Slashdot Mirror

Well, I'm not a Symantec salesperson, but apparently, such a feature is on the way.

And to be fair to the other vendors, companies such as McAfee are also addressing this issue.

OK, then go read what Balmer is saying himself. The fact that he has one Linux vendor essentially "admitting" that they know of parts of Linux that infringe on Microsoft patents implies that he has some proof. It doesn't matter if he has any REAL evidence, any more than it mattered three years ago when SCO started spewing bile about copyright infringement and copied SYSV code in Linux. As it turns out, their SCO strategy has failed miserably, so now MS has to try a different tack.

Let's Hear it from the Horses' Mouth, aaaa, Ballmer himself!

This is just in :

http://www.eweek.com/article2/0,1895,2050848,00.as p?kc=EWEWEMNL103006EP17A

SAN FRANCISCO--Microsoft CEO Steve Ballmer said his company is open to talking to other Linux distributors about reaching mutual patent coverage deals similar to the agreement signed Nov. 2 with Novell.
Such talks would be a good idea, Ballmer suggested, since now only Novell's SUSE Linux customers are the only Linux vendors that have any assurance that Microsoft won't sue for patent infringement.

Ballmer and Novell CEO Ronald Hovsepian spoke to eWEEK about the implications of their joint announcement here. The two companies have entered into a broad collaboration agreement aimed at providing greater interoperability between Windows and Linux while eliminating concerns about potential patent violations.

Click here to read Darryl Taft's story on what the Novell-Microsoft patent deal means for the software developer community.
The two companies agreed to assemble a joint research facility to work on virtualization technology for Windows and Linux as well as developing greater compatibility between the Microsoft-backed Open XML and the open-source community's OpenDocument formats. They also agreed to work on Web service technology to manage physical and virtual servers in mixed Windows-Linux environments.
The distributors of other versions of Linux cannot assure their customers that Microsoft won't sue for patent infringement. "If a customer says, 'Look, do we have liability for the use of your patented work?' Essentially, If you're using non-SUSE Linux, then I'd say the answer is yes," Ballmer said.
"I suspect that [customers] will take that issue up with their distributor," Ballmer said. Or if customers are considering doing a direct download of a non-SUSE Linux version, "they'll think twice about that," he said.

However, Ballmer did not say whether Microsoft had any plans to file patent infringement suits against other Linux distributors.
Competing Linux vendors "are certainly welcome to get involved to quickly provide these covenants not to sue," he said. These vendors have other incentives besides pressure from their customers and the worry about legal action, Ballmer noted.
The collaboration agreement demonstrates there are other factors "in which our technical cooperation is a definite advantage to Novell," Ballmer said.
The other Linux distributors, Ballmer suspects, will review their own position in the light of the Microsoft-Novell agreement. "There are a lot of Linux distributors now. All of the sudden you have got Oracle in the game; you've got Red Hat in the game."
They all "will have to face the issues and help their customers" in the same way that Novell is, Ballmer said.
The two companies haven't set any timetables for the delivery of Windows and Linux collaboration technologies. Planning is in the very early stages, Hovsepian said, considering that the two companies formally signed the collaboration agreement literally minutes before they walked to the press conference podium at the JW Marriott Hotel here. "We'll roll out the schedules appropriately to the public as we get them finalized," Hovsepian said.

Is the Novell-Microsoft collaboration agreement good for Linux? Read Steven Vaughan-Nichols' column.
Robert Muglia, Microsoft's senior vice president for servers and tools, and Jeffrey Jaffe, Novell's executive vice president and chief technology officer, will be working out the collaboration team's priorities and development plans, said Hovsepian.
The two companies are looking for a research laboratory location that will be equidistant to both companies' headquarters, Microsoft in Redmond, Wash., and Novell in Provo, Utah, said Justin Steinman, Novell's product marketing director for Linux.
One of the key goals of the collaboration effort is to build file fo

The distributors of other versions of Linux cannot assure their customers that Microsoft won't sue for patent infringement. "If a customer says, 'Look, do we have liability for the use of your patented work?' Essentially, If you're using non-SUSE Linux, then I'd say the answer is yes," Ballmer said.

The very paranoid might look at the partnering with Novell/Suse as an attempt to poison the environment so that eventually the rest of the OSS people would be guilty of using MS technology without a proper license.

From Microsoft, Novell Make Peace over Linux: In addition, Ballmer said Microsoft would not use its patent portfolio against any individual, nonprofit open-source software developer or against any OpenSUSE programmer whose code ended up in SUSE Linux.

You may well read this along the lines "In addition, Ballmer said Microsoft will use its patent portfolio against any individual, nonprofit open-source software developer or against any LINUX programmer whose code did not end up in SUSE Linux."

How paranoid am I (given M$s history)?

CC.

The distributors of other versions of Linux cannot assure their customers that Microsoft won't sue for patent infringement. "If a customer says, 'Look, do we have liability for the use of your patented work?' Essentially, If you're using non-SUSE Linux, then I'd say the answer is yes," Ballmer said.

