Yes, Microsoft should be responsible, when those people who wrote the code using Microsoft dlls are distributing a vulnerable version of the dll. Microsoft approved the distribution of the dll, so they should know who did.
No, MS should not be responsible for fixing code that third parties distributed using their code libraries. Just as no F/OSS code library project should be resonsible for trackind down anyone who might have used their code library.
However, MS should do a better job of making it clear to third party developers that the DLL may be included in their project (often without the knowledge of the project. Visual Studio does a great job of hiding the relevant DLLs that get loaded into a project.) None of the MS advisories on this that I have seen have included any recommendation to developers or consumers that they need to take additional steps after patching their system.
MS should, though, have produced the tool that Tom Liston did. His scanner is 7k. Surely MS could have come up with something like that--and if you run Tom's GDI scanner, you'll note some places where it identifies possible problems. MS would be in a much better position to be know if that is the case and thus able to provide better information.
So, I disagree with what you are faulting MS for, but not the fact that MS should be faulted.
The argument is that these companies need permission from MS, who should then have a master list of who asked for permission and why.
But, I'll bet that MS gives developers permission to distribute these with Visual Studio, which would mean there is no way that MS has a master list--moreover, much of the software may be for internal applications and the developer is long gone.
So, any VB program that does image manipulation may be poetentially vulnerable.
From a thread on the Yahoo SCOX board where the challenge is to come up with the best joke that starts with "Darl, Chris and Blake walk into a bar. .."
Darl, Chris and Blake walk into a bar.
The waitress says, "Darl, you have a telegram waiting, its the quarter-end results." Darl happily takes the telegram and tosses it on to the bar's grill, where it bursts into flames.
The waitress comes back and says, "Darl, you have a phone call. Its an industry analyst." Darls walks over to the phone, and while talking, he pivots in a circle until the call is complete, then returns.
Finally, the waitress announces, Darl, you have a fax coming in. Darl gets up, and backs slowly toward the machine, rips off the page, and returns to the booth.
Blake looks at Chris and says, "I understand the part where Darl habitually cooks the numbers and spins a tale, but what was that last thing?" Chris says, "Oh that? He'll never ever face the fax."
(:) 2004, the Tubby Nuisance Network. "All wrongs preserved."
What everyone is waiting for now is the Ch11/13 of SCO so they can tear it into pieces and buy the parts they want.
Actually, what I'm waiting for is for IBM to "pierce the corporate veil" and go after Canopy's assets. (Google the phrase or seach for it on Groklaw for detailed discussions.) Under normal circumstances an incorporated entity shields the assets and freedom of the entities that created the corporation from legal attack. That is why you may see corporations paying out millions when they lose a big lawsuit, but you don't see the officers of that corporation personally liable, except perhaps in extreme circumstances like Enron.
Canopy (The private parent group that owns SCO) has already made out well. SCO could go belly up today and Canopy and Ralph Yarro who runs it would be ahead of the game. However, there are a number of things which make it appear that Yarro and Canopy may have helped to direct the SCO attacks--including the early involvement of the Canopy legal counsel, the Vultus acquisition, and a number of others.
I think the odds are against IBM being able to pierce that corporate veil and go after Canopy. However, if it can, it will really send a message to those that might consider another scam like this. The message would be that you could lose your personal fortunes. Even an unsuccessful attempt to pierce the veil would have a welcome chilling effect on similar future actions.
Now, as to the fire sale when SCO enters bankrupcy, my hope is that it will happen after SCO loses some court cases that make it clear eithre that it doesn't even own the IP (and the Novell dismissal with prejudice judgement would not do that) and/or that there is no Unix IP in Linux. Because if that isn't settled, all someone has to do is pick up that IP at the firesale and start all over.
I work in a financial institution in California. We do.
My understanding of the California law is that it applies not just to financial institutions but to all companies storing personal information on California residents. NOTE: Not all California companies, but all companies storing information on California residents.
