Yep, and right in the article summary there's a clue that it's complete horsecrap.
....Free video hosting and the popularity of iTunes is blamed for this phenomenon.....
Do they really expect us to believe that video's from free video hosting accounts for more video traffic then bittorrent?
And itunes for Gods sake! What the hell? Do vod-casts (or whatever the sheep call them) really account for a significant amount of traffic? I doubt it.
Whilst I have no idea whether the complaint is fair or not, I believe that the quote from the article summary about 'bundling' outlook & AD is innacurate.
This article seems to say that the complaint is that you cannot interoprate with the bundled components - a far more reasonable complaint.
In its suit, Tangent claims that Microsoft "has not been complying fully" with the final judgment that was entered into in the government case in November 2002. That settlement required Microsoft to, among other things, provide other companies with technical documentation needed to interoperate with the Windows desktop operating system.
"Microsoft has delayed producing usable specifications and its specifications have been inaccurate and incomplete," Tangent said. "Moreover, although Microsoft was required to offer licenses to third parties, the terms of those licenses were too burdensome."
The suit cites recent disagreements between regulators and Microsoft and also claims that Microsoft's new Windows Vista OS "promises more bundling tying and undocumented interfaces."
I realize this, but this is the minority because it costs money. How many users outside of large enterprises really buy software assurance from open-source vendors? So I think it's a fair point - the majority of the installed userbase of OSS is not indemnified.
1) Who outside of the enterprise cares about IP litigation?
2) The majority of the installed userbase of proprietary software is not indemnified either - as they've pirated the software (additionally, many with legitimate software will also not have proof of their valid license)
True, though I never claimed otherwise. What is special (at least with Microsoft's proprietary software) is that being sued for using it doesn't cost you anything!
Being sued doesn't cost me anything? Where can I sign up!
Seriously - of course using (and having indemnifiaction on) MS software costs money.
Two people get sued by IP holders. One is using Windows (the alleged infringer) and one is using free (as in beer) OSS (the alleged infringer being, say, glibc.) Both people must defend themselves in court (or settle). Both need attorneys. But the first person, using Windows, doesn't have to pay anything; Microsoft handles the case for them. The second person is out of luck.
The most common outcome is that the second person settles, which is not an ideal outcome for the rest of users that are also using the allegedly infringing software. The other users would prefer a victory in court. Thus, there is economic basis for other parties to donate resources for defense, but this is not guaranteed, especially if person two is perceived to be wealthy enough to pay for it himself.
No - the most likely outcome is for everyone with a stake in selling glibc (say IBM, redhat, novell, hell just about everyone) will step in to defend. Otherwise they're going to lose business.
However - if you're so sure that the scenario you describe is the "most common outcome" then please link to some past cases.
No matter how you spin it bill-boy, MS's indemnification program is bunk. Sheer FUD designed to scare people away from Free/Open Software.
You're confusing the issue. There is no difference, if the patent-challenger wins. But the difference is that with Microsoft or other vendors with software assurance, they'll at least eat the cost of fighting that battle, and if they win, you're in the clear at no cost to you. With open source, you have to pay for the suit yourself, and even if you win, you've had to spend a fortune on the case (the practical result being that most users would settle rather than litigate). Clear? [emphasis mine]
Sorry - but that's not very clear at all.
You seem to have trouble differentiating between Open Source, Vendor Supported & Proprietary software.
1) Open Source Vendors can (and do) have software assurance.
2) There is nothing special about proprietary software that means you cannot be sued by an IP holder for using it.
* Test all Office-based applications to ensure that they work with the new code, because newly purchased, repaired or reimaged PCs are affected. Pay particular attention to Access applications that interface with Excel. * Consider deploying Office without Access to users with no specific need for its database functionality, as a quick and viable alternative to installing the new code. * Recognize that installing the patches on new implementations without testing may be a quick alternative that minimizes legal risk, but risks breaking applications. * Request that Microsoft issue a patch for Office 2003 SP1, as it has for Office XP SP3, so that an entire service pack does not need to be tested and deployed for Office 2003. * If you anticipate significant difficulties in complying with the letter, try to get Microsoft to offer consulting assistance at little or no cost. Microsoft says that account managers will make arrangements to help organizations that have major problems complying. * If you feel you cannot comply with the order, work with legal counsel to understand your risk and exposure.
So... MS loses a patent case, you're liable to clean up the mess.
Furthermore, if the functionality is essential to you, and you avoid installing the service pack, you could be sued
MS is no different to Open Source.
