This is not a hack like a "neutral 3rd party" can afford. It's an official patch MS is held accountable for and which becomes an integral part of the system when applied.
True enough, though I fail to see how it applies to the schedule of the release, which was the original point. Microsoft could have announced the work-around during the days between the publication of the vulnerability and the announcement of the first unofficial patch-- the work-around was pretty obvious. Yet MS did not do so-- perhaps during that period of lots of people on vacation there was noone on duty with the clear authority to take such an action.
May I remind you that Vista is a beta software which, when you install you agree to a EULA with huge letters written that it's a beta, and NOT to be used on mission critical machines?
May I bring to your attention that my response was irt your assertion that "Vista has whole new ways of battling malware"? I contend that the presence of this security flaw in the Vista design suggests that Vista's new ways of battling malware are questionable. This has nothing to do with the current limitations on Vista's deployment.
Yea, if I want to talk with a robot next time I'll know who to turn to.
I think I've just been zinged for attempting to be reasonable rather than emotional in a discussion about operating system security. I find that curiously amusing.
Do you actually think that such prosecution would take place?
I don't think it's probable right now, for the reasons you've cited. I also think that "prosecution" is too strong a word-- I believe a Grand Jury is charged with investigating whether something is going on that might then need to be prosecuted (or maybe not).
However the Washington State Attorney General is an elected post, iirc. So it is possible that this might come about, since playing the White Knight defending the average voter against the Evil Dragon is such a popular political stance for an AG to take. Especially if he has his eye on some higher political rung.
So it is certainly possible. And the more that it is talked about in public forums, the more probable it becomes. This would be the kind of landmark case that would let a savvy AG could steer a middling course where his political future was enhanced no matter what the outcome of the GJ investigation-- he could be the one to clean Microsoft of blackguards, or the one that laid to rest all the conspiracy theories surrounding Microsoft. He could concievably exert a lot of influence on creating a set of "generally accepted software development procedures" that would apply to software houses in a way similar to how the GAAP applies to accounting firms.
A canny AG could use this opportunity to explore how law should be applied in the cyber realm, and do so in a highly public way, and in a way that would result in positive benefits to his constituents no matter how the inquiry went.
The WMF flaw was patched ahead of schedule and it works fine.
It is true that you can say that the patch was released ahead of schedule. It is also true that the schedule for developing and releasing the official patch was putting the global community of Windows users at unnecessary risk. Which was why 3rd party security concerns who strongly prefer to remain neutral felt they had to come forth in this instance and recommend unofficial patches. Basically watching MS' corporate behavior wrt to the.wmf exploit was like catching a glimpse of goatse or tubgirl.
In the meantime Vista has whole new ways of battling malware.
But Vista retained this back door-- until the critical patch was issued to the Vista beta boys a few days ago.
If you believe delving through millions of code lines written 30 years ago to look for potential holes is what they should concentrate on, they wouldn't be in business by now.
Another poster and MS apologist has noted that the problem was not an undocumented bug in the legacy code, but a serious flaw in the design specification-- which was amplified by design level decisions with new releases of Windows (through the entire series Win3x, Win95, Win98,... Vista). So your second presumption has no merit. I am sort of put off by your first presumption (about what I or other readers might believe) and I also don't find any logic that ties that presumption of belief to Microsoft's success or failure, but perhaps these words were offered as an appeal to the reader's emotions rather than any kind of reasoning.
The design specification has to have been reviewed and revised many times as Windows advanced through Win3.0, Win95, Win98, etc, to Vista. While I can see that a subtle undocumented bug buried in legacy code could have survived through these changes, I find it really hard to understand how something dangerous in the highly visible design specification documents could have survived these multiple periods of intense scrutiny. The only possibilities I can think of is that either Microsoft deliberately avoided critical review of parts of the design specification on multiple occasions where an outsider would have expected a complete and thorough review (like when moving from 16 bit to 32 bit, or 32 bit to 64 bit designs), or persons within Microsoft were fully aware of this security hazard yet chose to go ahead with a design that would put customers at risk.
Would one of the Microsoft minions want to explain how anything other than criminal negligence or conspiracy to defraud customers could have allowed this exploit to be carried forward-- and amplified-- through so many major reviews and revisions of the design specifications?
Or perhaps such an explanation is impossible in a public forum-- since Microsoft has actively built up a grand reputation over the last 25 years for generating FUD and profitable disinformation. It seems doubtful to me that any bright, shining
truth emerging now from Microsoft could be seen through the dust, smoke and fog that Microsoft chooses to wrap around its public image.
A Washington State Grand Jury is one mechanism that is designed to cut through FUD and disinformation to find the truth of a matter, when there is a possibility that a crime has been committed against Washington State citizens. Perhaps the time has now come when the Washington State Attorney General should begin this kind of investigation.
Heirloom gardeners and heirloom seed savers have been a quietly growing group for 25 years or so. There are an increasing number of mostly amateur gardeners planting seeds from the stock their ancestors were familiar with, to preserve these old cultivars. The reasons for doing this involve both "just because" and "just in case".
Google on "heirloom garden seed" and you will be rewarded with more than half a million hits. Many are seed sellers who have lines of heirloom products for different regions.
The Norway effort would complement this work very well. When it comes to ensuring a future supply of food, wearing both a belt and suspenders doesn't seem silly at all.
