Slashdot Mirror
MS Cites National Security to Justify Closed Source
guacamolefoo writes: "It was recently reported in eWeek that "A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."
(Emphasis added.) The follow up from Microsoft is even better: As a result of the flaws, Microsoft has asked the court to allow a "national security" carve-out from the requirement that any code or API's be made public. Microsoft has therefore taken the position that their code is so bad that it must kept secret to keep people from being killed by it. Windows - the Pinto of the 21st century."
War is always the best excuse. One of my favorite cartoons on this is Mark Fiore's, at http://markfiore.com/animation/excuse.html. :)
qslack.com
When in doubt, raise concerns about terrorism, or inappropriately use 9/11 as a crutch. The new coin of Washington (both east and west it seems).
Nothing will ever be the same again indeed.
"Uhh, the judge is acting pissed. Did you see the way she looked at us when she said 'Obey the court'?"
"Yeah, how can we BS her on this?"
"Uhh, maybe we can find a link to terrorism?"
"YEA! That's it! We can't comply, because of National Security"
Harmph....
www.eFax.com are spammers
I guess that M$ will just prosecute anyone caught reverse engineering their binaries under the DMCA.
This communication is secured using Rot-26 Encryption Algorithm, Unauthorized decryption will be subject to laughter.
can kill you, your family, and maybe your dog.
Makes one happy that there are open alternatives out there.
Even people who don't really follow computer software probably wouldn't have a hard time grasping this idea.
Lets think...
Microsoft is resorting to desperation tactics... they know they've lost.
ABC/CNN needs to blast this on all their stations so that people get an eyefull and understand what they are running. It would go a long way to defeating this monopoly.
"All great wisdom is contained in .signature files"
Any fool knows that it is flawed to that magnitude. Only the fact that it was publically admitted by a M$ official is newsworthy.
Worrying isn't it?
If the code is so bad as to be dangerous, shouldn't the government make them recall the code and return a properly functioning version?
If a car was dangerous enough to possibly cause death, wouldn't the government require a recall? Wouldn't the media jump on them like rabid wolves like they did Firestone? Wouldn't people avoid the things like they did Firestone?
The Pinto was never as dangerous as M$ products.
Their next move will be lobbying Fritz Hollings to sponsor OSPA, Open Source Prohibition Act: making it illegal to publish your APIs so the "terrorists" can't exploit them. As if terrorists could code :-)
"As flies to the wanton boys are we to the gods; they kill us for sport." - William Shakespeare, King Lear
Now how about they crack open the source to the hurds of open source programmers and fix some of the errors.. oh yeah then everyone would have to update.. gasp!
Carpe meam simiam!
So they think that just because they are Microsoft, they deserve to be treated differently? If they made crap software that is full of bugs, and it gets released to other companies who my possibly take advantage of those bugs, then it's their own fault. If a product is meant to be remotely secure, the software company should employ QA teams to *TRY* and break into it, at the VERY LEAST. Writing poor code is no excuse for avoiding your punishment, MS. Perhaps those using the buggy software should be informed of this, and given a grace period to switch to another system before MS is made to open their source.
Follow me
I can see it now, the new threat will be al queda cells training to get comp. sci degrees in US universities.
it's scary that it has come to this, I guess the real question is to find out exactly which parts are the flawed ones and start reverse engineering them and replacing them with secured versions.
One thing MS seemed to overlook is the added advantage of open sourcing.. you get access to an entire world of programmers who will help create a secure distriution (see also Linux).
just my two cents.
--
|-_-| . o O ( bEef!)
Well, at least I hope it doesn't. A comment like this from a Microsoft bigwig doesn't sound encouraging... Mid-air GPF anyone? *ouch*
i wish i hadnt used up all my mod points.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
From the story:
> The protocol, which is part of Message Queuing,
> contains a coding mistake that would threaten the
> security of enterprise systems using it if it were
> disclosed, Allchin said.
Then with all the billions and billions of dollars M$ has hanging out in the bank, why not hire someone and FIX THE PROBLEM. What's the problem with doing the things that make sense?!
Single best thing M$ could do to improve their product security is to adopt the 'patch often' mindset. Fix something, release a patch, everyone goes home happy.
The bi-annual (exaggeration) security patches they currently do ain't gonna do it.
The DOJ was pressuring MS to release it's APIs etc., in the interest of fair trade. Now MS claims that doing that would put national security at risk.
What's the solution for the DOJ (who holds the reigns now)?? Simple: force MS to adopt open standards and open code modules in the future. Given that the MS business model is based on leveraging its "secret" elements, this could force them to abandon nearly all of their anticompetitive practices.
-3Suns
~~~~
The Revolution will be Slashdotted
Even if it was true that closed windows source is important for national security, microsoft itself shares the windows source with many companies and many, many universities.
I really doubt that all these people have a top secret clearance.
Does this mean that they (MSFT) will have to change their EULA to warn that their product is dangerous to my health and that if I die using Windows, or some other MSFT product, it's not their fault?
I smell a few lawsuits for those who drop dead using their products.
and isn't security by obscurity a horribly way of writing software?
I believe that the existence of women is proof that God loves us and wants us to be happy
The article states one known bug in the Message Queuing protocol is very severe. If they know what the "coding mistake" is, can't they patch it and then release the source of the now-secure component?
My server
If Ford were to say that they couldn't disclose their new transmission design because if they did it might get people killed, surely they would have to either redesign it, recall it or face a HUGE class-action lawsuit.
:)
All we need is some documented evidence of a MS exploit resulting in injury or death.
Asikaa
Come in, twenty-seventy-seventy, your time is up.
Drape each box in one of our flags, and trademark the phrase "So powerful the source is a national secret." The PR alone should rake in enough cash for Microsoft to cover their end of the lawsuit.
M$ is so concerned with National security , they have created many many security holes in both IE and outlook. for security of course!
How are the ankles.
(From a story posted here)
Peruvian Congressman David Villanueva Nuñez made exactly this argument:
To guarantee national security or the security of the State, it is indispensable to be able to rely on systems without elements which allow control from a distance or the undesired transmission of information to third parties. Systems with source code freely accessible to the public are required to allow their inspection by the State itself, by the citizens, and by a large number of independent experts throughout the world. Our proposal brings further security, since the knowledge of the source code will eliminate the growing number of programs with *spy code*.
In the same way, our proposal strengthens the security of the citizens, both in their role as legitimate owners of information managed by the state, and in their role as consumers. In this second case, by allowing the growth of a widespread availability of free software not containing *spy code* able to put at risk privacy and individual freedoms.
The flaw here is that for windows code to posess the powers they imply, it would need to be a state secret. Perhaps it should be illegal to distribute mission critical osc across us boundaries? Windows code a state secret? I think not, anyone can reverse compile machine code.
Micro$oft should realize that governments do not like security threats they are not able to evaluate themselves. The NSA, for example, cannot sit and tinker with windoze's security holes the way they can with OSC (open source code)...
-Sean
God forbid we should open source something that is that badly written.
Missle carriers everywhere, none a blue screen to be found.
They would be towing them back from all over the gulf.
I think Win should be in all consumer devices. It would be like effective remote terrorism the likes of which we haven't seen since Maximum Overdrive.
Hehehe
The fact that they(MS) admit there are issues with their currently closed-source model that involve flaws that are so bad that even stating which modules they are involved with is a potential compromise to National Security reinforces in me the fact that an open atmosphere is much better in that numerous persons and groups can review the code such that alarmingly fatal flaws such as these don't get released the to the public or the government in the first place. If even a few outside of Microsoft's company had reviewed or had access to these modules, I think it would be only a matter of time before these bugs were squished, probably even before the software was released in the first place. What better reasoning for the states to continue fighting for the disclosure of MS's cruddy source to the states, and certain other peoples than the hope that flaws such as these don't end up in a finished product that people actually pay money for in the first place.
Duris MUD - The best pkill MUD. Ever.
As a matter of national security, the source code should be opened so that the flaws can be found and systems important to national security that are currently running with vulnerabilities be shut down until they are fixed. Microsoft is going to get itself in a world of trouble when a vulnerability they are aware of, but fail to disclose immediately, is exploited before they release a patch.
The bottom line is that system adminstrators need to know if there are flaws, especially with "national security" at risk, even if, in the absence of a fix, their only option is to shut the affected services or systems down.
BWAHAHAHAHAHAHAAHAHAHAAH!!!!!!!!!!
no wait seriosuly though....
BWAHAHAHAHAHAHAHAAHAHAHAHAHAAHHAH!!!!!!!!
"We'll security is our top priority (http://slashdot.org/article.pl?sid=02/01/17/02592 34&mode=thread&tid=109) but until it improves, our source is a threat to national security"
As a result of the flaws, Microsoft has asked the court to allow a "national security" carve-out from the requirement that any code or API's be made public.
it seems to me that by this statement they are admitting that they have a monopoly over the OS market... that is, if it's a national security risk, that means that the nation is running their software.
greg
sig - .
I think thet they're hiding something...
(Cough!) Stolen source! (Cough!)
I think that "National Security" here means "the NSA asked us to put xyz into our code, and they'd be unhappy if it had to be removed or became public".
Remember: Cryptanalysis has, and will, always come in fourth place after burglary, blackmail, and bribery.
Tarsnap: Online backups for the truly paranoid
Terrorism = File Sharing
someonce call the RIAA and tell them the great news!
There's no way, if Windows was open source, that people would be able to find the flaws for themselves and patch the code. After all, only a malicious hacker would want to look at Windows source code ;), and only a fool would try to step through that labyrinth that would make Daudalus green with envy...
BlackGriffen
What if Terrorist Destroy Microsoft, (e.g. Crash a 747 into Microsoft, or develop worm to destroy Microsoft source code)? What will happen then?
For reasons of National of Security, all of Microsoft code should be made open source! At the very mininum Microsoft should hand over all of it to the NSA or some other agency of the US government to ensure that the code is available in after an attack against Microsoft.
Fortunately, most missiles don't have Internet Explorer installed.
inversely proportional Our Stupidity
If it happened in any other industry (auto, aviation, train, commerce, weaponry, etc) the Government would drop their product like a dead rat (and more probably force the manufacturer into a recall). Yet Microsoft is willing to use it as a defense?
Three things need to happen in order for people to start getting serious about software security and reliability:
1) A software system with 1 or more serious _known_ flaws must be used on a worldwide scale by a government agency or large company.
2) That software must then fail.
3) The failure must cause thousands of deaths or hundreds of billions of dollars in loss or damage.
The result will be like the 9/11 of software...when the world wakes up and realizes that we have become so dependent on software systems for our daily lives that we actually have to start caring whether or not they work correctly. We need to start taking an engineering approach to software and KNOW (not think) that it will operate as advertised.
I'm actually hoping that this will occur sooner than later. The later it happens, the more catastrophic the result will be and the less time we'll have to rectify the problem before it happens again.
Its sad, but I think this may be the "straw that broke the camels back" for me so to speak. Reading this article actually makes me want to format and install Linux RIGHT NOW. I just pray to Linus that it isn't too late.
and get back to work on programming for linux! (or the HURD)
Lazy programmers!
Sorry mom, I can't clean my room! The terrorists might find all the girlie magazines that I have hidden under the covers; and that would be bad for National Security.
Are you a COMM^h^h^h^hTERRORIST mom?
"Can of worms? The can is open... the worms are everywhere."
Are Microsoft's product really so vital that national security would be impacted if their security were compromised? This sounds like the Y2K hoopla all over again. There are alternatives to any microsoft product. Even if a microsoft app were so compromised that Microsoft couldn't release a bug fix -- it would only take a week or two for any orginization to migrate to new software. Sure it would be expensive, but not a threat to national security.
There are 10 types of people in this world, those who can count in binary and those who can't.
> This explains why innocuous commands (like touch and finger) have easy-to-remember and provocative names, while the more dangerous ones (like ld and vi) are "secure" through their "obscure" names
And pray tell... how exactly is vi(1) dangerous? I'd call emacs a bigger violation though, but hey, I'm biased. Heck, every editor on a UNIX system should have a "secure" name then. That logic doesn't really fly.
Runs off, before it turns in yet another editor flamefest (which is not what I am intending).
I can't wait to see wait the conspiracy theorists have to say about this...
National Security threatened by releasing MS source code? Does the U.S. government have "spyware" built right into the MS products? secret NSA backdoors?
What they mean by threatening the U.S. war effort in Afghanistan? Maybe Osama should install Linux?
Has anyone considered filing a suit due to being "hacked" ( know it's not the correct term, but it gets the message across) due to a hole in MS software.
Sure, the license makes all warranty void, but what about when they knowingly distributed insecure software.
This offers a perfect fact for your case.
this looks like typical micro$oft, but consider this: though their software tends to be bug-ridden, exploitable, unstable, exploitable, bloated, exploitable etc etc etc, i doubt you'll find too many workstations in the respective security agencies of the US running anything other than some flavor of windows. do we really want those terrorists who have the means and the skills zooming around hacked PCs all over the Pentagon checking satellite fly-over schedules and watching realtime deployments of troops in the field?
... at least for now.
don't get me wrong, i am a linux user and very happy about it (ditto for solaris and hpux) and i love watching the evil empire squirm, but let's excoriate micro$oft for the injustices they already do to _this_ country, and limit the exposure of the code to competitors that can keep the knowledge secure
when it rains, it gets real soggy. when it pours, i'm under the tap just _waiting_ for the joy
that revealing it places our national security at risk, then it's time to switch to a superior software base.
in his hands a federal court in his back pocket.
Washington
(NAPI)- John Ashcruft today warned that al-Qaida terrorists have infiltrated several "Learning Tree" facilities over the past few months and have obtained illicit "MCSE" certificates. "With the imtimate knowledge they now have, no one who runs the Windows Operating System is safe" quavered Professor M. Druel of the University of North Dakota at Hoople. "Given the flaws we were warned of, why didn't we listen to that guy back during the trail?" Linux users (and other users of the soon-to-be banned "open-source" software) spent the days chuckling.
Don't anthropomorphize computers, they don't like it.
At least that is the only explanation I can think of. Their systems are architecturally unsound and plagued by stupid design decisions, unstable interfaces and unsound implementation. It is quite obvious if you look at all the security, stability and usability (ever reinstalled Windoes?) problems they have. In addition they are still adding features like mad, thereby making the problem more serious all the time.
.NET and the motivations and real goals behind them.
My point is that they did not say anything new by admitting the problem. However by admiting it they also admit that they don't really care about security, as they certainly could have done significantly better! This casts a very bad light on other ventures like
So why are they admitting it anyway? In my opinion MS is scared to death that open APIs would also mean stable APIs (i.e. APIs that don't change all the time) and would enable others to make Windows compatible execution environments with relative ease. The sources are also important, because the API documentation MS would give (could?) away is not complete and correct enough. So while it takes a huge effort, competitiors would be able to really find out the complete API functionality and implement it in a way so that things that run on Windows would usually run on competing products without retesting or modifications.
As MS is not really having a good product, just an effective monopoly (by making cloning their API difficult), reasonable documentation of their APIs could kill them. At least that is what I think they believe.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
It's already been revealed that some attacker got into Microsoft's network. Also, CD's with Microsoft's source have been released for various reasons over time. I have no trouble believing that some "bad guys" already have the source code. So, how do the rest of us protect ourselves from these bad guys with the source code? And from the bad guys to come who don't have it yet... but will?
As noted in Secure Programming for Linux and Unix HOWTO, section 2.4.2, closing off source code doesn't actually halt attacks anyway. Here's the quote:
- David A. Wheeler (see my Secure Programming HOWTO)
this 'patriotic company' shit has gone too far, this is just another example of a business trying to sell their stuff using our national pride, except now they're trying to sell us a line of crap instead of software.
they should sell their software to terrorists at a discounted price.
Make the NSA's job really easy...
This is left as an exercise for the reader.
Microsoft still has some of the most talented minds in the industry - they know what they're doing with this tactic. What they're doing seems to be the equivalent of reverse psychology. "No, don't make us show the world our source code. Anything but that" - **snicker**. The world doesn't gain a whole lot from being able to go through Microsoft's code (this "punishment" is just a slap on the wrist). Microsoft could even remove all of the most critical proprietary components of the Windows source code and it would take thousands of man hours to even be able to tell the difference.
./cwide
soul daddies in a firewire tumble dryer
for not getting over 9/11. And for having a hypocritical government that likes to forget facts, as do most of you Americans. Your nation was found on terrorist acts such as the Boston Tea Party and Boston Massacre. So suck it up and get over it. Innocent people die everyday all over the world. And this will get modded down becaused Goddess forbid anybody say anything against the perfect United States.
bill is just a monty python fan after all. since he's not funny, he made a code version of the joke that can kill.
he's just misunderstood. [quiet guy, kept to himself.]
that "National Security" is what the gov't hollers whenever they don't want to admit just haw badly they fucked things up.
*Exactly* what Allchin said.
use the word Indequendant around the net it won't.. :P
Though I know the knee-jerk reaction is to scoff, M$'s statement does bring up an interesting issue. Given how porous M$ security is, just how much worse would/could it be if the source code were available? To be honest, and flame away if you must, I think that M$ does have an interesting practical point (not that I agree with how their applying it, but that doesn't make their point any less valid).
So the obvious question arises, is Linux/BSD (and any other software that has source available) more exposed to "serious" attacks. By "serious" I mean being launched by somebody who knew enough to be able to look at the source and find security flaws, vs a script kiddie who takes a virus toolkit and modifies the virus name and subject line. Theoretcially, it should be more vunerable than a picece of closed source software that was written with a similar level of "quality".
Again, I AM NOT DEFENDING OR SUPPORTING M$'S POSITION, only bringing up what I think is an interesting question.
- reverse gravity
- send the tightly-controlled, stable market into a state of chaos
- put thousands of people out of work (how could MS pay its employees if they gave their products away?)
- bring back Elvis (in the form of MP3s distributed by the masses who were previously restricted by MS DRM)
- cause the judge's personal computer to automatically download pornography every day
Didn't we see this in Ghostbusters?Why waste time trying to gain access to one or two computers when you can root them all using Microsoft's built-in secret backdoors!
Method one is get a job at Microsoft. With your spy resources I'm sure you can fake whatever resume is needed to get a job as a third-level programmer. From there you will have access to the code. Write down all the magic secrets and tada! Now your country can have free reign of the US infrastructure. Thanks to Microsoft agressive sales strategy, we are running Windows on critical infrastructure even though Window's own EULA warns against it! Plus, there's at least one battleship out there running Windows NT at its core, so at the very least you can gain control of that and sail it right up the Potomac.
Method two is enroll in any major university. Our nation's top schools are not just for training you how to build nuclear and biological weapons anymore! Now you can learn how to make techological weapons that make CodeRed and Nimda look as harmless as a pop-up browser ad. Thanks to Microsoft CodeShare initiative, designed to indoctrinate hordes of programming students into doing things The Microsoft Way(tm) and to make it easier to get Windows to replace those pesky UNIX systems, just about any school IT department can get a copy of the source to just about anything that Microsoft makes. Of course you have to sign those pesky NDAs but...you're a spy aren't you?
Method three is simply recruiting one of the existing code monkeys at Microsoft. These poor guys make pitiful amounts, and thanks to the decline of the dot-conomy they have lost a lot of those wonderful perks. Throw them a nice "consulting" contract and you'll have your source code in no time.
So what are you waiting for! Once Senator Hollings bans open source, UNIX and Linux will disappear and Windows will be running everything from the soda machine to the FBI SuparKomputar! Get your foot in the door now! Hurry, before Microsoft actually fixes all their backdoors and bugs (due to occur sometime around 2016 or so)
Actually, I don't agree.
"lock down" their OS is a totally open-ended target. We both know that they'd never be done, in 4 years, or 100 years.
Better that if they required to open up their source or APIs that a commission or special master take into account issues with the source code. If a code review shows serious flaws, I can see the code being held back until they were fixed. Anything that didn't seem flawed could be released immediately.
It isn't a binary choice here "all or nothing." If forced to release code or API docs, "a piece at a time" is certainly workable.
http://slashdot.org/article.pl?sid=02/05/06/173924 4&mode=thread&tid=109
I wonder if this might explain the Chinese Embassy bombing?
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
What he said:
"He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."
What he meant:
He later acknowledged that some Microsoft code was so flawed it could not be *fixed*.
They may just confirm Judge Jackson's assertion that any sort of compromise short of a breakup will be insufficient. Here's hoping that Kollar-Kotelly's nose is as good as Jackson's.
The "obscure" commands that you reference are that way because back in the day of the PDP-11 every little bit (no pun intended) of allocation counted. Remember, this machine only had 256K of memory. Later, when storage became dirt cheap, people were free to name their utilities anything they wanted.
...Now everyone who insults Microsoft's code will now be marked (-1) Redundant instead of (-1) Troll.
-braxton
Windows is a security threat. Fdisk windows and install Security-Enhanced Linux throughout the Government. Any volunteers for a linux eGovernment installfest. http://www.nsa.gov/selinux/index.html
Austria already has it.
Any U.S. University can apply for it now if they don't already have it.
Many of Microsoft's larger customers have it
I don't see why it would be difficult for any terrorist organization to get it. How can they legitimately argue that it may possible be keep it secret at this point? If it's a national security risk to make the code available, the damage can no longer be avoided.
Ryan Fenton
'When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation regarding security. "The fact that I even mentioned the Message Queuing thing bothers me," he said.'
I love that! 'It pains me to admit that our software is dangerously broken, because we're trying really, really hard to convince people that the reputation we have for foisting dangerously broken software on them is totally unfounded.'
I guess if there were trying to work on their actual security, rather than just the reputation, they might act a bit differently (like, by publishing their API's and then working with the security community to get them safe).
-Dan
I have written a truly remarkable operating system which this sig is too small to contain.
I find *nix commands easy to remember, and had no trouble when I was also a nOOb. In fact, I find ls far easier to remember and type than dir, and rm and chmod both make perfect, unobfuscated sense to me as well.
As for the time cusion, M$ has had nearly 20 years to clean up their act (and their code). They are sitting on a cubic BUTTLOAD of ca$h. In my opinion, it is time they were called to account for the mess they are inflicting on us through their monopolistic actions, and therefore I see any time cushion as just an opportunity for them to flex their high-paid legal muscle to avoid growing up with the rest of the computer world.
Mmmmmm... Bold, yet refreshing!
I know their programs are bloatware. How is the code? Do they purposely obscure things? Do they leave huge blocks uncommented? Do they slip in multiple variable names that are almost exactly alike and totally unrelated to what they hold?
no it's sad really. So the code is so flawed that it can't be shown because it would threaten national security. They even know which part is flawed.
Great, why don't they fix it? The DoD and other US goverment institutions surely would welcome a patch and apply it immediatly. Or better, why not use a more secure operating system.
I don't think the existence of the flaw should allow them to hide it. On the contrary, it should be made public immediatly, so that everyone will have the chance to decide if it is wise to keep using the OS. In any case, MS should not be the one to decide what threatens national security.
And if the NSA has seen the code and decided it would threaten security, then every other country, company or individual should think about what that means for their security, if they should not be allowed to see the code themselves.
***Quis custodiet ipsos custodes***
umm... vi, rm, ,chmod and ld where obscured? Only from people that could not read a book. Okay compaired to micosoft that had a command that could wipe out the harddrive of your system with on typo the good old format command. When I worked in a computer store back in the good old day we all ways renamed format and made a bat file called formatfp that would format a floppy disk for you the customer.
Five years? what the heck why not ten. Sorry if your code is insecure then it is is dangerious to National Security NOW!
Windows should be not be used on any secure system until it is secure. Think about it. They are saying it is a danger to nation security NOW!
Security by obscurity does not work.
i wish i could mod up a story. +5 Funny all the way.
National Security after reading this I fell out of my chair laughing
Um, no. Where the hell did you hear this? They were designed to be easy to type.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
They have exported the Windows source code to countries such as Germany, Czechia, Slovakia, Isreal, Hungary, Japan, and even Singapore. Check the list yourself.
Maybe it's time for another trial.
Now, like it or don't, the fact is that security through obscurity has been with us since the origins of Unix. IIRC, the original "shell" commands, such as rm and chmod were designed to be difficult to remember, for the very reason that untrained n00bs could quickly bring a system to its knees by misusing them.
IIRC, the names were designed that way so that they would be easy to type and consistently constructed.
eg, rmdir = rm + dir
chmod = change + mod
chown = change + ownership
In any case, your comment may be historically accurate, but the reasoning is still idiotic. No newbie should have such significant access to the system that he can cause significant damage.
But maybe it wasn't like that in the good old days.
'"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks," Allchin testified. "Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."'
Well, perhaps the DoD and the armed forces shouldn't rely on a single contractor that has admittedly delivered sub-standard and dangerously flawed product?
Mod me down, go ahead -- I know this is an obvious observation.
really! It's not the pinto it is the DOdge Dart
"windows: unsafe at any clock speed"
-nader
The original shell commands were designed to be economical of typing because people were often connecting to those systems with real TTYs. The lucky ones had 300 baud terminals. The difference of a few characters in a command name added up over time.
Remember, Unix had the source available from the very beginning. Security through obscurity was essentially impossible for the Unix developers.
As for MS being given 4 or 5 years to "lock down" their OS, I ask only "how long has Windows been in existence? Haven't they already had their 4 or 5 years?"
Sorry, but I don't see anything insightful or very well-connected to reality in this post.
Micro$oft has always made excuses of one sort or another, about a great many things. But, so far, few have been this ludicrous.
The first, was "it can only hurt the US economy if the debut of Windows 98 (was 98, wasn't it?) is delayed..."
And now, "releasing source code/API's would threaten nationally security".
Does anyone want to start taking bets what the next grand bullshit excuse will be? My wager is on "God commands thee to cleanse thy hard drive of this vile Linux". I just can't think of anything else that is on the level of the first two.
All security is through obscurity--even encryption. Think about that.
"Touch" makes empty files or changes their date. You're telling me that's easy to remember, while knowing that "rm", short for remove, removes file(s) is harder? "Chmod" changes a mode is harder to remember than "finger" giving you a user's name?
Got friends?
This is hilarious. lol!
I hope you see where I'm coming from.
I see you are coming straight from Uranus.
To the ones who moded this Insightfull you maybe thought is said Inciteful.. This is either a Troll or a really bad joke..
Cheers..
$HOME is where the
-- silver_p
And now, with a dramatic demonstration of the number and variety of devices that Windows XP can be Embedded in...
After supporting MS's statements that all source should be closed and hidden in order to maintain national security, the US government has agreed to hide all tall buildings. All tall buildings will now be covered with large black clothes. In order to maintain national security, anyone caught talking about these buildings will be arresting. Since terrorists will be unable to clearly see and hear about these buildings, they will no longer be able to attack them. Thank you and good night.
Outdoor digital photography, mostly in New Engl
Stupid job ads, weird spam, occasional insight at
When Kevin Hodges, attorney for the dissenting states, asked him how many APIs would be exempt, Allchin said he did not know the exact number, but it would include APIs that deal with anti-piracy and digital rights management.
DRM?? Gimme a break! Sounds like a marketing push to RIAA that MS DRM will not be violated. Because, you know, if terrorists were to break the MS DRM and listen to unlicensed copies of RIAA products that would violate the National Security and allow severe setbacks in war in Afghanistan.
I just hope the judge is listening to this very carefully.
u r so funy LOLOLOLOL ::::))))) i wnts too HAVE YOUR BABBBIES!!!!! ::::)))))
Calling MS the Pinto of the 21st century is grossly unfair to Pintos. First, Pintos are a lot better than their reputation. The original 1600 pushrod motor is the same solid reliable block used in Cortinas (and most other English Fords) as well as having been raced for years in Formula Ford. The bottom end of that motor is used in Lotuses, as well as the Cosworth race engines (Formula Atlantic).
The 2 liter overhead cam motor in the Pinto is surprisingly good. When I raced a friends Capri with that motor, he said that he usually shifts between 7,000 and 8,000 RPM because it doesn't make any more power beyond that, but the motor will spin over 9,000 RPM without problems.
I've also seen Pintos win the SCCA racing class Improved Touring B, against cars like BMW 2002s.
THERE'S a thought to ponder upon......
There's no wrong way, to eat a Rhesus...
They can name it something like 'Patch Lola Patch.'
I don't want knowledge. I want certainty. - Law, David Bowie
Two weeks after September 11th, a Senior VP gave a talk to our group, where he claimed that "Linux is a terrorist organization" because they give away software. Needless to say, I filed an HR complaint. After 5 weeks someone finally talked to him, and he promised not to use the phrase again.
Which isn't to say Microsoft is evil. Most people I know here aren't all that different from Slashdotters. Most are trying to do the best job they can to make a good product for users. Most take the current security effort very seriously. Most are basically good people.
But a few are...different.
Thou writest:
Wrong, Wrong, Wrong, Wrong!
Naming conventions were determeined by a bunch of guys who didn't like typing long commands. This is why mv, rm and man were used (I still wish man was renamed help, and that the existing help command was renamed to something sccs related, perhaps sccshelp).
Please don't spread lies like this, it is just plain wrong.
With all the money in M$ bank account, where are all the laywers? Shouldn't admitting gross negligence bring a class action lawsuit?
Those who can do. Those who can't sue.
couldn't you just do both?
time critical find someting, relase a patch and also massive, bigger, rollup monthly patches.
They are a fine and dignified breed of horse.
http://www.pinto.org/
First, be found guilty of having a monopoly and abusing it. Then, during your testimony at the penalty phase use two arguments. 1: if you do that you will break our monopoly (earlier testimony). 2: declare that becuase you have such huge market saturation you had no reason to fix a major bug you have known about. So then say that disclosing the bug would be risking national defense. Hmm, if I were the prosecution I would dancing with glee. Microsoft does not seem to understand that they have been found GUILTY of abusing thier monopoly and keep giving the court more and more ways they have abused it.