The CNN article says Acxiom, headquartered in Little Rock and Conway, Arkansas, stores and processes millions of bits of data on behalf of a wide range of clients that include IBM, GE, Microsoft and many major credit card companies., so if there are any California consumers who think they may have used a credit card or done business with GE, Microsoft or IBM, they might want to look up the law and see if they can sue since Acxiom has not contacted them.
You are correct, not many. However, that isn't the point of this pointless system. Getting a patent decalred invalid through prior art is a very, very expensive proposition. In fact, this slashdot story from last Friday points out that of the approx 7,000,000 existing patents, only 614 have been revoked, and only 3927 have had their claims narrowed.
And MS has lots of money. They've spent some of it successfully and unsucessfully defending patent attacks against themselves. But, if they wanted to cause damage, they could. Of course, they have to tread lightly because they could also provoke anti-trust regulators, could damage the attempts to get software patents valid in Europe, and could piss off IBM into a patent pissing contest which both would regret.
I think it more likely that SCO was a toe-in-the-water test case. You will likely see legal attacks using patents, but they won't come from MS first. It will be other small, dying companies or from the patent portfolio companies who can't really be harmed except to go bankrupt and then transfer their patents to another holding company.
However, if these smaller (but still expenive) test cases begin to work, then I think you may see MS opening up its own portfolio. In the meantime, you'll just see them using them to cross-license and to keep partners in line.
McBride took over in late Summer of 2002. From ESR's Halloween VII, we know that in Sept. 2002 that MS was talking about attacking Linux via patents and the risk of a lawsuit. From Halloween VII:
"Linux patent violations/risk of being sued" struck a chord with US and Swedish respondents. Seventy-four percent (74%) of Americans and 82% of Swedes stated that the risk of being sued over Linux patent violations made them feel less favorable towards Linux. This was the only message that had a strong impact with any audience.
Now, my personal opinion is that Morgan Keegan got wind of this and introduced SCO to MS--though it could well have been someone at SCO or MS who started the introductions, but the timeline of this HP memo fits.
Actually, it means I have something to throw back at my mother the next time she starts into her "I carried you in my womb for nine months. . . " routine.
I believe that another issue with the potential damage that could result from a big quake is the ground. Much of the ground there is clay, deep soil and water. During an extended quake, some have predicated that it could become very quicksand like and simply swallow up structures.
My dad is involved in the Civil Air Patrol and recently participated in multi-agency exercises to simulate a New Madrid Fault quake. If one happens there, it is likely to be much worse than a California quake because of the level of unpreparedness in the populace and the building codes.
What kind of sadist buys Domino and then makes people out in the field on modem lines use iNotes instead of the Domino client? The whole sale point of the Domino client is replication!
Which is exactly why we made the decision to go with that instead of paying MS the same amount of money to upgrade our ancient exchange server, which meant also upgrading the server OS and getting more expensive client licenses. Unfortunately, we are in the middle of a migration right now and as I said, we have users out in the field for long periods of time.
The web client is what they will use until we get their laptops set up with the Notes client. It's an easy thing to send out a CD containing Firefox, but the Notes client installs will be done in-house.
At my work with 250+ users, we are coming very close to making that decision. Part of the reason is that we have a number of users out in the field for long periods of time using laptops in the middle of nowhere. For the most part, any internet connections are dial-up.
So, part of our reason for seriously considering moving is that we've had a number of trojans on those machines exploiting IE holes. This combined with the pain of downloading MS patches on dial-ups is leading the IT department to lean toward a FireFox standard. One of the things that had been holding us back was problems with the iNotes client in FireFox 0.8. It works in 0.6, not 0.8. Well, it is working again in 0.9.
To give an idea about the problems involved in drilling the ice cores, you have to realise that 3km underground there is a lot of pressure due to the weight of the ice sitting above. 3km is roughly Antarctic bedrock
Any issues with the ice shifting and causing the shaft to no longer be aligned? I mean, if part of the hole is drilled one year and another part later it seems that this is a real possiblity.
