Microsoft Re-Re-Releases IE Patch

September 14, 2006 Leave a comment

Microsoft has recently released, for the third time, a patch for MS06-042. From the article:
According to Microsoft's security bulletin, the IE patch was updated September 12 to fix another remote code execution vulnerability in IE's handling of long URLs from Websites using HTTP 1.1 protocol and compression. That's almost identical to the problem introduced in the original version of the patch, then discovered by security researchers at eEye Digital Security.
This issue underscores the security issues that Microsoft continues to have. You have to continue to wonder if they can possibly live up to the promises they have made for Vista and IE7. While bugs and security issues are to be expected in software as complicated as what we're talking about here, a single issue having to be addressed 3 (and counting) times shows a lack of discipline. I'd guess they have their developers so focused on getting Windows Vista out the door that the MSRC probably isn't getting the resources it needs to do things properly. Judging by the many unreleased vulnerabilities in the queue, including 5 with a Severity of “High”, things don't look like they're going to get any better any time soon.
–jeremy
, , , ,

Filed under Linux, Main Page, Microsoft, Open Source

Microsoft Releases New "Open Specifications Promise" on 35 Web Services Specifications

September 14, 2006 Leave a comment

From a post at consortiuminfo.org:
Microsoft has just posted the text of a new patent “promise not to assert ” at its Website, and pledges that it will honor that promise with respect to 35 listed Web Services standards. The promise is similar in most substantive respects to the covenant not to assert patents that it issued last year with respect to its Office 2003 XML Reference Schema, with two important improvements intended to make it more clearly compatible with open source licensing. Those changes are to clarify that the promise not to assert any relevant patents extends to everyone in the distribution chain of a product, from the original vendor through to the end user, and to clarify that the promise covers a partial as well as a full implementation of a standard.
The “promise not to assert” is basically an irrevocable promise by Microsoft that someone that implements one of the covered standards will not be sued for doing so. It's interesting (and I think encouraging) to see that this promise was updated to specifically include wording intended to make it more clearly compatible with open source. That's something we haven't often seen from Microsoft in the past. It should be noted that the “Microsoft Open Specification Promise” page includes testimonials from both Red Hat and Larry Rosen. I'd say this is another step in the relationship between Open Source and proprietary companies that I've been commenting on with increasing regularity. It's just a toe dip for Microsoft, but I'm sure they see the money that IBM and Oracle are bringing in based on Open Source and Open Standards and they don't want to be without a piece of the pie. Surely they are still figuring out internally how to balance that with the nature of their two cash cows and it will be something to watch as it unfolds moving forward. If this is a topic you are interested in, I'd recommend you read the full consortiuminfo analysis as it's quite in depth.
–jeremy
, , , ,

Filed under Linux, Main Page, Microsoft, Open Source

Quickest Patch Ever

September 8, 2006 Leave a comment

As was guessed in the original article, Microsoft was able to patch the issue quite quickly. In fact, quicker than most security fixes. From the article:
If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.
Now to be fair, this wasn't a full patch in the traditional sense, just an update of the DRM (which is more akin to a configuration change than a code change). But, the speed with which this was rolled out still underscores where the Microsoft priorities are. With the Zune poised to go, I'm sure they didn't want the RIAA thinking their DRM was bogus. Just goes to show that Microsoft really doesn't consider the average user the customer. Their customer is Dell/HP/etc. As long as this is the case, it just won't be in their perceived interest to help you. As you may have suspected, the patched version has already been compromised.
–jeremy
, , , ,

Filed under Main Page, Microsoft, Open Source

Ex-Microsoft Security Strategist Joins Mozilla

September 7, 2006 Leave a comment

You read that right. Mozilla has announced that “Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks.” As you may have guessed, many people are having a field day with this one. Comments like “Microsoft has a security team?” and “There goes the neighborhood” abound. The reality is that Window has gotten nothing but praise from every respected security professional I've seen comment. If she's good enough for the likes of Fyodor, that says a lot. As Firefox continues to gain market share, it's clear it'll become more and more of a target. It's great to see Mozilla being proactive and putting someone in place who can help construct a long term security plan. A small correction to many of the articles I've seen – she didn't come directly from Microsoft, but from Matasano Security where she was a principal and founder (she also worked for @stake before it was acquired by Symantec).
–jeremy
, , , ,

Filed under Main Page, Microsoft, Open Source

10 common misunderstandings about the GPL

August 30, 2006 Leave a comment

Here's a decent article regarding common misunderstandings about the GPL. My single bone of contention is #1. The GPL most certainly is viral. Not in the way they indicate in the article, but saying it isn't (when it is by design) in an article meant to dispel misconceptions seems..well, confusing. The article prompted me to re-read the GPL FAQ and I have indeed cleared a couple things up mentally and will admit I was partially prone to one of the misconceptions myself (#8). In the end, I can see why some people choose not to use the GPL. While they claim not to be anti-commercial (you can sell GPL software!), this is not something many software company are going to want to deal with. Of course the loophole to that is to distribute your product with something like trademarked logos, which means it can't be simply redistributed without ripping those out (ala RHEL->CentOS). As I was reading the FAQ and misconceptions, one thing became clear to me – plenty of people, some of them well intentioned and some of them not, are definitely violating the GPL. I wonder what the actual compliance rate is?
–jeremy
, , ,