------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
So the Blue Screen of Death can lead to YOUR Blue Screen of Death.
"Reboot the car?!?!?"
This gives a new meaning to the Internet Exploder moniker IE has achieved through it troubled existence.
And I doubt the Message Queuing problem is as bad as he says -- it's just a honeyput to keep the prying eyes at the other significant problems in the code.
What exactly do you mean by "Don't touch this button?"
Microsoft's view:
If the software has security flaws, then the code and APIs cannot be made public.
Open source view:
If the code and APIs are made public, then the software does not have security flaws.
So, Microsoft, we are finally in agreement, yes?
To-do List: Receive telemarketing call during a tornado warning. Check.
If you'll recall their network was wide open to some hacker for around a month... these are the best links I could find in two minutes: Different View Of MS Code Theft and Microsoft Hack a National Security Threat.
We can probably assume that it has been freely distributed to the best "enemy" hackers for months now.
It's clear this strategy is the coding equivalent of "The Killing Joke":
"Here at M$ coders are only allowed to work on code a few lines at a time. The code is so fundementally flawed that if any single programmer sees an entire code block he immediately goes insane... well, the lucky ones do anyway..."
M$ - code so bad protecting people from it is job #1!
=tkk
Bill Gates - Creationist?!?
How exactly does this undo the damage that Microsoft has done to so many companies with it's corrupt business practices?
I'd prefer to see:
1) Microsoft to be required to licence Windows under uniform fixed court agreed terms to all hardware vendors, with no conditions allowed on what else they sell (e.g. bare PCs, Linux), or what else they do or don't load onto their PCs (office software, browsers, ISP links)
2) Certain file formats (office documents) to be deemed part of national commerce infrastructure, and put under control of some industry body rather than microsoft
Also, note that there was no real style guide while early commands were being implemented. People decided they wanted a utility, and they wrote it.
And HA HA HA HA HA.
Windows kills me everytime I use it. What a joke.
GeneralKael -- Slacker Extraordinaire
"Microsoft has invested substantial time and resources in providing great interoperability between .Net and older technologies," Allchin said. "Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."
So, according to Microsoft, it is better to have one company provide (ie control) the degree of interoperability between systems than to have another company promote a single standard for the whole industry to use and share.
I can't imagine that line of thinking going over very well with military officials used to building redundancy into everything.
You might also paraphase the above statements as follows:
"Microsoft has choosen to ignore freely available and already established standards and instead has wasted substantial time and resources needlessly reinventing the wheel by developing our own internal standards (that we won't share and that we admit are not really very good) so that we can control the degree of interoperability between our proprietary new product, and our former (and soon to be former) competitor's technologies"
"Sun's strategy of creating and sharing a standard that encourages 100% interoperability between all systems discourages interoperability (but only in respect to our systems, because ours are made to be incompatible with the accepted standard that everyone else uses)."
Oh boy, can I please buy your systems for my Army?
My next sig will be ready soon, but friends can beat the rush!
... that was the design decision that early UNIX developers made. The naming had nothing to do with security.
IIRC, in deed, you are not recalling anything you are just making crap up. It is amazing the this load of crap got modded up. You should loose karma for such crap.
Troy Roberts
Once again, we see how the one thing that was needed most throughout this great country's passage through the ages has been the thing that is ignored and ridiculed the most, Vigilance.
I seek not only to follow in the footsteps of the men of old, I seek the things they sought.
Hmmm...I'm confused.
"What is the sound of one belly slapping?"
Get a paper copy of this testimony. Make lots of photocopies. Highlight the "interesting" parts (such bad security that releasing it would be a national security risk, etc). Send to everybody in your local government you can find, demanding that they stop using MS products until their security problems are fixed. As alternatives, there is at least OSX, all the Linux distributions, and probably other things (the resurrection of BeOS?).
Given that MS is admitting in court that they are selling defective products, demand that your local government sue MS for fraud. Politicians don't keep up to date on every legal battle going on everywhere, but if you send them the relevant portions they at least can't claim they didn't know.
While you're at it, forward this onto the local newspaper and tv stations. "poor security" is a big boogyman these days.
Another thing; Send this onto the people at your company who make buying decisions, if MS is going to admit their products have the security of swiss cheese, does your company really want to expose itself to that kind of danger?
Karma: Food Fight (Mostly affected by Date Plate).
Your Honor, we at Microsoft believe that if we ever revealed the source code for MS Windows, more children would immediately start taking drugs. Husbands would start to beat their wives. Small animals would become uncontrollable, staining many expensive carpets. Certain food-groups would become more perishable. 2nd law of thermodynamics would be repealled. Finally, a giant hole would open up in space time, causing the end of the universe.
Your honor, it is a matter or national security, no international security, no galactic security, that we be allowed to continue our profitable monopoly.
Think she'll buy it?
=brian
Already happened:
USS Yorktown dead in water after divide by zero
i wish i could troll like you..
The question that has to be asked here is this: do we really want to have our country so heavily dependent on an OS that is so apparently at risk of vunerabilities? Let's analyze the threat for a moment.
Let's say that this message queueing vulnerability that was spoken of in the article is a pretty substantial hole that could be a true threat to national security. What makes anybody think that because Microsoft refuses to talk about it hasn't already slipped out to all the wrong people. If some high level executive at Microsoft knows about it, you can guarantee that probably hundreds if not thousands of people within the orgnization know about the problem already. The more people that know about it, the better the odds that somebody nefarious will get a hold of that information.
If I were the intelligence service of some devious foreign power you can bet I'd have a few operatives working in Microsoft. I mean if you want to fight a war with the US, what would be better than an opening shot that can harm >90% of the computers in the country. So you have a few operatives finding what holes they can and slowly relay them back. Then you just sit and wait for the day when you need a real threat in your arsenal.
Imagine how nice it would be if you are some nefarious foreign power in tense negotiations with the US and you can walk in, and them a floppy disk and tell them to give in or else. I mean even if they find out what the vulnerability is, can they deploy a response to it fast enough that it matters? Nothing like the threat of having the electronic economy slagged to make you amicable to a bad deal.
I think that if Microsoft's the threat they seem to imply, the judge should order them to turn over the source code to the FBI to begin dissecting these problems. Do we really want to trust a private corporation with our national security? I don't think so...
This sig has been temporarily disconnected or is no longer in service
..what a load.
Jesus Christ this guy is stupid. He's only thinking short term (how to get out of this lawsuit) and not long term (how is this going to look to my customers). Seems like he still thinks Microsoft is number one, that there is no alternative, either you use MS or end up with no IT infrastructure. Bah, anyone who still buys from MS after reading this should be qualified as stupid.
Man, I want to be angry at his stupidity but I can't. Maybe I'll just laugh at him. What a bunch of fuckups they have at MS.
What time is it/will be over there? Check with my iPhone app!
their wallet...well maybe not. I say give them a hefty fine and make them fix the code in x days or they get fined again...and again...and again... After all, they should be happy to fix it because it's in the best interest of National Security .
© 2004 The SCO Group, Inc. All Rights Reserved.
in your brand new pinto! Holy buffer overflow batman! Dodge that cigarette! bloop.
It's about the geeks! If Microsoft were to release the source of all that flawed code, geeks world-wide would laugh so much (including Microsoft's advocates) that they would lose their reputation!
If they do, they will be caught for all the code they stole from other peoples and companies software. I really think thats why they are putting up such a fuss about giving their code.
I wonder what % of M$ code is open source, and what % of that was written for linux...heheh
The NSA, for example, cannot sit and tinker with windoze's security holes the way they can with OSC (open source code)...
Who said the NSA didn't have the source code to windows?
SUN specifically. NT is mostly just for admin shit and paperwork and people too stupid to be of any use so they sit around making power points instead of performing any real national security function.
...that a Microsoft banner ad loaded with this
story?
Mid-air GPF anyone?
Already happened (except it was a badly handled arithmetic overflow). European Space Agency satellite launch, Ariadne II, IIRC. The software was multiplying speed x time and adding it up to get distance traveled, or something like this, and because the II went faster than the I, eventually it overflowed. And the control system froze.
But I don't think this was Windows or any other commercial OS...
I've said this before in response to MS-FUD: When the government/economy/national security of an entire country hinges on the well-being of one company, that company might be just a little too big for everyone's own good.
Ok, I did not read the article, so if I'm wrong on some points, you know why.
I'm an Army contractor, and all of their critical systems are all Solaris based. Thus proving that the Air Force and Navy are just a little bit dumb. (sorry, had to jab that) Now, if any defense company said to the military that its product was so flawed that it couldn't give the gov the source code, it would be rejected and the company sued. Basically, if the gov hadn't whored themselves out to MS there would be much smackin' goin' on. This stance may just be enough to get sued just by these statements.
Vote monkeys into Congress. They are cheaper and more trustworthy.
do you have any references to back this up? surely this is a joke. if it is your sarcasim is so thick i cannot see the punchline then i'm sorry.
for those who dont know any better. to the best of my knowlege the following are the reasons those commands got their name.
vi - got it's name from visual editor
chmod - change the mode of the file.
rm - remove a file
how is this hard to remember? how can n00bs bring a system to it's knees without the permissions to do so with `rm' command?
-- john
I read the article. Several times. Perhaps I am just not very observant today, but what was the exact quote in which a Microsoft exec stated more or less that its code is so flawed that it could result in nat'l security compromises?
.Net and older technologies"
:)
I read the following quotes in the article:
"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks,"
"Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."
"Microsoft has invested substantial time and resources in providing great interoperability between
"Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."
(Ha! Whatever)
"The fact that I even mentioned the Message Queuing thing bothers me"
Perhaps Techweb is offering a creative interpretation for the purpose of getting hits?
Anyway, if anyone can find a source for such a quote, please let me and everyone else know as I could add it to my "Why Microsoft sucks" archive of data.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
Now we need to see the code did Bill Gates sell the world out to Osama Bin Ladin for a price. The Government in the interest of National Security demand the Microsoft Source Code and have one big line by line code audit. You all should be concerned just how much of the Government is using Microsoft Bug Infested Backdoor Software. President George Bush use the Linux software at the NSA called Security-Enhanced Linux. Order all Government Agencys to get rid of Microsoft Software and install Security-Enhanced Linux from the NSA. http://www.nsa.gov/selinux/index.html.
Seems to me that either Allchin suffered some stroke or brain damage while in court, or this is all a big red herring.
...
You just don't get to Allchin's level and "accidentally" let slip something like a fundamental vulnerability in a protocol. M$ officials may make mistakes, but not like this. Not in a public forum. Not in front of a judge. Not where every news medium in the world will be covering the story.
My feeling is that this is all a distraction from something else. Every black hat on the planet is now probably checking out the Messaging protocol. My guess is that there's no smoking gun there. But maybe another protocol has problems.
Furthermore, it just doesn't make sense. An API exposes only what you want it to. It doesn't show you the vulnerabilities that exist "under the covers" unless they're titanically, apocalyptically stupid.
I'd like to know what it was that he's distracting us from
Eloi, Eloi, lema sabachtani?
www.fogbound.net
In this pleading, Microsoft themselves admit that their stuff is widely installed on Federal Interest Computers.
Microsoft's use of so-called operating system patches to disable user mail applications and replace them with the Outlook mail server application is unauthorized hacking of Federal Interest Computers, a Federal felony under US Code Title 18 Section 1030 (the COMPUTER FRAUD AND ABUSE STATUTE: see http://www.cpsr.org/cpsr/privacy/crime/fraud.act.t xt).
Microsoft's pervasive practice of using their upgrade/patch excuse for hacking Federal computers and replacing relatively secure software like Eudora with nightmares like Outlook (which is itself responsible for something like 80% of the viruses and worms on the net!)is a violation by my reading of the Act (but IANAL). I think that Paragraph (b)(1)(B) ought to be applied!
"My opinions are my own, and I've got *lots* of them!"
That was one of my poor attempts at sarcasm. Sorry if I wasn't clear enough about it.
If we had the source code, we might find out the true function of the NSAKey function!
Ouch! The truth hurts!
MS releasing the code would be fun :-)
Check it out.
ZDnet has imposed a ban on views contrary to Microsoft.
You can check out my web site for the so-called reasons.
NexuSys - Linux support by the best
The "big compute" people got into Linux because of the whole beowulf thing. But branches with names more than 3 letters, are really pretty big on MS software.
It takes quite a commitment to build a Yorktown, even if it does "GPF" at sea. All that MS talent is busy doing something...
> He later acknowledged that some Microsoft
> code was so flawed it could not be safely
> disclosed.
a) we better hire 100 cheap law benders (@4K/hr each) and donate some bucks to our preferred lobby group (and some donations to a political party or two can't hurt) to keep the bugs in the code, but we shouldn't start hiring 200 testers and 200 chief programmers (@1K/hr each) to begin getting the bugs out
b) where has the MS 'bug resolution month' gone ? wasn't there a supposed change in quality ? oh, i forgot - that came from the marketing gurus ("FUD-departemnt")
c) suppose terrorists and criminal crackers won't simply sign their "shared source" agreements and then do whatever they want - they wouldn't break the law and just spit on that agreement, would they ?
d) security by obscurity has always been better than actually fixing buggy code
e) how could we convince the crowd to buy our new, innovative and improved releases (a.k.a bugfixes users have to pay for) year by year ?
ouch - my head hurts !
I mentioned this very scenario in my comment to the DOJ regarding the proposed settlement. I proposed that the oversight committee (as long as no members were appointed by Microsoft) or the court be tasked with determining whether revealing APIs or protocols would constitute a legitimate security threat. It's probably not the best answer, but it beats the hell out of letting Microsoft decide.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
This just reinforces my belief that Microsoft is its own worst enemy. We don't need to do anything to bring down Microsoft, its doing a fine job of that by itself.
The only reason I can see someone from Microsoft saying this in a court of law is that they must be really, really desperate. Making wild claims about American national security and the war in Afghanistan is something that no one in the industry or the court is going to believe, and if they do many, many people are going to start to ask themselves if it isn't time that some form of government control and a change in Microsoft management is needed.
.Net initiative in the industry, this is desasterous. Most large companies that are dependant on Microsoft software will ask themselves if it is wise to take Microsoft seriously considering the statements made by Microsoft executives in court. Technical and business reviews are going to have a field day with this one ("If it is so insecure why are we using it?", "Can a company take them seriously when they come around trying to do business claiming Microsoft superiority?"). This will make a lot of press sites, and I seriously wonder if this won't be the thing that finally tips the balance against Microsoft in the eyes of the general population or at least the general business population. Although the general press is extremely ignorant about IT things (the BBC is a brilliant example of this) even they wil be able to put two and two together that something is very wrong with this company.
