Subject: Re: platform subscriptions as business model (RHAT 10-Q)
From: Tom Lord <lord@emf.net>
Date: Sat, 22 Feb 2003 21:32:56 -0800 (PST)



       > But am I the _only_ one in the world who questions the RISKS
       > of update subscriptions when implemented in that form?

       Would you please elaborate on those RISKS [sic] for those of us
       in the audience who are clueless to the risks?

Numerous.

Millions of lines of unvetted source are filtered through a
combination of (apparently) <200 RHAT employees + their test suites,
then convereted to binaries on their not-especially-secured intra-net,
then shipped as binaries by the up2date servers to customers, with
preference given to paying customers.

Risks include:

*) Compromise of rhat's intranet, leading to malicious binaries
   that are efficiently delivered to the more security conscious of
   their customers.   Will it be a plant among their hackers?  Will it
   be the guy that changes the flourescent lightbulbs?   Will it be a
   quiet cracker?  On the current course: we'll find out for sure.

*) Exploit of a vulnarability in previously shipped code, combined
   with a DoS attack on RHAT's up2date servers.

*) Malicious players in the free software "community" who introduce
   subtle bugs that escape detection before shipment.   This is quite
   distinct from an infiltrator into a proprietary shop given the
   nature of open source processes.

Eric Raymond's eyeball fetish or not -- Free Software is not a silver
bullet against assholes, of whom there is no shortage.

If you want to exploit the first vulnerability with a little class,
may I recommend a Thompson-class compiler virus
(http://www.acm.org/classics/sep95/)?

Were I a customer with a critical system, I wouldn't be happy unless I
had all the means at my disposal, primed and ready to go, to patch,
rebuild, and redeploy my network very quickly -- perhaps picking up
the patch via some extra-internet route as a phone call or sneakernet
delivery from one of my peers.  Once I had that capability, up2date
wouldn't _quite_ be the service I'd want from RHAT.

I'll add that, as cold hearted capitalists, we should all be comparing
the cost of the most ridiculously cloak-and-dagger exploit against
the potential returns.


	> Not to mention the question: what will there be to bother
	> updating in 10 years unless innovation is more aggresively
	> persued?

	I dunno.  I don't even understand the question.

Unix is hardly state of the art.  Something will subsume and replace
it.  If I were in charge of MSFT R&D -- that'd be my current job #1.
I'm "once removed" in personal associations from a number of key 
MSFT R&D folks -- frankly, we're toast unless we get our act together.


Now, to be sure -- I don't want to be Chicken Little here.  RHAT does
indeed have a helluva business model at the moment.  If I had a little
money to toss around, I might day-trade on them expecting to profit in
6-12 months.  All I'm saying is that the engineers among us ought to
regard this as a compromise -- as a bootstrapping step.  Now they have
money to do things right.  So, what comes next?


-t