He Who Imitates Microsoft Will Suffer from Its Flaw

Dr. Roy Schestowitz

2008-08-28 13:32:12 UTC
Modified: 2008-08-28 13:37:37 UTC

"He Who Controls the Bootloader..."

We have warned before that any imitation of .NET is likely to inherit its problems and the same goes for OOXML. Some of the more severe problems pertain to security.

A new vulnerability has just been found in Mono. This one is funny:

Vulnerability reported by Redhat.

Is that a technical vulnerability only, or also a legal one? Either way, Fedora 10 has no Mono in the Live CD. It's not there anymore.

Early in the week, we also remarked on Novell's support of ActiveX from Microsoft. Carla Schroder is far from impressed.

Nominum Solves Kaminsky Attack, and Novell's iPrint Open to Attack, Say Researchers. What do these stories have in common? I was thinking perhaps institutionalized delusional thinking and incompetence, but maybe I'm being too harsh.

[...]

Lest anyone think I am being too mean to poor old defenseless Novell and Microsoft, I recall ActiveX security advisories almost from its inception back in 1996 or so. What has changed since then, twelve years later? Nothing, as this random recent security bulletin shows:

"Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. Because no fix is currently available for this vulnerability, please see the Security Advisory and US-CERT Vulnerability Note VU#837785 for workarounds."

So we need to revise the popular "fool me once" saying:

Fool me once, shame on you Fool me twice, shame on me Fool me thousands of times over many years...let's get married!"

Now why is it again that corporate participation is important to FOSS?

When will Novell finally start thinking for itself? It already supports Windows Vista , Internet Explorer, ActiveX, .NET, and XAML (Silverlight). It only helps in spreading the problems and everyone suffers as a result, except Microsoft. ⬆

"Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system..."

--Dennis Fisher, August 7th, 2008

Recent Techrights' Posts

Why We're Reporting Brett Wilson LLP for Apparently Misusing Their Licence to Protect American Microsofters Who Attack Women: For those who have not been keeping abreast
Stefano Maffulli and His Microsoft-Funded OSI Staff Are Killing the OSI and Killing "Open Source" (All for Money!): This is far from over
Techrights Headlines as Semaphore: "If you are hearing this, thank you"
Gemini Links 01/04/2025: Games and More: Links for the day
Links 01/04/2025: Apple Fined $162M for Privacy Abuses, Disinformation Online a Growing Concern: Links for the day
Newer Press Reports Confirm That Microsoft Shuts Down 'Hey Hi' (AI) Labs Despite All the Hype: The "hey hi" (AI) bubble is not sustainable
Links 01/04/2025: Mass Layoffs at Eidos and "Microsoft Pulls Back on Data Centers" (Demand Lacking); "Racist and Sexist" Slop From Microsoft: Links for the day
Gemini Links 01/04/2025: XKCDpunk and worldclock.py: Links for the day
50 Years of Sabotage and a Gut Punch to Computer Science (and Science in General): Will we get back to science-based computing rather than cult-like following?
3 Months in 2025, 4 Waves of Mass Layoffs at Microsoft, Now Offices Shut Down Permanently: "A recent visit by the South China Morning Post confirmed that the office was dark, unoccupied, and had its logo removed."
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, March 31, 2025: IRC logs for Monday, March 31, 2025
Links 31/03/2025: China Tensions, Bombs Falling in Myanmar After Earthquake: Links for the day
Gemini Links 31/03/2025: Falling Out of Love With Tech, Sunsetting openSNP: Links for the day
R.T.O. at IBM in Texas and Atlanta (State of Georgia) Expected as "Soft Layoffs" Catalyst This Coming Year: It also sounds like more IBM layoffs are in the making
Law Firms Can Also Lose Their Licence for Clearly Misusing It: The bottom line is, never made the false assumption that because you can pile up SLAPPs in a docket you will not suffer from bad reputation or even get disbarred
Link between institutional abuse, Swiss jurists, Debianism and FSFE: Reprinted with permission from Daniel Pocock
LLM Slop Piggybacking News About GNU/Linux and Distorting It: new examples
Links 31/03/2025: Press and Democracy Under Further Attacks in the US, Attitudes Towards Slop Sour: Links for the day
Open Source Initiative (OSI) Privacy Fiasco in Detail: The OSI Does Not Respect Anybody's Privacy: The surveillance mafia that bans dissent or key people (even co-founders) with dissenting views
Gemini Links 31/03/2025: More X-Filesposting and Dreaming in Emacs: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, March 30, 2025: IRC logs for Sunday, March 30, 2025
Links 30/03/2025: Security Breaches, Crackdowns on Dissent/Rival Politicians: Links for the day
Gemini Links 30/03/2025: London Soundtrack Festival, Superbloom, gmiCAPTCHA: Links for the day
Phasing Out Vista 10 in Nations Where ~90% of Windows Users Still Rely on It: Recipe for another Microsoft disaster
The Cost of Pursuing the Much-Needed Reform/Shield Against Strategic Lawsuits Against Public Participation (SLAPPs): “It is curious that physical courage should be so common in the world and moral courage so rare.”
The LLM Bubble is About to Implode, Gimmicks and Financial Shell Games Cannot Prevent That, Only Delay It: To inflate the bubble MElon is now doing the classic trick of buying from oneself for a fictional value
Links 30/03/2025: Contagious Ideas, Signal Leak, and Squashing Lousy Patents: Links for the day
Links 30/03/2025: "Quantum Randomness" and "F-1 Visa Revoked" in US: Links for the day
Gemini Links 30/03/2025: US as a Threat, Returning to the WWW: Links for the day
Links 30/03/2025: Judge Blocks Dismantling Of VOA, Turkey Arrested Many Journalists: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, March 29, 2025: IRC logs for Saturday, March 29, 2025