On the other hand, if they fix the holes, people aren't vulnerable. Well, not to the same stuff, anyway. I still think that some of the holes are deliberately introduced along with other patches, so that Microsoft has a perfect excuse to unload more stuff on the unsuspecting people. Without actually analysing one of their security patches, I'd guess that the typical patch composition is one part bug fix, one part DRM (or other stuff) and one part bugs for the next round of patches to hang on.
This isn't just because governments all over the world are running away from Microsoft. It has to be related to the recent hand-slap from Judge Kollar-Kotelly as well. The remedy she handed out forces MS to publish their middleware APIs except where security might be compromised.
So, they hand out patches that upgrade security, they hand out all the old APIs, and they use the security-exception loophole in the remedy to hide the new APIs.
Then, while Microsoft promote their new, squeaky clean image, everybody else's apps break because they rely on something in the old APIs that Microsoft removed because of security implications.
Joe User may think he won't have to upgrade or load patches, but think about the average company that replaces PCs every year. Pretty soon the new PCs will have the new, patched Windows, with the shiny, new (and secret) APIs. Half Joe's company won't be able to share docs with the other half, even though everybody is using MS products. So the old desktops get upgraded/patched for compatibility. And then Joe User discovers he can't write docs at home and bring them in to work, so he pirates (or buys, or is given by the company) the new Office 2003 or whatever. Only it doesn't work with the old Windows he has at home, so he upgrades/patches...
Is this a monopoly illegally leveraging their stranglehold on the market? Hell yeah!! Is the Administration going to slap their wrists again? Don't hold your breath.
If I walk into someone's store, the store is permitted to have someone follow me -- either in person, or by video camera. I'm on private property, and the property owner is entitled to watch what I am doing.
Store cameras, OK. There's enough of those in use that if they were of dubious legality, there would have been a messy public lawsuit.
When you surf on a site, you are accessing someone elses server. They are the property owner, and they have the right to a report to see what you are doing.
Monitoring a server, on the other hand, is not so easy to dismiss. In "Firewalls and Internet Security" by Cheswick and Bellovin, there's a chapter which discusses the legality of monitoring on your own system. What it boils down to is, if you have, for example, a keystroke monitor that records everything an intruder types, you may be running an illegal wiretap... Crazy, but true, apparently. Never mind that you own the system being hacked into...
Now fold that in with some of the idiocy that passes through US courts these days and it could be actually be illegal for Red Sherriff (and others) to run such monitors.
It may also be illegal for you to run an ad-blocker (wiretap that monitors for specific electronic messages) on your own PC, especially if it interferes with the ad-senders First Amendment rights by deleting their ads. And before anyone flames me for that statement, let me say this - I firmly believe that Freedom of Speech means freedom to voice your opinion and nothing more (where "voice" includes talking, writing, painting, etc). That Amendment absolutely does not guarantee that anyone will listen, nor can you force them to. So, if I'm walking down the street wearing headphones, listening to some music, you can talk all you like, and I can ignore you, and you'd better not touch my 'phones...
I've been wondering about that. I'm not a citizen and therefore can't vote, so could I legally refuse to pay tax? I'm not bitching and moaning, by the way, just curious. I've been here for 9 years and can't apply for citizenship for another 4 years. Every year I pay enough tax to buy a reasonably good new car, and I can guarantee that the same money would be spent here one way or another...
I see some complications here. Aside from the constitutional problems, there are matters such as 'which state gets the revenue?'
There are 2 answers to that one:
1) Draw a straight line between the store location and the purchaser's home. Any state the line passes through gets a percentage of the tax based on the proportion of the line that runs through that state. 2) use the UPS or FedEx (or whatever) tracking system to determine either how long the package stayed in each state, or how many miles it covered. Divide the tax proportionally.
Technically, this would also affect auctions as well.
I was wondering about that as well - if I (in OK) use eBay (CA ?) to sell to you (in GA), presumably I have to 1) send Georgia the sales tax you paid; 2) send Oklahoma income tax for the money I receive from you. eBay would pay someone tax on their slice of the transaction, but would it go to GA, CA, or OK?
The way I read it, once enough states (10 or more) have simplified the online sales nightmare sufficiently, they can ask Congress for legislation to apply it to the rest, regardless.
Do you pay federal income tax in Oregon? Any other Federal taxes? This would be another one...
And so the online stores will "invent" (and probably patent) a method whereby "a remotely located purchaser may view a selection of products online and subsequently place an order using existing communications infrastructure". Also known as online catalog sales, this method reduces to on of several tax-avoiding measures:
1) Fill out the online order form, print it, fax it. 2) Fill out the online order form, print it, mail it. 3) Fill out the online order form, call the 800 number, quote the order reference number, provide payment and shipping details over the phone.
Which begs the question: suppose I email an order? Is that close enough to "mail order" to escape the tax?
IANAL, but I'm sure a bunch of 'em will make $$ on answering the above question...
So, did anyone call the Business Software Alliance about the suspected 50,000,000 illegal copies of Windows scattered about the Indian sub-continent? After all, they are the Microsoft License Enforcement Division, right?
Look at it this way - if the Judge decides that the MS in-house enforcement committee isn't doing a good job, she has an excellent reason to kick some MS ass. MS can't point the finger to an external target and claim "they didn't make us comply", because the target is their own officers.
It'll be interesting to see exactly who the Judge decides to drag back to court when (not if) compliance becomes an issue worth pursuing.
how likely is it that the Judge will actually exercise this power
You may be forgetting the opportunities involved in an Administration change. The Judge awarded her court the opportunity to exercise this power in the next 5 (or even 7?) years, right? So, suppose in a couple of years time, George Dubya's government fades away and is replaced by a government more willing to kick the living daylights out of MS...
Perhaps a better question would be: who has the acoustically-perfect room required to actually hear the difference?
I laugh when I hear of people spending $1000 or more on ultra-perfect in-car hifi - like the steel box with noisy internal combustion engine and 50-mph wind howling past that they mount it in isn't going to introduce weird harmonics to ruin the experience. Now I can laugh at people doubling the cost of their home audio system with little to show for it.
The guys selling this stuff could probably sell snow to Eskimos...
I wonder if Nasa can shake about $20million loose from the money tree and send Art Bell up on the next Russian tourirst launch? Make that $10million and forget the return trip. Shoot him at the moon...
Still, even that probably wouldn't silence the protestors - they'd claim Art Bell was murdered by NASA and buried somewhere out in a handy desert. Even in the face of Art Bell saying, "hey, this is cool! I feel so light here on the Moon!" That'd be a recording done at gun-point before they shot and buried him, right?
About the only argument that might shut up the nay-sayers is: "So prove we didn't go to the moon! Go there and bring back photos of our supposed landing sites that show no lunar landers, lunar experiments, etc." If they say, "We don't have to prove you didn't go, it's obvious", we say, "Fuck off, you ignorant morons."
Tivo may or may not go down the tubes. Whether it does or not, the actual article saying that Tivo is dying is also saying that Tivo clones are popping up left and right. Anyone with an ounce of sense reading this is going to say, "So what? I'll just get an unbranded Tivo from the cable company."
Of course, we all know how many people reading the article have an ounce of sense in the first place...
Or alternatively, there's going to be the biggest ever cookout in Redmond this weekend, for all the loyal employees that didn't fork over incriminating evidence...
...they can only refuse if releasing it would compromise security...
MS is already covered on that one. It wasn't so long ago that they told a judge "our code is so buggy that making any part of it public would compromise national security" or some such twaddle.
Looks almost like they were expecting that provision in the Final Judgement.
What if it isn't known to Microsoft, but it is merely suspected by Microsoft? That technicality would give Microsoft pre-emptive monopolistic powers which wouldn't be restricted by this settlement.
That's not hard to deal with. If the OEM officially notified MS of their intentions via some legally recognised method of delivery, such as a process server, they'd find it difficult to claim they didn't know. Especially if the notice was also hand delivered to the oversight committee as well as the major newpapers in Redmond.
Even if it cost $1000 (or whatever - I have no clue) I'd imagine the OEM's legal dept would recommend such action fairly forcefully.
On the other hand, if this money is to be evenly distributed between the folks (out of the 325) that stay, it becomes an "encourage your peers to leave" bonus.
...pages not yet linked and their corresponding URL perhalps a big fat DMCA case might come about if Reuters or someone figured that "~a2eslcf" meant "third quarter" in some sorry 2 bit encryption.
DMCA? Sweden? Umm, no...
Norway may have caved in and harrassed that kid for the DeCSS thing, but I doubt that either country has as stupid a law as the DMCA.
Perhaps more to the point is the comment in the article about Reuters doing the same thing to Nordea AB. Someone else commented that Intentia is tanking. If so, and if Intentia knew about Nordea, maybe this is a last ditch effort to fix themselves up by sueing for damages.
If the lawsuit fails, they can still fire the admin and tell the stockholders that the stock is going down the toilet because of the early disclosure. If the suit succeeds, the awarded damages may bolster the company until it recovers.