Filed under Linux, Main Page, Open Source

Eric Schmidt Joins Apple's Board of Directors

August 30, 2006 1 Comment

Apple has recently announced that Google CEO Eric Schmidt will be joining the Apple board of directors. People seem to think this will mean more support for Mac OS X in Google products, but it hasn't exactly worked out that way for Oracle or Intuit (Larry Ellison and Bill Campbell have also been on the Apple board in the past). I've always found it ironic that Safari defaults to using Google for search, yet many Google apps either don't run at all or run degraded in Safari. I'd guess this is more an Apple response to the Microsoft Zune. Whatever the reasons, it's clear that there is definite potential for some partnerships that benefit both companies here. Google searches for music giving the iTunes store as an option, being able to purchase videos from Google Video in iTunes, etc. Both companies are very heavy into digital media, without a lot of overlap. Should be interesting to see where this leads 18 months or so out (and if you're a regular reader of my blog, it's sure starting to look like 18-24 months out is going to be an interesting time, at least from a tech standpoint).
–jeremy
, , , , ,

Filed under Apple, Google, Main Page

Google Apps for Your Domain

August 28, 2006 Leave a comment

Today Google released Google Apps for Your Domain. From the release page:
Now you can offer private-labeled email, IM and calendar tools to all of your users for free*, so they can share ideas and get things done more effectively. You can design and publish your organization's website, too. It's all hosted by Google, so there's no hardware or software for you to install or maintain.
Basically, it's Gmail+Google Talk+Google Calendar+Google Pages hosted at Google, using your own domain. Why most articles I see are calling it an “Office Suite”, when it lacks a word processor, a spreadsheet and a presentation program is beyond me. It seems people really want to see Google vs. Microsoft, to the point that they'll pretty much make it up if they have to. The program is ad supported now, but in the future you'll be able to pay to remove the ads. Having just made it clear I don't consider this an office suite in any way, it would not at all surprise me to see Google roll their online word processor and spreadsheet into this in the future. In fact, I'd be surprised if they didn't. I'd guess they're just waiting until the two are a little more polished. Even then though, this won't be a direct Microsoft Office replacement. It serves a much different audience and comes with much different advantages. The real power in this will be in the collaboration. It's a real pain for small offices to share extremely simple spreadsheets. That's where a product like this could excel (ok, that one was bad…I'll admit). Before this could even be in any way potentially considered an “Office-killer”, Google would have to offer a version you could host yourself, and that's not something I've seen any indication of yet. This is something that I think is going to take a while to play out. The world isn't quite ready for a mainstream online office suite yet, and the product aren't quite where they need to be. Given some time and additional technology though, this could be a space that is extremely compelling in the next 18 months or so. Being able to collaboratively edit a document from anywhere in the world, from any OS (including your mobile phone) is one of those paradigm changing events that will cause major disruption. When a company can put that technology behind their firewall and allow access via VPN…that's when we'll see enterprise adoption. My guess is that it will be Google and/or IBM that realizes this goal first.
–jeremy
, , ,

Filed under Google, Main Page, Microsoft, Open Source

APC Chris Nicol FOSS Prize 2007

August 28, 2006 Leave a comment

Just ran across this and it seems like a fantastic commemoration. From the article:
The APC Chris Nicol FOSS Prize recognises initiatives that are making it easy for people to start using free and open source software (FOSS). The prize is awarded to a person or group doing extraordinary work to make FOSS accessible to ordinary computer users.
The APC FOSS Prize has been established to honor Chris Nicol, a long time FOSS advocate and activist who for many years worked with APC.
The fact that “Small-scale activities are encouraged to apply” is great. There are so many deserving projects that I'm sure the soon-to-be-decided jury will have its work cut out for it.
–jeremy

Filed under Linux, Main Page, Open Source

FairUse4WM strips Windows Media DRM

August 28, 2006 Leave a comment

It was just a matter of time before something like this happened. Interestingly, engadget has written An Open Letter to Microsoft – Why you shouldn't kill FairUse4WM, but I wouldn't be surprised if this one gets fixed before the next patch Tuesday hits. For regular readers, you'll know that I am not 100% anti-DRM. But, I am anti-DRM when it's used in ways that work against consumers, which unfortunately these days is most of the time. The greed and hubris of most media companies these days is simply appalling. They'd prefer that you'd have purchased the very same song via LP, then tape, then CD, then PSP and then digitally. The best part is, for the last one..you don't even own it. You're just borrowing it, and in most cases the cost is more than you purchased it for previously. Their costs are shrinking by leaps and bounds, yet they want to pass none of that along. What's worse, if you use an OS such as Linux then you can't even legitimately purchase songs via most services in the first place. It's as if they want to drive people to P2P networks so they have an excuse for failing, and fail they will if they keep up the current trends. They are learning the same lesson that Microsoft is just starting to learn – if you squeeze your customers who are legitimately trying to play by the rules to the point that those customers feel you're being predatory, in the end they will find a way to leave. It may take a long time for a viable alternative to come in the case of monopolies, but it is inevitable. It's not that complicated. Give me a music service that doesn't have absurd TOS and arbitrary limitations and I will happily send you my money. Not only that, I will tell everyone else to do the same. If you can find a way to do DRM in a way that does not limit my legitimate use in any way but prevents mass distribution, I could care less to be honest. I don't want to steal…I just don't want to feel like you're stealing from me.
–jeremy
, , , ,

Filed under Linux, Main Page, Microsoft, Open Source

Flash9 on Linux Update

August 28, 2006 7 Comments

A quick follow up to this post about Flash 9. It looks like things are progressing nicely, which is good as a number of sites that I'd really like to use are now requiring Flash > 8. Whether you like Flash or not, some cool things are happening on the platform. It's encouraging to see the developers testing so many distributions, even if they aren't ready to give an officially supported blessing yet.
–jeremy
, , ,

Filed under Linux, Main Page, Open Source

Older posts

Newer posts