Slashdot Mirror
Microsoft, zlib, and Security Flaws
nakhla writes: "News.com is reporting that Microsoft's use of code from the open-source zlib library has led to possible security problems. The flaws in zlib were reported recently, and apply to several key Microsoft technologies, such as DirectX, Front Page, Install Shield, Office, and Internet Explorer. The article also mentions how this is not Microsoft's first use of open-source code in its software, but does point out that since zlib is not GPL'd they are under no obligation to release the source code to any of their products."
Any bets on how long before Microsoft issues a press release noting that this is yet another risk of using evil open source and open standards?
I do not deploy Linux. Ever.
I wonder if anyone is keeping a running tally since the security initiative started???
Here is another bug with the MicroSoft SQL server. They've got overflows in their stored procedures. No fix, but you can delete the files if you can live without them....
I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
Of course, having everything derive code from the same source is a risk; isn't this part of the reason the ping of death was so much of an issue?
You'd be right :), starting with Win2k, and in WinXP, they're using basically Unix TCP/IP sockets. Must admit that it does work much better than Win9x for network connectivity.
...if the government hadn't worked so hard to limit Microsoft's ability to innovate.
Quite a few people can, at universities and other sites. They just need to sign NDAs, that's all. Also, given that they take several hundred interns per year, and they aren't all fanatical Gates fans, there's a fair bit of opportunity for internal leaks as well.
Only the dead have seen the end of war.
InstallShield is written and published by a company named InstallShield, and has been for many years. It is not a "Microsoft technology", but rather a technology that has support for creating software installation routines for Windows, amongst other OSes.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Here's what I want to know: the zlib maintainers know that their code is heavily used in open source product, and they can easily use ldd on a typical Linux or *BSD install to find out exactly which programs use zlib. So they know who to contact about vulnerabilities. However, if Microsoft just takes open source code and incorporates it into their products, how will the zlib folks know to contact them prior to public disclosure? It surely can't be the responsibility of the zlib team to grep through every single closed-source binary out there in order to make sure that it didn't use zlib.
It seems like if there isn't a mailing list for every single library's security issues, then closed source vendors will become second-class citizens when it comes to getting forewarning about a big security announcement like this. This seems like what has happened to Microsoft in this case; otherwise they would have had a raft of fixes available when the original story was released, right?
The other alternative is the vendor early warning list idea that Microsoft has been pushing, but the problem with that is: the more people on the list (and you'd have to have hundreds of vendors in the case of a base library like zlib, I'd think), the more likely that one of them will leak the story to the black hats, so that the delay while vendors prepare patches becomes a liability for the unpatched public. That doesn't seem like a good scenario to me either.
Your right to not believe: Americans United for Separation of Church and
Comment removed based on user account deletion
Of course, having everything derive code from the same source is a risk
Depends on how you look at it. If there were N completely independent TCP/IP implementations out there, wouldn't there be N times as many bugs (each one affecting 1/N as many systems, on average). Homogeneity means only one codebase to debug and fix. But of course when a bug is found, it affects everyone.
Naive question probably, but if zlib isn't GPL then does Debian use a different library and if so, is it affected by this issue?
is if when they released the patch for the security flaw they made the patch GPL... just imagine Microsoft having to recode all that stuff for themselves :)
' Ore stabit fortis a fine placet ore stat '
- found on a park bench
"The zlib library has been a fundamental open-source software component for almost a decade and can be found in almost every Linux and Unix system. That means the so-called "double free" flaw in the library may leave a hefty portion of Linux and Unix systems open to attack. Because it adopted some of the code, Microsoft apparently has made itself vulnerable to the flaw as well. "
Disclaimer: I am not a security weenie, so I don't know this for fact......*deep breath*....
If this is true, why is it only news for MS? It appears that Linux and Unix is also vulnerable. So why only set up the article as MS related?
*bash MS* bash bash bash....it's popular right?
Sent from your iPad.
Argh! Bad statistics alert!
"vulnerabilities found in Windows and all Linux flavors combined are almost the same"
So if I am running RedHat, Mandrake, SUSE, and Debian simultaneously, I have the same number of flaws as a single run of Win2k?
They should either use the average (among linux dists) or the max (ditto), vs Win. Or sum across all current Win flavors (ME, Win2k. maybe NT) to compare against all linux flavors (summed).
Argh!
A.
That's OK in principle, but how can anyone who looks at a piece of code know whether it really was written by MS or was GPLed with the serial number (erm, copyright notice) filed off? MS removed the copyright notice of zlib, according to the article, so it's not beyond them to do that with a piece of GPLed code. Not that I'd ever suggest that they'd do such a thing, but it's obviously very hard to check for plagarism (unless MS put all their code through turnitin!).
And Windriver or whoever controlled BSDI at the time made some serious cash in that deal. They got paid to make the tcp/ip stack work well in 2000/XP and they've done a good job of it.
I just wonder if Microsoft was able to taint some of the BSD coders by allowing them to view their code. I'm sure integrating something like a TCP/IP stack required access to some 2000/XP src code. Anyone know?
Can I get an eye poke?
Dog House Forum
http://www.gzip.org/zlib/apps.html
At least nine of Microsoft's major applications--including Microsoft Office, Internet Explorer, DirectX, Messenger and Front Page--appear to incorporate borrowed code from the compression library and could be vulnerable to a similar attack.
"Borrowed"? Whats the license for zlib?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
The next-generation Graphics Device Interface is part of Windows XP, meaning that the operating system itself could be at risk.
:P
the colors were just screaming security flaw already weren't they?
Yet, the incident seemingly proves that Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products.
And now they are forced to admit what we already knew, they haven't written anything original since...well...ever!
The zlib compression library doesn't use the GPL, however.
and the war between MS and GPL coninues, maybe the linux community could use Anime-based uniforms to storm microsoft and take the code back.
"The secret of success is to know something nobody else knows." -Aristotle Onassis
Microsoft is an old hand at using public domain stuff! They don't dislike it... like all companies they grew used to swallowing it up! It's even cheaper than buying QDOS was.
No, the GPL is not about giving software away, that was already happening. It was about KEEPING software GIVEN AWAY.
-pyrrho
How is reading, even verbatim copying, of BSD-licensed code risky in legal terms. The license explicitly allows incorporation into any type of software (commercial, open, or free). Microsoft could put out their own version of one of the *BSDs, with the only difference from it's base BSD being having the Windows GUI grafted on top of it and no source included.
The relevant passage in the BSD license (from http://www.freebsd.org/copyright/license.html ):
There are licenses that are the BSD license, less the advertising clause (it is the advertising clause that prevents BSD from being a free license according to the FSF), such as the MIT license. These licenses are the freest of all the licenses (short of public domain).
> have never spent time with Windows 2000.
I'm sure this is a typo. You must have meant "did time".
-pyrrho
I use Win2k on a daily basis and I hate it. But I take comfort in that my main workstation is a linux box, and the win2k box is there just because I'm porting code at the moment. But yes, I have spent much time with win2k. Much like a venereal disease, intimite knowledge of the subject doesn't make me want to bash it -less-.
The enemies of Democracy are
...that Microsoft uses free software, I invite you to take a look at this.
In Windows 2000, open a command prompt window. Type "nslookup". This will drop you into interactive mode for nslookup, which has been ported from UNIX (most likely BSD.)
Now type "help". Check out this line at the bottom of the output:
view FILE - sort an 'ls' output file and view it with pg
Uh, yeah. Oops.
Simpli - Your source for San Jose dedicated servers and colocation!
Well, I spend time with 2000, and its almost as good as kde and gnome.
And i've only got to crashes, which cause the machine to auto-reboot.
To have a really crappy product(s) then releasing something thats better doesn't mean the new thing is good, just not as crappy.
So what, exactly, has MS done thats good?
The Kruger Dunning explains most post on
Well it's easy to show that they use
code, at least. This is Cygwin / bash on NT4:
andrew@INEGO(22:18:47)
[path...]
Binary file FINGER.EXE matches
Binary file FTP.EXE matches
Binary file RCP.EXE matches
Binary file RSH.EXE matches
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
The next-generation Graphics Device Interface is part of Windows XP, meaning that the operating system itself could be at risk.
Am I right in assuming this won't effect NT4 and is a direct outcome of putting the GDI back in the kernel unlike in the true microkernel architecture like HURD?
heuristic algorithm seeks stochastic relationship
"if" M$ does use GPLed source, somewhere down the line it will come out.
Case in point. A GPLed piece of software has bug X, and strangly enough, a M$ product has the same bug.
It maybe worth the time to test major bugs in GPLed software against M$ programs if such simularities do exist.
Just a thought.
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
First off, its nice to know you'll stand up for what you think only if you have karma to burn. i.e. nothing to lose.
I won't use XP, because I don't trust it, at all. I'd like to see MS put together a nice OS thats trustworthy to me, not to the varies media orginiations, not to MS, to me.
The Kruger Dunning explains most post on
I think it would be better to take the -union- of the vulnerabilities across all Linux distributions. This would prevent duplicates being counted (if you did the operation correctly), but would give an idea for flaws that may exist in distros.
Though really, that doesn't give you a good view, because if certain flaws only exist in certain distros, then you would be free from those flaws in another distro.
And if you just took the max, that might show you that a certain distro is really bad for security, but not much about linux in general. If the max was much larger than the mean, then that would just mean you shouldn't get that distro.
Probably the best is to just compare each version of windows and each distro separately, and you can then make a decision that way.
The enemies of Democracy are
People have a stigma that there should be one solution to every single problem out that. It's like that in the 3D space. There are purists that believe that when you 3D render a scene, the image must be perfect when they go to hit the render button. They don't undrestand that it is okay to divide up your 3D work into layers and tweak each one of those seperately (i.e. color correction or sharpening). I guess they feel that the render program should be a 'perfect simulation of light' and that they shouldn't have to 'fix an image'. They fail to see that the best simulation of light we have (reality) even needs to be touched up from time to time.
I think there are anti-ms people who think that becaues IIS is insecure as a webserver, that MS themselves should die. There are people of the Linux world that wishes everybody would use Linux and forget Microsoft. They fail to realize that the adoption of Linux isn't slow because of MS, it's slow because it's not beating MS at doing what they like to do.
There's room in this world for both. If Linux becomes what Windows is in terms of usability, it will be every bit as bloated as MS. Don't believe me? Look at Redhat. Their default install wants to eat up a gig of space. Granted it comes with lots of apps, but it has its share of bloat too.
In any case, this isn't an anti-Linux/pro-Microsoft rant, this is more of a 'Be happy to have what you've got' rant. If MS disappears, what will fuel the fire to make Linux better?
It's in everybody's best interest if Microsoft does well, believe it or not.
"Derp de derp."
The problem is a buffer overflow which is a lot more serious than a crash.
// set up a buffer that's 1024 bytes // read data into buffer
I apologize in advance if I'm being a little too trivial but I'm assuming that you are 100% non-technical just incase this post appeals to someone or some people who are.
When a program needs to temporarily store an ammount of data it uses what's called a buffer. This is just a segment of memory where it can store it's data.
A buffer overflow occurs when the buffer get's filled past it's allocated regions. So in other words let's say the programmer has set up a buffer that's 1024 bytes. An overflow is when the user fills that 1024 byte buffer with more than 1024 bytes.
What happens? Well ideally the extra data wouldn't get stored in memory at all but unfortunately computers don't work that way. Instead whatever is stored in memory AFTER the 1024 bytes gets overwritten.
So let's say the programmer had the following code in his buggy program.
buffer[1024]
read data, buffer
do something
What the hacker has to do is input 1024 of garbage and then overwrite the memory with some other computer instruction. Like the instructions necessary to execute a shell.
You see when the buffer is overflown the "do something" instruction will get overwritten with whatever data the hacker puts into the buffer. If the program is running as root then when the "do something" instruction is overwritten with the instructions to execute a shell the hacker will have himself root access!
But it's even more serious than that becuase let's say the program is a web server running as nobody. Before the hacker exploits the buffer overflow he has no access. But he knows about this overflow so he overflow's it by sending apache a very long request containing the instructions to execute a shell. He has just gained "nobody" access to the system and from there he can figure out how to get root access.
The solution is for the programmer to make sure that the user is only entering in 1024 bytes of data at the most. Unfortunately many programs weren't written to do this.
I hope this explains to people why these bugs are more serious than "my system will crash".
--
Garett
MS want to bve able to change there EULA after you've bought the product, I'd love to see the zlib people GPL theres, then sue MS when they don't comply.
This would force MS eithe to pay up, or go to court and fight against the very thing they want.
The Kruger Dunning explains most post on
maybe... try 'hippoCrickey' this is the sound the happy hippo hunter from Australia makes when successful in his hippo hunt
heuristic algorithm seeks stochastic relationship
it's a double-free problem. the two are totally different.
read all about it : http://www.gzip.org/zlib/advisory-2002-03-11.txt
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
I can imagine porting code being a pain in the ass. I know MS's API is a little weird, and I can certainly understand you having issues getting down that deep into it.
Where I come from is I use Win2K for doing 3D animation. A lot of people I know doing 3D stuff are running on Win2k. We have to rely on a machine constantly rendering overnight, over weekends etc, and we cannot afford to have it crash. I've built a number of Win2k boxes in my time, and Win2k installation and setup is a breeze. I cannot say that for my experiences with installing Linux.
I've witnessed a number of Win2k machines of a huge variety of hardware (i.e. not custom made all from one provider) render for many many hours at a time and never crash. I have never lost rendering time to a Windows 2000 problem. None of my artist friends have ever complained about that.
Seems to me if a program can use so much Windows resources for so long and still behave properly, Microsoft must have done something right.
"Derp de derp."
Windows isn't for everyone. It's built from the bottom up (meaning it's targeted at the lowest common denominator user). For you, I'm sure that a trustworthy OS is one that you can pick apart and see the guts of... AND THAT'S FINE! I'm not saying that Linux is better than Windows or vice versa, I'm simply saying that some people don't care how their OS works and what dependency tree they need to check if they want to install an update for their laptop speakers. It's about ease of use versus lookig under the covers. Some of us don't care how the OS works as long as it does.
Hammer of Truth
I bet some is in there! I just bet! For god's sake, someone less lazy... um I mean less busy, than me, find GPLed code in Microsoft. I want RMS to make us all call XP GNU/XP.
-pyrrho
From the advisory
I know most people here know this, but for some reason this bug has gotten an almost hysterical spin in the media. This is an example of the community responding to a potential risk, before any damage is done.
All these articles that rave about millions of systems being vulnerable seem to forget the fact that nobody has been affected.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
From the ZLib page:
There is a security vulnerability in zlib 1.1.3 that can be exploited by providing a specially crafted invalid compressed data stream to zlib's decompression routines that results in zlib attempting to free the same memory twice. On many systems, freeing the same memory twice will crash the application. Such "double free" vulnerabilities can be used in denial-of-service attacks, and it is remotely possible that the vulnerability could be exploited in some application to execute arbitrary code with that application's permissions. There have been no reports of any exploitations of this problem, but the vulnerability exists nevertheless.
It would take some pretty slick work to actually get something to execute arbitary code with this particular bug, but, it's possible. So it does raise the risk level back to what you originally stated, Garett.
Davis Ray Sickmon, Jr - looking for something to read? Check out my three free novels at MidnightRyder.org
...since DOS doesn't have a command called "pg".
Simpli - Your source for San Jose dedicated servers and colocation!
"So what, exactly, has MS done thats good?"
What, you mean besides using Windows 95 to make the appeal of computers so broad that nearly everybody has one? Or maybe bringing the internet out of the geek neighborhood and out into the main stream? Or how about making an OS that can install on such a broad range of hardware that you can cheaply put together a system running Windows?
Did MS do this singlehandedly? Nope, I'm not saying that. They were instrumental in it though. Despite how much everybody hates to admit it, Windows 95 had a HUGE part in making computers as broadly supported as they are today. I remember when having a computer meant you were a nerd.
Did MS use illegal tactics? Yep. They've done shitty stuff. They've made shitty products. I'm not disputing that. But they're not entirely bad either. As a matter of fact, it's MS's shortcomings that are making people fight to make Linux as a replacement to MS.
You can hate MS all you want, more power to ya, but if you're successful in the IT industry, MS was probably instrumental in that either directly or indirectly. No Microsoft? Computers = toys for geeks.
"Derp de derp."
Recent versions of Windows use a rewritten TCP/IP stack, so even if they did use the BSD stack for Win95/NT4/etc (which they almost definitely did, based on its behaviour), they aren't using it any more.
This just points out the difference between proprietary code and open code. Those using open code incorporating this flaw have had a fix available for days (if they choose to patch and compile the source). Those using proprietary code incorporating this flaw will have to wait for the vendor to release a fix, if ever.
If that's not a good arguement against depending on proprietary code (as for running a business), try this: If the flaw was not in open code incorporated into the proprietary code, but rather existed exclusively in the proprietary code alone (yeah, right -- proprietary code with bugs! LOL :-) then we might never know the flaw existed, let alone get a fix, unless some cracker with ethics told the world when they found the flaw rather than keep the exploit to themselves.
If all this should have a reason, we would be the last to know.
Its stupid to bring up the GPL or other open source licenses or argue about whether Microsoft is stealing code. I'm glad they use zlib. I'm glad they used portions of the BSD tcp/ip stack. I'm glad they decided to support (to the best of their ability) standards like C and HTML. I'm glad I don't have to depend on Microsoft anymore. But if they hadn't used open source programs I'd have never been exposed to other options except for the likes of Novell and Sun.
The real issue is that there is now a direct comparison on a shared bug (for which no exploit exists yet, let's not forget -- it's still theoretical) in both the free and proprietary systems.
You can see the cooperation and disclosure *and* resolution on the open source side. Did Microsoft even admit to the vulnerability which they surely (one hopes) knew existed in their own systems? No. That's not the issue either.
The great benefit that comes to open source from this is that now you can observe the different security and development models in action from a purely objective point of view.
Fortunately, for Microsoft and their customers at least, this is not so serious a flaw that it will likely be exploited before they can get fixes out -- if they really want to. Even more fortunately for Microsoft, there are already enough vulnerabilities with easy and existing exploits, that the zlib vulnerabilities will probably be a non-issue. Hackers will tend to follow the path of least resistance.
Actually, it comes from VMS. VMS is so alien to the UNIX way of thinking. So, Windows is basically a hodge-podge of VMS plus some System V additions, and a pretty shell.
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
"Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products."
"Craig Mundie, senior vice president of Microsoft, said last May. '(There) is a real problem in the licensing model that many open-source software products employ: the General Public License.'"
This really makes you wonder if Microsoft's stance against the GPL is really about getting more code from the open source community to use in their own projects. If there was a public backlash against the GPL, the community may feel pressure to change to other license models, and Microsoft could get more of code for their projects written for free.
my blog
Does it matter?
If I want to use GPL code in my program without releasing, I can just
1. write a library wrapping up your GPL proggie
2. link to the library dynamically from my proggie
All I have to release is the source code of the wrapper library. Well, at least it is true in GPL V2.