If I'm right, and if the judge sees it too, look for Intentia to win the case and get damages of $1...
The question is, how public was the Nordea exposure?
... I guess it's just MSXML rather than THE standard XML. But we can figure it out with some "intelligent guesswork" now because the file would be human-readable.
And that's exactly where they'll bite. MSXML will have some "incompatibilities" just like MS introduced with Sun's Java. It'll probably be some kind of security flaw(*), to provide them with an excuse to skew the standard just a little bit when they provide MSXML-SP1. The standard will be skewed just enough for other XML stuff to start breaking, at which point some MS bigwig will have a perfect opportunity to badmouth open source yet again.
On top of that, MS will be able to DMCA-SLAPP people trying to unpack MS(DRM-enabled)XML files to find out what's broken.
* Read 'stacked security flaws'. You know, the kind that mask each other so that only the top one shows, giving them a perfect excuse to issue multiple Service Patches that silently implement all kinds of other DRM stuff as they unwind the stack.
Slashdot Mirror
On the other hand, if they fix the holes, people aren't vulnerable. Well, not to the same stuff, anyway. I still think that some of the holes are deliberately introduced along with other patches, so that Microsoft has a perfect excuse to unload more stuff on the unsuspecting people. Without actually analysing one of their security patches, I'd guess that the typical patch composition is one part bug fix, one part DRM (or other stuff) and one part bugs for the next round of patches to hang on.
So, they hand out patches that upgrade security, they hand out all the old APIs, and they use the security-exception loophole in the remedy to hide the new APIs.
Then, while Microsoft promote their new, squeaky clean image, everybody else's apps break because they rely on something in the old APIs that Microsoft removed because of security implications.
Joe User may think he won't have to upgrade or load patches, but think about the average company that replaces PCs every year. Pretty soon the new PCs will have the new, patched Windows, with the shiny, new (and secret) APIs. Half Joe's company won't be able to share docs with the other half, even though everybody is using MS products. So the old desktops get upgraded/patched for compatibility. And then Joe User discovers he can't write docs at home and bring them in to work, so he pirates (or buys, or is given by the company) the new Office 2003 or whatever. Only it doesn't work with the old Windows he has at home, so he upgrades/patches...
Is this a monopoly illegally leveraging their stranglehold on the market? Hell yeah!! Is the Administration going to slap their wrists again? Don't hold your breath.
Store cameras, OK. There's enough of those in use that if they were of dubious legality, there would have been a messy public lawsuit.
Monitoring a server, on the other hand, is not so easy to dismiss. In "Firewalls and Internet Security" by Cheswick and Bellovin, there's a chapter which discusses the legality of monitoring on your own system. What it boils down to is, if you have, for example, a keystroke monitor that records everything an intruder types, you may be running an illegal wiretap... Crazy, but true, apparently. Never mind that you own the system being hacked into...
Now fold that in with some of the idiocy that passes through US courts these days and it could be actually be illegal for Red Sherriff (and others) to run such monitors.
It may also be illegal for you to run an ad-blocker (wiretap that monitors for specific electronic messages) on your own PC, especially if it interferes with the ad-senders First Amendment rights by deleting their ads. And before anyone flames me for that statement, let me say this - I firmly believe that Freedom of Speech means freedom to voice your opinion and nothing more (where "voice" includes talking, writing, painting, etc). That Amendment absolutely does not guarantee that anyone will listen, nor can you force them to. So, if I'm walking down the street wearing headphones, listening to some music, you can talk all you like, and I can ignore you, and you'd better not touch my 'phones...
Nope, probably not. Being the creator of the principal character and the storyline have no bearing on movie at all, right?
I've been wondering about that. I'm not a citizen and therefore can't vote, so could I legally refuse to pay tax? I'm not bitching and moaning, by the way, just curious. I've been here for 9 years and can't apply for citizenship for another 4 years. Every year I pay enough tax to buy a reasonably good new car, and I can guarantee that the same money would be spent here one way or another...
There are 2 answers to that one:
1) Draw a straight line between the store location and the purchaser's home. Any state the line passes through gets a percentage of the tax based on the proportion of the line that runs through that state.
I was wondering about that as well - if I (in OK) use eBay (CA ?) to sell to you (in GA), presumably I have to 1) send Georgia the sales tax you paid; 2) send Oklahoma income tax for the money I receive from you. eBay would pay someone tax on their slice of the transaction, but would it go to GA, CA, or OK?2) use the UPS or FedEx (or whatever) tracking system to determine either how long the package stayed in each state, or how many miles it covered. Divide the tax proportionally.
Do you pay federal income tax in Oregon? Any other Federal taxes? This would be another one...