If you look at the posts on your item 4, jnana is the alias that Justin chose. As you have show (10), he is an English major, and looking at some of the posts, it looks like this guy is an Englishmajor, or at least someone with humanities training.
And, as much as it is somewhat disturbing how much can be dug up regarding someone on the web, his slashdot sig has a link to a Students for Orwell site, so I imagine in a perverse sort of way that Jusin might approve of all of this. And least an English major, he should appreciate the irony.
My company gets its T1 service from SBC. My ISP does to. I know someone who works for a Chicago company that has a DS3 from SBC with a few T1 lines from other providers--but most of those other providers actually use SBC circuits anyway.
This is news because if there are network problems that cannot get fixed in a timely basis, you could see major swaths of the US dropping offline.
I do not think this is at all likely, but it is a possibility. This is more than just local phone service and given that the ISP's and corporations using that SBC backbone are providing the content for many of the sites that Slashdotters surf to, this is newsworthy.
But, they should have explained the acronyms and why this was significant.
If it was as simple as implementation (binary or even source code), "we" could write a new implementation that was compatible with their one (did the same thing in a different way), and multi-vendor secure TCP comms could happen. Unfortunately it's not that simple because they've likely patented the processes, although we'd have to wait for the patents to be available to see, I think.
And the nice side effect of all of that would be that with diverse implementations of the specs, the chance of a single vulnerability affecting all of the systems is greatly reduced.
But, I suspect you are correct. The patent's granted them are likely so broad that competing implementations will still infringe. I'm so glad that we have this patent system to encourage innovation.
The artical says GSM phone.....what if you live somewhere that has no GSM coverage? I mean, if you aren't near a coast or a heavily populated area, you kinda screwed no?
Given that the article also says they are going to drive the SUV to you, I would expect that they will know which city the cell-phone is located in. I can't imagine them driving the SUV all the way across the country.
So, likely it will be released where GSM coverage is available.
Incredible stuff and I highly recommend it. It is the first thing I thought of when I saw Elena's first set of pictures. If you get a chance to see it, do so--but be warned, it is very long and very slow. If you are a fan of film worth checking out. If you only go see films with pyrotechnics, take a pass.
I had downloaded Stellarium over a year ago when my young son was first starting to be interested in stars. Haven't used it much, but kept it installed on the computer. That was why I remembered it to do the parent post.
I started poking around the sourceforge forum, and not only is my version out of date, but they are actively working on a project to add constellation overlays into the display. Check out Ursa Major and a toucan constellation I'm not familiar with.
Actually, you could be right now. I had been involved in a discussion way, way back on the Yahoo SCOX board where a number of us had come to the conclusion that Paul Allen likely was not an investor via Vulcan--based partly on the reading of the chart I discussed. Based on my own bias, I probably read the line in the Newsforge article that way.
What I am forgetting here is that we are dealing with SCOSpeak and its ilk. I need to parse more carefully.
At least the Newsforge article mentions RBC. Maybe someone will start digging into that more.
If you read the label on that chart, it shows the top 10 investors in all PIPEs since 1995. I'm willing to bet that is one of those misleading graphics that BayStar really regrets now. The graphic is probably showing the top investors in PIPE deals in general and trying to imply that those investors are working with BayStar.
That would make sense in terms of BayStar admitting that MS pointed them to SCO but still denying the Paul Allen connection. (BTW, in the same Newsforge article, BayStar specifically refuses to say there is no MS investment money in BayStar, just that Paul Allen isn't working with them through Vulcan.)
Slashdot Mirror
Yes, Microsoft should be responsible, when those people who wrote the code using Microsoft dlls are distributing a vulnerable version of the dll. Microsoft approved the distribution of the dll, so they should know who did.
No, MS should not be responsible for fixing code that third parties distributed using their code libraries. Just as no F/OSS code library project should be resonsible for trackind down anyone who might have used their code library.
However, MS should do a better job of making it clear to third party developers that the DLL may be included in their project (often without the knowledge of the project. Visual Studio does a great job of hiding the relevant DLLs that get loaded into a project.) None of the MS advisories on this that I have seen have included any recommendation to developers or consumers that they need to take additional steps after patching their system.
