Why doesn't Microsoft simply modify this worm to install the patch that fixes the vulnerability. Then set it loose. If this worm works so well (and Microsoft doesn't break it), then this problem will be fixed in short order.
This is a copy of something I posted on this subject on comp.compression:
Darryl Lovato wrote in message news:...
> Both companies appear to be fighting to be the "owner"
> of the.zip file format, but IMHO, the day that Phil Katz
> released the tech specs to the world, the user community
> became the owner of the.zip format.
Actually, Phil Katz quite explicitly and intentionally made both the ".zip" extension and the zip format public domain. He also committed to updating the PKZip application note, which describes the format, as the PKZip product evolved. That promise was kept while he was alive.
Now however, PKWare appears to want to make parts of the format a trade secret, which as you point out completely undermines what makes the.zip format useful in the first place. In addition to the encryption, they have also declined to document the deflate64 format in their application note, despite at least two revisions of that note since deflate64 was introduced. In this case, it turns out to be not very difficult to reverse engineer the format. However the corporate intent is clear. The corporate intent is also self-destructive.
So, now may be the time for the community, in particular the community that reads this newsgroup, to develop an open, scalable cross-platform format that supports archives of directory structures, files, and meta-data, high-quality lossless compression, and high-quality encryption and authentication. "Cross-platform" does not mean "Windows and Mac", but rather as wide a range of platforms as there are contributors. The PNG format effort is in my opinion a good model for this sort of development. (I played a small part in that development.)
A difficulty with this concept is that the development of high-quality compression over a wide range of types of data requires a great deal of time, determination, and expertise--perhaps more so than one should expect to achieve in contribution to a free, open-source effort. Therefore I might suggest a compensation scheme where corporate users of the software would be obligated to contribute directly to the authors of the compression/decompression methods that they use. This would encourage the development of better compression methods over time, in whatever dimensions are of interest to the paying users (space, time, specialized models for specific data, etc.). How it would be decided when to add a new method to the official format is left as an exercise for the reader. Also whether or not to accept methods with patented components, licensed for free use, is left for the reader to ponder. In any case, as much thought would probably have to be put into the business and legal model as is put into the format itself.
I am posting this idea merely to stimulate discussion. I personally don't have the time or inclination to play a major role in such a development. (My day job is both interesting and time-consuming.) But if a good group is motivated to do so, and can produce on a schedule, I'm thinking on the order of 12 to 18 months, everyone will benefit greatly in the long run.
Mark Adler
(co-author of Info-ZIP, gzip, and zlib.)
PKWare still has not documented the deflate64 compression method format. While it can be, and has been, reverse-engineered, documenting the format is essential for interoperability. There are often end-cases that don't come up in testing that need to be specified.
Though I contribute to open source (gzip and zlib), I am not religious about open source. However I am religious about open standards. There should be a movement to cease support of closed formats to encourage both open-source and commercial competition, better products, and better prices.
Even if PNG was a lousy format, it's gotten enough use that it's here to stay. Fortunately, it's a pretty good format.
What I wonder is if superior compression techniques, e.g. LOCO/JPEG-LS will be incorporated into PNG? I was one of the founders of PNG in 1995, but that was eight years of technology development ago. Has someone tested PNG against JPEG-LS in various real world applications?
Isaac Asimov figured this one out a long time ago. He pointed out what is clear just from looking at it: that our solar system consists of a star, four planets, and debris.
Slashdot Mirror
Mark Adler
Spirit Mission Manager
Why doesn't Microsoft simply modify this worm to install the patch that fixes the vulnerability. Then set it loose. If this worm works so well (and Microsoft doesn't break it), then this problem will be fixed in short order.
This is a copy of something I posted on this subject on comp.compression: Darryl Lovato wrote in message news:... > Both companies appear to be fighting to be the "owner" > of the .zip file format, but IMHO, the day that Phil Katz
> released the tech specs to the world, the user community
> became the owner of the .zip format.
Actually, Phil Katz quite explicitly and intentionally made both the ".zip" extension and the zip format public domain. He also committed to updating the PKZip application note, which describes the format, as the PKZip product evolved. That promise was kept while he was alive.
Now however, PKWare appears to want to make parts of the format a trade secret, which as you point out completely undermines what makes the .zip format useful in the first place. In addition to the encryption, they have also declined to document the deflate64 format in their application note, despite at least two revisions of that note since deflate64 was introduced. In this case, it turns out to be not very difficult to reverse engineer the format. However the corporate intent is clear. The corporate intent is also self-destructive.
So, now may be the time for the community, in particular the community that reads this newsgroup, to develop an open, scalable cross-platform format that supports archives of directory structures, files, and meta-data, high-quality lossless compression, and high-quality encryption and authentication. "Cross-platform" does not mean "Windows and Mac", but rather as wide a range of platforms as there are contributors. The PNG format effort is in my opinion a good model for this sort of development. (I played a small part in that development.)
A difficulty with this concept is that the development of high-quality compression over a wide range of types of data requires a great deal of time, determination, and expertise--perhaps more so than one should expect to achieve in contribution to a free, open-source effort. Therefore I might suggest a compensation scheme where corporate users of the software would be obligated to contribute directly to the authors of the compression/decompression methods that they use. This would encourage the development of better compression methods over time, in whatever dimensions are of interest to the paying users (space, time, specialized models for specific data, etc.). How it would be decided when to add a new method to the official format is left as an exercise for the reader. Also whether or not to accept methods with patented components, licensed for free use, is left for the reader to ponder. In any case, as much thought would probably have to be put into the business and legal model as is put into the format itself.
I am posting this idea merely to stimulate discussion. I personally don't have the time or inclination to play a major role in such a development. (My day job is both interesting and time-consuming.) But if a good group is motivated to do so, and can produce on a schedule, I'm thinking on the order of 12 to 18 months, everyone will benefit greatly in the long run.
Mark Adler
(co-author of Info-ZIP, gzip, and zlib.)
Though I contribute to open source (gzip and zlib), I am not religious about open source. However I am religious about open standards. There should be a movement to cease support of closed formats to encourage both open-source and commercial competition, better products, and better prices.
Even if PNG was a lousy format, it's gotten enough use
that it's here to stay. Fortunately, it's a pretty good
format.
What I wonder is if superior compression techniques, e.g.
LOCO/JPEG-LS will be incorporated into PNG? I was one of
the founders of PNG in 1995, but that was eight years of
technology development ago. Has someone tested PNG
against JPEG-LS in various real world applications?
Isaac Asimov figured this one out a long time ago. He pointed out what is clear just from looking at it: that our solar system consists of a star, four planets, and debris.