It's all but impossible for anyone in the Linux sphere to have missed the laughably desperate whining coming from Microsoft Corporation to the effect that the multitude of truly dangerous security holes in Microsoft products are the fault of -- those who discovered them!

By this reasoning, the crime prevention bureaus of police departments ought to be arrested and jailed, because they make it their business to point out the kinds of things that make it easy for criminals, so that those of us who do not care to become targets for criminals can take the appropriate precautions.

(I don't mean to get off on a tangent, but this latest Redmondian outrage caused me to think back and try to figure out if anything they have ever done has been moral, ethical, truthful, or even good code, and in the post-DOS era I draw a total blank. I long thought that Windows came about when the boys decided they'd experiment a little and got some LSD and then watched Yellow Submarine. But I've abandoned that view -- LSD might make you crazy, but it does not rob you of your soul. And Microsoft, as exemplified by the latest tantrum, is as soulless a place as exists on the planet.)

There's more, though, to be said, and it's about Linux.

Cyberattacks have become commonplace, and the day is not far away when we'll encounter cyberterrorism, with very critical installations specifically targeted or with very broad attacks designed to cripple commerce. Security will become not just an important feature but the most important feature in an operating system. I've long held the view that anyone using Microsoft products connected to a network connected to the Internet to store critical data is prima facie guilty of malfeasance. I do not think the day is far away when a lawsuit will list the use of unsecure Microsoft software among the allegations justifying the payment of damages, and I think there is sufficient evidence to make it stick. In a danger-free world, you could get away with Microsoft software, but today you cannot, any more than you can sniff up the powder in the bottom of an envelope that came from location unknown.

The alternative is, really, Linux. But Linux, as distributed, is not all that it could be. Distributions have gotten much better about turning off unneeded services that used to be shipped on by default, and distributions are very good, as a rule, about getting out security updates.

We're in the midst of upgrade season right now; Red Hat 7.2, a worthy contender but for its insistence on putting things where they don't belong (desktops in /usr), has already found its way onto some machines, and SuSE 7.3 is said to exist somewhere, though not here yet, which is why I'm not writing about it this week in this space.

The spring round of upgrades promises to be even better, with KDE-3.0, 3.01, or 3.1, Qt-3.x, KOffice with good filters and WYSIWIG, a new and improved version of StarOffice, the latest barely functional Mozilla, and whatever the GNOMEs are doing, which should be 2.0 or better. (No, this is not a flame against GNOME -- I'm simply not following all that closely what they're up to -- so hold your water.)

And recent events cause me to think that by spring someone will have produced a hyper-secure Linux. Not that goofy H-P idea of a secure Linux for, what, $3,000, but plain old Linux, only tight as can be.

Next: Yes, SELinux »