What I had been meaning to write about was linking policy. This is a branch point--what is really annoying me most recently is disclosure. More on that shortly.
LinkingSome sites just don't get a link, period, for reasons that seem good to me. Some (not all) of the features of those sites include, in no particular order:
- Excessive politics, propaganda, or marketing. This includes propagation of information that is widely known to be disingenuous, is composed of marketing-speak, and similar bullshit. I don't have time for that, and I am going to go out on a limb here, and assume that you do either.
- Rapid URL rot. Sites that can't create stable links usually have other problems as well.
- Sites that seem to promote intentionally adversarial discussions. Because there is enough heat and noise. If advertising has to be the chosen business model model of the Internet, there really should be a better mechanism for selecting allowed ads. Notice how many sites trash some vendor product, but the page is splattered with ads from that vendor.
Some vendors have a long history of security fubars. Many vendors (even vendors that are all the rage, these days) talk about Responsible Disclosure. I have problems with that.
- Who is a vendor? For-profit, non-profit, the admin of some random listserv?
- Vendors, by whatever definition, tend to take the path of least effort. Its human nature, but does not serve the end user particularly well.
- 'Responsible disclosure', as terminology, skews the discussion in the vendors favor. It gives them an opportunity, which they have historically taken advantage of, to stifle publication of problems. The argument is that it would put users at risk. The obverse is that users are at risk anyway--they just don't know it.
- Vendors have long delivered software (and firmware) which does not pass the most rudimentary sanity check vis-a-vis security. Those who report problems, and are still sometimes attacked for it, are justified in questioning how patently irresponsible vendors can claim a lack of responsibility on the part of those who form what is essentially a distributed QA systems. QA which the vendor should have done.
- The costs of that distributed QA system.
- Vendor is probably a bad term--what about providers of free (as in beer) software or services?