The degree to which MS policy on document destruction might interfere with the function of a Grand Jury would be up to that Grand Jury to determine. The Grand Jury efforts against organized crime that I remember from my youth would never have come about if people just threw up their hands and said "oh that will be so hard because those guys never wrote anything down."
Call me an unrealistic idealist, but I do think that the American justice system is better served when it guides itself by what is right rather than what is easy.
It's possible to get to the bottom of this by legal means.
It is time to stop fooling around with civil law and address this kind of a thing as a crime. There is evidence here of a conspiracy by unknown person(s) to invade the private property of Washington State residents (and others): the Washington State Attorney General should put this before a Grand Jury.
While you can't force someone to open a.wmf, my understanding is that MSIE, MS Word, and perhaps other MS programs will automatically open any.wmf they encounter unless specifically configured not to do that. Which I understand is the reason this particular vulnerability was considered to be so much more of a threat than any of the other MS vulnerabilities discovered so far.
This is a case for criminal prosecution. Gibson has uncovered evidence that at face value demonstrates that there has been a conspiracy to defraud Windows users, and possibly to defraud Microsoft Corporation itself. Microsoft's internal documents would identify the coder(s) involved in this deceit, and possibly other conspirators.
I think it is time for the Washington State Attorney General to give this to a Grand Jury. (IANAL, but I think it is the business of a Grand Jury to determine if a crime has been committed in this kind of circumstance).
Let a Grand Jury hear this evidence and decide whether it appears that some person(s) deliberately set out to violate the privacy of Windows users.
Pons-Fleishman were guilty of performing "bad science" because they announced - in a press conference - results that could not be reliably duplicated, not because their work was valueless. They jumped to conclusions that they could not defend, and sidestepped peer review.
This is the best summation of the public events that I have seen. Thank you. However I don't think it goes far enough to explain the historic events.
It should be noted that Pons and Fleischmann were both chemists, not physicists. There is no question that they were aware of the normal channels for peer review and would have been very familiar with those channels in the field of chemistry. But this wasn't chemistry.
What are the mechanisms for timely peer review of physics work done by persons with no credentials in physics? It seems that what happens in these cases is that the original work never gets reviewed: the submission goes into a slush pile; some grad student looking for thesis material might eventually latch on to it; and eventually the work might end up being duplicated and published as something original by somebody else who had physicist bona fides. Or it might not get published at all. P-F may have had legitimate concerns about whether the validating research they wanted to trigger would have ever come about in their life time, if they had attempted to publish in the traditional way.
Then there's also a more paranoid concern about the way that the high energy physics peer review process is monitored by US government agencies to assure that no critical information gets into the hands of various enemies. P-F may have felt that introducing their work through the peer review process might have led to it being suppressed by the US government. Even persons who adamently refuse to ever put on a tinfoil hat should be aware that the US government has historically suppressed a lot of information related to initiating fission and fusion processes.
For what it is worth, I think it is good to keep in mind that Pons and Fleischmann released their findings in a way that assured that many research facilities across international borders would attempt to repeat the experiments. As Parent points out, their work has had value-- at the very least, electrolysis of water is a much more complex phenomenon than anyone had appreciated before. It is doubtful this would have been explored as intensively as it is being explored if P-F had tried to use the orthodox methods of the scientific community (which has nothing to do with experimental method, or with scientific reasoning) to release their findings.
FOSS was alive and well before the introduction of the PC. In fact, until around 1980 or so, it was widely assumed that computer programs could be neither patented nor copyrighted.
My first programming course was in 1972, in Fortran, on an IBM 1130 (hollerith card stacks and all that). One of the class sessions was a discussion with the chief computer operator about how this community college system had been put together of donated used components from one of the state universities and a couple of area businesses, and how he was running a black OS and black Fortran and Cobol compilers since the official IBM versions were locked down as proprietary secrets and were not capable of using the components that he had put together. (The system had 48 kilobytes of true core memory which was 150% of what the official IBM OS could handle, and it supported an early winchester drive as well as the tapes-- again something not supported by the white OS version). He indicated that running black software that had been modified by computer operators to fix bugs and actually work was quite common in computing world at that time-- this software was illegal according to the leasing agreements, but passed around through back channels while IBM and Honeywell mostly looked the other way.
But although this and most other actual working software of that era was developed by a community of users and distributed for free, this wasn't FOSS: it had no licensing at all and often blatantly violated proprietary secrets that were built into the hardware vendor's contracts. It was accepted but illegal behavior.
IBM was a hardware company. They didn't sell the operating system, only the hardware.
I don't think they ever sold the CPUs: they leased those out. They did sell the card punchers and readers, the verification stations, and the tape drives. The lease agreements consistently listed the OS, other software, and manuals as "proprietary secrets". I had a nicely typeset and bound copy of an early programmer's manual that stated on the front cover that "THIS IS AN UNPUBLISHED WORK: you may not copy it nor allow unauthorized persons to read it" (words to that effect-- the thing disappeared somewhere during my travels).
Had they been smart they would have encouraged open source, not handed a monopoly to Bill Gates.
In retrospect, they should not have bankrolled the development of Windows (that they intended as a frontend to OS/2), nor should they have tried to lock down the PC hardware market with the PS2 "microchannel bus", etc. And of course it would have been good if they had given up on trying to implement secure computing on the 80286 chip with its inherent flaws, and either done like Windows and put out an insecure "cooperative multitasking" system or focused on doing preemptive multitasking on the 80386 (and simply ignored the 80286). There was a lot of infighting between the personal computer division and the mainframe divisions at IBM during that time-- and a number of bad decisions were made.
I don't think FOSS as we now know it, with its critical dependence on online communities of developers, could have come about in the late 1980s and early 1990s. I think FOSS is an outgrowth of internet connections-- I don't think even Compuserve would have been able to provide the kind of infrastructure that FOSS needs to really work.
I guess what I'm trying to say is that "open source", while the central component of things like Linux, OOo, Firefox, etc, is really only a small part of what makes these successful. What is critical is the formation of a community of developers and supporters. And that couldn't have come about before 1995.
PS: By most metrics (heck, any metric aside from market cap and hype index), Google is a small company. Under a billion in annual revenues. A small workforce.
True, but by a couple of metrics that really count, Google has been a mover and shaker for some time. W
However I do think that if Gates and Ballmer had not taken Microsoft in an evil direction, then much of the motivation that brought FOSS communities into existence would not have arisen so quickly. Also we would not have a major corporation whose slogan is "Don't be evil" (and no matter how Google goes from here, a company of that size with that kind of official orientation is a historic milestone).
I for one would love to see Gates devote all his considerable talents and resources to charitable works. If he gains the status of "secular saint" through this, I would not only no longer consider him evil, I would honor him.
My only concern would be if he saw his charities as somehow competing with other agencies. If he began using his familiar tactics of FUD, 'embrace and extend' and vaporware promises to push his charitable efforts forward to the detriment of work done by other groups, then I would again label him as evil. But so far this doesn't seem to be happening. Perhaps Melinda is the balancing influence he has always needed.
Google seems to take without really giving much (except talk). Yeah they have funded some stuff, but really, in relation to their income, it's not even a drop in the bucket.
Let's give them some time. Great wealth has a kind of inertia-- there is a lot of organization behind the scenes that has to be done before newly acquired wealth can be put in motion.
But I think we can see where Google is going now-- from TFA:
"We realize software distribution will have to become one of our core competencies," quote from Marissa Mayer, Google Product Manager.
That sounds like a major commitment in an area that the FOSS communities haven't yet addressed very well.
Like I said, they [Microsoft] are their own greatest threat. All the things you mentioned are now serious threats to them because of the way they have done business.
I couldn't agree more.
In my considered opinion, based on watching them since the days of MSDOS, Microsoft's management has never made the transition from thinking like a small scale entrepreneur to the deliberations that drive big business. That is a transition they should have made at least a decade ago. For it has been that long at least since Microsoft joined the ranks of major multinational corporations. Yet they take pride in not having properly diversified their holdings; they celebrate their inability to move billions of dollars of reserves from low yield liquidities into long term investments; they make stupid public remarks about being able to afford to be in contempt of court. They have at least one key officer whose foul-mouthed violent behavior would not be tolerated in high level management in any other corporation of comparable size.
Their strategies wrt XBox and software licensing agreements are the moral equivalent of kneecapping the competitor. They are certainly big enough now that as a corporation they should have risen above these behaviors.
I think the only hope for Microsoft's long term survival is to change its upper level management team. But of course that won't happen.
So Bill identifying IBM as his chief competitor is really a part of a smoke and mirrors game? Yeah, that's consistent with his past behavior.
So who IS Microsoft's most significant competitor? The Apache group? They've been encroaching on Microsoft turf for years, and just seem unstoppable. The Firefox people? They've only recently made any kind of dent in Microsoft's market share, but it has been a pretty big dent, and it is still getting bigger. How about OpenOffice.org? I've not seen any figures about market share, but with big corporations and governments going the OOo route I'm guessing that has to be making one of MS's chief officers want to throw a chair.
Funny thing, all these competitors that have measurably reduced Microsoft's turf are FOSS.
Could it be that FOSS is Microsoft's chief competitor?
Could there be some reason why Bill wouldn't want people to look at that?
I could see these used as high altitude portable communication platforms near hot spots. I could see a fleet of UAVs being controlled from one of these. And these would fit the traditional blimp role of coastal surveillance very nicely.
Wish the web site wasn't slashdotted.
I would think a heavier than air blimp would be easier to land.
I have the impression from the few pics and diagrams I've seen that the blimp has a lifting body shape and the "wings" are primarily control surfaces. I'd be interested in reading the specs.
When I looked for TFA just now, I realized that these roll-your-own "I'm slashdotted" pages just don't make sense on today's internet. Would someone please petition the W3C to expand the HTTP standard to include a "409: Site Temporarily Unavailable: Blame Slashdot"
page?
So the parade of new apps for Firefox continues. And how long before there are so many "killer" apps available, that Firefox begins to suffer IE bloat?
My experience sort of lends support to your thesis, almost, in a round about way:
When I upgraded to FF v1.5 a couple of weeks ago, I did a comprehensive survey of all the extensions I could find, both to select some for myself and so I could talk to others about the choices available.
There are about 1,000 extensions out there now. It took me 3 sessions of about 2 hours each over a 3 day period to review these. I selected 20 for my immediate use. I've got a list of about 10 others that I want to look at again; and I've listed another 30 or so that don't interest me, but might be of interest to someone I know.