"I suspect that [customers] will take that issue up with their distributor," Ballmer said. Or if customers are considering doing a direct download of a non-SUSE Linux version, "they'll think twice about that," he said.

I'll let you draw your own conclusions... but he is definitely banging the old "Linux infringes our patents" FUD drum...

I'd been deferring any sort of upgrade, since Win98SE has been sufficient for games, and I don't like spending money before I need to. At some point this summer/fall I started thinking maybe I should just get Vista, since I'll be waiting long enough. Now I'm beginning to think it should be XP, because the machine is "only" an AthlonXP-2600, 512MB RAM, 40GB HD, 256MB 5700LE. I get the impression that it will run Vista, but won't be that far above minimum requirements.

You may have read last week's news announcing Microsoft's Express Upgrade program, which is in effect from October 26 to March 15. Qualifying systems (or OEM copies of XP) come bundled with a coupon for either a free upgrade to Vista or 50% off an upgrade for Vista, depending on which version of XP you bought:

• XP Home Edition (which I would not recommend for a college student) gets a 50% discount off Vista Home Basic ($50) or Vista Home Premium ($80).
• XP Media Center Edition gets a free upgrade version of Vista Home Premium.
• XP Professional Edition, Tablet PC Edition, and Professional x64 Edition get free upgrades to Vista Business Edition.

there are similar nasties in the XP EULA about not using any software to access an XP machine other than netmeeting or the remote desktop client from microsoft. many foretold this as being the end of VNC and gotomyPC and it wasn't. i do not believe that a single lawsuit has been filed despite the successes of noMachine, logmein.com and others.

my theory is that they want to stop people from using vmware player or other free VM's to run cheap windows installs on an Xsession or linux terminal server... you know, start VistaCheap in a VM hosted on a linux server then export the display to another machine that is not windows either, and is not in posession of a client access license. i think that they are doing this to protect windows terminal server (and the revenue generated by those Terminal Server Client Access Licenses) for running windows based thin clients. if that's true then it's ironic since TSCALS are priced to be more expensive than an OEM copy of windows when you factor in the cost of the terminal server. that way you will be more inclined to use traditional PCs and not thin clients. i know VMWare is cooking up something like this solution with WYSE and a couple of other vendors where you can use a thin client to access one of many windows VMs running on a server.

i would also imagine that they are doing this so that you cannot affordably use a cheap vista virtual machine to circumvent DRM on your non-windows PC. for enterprises adopting this "security" measure, they will have to choose between vista and macOS. i currently use Qemu and Q to run a win2k machine on my macbook at work. that way i can do all those windows things on AD and still use the mac for it's intended purpose.

MS may also want to use this provision to sue people who distribute the blue pill and similar virtualization attacks to create botnets.

I would argue that it's common knowledge
that Firefox
doesn't have
anything like
50% of
the browser market,
with most estimates
coming in
at less than
25%.

See the pretty charts and the article.

Pretty much, EWeek found that the OSS stacks run best on Windows. Now, is this because EWeek ran everything without tuning? Possibly. But then again, so do most folks, so the results are pretty valid.

I bet that someone at MS was reading that, too.

jh

See the pretty charts and the article.

Pretty much, EWeek found that the OSS stacks run best on Windows. Now, is this because EWeek ran everything without tuning? Possibly. But then again, so do most folks, so the results are pretty valid.

I bet that someone at MS was reading that, too.

jh

Google is "in bed" with the CIA, according to former undercover agent Robert David Steele. http://oraclewatch.eweek.com/blogs/google_watch/ar chive/2006/10/30/14260.aspx

When you combine this with the widely corroborated reports of Google resetting view counts on various "controversial" videos, in particular regarding 9/11 and false flag terrorism (such as "Terrorstorm"), the move to acquire Youtube becomes obvious; more information control.

Your friend, Tinfoil-Hat Moonbat.

http://www.securityfocus.com/brief/161
http://www.eweek.com/article2/0,4149,1530875,00.as p
http://news.zdnet.co.uk/software/0,1000000121,3911 7586,00.htm

Thank God we still have the Easter Bunny.

And a good thing too, since who else would maintain the Linux kernel?

Did you visit both articles? If so, you would have noticed that the IntelliAdmin.com article sources an eWeek article written by Matt Hines. eWeek's Matt Hines, in case you missed it, said "Microsoft representatives didn't immediately respond to calls seeking comment on Authentium's move." in the earlier of their two articles.

So, yes, involving a second website in order to get an anti-Microsoft quote is indeed a biased summary.

Did you visit both articles? If so, you would have noticed that the IntelliAdmin.com article sources an eWeek article written by Matt Hines. eWeek's Matt Hines, in case you missed it, said "Microsoft representatives didn't immediately respond to calls seeking comment on Authentium's move." in the earlier of their two articles.

So, yes, involving a second website in order to get an anti-Microsoft quote is indeed a biased summary.