I cannot see this benefitting Microsoft in any way. There will of course be the usual pro microsoft sites such as ZDNet that will report this verbatim (with a straight face) but, for a company that is trying to garner support for "Trustworthy computing" and it's
I don't know what kind of an effect this will have on foreign governments, but this will not go down well with EU even though they are just as IT-ignorant as American politicians.
I know that if I had my own company and read through some of the statements that Microsoft have made in court I wouldn't be laughing like I am now.
Microsoft is resorting to desperation tactics... they know they've lost.
Actually, this is entirely consistent with MS's strategy all along: it has been arguing that it and its products are so profoundly important to the American economy and security that any remedy which interferes with its ability to act as it pleases should be struck down by the court. Otherwise, everyone will suffer at least as much as MS will.
It's the exact equivalent of a mob boss saying that he shouldn't be imprisoned for running a protection racket, because then he wouldn't be able to protect his customers. Moreover, he wouldn't be able to provide for his innocent wife and children (even though it's been shown he abuses them as well).
Microsoft isn't at all desperate; they're just so arrogant, and so blind to basic security principles, that they don't really see a problem with what they're saying.
In the wrong hands, sanity is a dangerous weapon.
Unsafe in any configuration
oh, please, anyone who's actually coded for the API knows that certain methods won't work unless you follow the example code literally, regardless of the documentation of the API.
but since many of us who post here have actually coded for the API, you really think we're going to buy excuses like that?
-
--- Will in Seattle - What are you doing to fight the War?
There was a reason why there were pictures of Seattle on those captured PCs that al-Qaeda were using.
It wasn't that they were trying to make bioweapons to use on us.
No, they got H1B visas and are coding in Redmond as we speak!
-
--- Will in Seattle - What are you doing to fight the War?
Well I hope the evaluators presently evaluating MS products for the red book/ EPL whatever , take note of these remarks, rather than restrict their scope of evalaution with the same thouroughness that the auditors of Enron did. - accepting blind assertions ; not going after quarantined information.
Whatever fancy post-degree certifications they have, they would be putting their names down as approving something less than secure or trustworthy. Arguably, national security is compromised by such excemptions.
National security, and MS, is an oxymoron. Those in the know, just stick to the EPL. You don't see SUN, IBM, or HP trying such tactics, seeking blanket excemptions to cover up defective protocols . At the end of the day, purchase decisions must stand on unbiased evaluations. Managers who jepordise their enterprise with unsafe IT mantra, must be educated. If they have bought wrongly, or been mislead about a products in)security, then the courts provide a means of injunction or relief.
Now we have a admission, under oath.
Don't need much more than that.
If you can do that, why can't /. ?
and everyone new about the flawed code as evidenced by the following list of IE's vulnerabilities:
.lnk/.url Vulnerability
2002-05-15: Microsoft Internet Explorer Content-Disposition Handling File Execution Vulnerability
2002-05-15: Microsoft Internet Explorer Zone Spoofing Vulnerability
2002-05-15: Microsoft Internet Explorer Cookie Content Disclosure Vulnerability
2002-05-01: Microsoft Internet Explorer/Outlook Express XBM Handling DoS Vulnerability
2002-04-24: Internet Explorer Recursive JavaScript Event Denial of Service Vulnerability
2002-04-20: Microsoft Internet Explorer Self-Referential Object Denial of Service Vulnerability
2002-04-16: Microsoft Internet Explorer Unicode Character Handling DoS Vulnerability
2002-04-16: Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability
2002-04-15: Microsoft Internet Explorer History List Script Injection Vulnerability
2002-04-08: Microsoft VBScript ActiveX Word Object Denial Of Service Vulnerability
2002-04-02: Microsoft Internet Explorer Cascading Style Sheet File Disclosure Vulnerability
2002-03-29: Microsoft Internet Explorer Known Local File Script Execution Vulnerability
2002-03-28: Microsoft Temporary Internet File Execution Vulnerability
2002-03-27: Microsoft Internet Explorer DYNSRC File Information Disclosure Vulnerability
2002-03-19: Multiple Vendor JavaScript Interpreter Denial Of Service Vulnerability
2002-02-21: Microsoft VBScript Same Origin Policy Violation Vulnerability
2002-02-11: Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vulnerability
2002-02-11: Microsoft Internet Explorer Forced Script Execution Vulnerability
2002-02-11: Microsoft Internet Explorer Content-Type Field Arbitrary File Execution Vulnerability
2002-02-11: Microsoft Internet Explorer MIME Type File Extension Spoofing Vulnerability
2002-01-16: Microsoft Internet Explorer Form Denial of Service Vulnerability
2002-01-15: Microsoft Windows XP Pro Upgrade IE Patch Downgrade Vulnerability
2002-01-14: Microsoft Internet Explorer Arbitrary Program Execution Vulnerability
2002-01-12: Microsoft Internet Explorer Clipboard Reading Vulnerability
2002-01-06: Microsoft Internet Explorer Modeless Dialog DoS Vulnerability
2002-01-03: Microsoft Internet Explorer JavaScript Local File Enumeration Vulnerability
2002-01-01: Microsoft Internet Explorer GetObject File Disclosure Vulnerability
2001-12-20: Microsoft Internet Explorer Refresh Denial of Service Vulnerability
2001-12-19: Microsoft IE Same Origin Policy Violation Vulnerability
2001-12-15: Microsoft Internet Explorer XMLHTTP File Disclosure Vulnerability
2001-12-13: Microsoft Internet Explorer Arbitrary File Execution Vulnerability
2001-12-13: Microsoft Internet Explorer Remote File Viewing Vulnerability
2001-12-11: Multiple Vendor Image Count Denial of Service Vulnerability
2001-11-26: Microsoft Internet Explorer Spoofable File Extensions Vulnerability
2001-11-21: Microsoft Internet Explorer Password Character Determination Vulnerability
2001-11-19: Microsoft Internet Explorer Patch Q312461 Existence Vulnerability
2001-11-14: Microsoft Internet Explorer Cookie Disclosure Vulnerability
2001-11-09: Microsoft Internet Explorer Cookie Disclosure/Modification Vulnerability
2001-10-23: Microsoft Internet Explorer JavaScript Desktop Spoofing Vulnerability
2001-10-10: Microsoft Internet Explorer Zone Spoofing Vulnerability
2001-10-10: Microsoft Internet Explorer HTTP Request Encoding Vulnerability
2001-08-14: Multiple Vendor HTML Form Protocol Vulnerability
2001-07-27: Microsoft Internet Explorer Arbitrary HTML File Execution Vulnerability
2001-06-19: Multiple Vendor IMG Tag DoS Vulnerability
2001-06-06: Microsoft Internet Explorer File Contents Disclosure Vulnerability
2001-05-16: Microsoft Internet Explorer Server Certificate Validation Vulnerability
2001-05-16: Microsoft IE SSL Spoofing Vulnerability
2001-04-20: Microsoft IE and OE XML Stylesheets Active Scripting Vulnerability
2001-04-17: MS Windows Explorer and Internet Explorer CLSID File Execution Vulnerability
2001-03-31: Microsoft Internet Explorer File Disclosure Vulnerability
2001-03-29: Microsoft IE MIME Header Attachment Execution Vulnerability
2001-03-09: Microsoft IE Telnet Client File Overwrite Vulnerability
2001-02-22: Microsoft Internet Explorer Patch Q290108 Vulnerability
2001-01-15: Microsoft MSHTML.DLL Crash Vulnerability
2000-12-13: Microsoft Internet Explorer 'mstask.exe' CPU Consumption Vulnerability
2000-12-01: Microsoft Internet Explorer 'INPUT TYPE=FILE' Vulnerability
2000-12-01: Microsoft Internet Explorer 5.5 Print Template ActiveX Vulnerability
2000-11-23: Microsoft Internet Explorer 5.5 Index.dat Vulnerability
2000-11-20: Microsoft IE Temporary Internet Files Folder Disclosure Vulnerability
2000-10-24: Sun Compromised Browser Certificates Vulnerability
2000-10-12: Microsoft Internet Explorer Cached Web Credentials Disclosure Vulnerability
2000-09-04: Microsoft Internet Explorer Navigate Function Cross Frame Access Vulnerability
2000-08-10: Microsoft Internet Explorer Scriptlet Rendering Vulnerability
2000-07-14: Microsoft Internet Explorer 5.01 / 5.5 DHTMLED and IFRAME File Read Vulnerability
2000-06-27: Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
2000-06-27: Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
2000-06-24: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
2000-06-06: Microsoft IE NavigateComplete2 Cross Frame Access Vulnerability
2000-06-05: Microsoft IE SSL Certificates Vulnerability
2000-05-17: MS IE ActiveX Combined Component Attributes Vulnerability
2000-05-17: Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
2000-05-11: Microsoft IE Cookie Disclosure Vulnerability
2000-04-19: MS IE 5.01 JSObject Cross-Frame Vulnerability
2000-03-01: MS IE HTML Help Shortcut Vulnerability
2000-02-19: Microsoft Signed ActiveX Active Setup Vulnerability
2000-01-07: Microsoft Internet Explorer Security Zone Settings Lag Vulnerability
1999-12-22: Microsoft IE external.NavigateAndFind() Cross-Frame Vulnerability
1999-12-06: Microsoft IE5 vnd.ms.radio URL Vulnerability
1999-12-02: Microsoft IE5 WPAD Spoofing Vulnerability
1999-11-30: Internet Explorer Subframe Spoofing Vulnerability
1999-11-29: Microsoft IE5 Offline Browsing Pack Task Scheduler Vulnerability
1999-11-22: Microsoft IE5 XML HTTP Redirect Vulnerability
1999-11-14: Microsoft Windows Media Player ActiveX Error Message Vulnerability
1999-11-08: Microsoft ActiveX CAB File Execution Vulnerability
1999-11-04: Microsoft IE window.open Redirect Vulnerability
1999-10-18: Microsoft IE5 Javascript URL Redirection Vulnerability
1999-10-11: Microsoft IE5 IFRAME Vulnerability
1999-09-27: Microsoft IE Setupctl ActiveX Control Buffer Overflow Vulnerability
1999-09-27: Microsoft hhopen OLE Control Buffer Overflow Vulnerability
1999-09-27: Microsoft IE Registration Wizard Buffer Overflow Vulnerability
1999-09-27: Microsoft IE5 Download Behavior Vulnerability
1999-09-13: Hotmail Javascript STYLE Vulnerability
1999-09-10: Microsoft IE Import/Export Favorites Vulnerability
1999-08-27: Microsoft HTML Form Control DoS Vulnerability
1999-08-25: Microsoft IE Virtual Machine Sandbox Vulnerability
1999-08-25: NT IE5 FTP Password Storage Vulnerability
1999-08-21: Microsoft IE5 ActiveX "Object for constructing type libraries for scriptlets" Vulnerability
1999-08-21: Microsoft IE5 ActiveX "Eyedog" Vulnerability
1999-05-27: Microsoft IE Legacy ActiveX Control Vulnerability
1999-05-09: Multiple Vendor Browser Bookmark JavaScript Vulnerability
1999-05-03: Microsoft Internet Explorer 5 Favicon Buffer Overflow Vulnerability
1999-04-22: DHTML Edit ActiveX Control File Stealing and Cross Frame Access Vulnerability
1999-04-09: Microsoft IE Scriptlet Component Vulnerability
1999-01-28: Microsoft Internet Explorer Invalid Byte Cross-Frame Access Vulnerability
1999-01-27: Auto-execution Of VBA code Vulnerability
1999-01-21: Microsoft IE4 Clipboard Paste Vulnerability
1998-04-14: Microsoft Internet Explorer EMBED Vulnerability
1997-03-01: Microsoft Internet Explorer 3.01 Remote
This has got to be a mistake!! I will not believe this!!
I bet the unfortunate military helicopter crashing in Afghanistan a month or so back was due to the pilots vision becoming completely blue with some white text describing something called a "General Protection Fault". They are basically admitting their code is a national disaster waiting to happen. Good thing newer electroinics (embedded systems) are using Linux or some other non-MS product.
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
next thing you know you're not gonna be able to unclick "hide system files" in windows because it threatens security
My dear friends... they just shot themselves in the head!
;)
Hoorah!
You have a good chance at being right.
If the DMCA/CBITA/UCITA don't kill off Linux/free software, we'll soon be hearing the propaganda machine spewing...
Linux,
the choice of fine terrorists everywhere.
You may have a point. If one asks oneself what they really have to lose by disclosing all their APIs the answer might very well be that someone might find a disproportionate amount of properties, return values and methods that they recognise from elsewhere.
The best part is I don't even have to explain to Government IT people anymore why they shouldn't use Microsoft products anymore, they did it for me.
Bad publicity is MS' ONLY liability. They force their customers to sign away all potential liability with their EULA. Their only incentive is not to look so bad that it hurts their bottom line.
Let me get this straight. The product that Microsoft's monopoly rests upon, the monopoly that they illegally maintained and expanded, is so flawed that it threatens US national security. Did someone from Microsoft REALLY say this? If so, it is clear they have gone mad in Redmond. What do they expect the millions of companies and government agencies to do? Wait until Longhorn, or whatever is ready? And hope all the holes are fixed by then?
"Uhh, sorry Mr. President, the NSA can no longer monitor international communications. Our systems are just too vunerable to hacking to be used. Jim Allchin assured us that a comprehensive fix would be available within 18 months."
"In other news, the US Navy has ordered all AGEIS cruisers into port indefinatley. The AGEIS computer systems were deemed too risky for combat use. The Pentagon would not comment on reports the entire US fleet would require software overhauls before any offensive combat operations could be contemplated."
"World stock markets are today in freefall as most major international corporations raced to secure information systems based on Microsoft's Windows operating system. Some experts estimate that the expense of fixing or replacing mission critical software to provide an adequate level of security would dampen the World economy for a decade."
This goes so far beyond a computer industry issue. Its a staggering admission of guilt. What CIO would be caught dead installing an MS system unless they have absolutly no alternative?
There is also the legal issue. If someone has sustained an economic loss due to "flawed code", that they are using because MS illegally supressed competitive alternatives, then they have a really good case for compensation. And the hardest part, proving that MS illegally manipulated the market, is already done. And they have some tens of billions just sitting around, waiting for the right lawyer to just take away.
Umm.. I don't think the issue is so much with poor documentation where documentation exists, I think the issue is more with non-existing documentation.
If you are looking at the whole system from the point of documentation, of course everything looks great? That's like looking at the world though a great big filter.
Instead you will have to go the other way; check all DLL/EXEs for exports, and then see if those exports are documented. Some exports aren't even done by name, but only by ordinal, making them even harder to use.
I'm not a win32 guy either, so I can't give any concrete examples off hand, but I'm pretty sure this is partly where the issues lie.
You really cannot say the APIs are highly documented unless you have disassembled the code to see what it can really do, can you? Sure, there might be a hundred documented functions, but that is only impressive if there are only a hundred exports, and those exports are limited to the paramaters defined by the documentation.
Belief is the currency of delusion.
Actually, there is no one called Allchin at Microsoft. Allchin is a descriptive term for All Chin, Jabba the Hutt.