In all, after about 6 hours of review I immediately implemented about 2% of the available FF extensions, and found that a total of about 6% were interesting. Now my FF is very nicely tailored to my needs (with a good tool kit for analyzing web pages and other development work) and my desires (I like the occasional game of tetris and free cell). FF still loads quickly, remains very responsive, and doesn't interfere with my other work, so the amount of "bloat" I've added isn't an issue.
But I am a little worried about the future: when the number of extensions doubles (probably before summer) it is going to take more than 12 hours to survey them and select the 1% or so that I might find personally useful, and that is too long. Without a better way to manage the process of sorting and selecting, I'm going to feel like I'm drowning in the riches that FF offers. But there are certainly worse fates!
At the moment the best approach to managing FF's extensions is similar to the counting house approach to managing money: dump the contents of the purse on the table, look at each coin individually, and decide which stack to put it on. Maybe in a few months someone will come up with a better organization of the riches-- like maybe a moderated and metamoderated set of reviews with good searching, etc. Because we're going to need a better accounting system to manage the "bloat" as FF's available wealth grows larger and larger.
I'm so sick of these "omgtheskyisfalling" environmentalists, their headline-grabbing falsehoods are taking away from legitamite science. grrr.
I'm so sick of these holier-that-thou, anything-for-profit technology boosters who claim that their use of clever and unproven engineering tricks is somehow legitimate science, that I could just pinch them. grrr-grrr.
One, the security hole has not "widened" - the scope of exposure is exactly what we read about Wednesday....The hole is exactly the same - exposure has increased, but the hole has not widened.
Yeah, even though everybody's road is now pockmarked with potholes, because all the potholes are merely different instances of the same class, there is no greater risk for anyone? TFA wording is good: there has been a demonstrable huge increase in the "security hole", in the sense that most people interpret such words. Your risk is now way higher than it was on Wednesday, people.
BTW, since this 4KB+ buffer overflow "hole" in the core of all Windows OS since Win98 can act as a bootstrap to download any damn kind of zombie software, it is an axle-breaker of a pothole. Especially as antivirus and firewall protections against all these instances don't exist.
Two: the web sites are not infected, they are malicious. The system is infected after visiting a malicious web site.
That is called "splitting hairs".
And actually the untold number of hobby web sites where the same computer is used for both browsing and as a server are susceptible to infection and being hijacked by this method. So your second point is not valid in all cases. And of course there are several other ways in which web sites of good intent can be hijacked and infected.
Is open source just a substitute for the lack of innovation in closed source software?...
Apache: Open from the beginning; innovative at the core in its method of extensibility
POV-ray: Open from the beginning; innovative from the beginning (one of the first ray tracers and consistently one of the best for single CPU work)
Firefox: completely rebuilt as open source; innovative in its methods of extensibility (consider its XULishness)
Perl, Python, Ruby, PHP, etc: all without doubt innovative languages; all FOSS from day one
Linux: taking a teaching model of Unix and using it as a guide to build a kernel that can actually do real world work? That was innovative. The way code contributions are managed? That is something that has never been done before.
...
I grow tired of this exercise and I wonder if it is pointless.
I suppose one can say that SpaceShip One was not innovative since the Chinese have documented prior art going back hundreds of years. It seems that discussions about innovation in FOSS are pointless right now, because too many of those who are pushing for these discussions are surreptitiously using "innovation" as a label for a particular way of looking at a product, and not as something that is intrinsic to that product.
If "innovation" is in the eye of the beholder, then it is a useless measure of the quality of any software. It becomes no better than "total cost of ownership", which is also demonstrably a matter of perception rather than a useful objective measure.
I kept thinking "this can't be right. They've got to be kidding"
Many modern physicists regard their subject of study to be models of reality and not reality itself. That gives them the freedom to work with concepts that anyone would think can't possibly be right. For them, whether something is real doesn't matter; these physicists give such questions no mind. Just remember this couplet that James Gleik attributes to Richard Feynman:
What is mind? It doesn't matter.
What is matter? Oh, never mind.
Or we can say that Einstein et al have put us in a situation where reality (whatever it might be) is completely entangled with our perceptual psychology (whether or not we have any way of transcending our perceptions). Along with the limitations that world view imposes on us, there is also a license to freely explore some impossibilities. If sometimes those impossibilities happen to have real predictive value (which appears to be the case), I suppose we just need to explode our brains to encompass that.
So, Halfbaked, I'm having difficulty comprehending some parts of your argument.
Under what circumstances would the production facilities of a law-abiding corporation like Pixar be siezed by the EU? I can't imagine any, so please find another example that has some basis in reality. You have a rich history of businesses with practices similar to Microsoft's that you could draw on: Enron, IT&T when it was in its "sovereign state" phase, or reaching further back, the British East Indian Tea Company... there have been lots of companies with attitudes about community ethics that are similar to Microsoft's, so please use one of them.
You also imply a parallelism between Pixar's "tight team" approach to animation and Microsoft's approach to coding. Yet we know that Microsoft's approach to code quality assurance is to do market research to determine the weak points in the saleability of the product, and then for those weak points that simply have to be addressed by fixing the code, throw a couple hundred programmers at the problem for a couple of months using the "million monkey" theory of code improvement. That is just so different from a "tight team" approach to product development that I fail it when it comes to making a mental leap that can connect the two.
So basically I'm sorry but my imagination is too limited, too bound by realism, to encompass the example that you offer. Would you kindly tender another one?
Slashdot Mirror
This is not a hack like a "neutral 3rd party" can afford. It's an official patch MS is held accountable for and which becomes an integral part of the system when applied.
True enough, though I fail to see how it applies to the schedule of the release, which was the original point. Microsoft could have announced the work-around during the days between the publication of the vulnerability and the announcement of the first unofficial patch-- the work-around was pretty obvious. Yet MS did not do so-- perhaps during that period of lots of people on vacation there was noone on duty with the clear authority to take such an action.
May I remind you that Vista is a beta software which, when you install you agree to a EULA with huge letters written that it's a beta, and NOT to be used on mission critical machines?
May I bring to your attention that my response was irt your assertion that "Vista has whole new ways of battling malware"? I contend that the presence of this security flaw in the Vista design suggests that Vista's new ways of battling malware are questionable. This has nothing to do with the current limitations on Vista's deployment.
Yea, if I want to talk with a robot next time I'll know who to turn to.
I think I've just been zinged for attempting to be reasonable rather than emotional in a discussion about operating system security. I find that curiously amusing.
Do you actually think that such prosecution would take place?
I don't think it's probable right now, for the reasons you've cited. I also think that "prosecution" is too strong a word-- I believe a Grand Jury is charged with investigating whether something is going on that might then need to be prosecuted (or maybe not).
However the Washington State Attorney General is an elected post, iirc. So it is possible that this might come about, since playing the White Knight defending the average voter against the Evil Dragon is such a popular political stance for an AG to take. Especially if he has his eye on some higher political rung.
So it is certainly possible. And the more that it is talked about in public forums, the more probable it becomes. This would be the kind of landmark case that would let a savvy AG could steer a middling course where his political future was enhanced no matter what the outcome of the GJ investigation-- he could be the one to clean Microsoft of blackguards, or the one that laid to rest all the conspiracy theories surrounding Microsoft. He could concievably exert a lot of influence on creating a set of "generally accepted software development procedures" that would apply to software houses in a way similar to how the GAAP applies to accounting firms.
A canny AG could use this opportunity to explore how law should be applied in the cyber realm, and do so in a highly public way, and in a way that would result in positive benefits to his constituents no matter how the inquiry went.
The WMF flaw was patched ahead of schedule and it works fine.
It is true that you can say that the patch was released ahead of schedule. It is also true that the schedule for developing and releasing the official patch was putting the global community of Windows users at unnecessary risk. Which was why 3rd party security concerns who strongly prefer to remain neutral felt they had to come forth in this instance and recommend unofficial patches. Basically watching MS' corporate behavior wrt to the .wmf exploit was like catching a glimpse of goatse or tubgirl.
In the meantime Vista has whole new ways of battling malware.
But Vista retained this back door-- until the critical patch was issued to the Vista beta boys a few days ago.
If you believe delving through millions of code lines written 30 years ago to look for potential holes is what they should concentrate on, they wouldn't be in business by now.
Another poster and MS apologist has noted that the problem was not an undocumented bug in the legacy code, but a serious flaw in the design specification-- which was amplified by design level decisions with new releases of Windows (through the entire series Win3x, Win95, Win98, ... Vista). So your second presumption has no merit. I am sort of put off by your first presumption (about what I or other readers might believe) and I also don't find any logic that ties that presumption of belief to Microsoft's success or failure, but perhaps these words were offered as an appeal to the reader's emotions rather than any kind of reasoning.
The design specification has to have been reviewed and revised many times as Windows advanced through Win3.0, Win95, Win98, etc, to Vista. While I can see that a subtle undocumented bug buried in legacy code could have survived through these changes, I find it really hard to understand how something dangerous in the highly visible design specification documents could have survived these multiple periods of intense scrutiny. The only possibilities I can think of is that either Microsoft deliberately avoided critical review of parts of the design specification on multiple occasions where an outsider would have expected a complete and thorough review (like when moving from 16 bit to 32 bit, or 32 bit to 64 bit designs), or persons within Microsoft were fully aware of this security hazard yet chose to go ahead with a design that would put customers at risk.
Would one of the Microsoft minions want to explain how anything other than criminal negligence or conspiracy to defraud customers could have allowed this exploit to be carried forward-- and amplified-- through so many major reviews and revisions of the design specifications?
Or perhaps such an explanation is impossible in a public forum-- since Microsoft has actively built up a grand reputation over the last 25 years for generating FUD and profitable disinformation. It seems doubtful to me that any bright, shining truth emerging now from Microsoft could be seen through the dust, smoke and fog that Microsoft chooses to wrap around its public image.
A Washington State Grand Jury is one mechanism that is designed to cut through FUD and disinformation to find the truth of a matter, when there is a possibility that a crime has been committed against Washington State citizens. Perhaps the time has now come when the Washington State Attorney General should begin this kind of investigation.
Heirloom gardeners and heirloom seed savers have been a quietly growing group for 25 years or so. There are an increasing number of mostly amateur gardeners planting seeds from the stock their ancestors were familiar with, to preserve these old cultivars. The reasons for doing this involve both "just because" and "just in case".
Google on "heirloom garden seed" and you will be rewarded with more than half a million hits. Many are seed sellers who have lines of heirloom products for different regions.
The Norway effort would complement this work very well. When it comes to ensuring a future supply of food, wearing both a belt and suspenders doesn't seem silly at all.
The degree to which MS policy on document destruction might interfere with the function of a Grand Jury would be up to that Grand Jury to determine. The Grand Jury efforts against organized crime that I remember from my youth would never have come about if people just threw up their hands and said "oh that will be so hard because those guys never wrote anything down."
Call me an unrealistic idealist, but I do think that the American justice system is better served when it guides itself by what is right rather than what is easy.
It's possible to get to the bottom of this by legal means.
It is time to stop fooling around with civil law and address this kind of a thing as a crime. There is evidence here of a conspiracy by unknown person(s) to invade the private property of Washington State residents (and others): the Washington State Attorney General should put this before a Grand Jury.
While you can't force someone to open a .wmf, my understanding is that MSIE, MS Word, and perhaps other MS programs will automatically open any .wmf they encounter unless specifically configured not to do that. Which I understand is the reason this particular vulnerability was considered to be so much more of a threat than any of the other MS vulnerabilities discovered so far.
A lawsuit is not the answer to everything.
Too true.
This is a case for criminal prosecution. Gibson has uncovered evidence that at face value demonstrates that there has been a conspiracy to defraud Windows users, and possibly to defraud Microsoft Corporation itself. Microsoft's internal documents would identify the coder(s) involved in this deceit, and possibly other conspirators.
I think it is time for the Washington State Attorney General to give this to a Grand Jury. (IANAL, but I think it is the business of a Grand Jury to determine if a crime has been committed in this kind of circumstance).
Let a Grand Jury hear this evidence and decide whether it appears that some person(s) deliberately set out to violate the privacy of Windows users.
Pons-Fleishman were guilty of performing "bad science" because they announced - in a press conference - results that could not be reliably duplicated, not because their work was valueless. They jumped to conclusions that they could not defend, and sidestepped peer review.
This is the best summation of the public events that I have seen. Thank you. However I don't think it goes far enough to explain the historic events.
It should be noted that Pons and Fleischmann were both chemists, not physicists. There is no question that they were aware of the normal channels for peer review and would have been very familiar with those channels in the field of chemistry. But this wasn't chemistry.
What are the mechanisms for timely peer review of physics work done by persons with no credentials in physics? It seems that what happens in these cases is that the original work never gets reviewed: the submission goes into a slush pile; some grad student looking for thesis material might eventually latch on to it; and eventually the work might end up being duplicated and published as something original by somebody else who had physicist bona fides. Or it might not get published at all. P-F may have had legitimate concerns about whether the validating research they wanted to trigger would have ever come about in their life time, if they had attempted to publish in the traditional way.
Then there's also a more paranoid concern about the way that the high energy physics peer review process is monitored by US government agencies to assure that no critical information gets into the hands of various enemies. P-F may have felt that introducing their work through the peer review process might have led to it being suppressed by the US government. Even persons who adamently refuse to ever put on a tinfoil hat should be aware that the US government has historically suppressed a lot of information related to initiating fission and fusion processes.
For what it is worth, I think it is good to keep in mind that Pons and Fleischmann released their findings in a way that assured that many research facilities across international borders would attempt to repeat the experiments. As Parent points out, their work has had value-- at the very least, electrolysis of water is a much more complex phenomenon than anyone had appreciated before. It is doubtful this would have been explored as intensively as it is being explored if P-F had tried to use the orthodox methods of the scientific community (which has nothing to do with experimental method, or with scientific reasoning) to release their findings.
Several things to correct, for the record:
FOSS was alive and well before the introduction of the PC. In fact, until around 1980 or so, it was widely assumed that computer programs could be neither patented nor copyrighted.
My first programming course was in 1972, in Fortran, on an IBM 1130 (hollerith card stacks and all that). One of the class sessions was a discussion with the chief computer operator about how this community college system had been put together of donated used components from one of the state universities and a couple of area businesses, and how he was running a black OS and black Fortran and Cobol compilers since the official IBM versions were locked down as proprietary secrets and were not capable of using the components that he had put together. (The system had 48 kilobytes of true core memory which was 150% of what the official IBM OS could handle, and it supported an early winchester drive as well as the tapes-- again something not supported by the white OS version). He indicated that running black software that had been modified by computer operators to fix bugs and actually work was quite common in computing world at that time-- this software was illegal according to the leasing agreements, but passed around through back channels while IBM and Honeywell mostly looked the other way.
But although this and most other actual working software of that era was developed by a community of users and distributed for free, this wasn't FOSS: it had no licensing at all and often blatantly violated proprietary secrets that were built into the hardware vendor's contracts. It was accepted but illegal behavior.
IBM was a hardware company. They didn't sell the operating system, only the hardware.
I don't think they ever sold the CPUs: they leased those out. They did sell the card punchers and readers, the verification stations, and the tape drives. The lease agreements consistently listed the OS, other software, and manuals as "proprietary secrets". I had a nicely typeset and bound copy of an early programmer's manual that stated on the front cover that "THIS IS AN UNPUBLISHED WORK: you may not copy it nor allow unauthorized persons to read it" (words to that effect-- the thing disappeared somewhere during my travels).
Had they been smart they would have encouraged open source, not handed a monopoly to Bill Gates.
