Microsoft Makes Third Parties Less Secure

Posted in Microsoft, Security, Windows at 4:51 pm by Dr. Roy Schestowitz

Rusty padlock

Summary: Self-explanatory set of news reports

Adobe patches 12 Flash bugs, 3 caused by Microsoft [Warning: IDG]

Adobe also took care of three vulnerabilities within Flash that were the result of the company’s developers using a buggy Microsoft code “library” when they built the program. On Wednesday, Adobe confirmed that it had used Microsoft’s flawed development code — specifically the Active Template Library (ATL), a code library included with Visual Studio — to create both Flash Player and Shockwave Player. The latter was patched that same day.

Adobe confirms Flash contains Microsoft dev code bug

Adobe stepped forward yesterday to acknowledge that it’s the first major third-party vendor to have used Microsoft’s flawed development code in its products.

Adobe Bugs Linked to Microsoft ATL Flaw [Note: Even the Microsoft-bent press admits this]

When Adobe Systems Inc. announced that it would periodically have Patch Tuesday releases of its own to coincide with Microsoft’s monthly patch rollout, it became clear that Windows plays a vital role in the third-party software firm’s security repertoire. That role became even more apparent with the security advisory Adobe released late Thursday.

Microsoft Vulnerability Underscores Importance of Strong SDL

Sometimes it’s the little things. According to Microsoft, one of the bugs in the Active Template Library was the result of a typo.

IRC: #boycottnovell @ FreeNode: August 1st, 2009

Posted in IRC Logs at 9:06 am by Dr. Roy Schestowitz


Read the log

Enter the IRC channel now

To use your own IRC client, join channel #boycottnovell in FreeNode.

Comes Antitrust: Microsoft’s Attack Plan on GNU/Linux and Today’s Lessons

Posted in Antitrust, Bill Gates, Free/Libre Software, GNU/Linux, Intellectual Monopoly, Microsoft, Novell, Oracle, Patents, Protocol, SUN at 4:59 am by Dr. Roy Schestowitz

Summary: Beyond the Halloween Documents (Comes vs Microsoft exhibits)

TODAY’s Comes vs Microsoft post is a particularly long one, so we attempted to shorten it so as to keep the signal high and leave the details aside for separate inspection by those who are curious and have more time to spare.

“The authenticity of them was confirmed when the Comes vs Microsoft case produced exhibits for the broad public to access.”Many regulars are probably aware of the Halloween Documents. Eric Raymond (ESR) has a complete mirror of the text with commentary, so we will not replicate the documents, which have already been out there for years. The authenticity of them was confirmed when the Comes vs Microsoft case produced exhibits for the broad public to access.

Interestingly enough, Bill Gates said about these reports (Halloween documents): “The two documents in here from Vinod are the ones I want the board to see.” He was referring to Halloween Documents I and II. Here is Halloween Document I as text and as PDF. Here is Halloween Document II as text and as PDF.


The documents which Gates referred to are already in ESR’s Web site (as plain text), so there is no point repeating the process of posting them publicly. However, to highlight some particular bits from them, here are some portions from the above. Microsoft explains that:

OSS is a concern to Microsoft for several reasons:

1. OSS projects have achieved “commercial quality”
2. OSS projects have become large-scale & complex
3. OSS has a unique development process with unique strengths/weakness

Microsoft later adds that “to understand how to compete against OSS, we must target a process rather than a company.”

Then come the issues of APIs, e.g.:

Linux and other OSS advocates are making a progressively more credible argument that OSS software is at least as robust – if not more – than commercial alternatives. [...] [E]vangelization of API’s in a closed source model basically defaults to trust, OSS API evangelization lets the developer make up his own mind.

The strategy in general:

Beating Linux
In addition to the attacking the general weakness of OSS projects (e.g. Integrative / Architectual costs), some specific attacks on Linux are:

* Beat UNIX
* All the standard product issues for NT vs. Sun apply to Linux
* Fold extended functionality into commodity protocols / services and create new protocols
* Linux’s homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today’s commodity services, we raise the bar & change the rules of the game.

That was about 10 years ago. As we noted before, Bill Gates once wrote: “What we are trying to do is use our server control to do new protocols and lock out Sun and Oracle specifically.”

How can Microsoft capture some of the rabid developer mindshare being focused on OSS products?

Some initial ideas include:

* Provide more extensibility – The Linux “enthusiast developer” loves writing to / understanding undocumented API’s and internals. Documenting / publishing some internal API’s as “unsupported” may be a means of generating external innovations that leverage our system investments.

It says “Documenting / publishing some internal API’s as “unsupported”…”

Does that sound familiar? As we shall show later, Microsoft also speaks frankly about “undocumentation”.

Here is embrace & extend in action:

OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market.