Even though he also works for George Lucas, All Chin has a long history of eating cute, squeaky animals for Microsoft, too. For example, in the December 12, 1994 edition of Computer Reseller News, page 269, column 1, fourth paragraph, he said that a software emulation patch for the Pentium floating point processor bug would not affect performance greatly. This was true, as long as customers didn't use it. If the program they were running used that part of the floating point processor, however, the processing would be far slower.
Now he's telling us that war is a good reason for us to let Microsoft do what it wants to do anyway. To Microsoft, we are all cute, squeaky animals.
This is what Icall Linux FUD. I know for a fact that MS would not release such a statment for public viewing which would, in the end, destroy their business with the corporate world as we know it. Just chalk another one up to the Linux FUD Department.
Cost of Linux FUD? Free. Written by a group of disgruntled Linux Techs who are still making 14/hr.
~Admrlnxn
"I got your mom in my trunk"
I love the quote "Microsoft code was so flawed it could not be safely disclosed." That's an honest appraisal.
:-)ing their own fucking throats.
What the fuck are people doing with it then? That's like laying down in front of a bully and yelling "Kick Me?"
I'd hate to think that it really was a matter of National Security. Luckily, its not. Nobody with something that needs a serious, secure computing platform uses Windows.
Man, M$ are slash(dot
Now some people I know who were merely concerned before will install Linux on their servers for sure and try StarOffice on their desk top machines.
What will happen to the people at bug tracker then? They'll be made redundant since almost all these "Net" bugs are M$ bugs.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.
Somehow, I think that if the US government forbade the use of any Microsoft applications within federal facilities, pending a code review by a neutral 3rd party to identify and fix potential security holes, you'd see Microsoft scramble to get their shyte in gear pretty damn quickly.
As somebody already stated in this thread, Peru has the right idea: open source allows people to public review code for potential security flaws, which is how most bugs are caught anyway -- a fresh pair of eyes takes a peek. Ultimately, there's no way that Microsoft can compete with this code development paradigm -- since there's so much Open Source code "out there", it might spread people's attention out a bit too thinly in places, but over time one would hope that Linux apps will only more secure / stable.
You only help the terrorists!
Just think of the children!
-- Will program for bandwidth
One is sort of chunky and ugly, and she won't let you see her naked, and you pretty much know already that you wouldn't really enjoy it if she did. The other has a slim, beautiful body, and when she takes off her clothes and parades it around, all the men ooh and ahh over it. That's the analogy I like to use. Maybe it isn't 100% correct, but that's the impression I get when you've got MS saying "No, no, you don't want to see our source code!" and meanwhile, you've got these open source softwares that are taking it all off, and saying "hey, baby, look at THESE!" Microsoft is NOT sexy. Linux, apache, and all of those wonderful open source projects ARE. But this is just how I see it. I mean, if I was to go on a date with a woman, and she proudly told me that she has an MCSA certification, I'd probably politely nod, but secretly be planning on my escape (maybe run away after telling her I had to use the restroom). On the other hand, if she told me that she had her own php based website, and that her text editor of choice was vim, then I'd be all weak-kneed and googly-eyed, and I'd want her to have my children. But again, that's just me. I don't know how it is for other people. I mean, I may not really UNDERSTAND beautiful women, but I sure like to look at them. So, I don't think there's any action required, as in "let's get rid of Microsoft." I think that it's really just a matter of educating the masses that there's an alternative, and it looks good naked. Or as you might say, it's a lot safer because the code can be (and is) made public without compromising national security.
I never thought I would ever say this :-)
But yeah, I've wasted enough time (and thus the company money) fighting these stupid outlook/IIS viri and we are not the only company in the world...
bash$
MS only take the flak for this because there are so many serious bugs in their software.
Any developer reading this knows that writing 100% bug-free code is hard, and often beyond economic viability. You get diminishing returns with your QA investment.
OTOH, any competent software developer will write code containing only a very few serious bugs, and some more that are just irritating but not of the "data lost" or "system compromised" sort of level.
Microsoft, the most powerful software development house in the world, is shipping disorganised crap because of good marketing, and now they are complaining that they should get cut some slack because what they're shipping is crap? Sorry, I have no sympathy. If we shipped stuff of that standard to our clients, they wouldn't pay us, end of story.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
.. and this is for the paranoid out there:
The reason he mentioned this flaw is because MS know of - or figure that there will now come to be - an exploit for said bug.
At which time they (MS) can turn around and start crying about how talking about security problems only make things worse, and "see what we mean? We only mentioned it existed, and see what happend! Surely you can picture the horrors of opening the APIs?"
We'll see.
Belief is the currency of delusion.
I didn't realize they were being asked to share the source code. I thought they were just supposed to document the APIs and protocols.
What is it good for?
Absolutely nothing, say it aga...uh, scratch that.
The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said.
Why not fix the god damn bug and release a patch? Holy shit! Microsoft releasing free patches?! It works under Linux, why can't it work for Microsoft?
It also seems that Jim Allchin has no brain... afterall, he is all chin.
So are you trying to imply that mean M$ should be allowed to behave in whatever fashion they see fit because they are a risk to National Security. Furthermore, you failed to mention in your example that: 1.) over 90% of the cars on the road were made by said manufacturer, 2.) said manufacturer gained their cupholder marketshare by 'integrating' it into their existing monopoly product, and 3.) the car won't run without the cupholder.
Furthermore... IE and Media Player are hardly cupholders - more appropriate analogy might be be a car stereo, not a cupholder.
[Head shots of teenagers against a black background, speaking directly to the camera; somber lighting; penitent tone]
UNIDENTIFIED ACTOR: I helped murder families in Colombia.
UNIDENTIFIED ACTOR: I just wanted to play Minesweeper.
UNIDENTIFIED ACTOR: I helped kidnap people's dads.
UNIDENTIFIED ACTOR: I just wanted to listen to music with Windows Media Player.
UNIDENTIFIED ACTOR: I helped kids learn how to kill.
UNIDENTIFIED ACTOR: I was just browsing with IE6, you know.
UNIDENTIFIED ACTOR: I helped kill a policeman.
UNIDENTIFIED ACTOR: I was just having fun.
UNIDENTIFIED ACTOR: I helped a bomber get a fake passport.
UNIDENTIFIED ACTOR: Other kids do it.
UNIDENTIFIED ACTOR: I helped kill a judge.
UNIDENTIFIED ACTOR: I helped blow up buildings.
UNIDENTIFIED ACTOR: My computer, my OS.
UNIDENTIFIED ACTOR: It's not like I was hurting anybody else.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
More of Microsoft fighting legal bullshit with legal bullshit. Can't wait till these lawsuits reach the inevitable ( & pointless) settlement.
I wonder why he 'volunteered' this information.
Looks like they have no other way out, so they blame bad code and security for their monopoly.
The U.S. Government, especially the Department of Defense, has, at times, gone to some lengths to maintain at least some degree of competitiveness in what it considers an essential defense industiry. (E.g., the aerospace industry in the U.S.) Ironically, the same government may now perceive security vulnerabilities as a result of Microsoft's behavior.
-- Slashdot: When Public Access TV Says "No"
"In response to the mass laughter we've been hearing upon admitting this, we'd just like to point out that if you were to release the source to say, Linux, it would have serious security problems too."
Oh wait...
No sig for you.
This should be called FUD.NET. Instead of using unannounced software to strike fear into people so they won't buy a competing product, just scare them into thinking that if we try to be mean to Uncle Microsoft that it'll hurt "Our Boys fighting in that there war".
I don't particularly believe that MS has to open up there source code, just document the protocols and API's for 3rd parties
(after all, when you create a micro-economy around your product (Windoze), you need to support your ISV's, especially when you are a monopoly like the Baby Bells... They have to play nicely with each other, or at least make the phone calls go though).
Anyone else have a feeling that no matter what, MS has enough money to ensure they won't loose this fight... I hope this isn't the case, but I have a bad feeling....
Let's be a bit more precise here. A more acurate expression of the contrapositive is
And it has a bit different meaning with "can be" than with "is".I work for a defense contractor and have had to put up with this for years. I suppose MS can go this route if they really want to. They're already bloated enough; add government security procedures to the mix and they'll become every bit as agile and responsive as any other constituent of the Military-Industrial Complex.
Boy, that'd be a hoot.
And the brethren went away edified.
Does anyone know what happened with that proposal? Did the peruvian congressmen vote on it yet?
Liberty.
I know this is just another slick tactic, but ... what of they are right? If their code does get "opened", what are the odds that someone will find a really dangerous hole and exploit it?
Think about who uses Windows. Hospitals. Air traffic controllers. Firemen. Power providers. The police. EMTs. The fricking military.
I am NOT saying they should get away with this. Microsoft's lawyers are undoubtedly certified dog boogers. But,... what if they are (accidentally) right?
=brian
Remember this and this?
They admit their code is that flawed?
Then, for the love of all that is holy, unleash a furious storm of FUD the likes of which even god has not seen!
Linux. Be patriotic. Don't run software that can jeoparodize national security.
This is mostly smoke. They really fear the amount of code that is covered by other's software patents (patents which should not have been issued in the first place) and code that was copied from countless others. They have been caught using patented code in the past.
I guess they needed something to replace `War on Communism' now that Communism's more popular and less threatening.
I've seen a similar approach elsewhere, too. For example, if any inconvenient fact looks like it might support Creationism, there are those who immediately impugn it as being `War on Science'. (-:
On a less provokative note, Microsoft also dub much of their opposition `War on Free Enterprise'. The law ain't done 'till Linux won't run.
Got time? Spend some of it coding or testing
Except for those of us carrying nova bombs. Eeeyaaah! GPL'ed code! We're doomed!
Jabba is also shown eating ugly, gronchy-sounding froggish thingies, but I don't think that invalidates your thesis. (-:
Got time? Spend some of it coding or testing
I don't know if I really like him but I think we should vote for him next or someone who will just smash up MS into so many pieces....
National Security means MS security. I guess since they have so much money and control so much of the economy they could bring down a portion of the country.
Get your Unix fortune now!
Microsoft - our software is SO flawed that it cannot be disclosed, but it should still be installed on EVERY desktop computer in the world.
Linux - our software is visible to anyone and in fact the National Ssecurity Agency produced their own distribution based on it.
Is this the makings of an ad campaign or what? I could use more laughs after their ad saying that their servers stay up for days without attention.
It sounds to me like a lot of people on here are missing the point. The point isn't that Microsoft has sucky and bug prone software, the point is that Microsoft has pulled the wool over everyone's eyes again. Everyone on here immediately began laughing with glee and indignantly crying for the government to force MS to "recall" their software. Everyone is missing the point that MS will do anything to keep its advantage, which it believes lies in closed source code. Therefore, MS uses the national security copout, and wins again, all the while laughing at the nerds on slashdot who completely and utterly miss the point.
$45 per U Colocation Special
Honest people died on 9/11, must we all profit off it?
I say come down hard on people that do, its disgusting beyond words.
---- Booth was a patriot ----
... strengthens the security of the citizens, both in their role as legitimate owners of information managed by the state ...
... their role as consumers ...
And spend less time attempting to control this:
Since they won't elaborate on any of the possible bugs [which by their statments might lead to Armageddon], it seems everyone must simply comply and exempt such APIs as M$ deems fit.
I find it incredible that national security stems into Digital Rights Management (DRM). Can someone elaborate on how the two are even remotely connected? Also, are there any /. people using Message Queuing which might have some feedback on what this will do to their current plans?
The code yes with all those coders comments thats what they fear the truth to be known that their code is shit and a threat to National Security. Congress and GAO should launch an investigation as to just how many of are government computers are at risk from runnning WinBackdoorCrashBSODScriptKiddieTakeDownYourSatell ateTakeDownYourPowerGridTakeDownYourWaterSupplyLau nchCruiseMisslesLaunchNuclearMisslesMicrosoftNoTec hnologyShitWare. OsamaBinLadin APIS Saddam APIS NorthKorea APIS embedded in your software ready to be exploited by terroists. If your Government runs Microsoft Software they are allowing their country to be placed in real danger because it has come straight from Microsoft itself that running Microsoft software is a National Security Risk. Why in hell would any Government charged with protecting its people and its country allow Microsoft Software to be run on their Government Systems. You have to ask is the software in the Airplanes?In the medical sevices? Nuclear reactors? Just how many critical systems have been compromised by Microsoft Software. What is so hard about getting rid of this shitware called Microsoft and installing Linux right now. The US Government has Security-Enhanced Linux at the NSA why do they not right now start installing it on all Government computers and get rid of this Microsoft shit. http://www.nsa.gov/selinux/index.html Yes Microsoft is dying BSD is dying Long Live the Penguin :)
I'm thinking preemptive strike. Who's good with video? We need to whip up a tape of Osama using Windows XP to deliver orders to his terrorist organization. Maybe have him use it to download some pictures of unnatural acts between men and sheep too. Then we will have effectively defused any argument by MS that Linux facilitates terrorism.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Please tell me an alternative to slashdot. I want news, not opinions.
... and I need a couple of clones of Britney Spears to keep around the house. If I don't get them, the war effort in Afghanistan may be endangered.
Always keep a sapphire in your mind
A long time ago I had a sig line -
... I'll have grounds
__________
Microsoft - The Number One Manufacturer of 'Tools for Terrorism (tm)'.
__________
This was inspired by the then almost weekly anouncements about security problems with the design of and use of Active-X, macro-viruses, IIS, etc.
Now their lawyers have concurred.
Guess I was right all along !
- Mchummer
__________
More relative than this: the play's the thing
Wherein I'll catch the conscience of the king.
Hamlet. Act ii. Scene 2
__________
The exploit was created before the Fix. It just didn't take effect until after they released the fix. Therefore, it was totally Microsoft's fault.
Patches in the real world aren't just fixing security exploits, they are fixing possible security exploits. Microsoft doesn't really care about security though, and that's why we have so many problems, but it's helping microsoft, so why complain??
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
for (int i = 0; i < 3; i++)
{
switch (i)
{
case 0:
DoThing1();
break;
case 1:
DoThing2();
break;
case 2:
DoThing3();
break;
}
}
Bill Gates made his billions by fraud lies and deciet makes you wonder if he gave the Source Code to the highest bidder like OsamaBinLaden $$$. We know the Terroists used Microsoft Flight Simulator whats to say they do not have all the source code or some rouge programmer programed some Secret APIS into Microsoft Products hidden backdoors so they could plant trojans viruses logic bombs time bombs in the software code and on computers in the DOD, NSA, CIA, Whithouse, ect...... keyloggers capturing every stroke on a government terminal from some remote place with a laptop. The Government needs to do a complete audit of their systems and they need to get rid of Microsoft software right now its a National Security Risk. Bill Gates sold us out and compromised our Computers Worldwide and now the whole world is at risk to a 911 cyber attack.
Melissa? A combination of knowing about a way too scriptable mail client, knowing that most folks don't have extensions showing (another great MSism, don't show people what they get from unknown, untrusted folks in the mail), even though most would probably click on a
MS Word & Excel virii? Way too scriptable applications. Also from a VB book. No source needed to write the virus.
Besides, the errors need to be fixed. Secuurity through obscurity hasn't really worked so far.
As was stated above, this was not an NT problem, this was a problem with one of their applications. It x/0'd, and the app died. Yes, an operating system worth something would have restarted the daemon, but that's another story. :)
20 May 2002: There are currently 13 unpatched vulnerabilities in Microsoft's Internet Explorer. The lack of source code access provides no real defense.
See the latest issue of Bruce Schneier's Crypto-gram Newsletter
Oh yeah, I can REALLY see someone who's performing ONE illegal act (ie: hacking a critical system) being worried about a piece of legislation like the DMCA..... NOT !!!
As insane and draconian as the DMCA is, it is highly unlikely to serve as a deterrent to someone who is performing other illegal activities.
As for M$'s approach to (a) security and (b) quality, their track record speaks for itself. They can NOT be trusted, not now and probably not ever. They have time and again shown a flagrant disregard for both laws and morals.
If the M$ Code is so dangerous, maybe we can get Surgeon General David Satcher, M.D., Ph.D.
to require warning labels on every box!
"Warning: This product may exhibit serious security flaws and compromise National Security and cause death of US Soldiers fiting terrorism in foreign countries."
yvaN eht nioJ
___
If you think big enough, you'll never have to do it.
The NSA, for example, cannot sit and tinker with windoze's security holes the way they can with OSC (open source code)...
If there really are nasty bugs in Microsoft Code running on millions of US civilian, government and military PCs, what's a quicker way of discovering them than resorting to the courts to open the code?
Hey, I know, employ Howard Scmidt!! I made the point at the time that he's probably in the Whitehouse advising on just this sort of stuff.
I'd guess your government already has a pretty good idea how brittle their national security really is...
"If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
Does this mean that if a M$ programmer quits they have to lock him up at Guantanamo Bay or better yet shoot them because they're a potential national security threat.
Firing Squad at Dawn!!! Yeahaaaa!!!
1. this is total BS and plain old wrong. MS is using terrorist attacks to protect themselves, which is a total slap in the face to those who died. MS should get a bitch slap just for trying that one. Talk about being completely unpatriotic and selfish.
2. close source as protection is a total falicy as everyone in programming knows. probing for hidden API isn't hard and most likely have already been discovered by serious hackers and well funded terrorists. Do you really think a well funded terrorist organization can't get a copy of windows source code. A million or two will easily purchase the source code from an unappreciated employee. Get real!
If anyone seriously believes that line of BS, I have an eiffel tower to sell.
The tobacco industry: "Smoking doesn't cause lung cancer. Oh wait, I meant YES, yes it does."
Microsoft: "Our code is sacred and can't be viewed. Oh wait, I meant SCREWED, not sacred."
Sir_haxalot
stuff |
BZZZT, sorry you're wrong... Don what do we have as a parting gift?
Let's think for a moment.. Microsoft Loves to be in control... they absolutly adore getting you to run scripts of theirs as admin.. So why does this become impossible for MS administrators? Granted, Windows Admins are lacking in general computer skills let alone standard IS and IT knowlege.. but what the hell is stopping MS from making their version of up2date? I have a cron job that every friday at 3:02am runs up2date as root and automatically says yes to everything except for kernel.
wow, I never have to think (like a MCSE) and my linux servers are all secure automagically... Granted if someone hacks redhat I'm toast.. but I'm betting that they wont get hacked.
so again... what exactly is stopping microsoft from publishing patches and fixes every hour? what exactly is stopping them from writing an automated updating system? (I know critical update service already exists.. it's MS's fault that it isn't on everything on the planet and running right now... Hell let's change the EULA again... failure to do so invalidates the licenses and calls the BSA dogs.... your soul becomes the property of Bill Gates... oh wait, that's already in there..
There is no excuse.. Microsoft can and should fix this stuff and get the patches in the wild ASAFP via an automated system.... how about a daily check to MS and if it get's back a 0 then everythings ok.. if it get's back a 1 then fire up and download and install...
Unfortunately... one problem with microsoft products... most updates require a reboot... something no sane admin will allow automated on a critical server.
Do not look at laser with remaining good eye.
I don't understand the goal of Microsoft's argument.
The only solution is fixing the bugs.
If "enemies" were serious about exploiting software flaws, they would:
1) bribe MS employees to get access to source code for Windows, Exchange, Office, Sql Server, etc.
2) create fake companies that would then pay for source code licenses and/or full access to the code.
I wonder if they dont realize the free software propaganda they are making with these statements... It's about time the US government realizes the risk surrounding Microsoft products and go open source. Things here in Brazil are starting (very slowly, of course) to move that way.
hahahahahahahahah!!!
So the only reason that Microsoft has kept its code a secret is to keep everybody from knowing how shitty their programmers are?!! HAHAHAHAHAHAH!
Problem: "It's bad for the U.S. if we release our API's."
Solution: "Fix your design flaws; in the meantime we'll use Linux. Nice doing business with you."
I agree with several other posters that if the problem is that serious then the product should be recalled. The good thing about Linux is if you are a programmer and there's a problem with Linux then a person can fix it. With Windows they, as everyone knows, hide their code behind National Security, Legislation, and other FUD's.
Abiit, excessit, evasit, erupit.
Comment removed based on user account deletion
MS has used tons of patented code that belongs to other companies/individuals that they don't want noticed. They beg/borrow/lie/steal/cheat...what's new?
National Security is the first.
I bet the next thing will be an MS fake architecture degree!
Wasn't Microsoft already shown to be a threat to
0 0b_j.shtml
national security?
Way back in May of 2000:
http://www.info-sec.com/internet/00/internet_0515
SIGLOST && SIGUNUSED && SIGQUIT
If we take down our fence everyone will see
.
our fortifications our made of straw.
Pathetic.
Microsoft
You can't lead.
You won't follow.
So get the Fuck out of the way.
An A1 certifiable system's grotesque overkill for most things the government does. Something along a B1 certifiable system would do nicely- something that an MS system couldn't do right now (nor, probably ever, from the looks of things at this point...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
IF..and that's an if, Allchin was testifying accurately, then I'd say there's a real problem.
(1) If you have 'bugs' that he sites as 'national security' reasons for not disclosing API's, you FIX THE BUG. If he is testifying truthfully, has MS notified DOD and other agencies of this potential flaw?
(2) If accurate, it's the best case yet disclosed for open source in government.
(3) If he thinks not disclosing it on the stand protects national security, the idiot (IMHO), just told everyone where to look. Secondly, I'd guess more than just 2 people at MS know of the flaws. He thinks if he just doesn't say anything, it won't get out? I doubt that every MS employee has government security clearances and is provided with periodic lie dectector tests
(4) MS, if they knew about this and didn't disclose to DOD, etc, should be forced to bear the brunt financially for getting ALL government systems OFF MS software. If they've sold a single piece of software to a government agency such as DOD or NSA since knowing about it and not disclosing it should bear a HUGE legal impact. IMHO, that'd go as far as banning purchase of their software by any government agency where national security is impacted.
(5) If anyone is going to cite national security, it should be an agency deemed as such. If MS has these concerns, then it's THEIR responsibility to notify DOD, DOJ, NSA, etc. It's the responsibility of THOSE organizations to determine if such items impact national defense and, if so, make motions before the court to preclude disclosure of certain API's etc. MS, I would hope, has absolutely NO legal footing to use a 'national defense' posture in refusing to release API's. I certainly dont' remember the Constitution saying that the government AND MS are to provide for a common defense.
The ONLY 'one' (group) to come out smelling like a rose on this one.. the NSA. It seems the idea of a secure and hardened linux idea has been a very good move.
This makes me furious. and it's not about MS and the antitrust.
hilarious.
I think they're telling the truth and they mean well.
I only hope it convinces the rest of us to pull our heads out and realize what a monster we're dealing with.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
For example, the GDI calls aren't the same for Win95 and WinNT- API-wise, they're the same, but they don't DO the same things when called, merely similar things. Worse, if you try to PRINT the graphic you just did, the result will differ from printer to printer under NT but be surprisingly consistent for 95 for all printers. There's tons of others in that space.
The API's declaration is consistent, but what one version of Windows DOES with the parameters may differ slightly or radically from another, supposedly identical one.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
It may not have been microsofts fault (who wrote the software that was dividing by zero?) but NT surely didn't help things any. I would think they would have been able to reboot the damn thing in 2 1/2 hours.
The question is can they legally do security work for MS on the taxpayers dime. I bet that the legal department ruled no. Open source is different because the general public has access to their work so a technique to secure Linux or BSD can be adopted in other operating systems and thus more closely fits the character of computer security work that is in the government's charter. NSA fix MS code? Only if MS pays for it, and richly. And even then, you run into the problem of undercutting private sector code shops so the NSA still gets whacked.
No, it isn't happening for well established legal reasons. The short version is we're not a bunch of communists.
Actually it's not workable. This has an obvious solution for MS, just don't fix the code and it stays secret. Why would they fix anything at that point?
Someone should be in court tomorrow at 9.00am sharp and sue the US government for voluntarely using products that are a risk to US National Security and it's citizenship as testified in court by the very maker of these flawed products! Making further use of these products for even *one* day longer is inexcusable in the current climate, as would be to have a self-admitted "Al-Quaida" member in [a] government office without any action taken against such a risk to national interests. /. users should e-mail the FBI immediately and leave messages at the Office for Homeland Security making the officials charged with our country's protection aware of this very real and imminent danger to our nation's well-being!!
Perhaps
Usually when Microsoft does something that looks incredibly stupid on the surface, like this, they have some sort of scheme behind it where it makes sense, and it usually requires a fairly deep analysis to figure out what they're up to.
On a different note, the fact that this company can even say things like this in public without even having to worry that it might hurt their sales a bit should be very telling by itself. We seem to have reached a point where anyone can reveal any information about how terrible Microsoft products are, and Microsoft's sales are unaffected in the least.
You'd be surprised how a company will jump when a very specific order comes down from the judge. Of course, there's always the alternative of the state contracting someone else to make the fixes.
I don't think there would be that much code which could be deemed worthy of hiding for "obvious" security reasons. That which is obviously an issue could be fixed a piece at a time, whether by Microsoft or a third party.
Remember, none of this code has faced public scrutiny before. To put it all out there at once is a mistake, unless the point is just to give Microsoft a hard time. If the point is to get the code out as quickly as reasonable, but still safely, a little caution is necessary.
But there's no reason to accept Microsoft's assertion that they just can't release code certain code at all because of security concerns. Depending on such security is no security at all. True security is mathematically provable, and secrecy of implementation/equations whatever doesn't affect the soundness of the mathematics.
the NSA has come out with a no kidding, no XP rule.
They will not allow anyone, classified or unclassified in the DOD to run XP.
They do not plan to either.
Believe me, its already making it "fun" to try to buy new PCs... i can't wait until 2004, when MS drops 2000 as a client OS, and then the bind we'll be in then, huh?
A weapon system that locks up because it doesn't have the right authentication key. How cool would that be!
fsck Microsoft. and Fsck the Air Force (where i work) - they are the stupid PHBs that didn't even concider anything else, didn 't look to anything else, and were too sheepish to try to find another solution that woudn't get us stuck in this way.
what boneheads. I'm working on a project that is in jeopardy because the system will only run on Windows NT 4.0, and we're having a hell of a time finding sources for NT 4.0 that are legal.
Pretty soon, we're going to just go illegal because we'll have no recourse.
we're so stupid...
guns kill people like spoons make Rosie O'Donnell fat.
OK, let's see...
They tried to say the industry would die if they were forced to reveal source code 'cause they'd have to stop making Windows 'cause it would just be too hard.
Uh-huh
Now they are saying they suck ass so badly that world + dog must be kept away at all costs or it will become clear how anyone can can-opener this wretched junk.
Uh-huh
These freaks would say anything to anyone to get their way. I'm surprised Gates didn't throw a tantrum in court and demand an apology for being forced to show how ludicrous the arguments made in defense of a monopoly truly can be.
My company agreed with me when I proposed converting virtually everything our employees see to Linux, but on one thing they stood firm: They really, really wanted this phone system.
..."
It's called Interactive Intelligence, and it effectively converts a PC with speakers into a phone. Its great ability is that you can listen in to telemarketing conversations (vital in our business, sadly), get reams of statistics about how our people are doing, and so on.
It has one flaw: It runs under Windows. You have to use a Windows client. It has a Windows server. And it integrates with Outlook, so everyone has to use Outlook for their email. For these reasons, I was knee-jerk against it, violently so. But I was overruled, and we bought it.
We've had it for about a year and a half, and about a week ago, it caught a perfectly ordinary Windows worm. It apparently arrived through an email, spread through our network, and bam! Bye bye phone system.
Our IT guy spent 72 sleepless hours cleaning up after it.
I laughed. Well, if anyone else tries putting their phone system on Windows, now I know what to tell them. "It's not that Windows is bad, I'm as open-minded as anyone, but it sure is one heck of a security risk
D
Great quote from Allchin: "The fact that I even mentioned the Message Queuing thing bothers me."
I guess that M$ will just prosecute anyone caught reverse engineering their binaries under the DMCA.
You said:
Oh yeah, I can REALLY see someone who's performing ONE illegal act (ie: hacking a critical system) being worried about a piece of legislation like the DMCA..... NOT !!!
As insane and draconian as the DMCA is, it is highly unlikely to serve as a deterrent to someone who is performing other illegal activities.
Reverse engineering was never illegal until the DMCA came around, as far as I know. What Microsoft is calling matters of national security are design holes in their APIs, so that if they made their APIs completely public, Alchin claims, it would be trivial for any terrorist (or anyone else who wanted to) to crash or exploit any arbitrary computer running Windows. Notice that I call this a design hole: if fixing the problem is not treated as a possibility, it is not a bug in the implimentation, but rather in the specification. Reverse engineering their APIs (until the DMCA a legal act in most all cases) would give you the same ability to crash or exploit a Windows system, after more work. (Allchin mentioned message passing, maybe it's the printf() exploit).
ps. I have spelled Alchinn's name wrong at least 2/3 of the times I have mentioned him.
...and this lie crawls out of its mouth: 'I, the state, am the people.'
Microsoft's own license agreement says they are not liable for anything save defective media. As long as the software installs on your computer, you're on the hook.
And, before you say this is simply outrageous conduct, I fear it has to be that way. The viability of free software depends on the viability of near-identical clauses in the GPL, after all.
To take a non-MS-related example, let's say my copy of Final Cut Pro just crashed and I lost an hour's worth of work. If everyone who bought the product was able to sue over problems like this, Apple simply could not afford the contingent liability associated with selling software.
The technology simply doesn't exist to make today's increasingly complex programs 100% reliable. We can improve, yes, and we must. But our whole industry would collapse in lawsuits if companies were liable beyond the purchase price for packaged software problems.
