They embrace it huh? They enjoyed the experience? What empirical data, the one he pulled out of his ass?
The customer satisfaction data and security data was collected by polls using a Diebold machine with respectively 18 quadrillion members of the general public and 6 million computer security specialists as respondents. Ninetynine point eleven percent of respondents said they have "complete and utter faith in Diebold Election Systems Inc.", while minus three quarters of a percent agreed with the statement "I do not trust Diebold, and I am a servant of Satan".
Are they even obligated to legally respond to any C&D letters?
No, nobody is. But cease and desist letters are usually sent with an understanding (at least they attempt to foster the understanding) that if they are ignored, further legal action will be taken, such as a suit. Sending a C&D letter is cheap, but if all you want to do is scare somebody into stopping, they're often effective.
A simple SHA_1(current_date current_time secret key), with date & time synchronized to within some bound (say 5 seconds) would mean that the intercepted code would be valid for only 5 seconds.
AND A NONCE! Seriously, don't forget the nonce. Append to the string to be hashed, and send it as cleartext as well..
Still won't work... I would "bug" the lights near where emergency vehicles pass frequently and gather the info using IR as I drove by.
A simple SHA_1(current_date current_time secret key), with date & time synchronized to within some bound (say 5 seconds) would mean that the intercepted code would be valid for only 5 seconds.
Of course you could set up a network that intercepts codes that are valid for 5 seconds all around town, and you then rebroadcast them from your car on the other end of town.. But if you have the means to do that, you could just hack the traffic lights themselves, or even better, just pay the fines for running the red lights constantly. Just as cheap, less hassle.
Do you network all the boxes and just broadcast a remove code?
Yes, signed with a private key which is only stored on the one computer in City Hall's basement, and verified using the public key. Also, keys could expire.
And what do you do when some l33t hax0r starts sending his, unofficial, broadcasts on that network? He won't have the private key used to sign the broadcasts.
How easy can this service be abused, with automatic webbots doing the searching?
Not so easily. It's easy to see why. The books will be scanned in using OCR. These days a fast and convenient and almost error-free process. But not entirely error-free. Good enough to find documents that are highly relevant to a particular keyword (if "hydraulics" occurs 9 times, what are the odds of OCR getting it wrong all 9 times?) but not good enough for entirely automated book-to-text.
If amazon would display highlighted portions of the books contents if would probably not exceed a few lines, just like google doesn't present entire webpages in it's result screen). If they did want to show more, they'd have to show an image of the scanned in page anyway, since OCR errors would not be very pretty. (A lot of digital archiving products use a similar approach; they index PDF files that contain the OCR'ed text, invisible to the end-user, and the scanned pages as content which the end-user looks at).
Besides, to search for each page of a book, you'd have to search for a keyword on each page of that book. Such keywords would most easily be extracted by scanning in the book via OCR anyway!
Hard is it may be to accept, but the reality is that - overwhelmingly - the greatest terror threat is from Arab muslims, closely followed by South Asian Muslims.
Is it, really? You mean those pesky muslims like Tim McVeigh and the Unabomber?
White, Christian, far-right nutjobs still outnumber Muslims in terms of their number of terrorist attacks, especially on strictly civilian domestic targets.
In fact, until 9/11 it seemed that the US was heading pretty much to getting blown up by domestic nutjobs - that has changed now, in asmuch that the flagwaving since 9/11 has rallied even right-wing nutjobs behind the motherland, at least for now. But those stockpiles of "survivalist" weapons are still there.
Now, the US will no doubt be a target for more Muslim extremists than other countries, given their staunch no-matter-what support, both politically and in terms of funding, of the state of Israel. So yes, the US should worry about potential terrorists from a Muslim background. But those are by no means the overwhelming majority of potential terrorists.
Did you know that the IRA got most of their funds from US citizens? And the IRA aren't Muslims. They're Catholics. (Some might consider it ironic that US let the IRA be funded for years and years and didn't freeze their accounts or assets, and now they're asking the whole world to go after al quaida - they could have had a comprehensive no-terrorist-funding policy for years had they listened to those pesky Europeans).
9/11 happened precisely because the focus wasn't on those people. To turn around 180 degrees and focus only on muslim extremist is all good and well, but also means that the focus is shifted away from other groups. So expect the next domestic terrorist attack on a civilian target to be from white far right-wing nutjobs again. Or white far left-wing nutjobs, because we haven't heard from those at all for a while.
One thing on the other hand, never seems to change; your average terrorist is a single male who keeps to himself, in his twenties to thirties. I'd target/. for potential terrorists!
It is as much a technical legacy as a mental legacy. For example, many setup programs tell you to shut down all other programs before installing, and tell you to reboot when the install is done. This isn't necessary, and savvy windows users know this. Also, with NT/2K/XP/2K3 it's often sufficient to restart a service rather than the system when installing stuff that actually *does* get into the internals. It works somewhat crummier than/etc/init.d scripts (though it does handle dependencies, yay), but even so.
The "file in use" problem does exist however, and it is completely braindead. In fact, I've seen this error multiple times relating to files that were put there by *virusses* rather than the OS. Interestingly, it's usually sufficient to drop down to a CMD.EXE prompt to DEL files that are supposedly "in use". ATTRIB is also a useful command, even in NT/2K/XP. I believe this is down mostly to the crapfulness that is explorer.exe, rather than to the OS per se.
Also, checkout pslist and pskill from http://www.sysinternals.com/ - these tools will kill processes that the "Task Manager" won't. Again, including virusses/trojans! (the cygwin ps and kill tools probably will work just as well).
A 5W tube system may be louder than a 50W transistor system. A speaker with.002% signal distortion might easily introduce its own distortion due to cheap magnets or poorly engineered cones and not include that, even though the stat says "Total Harmonic Distortion." Even a stat like "Frequency response: 20 Hz - 22 kHz" is useless if the amplification device is not perfectly linear, and no device is.
Contrary to popular belief among audiophiles we have ways of measuring, and even recording sounds.
So, if it's perfect replay you're after, that's easy! Only, audiophiles seem to be much more interested in claiming they can hear all sorts of irregularities which turn them off, while in reality they prefer music that has actually been destorted by their high end equipment, because it sounds "better". That's where double blind listening tests come in, I guess.. But simply measuring whether the full spectrum is reproduced, etc. -- easily done with some high-end calibrated *recording* equipment.
So yeah, where are those numbers? Gimme some spectral charts! It's not rocket science, magazines testing printers and monitors manage to do it, why not the audio crowd?
I've always thought pledging allegiance to some flag is a bit quaint. It makes no sense. And pledging allegiance to your country each and every day.. doesn't that strike you folks as a bit forced? A bit nationalistic? More the sort of thing schoolkids in China or North-Korea would have to do, rather than kids in a democratic country?
Ow, and the "under God" thing. Well, the US were kinda founded by people who didn't appreciate having religion forced through their throats, so it's only courtesy to, well, do unto others..
But it's the daily reciting thing that creeps me out most anyway - whatever the content of the stuff being recited, really..
Logging assumes some central point where logs are kept. And it's detrimental to privacy.
Why not have clients simply check documents' fingerprints and digital signatures, and only share/download "legit"/"authorized" content? That's the truly distributed way to do this.
I wonder how overloaded those webservers can get from a handful of students downloading some PDF'ed powerpoint presentations though..
More hypocrisy, like before. Linux can put out several filesystem corrupting kernel releases and major showstoppers as in the 2.4.x series, but if a user-transmitted e-mail virus makes the rounds, it's a "Microsoft hole."
Linux doesn't put out Linux releases, Linux is Linux. And Linux is used in several distributions - you can get a five nines Linux distribution if you like. Bugridden open source software does get flack -- distributions don't incorporate a kernel they don't feel comfortable with (RedHat's kernels are heavily patched for instance), no-one will touch wuftpd with a 50 ft pole, people wil nag authors with patches, fork or start competing projects (qmail, postfix vs. sendmail) etc.
Speaking about qmail and open source software getting flack, ever read DJB's comments on BIND and sendmail? Or ANY holy war? (BSD vs. linux, EMACS vs. VI,.. )
User-transmitted e-mail virusses? That's called a trojan horse. Recent worms -- exploiting holes on Microsoft's e-mail client running on Microsoft's operating system and Microsoft's browser -- depend on bugs and design in Microsoft's software and that's squarely their responsibility (e.g. why is RPC even listening to anything but localhost by default? If you needed it to listen to the entire internet, you'd know and could change the default).
Besides, those crappy kernels you mention haven't affected me one bit. Whereas I've spent quite some time getting people to install patches, firewalls, and remove those darned worms.
Some people may have a certain amount of unfounded (or at least, not founded in technical fact) animosity towards Microsoft, but let's face it, most mature open source software we rely on is much, much more secure, stable and well-designed than MS Outlook and its ilk. And that most certainly includes the Linux kernel. Comparing apples and oranges, maybe (the 2k/XP kernel isn't half bad either) but that doesn't mean that Microsoft should get away with crappy products that aren't kernels.
Well RFC stands for "request for comments" not "standard set in stone".
The Domain Name System is STD13 (currently RFC 1034, but when this RFC is obsoleted by a new one, the DNS STD number remains the same). Note that STD stands for "standard".
(Not that the boat load of RFCs are not labeled "STD" don't describe standards. For the most part they do, even though there are some RFCs that simply no-one implements.)
Ok, verisign cooperated with that one, but there's nothing magical about verisign's database (other people have copies) and servers/services (the SRS protocol is open and there are multiple implementations). There might be a period in which registring new domains or transferring old ones doesn't work, but that should clear up soon enough (as it did with.org) ; verisign also runs some root DNS servers that they might fuck with (more wildcards? all your icann.org are belong to us?) but once people update their hints files all will be well.
Why a.zip file that contains compressed installer files? Couldn't there be one big executable that's the installer and contains the compressed files? Or even an installer that looks around whether the compressed installation files are on the disk itself, or whether it should download them (if the user chooses to install components which are not available)...
If you use MSIE, it will first download the.zip in a temporary directory, then COPY the.zip to your download directory (not an atomic MOVE!), then you have to unzip, then the installer has to decompress files.. Quite a lot of disk activity and space being wasted there..
At least we find out when where vulnerable BEFORE the exploits start rolling out.
As opposed to what? The months before Blaster came out that the patch was available?
To be fair; that patch didn't install on a significant portion of machines (any system running w2k sp2), and the work-around Microsoft suggested didn't either, and if it did, it didn't until a reboot, which wasn't mentioned. Add to that that the first patch appeared to install but did not (and would also not "re"install) on a number of machines. Today microsoft advises you to run a firewall and anti-virus programs all over their webpage. Before the blaster incident they didn't, because they hadn't dropped the ball quite as badly yet.
I also find it (not so..) amusing that the System File Checker doesn't work without the DCOM service running (which isn't running for example, in Safe Mode, a Mode you'd expect sfc to be used in), and that DCOM for some reason listens to any one who will talk to it, rather than, by default, restrict access to 127/8.
I know it sounds wierd... but people need to realize that watching TV is not a right. And the producers of programs need to be compensated for their production.
I know it sounds wierd... but people need to realize that advertising is not a right. And the viewers of programs need to be secure in the knowledge that what is presented as fact, opinion, view, or endorsement is correctly attributed to those who actually put it forward. Only in this way can economic agents take into account the agenda of the other party, and correctly assess the message's merit or accuracy. Actively pursueing to hide the source of the message serves only to obscure that agenda, and amounts quite simply to misleading the viewers; which may be substantially different to false advertising, but is fraudulent none the less.
Put in economic terms; it distorts the marketplace of ideas.
In stock markets such practices (distributing messages about the positive aspects of a stock, while obscuring the source) is flat out illegal. Think of it in terms of shilling, astroturfing, misrepresenting, impersonating, etc. For financial gain.
And that's just the economic reasons why it's a Bad Thing, not to mention the moral implications of, well, dishonesty.
And what do you base that on? When is the last time they have secretly snuck in anything to their software that did anything to track you, database you, categorize you, spy on you, download your personal records, view your documents, etc?
Well, the windows media player GUID comes to mind. And of course all the useless meta data in Word files which may not be entirely surrepticious, but it's inconvenient none the less. Windows update sent, then stopped, and now again sends way too much information back home (and is enabled by default), Internet Explorer hijacked miss-typed domain names years before verisign did, according to several EULA's (windows update again, hotmail) all your information are belong to Microsoft (would you know if they read your hotmail?). Then there's product activation and registration all collecting vast amounts of personal data for no good purpose, and of course the venerable Passport, which has had some "incidents" in the past. I'm sure I'm forgetting some things..
Slashdot Mirror
They embrace it huh? They enjoyed the experience? What empirical data, the one he pulled out of his ass?
The customer satisfaction data and security data was collected by polls using a Diebold machine with respectively 18 quadrillion members of the general public and 6 million computer security specialists as respondents. Ninetynine point eleven percent of respondents said they have "complete and utter faith in Diebold Election Systems Inc.", while minus three quarters of a percent agreed with the statement "I do not trust Diebold, and I am a servant of Satan".
Are they even obligated to legally respond to any C&D letters?
No, nobody is. But cease and desist letters are usually sent with an understanding (at least they attempt to foster the understanding) that if they are ignored, further legal action will be taken, such as a suit. Sending a C&D letter is cheap, but if all you want to do is scare somebody into stopping, they're often effective.
How about send a DMCA notice?
A simple SHA_1(current_date current_time secret key), with date & time synchronized to within some bound (say 5 seconds) would mean that the intercepted code would be valid for only 5 seconds.
AND A NONCE! Seriously, don't forget the nonce. Append to the string to be hashed, and send it as cleartext as well..
Remember kids, don't do crypto at home!
Still won't work... I would "bug" the lights near where emergency vehicles pass frequently and gather the info using IR as I drove by.
A simple SHA_1(current_date current_time secret key), with date & time synchronized to within some bound (say 5 seconds) would mean that the intercepted code would be valid for only 5 seconds.
Of course you could set up a network that intercepts codes that are valid for 5 seconds all around town, and you then rebroadcast them from your car on the other end of town.. But if you have the means to do that, you could just hack the traffic lights themselves, or even better, just pay the fines for running the red lights constantly. Just as cheap, less hassle.
Do you network all the boxes and just broadcast a remove code?
Yes, signed with a private key which is only stored on the one computer in City Hall's basement, and verified using the public key. Also, keys could expire.
And what do you do when some l33t hax0r starts sending his, unofficial, broadcasts on that network?
He won't have the private key used to sign the broadcasts.
I guess it could just digitally sign todays date with a secret key and transmit that or something.
You've got the right idea!
However, eventually the key would be leaked or reverse engineered.
The fun thing about keys is, you can have as many keys as you have mirt boxes - one goes missing, you remove the key from the receivers.
How easy can this service be abused, with automatic webbots doing the searching?
Not so easily. It's easy to see why. The books will be scanned in using OCR. These days a fast and convenient and almost error-free process. But not entirely error-free. Good enough to find documents that are highly relevant to a particular keyword (if "hydraulics" occurs 9 times, what are the odds of OCR getting it wrong all 9 times?) but not good enough for entirely automated book-to-text.
If amazon would display highlighted portions of the books contents if would probably not exceed a few lines, just like google doesn't present entire webpages in it's result screen). If they did want to show more, they'd have to show an image of the scanned in page anyway, since OCR errors would not be very pretty. (A lot of digital archiving products use a similar approach; they index PDF files that contain the OCR'ed text, invisible to the end-user, and the scanned pages as content which the end-user looks at).
Besides, to search for each page of a book, you'd have to search for a keyword on each page of that book. Such keywords would most easily be extracted by scanning in the book via OCR anyway!
Hard is it may be to accept, but the reality is that - overwhelmingly - the greatest terror threat is from Arab muslims, closely followed by South Asian Muslims.
/. for potential terrorists!
Is it, really? You mean those pesky muslims like Tim McVeigh and the Unabomber?
White, Christian, far-right nutjobs still outnumber Muslims in terms of their number of terrorist attacks, especially on strictly civilian domestic targets.
In fact, until 9/11 it seemed that the US was heading pretty much to getting blown up by domestic nutjobs - that has changed now, in asmuch that the flagwaving since 9/11 has rallied even right-wing nutjobs behind the motherland, at least for now. But those stockpiles of "survivalist" weapons are still there.
Now, the US will no doubt be a target for more Muslim extremists than other countries, given their staunch no-matter-what support, both politically and in terms of funding, of the state of Israel. So yes, the US should worry about potential terrorists from a Muslim background. But those are by no means the overwhelming majority of potential terrorists.
Did you know that the IRA got most of their funds from US citizens? And the IRA aren't Muslims. They're Catholics. (Some might consider it ironic that US let the IRA be funded for years and years and didn't freeze their accounts or assets, and now they're asking the whole world to go after al quaida - they could have had a comprehensive no-terrorist-funding policy for years had they listened to those pesky Europeans).
9/11 happened precisely because the focus wasn't on those people. To turn around 180 degrees and focus only on muslim extremist is all good and well, but also means that the focus is shifted away from other groups. So expect the next domestic terrorist attack on a civilian target to be from white far right-wing nutjobs again. Or white far left-wing nutjobs, because we haven't heard from those at all for a while.
One thing on the other hand, never seems to change; your average terrorist is a single male who keeps to himself, in his twenties to thirties. I'd target
I'd much rather the Americans implemented a system like the Israelis have.
No you don't.
Figuring out why is left to the reader as an exercise in the blatantly obvious.
Seriously, editors.. People on slashdot probably know what IPv6 is, and if they don't, it's more likely than not explained in the article..
So far I've not seen even one windows worm that uses ".NET Remoting" to spread.. Is it being used at all??
It is as much a technical legacy as a mental legacy. For example, many setup programs tell you to shut down all other programs before installing, and tell you to reboot when the install is done. This isn't necessary, and savvy windows users know this. Also, with NT/2K/XP/2K3 it's often sufficient to restart a service rather than the system when installing stuff that actually *does* get into the internals. It works somewhat crummier than /etc/init.d scripts (though it does handle dependencies, yay), but even so.
The "file in use" problem does exist however, and it is completely braindead. In fact, I've seen this error multiple times relating to files that were put there by *virusses* rather than the OS. Interestingly, it's usually sufficient to drop down to a CMD.EXE prompt to DEL files that are supposedly "in use". ATTRIB is also a useful command, even in NT/2K/XP. I believe this is down mostly to the crapfulness that is explorer.exe, rather than to the OS per se.
Also, checkout pslist and pskill from http://www.sysinternals.com/ - these tools will kill processes that the "Task Manager" won't. Again, including virusses/trojans! (the cygwin ps and kill tools probably will work just as well).
(6 foot) plus (7 inches) = 2.0066 meters
A 5W tube system may be louder than a 50W transistor system. A speaker with .002% signal distortion might easily introduce its own distortion due to cheap magnets or poorly engineered cones and not include that, even though the stat says "Total Harmonic Distortion." Even a stat like "Frequency response: 20 Hz - 22 kHz" is useless if the amplification device is not perfectly linear, and no device is.
Contrary to popular belief among audiophiles we have ways of measuring, and even recording sounds.
So, if it's perfect replay you're after, that's easy! Only, audiophiles seem to be much more interested in claiming they can hear all sorts of irregularities which turn them off, while in reality they prefer music that has actually been destorted by their high end equipment, because it sounds "better". That's where double blind listening tests come in, I guess.. But simply measuring whether the full spectrum is reproduced, etc. -- easily done with some high-end calibrated *recording* equipment.
So yeah, where are those numbers? Gimme some spectral charts! It's not rocket science, magazines testing printers and monitors manage to do it, why not the audio crowd?
I've always thought pledging allegiance to some flag is a bit quaint. It makes no sense. And pledging allegiance to your country each and every day.. doesn't that strike you folks as a bit forced? A bit nationalistic? More the sort of thing schoolkids in China or North-Korea would have to do, rather than kids in a democratic country?
Ow, and the "under God" thing. Well, the US were kinda founded by people who didn't appreciate having religion forced through their throats, so it's only courtesy to, well, do unto others..
But it's the daily reciting thing that creeps me out most anyway - whatever the content of the stuff being recited, really..
Logging assumes some central point where logs are kept. And it's detrimental to privacy.
Why not have clients simply check documents' fingerprints and digital signatures, and only share/download "legit"/"authorized" content? That's the truly distributed way to do this.
I wonder how overloaded those webservers can get from a handful of students downloading some PDF'ed powerpoint presentations though..
You can file a complaint here.
More hypocrisy, like before. Linux can put out several filesystem corrupting kernel releases and major showstoppers as in the 2.4.x series, but if a user-transmitted e-mail virus makes the rounds, it's a "Microsoft hole."
Linux doesn't put out Linux releases, Linux is Linux. And Linux is used in several distributions - you can get a five nines Linux distribution if you like. Bugridden open source software does get flack -- distributions don't incorporate a kernel they don't feel comfortable with (RedHat's kernels are heavily patched for instance), no-one will touch wuftpd with a 50 ft pole, people wil nag authors with patches, fork or start competing projects (qmail, postfix vs. sendmail) etc.
Speaking about qmail and open source software getting flack, ever read DJB's comments on BIND and sendmail? Or ANY holy war? (BSD vs. linux, EMACS vs. VI,.. )
User-transmitted e-mail virusses? That's called a trojan horse. Recent worms -- exploiting holes on Microsoft's e-mail client running on Microsoft's operating system and Microsoft's browser -- depend on bugs and design in Microsoft's software and that's squarely their responsibility (e.g. why is RPC even listening to anything but localhost by default? If you needed it to listen to the entire internet, you'd know and could change the default).
Besides, those crappy kernels you mention haven't affected me one bit. Whereas I've spent quite some time getting people to install patches, firewalls, and remove those darned worms.
