Yesterdayâ€™s unexpected notice from Micro$oft that I am not being awarded MVP status this year has caused me to take stock of my situation.
Now that Iâ€™m no longer a paid shill of the Evil Empire, and theyâ€™ve taken away my free Compuserve account, I feel I can no longer use their products â€“ mainly because I can no longer afford them if I canâ€™t download them for free from MSDN and TechNet.
Microsoft has been widely derided in the security community for many years, and despite having invented, expanded and documented several secure development processes, practices and tools, it seems they still canâ€™t ship a copy of Flash with Internet Explorer that doesnâ€™t contain rolling instances of buffer overflows.
Microsoft make a great deal out of their SDL tools â€“ documentation and threat modeling guides â€“ and yet they still havenâ€™t produced a version that runs on Mac or Linux systems, unlike Mozilla whoâ€™s been able to create a multi-platform threat modeling tool, called Seasponge. Granted it only lets you draw rudimentary data-flow diagrams, and provides no assistance or analysis of its own, requiring you to think of and write up your own threats â€“ but itâ€™s better than nothing! Not better than a whiteboard, granted, but vastly better than nothing.
Active Directory is touted along with its ability to provide central management by Group Policy Objects simply isnâ€™t able to scale nearly as well as the Open Source competition of Linux, which allows each desktop owner to manage their own security to a degree of granularity that allows for some fantastic incoherence (ahem, â€śinnovationâ€ť) between neighbouring cubicles. This is, after all, the Year of Linux on the Desktop.
Unlike Windows, with its one standard for disk encryption, and its one standard for file encryption, Linux has any number to choose from, each with some great differences from all the others, and with the support of a thriving community to tell you their standard is the de-facto one, and why the others suck. You can spend almost as much bandwidth discussing which framework to use as you would save by not bothering to encrypt anything in the first place â€“ which is, of course, what happens while youâ€™re debating.
Something something OpenSSL.
IPv6 has been a part of Windows since Windows XP, and has been enabled by default for considerably longer. And yet so very few of Microsoftâ€™s web properties are available with an IPv6 address, something Iâ€™ve bugged them about for the last several years. Okay, so www.microsoft.com, www.bing.com and ftp.microsoft.com all have recently-minted IPv6 addresses, but what about www.so.cl? Oh, OK.
Then thereâ€™s the Windows TCP SYN behaviour, where a SYN arriving at a busy socket was responded to by a RST, rather than the silence echoed by every other TCP stack, and which was covered up by Windows re-sending a SYN in response to a RST, where every other TCP stack reports a RST as a quick failure. I canâ€™t tell you how many years Iâ€™ve begged Microsoft to change this behaviour. OK, so the last time I spoke to them on this issue, my son was eight, and now heâ€™s driving, so perhaps theyâ€™ve worked some more on that since then. It is, after all, a vital issue to support correct connectivity.
Finally, of course, the declining MVP swag quality has hit me hard, as I now have to buy my own laptop bag to replace the MVP ones that wore out and were never replaced, a result of Microsoftâ€™s pandering to environmental interests by shipping a chunk of glass instead of a cool toy or bag each year.
My MVP toys were fun â€“ a logo-stamped 1GB USB drive, a laser-pointer-pen-and-stylus which doesnâ€™t work on capacitive touch screens, a digital photo frame â€“ but never as much fun as those given to the MVPs in other Product Groups. The rumoured MVP compound in Florida available for weekend getaways always seemed to be booked.
So, how do I get MacOS installed on this Surface Pro 3?