From Halloween Document II we pull the following (thanks to Jason):

The Linux community is very willing to copy features from other OS’s if it will serve their needs. Consequently, there is the very real long term threat that as MS expends the development dollars to create a bevy of new features in NT, Linux will simply cherry pick the best features and incorporate them into their codebase.
The effect of patents and copyright in combatting Linux remains to be investigated.

Later came the SCO lawsuit, the Novell deal, and patent racketeering which carries on to this date.

New Material

Today’s main exhibit ties the above documents together and we believe that there is no copy of it anywhere else (as text), so Wallclimber kindly contributed her time to process the text, which we then analysed. Wallclimber says that this “strategy” document outlines exactly what they’ve done to Novell. “I especially got a kick out of the “fatal flaws”,” she added. Here is the original exhibit (PX08175, 1999) [PDF] and several points of interest that are extracted from the full text, which can be found at the bottom.

This short document is titled “Our Linux Strategy” and it was authored by Vinod Valloppillil.

Watch number 1 and number 2 in the list, then think about the loadable module [1, 2, 3, 4, 5, 6, 7], which added Microsoft hooks to Linux (hypercalls).

1. Embrace Linux: MS APIs / Linux kernel — release an MS version of Linux and/or release key MSFT platform technologies on Linux (e.g. parts of Win32, app server, etc.)

Pros: Ride the wave & try to evangelize Win32
Cons: Dramatically evangelizes Linux & may risk MSFT IP due to GPL license issues
Fatal Flaw:
– Impossible to make this revenue neutral with Windows biz.
– Doesn’t protect the “crown jewel” IP from being targeted at a later date

2. Embrace Linux: Linux APIs / MS Kernel — try to get Linux API’s on Windows — get more hardcore about POSIX subsystem on NT to capture Linux app base

Pros: Capture some of the Linux dev mindshare by making it easy to bring Linux apps to NT
Cons: Hurts Win32 evangelization
Fatal Flaw:
– There are no Linux apps that we covet.

Also think about Mono, Moonlight, and OOXML.

Prior to that, Valloppillil states:

This document discusses both our strategy and our plans for competing with Linux. To understand the strategy it is important to remember the following:
- Linux isn’t most importantly a product/feature; it’s a philosophy change
- Linux has no new specific features to co-opt
– Unlike the NC: the NC touted TCO benefits, and thus we introduced ZAK/ZAW
– Unlike the Internet: the Internet was loaded with technology changes, and thus we invested in browser technologies and reexamined all our existing products

The core strategic thrust of Linux is NOT an attack against some product/feature weakness of Microsoft. It’s an attack at the base of the commercial software industry – Intellectual Property.

Previous threats to Microsoft (the NC, Java, etc.) have been about replacing Microsoft’s IP with another company’s IP that claimed some new benefit (e.g. TCO). What differentiates Linux is that OSS attempts to extricate Intellectual Property all together.

Learn from what Microsoft did to NetPC (NC) and to Java. Watch what else Microsoft put forth as an option:

Cons: ISVs getting hooked on undocumented API’s, support costs, etc.

So, “undocumented API’s” are an option, eh? Microsoft admits their existence.

Watch what Microsoft thought about Wine back when it was a lot less mature and capable:

– Microsoft is an IP company. Like the rest of the software industry, >90% of our IP valuation stems from Trade Secrecy of the source code. Open Source is mutually exclusive with Trade Secrecy. This plan would instantly make the various Win32 clones (e.g. http//www winehq.com) an order of magnitude more capable.

More compelling stuff from Microsoft:

2. Innovating, Creating New IP

(Re-)recognize that we are an IP company and that in our networked world, functionality delivered via protocols is steadily replacing functionality which was once delivered via APIs Thus, innovation must occur both internal to our products, but also between computers.

Windows clients must always be able to communicate with Linux servers (and vice-versa). However, there MUST be additional value created when a Windows machine is touching another Windows machine. NOT doing this is akin to giving away the Win32 APIs. Every group defining protocols needs to remember this.


We must innovate and keep our great advancements to ourselves. The fine balance between protecting/financing our innovations and interoperability will get more difficult overtime But, it is relatively easy today.

Notice the following:

4. Compete with Linux Head-On
BED marketing is currently making the transition towards engaging Linux as a tier-1 competitor in the server & client markets. There are still some decisions to be made here (and headcounts to fill) to ensure that on a tactical basis, NT out markets Linux Some of the core deliverables include white papers, benchmarks, etc. More peripheral questions / issues include reclaiming retail shelf-space from Linux, etc We need engagement throughout the company (e g, retail) on this. Finally, getting the word out on NT’s architectural advantages over Linux is an imperative.

Then it says:

Open Source development is the greatest cloning machine of all time. Consequently, we must recognize that “Trade Secrecy” of source code will provide increasingly minimal protection over time and that aggressive patent procurement is our only investment defense. Additionally, strong patent procurement is a key enabler which allows us to publish more of our source code to leverage evangelization benefits (the patent application process is, in a manner of speaking, a form of source publication)

Initiatives (NOT discussed further in this paper) are underway to understand the options in this space.

