't have any known email security holes. Sun had been informed numerous times about these security holes, and their attitude was, as I recall, "We could fix it, but we won't, because fixing it would inconvenience our developers". Hundreds of Sun customer sysadmins had requested, for years, that Sun fix its security holes. They didn't. In fact, they actively refused to do so.
From the Ubiquity article:
JOY: Consider the "Love Bug" virus, which was made possible because Microsoft didn't get economic signals; the kind of sloppiness this represents is something that we just can't afford in the physical world technologies. But Microsoft didn't have any economic signals to tell it that its software should be of higher quality, nor did the company feel that it was likely to be liable for ecological consequences of deploying software that was well-known to have problems with viruses, or it would certainly have acted differently.
Several of these holes let Robert Tappan Morris get his Internet Worm into the Sun systems all over the world. It is worth pointing out that Sun assumed no responsibility for this, and as far as I know never apologized for it. In fact, I heard about the worm the day after it hit, from a friend, and I said "How did it get in?" He said "The email hole" and I said "Which email hole?" knowing of several. When Sun knew about penetration mechanisms for at least six years (that I know of) and hadn't fixed them, I don't think anyone from Sun is entitled to point fingers at Microsoft.
I said essentially the following back when the RTM worm caused the shutdown of thousands of Sun systems. In fact, I could paraphrase what I said about Sun using the following words (these were the words edited out by the Ubiquity editors. Can anyone explain to me why this would be done?):
Newcomer: Consider the "RTM Worm", which was made possible because Sun didn't get economic signals; the kind of sloppiness this represents is something that we just can't afford in the physical world technologies. But Sun didn't have any economic signals to tell it that its software should be of higher quality, nor did the company feel that it was likely to be liable for ecological consequences of deploying software that was well-known to have problems with penetration attempts, or it would certainly have acted differently.
How quickly we seem to forget our own history!