MS should, though, have produced the tool that Tom Liston did. His scanner is 7k. Surely MS could have come up with something like that--and if you run Tom's GDI scanner, you'll note some places where it identifies possible problems. MS would be in a much better position to be know if that is the case and thus able to provide better information.
So, I disagree with what you are faulting MS for, but not the fact that MS should be faulted.
The argument is that these companies need permission from MS, who should then have a master list of who asked for permission and why.
But, I'll bet that MS gives developers permission to distribute these with Visual Studio, which would mean there is no way that MS has a master list--moreover, much of the software may be for internal applications and the developer is long gone.
So, any VB program that does image manipulation may be poetentially vulnerable.
From a thread on the Yahoo SCOX board where the challenge is to come up with the best joke that starts with "Darl, Chris and Blake walk into a bar. . ."
Darl, Chris and Blake walk into a bar.
The waitress says, "Darl, you have a telegram waiting, its the quarter-end results." Darl happily takes the telegram and tosses it on to the bar's grill, where it bursts into flames.
The waitress comes back and says, "Darl, you have a phone call. Its an industry analyst." Darls walks over to the phone, and while talking, he pivots in a circle until the call is complete, then returns.
Finally, the waitress announces, Darl, you have a fax coming in. Darl gets up, and backs slowly toward the machine, rips off the page, and returns to the booth.
Blake looks at Chris and says, "I understand the part where Darl habitually cooks the numbers and spins a tale, but what was that last thing?" Chris says, "Oh that? He'll never ever face the fax."
(:) 2004, the Tubby Nuisance Network.
"All wrongs preserved."
What everyone is waiting for now is the Ch11/13 of SCO so they can tear it into pieces and buy the parts they want.
Actually, what I'm waiting for is for IBM to "pierce the corporate veil" and go after Canopy's assets. (Google the phrase or seach for it on Groklaw for detailed discussions.) Under normal circumstances an incorporated entity shields the assets and freedom of the entities that created the corporation from legal attack. That is why you may see corporations paying out millions when they lose a big lawsuit, but you don't see the officers of that corporation personally liable, except perhaps in extreme circumstances like Enron.
Canopy (The private parent group that owns SCO) has already made out well. SCO could go belly up today and Canopy and Ralph Yarro who runs it would be ahead of the game. However, there are a number of things which make it appear that Yarro and Canopy may have helped to direct the SCO attacks--including the early involvement of the Canopy legal counsel, the Vultus acquisition, and a number of others.
I think the odds are against IBM being able to pierce that corporate veil and go after Canopy. However, if it can, it will really send a message to those that might consider another scam like this. The message would be that you could lose your personal fortunes. Even an unsuccessful attempt to pierce the veil would have a welcome chilling effect on similar future actions.
Now, as to the fire sale when SCO enters bankrupcy, my hope is that it will happen after SCO loses some court cases that make it clear eithre that it doesn't even own the IP (and the Novell dismissal with prejudice judgement would not do that) and/or that there is no Unix IP in Linux. Because if that isn't settled, all someone has to do is pick up that IP at the firesale and start all over.
No, it's not bigger then the X17 event last October.
Remember, you can always get up to date information from NOAA's space weather site, including the page that has updated X-Ray images of the sun, auroral maps, and measurements of the magnetic field among other things.
I work in a financial institution in California. We do.
My understanding of the California law is that it applies not just to financial institutions but to all companies storing personal information on California residents. NOTE: Not all California companies, but all companies storing information on California residents.
The CNN article says Acxiom, headquartered in Little Rock and Conway, Arkansas, stores and processes millions of bits of data on behalf of a wide range of clients that include IBM, GE, Microsoft and many major credit card companies., so if there are any California consumers who think they may have used a credit card or done business with GE, Microsoft or IBM, they might want to look up the law and see if they can sue since Acxiom has not contacted them.
You are correct, not many. However, that isn't the point of this pointless system. Getting a patent decalred invalid through prior art is a very, very expensive proposition. In fact, this slashdot story from last Friday points out that of the approx 7,000,000 existing patents, only 614 have been revoked, and only 3927 have had their claims narrowed.
And MS has lots of money. They've spent some of it successfully and unsucessfully defending patent attacks against themselves. But, if they wanted to cause damage, they could. Of course, they have to tread lightly because they could also provoke anti-trust regulators, could damage the attempts to get software patents valid in Europe, and could piss off IBM into a patent pissing contest which both would regret.
I think it more likely that SCO was a toe-in-the-water test case. You will likely see legal attacks using patents, but they won't come from MS first. It will be other small, dying companies or from the patent portfolio companies who can't really be harmed except to go bankrupt and then transfer their patents to another holding company.
However, if these smaller (but still expenive) test cases begin to work, then I think you may see MS opening up its own portfolio. In the meantime, you'll just see them using them to cross-license and to keep partners in line.
It may be time to update my thoughts on the Anderer/MS timeline
McBride took over in late Summer of 2002. From ESR's Halloween VII, we know that in Sept. 2002 that MS was talking about attacking Linux via patents and the risk of a lawsuit. From Halloween VII:
"Linux patent violations/risk of being sued" struck a chord with US and Swedish respondents. Seventy-four percent (74%) of Americans and 82% of Swedes stated that the risk of being sued over Linux patent violations made them feel less favorable towards Linux. This was the only message that had a strong impact with any audience.
Now, my personal opinion is that Morgan Keegan got wind of this and introduced SCO to MS--though it could well have been someone at SCO or MS who started the introductions, but the timeline of this HP memo fits.
Imagine once these become readily available . . .
Imagine a beowulf cluster of these!
Actually, it means I have something to throw back at my mother the next time she starts into her "I carried you in my womb for nine months. . . " routine.
>
I believe that another issue with the potential damage that could result from a big quake is the ground. Much of the ground there is clay, deep soil and water. During an extended quake, some have predicated that it could become very quicksand like and simply swallow up structures.
My dad is involved in the Civil Air Patrol and recently participated in multi-agency exercises to simulate a New Madrid Fault quake. If one happens there, it is likely to be much worse than a California quake because of the level of unpreparedness in the populace and the building codes.
What kind of sadist buys Domino and then makes people out in the field on modem lines use iNotes instead of the Domino client? The whole sale point of the Domino client is replication!
Which is exactly why we made the decision to go with that instead of paying MS the same amount of money to upgrade our ancient exchange server, which meant also upgrading the server OS and getting more expensive client licenses. Unfortunately, we are in the middle of a migration right now and as I said, we have users out in the field for long periods of time.
The web client is what they will use until we get their laptops set up with the Notes client. It's an easy thing to send out a CD containing Firefox, but the Notes client installs will be done in-house.
At my work with 250+ users, we are coming very close to making that decision. Part of the reason is that we have a number of users out in the field for long periods of time using laptops in the middle of nowhere. For the most part, any internet connections are dial-up.
So, part of our reason for seriously considering moving is that we've had a number of trojans on those machines exploiting IE holes. This combined with the pain of downloading MS patches on dial-ups is leading the IT department to lean toward a FireFox standard. One of the things that had been holding us back was problems with the iNotes client in FireFox 0.8. It works in 0.6, not 0.8. Well, it is working again in 0.9.
To give an idea about the problems involved in drilling the ice cores, you have to realise that 3km underground there is a lot of pressure due to the weight of the ice sitting above. 3km is roughly Antarctic bedrock
Any issues with the ice shifting and causing the shaft to no longer be aligned? I mean, if part of the hole is drilled one year and another part later it seems that this is a real possiblity.
Actually, from your first response, it seemed pretty clear that you had a reasonable suspicion of his motivation at the time of the interview.