In retrospect, they should not have bankrolled the development of Windows (that they intended as a frontend to OS/2), nor should they have tried to lock down the PC hardware market with the PS2 "microchannel bus", etc. And of course it would have been good if they had given up on trying to implement secure computing on the 80286 chip with its inherent flaws, and either done like Windows and put out an insecure "cooperative multitasking" system or focused on doing preemptive multitasking on the 80386 (and simply ignored the 80286). There was a lot of infighting between the personal computer division and the mainframe divisions at IBM during that time-- and a number of bad decisions were made.
I don't think FOSS as we now know it, with its critical dependence on online communities of developers, could have come about in the late 1980s and early 1990s. I think FOSS is an outgrowth of internet connections-- I don't think even Compuserve would have been able to provide the kind of infrastructure that FOSS needs to really work.
I guess what I'm trying to say is that "open source", while the central component of things like Linux, OOo, Firefox, etc, is really only a small part of what makes these successful. What is critical is the formation of a community of developers and supporters. And that couldn't have come about before 1995.
PS: By most metrics (heck, any metric aside from market cap and hype index), Google is a small company. Under a billion in annual revenues. A small workforce.
True, but by a couple of metrics that really count, Google has been a mover and shaker for some time. W
I'm not sure that I really understand your point.
However I do think that if Gates and Ballmer had not taken Microsoft in an evil direction, then much of the motivation that brought FOSS communities into existence would not have arisen so quickly. Also we would not have a major corporation whose slogan is "Don't be evil" (and no matter how Google goes from here, a company of that size with that kind of official orientation is a historic milestone).
I for one would love to see Gates devote all his considerable talents and resources to charitable works. If he gains the status of "secular saint" through this, I would not only no longer consider him evil, I would honor him.
My only concern would be if he saw his charities as somehow competing with other agencies. If he began using his familiar tactics of FUD, 'embrace and extend' and vaporware promises to push his charitable efforts forward to the detriment of work done by other groups, then I would again label him as evil. But so far this doesn't seem to be happening. Perhaps Melinda is the balancing influence he has always needed.
Google seems to take without really giving much (except talk). Yeah they have funded some stuff, but really, in relation to their income, it's not even a drop in the bucket.
Let's give them some time. Great wealth has a kind of inertia-- there is a lot of organization behind the scenes that has to be done before newly acquired wealth can be put in motion.
But I think we can see where Google is going now-- from TFA:
"We realize software distribution will have to become one of our core competencies," quote from Marissa Mayer, Google Product Manager.
That sounds like a major commitment in an area that the FOSS communities haven't yet addressed very well.
Like I said, they [Microsoft] are their own greatest threat. All the things you mentioned are now serious threats to them because of the way they have done business.
I couldn't agree more.
In my considered opinion, based on watching them since the days of MSDOS, Microsoft's management has never made the transition from thinking like a small scale entrepreneur to the deliberations that drive big business. That is a transition they should have made at least a decade ago. For it has been that long at least since Microsoft joined the ranks of major multinational corporations. Yet they take pride in not having properly diversified their holdings; they celebrate their inability to move billions of dollars of reserves from low yield liquidities into long term investments; they make stupid public remarks about being able to afford to be in contempt of court. They have at least one key officer whose foul-mouthed violent behavior would not be tolerated in high level management in any other corporation of comparable size.
Their strategies wrt XBox and software licensing agreements are the moral equivalent of kneecapping the competitor. They are certainly big enough now that as a corporation they should have risen above these behaviors.
I think the only hope for Microsoft's long term survival is to change its upper level management team. But of course that won't happen.
So Bill identifying IBM as his chief competitor is really a part of a smoke and mirrors game? Yeah, that's consistent with his past behavior.
So who IS Microsoft's most significant competitor? The Apache group? They've been encroaching on Microsoft turf for years, and just seem unstoppable. The Firefox people? They've only recently made any kind of dent in Microsoft's market share, but it has been a pretty big dent, and it is still getting bigger. How about OpenOffice.org? I've not seen any figures about market share, but with big corporations and governments going the OOo route I'm guessing that has to be making one of MS's chief officers want to throw a chair.
Funny thing, all these competitors that have measurably reduced Microsoft's turf are FOSS.
Could it be that FOSS is Microsoft's chief competitor?
Could there be some reason why Bill wouldn't want people to look at that?
Some military use is likely.
I could see these used as high altitude portable communication platforms near hot spots. I could see a fleet of UAVs being controlled from one of these. And these would fit the traditional blimp role of coastal surveillance very nicely.
Wish the web site wasn't slashdotted.
I would think a heavier than air blimp would be easier to land.
I have the impression from the few pics and diagrams I've seen that the blimp has a lifting body shape and the "wings" are primarily control surfaces. I'd be interested in reading the specs.
When I looked for TFA just now, I realized that these roll-your-own "I'm slashdotted" pages just don't make sense on today's internet. Would someone please petition the W3C to expand the HTTP standard to include a
"409: Site Temporarily Unavailable: Blame Slashdot"
page?
TIA,
So the parade of new apps for Firefox continues. And how long before there are so many "killer" apps available, that Firefox begins to suffer IE bloat?
My experience sort of lends support to your thesis, almost, in a round about way:
When I upgraded to FF v1.5 a couple of weeks ago, I did a comprehensive survey of all the extensions I could find, both to select some for myself and so I could talk to others about the choices available.