Did you visit both articles? If so, you would have noticed that the IntelliAdmin.com article sources an eWeek article written by Matt Hines. eWeek's Matt Hines, in case you missed it, said "Microsoft representatives didn't immediately respond to calls seeking comment on Authentium's move." in the earlier of their two articles.

So, yes, involving a second website in order to get an anti-Microsoft quote is indeed a biased summary.

Did you visit both articles? If so, you would have noticed that the IntelliAdmin.com article sources an eWeek article written by Matt Hines. eWeek's Matt Hines, in case you missed it, said "Microsoft representatives didn't immediately respond to calls seeking comment on Authentium's move." in the earlier of their two articles.

So, yes, involving a second website in order to get an anti-Microsoft quote is indeed a biased summary.

Don't get me wrong, I think PatchGuard probably has more holes than a slice of Swiss cheese... but the submitter's text needs redacting, and the original article could do with an -actual- statement from Microsoft.

Perhaps this link was added to the slashdot summary after you posted your comment for all I know, but the slashdot summary that I read had two links, and I found that statement quite clearly after following the first link. About the 13th paragraph down in that article states, complete with the additional link that I've included here:

Microsoft immediately responded with a angry attack stating that that the hack harmed windows users by reducing the security of Windows.

So no points for grammar in that sentance (which I copied verbatim), but it seems to explain quite clearly what the Microsoft criticism is. That second linked article begins with the paragraph:

Microsoft officials say they are unhappy that security software maker Authentium has decided to bypass the controversial PatchGuard kernel protection feature in its next-generation Vista operating system, and said that the tactic could lead to eventual problems for users of the company's software.

...and goes on for quite a while. Is this the statement you meant?

You might want to read some more before you make a blanket generalization like this.

This earlier Slashdot thread also has lots of accurate commentary and links as well. I suggest reading those also.

In short, the CDDL is great, as long as you don't want to:
a.) Incorporate it with anything covered by the GPL or the LGPL (so most of Linux is out),
b.) Distribute it to the public
c.) Sell anything built with CDDL code commercially

Doesn't sound very useful to me (and several thousand other developers who agree with me), and in fact, with OSI's discussions of changes to the model, they may end up deprecating the CDDL anyway.

The OSI has explicitly stated that one of its new policy goals "will be to promote unrestricted reusability of code." The CDDL is incompatible with that strategy. (More on that over here).

Let us also mention for exposition that Kaspersky Labs already noted that there didn't seem to be any problem with writing a virus checker/firewall for Vista.

Symantec and McAfee are trying to save themselves dev time by whinging that their job spec has changed somewhat now that MS are being held accountable for the flaws inherent in XP and earlier. Sorry guys - just like everyone else, you might actually have to do some work on your software rather than just bloat it out every year with new virus signatures.

First they announce support for XPF an Adobe killer then this ... really why are they doing all these or is it that Web 2.0 is changing the computing culture? Me thinks that they have realized that to have an edge on Googazon they have to move to the service market but then get kick backs from their platform software.

The combover is ALIVE i tell you, ALIVE! Hooray for Patrick Jordan!

I'm sorry, but when i saw the following in the little slide show linked to in the summary:

This is an example of the welcome message from a live botnet IRC session. This is what a victim machine would see -- lots of cryptic data (potentially code), an IRC connect message

i'm seriously starting to doubt the guy that set up the slide show. Maybe it's cryptic to him, but to anyone that has actually taken a look at how irc works it's plainly obvious that these are simply the server reporting what it can and cannot support in terms of modes for channels and nicks.

I can't believe I missed this story!

  Anyhow, I hate to quote another site, but I had read this really good article from eweek about tech resumes. It was awesome. It was such a good article, I could have sworn it was covered here. 10 Ways to Tweak your Tech Resume.

  So here's the short version of my story. I liked my job as an admin at an ISP in NY. We decided to sell our house and move down south to SC. I knew getting a job wasn't going to be a huge problem, but my resume needed help. All my friends were harrassing me about it, in fact. (That and the fact I was going to be moving 800 miles away).

  I saw this article and read through it thoroughly. My resume was looking rather dated. So I threw the entire thing out and started from scratch. I didn't use a template, picked fonts I thought were appealing, and it was bascially me in writing in less than 2 pages. I took about 20 skills I had (actually "clumped" them together) and made a quick chart of what I was good at (and not so good at). And this information was very objective, as if someone other than myself was writing it. It was more like a report card.

So first I had my profile, who I was and what I was trying to accomplish. Next was my skills matrix. Follwed by my experience and job history. Then a brief description of training, certificates and school (as well as accomplishments). That was it. I quickly got a good job and started three days after I moved here. Of course, I went ballistic posting my resume on all the job sites. Needless to say I got a ton of hits, mostly from recruiters. I still get them today.

Driving a 27' truck with a car carrier behind it 800 miles... well that was another story. Let's just say I have a new respect for professional truck drivers.

http://www.eweek.com/print_article2/0,1217,a=19121 0,00.asp

I believe this is competitive fallout. Google Eclipses Rivals With YouTube What Effect has the purchase had on Yahoo? Is Yahoo in Pain?

http://www.eweek.com/article2/0,1895,1908834,00.as p

It was just over five years ago that then Network Associates CEO Bill Larson, President Peter Watkins and chief financial officer Prabhat Goyal announced their resignations from the company on the same day that NAI announced a fourth quarter revenue shortfall of $120 million and a new revenue recognition policy for sales through its distributors.

It sucks, at the time the stock went from around 60 to about 10 overnight. I feel pretty bad for my former co-workers and Im glad I got out when I did. There are alot of really smart people working there that deserve better.

"[Take open source.] Open source is not a new technology area. It was a new business model", SB

First RFC April 1969 for the ARPANET. The Open Source Initiative originated in Feb 1998.

"In the last three or four years, we have competed very well by extending our value", SB

"Microsoft has proposed a licencing agreement blatantly tailored to exclude free software from accessing it.", FSF Europe

" RealNetworks .. sued .. Microsoft on antitrust charges .. Our case is based on .. failure to disclose interface information and imposing restrictions on PC makers"

"Open source never goes away as a business model or competitor. We have learned how to compete with open source", SB

"Microsoft is claiming some form of IP rights over .. a total of 130 protocols which Microsoft is offering for license .. Many of the listed protocols are [IETF] RFC to the core TCP/IP v4 and TCP/IP v6 protocol specifications"

"competing with open source will have to be something that's burned bright on the foreheads of our senior people", SB

"OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects' entry into the market."

"In the case of open source, we couldn't adopt the business model. We adopted a competitive approach that so far has worked very well", SB

Under NO circumstances lose against Linux"

"Microsoft also indicated there was a lot more money out there and they would clearly rather use Baystar "like" entities to help us get signifigantly more money if we want to grow further or do acquisitions"

"Microsoft and Sun .. announced the antitrust settlement/technology pact between the two on Friday"

"Sun Microsystems (Nasdaq: SUNW) has signed a deal to license SCO Group's Unix intellectual property"

"Microsoft will license the rights to Unix technology from SCO"

"there are cases where software gets monetized through hardware", SB

Like years ago when you bought hardware and the software was included for free.

This article is as fine an example of journalism as it was when I first read it in 1995. Every so often some bean counter or techie who hasn't ventured into the real world in years likes to trumpet the arriving end of the "Win-doze" era. Many articles proclaimed it when IBM beat MS to market with Warp. Gartner trumpeted the arrival of true network computing with the "Thin Client" model and Citrix in 96. The actual result was simply an easier way to serve a Windows desktop or program. Today many people carry the banner for for JAVA and all of the promise it holds, factually .NET programing tools currently account for 60% of the developement market and java development is on the decline http://www.eweek.com/article2/0,1895,1995497,00.as p?kc=EWNAVEMNL072806EOAD. The rest of the world keeps moving forward realizing that a computer is just a another tool to accomplish the variety of tasks they need to complete eveyday and the Windows box offers the greatest range of off the shelf software, the most extensive range of development tools, and the greatest compatibility with new hardware. The greatest threat to MS is not that it's OS becomes irrelevant but rather the next idea in sharing information (perhaps cell phone \ PDA \ MP3 players). Those who continue to try to re-invent or duplicate the PC with Linux are not offering anything new but rather a retread of current technology that while not perfect, already exists. Microsoft says "Where do you want to go today?" but the world is saying "Take me where I've never been before".

Correct second link: Windows XP Service Pack 2: Install With Care

I don't believe I saw an example of one of "several of their mission critical apps".

And you won't. What those locations do, and what's wrong with them, is between them and their vendors, not for your leader in Redmond to interfere with. If they worked with XP SP1, why change? A security patch, if that's what it really is, shouldn't affect functionality. If it's not a security patch, but a functionality upgrade, then it's fraudulent to call it a security patch. If undesireable changes in configuration and functionality are pushed out by bundling them with security patches deemd essential, then that's illegal and unethical, though you'll have to ask a lawyer what that's actually called.

However, a quick check of any non-MSN search engine will bring up lots of articles about the troubles caused by XP SP2.

• Redmond, We Have a Problem Here: XP SP2
• Users Give XP SP2 Mixed Marks
• Windows XP SP2 and the Risk of a Linux Backlash
• WinXP SP2 = security placebo?
• Microsoft: DRM Trojan hole is not a vulnerability
• Programs "Seem" to Break Under Windows XP SP2, Microsoft Says

Given the problems SP2 has had with third party (and even MS' own) apps as well as falling on its face security-wise, it would appear that SP2 is more about rolling out unpopular configuration and functionality changes under the guise of "security". After most customers, politicians and even courts will simply roll over and close their eyes when the magic word, "security", is mentioned.

Like I said, get over it. And while you're at it, get out of the way. Like one of the reviewers says, "Unfortunately, Windows remains a quite dangerous system to connect to the Internet, and users are still very much on their own in terms of security solutions."

Then maybe you should be removed form Windows support and reassigned or let go. Sorry but if you have these problems "all the time" then you are doing something wrong.

Yeah, right. It's my fault Microsoft patches often cause problems. My fault and the fault of thousands of others who just don't know what they're doing, I suppose. Let's see what a google search turns up:

• August 30, 2006 - IE patch breaks Exchange 2000
• August 16, 2006 - Microsoft patch may crash IE when certain websites are viewed.
• June 16, 2006 - Microsoft patch breaks dial-up networking
• April 18, 2006 - Microsoft patch breaks HP software
• April 16, 2006 - Microsoft patch breaks web pages ON PURPOSE (EOLAS problem passed on to their users)
• April 14, 2006 - IE patch breaks Siebel client
• October 29, 2005 - Another Black Eye for Microsoft Patch Creation Process
• May 13, 2005 - Faulty Microsoft Update Rekindles Patch Quality Concerns

I could go on. That's just the tip of the iceberg. It's a known issue. Has been for years. Many of those links point to articles saying things like "Patches have caused trouble at times, on occasion prompting Microsoft to fix already released updates" and "When we are dealing with Microsoft updates, one thing we always reiterate, then reiterate some more, is to test before deploying. The guidance is always to download, test, then deploy the patches. With Microsoft, the test section of our guidance has gotten larger and larger."

That you haven't experienced problems with ANY Microsoft patches but SP2 is at best an anomoly.

Where I work we've got about 500 windows computers, give or take. Those run on a rather eclectic mix of hardware, some as old as P2s, some as new as Core 2 Duos. Servers, workstations, you name it. We run a pretty eclectic mix of software too. Off the top of my head some examples would be Matlab, HFSS, Photoshop, Office, Vegas, Visual Studio, Metrowerks, Miktek and so on. A fairly diverse Windows environment, in other words.

Wow. I'm happy for you. Your parents must be so proud.

Wanna know how many patches ever came out that broke systems? One: SP2. How many broke? 2, both personal systems loaded to the gills with spyware. We wiped them to get rid of the spyware, they took the update and worked fine. That's a pretty good track record. Comparable to Solaris (which we also run a lot of)

So, is it your policy to automatically patch production servers using AutoUpdate? You've never run a competitor's database or application stack on any of your Windows servers? All the software you mentioned is desktop software. Because if you have, you'll find service packs breaking things aplenty. I'm not talking desktop apps. I'm talking backend. I'm actually fairly comfortable setting desktops (since XP stabilized) to auto update. I would never apply a patch to a production server without full testing on test servers to make sure things like, oh, let's see...the latest SQL Server service pack doesn't cause function FOO of product BAR to stop working...because that happens...frequently.

Now let's compare that to, say, Fedora, which we also run.

I never said anything about Linux. Patch management seems to be an equal

Then maybe you should be removed form Windows support and reassigned or let go. Sorry but if you have these problems "all the time" then you are doing something wrong.

Yeah, right. It's my fault Microsoft patches often cause problems. My fault and the fault of thousands of others who just don't know what they're doing, I suppose. Let's see what a google search turns up:

• August 30, 2006 - IE patch breaks Exchange 2000
• August 16, 2006 - Microsoft patch may crash IE when certain websites are viewed.
• June 16, 2006 - Microsoft patch breaks dial-up networking
• April 18, 2006 - Microsoft patch breaks HP software
• April 16, 2006 - Microsoft patch breaks web pages ON PURPOSE (EOLAS problem passed on to their users)
• April 14, 2006 - IE patch breaks Siebel client
• October 29, 2005 - Another Black Eye for Microsoft Patch Creation Process
• May 13, 2005 - Faulty Microsoft Update Rekindles Patch Quality Concerns

I could go on. That's just the tip of the iceberg. It's a known issue. Has been for years. Many of those links point to articles saying things like "Patches have caused trouble at times, on occasion prompting Microsoft to fix already released updates" and "When we are dealing with Microsoft updates, one thing we always reiterate, then reiterate some more, is to test before deploying. The guidance is always to download, test, then deploy the patches. With Microsoft, the test section of our guidance has gotten larger and larger."

That you haven't experienced problems with ANY Microsoft patches but SP2 is at best an anomoly.

Where I work we've got about 500 windows computers, give or take. Those run on a rather eclectic mix of hardware, some as old as P2s, some as new as Core 2 Duos. Servers, workstations, you name it. We run a pretty eclectic mix of software too. Off the top of my head some examples would be Matlab, HFSS, Photoshop, Office, Vegas, Visual Studio, Metrowerks, Miktek and so on. A fairly diverse Windows environment, in other words.

Wow. I'm happy for you. Your parents must be so proud.

Wanna know how many patches ever came out that broke systems? One: SP2. How many broke? 2, both personal systems loaded to the gills with spyware. We wiped them to get rid of the spyware, they took the update and worked fine. That's a pretty good track record. Comparable to Solaris (which we also run a lot of)

So, is it your policy to automatically patch production servers using AutoUpdate? You've never run a competitor's database or application stack on any of your Windows servers? All the software you mentioned is desktop software. Because if you have, you'll find service packs breaking things aplenty. I'm not talking desktop apps. I'm talking backend. I'm actually fairly comfortable setting desktops (since XP stabilized) to auto update. I would never apply a patch to a production server without full testing on test servers to make sure things like, oh, let's see...the latest SQL Server service pack doesn't cause function FOO of product BAR to stop working...because that happens...frequently.