Has anyone ever estimated how much sales tax is "lost" by people using mail order instead of walking into a bricks-and-mortar store?
1) Fill out the online order form, print it, fax it. .
2) Fill out the online order form, print it, mail it.
3) Fill out the online order form, call the 800 number, quote the order reference number, provide payment and shipping details over the phone
Which begs the question: suppose I email an order? Is that close enough to "mail order" to escape the tax?
IANAL, but I'm sure a bunch of 'em will make $$ on answering the above question...
So, did anyone call the Business Software Alliance about the suspected 50,000,000 illegal copies of Windows scattered about the Indian sub-continent? After all, they are the Microsoft License Enforcement Division, right?
It'll be interesting to see exactly who the Judge decides to drag back to court when (not if) compliance becomes an issue worth pursuing.
You may be forgetting the opportunities involved in an Administration change. The Judge awarded her court the opportunity to exercise this power in the next 5 (or even 7?) years, right? So, suppose in a couple of years time, George Dubya's government fades away and is replaced by a government more willing to kick the living daylights out of MS...
Perhaps a better question would be: who has the acoustically-perfect room required to actually hear the difference?
I laugh when I hear of people spending $1000 or more on ultra-perfect in-car hifi - like the steel box with noisy internal combustion engine and 50-mph wind howling past that they mount it in isn't going to introduce weird harmonics to ruin the experience. Now I can laugh at people doubling the cost of their home audio system with little to show for it.
The guys selling this stuff could probably sell snow to Eskimos...
Still, even that probably wouldn't silence the protestors - they'd claim Art Bell was murdered by NASA and buried somewhere out in a handy desert. Even in the face of Art Bell saying, "hey, this is cool! I feel so light here on the Moon!" That'd be a recording done at gun-point before they shot and buried him, right?
About the only argument that might shut up the nay-sayers is: "So prove we didn't go to the moon! Go there and bring back photos of our supposed landing sites that show no lunar landers, lunar experiments, etc." If they say, "We don't have to prove you didn't go, it's obvious", we say, "Fuck off, you ignorant morons."
Tivo may or may not go down the tubes. Whether it does or not, the actual article saying that Tivo is dying is also saying that Tivo clones are popping up left and right. Anyone with an ounce of sense reading this is going to say, "So what? I'll just get an unbranded Tivo from the cable company."
Of course, we all know how many people reading the article have an ounce of sense in the first place...
Or alternatively, there's going to be the biggest ever cookout in Redmond this weekend, for all the loyal employees that didn't fork over incriminating evidence...
MS is already covered on that one. It wasn't so long ago that they told a judge "our code is so buggy that making any part of it public would compromise national security" or some such twaddle.
Looks almost like they were expecting that provision in the Final Judgement.
That's not hard to deal with. If the OEM officially notified MS of their intentions via some legally recognised method of delivery, such as a process server, they'd find it difficult to claim they didn't know. Especially if the notice was also hand delivered to the oversight committee as well as the major newpapers in Redmond.
Even if it cost $1000 (or whatever - I have no clue) I'd imagine the OEM's legal dept would recommend such action fairly forcefully.
On the other hand, if this money is to be evenly distributed between the folks (out of the 325) that stay, it becomes an "encourage your peers to leave" bonus.
DMCA? Sweden? Umm, no...
Norway may have caved in and harrassed that kid for the DeCSS thing, but I doubt that either country has as stupid a law as the DMCA.
If the lawsuit fails, they can still fire the admin and tell the stockholders that the stock is going down the toilet because of the early disclosure. If the suit succeeds, the awarded damages may bolster the company until it recovers.
If I'm right, and if the judge sees it too, look for Intentia to win the case and get damages of $1...
The question is, how public was the Nordea exposure?
I can't believe you used 'discretion' and 'news organization' in the same sentence... :)
And that's exactly where they'll bite. MSXML will have some "incompatibilities" just like MS introduced with Sun's Java. It'll probably be some kind of security flaw(*), to provide them with an excuse to skew the standard just a little bit when they provide MSXML-SP1. The standard will be skewed just enough for other XML stuff to start breaking, at which point some MS bigwig will have a perfect opportunity to badmouth open source yet again.
On top of that, MS will be able to DMCA-SLAPP people trying to unpack MS(DRM-enabled)XML files to find out what's broken.
* Read 'stacked security flaws'. You know, the kind that mask each other so that only the top one shows, giving them a perfect excuse to issue multiple Service Patches that silently implement all kinds of other DRM stuff as they unwind the stack.
They backed off until they can cram it down our throats some other way...