There are about 1,000 extensions out there now. It took me 3 sessions of about 2 hours each over a 3 day period to review these. I selected 20 for my immediate use. I've got a list of about 10 others that I want to look at again; and I've listed another 30 or so that don't interest me, but might be of interest to someone I know.
In all, after about 6 hours of review I immediately implemented about 2% of the available FF extensions, and found that a total of about 6% were interesting. Now my FF is very nicely tailored to my needs (with a good tool kit for analyzing web pages and other development work) and my desires (I like the occasional game of tetris and free cell). FF still loads quickly, remains very responsive, and doesn't interfere with my other work, so the amount of "bloat" I've added isn't an issue.
But I am a little worried about the future: when the number of extensions doubles (probably before summer) it is going to take more than 12 hours to survey them and select the 1% or so that I might find personally useful, and that is too long. Without a better way to manage the process of sorting and selecting, I'm going to feel like I'm drowning in the riches that FF offers. But there are certainly worse fates!
At the moment the best approach to managing FF's extensions is similar to the counting house approach to managing money: dump the contents of the purse on the table, look at each coin individually, and decide which stack to put it on. Maybe in a few months someone will come up with a better organization of the riches-- like maybe a moderated and metamoderated set of reviews with good searching, etc. Because we're going to need a better accounting system to manage the "bloat" as FF's available wealth grows larger and larger.
I for one welcome our blahblahblah...
I'm so sick of these "omgtheskyisfalling" environmentalists, their headline-grabbing falsehoods are taking away from legitamite science. grrr.
I'm so sick of these holier-that-thou, anything-for-profit technology boosters who claim that their use of clever and unproven engineering tricks is somehow legitimate science, that I could just pinch them. grrr-grrr.
One, the security hole has not "widened" - the scope of exposure is exactly what we read about Wednesday....The hole is exactly the same - exposure has increased, but the hole has not widened.
Yeah, even though everybody's road is now pockmarked with potholes, because all the potholes are merely different instances of the same class, there is no greater risk for anyone? TFA wording is good: there has been a demonstrable huge increase in the "security hole", in the sense that most people interpret such words. Your risk is now way higher than it was on Wednesday, people.
BTW, since this 4KB+ buffer overflow "hole" in the core of all Windows OS since Win98 can act as a bootstrap to download any damn kind of zombie software, it is an axle-breaker of a pothole. Especially as antivirus and firewall protections against all these instances don't exist.
Two: the web sites are not infected, they are malicious. The system is infected after visiting a malicious web site.
That is called "splitting hairs".
And actually the untold number of hobby web sites where the same computer is used for both browsing and as a server are susceptible to infection and being hijacked by this method. So your second point is not valid in all cases. And of course there are several other ways in which web sites of good intent can be hijacked and infected.
Is open source just a substitute for the lack of innovation in closed source software?...
I grow tired of this exercise and I wonder if it is pointless.
I suppose one can say that SpaceShip One was not innovative since the Chinese have documented prior art going back hundreds of years. It seems that discussions about innovation in FOSS are pointless right now, because too many of those who are pushing for these discussions are surreptitiously using "innovation" as a label for a particular way of looking at a product, and not as something that is intrinsic to that product.
If "innovation" is in the eye of the beholder, then it is a useless measure of the quality of any software. It becomes no better than "total cost of ownership", which is also demonstrably a matter of perception rather than a useful objective measure.
I kept thinking "this can't be right. They've got to be kidding"
Many modern physicists regard their subject of study to be models of reality and not reality itself. That gives them the freedom to work with concepts that anyone would think can't possibly be right. For them, whether something is real doesn't matter; these physicists give such questions no mind. Just remember this couplet that James Gleik attributes to Richard Feynman:
What is mind? It doesn't matter.
What is matter? Oh, never mind.
Or we can say that Einstein et al have put us in a situation where reality (whatever it might be) is completely entangled with our perceptual psychology (whether or not we have any way of transcending our perceptions). Along with the limitations that world view imposes on us, there is also a license to freely explore some impossibilities. If sometimes those impossibilities happen to have real predictive value (which appears to be the case), I suppose we just need to explode our brains to encompass that.
I like playing with attempts to express the Copenhagen Interpretation in english. Prior to this article, the expression that satisfied me the most was
However this article has given me a new way to spin CI:
So,
Yeah, that fits my experience. First person entanglement with self. Yeah.
So, Halfbaked, I'm having difficulty comprehending some parts of your argument.
Under what circumstances would the production facilities of a law-abiding corporation like Pixar be siezed by the EU? I can't imagine any, so please find another example that has some basis in reality. You have a rich history of businesses with practices similar to Microsoft's that you could draw on: Enron, IT&T when it was in its "sovereign state" phase, or reaching further back, the British East Indian Tea Company... there have been lots of companies with attitudes about community ethics that are similar to Microsoft's, so please use one of them.
You also imply a parallelism between Pixar's "tight team" approach to animation and Microsoft's approach to coding. Yet we know that Microsoft's approach to code quality assurance is to do market research to determine the weak points in the saleability of the product, and then for those weak points that simply have to be addressed by fixing the code, throw a couple hundred programmers at the problem for a couple of months using the "million monkey" theory of code improvement. That is just so different from a "tight team" approach to product development that I fail it when it comes to making a mental leap that can connect the two.
So basically I'm sorry but my imagination is too limited, too bound by realism, to encompass the example that you offer. Would you kindly tender another one?