First the vendor is sued, if the litigation is successful, they remove or work around the patent-protected functionality, then if the user continues using the disputed code, the user is liable.
"Ummmmmm", but that's exactly what I said. I said once the (Safari auto-download-and-execute) vulnerability is fixed, it will come down to social engineering.
Genius! You mean if an O/S has no remote execution vulnerabilities it comes down to indirect techniques to compromise a computer? My God - you may have stumbled upon something thats eluded security specialists for years! Quick - email de Raadt and let him know.
Whether or not Apple should do away with the idea of thinking there "are safe files" altogether (which I agree with) is a matter of a different discussion.
Nope:
1) You objected to my 'switch' to ubuntu joke. Ubuntu does do away with the idea of thinking there "are safe files".
2) Its one of the reasons for the vulnerability. Of course it belongs in this discussion.
OT: We should do this again sometime - nothing like a couple of one-eyed partisan fanboys talking at cross purposes.
Last bit first: However, I doubt you'll admit you were wrong and that you totally misread my post.
*sighs* Sheer arrogance.
To reply to your post in general terms:
1) Your original post made it sound like a changed icon/social engineering trick. Adding a single word 'also' does not mitigate that.
2) You repeat that this is what you do for a living (post on slahdot?). Congratulations. Being a computer professional does not make you special on slashdot.
3) Your closing argument (paraphrased): when the vulnerability is fixed, it will come down to social engineering. Ummmmmm OK - thats true I guess (shrugs). My point was Ubuntu (and all other linux distros I'm aware of) do not do the script auto-execution (of malformed, or otherwise) of which you speak. Prior to hearing of this, I thought neither did OS X
And yes, I'm completely aware of how the vulnerability works, thanks.
Um, not you're not - or you wouldn't have written in your original post:
This is rooted in something that has been true about Mac OS in general for over 22 years, which is that any file or document - including executables - can have any icon.
This vulnerability has nothing to do with icons.
OK - I guess its true that you're aware now you've read other posters detailing how this works.
Also, in case you hadn't noticed, getting a user to visit a web site is still a social engineering principle.
Not if the website's been hacked.
Once fixed (or, in the interim, a single box unchecked) every other aspect of this just becomes tricking the user to click something.
The fix should have been to disable the "Open safe files after downloading" option by default a year ago - Apple's failure to do this is fairly typical of a large software company trying to balance security & ease of use.
And as we all know, that can happen on any platform.
I am not aware of any way you can execute something under Ubuntu without explicitly setting the execute bit.
That was the sound of a joke going over your head - did you feel your hair part?
And seriously, this isn't any bigger than any number of social engineering security vulnerabilities that take advantage of some flaw or shortcoming in any other OS...
Visiting a malicious webiste can cause arbitrary code to run on your mac. This is not a social engineering trick - its true that it will only run at user priviliges - but that is going to be little consolation if you're home directory is trashed.
Here's a tidbit for you concerning the food crisis in the Horn of Africa: drought is caused by high prices, overpopulation, and conflict. From the Horn of Africa Food Crisis article on Wikipedia: "This shortage, along with other factors including high cereal prices, overpopulation in the region, and conflict, have led to severe drought conditions." (1/11/06)
These conditions of drought, together with other factors including high cereal prices, overpopulation in the region, and conflict, are leading to conditions of famine.
It's immoral when you buy a product agreeing to certain conditions, then decide you don't like them so ignore them.
I guess you're the sort of person who believes that you can sell yourself into slavery? Or you have no recourse to sue a drunken doctor after a botched operation if you'd signed a no-sue waiver?
If I want to I'm going to:
Rip RIAA CDs to mp3s & listen to them on my phone
Use my old Xbox as a media player
Use cheaps razor blades on my gilette razor
Watch DVDs under linux (or even with a projector)
Skip ads with my PVR
Transfer DRMd AAC files to my cheapie MP3 player
Extract text from protected ebooks so I can use read them with my (ancient) palm)
So you think I should be able to do none of these things and just accept the shackles blindly?
just days after they featured links to information on how to hack the software and run it on non-Apple PCs[emphasis mine]
Links?
It's immoral when large companies like Microsft, Sony & now Apple try trying to limit our right to do whatever the hell we like with legally purchased goods.
But to issue a takedown over a link is just disgusting. Apple needs to take a good look at the ethics of other compapnies that do this sort of thing and ask itself - is this really where I want to go?
They wrote OS X. They get to decide how to sell it. If you don't like the conditions, don't buy it.
Would you agree with that sentiment if it was on a CD - telling you not to format shift or listen to it in your car? Or how about MS saying you can't run your legally purchased OS under vmware? Or Blizzard saying you can't run WoW under wine? Or how about telling you you can't watch a DVD on your computer?
It is immoral to say "I don't like the conditions they're selling it under, so I'm going to violate them." How can you not respect the fact that they, as authors of the software, have the right to sell it under the terms they prefer?
Utter nonsense. It is immoral for a company to try and restrict your natural rights.
Your book analogy btw is complete bunk. A better analogy would be selling a digital book tied to an ereader.
what feature will I get that I don't already have in Mac OS X 10.4?
The ability to run specific win32 apps.
That is the only difference.
As you've noted that most of the features in Vista (Music management / photo management / drm / desktop search / etc are already present (or have equivilants) in OS X.
It's about time the Steve Ballmer chair throwing/. cliche was replaced. And just in the nick of time, the emperor goes and saves us from tedious repetition.
Everyone pull together, if you find yourself writing "Steve Ballmer leaned towards the chair, hefted it and....", replace it with "Dick Cheney cocked his shotgun, downed a couple of beers and...."
This is good news....That means its fixable with a minor software patch. Much better then having broken hardware.
Good news for whom?
I agree that it's certainly good for people unfortunate enough to use Microsoft's operating systems - they'll be able to fix a problem with a software patch rather then a hardware patch.
However, it's certainly not good news for microsoft - the small amount of trust that people have left in MS's QA processes will be lost in the news that they found this bug over six months ago, but didn't bother releasing a patch until it was publicised. (I hope their security QA processes are better)
I know that you're joking, but I have to reply to the serious parts of your post.
There's a driver glitch with brand new hardware!!!
From the TFA
When a peripheral device was connected to a USB (universal serial bus) 2.0 port, the notebook's battery life plunged at a greater rate than would normally be expected from the use of a peripheral such as a mouse or storage key.
Nope, not new hardware. USB is not new. The core duos just made the problem more obvious.
It's already been two weeks and they haven't fixed it yet!! From the TFA
Microsoft published a Knowledge Base article on the subject in July 2005, but made that information available only to PC vendors and partners, a company representative said in a statement.
So, its actually been over six months and they haven't fixed it yet.
As usual, Microsoft waits for an issue to become public before bothering to fix it.
what exactly is being censored when searching "kazaa?" what should i be seeing that im not? i see kazaa.com as the first result, isn't that the correct site?
The complaint was made by kazaa, not about kazaa.
Scroll to the bottom of the page & you see:
In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org.
Slashdot Mirror
And itunes for Gods sake! What the hell? Do vod-casts (or whatever the sheep call them) really account for a significant amount of traffic? I doubt it.
This article seems to say that the complaint is that you cannot interoprate with the bundled components - a far more reasonable complaint.
linux distibution is better fro having this and that (OpenOffice.org/Xine/Fireox) bundled with it.
No linux distributions I'm aware of come bundled with userland applications that you cannot uninstall
That is the difference.
Microsoft and Google have this in common. They both did one or two things extremely well which resulted in insane success.
What did Microsoft do extremely well?
(I guess you could say "ruthlessly crush the competition" - but I'm presuming you mean something in the field of I.T.)
I'm not an international lawyer or anything, but it occurs to me that the law might be different outside the U.S.
;-)
That sound like TERRORIST talk to me
I realize this, but this is the minority because it costs money. How many users outside of large enterprises really buy software assurance from open-source vendors? So I think it's a fair point - the majority of the installed userbase of OSS is not indemnified.
1) Who outside of the enterprise cares about IP litigation?
2) The majority of the installed userbase of proprietary software is not indemnified either - as they've pirated the software (additionally, many with legitimate software will also not have proof of their valid license)
True, though I never claimed otherwise. What is special (at least with Microsoft's proprietary software) is that being sued for using it doesn't cost you anything!
Being sued doesn't cost me anything? Where can I sign up!
Seriously - of course using (and having indemnifiaction on) MS software costs money.
Two people get sued by IP holders. One is using Windows (the alleged infringer) and one is using free (as in beer) OSS (the alleged infringer being, say, glibc.) Both people must defend themselves in court (or settle). Both need attorneys. But the first person, using Windows, doesn't have to pay anything; Microsoft handles the case for them. The second person is out of luck.
The most common outcome is that the second person settles, which is not an ideal outcome for the rest of users that are also using the allegedly infringing software. The other users would prefer a victory in court. Thus, there is economic basis for other parties to donate resources for defense, but this is not guaranteed, especially if person two is perceived to be wealthy enough to pay for it himself.
No - the most likely outcome is for everyone with a stake in selling glibc (say IBM, redhat, novell, hell just about everyone) will step in to defend. Otherwise they're going to lose business.
However - if you're so sure that the scenario you describe is the "most common outcome" then please link to some past cases.
No matter how you spin it bill-boy, MS's indemnification program is bunk. Sheer FUD designed to scare people away from Free/Open Software.
You're confusing the issue. There is no difference, if the patent-challenger wins. But the difference is that with Microsoft or other vendors with software assurance, they'll at least eat the cost of fighting that battle, and if they win, you're in the clear at no cost to you. With open source, you have to pay for the suit yourself, and even if you win, you've had to spend a fortune on the case (the practical result being that most users would settle rather than litigate). Clear? [emphasis mine]
Sorry - but that's not very clear at all.
You seem to have trouble differentiating between Open Source, Vendor Supported & Proprietary software.
1) Open Source Vendors can (and do) have software assurance.
2) There is nothing special about proprietary software that means you cannot be sued by an IP holder for using it.
For example - if you use functioanlity covered by the excel patent case microsoft lost recently, then your business will suffer.
Gartner recommends the following: So... MS loses a patent case, you're liable to clean up the mess.
Furthermore, if the functionality is essential to you, and you avoid installing the service pack, you could be sued
MS is no different to Open Source.
First the vendor is sued, if the litigation is successful, they remove or work around the patent-protected functionality, then if the user continues using the disputed code, the user is liable.
"Ummmmmm", but that's exactly what I said. I said once the (Safari auto-download-and-execute) vulnerability is fixed, it will come down to social engineering.
Genius! You mean if an O/S has no remote execution vulnerabilities it comes down to indirect techniques to compromise a computer? My God - you may have stumbled upon something thats eluded security specialists for years! Quick - email de Raadt and let him know.
Whether or not Apple should do away with the idea of thinking there "are safe files" altogether (which I agree with) is a matter of a different discussion.
Nope:
1) You objected to my 'switch' to ubuntu joke. Ubuntu does do away with the idea of thinking there "are safe files".
2) Its one of the reasons for the vulnerability. Of course it belongs in this discussion.
OT: We should do this again sometime - nothing like a couple of one-eyed partisan fanboys talking at cross purposes.
Last bit first: However, I doubt you'll admit you were wrong and that you totally misread my post.
*sighs* Sheer arrogance.
To reply to your post in general terms:
1) Your original post made it sound like a changed icon/social engineering trick. Adding a single word 'also' does not mitigate that.
2) You repeat that this is what you do for a living (post on slahdot?). Congratulations. Being a computer professional does not make you special on slashdot.
3) Your closing argument (paraphrased): when the vulnerability is fixed, it will come down to social engineering. Ummmmmm OK - thats true I guess (shrugs). My point was Ubuntu (and all other linux distros I'm aware of) do not do the script auto-execution (of malformed, or otherwise) of which you speak. Prior to hearing of this, I thought neither did OS X
Um, not you're not - or you wouldn't have written in your original post:This vulnerability has nothing to do with icons.
OK - I guess its true that you're aware now you've read other posters detailing how this works.
Also, in case you hadn't noticed, getting a user to visit a web site is still a social engineering principle.
Not if the website's been hacked.
Once fixed (or, in the interim, a single box unchecked) every other aspect of this just becomes tricking the user to click something.
The fix should have been to disable the "Open safe files after downloading" option by default a year ago - Apple's failure to do this is fairly typical of a large software company trying to balance security & ease of use.
And as we all know, that can happen on any platform.
I am not aware of any way you can execute something under Ubuntu without explicitly setting the execute bit.
Please link to examples.
*Woooooooooooooooooosh*
That was the sound of a joke going over your head - did you feel your hair part?
And seriously, this isn't any bigger than any number of social engineering security vulnerabilities that take advantage of some flaw or shortcoming in any other OS...
Did you even read the vulnerability?
Visiting a malicious webiste can cause arbitrary code to run on your mac. This is not a social engineering trick - its true that it will only run at user priviliges - but that is going to be little consolation if you're home directory is trashed.