Some people may have a certain amount of unfounded (or at least, not founded in technical fact) animosity towards Microsoft, but let's face it, most mature open source software we rely on is much, much more secure, stable and well-designed than MS Outlook and its ilk. And that most certainly includes the Linux kernel. Comparing apples and oranges, maybe (the 2k/XP kernel isn't half bad either) but that doesn't mean that Microsoft should get away with crappy products that aren't kernels.
C:\Documents and Settings\Windows User>ver
Microsoft Windows XP [Version 5.1.2600]
Fair enough to say it's really 3.1.2600 since they skipped right ahead to NT 3.1 when NT was first released.
Well RFC stands for "request for comments" not "standard set in stone".
The Domain Name System is STD13 (currently RFC 1034, but when this RFC is obsoleted by a new one, the DNS STD number remains the same). Note that STD stands for "standard".
(Not that the boat load of RFCs are not labeled "STD" don't describe standards. For the most part they do, even though there are some RFCs that simply no-one implements.)
If that happens, won't sites go down?
.org ...
.org) ; verisign also runs some root DNS servers that they might fuck with (more wildcards? all your icann.org are belong to us?) but once people update their hints files all will be well.
It happened with
Ok, verisign cooperated with that one, but there's nothing magical about verisign's database (other people have copies) and servers/services (the SRS protocol is open and there are multiple implementations). There might be a period in which registring new domains or transferring old ones doesn't work, but that should clear up soon enough (as it did with
Why a .zip file that contains compressed installer files? Couldn't there be one big executable that's the installer and contains the compressed files? Or even an installer that looks around whether the compressed installation files are on the disk itself, or whether it should download them (if the user chooses to install components which are not available)...
.zip in a temporary directory, then COPY the .zip to your download directory (not an atomic MOVE!), then you have to unzip, then the installer has to decompress files.. Quite a lot of disk activity and space being wasted there..
If you use MSIE, it will first download the
At least we find out when where vulnerable BEFORE the exploits start rolling out.
As opposed to what? The months before Blaster came out that the patch was available?
To be fair; that patch didn't install on a significant portion of machines (any system running w2k sp2), and the work-around Microsoft suggested didn't either, and if it did, it didn't until a reboot, which wasn't mentioned.
Add to that that the first patch appeared to install but did not (and would also not "re"install) on a number of machines. Today microsoft advises you to run a firewall and anti-virus programs all over their webpage. Before the blaster incident they didn't, because they hadn't dropped the ball quite as badly yet.
I also find it (not so..) amusing that the System File Checker doesn't work without the DCOM service running (which isn't running for example, in Safe Mode, a Mode you'd expect sfc to be used in), and that DCOM for some reason listens to any one who will talk to it, rather than, by default, restrict access to 127/8.
I know it sounds wierd... but people need to realize that watching TV is not a right. And the producers of programs need to be compensated for their production.
I know it sounds wierd... but people need to realize that advertising is not a right. And the viewers of programs need to be secure in the knowledge that what is presented as fact, opinion, view, or endorsement is correctly attributed to those who actually put it forward. Only in this way can economic agents take into account the agenda of the other party, and correctly assess the message's merit or accuracy. Actively pursueing to hide the source of the message serves only to obscure that agenda, and amounts quite simply to misleading the viewers; which may be substantially different to false advertising, but is fraudulent none the less.
Put in economic terms; it distorts the marketplace of ideas.
In stock markets such practices (distributing messages about the positive aspects of a stock, while obscuring the source) is flat out illegal. Think of it in terms of shilling, astroturfing, misrepresenting, impersonating, etc. For financial gain.
And that's just the economic reasons why it's a Bad Thing, not to mention the moral implications of, well, dishonesty.
And what do you base that on? When is the last time they have secretly snuck in anything to their software that did anything to track you, database you, categorize you, spy on you, download your personal records, view your documents, etc?
Well, the windows media player GUID comes to mind. And of course all the useless meta data in Word files which may not be entirely surrepticious, but it's inconvenient none the less. Windows update sent, then stopped, and now again sends way too much information back home (and is enabled by default), Internet Explorer hijacked miss-typed domain names years before verisign did, according to several EULA's (windows update again, hotmail) all your information are belong to Microsoft (would you know if they read your hotmail?). Then there's product activation and registration all collecting vast amounts of personal data for no good purpose, and of course the venerable Passport, which has had some "incidents" in the past. I'm sure I'm forgetting some things..