It is NOT a buffer overflow. Every is happy that your karma whoring because you know what a 'buffer overflow' is but your also helping spread this FUD.
The problem in zlib is a double free. It is only, and I repeat, only theoritically possible to exploit this in the same way that it is theoritically possible to exploit any undefined behavior.
Please don't counter with a traceroute exploit being an example of a double free because it wasn't. That was an example of free a garbage random data. There is quite a difference.
At any rate, please think before you post. I cannot believe everyone is making such a fuss over this. It's funny because XP's whole TCP/IP had a remote root hole in it and less noise was made here then is being made now over something that is only theoritically possible to exploit and also not yet proven to be reproducable.
Right now, this 'security issue' is entirely theoritical.
int func(int a);
func((b += 3, b));
They're not dealing with a fairly small number of reasonably savvy users who go to read slashdot, discover that zlib has a bug and decide to go fix their systems. MS deals with millions upon millions of 'ordinary users' who run dozens of programs that have zlib linked statically (we've just been told) and who have absolutely no idea what zlib is, what their systems use it for or how to patch it (well, they can't, because it's statically linked). So it makes sense for MS to determine first which apps are affected, in what way (is DirectX ever going to run into this problem? if yes, what are the consequences? if no, or if the consequences aren't serious enough, getting millions upon millions of clueless users to download a DirectX patch ASAP isn't worth the trouble). I agree with you that they should have information handy on which of their apps link to zlib, but who's to say they don't and they're just taking this time to conduct a risk inventory (they're a big ass bureaucratic monstrosity after all)?
News and bla for computer musicians: http://lomechanik.net/
I'm curious too. Why should we believe a fish tale like that when Win2K still has an /etc/hosts file embedded into it?
A Pirate and a Puritan look the same on a balance sheet.
So your W2K box crashes 2 times a week and you haven't fixed it? Have you even tried?
My W2K server has been up 196 days and counting. I've NEVER encountered a BSOD on my XP notebook.
Perhaps you should try upgrading your drivers to MS cerftified ones.
The proper term is REACTIONARY, not radical.
Copyright was originally a short-term thing.
A Pirate and a Puritan look the same on a balance sheet.
That's the 4.4BSD license, a license that predates FreeBSD (and the other open-source BSDs). It contains the dreaded "advertising clause," which is (IMHO) rightfully viewed as non-free. That's why FreeBSD uses this license which drops the advertising clause and is almost universally viewed as a free license; the other open-source BSDs did the same thing.
Open Source was never about plagarism.
That is ALL that Microsoft is about.
They only look similar if you aren't paying attention.
A Pirate and a Puritan look the same on a balance sheet.
Can someone please explain why zdnet and news, etc. are all on a non-existent domain?
; > DiG 9.2.0rc3 > news.com.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER
I don't get it. com.com seems to be some kind of travel agency. Any ideas?
(Sorry for the offtopic question)
Microsoft's fast responces to security issues is a recent event. They do not have a history of fast responce. But they do have a history of putting out fixes that cause problems. It is common practice to delay rolling out hotfixes and service packs to allow for discovery of these bugs and subsequent fixes.
Yep. That's why CodeRed and Nimda weren't able to do much damage. Oh. Wait.
Nice statistic. Got a valid reference for it? Or is that just a bogus number to make your rant sound nice?
People often confuse Microsoft's marketing savvy with their technical ability. They are a technical company who excels at marketing. You're crowing about their marketing. This is a technical issue (information security is not a marketing issue - despite how many companies, MS included, tend to handle it).
they give away a bunch of source to a bunch of stuff (though nothing really good)
< Bash >
As opposed to the other stuff which *is* really good?
< \Bash >
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Name a better alternative. Windows 2000 is easy to deploy on a variety of harware, easy to use, and has well supported software. The gotcha is that it costs lotsa money to license. Can you honestly tell me there is a better alternative? The only alternative I have as a 3D Artist is Macintosh. And though I'd like to have one, Windows works on the hardware investment I've already made.
Linux is hard to install, requires a more knowledgable support people, and has less driver support. This is why Windows is big in the corporate world. Obviously Microsoft isn't so bad if it's doing what people are paying for it to do.
As for being a troll, a troll rarely makes a good point. Getting back to my original point, this attitude of "It sure is cool to hate Microsoft" is blinding people to alternatives that may very well work for them. Call me a troll for disagreeing with you if you like, but I'm not-anti Linux.
"Derp de derp."
I just wanted to respond and let you know I appreciate the tone of your answer. I've had a couple of people recommend SuSE, and it's on my list to try.
Again, thank you for being civil.
"Derp de derp."
I think you're right there. I can't help but wonder if the new file system they announced is intended to keep people from dual booting Linux boxes. How much ya wanna bet that Lilo doesn't work with it without some kind of patch?
The good news is that every time MS closes a freedom with people (like XP requiring registration, or a security flaw in their software), Linux has an opportunity to be more attractive.
"Derp de derp."
No amount of programming talent can make up for fundementally flawed management.
A Pirate and a Puritan look the same on a balance sheet.
I've been NT since '94. It peaked with 3.5.1 and has been downhill from there. I've spent plenty of time with NT5. It is my workday OS. I even had dellusions about improving the computing condition of my family members by subjecting them to it.
It either failed to live up to immediate requirements or failed to live up to the performance of it's DOS based predecessors in daily use.
The problem with Microsoft is that it's main focus is not technology but market domination. Technology is a far distant second (or worse) and merely a means to and end for them.
What makes Bill a better megalomaniac doesn't necesarily make for a better product.
If GNU, software development sloth encarnate, could sneak up behind Microsoft then there are some serious problems out there in Redmond.
A Pirate and a Puritan look the same on a balance sheet.
NOT crashing on a double free might be just as bad (or worse) than crashing on a double free, since it generally means somebody is accessing a free'd pointer for other reasons (prior to the second free). In *this* particular case, allowing a double free might be better than not allowing it, but in general, ANY program that does a double free probably has far more destructive bugs hiding in it.
Win95? Apple achieved better 11 years earlier.
The whole "random collection of spare parts" thing has still yet to be completely managed by Microsoft. They still screw it up often enough for Linux to be in a position to recover the situation.
Microsoft deserves NO credit for PC hardware compatibility. The hardware usability standards were pioneered by Intel and Apple and only grudgingly adopted by Microsoft.
It's the hardware vendors MANUFACTURERS that make installing new hardware on WinDOS easy.