I'd expect a security update that addresses this *very* soon. This is a bad one.
Security fix has been out for some time.
Available here
Is that the best example you can come up with?
A six month old problem, that was fixed on the day you blogged about it. It now readsLook at the page's history and you seeOK - Wikipedia isn't perfect, but to completely dismiss it is....somewhat shortsighted of you.
After all - it's the only (decent) game in town when it comes to free, online information.
What about 3?
How do I use that with Ubuntu instead of OpenSuSE?
.Enable the universe repository (see AddingRepositoriesHowto)
/etc/X11/X with a symlink to /usr/bin/Xgl
/usr/bin/Xgl /etc/X11/X
/etc/init.d/gdm restart
Downoad the latest ubuntu CD, then:
1
2. Make sure that you have the latest mesa, libglitz1 and libglitz-glx1, xserver-xgl
sudo apt-get update
sudo apt-get install libgl1-mesa libglitz1 libglitz-glx1 xserver-xgl
3. Install compiz-kde and/or compiz-gnome depending on your desktop
sudo apt-get install compiz-gnome
4. Replace
sudo ln -sf
5. Close all applications and restart gdm (This will log you out!)
sudo
6. Log in, then in a terminal start compiz and the Gnome window decorator (do NOT use sudo here)
compiz --replace gconf decoration wobbly fade minimize move place resize scale switcher cube rotate zoom
gnome-window-decorator
Leave out the gconf plugin if you don't have compiz-gnome installed
7. Add these commands to ~/.gnomerc if you want this on every login (which you probably do)
Taken from the Ubuntu xgl howto wiki
I guess you're the sort of person who believes that you can sell yourself into slavery? Or you have no recourse to sue a drunken doctor after a botched operation if you'd signed a no-sue waiver?
If I want to I'm going to:
So you think I should be able to do none of these things and just accept the shackles blindly?
It's immoral when large companies like Microsft, Sony & now Apple try trying to limit our right to do whatever the hell we like with legally purchased goods.
But to issue a takedown over a link is just disgusting. Apple needs to take a good look at the ethics of other compapnies that do this sort of thing and ask itself - is this really where I want to go?
They wrote OS X. They get to decide how to sell it. If you don't like the conditions, don't buy it.
Would you agree with that sentiment if it was on a CD - telling you not to format shift or listen to it in your car? Or how about MS saying you can't run your legally purchased OS under vmware? Or Blizzard saying you can't run WoW under wine? Or how about telling you you can't watch a DVD on your computer?
It is immoral to say "I don't like the conditions they're selling it under, so I'm going to violate them." How can you not respect the fact that they, as authors of the software, have the right to sell it under the terms they prefer?
Utter nonsense. It is immoral for a company to try and restrict your natural rights.
Your book analogy btw is complete bunk. A better analogy would be selling a digital book tied to an ereader.
what feature will I get that I don't already have in Mac OS X 10.4?
The ability to run specific win32 apps.
That is the only difference.
As you've noted that most of the features in Vista (Music management / photo management / drm / desktop search / etc are already present (or have equivilants) in OS X.
Don't you mean "From the TFA article", or maybe "from the friggin' TFA article"? :)
*heh*
AER Redudancy surrounds us.
hahahahaha!
/. cliche was replaced. And just in the nick of time, the emperor goes and saves us from tedious repetition.
It's about time the Steve Ballmer chair throwing
Everyone pull together, if you find yourself writing "Steve Ballmer leaned towards the chair, hefted it and....", replace it with "Dick Cheney cocked his shotgun, downed a couple of beers and...."
We can make this cliche work.
This is good news....That means its fixable with a minor software patch. Much better then having broken hardware.
Good news for whom?
I agree that it's certainly good for people unfortunate enough to use Microsoft's operating systems - they'll be able to fix a problem with a software patch rather then a hardware patch.
However, it's certainly not good news for microsoft - the small amount of trust that people have left in MS's QA processes will be lost in the news that they found this bug over six months ago, but didn't bother releasing a patch until it was publicised. (I hope their security QA processes are better)
There's a driver glitch with brand new hardware!!!
From the TFANope, not new hardware. USB is not new. The core duos just made the problem more obvious.
It's already been two weeks and they haven't fixed it yet!!
From the TFASo, its actually been over six months and they haven't fixed it yet.
As usual, Microsoft waits for an issue to become public before bothering to fix it.
The complaint was made by kazaa, not about kazaa.
Scroll to the bottom of the page & you see: