I do not doubt that the security update blocked some viruses, but the implementation was needlessly disruptive to other applications:
- It did not identify the application, so the user is left to infer who is accessing his address book.
- It did not allow the user to consent for more than 10 minutes at a time
- It did not allow the user to designate certain applications as permitted to access his address book
- There was no way for users to uninstall it once they realized that it killed an app they needed
So yes, this was a "security" measure, but implemented in a way that maximized the destructive effect on applications that Microsoft happens to compete with. These "features" have remained unchanged in Office XP.
Microsoft's reputation for intentionally breaking competing applications is based on well-documented incidents where Microsoft added code specifically for this purpose.
Most recently (about two years ago) Microsoft added a "Security Update" for Outlook supposedly to protect users against viruses. It also broke a lot of applications that did things like synchronize with a PDA, at a time when Microsoft was focused on competing with Palm. The security update could easily have been designed to prevent this side effect.
Based on its ruthless history, it is entirely reasonable to expect that Microsoft will once again use its control of Windows to sabotage competitors products. It is not Microsoft-bashing to judge a company based on its past behavior. Microsoft has only itself to blame for developers' suspicion and hostility. A company that plays nice 95% of the time and plays dirty tricks 5% of the time is still going to be mistrusted *all* of the time, and rightly so.
Some of the letters were from dead people, so we can infer that in some cases the letters were signed by the lobbying firm, forging the signatures. Forgery is a crime.
Fortunately, the letters were sent to the Utah Attorney General, which is exactly the right organization to prosecute the crime.
Clauses making the losing party pay legal fees sound even-handed, but they are just another way for big companies to intimidate individuals. The reason: they can afford to bet $250,000 on the lawsuit, but you can't. You might be willing to fight a 50-50 lawsuit and pay your own legal fees, but can you afford not only the risk of losing but also the risk of being wiped out by *their* legal fees?
Anything that increases the dollar amount at risk to both parties increases the leverage of the party with more resources, up to a point. (Once the amount at risk goes far beyond what the smaller party has, the balance of power starts to tip back the other way.) In most cases, individuals are much better off with the standard "everyone pays their own lawyers" rule.
GPL could do a lot more than it does now to protect open-source authors from
patent abuses. While there are some patent-only companies, most of the worst
software patents are held by software companies, and these companies often
also use open-source software.
One thing GPL could do is make companies that use open-source software
implicitly license other users to use that software as well. This might seem
unenforcable or extreme, but IBM does something like this in its open-source license. The IBM Public License is at
http://www10.software.ibm.com/developerworks/opens ource/license10.html. Here is a relevant
snippet:
Subject to the terms of this Agreement, each Contributor [which includes anyone who
incorporates the IBM code in another product] hereby grants Recipient a non-
exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell,
import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code
form. This patent license shall apply to the combination of the Contribution and the Program if, at the time
the Contribution is added by the Contributor, such addition of the Contribution causes such combination to
be covered by the Licensed Patents. The patent license shall not apply to any other combinations which
include the Contribution. No hardware per se is licensed hereunder.
Similarly, the GPL could be amended to add something like the following:
(1) "Licensed Patents" are any existing or future patents owned by Licensee that
would be infringed by use, distribution or modification of the Licensed Software.
(2) In consideration of its use of this software, Licensee agrees to grant the author and all other
users of the software, current and future, a non-exclusive, worldwide, royalty-free patent license under
Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Licensed Software.
This is a purely defensive approach, which works for IBM because it is a big company. Open-source
authors are not huge companies, which means that it would be a good idea for the language
to create a counter-claim in their favor, in addition to protecting them against liability.
Defensive language does little to deter intimidation lawsuits, but if the open-source author can also
counter-claim for significant damages, then potential plaintiffs will think twice. An example:
(3) If Licensee pursues any legal action against the author or
other users of the software for alleged patent infringement, and if such action is found to be inconsistent
with the grant of license in (2), then Licensee will indemnify and hold harmless the party against whom
the action was taken, shall cover the reasonable legal expenses the party incurred in such action,
and shall pay liquidated damages equal to three times the maximum amount Licensee sought as damages
in such action.
This is being played as a victory for Bush but the opinion is really more ambiguous.
Really all that happened is that the Supreme Court asked Florida's Supreme Court to more specifically address the Federal statute at issue. The Florida decision was not reversed. A reversal would end the matter decisively. Instead, Florida just has to take another look at the issue.
MSNBC got it right:
"After reviewing the opinion of the Florida Supreme Court, we find that there is considerable uncertainty as to the precise grounds for the decision," the nation's high court wrote.
The seven-page decision sent the case back to the Florida court for "further proceedings not inconsistent with this opinion."
MSNBC is running a "Cable Illustration" of the disputed Florida ballot that looks very different (and much easier to read) than the photograph of the ballot running at cnn.com and the illustration at salon.com.
A revision of the GPL would be a good opportunity to shield open source authors from the increasing threat posed by software patents. This should be possible because the same companies that are playing nasty games with software patents also are generally also using GPL software. Why should they enjoy the benefits of the work of open source authors while using software patents to threaten and attack those same authors? They can do this now because the GPL does nothing to stop them, but it could.
Subject to the terms of this Agreement, each Contributor [which includes anyone who incorporates the IBM code in another product] hereby grants Recipient a non- exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder.
Similarly, the GPL could be amended to add something like the following:
(1) "Licensed Patents" are any existing or future patents owned by Licensee that would be infringed by use, distribution or modification of the Licensed Software.
(2) In consideration of its use of this software, Licensee agrees to grant the author and all other users of the software, current and future, a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Licensed Software.
This is a purely defensive approach, which works for IBM because it is a big company. Open-source authors are not huge companies, which means that it would be a good idea for the language to create a counter-claim in their favor, in addition to protecting them against liability. Defensive language does little to deter intimidation lawsuits, but if the open-source author can also counter-claim for significant damages, then potential plaintiffs will think twice. An example:
(3) If Licensee pursues any legal action against the author or other users of the software for alleged patent infringement, and if such action is found to be inconsistent with the grant of license in (2), then Licensee will indemnify and hold harmless the party against whom the action was taken, shall cover the reasonable legal expenses the party incurred in such action, and shall pay liquidated damages equal to three times the maximum amount Licensee sought as damages in such action.
There is a lot of confusion here about whether or not the.DOC format has been documented, because there are two layers to the file format. First, there is the Word document format itself, which Microsoft has published in some MSDN CD versions. It also available from places like www.wotsit.org. This specification is inaccurate in places but close enough to make Word document conversion possible. Caolan McNamara has a very good start on a Word-to-HTML converter at www.wvware.com. The Word document format changed in the transition from Word 6 to Word 97, and is the same in Word 2000.
However, Word documents since version 6 are wrapped in OLE Compound Documents, which Microsoft also uses for.XLS files. The Compound Document format is not officially documented anywhere in Microsoft documentation, as far as I can tell. (But see below for a patent that might disclose this structure...) The MSDN library samples invariably use Windows system calls to access data in Compound Documents, and reveal nothing about the file format.
A Compound Document contains a tree structure of data streams, which seems like a simple enough structure but it is implemented using a very complex file format. The lack of complete documentation of this format is a major impediment to development of robust open-source code that will access the Microsoft Office file formats.
A second potential impediment is a nest of patents that Microsoft has built around the Compound Document format. These are just a few: US5467472: Method and system for generating and maintaining property sets with unique format identifiers US5715441: Method and system for storing and accessing data in a compound document using object linking US5506983: Method and system for transactioning of modifications to a tree structured file US5706504: Method and system for storing data objects using a small object data stream
There are a fair number of patents (IBM seems to have some possibly related ones as well). You can find them here: http://patent.womplex.ibm.com/home. A search for "((compound document) and microsoft)" lists 24 patents. It would not be surprising if a serious effort to provide open-source access to Microsoft Office documents ran into legal threats because of these patents.
Interestingly, the last one looks like it might disclose the Compound Document format, which Microsoft would have to disclose to satisfy the patent office. The description looks right, but the diagrams do not seem to be available from the IBM site. Looks like I'll have to dig some more -- anyone know how to get the full text and images for U.S. Patent 5,706,504?
Spidering dynamic content is not itself a problem. Because HTTP does not provide a "list all files in folder" method, you have to use the same basic approach regardless of the source of the content: start in a root page, extract the HREFs, index those pages, get their HREFs, etc.
If an HREF contains a query string, sending that query string will return the content in the same way that sending an ordinary www.sample.com/page.html link will return the content.
Another message mentioned the problem of loops. A table of visited URLs does not always work because of the problem of relative links that get continuously appended to on sites that return index.html for broken links. Two alternatives are:
(1) limit the spidering depth so that you only go, say, 4 links deep into the site, or
(2) make a hash value on content returned, and use the hash value to see if you are getting the same content with a different URL. Stop spidering any time the hash value is the same as a previous hash value.
I've had one for about two months now with no problems at all. No video degradation that I could see at 1024x1280 switching between Linux, Win 2k, and Win NT. Switching works either using a button on the box or Shift-Ctrl-Tab on the keyboard. The switch is a Black Box ServSwitch Wizard.
Suppose open source licenses contained some additional language to make life more difficult for the patent parasites out there:
(1) Prohibit analysis or reverse-engineering for the purpose of determining the applicability of a software patent, and
(2) Prohibit use by any party who has, say, in the past two years demanded software patent royalties.
A cause of action for infringement would automatically transfer to any company required to pay software parent royalties to a patent holder.
Example: A year from now MonsterSoft demands patent royalties from LittleWare for the use of an "OK" button in a dialog box. LittleWare finds out that MonsterSoft uses open source software in some of its servers. LittleWare counterclaims for infringement of the revised open source license. MonsterSoft, suddenly seeing its own deep pockets put at risk, retreats.
Slashdot Mirror
I do not doubt that the security update blocked some viruses, but the implementation was needlessly disruptive to other applications:
- It did not identify the application, so the user is left to infer who is accessing his address book.
- It did not allow the user to consent for more than 10 minutes at a time
- It did not allow the user to designate certain applications as permitted to access his address book
- There was no way for users to uninstall it once they realized that it killed an app they needed
So yes, this was a "security" measure, but implemented in a way that maximized the destructive effect on applications that Microsoft happens to compete with. These "features" have remained unchanged in Office XP.
Microsoft's reputation for intentionally breaking competing applications is based on well-documented incidents where Microsoft added code specifically for this purpose.
Most recently (about two years ago) Microsoft added a "Security Update" for Outlook supposedly to protect users against viruses. It also broke a lot of applications that did things like synchronize with a PDA, at a time when Microsoft was focused on competing with Palm. The security update could easily have been designed to prevent this side effect.
Based on its ruthless history, it is entirely reasonable to expect that Microsoft will once again use its control of Windows to sabotage competitors products. It is not Microsoft-bashing to judge a company based on its past behavior. Microsoft has only itself to blame for developers' suspicion and hostility. A company that plays nice 95% of the time and plays dirty tricks 5% of the time is still going to be mistrusted *all* of the time, and rightly so.
Some of the letters were from dead people, so we can infer that in some cases the letters were signed by the lobbying firm, forging the signatures. Forgery is a crime.
Fortunately, the letters were sent to the Utah Attorney General, which is exactly the right organization to prosecute the crime.
Bad idea.
Clauses making the losing party pay legal fees sound even-handed, but they are just another way for big companies to intimidate individuals. The reason: they can afford to bet $250,000 on the lawsuit, but you can't. You might be willing to fight a 50-50 lawsuit and pay your own legal fees, but can you afford not only the risk of losing but also the risk of being wiped out by *their* legal fees?
Anything that increases the dollar amount at risk to both parties increases the leverage of the party with more resources, up to a point. (Once the amount at risk goes far beyond what the smaller party has, the balance of power starts to tip back the other way.) In most cases, individuals are much better off with the standard "everyone pays their own lawyers" rule.
GPL could do a lot more than it does now to protect open-source authors from patent abuses. While there are some patent-only companies, most of the worst software patents are held by software companies, and these companies often also use open-source software.
One thing GPL could do is make companies that use open-source software implicitly license other users to use that software as well. This might seem unenforcable or extreme, but IBM does something like this in its open-source license. The IBM Public License is at http://www10.software.ibm.com/developerworks/opens ource/license10.html. Here is a relevant
snippet:
Similarly, the GPL could be amended to add something like the following:This is a purely defensive approach, which works for IBM because it is a big company. Open-source authors are not huge companies, which means that it would be a good idea for the language to create a counter-claim in their favor, in addition to protecting them against liability. Defensive language does little to deter intimidation lawsuits, but if the open-source author can also counter-claim for significant damages, then potential plaintiffs will think twice. An example:
This is being played as a victory for Bush but the opinion is really more ambiguous.
Really all that happened is that the Supreme Court asked Florida's Supreme Court to more specifically address the Federal statute at issue. The Florida decision was not reversed. A reversal would end the matter decisively. Instead, Florida just has to take another look at the issue.