No, Microsoft wasn't the one that make computers more than "toys for geeks". That credit goes to the developers of the Web and early web browsers. THAT is the killer app that pulls in the sixpack family.
Microsoft was late on that technology too, and had to muscle it's way into marketshare when they finally got off of their posteriors.
A Pirate and a Puritan look the same on a balance sheet.
Interesting. ISTR that the LGPL was originally for that purpose -- to allow you to link with GPL'd code without needing to GPL/LGPL your own code.
Only the dead have seen the end of war.
Incomplete solution. Some software packages include their *own*, possibly tweaked, versions of zlib, so even creating a new static library and recompiling won't work with those -- you'd need to edit the source of every package that has its own private version, as well.
So unless he's done THAT, or every maintainer of every package he uses is on the ball, he can't really be sure.
Only the dead have seen the end of war.
This is again Mundie piping up with that stupid argument, that the GPL is bad because it limits the licensees choices. Now where's my choice when i want to develop using Microsofts sourcecode (if i can get my hands on it, even some governments can't)? Well, i have to accept Microsofts conditions. With the GPL and similar licenses i have to agree to the conditions of the respective authors (which choose the GPL as a license). So where's the difference? I'm sure it's easier to satisfy the GPL than Microsoft anyway. If only someone would ask what Microsofts conditions are for using their sourcecode when Mundie goes on a rampage again, that should shut him up for good.
Meanwhile the TCP/IP stack and now the zlib (and probably some other open source software Microsoft choose to make money off) shows what all that rhetorics of Mundie really is about: They want to take without giving, and they have seen that there's some nice open source software they'd like to get their hands on if only it weren't for that pesky GPL. Apparently that there's some open source software, that's too good to ignore, even for innovative Microsoft. It's really unfair that the GPL is asking Microsoft to share with others if they want to benefit from that software.
--
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
This is a "bug" in the webpage... someone forgot to update it apparently, since the 4.4BSD license has been updated years ago. Check the addendum here:
L ic ense.Change
/usr/src/gnu or make sure he doesn't ship any of them, which for a lot of applications is not necessary anyway.
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.
The removal of the advertising clause retroactively applies to any BSD licensed sources that Berkeley has the copyright of, including 4.4BSDLite which FreeBSD is based on, and since the FreeBSD additions are covered with the FreeBSD license which is the BSD license without the advertising clause and references to the "Berkeley Regents" replaced with "FreeBSD Project", this effectively means that there is absolutely no advertising clause issue.
There are of course some non-free (in the BSD sense, I am not trolling!) sources, most of them GPL, however if one is looking to release modified FreeBSD binaries without providing the source, he can simply rm -rf
Installshield that is. MS has the "Windows Installer." Installshield is a separate entity.
uh...I was referring to the fact that microsoft is hypocritical in that they criticize open-source software constantly yet, they use it.
I'm fully aware that it's a problem that was first found on the unices!
Which is actually something to be proud of. Microsoft and all of it's money didn't (while borrowing the code) find the security problem.
How does BSD prevent this problem where Linux can not? I'm genuinely curious as I am not a BSD user.
Derek Greene
Won't giving the source code to a university be considered releasing it? It would be fairly easy for someone with access to the code at one of these universities to report if the code contains the zlib copyright.
When you install either OS, you're also installing a lot of auxillary software. Red Hat gives you a C/C++ compiler for free, while you would have to buy VC++6 from Microsoft. Red Hat includes an IRC client, which is a separate download under Windows. Red Hat gives you more text editors than you can possibly be interested in (joe, several variations of VI, Emacs and XEmacs, gEdit, NEdit, Abiword, Kate). You even have the option of installing StarOffice 5.2, free. With MS, you get Notepad, Wordpad, and EDIT (command-line). And last I heard, Notepad *still* had that 64K limit, which is simply braindead. Red Hat gives you TuxRacer, while you would have to shell out $50 for Microsoft's HALO.
Finally, the docs that ship with Red Hat are probably way more thorough (though less organized) than anything Microsoft gives you.
The point is, if you can see where the bloat is coming from, then it really isn't bloat. Most Linux distros have big installs because they provide a lot of different utilities and a lot of documentation. I'm hard pressed to figure out where the bloat in Windows comes from.
If, by "does well," you mean "continues to exist, continues to improve its software, and continues to provide incentives for competitors to improve theirs" then I fully agree. If you mean, "continues to pursue Complete World Domination(TM), continues to lock customers into proprietary formats and solutions, and continues to force customers along expensive upgrade paths," then you would be wrong. Microsoft has its place in the world, I'll agree. But that place is not the center of the world's information economy.
You want the truthiness? You can't handle the truthiness!
Where's `OS Bob' then? (-:
Seriously, most of it is attempting to make stuff work that Microsoft implemented in a broken way. And in general it succeeds rampantly. (-:
Got time? Spend some of it coding or testing
That's true, they never have written an OS from scratch. Windows 9X is DOS-plus-GUI-shell and DOS was derived from QDOS; Windows NT is DEC's MICA, broken and in fancy clothes, and 2k, XP, Longhorn etc are all derived from that. What about CE? Maybe that's why you need an expensive mega-micro-beast to run it on.
If MS truly want OS security, why not just wrap their user interface around OpenBSD? The licence allows it, provided credit is given (and that can be done in very fine print).
Got time? Spend some of it coding or testing
Mandrake, for example. That and any other package for which this was straightforward to do.
Got time? Spend some of it coding or testing
For your compiling pleasure, Mandrake 8.2 includes a tool to do just that. But you will also have to grep the entire source tree to catch self-included static copies of zlib. Just be glad that you can do this. (-:
``Hello, Microsoft Technical Support here. Can I have your money, er, support number please? ... Thanks, OK, now what seems to be the problem? ... Rebuild from source? Sir, don't you mean reboot...?''
Another fine reason to give money to Mandrake instead of Microsoft.
Got time? Spend some of it coding or testing
The security vulnerability is due to zlib trying to free the same section of memory twice. The glibc memory allocation routines aren't very smart, and will cause heap corruption if you try to do this. This heap corruption can be exploited.
The Microsoft runtime libraries have smarter memory allocation and deallocation - attempting to free the same area of memory twice does not result in heap corruption. Consequently the zlib bug isn't a security vulnerability in Windows.
Gosh, what else do they make besides a second rate search engine? That there is no security on M$ is no secret.
Their response according to the article is:
Microsoft representatives said that the software giant's security response team is investigating the zlib flaw and that some Microsoft applications use code from that compression library.