Now let's compare that to, say, Fedora, which we also run.

I never said anything about Linux. Patch management seems to be an equal

(Here what I was about to post, but you pretty much summed up my viewpoint. Before all, here is a direct link to this Symantec Internet Security Threat Report -- Volume X: September 2006 that is talked about.)

It turns out that Firefox leads the pack with 47 vulnerabilities, compared to 38 for Internet Explorer.

Totally. Pointless. Comparison.

First, as the Slashdot posting correctly points out, the window of vulnerability is much larger with IE. Microsoft is known for taking months to fix some vulns, and is taking longer and longer over the years.

Second, what about the importance of these vulns ? Was it 47 minor DoS for Firefox and 38 critical arbitrary code execution vulns for IE ?

Third, what about the methodology used to gather the vuln counts ? The report always says "Source: Symantec Corporation", with no more information. Did they count Firefox security related bugs or security advisories ? Did they count 1 Microsoft patch fixing N vulns as 1 or N vulns (too many studies make this mistake) ?

Fourth, what about silently fixed vulns in IE ? Microsoft is known for secretly fixing vulns that are discovered internally, and of course they never talk about them in public. Symantec certainly did not count these.

There are just too many reasons making virtually all studies comparing the number of security patches between 2 products useless. This one is no exception.

The FAA has already banned bulk shipments of non-rechargeable lithium batteries by air on passenger-carrying aircraft. "RSPA and FAA, working with fire-safety experts at the FAA's Technical Center in Atlantic City, NJ, found that if a shipment of non-rechargeable lithium batteries caught fire in flight, current aircraft cargo fire-suppression systems would not be able to extinguish the fire. A single non-rechargeable lithium battery on fire within a cargo shipment would likely cause all surrounding batteries to catch fire and burn until the entire shipment is consumed."

Lithium-ion rechargeables are apparently less hazardous - they don't start a fire strong enough to ignite adjacent batteries. (Note that in Cox's laptop, one battery blew up, but the others did not ignite.)

For now, the FAA has decided not to ban laptops. They don't see such small fires as a serious threat to the aircraft. However, they're worried about future fuel cell powered devices.

Is anybody reading slashdot truly stupid enough to believe that if Firefox had an 80% market share it wouldn't be just as readily targetted and exploited? It is really easy to wagon jump, and thats fine based on performance and features, especially if a feature is security. But rest assured that magic guaranteed security is itself a feature of low adoption, and an illusion. Firefox is definitely getting popular, it doesn't even hang or die much anymore. Keep in mind that it only takes 1 exploit to destroy a user's machine and either destroy or steal their data. Would you rather have a gun to your head with 1 bullet in it, or with 15? Can you answer that seriously?

Firefox, god's answer to the internet, shoots lightning bolts outta its arse. Safe beyond safe, if you're a sucker.

2005
http://blogs.zdnet.com/Ou/index.php?p=103

2006
http://www.informationweek.com/news/showArticle.jh tml?articleID=179101966
http://sunbeltblog.blogspot.com/2006/04/pssstyou-w anna-see-firefox-exploit-in.html
http://www.eweek.com/article2/0,1759,1814056,00.as p
http://www.xatrix.org/article.php?s=4447
http://www.techworld.com/security/news/index.cfm?n ewsID=6554&pagtype=all
http://hackcraft.wordpress.com/2006/08/02/firefox- exploit-exposed-by-hackers/

> and supports every chunk of hardware sitting out there on boxes that old.

Actually, I wouldn't bet on that, a lot of the remaining Win98 boxes are doing fairly esoteric things controlling devices that are light years away from mainstream, the reason they stay on Win98 is because it's the only box that does support the devices they are using, take a look at:

http://www.eweek.com/article2/0,1759,2017830,00.as p?kc=EWRSS03129TX1K0000610

For some discussion on just this issue.

This is NOT a charity and it is NOT philanthropic. This is a for-profit entity, no matter what they say or how they try and spin it. I have founded and run non-profit entities, and guess what - it is hard, even when you have money. Oversight, restrictions, tax headaches, reporting, etc. You have to actually do things that really help the public and not the owners. When you are a for profit you can do whatever you want. Anyone with half a head on their shoulders should be jumping up and argument-slapping the next person who takes the line that this is a charity. This is a PR stunt on steroids if I ever saw it.

Oh yeah, remember that the public chares of Google have restricted voting rights. If even if you are a shareholder, tough shit. see http://www.eweek.com/article2/0,1895,1960985,00.as p

This story completely insane: I guess when you control all the world's information you can simply state two completely contradictory things and the whole world just laps it up like children.

In recent years, AOL Instant Messenger and MSN have had widespread outages. Have no fear, people will not stop screwing things up any time soon.

Any ERP worth its salt has a Unix port and Linux is easy to port from Unix, so this shouldn't be a problem. Since 2000, most ERPs have moved towards web based solutions, so this should be even less of a problem on the client side. WINE is just a wrong-headed approach. It's nothing more than a stop-gap for a reverse engineered moving target that changes at Microsoft's whims and for Microsoft's convenience. Win32 is also becoming less and less relevant in the MS world as .NET starts exerting its influence. I'd have a hard time justifying Linux for enterprise-wide deployment if I had to rely on WINE as an argument. If your ERP is deep in bed with Microsoft and you don't plan on changing, there it's likely that your vendor is also deeply int .NET. If that's the case, then its your job to petition that your vendor to fully support Mono 1.x or Mono 2.x on a non-Microsoft platform. It's not perfect, but it will buy you freedom and security. If they don't do that, then I strongly suggest on finding a vendor that isn't so shortsighed and ignores its customers and migrate towards that vendor. Ultimately, you'd be better off.

> often NONE of them support Linux.

Really. How about the following list: IBM, SAP, Oracle Corp. PeopleSoft ERP , and Lotus?
(see http://www.eweek.com/article2/0,1895,1730276,00.as p , http://searchdomino.techtarget.com/originalContent /0,289142,sid4_gci817266,00.html )

One of the many M$ troll accounts that cloud around here challenged me to produce references to M$'s infamous Windoze source code national security claim swiftly followed by sale of said code to China and Russia. Of course, I'd love to trot that whole mess out again. Non free software exists on trust alone and M$'s performance there really shows what contempt they have for the US Government and their customers.The memory hole has not yet extinguished the information presented by eweek and Microsoft themselves. You can read it all yourself.

From eWeek, 2002:

"A senior Microsoft Corp. [Jim Allchin's] executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."

If you need to, you can always reference the anti-trust evidence, which is still published and available. The quotes in the article are more than enough for me.

A quick Google Search digs up all the articles here and a parade of Wintel rags falling over themselves to toe the party line. ZDNet echos Alchin again in 2004, a year after they had already sold out! Something called Neowin joins the chorus of woe that someone might look at the source code to W2k or NT4 and see how crappy it is. All as if any real hacker needed it.

The very next year, 2003, M$ announced sale to the highest bidding governments as noted above. Included was China and other friendly countries. But you know, Bill Gates it's just business buddies being chummy. Microsoft would never place the interests of Communist dictators over the rights and well being of their fellow citizens, would they?

The double talk going on at M$ was glaring and all of was bullshit. Access to the OpenBSD source code has not made OpenBSD less secure, it's made it better. The whole episode represented more perjury and a three year FUD attack on free software than it did treason, but you have to wonder what they really believe. Looking back, it's a low point in US corporate history that will only be made worse when they unravel like Enron did. The biggest lie of all is that the Microsoft Monopoly is based on anything more than mass delusion.

I ask you once again, do you trust Microsoft to do as they say? With your business? Code so crappy, it can't be shared but is shared with your worst enemies. If you do, you probably will tell me that Windows XP is easy to install, has good uptimes and other nonsense like that. I'm not sure anyone really believes anything other than Windoze is "good enough because I'm using it for one or two specific tasks." No, that's not good enough and Vista's imminent flop is a good chance to move on to something better. The market is filled with better contenders and M$ will not be missed.

http://www.eweek.com/article2/0,1759,1894760,00.as p?kc=EWRSS03119TX1K0000594 It's been up for a while now (I live in Tempe), but it's not free....

Apparently, the MS security department is just big enough for members to create headlines when they leave. Far from "not having a security department", it seems MS had several people around, but I surely can't figure out the hierarchy! What's the relationship between a Senior Security Strategist, someone doing a Security Sign-Off, Microsoft Chief Security Officer, and the Vice President in charge of the Security Business Unit?

In reverse chronological order, here we go:

We are currently discussing this one:
"Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy, eWEEK has learned."
http://www.eweek.com/article2/0,1895,2012804,00.as p

Then there was:
"Amid the major shake-ups in management at Microsoft, one of the company's more notable security guru's, Jesper Johansson, announced that he is leaving the company to work for the online retailer giant Amazon.com. Johansson said that as of September 5 he will become the Prinicipal Security Program Manager at Amazon. During his time at Microsoft Johansson served as a Senior Security Strategist in the company's security technology unit. Johansson also co-authored a book, "Protect Your Windows Network," with Steve Riley who also works in Microsoft's security technology unit. "
http://www.windowsitpro.com/Article/ArticleID/9303 9/93039.html

"Gordon Mangione, a 14-year Microsoft veteran who was most recently corporate vice president in the company's Security Products Group, has left the company. Reached at home, Mangione confirmed that his last day was a week ago Friday. "I'm taking some time off, looking to get into a startup. There's no rush. I'm going to parent-teacher meetings," he noted. Mangione, who had been vice president of SQL Server, moved into the high-profile security group in April 2004. There he assumed leadership of security products while Rich Kaplan led marketing. Both reported to Mike Nash, the corporate vice president in charge of the overall Security Business Unit."
http://bink.nu/Article5408.bink

At least as of 2003, this guy was also involved:
"The single largest message is: keep your system up to date with patches," Microsoft Chief Security Officer Scott Charney said.
http://www.cnn.com/2003/TECH/biztech/02/01/microso ft.security.reut/index.html

----------------------

The Preview Word for this post is "distort".

I doubt Project Gutenberg will have run out of pre-1923 books by the time that new stuff starts coming out of Copyright under the new rules.

Are you insinuating that the 115th Congress won't try to enact a Chastity Bono Copyright Term Extension Act? Given Mexico's life plus 100 copyright term, the next step of "harmonization" for the United States and its trading partners is life plus 100 or, in the case of works made for hire, 125 years after publication.

Just assuming that somehow they did manage to digitize everything that was out of copyright, then I think what they should do is start archiving everything that they can.

Who's to say that publishers won't fight back against Gutenberg the way (ObTopic) they did against Google? It's only fair use if you can pay a judge to tell you that it is and if you can pay your lawyer to tell the judge to tell you that it is.

StopBadware has standards that are tougher than the usual "it's OK if the EULA says it is". That's been the problem with TrustE's Trusted Download Program, which is a whitelist for supposedly "good" badware. Then there was the Microsoft/Claria debacle.

Unfortunately, StopBadware thus far has a very short list of "badware". They need to be listing perhaps a few hundred items. So start sending in those reports. They need technical info on "badware".

What StopBadware has is legal support. They're backed by the law schools of Harvard University and Oxford University, and by Consumer's Union. They're not likely to cave just because some company sends they a threatening letter. In fact, for a company to sue StopBadware when they have a weak case could be disasterous for the company. It would open the company to discovery to determine exactly what their "badware" did, with executives and programmers forced to testify under oath.

*cough* Blue Pill *cough*

I thought Apple abandoned IBM because IBM couldn't get reliable yields to meet Apple's requirements and bring costs down, not because x86 was better. Intel has always been better at fabbing silicon than designing it.

I should probably stick this in another thread, but the whole 'Macs are invulnerable' thing is just silly. What about this - http://www.eweek.com/article2/0%2C1895%2C2005537%2 C00.asp

Many people above are suggesting Citrix, Altris, etc... but what nobody seems to have mentioned is that there are several companies already doing this (Clearcube for one), and that VMware are partnering with IBM, Citrix, Altiris, and many more, to push their recently launched Virtual Desktop Initiative (VDI).

VDI does pretty much exactly what E1ven is asking for, however instead of downloading a complete image to your computer every day, the virtual machine runs on a central server, with thin clients at the desktop connecting to it through a remote session.

If you want to know how big this is going to be, just have a look at some of the names working with VMware on this:
http://www.vmware.com/partners/alliances/solutions /

I first heard of this about 6 months ago, when I heard that IBM were working with VMware & Citrix to provide a solution they called VHCI (Virtualized Hosted Client Infrastructure). IBM have shown it's possible to run up to 12 virtual machines on a single blade server. Hot swop and automatic failover is possible too, with no downtime for the user. IBM's blade hardware actively looks to warn of failures before they occur, and they've integrated this with VMware's management software, allowing live client sessions to be automatically moved off failing hardware.

We've got around 100 clients at our firm and we're very interested in this idea. We looked at Citrix but it just wasn't viable. We've a huge variety of software in use, much of which is updated 3-4 times a year, and configuring that on a bank of Citrix servers would be a management nightmare. The VMware approach lets us keep our current network management and software deployment tools, provides a simple migration route, and offers all the benefits of thin client computing without needing to retrain all our staff.

Right now virtual desktops are just a little too expensive (about £500 per desktop instead of £300 for a new Dell), but all the signs are that in the next 6-12 months it'll become a viable option for us.

Some background info for anyone interested:

Eweek article on IBM's VHCI
http://www.eweek.com/article2/0,1895,1873113,00.as p

IBM Press Release: October 2005
http://www-03.ibm.com/press/us/en/pressrelease/793 5.wss

VMware's VDI Page
http://www.vmware.com/solutions/desktop/vdi.html

VMware's VDI discussion forum:
http://www.vmware.com/community/forum.jspa?forumID =276

For all of its faults, I do not think that there is harm in renewing ICANN's contract. I do not know if they should be renewing it for 5 years, though, as that is an eternity in Internet time.

Those who complain about ICANN cite generally now-resolved issues that have arisen but fail to demonstrate how another agency would have prevented them from becoming problems. On the flipside of the argument, eWeek has a detailed op-ed piece of ICANN's issues.

Of course admins who are diligent will keep the systems patched. Not sure why we need DHS to stick their collective noses into it, and considering the fact that they have a bad habit of flunking IT security audits, maybe they should spend more time worrying about their own security.

http://www.eweek.com/article2/0,1895,1938866,00.as p