MSNBC got it right:
MSNBC's version:
http://www.msnbc.com/news/466882_asp.htm
cnn.com's version:/ election.president/large.ballot.ap.jpg
http://www.cnn.com/2000/ALLPOLITICS/stories/11/09
salon.com's version:r esults/index.html
http://www.salon.com/politics/feature/2000/11/07/
A revision of the GPL would be a good opportunity to shield open source authors from the increasing threat posed by software patents. This should be possible because the same companies that are playing nasty games with software patents also are generally also using GPL software. Why should they enjoy the benefits of the work of open source authors while using software patents to threaten and attack those same authors? They can do this now because the GPL does nothing to stop them, but it could.
IBM does something like this in its open-source license. The IBM Public License is at http://www10.software.ibm.com/developerworks/opens ource/license10.html. Here is a relevant snippet:
Similarly, the GPL could be amended to add something like the following:This is a purely defensive approach, which works for IBM because it is a big company. Open-source authors are not huge companies, which means that it would be a good idea for the language to create a counter-claim in their favor, in addition to protecting them against liability. Defensive language does little to deter intimidation lawsuits, but if the open-source author can also counter-claim for significant damages, then potential plaintiffs will think twice. An example:
There is a lot of confusion here about whether or not the .DOC format has been documented, because there are two layers to the file format. First, there is the Word document format itself, which Microsoft has published in some MSDN CD versions. It also available from places like www.wotsit.org. This specification is inaccurate in places but close enough to make Word document conversion possible. Caolan McNamara has a very good start on a Word-to-HTML converter at www.wvware.com. The Word document format changed in the transition from Word 6 to Word 97, and is the same in Word 2000.
However, Word documents since version 6 are wrapped in OLE Compound Documents, which Microsoft also uses for .XLS files. The Compound Document format is not officially documented anywhere in Microsoft documentation, as far as I can tell. (But see below for a patent that might disclose this structure...) The MSDN library samples invariably use Windows system calls to access data in Compound Documents, and reveal nothing about the file format.
There have been some efforts to reverse-engineer this format:
http://arturo.directmail.org/filtersweb/ and
http://snake.cs.tu-berli n.de:8081/~schwartz/pmh/guide.html,
A Compound Document contains a tree structure of data streams, which seems like a simple enough structure but it is implemented using a very complex file format. The lack of complete documentation of this format is a major impediment to development of robust open-source code that will access the Microsoft Office file formats.
A second potential impediment is a nest of patents that Microsoft has built around the Compound Document format. These are just a few:
US5467472: Method and system for generating and maintaining property sets with unique format identifiers
US5715441: Method and system for storing and accessing data in a compound document using object linking
US5506983: Method and system for transactioning of modifications to a tree structured file
US5706504: Method and system for storing data objects using a small object data stream
There are a fair number of patents (IBM seems to have some possibly related ones as well). You can find them here: http://patent.womplex.ibm.com/home. A search for "((compound document) and microsoft)" lists 24 patents. It would not be surprising if a serious effort to provide open-source access to Microsoft Office documents ran into legal threats because of these patents.
Interestingly, the last one looks like it might disclose the Compound Document format, which Microsoft would have to disclose to satisfy the patent office. The description looks right, but the diagrams do not seem to be available from the IBM site. Looks like I'll have to dig some more -- anyone know how to get the full text and images for U.S. Patent 5,706,504?
If an HREF contains a query string, sending that query string will return the content in the same way that sending an ordinary www.sample.com/page.html link will return the content.
Another message mentioned the problem of loops. A table of visited URLs does not always work because of the problem of relative links that get continuously appended to on sites that return index.html for broken links. Two alternatives are:
(1) limit the spidering depth so that you only go, say, 4 links deep into the site, or
(2) make a hash value on content returned, and use the hash value to see if you are getting the same content with a different URL. Stop spidering any time the hash value is the same as a previous hash value.
I've had one for about two months now with no problems at all. No video degradation that I could see at 1024x1280 switching between Linux, Win 2k, and Win NT. Switching works either using a button on the box or Shift-Ctrl-Tab on the keyboard. The switch is a Black Box ServSwitch Wizard.
Suppose open source licenses contained some additional language to make life more difficult for the patent parasites out there:
(1) Prohibit analysis or reverse-engineering for the purpose of determining the applicability of a software patent, and
(2) Prohibit use by any party who has, say, in the past two years demanded software patent royalties.
A cause of action for infringement would automatically transfer to any company required to pay software parent royalties to a patent holder.
Example: A year from now MonsterSoft demands patent royalties from LittleWare for the use of an "OK" button in a dialog box. LittleWare finds out that MonsterSoft uses open source software in some of its servers. LittleWare counterclaims for infringement of the revised open source license. MonsterSoft, suddenly seeing its own deep pockets put at risk, retreats.