Meanwhile, in a dark Seatle back room someone is running "apt-get update" for a fix! Well, that's what I did. No problems now.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Well, that could be. I don't have any problems with my M$ software. It sits on floppies and CD's where it can be installed to use some obscure piece of hardware on a second rate computer never attached to the internet. Most of the time, however, it never causes problems.
Bad Microsoft, bad! Quit saying that free software is unusable while using it. Oh yes, good luck hunting thought that vast tree of poorly documented closed source junk you have been purchsing from other companies for the last ten years. Is this what you will build the Digital Rights Management Operating System, TM and patented use of other people's code? Slap! Crack! What a joke of a company. What shall become of all the M$ stock when the world figures out that M$ is the equivalent of an Ice Vendor in Antartica?
They wanted to be the asshole in the middle, stripping ideas and programs from others, to sell as The Sole Operating System. All the people they ruined could be hard at work fixing their codes. Now, those codes will continue to be distributed unmodified. The task is too great for a single company. Like most such ventures, in the end Microsoft can only manage to be assholes.
Friends don't help friends install M$ junk.
I suspect MS used quite a bit of GCC since version 5 of their C compiler had many of the some of the same optimization bugs as GCC. Anyone got access to the source for the old versions of MS C?
Seriously - they should come up with some small little product that it doesn't matter if they have to release the source code to. They should put some GPL'd code in there - perhaps not even try to hide it too much.
And then they should see what happens. I guess they figure not many in the GNU crowds care much for them anyway, so they won't lose "loyal customers".
However, it'd either do two things:
a) show MS that it doesn't matter cause no one dared to file a suit
b) give the GPL it's day in court and see what happens.
The only downside is that whoever decides to take this to court better be loaded. It could be a long uphill battle.
It would be interesting to see the outcome though...however with MS's legal team, perhaps it may not be a good outcome.
There is another interesting point to make here. The origional poster implys updates will be slow to trickle in to the Linux install base, while Windows Update offers a shortcut to the process. Microsoft's Windows Update service is not unique. Its not even first of its kind. Linux distributers such as Redhat and Mandrake have long offered a simular service. Debian has had such a system in place even earlier.
In short, Windows Update provides neither a panacea nor unique solution to the issue.
I'm afraid you misunderstand the license. What you suggest still involves linking your program to the GPLed code at runtime, which is expressly forbidden by the GPL.
Besides, you have to release the code of the wrapper library under the GPL, which in turn requires you to release the code of your other program under the GPL as well. The chain will continue no matter how many "wrappers" you write.
The double free bug in zlib doesn't affect MS systems since the msvcrt lib isn't affected by a free of a NULL pointer. This article on CNet shows the need for pageviews.
Never underestimate the relief of true separation of Religion and State.
Reading up on the zlib licence, which is short and easy to understand, I find this clause:
The way I read this, if software uses zlib code, then the authors of their software must not claim to have written the code. Microsoft are not obliged to acknowledge the zlib authors anywhere, but if they make a copyright statement saying that the code was written by Microsoft, then surely they are claiming that they wrote the zlib code in their product, and are therefor breaking this clause?Does anyone know if Microsofts' copyright statements comply?
I am probably too late for this point to be discussed.
So what is the beef with the GPL?
They only like copyright to work in their favour..
If something like that were to happen, I'd imagine that the GPL would probably be killed in court by high powered lawyers from all the major software companies (not just MS.)
The only way you could "kill" the GPL would be to void copyright protection on software. Effectivly every piece of proprietary software would immediatly enter the public domain.
"This software" in the clause you've cited probably refers to the zlib library, not to the complete product it is used in (otherwise the "use this software in a product" wouldn't make any sense). Since Microsoft is not distributing a standalone zlib library, there isn't anything to misrepresent. I'm pretty sure they left the original copyright notice in the library's code.
BTW, I've been told that on the Windows XP installation CD, you'll find a file which contains copyright ackknowledgements for much of the software that they're using in Windows (e.g. the BSD license requires reproduction of the copyright notice "in the documentation and/or other materials provided with the distribution" when distributing binaries, so you'll find the BSD license in that file). I don't have Windows XP, so I can't tell you the file name. On the Windows 2000 CD or in the installed system I haven't found the file, but I guess they put it somewhere (anything else would be pretty dumb, given how simple it is to comply with the licenses we're talking about here).
Sig (appended to the end of comments I post, 54 chars)
Moments before I made the post I was reading about gzip's current buffer overflow in which you can pass a path on the command line that's more than 1020 characters and you will cause the overflow.
:O)
I confused this with zlib's problem and hence my claiming that zlib had an overflow.
I was wrong and I realized this a few minutes after posting. D'OH!
Anyway I still hope that my post helped someone to understand what buffer overflow's are about, even if it doesn't apply to zlib at present
--
Garett
Yawn. It's an old story. "If you bash Microsoft, you're jealous."
I bash Microsoft because that would desperately love to make open source software illegal.
Despite all their claims, open source software is a viable commercial alternative. I'm proof of that. I've used open source software for my clients, and written new software for organizations that are largely using open source.
Microsoft wants to force people to buy software from a large company. They don't want people to realize that software can be produced by a single coder in a reasonable ammount of time.
They lie to accomplish this goal. Microsoft's history has been one long lie. They lied in court, they faked evidence, they lie about open source, etc, etc. Then they have the gall to use open source software after saying it'll destroy the economy.
I want to know why they can get away with this shit. It seems to be just because they're rich. If anyone else lied to a judge like that they'd be spending a month or two in jail for contempt, at a minimum.
No, I don't dislike Bill because he's rich. I dislike Bill because he's doing his upmost to make sure that I'll never be rich, by destroying the business oportunities of anyone who isn't Microsoft.
How much does MS pay you to astro-turf for them?
rpm-rebuilder
Got time? Spend some of it coding or testing
There are more than 10x as many OSS projects with more than 100k installations in the field than there are M$ products in the same boat. There are more than 100 distinct OSS products (not counting libraries and such, but including games) installed on this Mandrake Linux box which see use at least once a week, and it's doing nothing special. How many copies of Mandrake Linux are there in the field? Now add in packages unique to RedHat, SuSE, Debian...
Got time? Spend some of it coding or testing
You know, your cut and paste arguments would be better if you tailored them to the people you were arguing with. I didn't talk about capitalism or communism. Where do you come up with it?
I make money, in a capitalist system, by programming.
I just don't want Microsoft getting that declared to be illegal just because I work with open source software.
Let's use this capitalist thing that you keep going on about. How is Bill buying laws against open source (which he's trying to do, having Mundy say it destroys economies) a capitalist act? Shouldn't MS be competing? Releasing a better product?
There are many do-it-yourself markets in the world. Nobody bitches on Slashdot that handy homeowners are putting plumbers out of business by unclogging their own toilets and fixing their own broken pipes.
That's because people have had time to realize that this isn't bad in any way. Money saved on plumbers gets spent elsewhere, to raise the standard of living. Plumbers can find another line of work, or get good enough to compete in a smaller field.
You're the one proposing a corporate welfare state. Let's pass laws making it illegal for people to do their own programming, just to keep Microsoft making their money.
And then with the 401k plans. Wah! If you invest in a volatile market you expect risk. I don't see anybody crying over my retirement fund, so why should I go out of business over theirs?
Truly, the open source programmers and I are arguing for the only true capitalist point of view here. If a big company can't compete with us, let them go the way of the dinosaur.
Don't forget, I'm perfectly willing to compete. If Microsoft can fill the niche I do, without simply making it illegal for me to do it, then I will move on to another job. Either I'll find a new niche, or a new career. Unlike the world's richest man, I don't expect everyone to take care of me.
Why do we have this idea that capitalism excuses all actions? A capitalism should say "Welcome to our market", and then try to make sure that their products are better and cheaper. Microsoft has continually used illegal product linking and direct sabotage to destroy the markets of their competitors. ("DOS ain't done till Lotus don't run.")
You're stuck in assuming that because Microsoft is a large part of the software world now, that it must always be so.
Not only were standards developed before MS was around, but most of the important standards we use today still predate MS. MS in fact has a habit for trying to stifle the development of standards.
As for the development of large software - consider the BSD system, and the Linux system. Both contain large parts (kernels, filesystems) which took a lot of development and didn't provide functionality until done. Then there's Gnome, KDE, PERL, PYTHON, RUBY, and so on. The free software world has created huge projects, on its own, with no direct profit motive. KDE provides a ton more functionality than early MS desktops. (IMHO it's between 95 and 2k, with less OLE, but much better usability.) Either way, it's an example of a project that took probably millions of dollars of time, were it billed, to create and yet was written by hobbyists, for free. And they all realized that to do their favorite part (the itch) they had to help get the rest working, so they cooperated to write the less-fun bits.
GNOME may be hard to install by hand, but there are RPMs (free software created with a profit motive) and DEBs and likely other smaller package systems.
Free software is raising the bar on paid software. Much the way that home repairs with help from Home Depot are raising the bar on professional carpenters and plumbers. Why don't you feel that this is a trajedy? Are there going to be no standards for nail or lumber size, just because most of the work is done by individuals?
I think that individuals benefit the most from standards... They're the ones who would take a large hit from having to code up a ton of file-translation code. Or, in a home-repair metaphor, have all lumber custom-cut to their specified sizes. Experience bears this out. Microsoft is the creator of weird new formats. Free software tends to use either standard formats, documents it, or at least provides the source code for reading it.
I highly doubt my salary will get cut in half. I'm already in what you for some reason call the service industry (most of my work is writing new custom programs, not providing troubleshooting or help). Really, it's the same thing I did while employed to work on a large software project, except that I work much more closely with the end users. (You don't understand the power of custom software until a user asks for a feature on Monday and you can demo it on Wednesday and merge it into stable code by the end of the week. They love this.)
RMS doesn't say all software MUST be free. He says he believes it should, but he's also said he's not willing to force people. The choice to use GPLed software (and thus release their own) is theirs to make.
Microsoft on the other hand appears to be trying to force people to not use free software. Normally a company doesn't speak out against their competitors, essentially calling them communists and hinting that they destroy the economy by reducing tax, etc, etc. It appears they're lobbying for legal protection. Only time will tell though.
And as for MS being more than Bill Gates... Who cares? Even though he's not the CEO anymore he still appears to be the driving force. A lot of people might have tied their money to him, but that doesn't change how you should see his actions. It's basically him saying he wants more money and control and he's continuing his policy of crushing others (through illegal or quasi-legal means) to get it. It's been a long time since MS has just released a competing product and let the market choose. You may see him as a model capitalist. Whatever. I see him as a threat to the livelihoods of everyone, including myself.
It's just a real chuckle how you think that MS promotes standards. Haven't you paid any attention to how MS perverts existing standards, ignores them to make their own formats, and tries to disrupt anyone who uses their standards? (SAMBA, File converters from MS-Word, etc.)
Once again, you're saying things that make me think you must either be getting paid, or perhaps are trying to defend MS because you've got stock and don't want the price to drop.
It's funny that you complain about the number of projects on Freshmeat. That's not where you're supposed to go to find a finished project. It hosts development projects. Some of them are finished, but the majority, not suprisingly, are under development. It's like blaming GeoCities for the bad web pages they host.
.1% of customers who want it.
Yes, and who do you suppose will fund this if all software is free software?
I presume the same people as now. The developers. Interested users.
Why? All this excess baggage that Linux carries around--consumers don't need this.
Why get rid of it? All the formats are open and documented. All the shells except Bash are deprecated, etc. The rest are just there for people who grew up with old systems.
And proprietary vendors tend to either make their formats work,
Nobody is claiming that proprietary formats don't work. People are claiming proprietary formats don't work with anything else.
If WordPerfect can't import MS Word files, WordPerfect gets blamed, despite the fact that MS made to convoluted and undocumented format.
Each shell is practically a whole new incompatible platform that software must work with.
When a script runs it specifies the shell it wants. Programs that run under a shell (such as an installer script) pick one and support it. They then work fine when run under any shell.
Have you used unix? For more than a day or two perhaps?
And plumbers get the same treatment after they fix a nasty leak.
Perhaps after they install new plumbing perhaps. But what's wrong with that? I don't see why programming should be held to be anything other than a specialized trade. I'm not ashamed at the idea that I provide a valuable product/service and get paid for it.
There were paid programmers, I'm sure. But, I'm willing to bet that they were paid very modest sums. I believe they were viewed more as "secretarial" positions, rather than professions such as Doctors or Lawyers. [snip] Are they responsible, in part, for raising programmer's salary?
Chuckle. An older friend of mine bitches about the low wages these days. He made $150k+ per year, once over $220k, 1970s dollars, for programming back on old IBM mainframes. Today he makes $60k or something. Not a bad wage by any means, but a fraction of what he made before.
Why would anyone want to destroy this perceived value by making it appear as if software is easy to create and doesn't really matter? When mom-and-pop understand fully that compatible quality software can be made with programmer's free time, for free, what is stopping them from demanding this from Microsoft, Intuit, etc.?
I'm sure you also argue against including compilers with an OS, or making them freely available. I mean, if people see that they can write programs they're going to write their own and never use Microsoft's right?
I am very glad that I can program. I automate many tasks that take my friends hours. Even the ones who can use 3rd-party macro programs can't compete with a perl script I can hack together. If I want to see how a fractal changes if I modify the formula, I can. They have to ask me or hope that someone on the net had the same curiosity as them.
This is a gift that I want to share with everyone. They may never use it, but they'll be able to. Linux will never be locked down, but I can easily imagine a day when to "combat viruses" all code run on a Windows computer must be cryptographically signed. When users are crippled because a company wants to potentially squeeze more money from them in the future.
The reason your salary has not been cut is because software, for the most part, still has value.
One of the contracts I've taken was an ordering/tracking system for a company that made circuit boards. Previously an order (of anything complex) could take up to 30-40 minutes, with a few binders full of pricing charts, to price. The calculation screen(s) I made had space for 80+ variables, accessing hundreds of tables for pricing data. But you could give the customer a price as soon as you were done entering the data. It saved further time by passing the order to work stations at the various steps in the process. From ordering to a sealed computer hung over the drill press in the machine room, to accounting and shipping at the end.
The project saved an average of 15 minutes per order. It also meant that they passed notes and all design docs (the cirsuit diagrams) along as files, instead of taking a folder from station to station.
They mentioned a years or so after the project was finished that they hadn't lost an order since it was put in, and that they loved being able to pull up a spreadsheet that told them how many dollars worth of product were due to be done at any time, where work was backed up, etc. They were working to integrate it into a bonus system for the workers, as well as to let them know ahead of time about potential work shortages.
At my estimate (just of time saved initially) it let them do three times as much work per customer service rep. It eliminated one job (a guy who was moved into customer service instead of fired) of lugging paper around, keeping files straight, etc. It removed the requirement for a room of files, plus the printing costs, storage for old files, probably 5% of machinist time... Hell, even one of the accountants said he was happier because he didn't get stinky files with fiberglass shavings and etching fluid stains on them.
And you don't think that has value? Probably $400 / day, or more. That was the best $20k they ever spent.
But there's no way an off-the-shelf package would do what they want. Too much custom stuff. I've seen some systems for designing a pricing layout by drag and drop... fairly nice, but nowhere near the level of complexity something like this takes. And I doubt anyone will bother making it that good, for the
I've seen places where almost any business could benefit from custom software. Let me talk to the employees and identify their bitches and I can find even more. 10 minutes a day of hassle doesn't seem like much, but if you're paying $20/hour that's $3.33. Multiply by five employees, times 250 (working days per year) and you're at $4k. Figure in saved training time, and it's starting to look pretty sweet. (That was solved by a few simple batch files to open the right applications, perform incremental backups, etc.)
This will always have value.
[...] but it will be the FSF that brings the entire software industry to its knees.
Once again. Only if the work of paid professionals can't match the hobby work of a bunch of geeks. (Which you seem to think is really really crappy...)
But if they can't match the free software, what right to they have to bitch? They just want corporate welfare. "Rise up Joe Sixpack, cast down the shackles of free software made by the people and send half a month's wage to the world's richest man to sustain his lifestyle." It's not really concerning anyone except the rich who've sunk their mutual funds into MS stock.
So? One company decided they didn't like the GPL, mostly based on RMS. Oh well.
For a single counter-example, http://www.merilus.com/ is a company making a linux-based encrypted VPN router/packet filter on a card based on the Crusoe chip. They release all their software.
Companies may find it hard to make money when giving software away for free, but they can always leverage their trademark and sell it retail. Nobody can forge it or they can sue. Sure, you can get it for free, but the average consumer isn't going to know that. If you include a nice installer on the CD and don't on the downloaded version you've got the attention of most regular users.
But... Let's play pretend for a minute. Let's imagine that there isn't a market for selling GPLed software.
Oh wow! The twisting worldview. There also isn't a market for selling ice to eskimos. Or really, to anyone with a fridge/freezer. But you don't hear the president of an ice-cube company complaining that putting the power of ice making in the hands of the common man is destroying the economy and rendering millions unemployable.
Things change. There's no reason the software industry has to be this big. I might even find myself out of a job, but if I'm displaced by someone who can do a better job for less money, I'm willing to go. I don't want a job that exists only because of a government mandate.
It's amazing that for a professed capitalist you have all these facist, big-government leanings. I thought the idea was that the market would sort it out. If mega-corporations can't manage because of competition from hobbyists then they aren't providing anything of value. (See Artificial Scarcity.)
I agree. You don't have to be socialist to want big government.
I was trying to point out some hypocrisy on RR's arguments though. He lambastes open source as being communist, and says there (basically) "needs to be a law!" I'm just pointing out that for someone who thinks might makes right and has a generally Randian point of view, he sure seems to want government protection when something comes along that threatens him or his comfortable world.
I know he can be greedy and want a strictly regulated economy (for his benefit). But he shouldn't throw around terms like "socialist" and "communist" as slurs unless he's against a regulated market.
Myself, I'm quite socialist. Both because I think it's "right" that people don't starve, but also because I'd rather pay slightly higher taxes to ensure that the poor aren't so poor or downtrodden they feel the need to overthrow society. However, I get a kick out of tweaking psuedo-libertarians who want a free market (for them to abuse) but a set of very strict rules that force people to put up with it, and not pull similar tricks on them.
You conjecture that because some software is free, a manager will object to the idea of paying someone an hourly rate to make other software?
Carpentry is an easy at-home task and almost everyone has done some. However, carpenters seem to make a living.
It's a market economy. If they can find someone as qualified as I am, who will work cheaper coding annoying doo-dads for their database, they're free to hire them. It's happened before. Sometimes I've been called back by the sheepish client to fix the mess they made.
If I have a job though, I want it to be providing a real service to a customer with freedom of choice. I'm sorry you don't have confidence in your job options in a new economy.
If you're accusing me of not paying full attention to what you're saying, I suggest you look in a mirror.
I'm not trying to deny Microsoft the right to anything. I'm simply calling for them to be honest for once. If they say open source is bad, let them avoid using it. If they use it, maybe they should say that it's not a bad thing.
If they can't be honest about something that obvious it really makes you wonder what else they're lying about.