EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

09.11.09

Security News: Critical Bug in Vista and Vista 7, Microsoft Leaves XP Users Vulnerable

Posted in Microsoft, Security, Vista, Vista 7, Windows at 3:54 am by Dr. Roy Schestowitz

Vista in field

Summary: New headlines and snippets regarding proprietary security failures

Critical bug infests newer versions of Microsoft Windows

Microsoft has promised to patch a serious flaw in newer versions of its Windows operating system after hackers released exploit code that allows them to take complete control of the underlying machines.

Is Microsoft abandoning XP security updates?

Windows is insecure. That’s a given. But, Microsoft does issue monthly security patches-the first Tuesday of every month on Patch Tuesday-for many of Windows’ security problems. Now, however, there’s a new security problem in Windows XP’s TCP/IP networking that Microsoft has deliberately decided to leave unfixed.

According to Microsoft’s Security Bulletin MS09-048, Microsoft has released a patch for “several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service.”

[...]

But, XP, excuse me, Microsoft is still selling XP, and it’s used by not quite 72% of all Web-browsing users. Aren’t a few hundred million users worth protecting?

ES&S Sues Former Workers Over Taking Buggy, Vulnerability-Filled Code

I have no idea whether or not this is true, but all I can ask is “why?” As has been documented time and time again, ES&S’s e-voting code has a ton of problems. Remember, these are the machines that have been found to have serious security vulnerabilities, with some serious bugs, such as adding votes to the wrong election, calibration problems that lead to people voting for the wrong candidate, and bugs that resulted in phantom votes.

Also new: “Microsoft Windows” (@Cracked.com)

Microsoft Turncoat Quits

Posted in Free/Libre Software, GNU/Linux, GPL, Microsoft, Mono, Novell, Windows at 3:43 am by Dr. Roy Schestowitz

Geisha

Summary: Like his predecessors Bill Hilf and Martin Taylor, Sam Ramji decided to give up the game

YESTERDAY afternoon we wrote about Miguel de Icaza joining a Microsoft board and shortly afterwards it was discovered that Sam Ramji is leaving Microsoft. Good timing.

Then there is the whole issue of patents and the old school anti-Linux FUD (like the recent BestBuy case). I’ve seen Ramji stand at the front of a seemingly hostile open source crowd defending Microsoft. It didn’t look like much fun to me, but he did it.

Some folks were not entirely sure at the time, but it is now confirmed by Ramji himself. This is good news for Free software because Ramji was doing harm to it [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Will someone like Robert Duffner take over? Maybe another new hire? This position is repeatedly left vacant after less than two years. Screwing Free software is not a fun job and those who subscribe for it are not liked; they very well know it.

Speaking of screwing Free software, in his announcement about joining the CodePlex Foundation, Miguel de Icaza makes a seemingly snide remark. He takes a little shot there at the FSF, maybe.

I hope that I can last more on this foundation than I lasted at the FSF, where I was removed by RMS after refusing to be an active part of the campaign to rename Linux as GNU/Linux.

It is not surprising that Miguel de Icaza — just like Novell — is siding with Microsoft and distancing himself from the FSF after they expressed concerns about Mono. In Novell’s case, there is the whole GPLv3 issue.

Also, yesterday in the news we found this report:

MonoDevelop, the IDE for Mono and .NET, has officially gone cross platform with support for Windows and Mac OS X in the new beta of version 2.2. In his blog, Miguel De Icaza says that this is more than just a “plain GUI port” as it also provides “installers, deep operating system integration and support for native debugging on each platform.”

“I was thinking,” writes our reader Seller Liar, “Monodevelop 2.2 does not work using Mono for Windows. It needs .NET framework 3.5 to run.

“MonoDevelop for Windows does not work with Mono for Windows.”

We pointed this out before [1, 2, 3]. MonoDevelop is a win for Microsoft, for Windows, for .NET, for C#, and maybe even for Visual Studio. It’s like a migration route/ramp to all of those things.

Regarding Microsoft’s so-called “Foundation” that is about PR and about embracing and extending “Open Source”, Redmonk, which has Redmond (Microsoft) as a client, says:

The foundation looks like it will feature an open source community around Microsoft-centric technologies, said analyst Michael Cote of RedMonk.

“Thus far, that world hasn’t benefited as greatly from the open source world as say, Java has, but there have been several notable tie-ins over the past years,” Cote said. “Setting up a separate entity along with getting all of the IP and patent hoopla ironed out should start to fill that vacuum, namely, where do I go if I want to do open source in the Microsoft world?”

Here is how another person put it: “Microsoft – In need of a bloodless coup”

So here’s the real question… can this foundation be used by external collaborators to start driving the process of cultural change inside Microsoft with regard to patents?

[...]

Or people who want to see Microsoft’s patent litigation culture change can engage and participate in something like this foundation and try to drive a cultural change from inside Microsoft’s own ecosystem.

I think ultimately we are going to need both…both the carrot and the stick. We’ve gotten a good handle on hold to wield the stick. I’m not so sure we know how to comfortably hold the carrot without risking our fingers getting bitten off.

To most of the world, this foundation may seem like a farce; but for dyed-in-the-wool Microsoft developers it might be a place to escape to, pretending that they too are part of “Open Source”.

Microsoft desperately needs more people because when it comes to engineers, Microsoft is massively outnumbered by Free software developers. To make matters worse, Microsoft’s recent additional layoffs show no signs of stopping and on top of the canceled picnic Microsoft is now scaling back on its employee meeting. Todd Bishop writes:

The meeting, traditionally closed to the public and press except on rare occasions, gives Microsoft executives a chance to rally the troops. But given the company’s unprecedented job cuts, the cheerleading stands to be more subdued this year, as highlighted in a recent post by the anonymous Mini-Microsoft employee blogger.

“Folks are going to come into Safeco, grab their box lunch, sit down with their co-workers and friends and as they fold their pink paper airplane, they are going to remark, ‘I can’t believe they are spending all this money for today. <<Fill name in the blank>> and more could have kept their job if they just cancelled this horse and pony show.’ ”

The “new Microsoft” is a smaller Microsoft and a more aggressive Microsoft, as we last showed yesterday [1, 2].

“Do you feel like you’re screwing a porcupine and you’re one prick against thousands?” the OSCON audience member asked Ramji. Ramji politely replied: “It takes time to change and I knew that I’d be unpopular when I took this job…”

Microsoft: Not worried about open source patents

« Previous Page « Previous Page Next entries »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts