Linux Today: Linux News On Internet Time.

Editor's Note: Keeping Ourselves Safe

Aug 29, 2003, 22:00 (18 Talkback[s])
(Other stories by Brian Proffitt)

For a man, there are no three words that will strike fear our hearts faster than our significant others saying,

"Are you busy?"

When I hear my wife saying these words to me, my brain automatically supplies the rest of the sentence, which remains unspoken in a weak effort to allow me to retain some sense of personal choice and dignity. It's all a sham, however - I know what the rest of the sentence really is:

"...because you're about to be."

Sometimes when I hear this, I may actually be busy doing something else, and I can honestly say so. Whereupon my lovely spouse will weigh whether she really needs me to complete whatever task she has in mind now, it can wait until later, or whether she really needed me at all.

Other times, I may be able to start working on something quickly, before she enters the room. Yes, I am working, but it's work that I chose to do.

Usually this does not happen. Since my fundemental desire in life is to be at rest, more often than not she will find me in a most decidedly unbusy state of affiars. And I reply, "no, dear, what do you need?"

Earlier this week, my wife began to get the stirrings to begin the annual Fall cleaning at our home. I recognize the signs: the scrunched up nose at the pile of newspapers near the recliner... the "tsk!" when she sees the girls' rooms... yep, it's Fall cleaning time.

Fall cleanining may seem excessive, since Spring is traditionally the time when homes undergo a major purge of dirt and unwanted items. But in Indiana, there is always a chance that Winter will be a hard one, and the thought of being cooped up in a less-than-immaculate home makes my wife fairly edgy.

On this particular day, my wife wanted to start tossing things out of the basement that, in all honesty, probably did need to get tossed out. This did not stop me from grumbling a bit about the whole process, which my wife can usually put the brakes on by gazing wistfully at my comic book collection which is taking up a lot of room in the basement.

The implication of this gaze is clear: "if you're going to keep that collection in this basement, dues need to be paid."

Faced with that, I become a regular Mr. Clean.

One of the things I was to haul up to the garage for later removal to Goodwill was my daughters' child seat. This seat, designed to hold your young one in relative security as you barrel down the road, actually holds a lot of memories for us, since it represents a time when our little ones could actually fit in such a seat and we, for a brief, wonderful time, could do no wrong.

This particular car seat holds a few unpleasant memories, as well. For some reason, the manufacturer made the thing wrong. Wrong enough that, at the time, it needed a recall. Some doohicky was not installed right, and there was the danger that the car seat would fail to protect my little one if I were ever to find myself in a car crash in excess of 70 mph... or something to that effect.

At the time, it was a matter of sending in for the new part, getting a new seat, or just try really hard not to get in an accident in excess of 70 mph. The odds of avoiding such a crash were pretty low, since at the time we were living in New Jersey and in that state people drive 70 miles per hour just pulling out of their driveways. A new seat was also not an option, since we were just startung out and were trying to work ourselves up to the poverty level since I'd just gotten out of the newspaper business.

We sent away for the part.

Whatever it was we did those many years ago, it must have worked, since the car seat lasted through two daughters until my youngest outgrew it a year ago.

But while I was trudging up the dark flight of stairs, something occured to me: if we can recall car seats because they are unsafe, why can't we recall... software?

The thought was not exactly a non sequitur for me, since earlier this week, my Inbox was still smarting from the SoBig.F virus that was (a) filling up my personal Inbox with crap - either the virus itself or antivirus alert messages from servers all over the planet that mistakenly thought I had sent them a virus - and (b) slowing the Jupitermedia mail servers down because somehow our e-mail addresses were getting spoofed a lot and too many fake out messages were drowning our servers.

SoBig.F made me fairly angry last week, because even though I use Linux, I was still feeling its effects. MSBlaster had not really bothered me directly, though clearly it had some negative effects on other organizations. What made me so angry was not just the fact there are idiots out there who come up with such things, but there is a larger idiot company out there that keeps letting things like this happen to them.

In the United States, the organization that handles a majority of the consumer recall is the U.S. Consumer Product Safety Commission, an government agency that started in 1973. Its mandate, according to them, is working "to save lives and keep families safe by reducing the risk of injuries and deaths associated with consumer products."

In other words, if its found to be unsafe, they fix it. The CPSC does a pretty good job at this, handling 15,000 types of consumer products except for vehicles (handled by the Department of Transportation) and food, drugs, and cosmetics (handled by the Food and Drug Administration).

But when I looked at their big recall list, I could not find Microsoft on the list. Nor, for that matter, software in general. This puzzled me, since as far as I am concerned, software is a consumer product. I went nosing around and could not find any government organization that would handle such a thing, though I did find an open letter from a Washington lobbyist group denouncing the huge security issues Microsoft products have to the Department of Homeland Security.

I think the CPSC should start looking at software as a category for its jurisdiction and then start applying the same standards it has for car seats, infant cribs, and even soda machines to software products that hit the shelves.

And Microsoft should be at the top of the list.

Because it has come down to this: computers have become so pervasive in the control mechanisms of our lives, that they need to be scrutinized as possible safety risks. Not just the hardware, either, the software as well. When certain systems screw up, there is now a very real possibility that people will die.

When the Blackout hit the East Coast, there were rumors that the MSBlaster worm might have been responsible. These rumors still persist even today, but so far they are still just rumors. But if they were actually true, the consequences of the injuries and deaths lie not only at the feet of the virus designer(s) but the platform as well.

I can give a more chilling scenario: the hospital where I volunteer inexplicably uses Windows 2000 on the control systems in each intensive care unit. If just one bug reared its ugly head at the wrong time, a patient could be in serious trouble, possibly dead.

At this point, some may be shaking their heads and saying that this is not the software makers' fault - the virus makers and crackers are the ones to blame. And I would agree that they do, indeed, bear a majority of the responsibility.

But not all.

When a major fast-food chain here in the US gave away a child's toy that could break off a small piece if put inside a child's mouth - did the general public just say "okay, we'll just make sure the kids keep these out of their mouths" and that will be the end of it? No, the toys were immediately recalled.

When a crib comes out on the market with slats that are wide enough for a child to stick their head through and possibly choke, parents don't just rely on the honor system from their children - they want those products fixed.

Children are not full-grown programmers with criminal intent, the software makers will argue, and I would agree. But one of the big reasons for any product recall is that we as adults know that it is within the nature of children to try new things that would otherwise make no sense to to us and even the best parents in the world cannot monitor their children for every single second of the day.

We know it is within the crackers' nature to write these malicious programs. It does not make sense to us, but it still happens. We know it happens, and the software makers have a fairly good idea of how it happens. But inexplicably, the holes still remain out there.

And, lest I be unclear, not all computer software failures come from hacks.

I am normally hesitant to advocate even more government involvement in our lives, but I think there needs to be an oversight body that regulates the quality and safety of the software we use. To be perfectly fair, all software on potentially life managing systems should be overseen, including Linux. What's good for the goose is good for the gander.

Right now, software makers rely on the honor system to maintain the quality of their software. That may not be enough, especially when human lives are hanging in the balance.

Program Note

In the US, we're celebrating Labor Day this Monday, September 1. The staff of Linux Today and LinuxPlanet will be enjoying the holiday weekend, and therefore the news feed will not start up until 0500 GMT, Tuesday, September 2.

We hope you have a relaxing holiday and, for those many readers outside the US, have yourselves a fun weekend while the we Americans laze about.

Brian Proffitt
Managing Editor