11. And he may well be jnana on slashdot.
If you look at the posts on your item 4, jnana is the alias that Justin chose. As you have show (10), he is an English major, and looking at some of the posts, it looks like this guy is an English major, or at least someone with humanities training.
And, as much as it is somewhat disturbing how much can be dug up regarding someone on the web, his slashdot sig has a link to a Students for Orwell site, so I imagine in a perverse sort of way that Jusin might approve of all of this. And least an English major, he should appreciate the irony.
My company gets its T1 service from SBC. My ISP does to. I know someone who works for a Chicago company that has a DS3 from SBC with a few T1 lines from other providers--but most of those other providers actually use SBC circuits anyway.
This is news because if there are network problems that cannot get fixed in a timely basis, you could see major swaths of the US dropping offline.
I do not think this is at all likely, but it is a possibility. This is more than just local phone service and given that the ISP's and corporations using that SBC backbone are providing the content for many of the sites that Slashdotters surf to, this is newsworthy.
But, they should have explained the acronyms and why this was significant.
If it was as simple as implementation (binary or even source code), "we" could write a new implementation that was compatible with their one (did the same thing in a different way), and multi-vendor secure TCP comms could happen. Unfortunately it's not that simple because they've likely patented the processes, although we'd have to wait for the patents to be available to see, I think.
And the nice side effect of all of that would be that with diverse implementations of the specs, the chance of a single vulnerability affecting all of the systems is greatly reduced.
But, I suspect you are correct. The patent's granted them are likely so broad that competing implementations will still infringe. I'm so glad that we have this patent system to encourage innovation.
The artical says GSM phone.....what if you live somewhere that has no GSM coverage? I mean, if you aren't near a coast or a heavily populated area, you kinda screwed no?
Given that the article also says they are going to drive the SUV to you, I would expect that they will know which city the cell-phone is located in. I can't imagine them driving the SUV all the way across the country.
So, likely it will be released where GSM coverage is available.
Stalker was a 1979 Film by Russian Director Andrei Tarkovsky. It is loosely based on a novella called Roadside Picnic by Arkady and Boris Strugatsky.
Incredible stuff and I highly recommend it. It is the first thing I thought of when I saw Elena's first set of pictures. If you get a chance to see it, do so--but be warned, it is very long and very slow. If you are a fan of film worth checking out. If you only go see films with pyrotechnics, take a pass.
So that's five (give or take one?) allotropes for carbon: amorphous, graphite, diamond, fullerenes, and nanofoam. Collect them all!"
Don't nanotubes make at least six? Or are you considering that a weird fullerene form?
I had downloaded Stellarium over a year ago when my young son was first starting to be interested in stars. Haven't used it much, but kept it installed on the computer. That was why I remembered it to do the parent post.
I started poking around the sourceforge forum, and not only is my version out of date, but they are actively working on a project to add constellation overlays into the display. Check out Ursa Major and a toucan constellation I'm not familiar with.
Cool stuff.
And if you need help identifying which is which, or exactly where they are, Stellarium is a great GPL'd product available for Linux, Win and Mac.
Sourceforge page
Actually, you could be right now. I had been involved in a discussion way, way back on the Yahoo SCOX board where a number of us had come to the conclusion that Paul Allen likely was not an investor via Vulcan--based partly on the reading of the chart I discussed. Based on my own bias, I probably read the line in the Newsforge article that way.
What I am forgetting here is that we are dealing with SCOSpeak and its ilk. I need to parse more carefully.
At least the Newsforge article mentions RBC. Maybe someone will start digging into that more.
If you read the label on that chart, it shows the top 10 investors in all PIPEs since 1995. I'm willing to bet that is one of those misleading graphics that BayStar really regrets now. The graphic is probably showing the top investors in PIPE deals in general and trying to imply that those investors are working with BayStar.
That would make sense in terms of BayStar admitting that MS pointed them to SCO but still denying the Paul Allen connection. (BTW, in the same Newsforge article, BayStar specifically refuses to say there is no MS investment money in BayStar, just that Paul Allen isn't working with them through Vulcan.)