Of course Microsoft software is particularly notorious for this, thanks to its over-complex way of dealing with simple problems. Because of that I simply don't buy or use Microsoft software to any significant extent. I don't rely on it for my business, so it doesn't matter that it's junk.
More people should do the same, and I hope this and similar stories will make people consider alternatives more seriously.
D
then whoever made the decision needs to be nailed. maybe he's a secret member of al qiauda. Difficult to believe such a huge number of trained personnel would be so negligent to use MS in such areas. any URLs?
more ./ hypocrisy. you want less government regulation, except when it is for microsoft.. you cant have both..
One of the problems we have today is the definition of "open source." Some people feel that it needs to have a GPL like license, others think BSD is OK, others think that it just means that source is available to anyone that wants to look at it. This variety of definitions causes much confusion.
The Open Source movement is an outgrowth of the Free software movement (headed up by RMS and embracing both the BSD and GPL licenses). Open Source was an attempt to be more apolitical and business friendly than Free software. There was a conference organized on the west coast where the whole Open Source project started, where RMS was conspicuously not invited. What RMS created based on principle, they milk for all the money and publicity it is worth.
...and this lie crawls out of its mouth: 'I, the state, am the people.'
If Microsoft and Gates created something that could be a potential threat to the USA and its safety shouldn't they be arrested/charged with treason or at least something as bad as what they have charged the DeCss writers with?
The Man:"So your saying that your software problems could the be probable cause of the downing of an airplane by terrorists?"
MSFT:" Well yea, the code sucks so much that it could do that?"
The Man: " Just like a Bomb could bring down a plane?"
MSFT: "Well sure"
The Man: So you are saying that you have made something that could potentially harm the amercian public by terrorisim?
MSFT: Yep
The Man: Ok boys, (signals to men in black suits), Mr Gates, you have the right to remain silent, anything that you say will be misquoted...
-----------
Either that, or could the 'debug' or 'edit' utility be seen as devices for digital circumvention? Any MSFT products? What about the 'copy' command? hmm... interesting... it seems to be made to copy things. Billions of Mp3s have been copied freely using the 'copy' command, think of all those DOS programs that were copied using only that...
Well at least the copy command wasn't spyware.. and with no popups!!!
please mod down, this fucking twisted urban myth has got to die
Is outlook responsible for information loss and viruses? Spreading of viruses? Making a product that will perpetuate them?
Tibbon
tibbon.com
Even if they did release the source... are they making them release the comments to the code? Betcha its TOTALLY unreadable..
Tibbon
tibbon.com
Do you guys realize the ammount of Microsoft software that is out there in our collective infrastructure running fairly important jobs and storing sensitive info that COULD be comprimised if too much was made public?
Remember the SNMP vulnerabilities mentioned here a couple months back?
Well, they were kept quiet until most manufacturers of network gear had fixes ready for deployment.
Why? Why didn't they tell us about this sooner?
Because somebody, somewhere would have exploited it for some sort of gain. (political, financial, or personal 1337-ness)
Some things are better kept quiet.
That is what national security is about.
Oh yeah, MS is lame...there...now i fit in...
"Suburbia is where the developer bulldozes out the trees, then names the streets after them."
...programming against the win32 API...
Revealing an uphill battle? Freud would be proud.
;-)
CAn'T CompreHend SARcaSm?
I used to accept the military using Windows for ease of training up system administrators to replace those killed in SCUD strikes or whatnot, and to draw on the large talent pool relative to UNIX...
BUT, if this assertion is even partially correct, then the military needs to look seriously at alternatives. If national security is even slightly at risk from opening window information(accounting for the greater ease of fixing problems more opennness would create) then there is something seriously wrong.
Iwould recommend Mandrake Linux to the US Military in light of this. Sure, its bloated to all hell especially in the non expert install mode. But its more secure and stable than windows, and critical bugs that could affect national security are found and fixed very quickly, and it allows the military to fix bugs itself if it wants to!
Some of you may prefer Slackware or debian or what have you, but to get the power of linux in a military ienvironment you need ease of retraining, Mandrake is the easiest so for the military it makes the most tactical sense.
With this said, it's obvious Linux is now much more secure than Windows will ever be. The fact that they admitted the code is 'in-secure' will lead to a long-term security risk. At least with Linux the bugs, hacks whatever are hard to find. With Windows there's so many you'll bump into one or two just in time.
What ever happened to that so called "secuity-aduit" they did were they claimed to have fixed more bugs in their software than the community of Linux in a month than years of the Linux community?
... a good reason to throw windows. Government should really considere dumping this software if it's too flawed.
Too flawed to have the source code published= too flawed to be used.
Actually it was the Ariane IV versus Ariane V. A part of the control system was reused, and couldn't handle the new specs on the V version. The worst part was that they managed to build the bug into the backup system as well, so it tripped only a few ms after the main system gave up :-/
-._''_.-
Software bid on government contracts must have its source code placed in escrow already.
What about interoperability? Modularity?
Ah Yes, of course. microsoft is on top because there code is very interoperable, and uses non proprietory,open formats to make it easier for others to make interoperable software. And examples would be Ms version of kerberos, their JVM, their extensions to javascript, html, etc, etc.
As for modularity, they have themselves claimed in court that their code parts are so intertwined that they cannot be isolated. And of course, Your(or mine) boss cares a lot whether MS Word is modular on not, In fact, if it were not, he would stop using it!
The reason that someone is on the top is that it was chosen by IBM as the Os vendor when they launched the PC.
When in doubt, use brute force. -- Ken Thompson
Fool. The NSA and many others have had keyloggers attached to Bill Gates' PC for years. If they want the Windows source, they just have to open Notepad and hit the secret key combo.
Jeez, that sure was nice of those guys up in Redmond to come clean with regard to how bad their code is.
Like we didn't already know.
So, it's time to file some sort of lawsuit against Microsoft. They knowingly brought inferior product to market, they sold it to the Federal Government, knowing that it posed a national security risk.
Smells like some kind of fraud to me.
Time for Lil' Bill to do some cot-time in Cuba.
Moreover, it's everybody's patriotic duty to move to a more secure OS. OpenBSD, anyone?
Anonymous Coward? No. Mike Nomad? Yes.
Microsoft continues to surprise me on an almost daily basis.. though usually not with the kind of news & stories I'd like to hear (Halo PC anyone?).
This latest story is just jaw dropping.. and the thing that astounds me, after I explain this to a work collegue who is 100% Windows, he says that he can understand where Microsoft is coming from?!
No sympathy.. you charge that much you should write the 'best software in the world', no question about it. You cannot get to a situation like this, where you are possibly the largest software company in the world, only to supposedly admit that your software isn't quite up to scratch.
Shocking.
"Hey! Unless this is a nude love-in, get the hell off my property!!"
So Microsoft have indicated that there are some APIs and protocols they want to keep secret because they are dangerously flawed. All a cracker needs to do now is find out which APIs are to be kept secret, and concentrate all their efforts.
The result: Instant massive security exploits.
Now, if a white-hat were to do that, maybe we would get enough publicity and detail on the flaws to force them to be fixed.
http://www.geocrawler.com/lists/3/SourceForge/709
I saw this on the User-Mode Linux mailing list this morning. A clear case of an API that only Microsoft is supposed to have access to.
They admitted that they are a problem to National Security! When do the government bring in the marines and start bombing Microsoft offices around the world? Boy, oh, boy, I wish they nuke Bill's home.
Oh yeah, the reboot is the real problem with this. God knows there is no chance that an update or patch (from MS, Redhat, whoever) will have it's own list of bugs. Or won't work with "Product x". Or will just plain fuckup.
Testing and rollback plans are for pansies and pinkos.
Actually, the use of non NT based operating systems is forbidden on military computers. Windows95, 98, and ME can not be used.
"The core truths of religion", that is a rather nebulous term to bring to the discussion, don't you think? I would think that someone from BYU would understand better than most the fallibility of mankind's personal revelations.
The mormon prophet joe smith was little more than a common lout with the ability to transcribe from bible and drink with help of mr thesaurus an even more irrational account of divine knowledge than judiasm and christianity combined. At least with him we can debunk him thoroughly as his s. american execursions of mr j are without any more historical context than a 3rd grade reader from the 1860's.
An Education is the Font of All Liberty
I could make a vacume cleaner that blows and works too.
Try blowing between two pieces of paper and see the 'sucking' effect of the turbulance.
thank God the internet isn't a human right.
www.fuckmicrosoft.com/content/ms-hidden-files.shtm l
All there, check out the section at the bottom, further reading.
M$ might as well be a guvverment agency.
They are bargaining at the moment: hoping that if the dissenting states get some of the code, they'll think it's a big deal, whereas in reality they're getting junk.
actually, since Windows 2000 there is an optional, tiny component called Critical Update Notification. this is scheduled to run every once in a while, and notify the user when any critical ( read security) updates are available from Windows Update.
and since Windows XP, it has the added option to download and install the updates in the background. one does not even need to use their (IMHO very good) web interface.
but I agree, the problem is that most of the patches requires a reboot. but that is what you get for running a desktop OS on a server. NT 5.x is a great desktop, but no more.
( personally, I'm trying to convert to using FreeBSD )
...they just need a push in the right direction to do it. While the court is at it, they should seriously scrutinize those EULAs that those of us who are forced to use M$ products must agree to or suffer the consequences.
:) (i know i do ;))
Smarten up, Microsoft. If your product had national security riding on it, then the government has a big time string attached to you...how would it look to the builders of say Air Force 1 if monumental design flaws were found in the president's own chariot? That company would fess up and fix the issues.
More eyes means quicker solutions, you guys maintain the codebase. Release the code to the open source and reap the benefits of crazy coders who're interested in learning and bettering the world thru awesome software. Think of it as increasing your QA workforce several-fold, for minimal investment...you don't need to give benefits to any of these guys, hell they'll stay up all night hacking on code
National Security? BS. More like: afraid of the consequences.
That includes anyone at Microsoft, and all those folks who Microsoft showed relevant parts of code or of the API-fundamentals to. And US-security is relying on the slim possibility, that everyone of those large number of people is honouring the NDAs and won't be swayed by any sum of money or geek-status to disclose such critical information.
This implies that Windows- (and thus US-) security relies on:
A) everyone who did see the code honouring the NDA
B) noone being able to reverse-engineer code/APIs
C) noone happening accidentally over one of the huge number of security flaws and telling the wrong people
To summarize, this "security" relies on the fact that noone tried very hard to breach it (or maybe it is already breached, and the russian, chinese and afghanistan (with their C64) spies are happily meeting in US-high-security outfits and plotting to bring the US-economy to a grinding halt by screwing up any US-corporation that relies on MS-software).
If MS-Software is really that flawed the government should demand they fix their software until they can safely present at least their APIs, before they may go on selling any software. Considering how much depends on the security of MS-software that doesn't sound unreasonable to me. To make sure that MS follows those orders they could hold that nice stash of 'em for ransom.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Thomas Jefferson needed only to look at the pre-Roman Irish, Scots and Welsh in Britain (largely wiped out, while unarmed, in a single cold-blooded massacre by the soldiers of the Roman Church), or at the Ti-Ping movement in China (wiped out by the Manchu at the incitement of the Roman Church), or the the pre-Goan-Inquisition Saint Thomas Christians (wiped out by...?), or any one of a large number of other examples.
The problem was not priests, per se, but priests who thought that God wasn't good enough to sort out the leadership by Himself. They're as bad as Atheists who opine that Darwinism is too slow and take it upon themselves to hurry things along. Think Stalin, Hitler, Mao, Pol Pot, Amin...
And yes, it would be nice to see a little integrity about the place. Creationists generally don't call presumptions to evolution `War on Science' but something along the line of `running ahead of the facts'.
Got time? Spend some of it coding or testing
http://mb.sparknotes.com/mb.epl?b=991&m=260827&
"Obtuse Anger is that which is greater than Right Anger" - Lewis Carroll
Belief has nothing to do with scientific reasoning. You cannot prove to you or anybody else that any metaphysic forces exist, yet you may strongly believe in them. Along the same line, you cannot BELIEVE in a scientific theory, rather you may be convinced by it's arguments.
You go ahead and build your own theory about the world around you, and please begin with your innermost belief about Right and Wrong. But please don't blame others for not doing the same.
May I add that few scientific figures throughout the history of science were atheists.
Look who's boring now...
This is a communistic open source orgy if I ever saw one....Only on Slashdot would such discussions or love fests go on like this. All of you need to go back to college, take economics 101 and realize that our antitrust laws are so flawed that the real company that should be sued is AOL.
Perhaps this Guy should have read this months (May 15, 2002) CRYPTO-GRAM by Bruce Schneier. The headline article is 'Secrecy, Security' and Obscurity' and covers the work of Auguste Kerckhoff, who in 1883, Yes 1883! demonstrated what has become know as Kerckhoffs' Principle, security by Obscurity is no security at all.
To quote Schneier: "Any system that tries to keep its algorithms secret for security reasons is quickly dismissed by the [cryptographic] community, and referred to as "snake oil" or even worse."
http://www.counterpane.com/crypto-gram.html
Evil companies always has its way to elude justice. Money talks and shit walks
A weapon system that locks up because it doesn't have the right authentication key. How cool would that be!
Maybe someone should design a system, based on Windows, which holds some bombs on a plane and then flys it over Microsoft's HQ/capital...
The bouncing paperclip speaks very loudly, even when you have the sound turned off. It is Microsoft saying that we are stupid and will be happy to be distracted by cute animations. It is Microsoft saying, ha ha, we can abuse you anytime we want.
But we aren't weak and stupid, and enough of us complained that Microsoft made a way of turning off the paperclip.
their ad saying that their servers stay up for days without attention.
That's an acomplishment???
I'd expect a RedHat Beta to do better than that.
I'd expect the kernel du'jour to do better than that.
I'd expect an automated FeeBSD-Current to do better than that.
I am a long-time Macintosh user, slowly learning about Unix through the BSD-based OS X.
I think that a Unix or Linux - based system has a MUCH better chance of being secure. Security should be DESIGNED into the system. Then each implementation can be configured for security.
Claiming that security is needed to protect their code is the ULTIMATE PROOF that M/$ sells an insecure product.
Psychologically, their desire for monopoly dominance is another indicator that they are an insecure corporate culture.
You don't get it, the common thread on Slashdot has to do with preserving the existing legal framework for copyrights, patents and fair trade that have facilitated competition, which is essential to capitalism. IE, We're trying to preserve capitalism and the legal framework which has brought us this far.
Microsoft conspired and restricted trade.
1. It's illegal...
2. It goes against capitalism
The solution isn't government regulation. Government regulation implies legislation, nobody wants to legilate anything, we want to SENTENCE Microsoft to detour them from any future conspiring to restrict trade, while at the same time trying to take advantage of the opportunity so as to make a decision that could benefit the entire industry and consumers.
It's a double edged sword. Ever think that some of the Microsoft holes may be intentional? Imagine, if you will, a very secure open source operating system that had no holes - couldnt be cracked. Then imagine using that system to plan a terrorist attack. It's not a clancy novel dude. There have been commercial aircraft hijacked and crashed and the government was unable to prevent the act because the system was too secure. Days after the incident the emails were finaly decrypted ... it is not a nice world. Stop thinking you know why everything happens, you don't and never will.
So, at least one protocol is so broken that exposure of it would, according to Microsoft themself, be a national security risk if it were published. What about other protocols? Does this only prevent publication of this specific protocol or are all protocols broken in this way? Even more interesting, this protocol is broken so that it threatens enterprises and national security. Microsoft knows this protocol is broken in this way. What actions have microsoft taken to inform customers of this potential hole that might threatren entire enterprises existense? Have microsoft informed customers of the potential problem which might threaten their customers entire existence, or have microsoft knowingly kept this, for enterprises, quite important information hidden? Would enterprise customers of microsoft be interested in knowing that microsoft for quite some time have known of a bug that could threaten the customers whole existence, wihtout sending out any security advisories? If such enterprise customer is destroyed due to abuse of said vunerability, would microsoft be liable since now there are proofs they know of this vunerability but they neither inform the customers, nor do they fix it? class action?
And there's the parallel strategy of claiming that they are just another company and don't have a monopoly so they don't deserve any special attention from antitrust laws...
PHEM - party like it's 1997-2003!
While I am not, at this point in my life, a Christian, and I believe the "Creation Scientists" are generally using anything but science to butress their case, I do think that they provide an important service. They harp on problems within the current set of theories that are taught, theories which are presented in schools with little or no rebuttal. Many people would like to have these theories presented as fact with no counter-claims, but I think a good debate in class on the issues helps everyone involved. For example, the systematic lack of transitional forms in the fossil record is one which calls into question the gradualistic evolution that was taught when I was in school (admittedly a while ago). Can teenagers be hurt by being presented both the pros and cons of the various theories in a balanced way?
Put identity in the browser.
N/T
That was what I thought was funny. Any Unix vendor would NEVER have said days (or weeks) - they would have been laughed at.
The camera slides among rows of shiny boxen of a cool color (cobalt blue, silver, or shiny black) with penguin logos etched on them. Vague images of source code scroll rapidly on the background (variant: projected on the room walls if there are any).
Voice/text: Open-source software. The real National Security.
My exception safety is -fno-exceptions.
If MS-Software is really that flawed the government should demand they fix their software until they can safely present at least their APIs, before they may go on selling any software.
No, what the government should do is immediately switch to open source.
"Your software is THAT insecure? My god, we must stop using it IMMEDIATELY."
Hey I know, lets make this wonderful socialist utopia where... oh wait, that would mean those mountains of regulation and legislation must be enforced somehow... that is violence and tyranny. Hmmm, well it sounded real good before I THOUGHT about it.
lets never lock our doors, speak privately or keep any thoughts to ourselves simply because someone could use it to commit a crime! YEEEEHAAAAAAW
I've used variations of that script before to ... stress test servers belonging to me or my buddies. In most cases, it will just use up all available memory, and can really cause performance problems. To say the least. :)
However, on my mandrake 8.2 system, I can only run about 20 child processes of the thing. It gets a little spammy, tho, with the "fork: resource not available". Performance is not affected, tho.
MS is really desperate to pack open source advocates as in the same league with terrorists.
It is definitely decadent and undemocratic.
hmmm, well while you might say it is the bat that is the problem, you notice many with bats that are not hitting anyone else (well not hitting them first :) The skates then must be the problem eh? After all they are the means by which the hitters can use their bats on people (the delivery if you will). Hmmm, but many are happily skating around not bothering anyone. Upon further examination you discover that even without bats and/or skates there are those that have the beanies and just rob, grope or punch others but nothing happens. Those without beanies are removed by the black and blue (hahaha) striped shirts... known as Enforcers. You notice that every blue shirted fellow has an Enforcer emblem on their shirt. Furthermore the emblem is imprinted upon all the beanies as well. You also notice that a disproportionally large percentage of blue shirts have beanies.
See, the beanies represent wealth and power. While anyone can have it, you notice the blue shirts take more and more of it to themselves. This results in more beatings for everyone else. See the blue team does not live by the very rules it creates. The black and blue enforcers are a subgroup of the blue team and thus do not enforce the blue team (in essence giving them all 'free beanies') It would seem that the enforcers do more damage than good and their parent group, the blue shirts, are not held accountable by the very rules they set forth (that is called Elitism among other things). So while the Red shirted team is blamed for all sorts of problems, and rightly so, the REAL problem is the lack of accountability they enjoy. The beanies? They are just silly hats, the real corruption and problem lies in the blue shirts that create the very situation that empower those with beanies. If the blue shirts had ANY ethics at all, they would police themselves FIRST and never make arbitrary policies that then cause the problems of 'above the law' beanie wearers in the first place. Everyone should have the right to wear beanies, but they should never have any more or less rights than those that do not wear them. The problem you see, is in the blue team. As they continuously increase in number and reach, they pass even more arbitrary policies that again are not applied to anyone else. Soon they will have what is called in this silly little game of a 'Enforcer State.' But remember, it is all good, simply because said Enforcer State was achieved 'for the children/people' and in essence is designed to 'level the playing field' and 'help protect us from our own laziness and stupidity.'
Remember kids, laws are useless unless they are ENFORCED, which to those that can think abstractly, that statement has many interfacing meanings.
Now lets all forget this, take our Soma and bask in the glory of our socialist movement (who cares if it only hurts us and further empowers the greedy powermongers?)
The Win32 API is not the kernel API, at least not for the NT derivatives. The Win32 API was written for something akin to "cross-kernel" portability (Win95/98 to NT to CE). It's a good idea and wasn't originally meant to obfuscate or hide the underlying APIs, but to provide a standard API across kernels.
It's very similar to the glibc API, which hides the underlying Linux system calls.
so that when the evil pirates or foreign govts or firms (UK, Germany, France, China) use the software, uncle sam and his nephews get a door whenever they want....
this seems a more likely explanation, keeping in mind MS has good programmers. Of course, someone else may discover the holes and how to use them.
The protocol, which is part of Message Queuing, contains a coding mistake that would threaten the security of enterprise systems using it if it were disclosed, Allchin said.
And this is/was verified by...?
Internet Explorer was unable to link to the Web page you requested. The page might use standard HTML or CSS.
so this is the reason why the DOJ and most states are so hesitant to drop some severe punishment on Microsoft: the NSA has long been using the operating system to spy on both US and foreign citizens and foreign governments. Every modern Windows installation contains spyware with a direct hotline to the US secret service. Brilliant! Of course the government would be stupid to do anything that could harm Microsoft's dominance of the OS market. They would compromise their best secret agent!
Like that?
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
Your fact is twofold:
1: Hares are not kosher. (not inconvenient.)
2: The English translation of Leviticus 11 mistates a scientific fact.
Not being able to check the hebrew readilly, I'll just assume that the translation is accurate. Even ignoring that it's out of context, a lack of scientific accuracy in the kosher laws doesn't disrupt my religion one bit.
Heck, it actually helps hammer home some points to remember, like "The bible was written for the present-day people then, and allowances for passing time have to be made." or "man can and has advanced. Yay man."
In any case, the kosher laws were either (1) written by a Jew with limited scientific knowledge but permission to speak for God or (2) written by God Himself. If (1), his scientific ignorance is understandable and forgiveable. If (2), He probably did it to not confuse the Jews.
...but I thought that Bill himself said that MS was perfect and that their software did NOT have bugs. I mean, I read an interview where he said that! (http://cantrip.org/nobugs.html). So he was lying?
Here's an interesting look at purposefully hidden files under windows. It's amazing if you look through it all. Your browser history doesn't go away, etc... Stuff like "show all files" and "find" have been purposefully written to ignore this stuff.
http://sillydog.org/mshidden.html
The only difficulty with `demonstrating' God is that most people try to `demonstrate' their mental model of Him instead. If you're looking for reproducible results, you're looking for a God who is in essence completely under your control, and what use would that be? OTOH, if you're looking for things than only make sense from a God-based worldview, start with a large polystratic fossil and work out from there. There are many other starting points, but that's a nice, clear, scientific, even geologic one for you.
Got time? Spend some of it coding or testing
The real reason for MS being unwilling to reveal source code maybe that its has pirated too many code fragments from everywhere.
Perhaps we should have given Afghanistan free copies of Windows instead of bombing them.
Nobody told you you were wrong here. Asking questions and stating flawed logic doesn't compute don't constitute saying your are wrong but state that pehaps you should look at what you are actually saying.
In my opinion, the height of arrogance is to think oneself so important that the universe has any interest in oneself (a human, presumably?) whatsoever
But the ability to do so is not arrogance? It seems you do believe in a higher power of some sort by your statements. You shouldn't think it arrogance at all if there is nothing out there.
You so shaken that you have to resort to expletives and insults? Don't your beliefs stand on their own?
Spot the deliberate mistake. It's worth noting that Marge is at this point trying to tell Homer that she's pregnant. For a detail analysis of Homer's prayer, I recommend this book (and read the reviews, too!).
Now have another look at polystratic fossils (there are many other examples, this is one of the nice simple ones). These fossils penetrate several rock layers, typically to the tune of `tens to hundreds of millions of years' worth of deposits. Some large trees strike vertically through tens of meters of rock, and there is no sign of reworking, no turbulence in the rock, such as there would have been if the tree had been somehow thrust down through the rock; and there are many examples which are much too frail (with extensive branching etc) to have survived any kind reworking.
Name the tree which will stay intact for hundreds of millions of years while it is buried. AFAIK, not even wandoo will survive more than a few hundred years of exposure, and that is incredibly hard wood (wandoo weighs about twice as much as jarrah, which is hard wood to start with). Now revise your answer to account for a complete lack of weathering, a common feature of these fossils.
Now, the requirement for supernatural intervention here is this: if the rock surrounding a polystratic fossil did not take hundreds of millions to put into place, but at most years (or more likely hours or minutes), and there are many polystratic fossils (there are) this is pretty direct evidence that most if not all rock formed very quickly.
Sorry if this sounds pedantic, but you seem to have let the point escape you in the previous post.
Now, evolution as a theory of how-we-got-here is simply impossible; there is no way to even approach the biological structuredness we see around us no matter how much time you allot to the purpose. However, this requires technical knowledge to illustrate and understand.
If polystratic fossils can so simply and clearly show that the millions of years postulated for evolutionary development are imaginary, it does not take a technical mind or a great deal of imagination to see that, with naturalism's only viable explanation dead, an alternative is required.
END-OF-POINT MARKER
Now, on a different but related topic, it happens that a lot of ancient records from all over this world mention an event ideally suited to emplacing polystratic fossils - and incidentally accounting well for many other features of geology such as the `Cambrian Explosion' - and this event does not require millions of years. Many accounts attribute weeks, months, a year or a few years' duration to it. Is it hard to figure out what I'm alluding to?
Got time? Spend some of it coding or testing
Excellent! I'm eagerly waiting to hear about a worldview which encompasses non-intrusive, non-weathered large-scale polystratism, but is not at least supernatural. (-:
Agree, an artificial God is utterly pointless, for by definition it has no more power or use than that bequeathed upon it by the hand of its creator. The basis for Christian, Muslim or other dieties is a separate question and should not be rolled into your statement as an implied assertion, when in reality it is a question which has apparently not been examined in enough detail to provide any conclusive or even substantial answers.
I reiterate, a God that you could completely understand (and so, in principle, control) is by definition a useless one.
Thankfully, we don't need to either have a description in hand, control, or even basic understanding of a putative creator in order to know that one is required in order to explain the existence of nature as we see it today.
Once you have escaped the trap of materialism, that is, once your reasoning can encompass naturalistic asymptotes, you can begin to look for more detailed explanations than `life as we know it required drastic supernatural intervention of some kind'. IMHO, such details are available to science.
Got time? Spend some of it coding or testing
Or not....
And so what happened? You seem to have either stopped questioning too early, or to have based your conclusion on the strength or weakness of some individual's position, rather than on the strength or weakness of the available evidence itself.
I started my thinking life as an evolutionist. I upset Mum badly one day (but she didn't show it then or ever) by mentioning some one-line wisdom I'd heard to her in a 'phone conversation: `a man needs religion like a fish needs a bicycle.' She started praying for me that day (and asked her church to as well), said nothing to me, and within two months I was studying the Bible, history and science with a variety of people and within six months was a committed Christian - although in such a completely different branch of Christianity to hers that I think Mum died not completely convinced that her prayers had been answered.
One advantage that I've had is in directly witnessing several supernatural events, through my association at the time with a `white' witch (the basic difference is in purpose, not in methods). One of those takes a while to describe, involved two other sober people, and was deeply shocking. Another was watching some books leap out of a book-case unaided (I checked the book-case and books (and wall) all over, inside and out, carefully, and made sure that there was no mechanical trickery here) and several meters across the room. Even without that advantage, you can turn to one of the very many events which were clearly supernatural, witnessed by many people, and well documented (Lloyds subsequently came back at $500 PA and extended coverage to Guyana).
I suspect that such events are not more prevalent today for several reasons, foremost among which are (1) any diety interested in wholehearted allegience would probably want it to depend on that nature of that diety, rather than on a `sugar-daddy' stream of miracles, and (2) there is apparently more than one source (direct or indirect) of supernatural effects, which opens the field more widely to fraud.
I'd presumed upon the millions-of-years thing myself, and polystratic fossils are one of the more graphic and convincing observations which overturned that presumption for me. Of course, sans millions of years, materialism doesn't even give the appearence of being in the running.
For example: the Yellowstone trees (so often cited as evidence of life over millions of years) combined with dendrochronology (also so often cited as proof of excessive amounts of time) are actually a fairly clear witness to the absence of those years, for the Yellowstone fossils are not only polystratic and bedded on different strata but also grew contemporaneously and show strong symptoms of having been emplaced by a mechanism essentially identical to that observed in Spirit Lake after the eruption.
There are many, many other good polystratic examples to
hand, including inclined trees, and also many half-hearted attempts to explain them away. One of the common `counterexamples' is a set of lycopods with root systems; an examination of the available samples indicates that these trees grew floating, or at least on an extremely spongey substrate, so it is reasonable to expect them to be disturbed and embedded complete with roots. Even ignoring this, it is still most unreasonable to expect even relatively short (1.2m, in the worst case) stumps to be fossilised upright and intact in an evolutionary scenario.
Yah, and the height of stupidity as well. Given the number of viewpoints in the world, simple arithmetic tells you that most or all of your (and my) opinions are globally wrong in some way. (-:
...and don't get me started on `contextually wrong'! (-:
If I was a Wemmick, I'd give you at least three stars for that statement. (-:
Food-for-thought time.
Mary and Jimmy are pseudonyms, but the story is true. If you had been Jimmy, would you have done the same?
Got time? Spend some of it coding or testing