RE: [PHP-DEV] CVS Account Request From: Matt McClanahan (cardinal <email protected>)
Date: 11/16/00

On Wed, 15 Nov 2000, Myke Hines wrote:

> I think your over-estimating company ethics. I don't know if you know of a
> company called Miva... they have a scripting language and they would love to
> take down PHP.. i have a friend that works there and managment is always
> talking about that. I know it is a big pain in the ass to try to monitor
> everything but it needs to be done.
> there are companies out there that would love to do it.. no doubt about
> that.

I'm not sure you're taking the phrase "worth the risk" into full
consideration. Picture, for a moment, the scenario. A piece of
mallicious code is introduced into the PHP CVS tree. For the sake of
argument, and to make things more fun, let's say it was a backdoor in the
MySQL extension, which broadcast any usernames and passwords passed to
mysql_connect to some obscure newsgroup. Now, suppose that bit of code
was located and it was traced back to a Microsoft employee. What do you
think the headlines on ZDNet, C-Net, Infoworld, and so on would read the
next day, if the PHP Group chose to announce that Microsoft took steps to
introduce a bug in a competing open source project? MS is walking a very
thin line at the moment, trying to demonstrate that it isn't a monopoly.
Attacking open source projects isn't the best way to argue their point.

Now, that doesn't mean I'm suggesting that no company would try a stunt
like this. But in the course of debating if it could happen, at least be
realistic, it's not MS's style. Embrace, extend, extinguish. That's been
their policy for many years. When it comes to open source projects (Wine,
Samba) they tend to attempt 'pull the rug out' manuevers like changing the
Win32 or SMB API's to break open source projects. I submit that if MS
wanted to take a stab at PHP, they'd rewrite the IIS module API.

Matt

> -----Original Message-----
> From: Zeev Suraski [mailto:zeev <email protected>]
> Sent: Wednesday, November 15, 2000 2:47 PM
> To: Myke Hines
> Cc: Myke Hines; Rasmus Lerdorf; Sterling Hughes; php-dev <email protected>
> Subject: RE: [PHP-DEV] CVS Account Request
>
>
> Hmm, many hackers do stuff just for the hell of it. Wouldn't it be cute if
> you could tell your friends that you can take down any one of 4 million web
> servers at will?
>
> I doubt companies such as Microsoft would ever get involved in such
> actions, especially in light of the last couple of years. It's simply not
> worth the risk for them.
>
> Zeev
>
> At 00:37 16/11/2000, Myke Hines wrote:
> >At 00:19 16/11/2000, Myke Hines wrote:
> > >>I think that is totally not true.. you can't tell if a person is a
> hacker
> > >>just because they do a couple of good patches..
> >
> >
> > >You can't tell for sure. For all you know, you could argue that I (Zeev)
> > >might be an undercover Bin Laden agent, in one of the most successful
> > >undercover missions in history, trying to bring down the entire
> > >imperialistic American web. Possible, but unlikely.
> >
> > >I gather that someone committing legitimate patches may still be a
> hacker,
> > >but the likelihood goes down, significantly.
> > >Zeev
> >
> >Just think of the possibility. Who is PHP A threat to? Microsoft.. I
> >really would be surprised if they got a person that knew PHP well to start
> >introducing bugs in the PHP core.. therfore lowering the quality of PHP and
> >giving people more of an excuse to use ASP. i know this is far fetched but
> >is a $$ world out there..
> >
> >food-for-thought
> >myke
>
> --
> Zeev Suraski <zeev <email protected>>
> CTO, Zend Technologies Ltd. http://www.zend.com/
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>
> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>