November 5th, 2003


Security by bounty.

Microsoft, which typically protects the security of its software through obscurity (i.e. not allowing others access to its code in order to verify its security), is now putting bounties out on virus creators who exploit holes in Microsoft's security.

What isn't mentioned, however, is how small a step it could be from putting bounties out on virus creators to putting bounties (or some bounty-like equivalent) out on those who publicly release information/software that reveals Microsoft's security holes or bypasses the way Microsoft intends their security/software to work in general. This is especially problematic, because Microsoft has an ever-increasing amount of legal remedies they can resort to in order to target these individuals.

Latest dose of Iraq...

Time magazine's story "The Wounded Come Home" is perhaps the most visceral and telling article written on the wounded in Iraq written to date. It provides both grizzly first-hand accounts and some telling facts that haven't really been mentioned much.

Another article worth reading is "The Relevant Quagmire", which points out that the situation in Iraq is not like that of Vietnam, but has strong parallels to that of the Russian occupation of Afghanistan, where the Russians lost 25,000 troops over the course of 10 years.

Admittedly, 25,000 dead sounds like a lot of troops, but when you break it down over 10 years, that's only about 6.8 dead per day in an escalatingly dangerous conflict. If you factor in the lives saved in Iraq due to the effectiveness of modern US combat medicine, body armor, etc. I think you'll find that the US military is already in an Afghanistan-like scenario, infact.