“The following are all underway,” eh? What would that be? Those lawsuits Jim Allchin spoke about [1, 2]?

“The two [Halloween] documents in here from Vinod are the ones I want the board to see.”
      –Bill Gates
It is worth remembering that all these documents are spread with Bill Gates’ oversight and endorsement, just like the AstroTurfing which he loves. At the time, when these documents leaked, Microsoft tried to portray the AstroTurf as an act it had nothing to do with; a lead participant, James Plamondon, insistingly denied this, saying that Bill Gates was a supporter of the tactics all along. His colleague Marshall Goldberg confirmed this in an internal presentation.

Likewise, when it comes to the Halloween Documents, Microsoft tried to dismiss this as “an engineer’s individual assessment of the market at one point in time.” The exhibits clearly show Bill Gates distributing this material quite enthusiastically to chief people at Microsoft. It means that Microsoft simply lied to save face.

At the end of the document we find out what’s already “underway” at Microsoft:

The following are all underway:

1. Ramp-up / staff Linux competitive marketing efforts.
2. Ramp-up source licensing initiatives. DRG/MSDN is the owner for the umbrella but all component teams must begin evaluating what codebases would benefit the platform if they were evangelized via less restrictive licensing.
3. More proactively & aggressive secure patent rights to MSFT innovations that will be significant to the OSS fight. Development teams must shift mindsets from source code secrecy towards patents as the primary means of securing our key innovations.
4 [on-going] Create new IP in base scenarios – file sharing, management, etc.

“Ramp-up / staff Linux competitive marketing efforts” sounds like potential reference to more AstroTurfing, which is a reality. The remainder has a lot to do with patents, which we now know are used against GNU/Linux. The document as a whole is worth reading, assuming one has the patience. It’s properly formatted below.

Appendix: Comes vs. Microsoft – exhibit PX08175, as text

Read the rest of this entry »

Patents Roundup: CityWare Under Siege, Kappos for Change We Can Believe in, and Skype

Posted in America, Europe, Free/Libre Software, Patents at 3:24 am by Dr. Roy Schestowitz

David Kappos

Summary: Accumulation of patent news of interest to Free software supporters

TODAY’s roundup starts with the news about CityWare. This was also mentioned the other day.

A small Web development and open source software company called CityWare was recently named alongside Google, Yahoo, Amazon and other software giants in a patent infringement lawsuit. What makes this unusual is that CityWare has no products or customers and no longer exists. The company was formed by software developer Nate Neel in 2004, but folded soon after due to lack of customers.

This comes to show that Free software is already a victim of this broken system where patent trolls use software patents as well. Among those who promote this system we have Gartner’s Brian Prentice [1, 2, 3], who carries on raving about software patents while describing the roles of those who exploit them.

The Oligopolists -The beneficiaries of the status quo. If Silicon Valley had a gentleman’s club, filled with over-stuffed leather sofas, seersucker suits and the stench of Cuban cigars, then these guys would be charter members. There’s is a genteel world were club members can civilly discuss their commercial disputes over a single malt whiskey and resolve them with a handshake and a cross-licensing agreement. And while cub members like to say their doors are open to those less well off, the requirements of membership – massive patent portfolios, the money to pay for a small army of lawyers and regular appearances at big ticket political fundraising events – means they can relax in the comfort of knowing they won’t be initiating new members any time soon.

Nice advocacy of patents there from Gartner.

There is slim hope for change now that David Kappos takes office. He calls patents “monopolies” and he shall preside over the USPTO. Here is his new statement. We wrote about this man’s background or actions in [1, 2, 3, 4, 5, 6, 7, 8] and here he is receiving accolades from those who sought a reform.

Senators who have spent years pushing an overhaul of patent law today praised President Barack Obama’s choice to lead the U.S. Patent and Trademark Office, suggesting that nominee David Kappos could help jumpstart the stalled legislation.

“You have eminent experience in this field,” Sen. Orrin Hatch (R-Utah) told Kappos at his confirmation hearing. “I’m very proud of you for accepting this position.”

Europe too is getting its reformists in positions of power.

The GNU General Public Licence for software was, he says, the main subject of conversation between developers who put their work ethics before their own or their business’ interests.

Before he knew it, Josefsson was part of a movement which claims to be saving the world from corporate control. In 2002 he became one of the leading opponents of the EU’s software patent directive. He co-founded the Swedish chapter of the Foundation for a Free Information Infrastructure (FFII) with Engström and, without any knowledge of how to lobby politicians, he spearheaded the campaign against the directive.

“When the directive was proposed in 2002, I and many others started following this from scratch,” he says. “We were computer programmers, students or entrepreneurs, and we knew nothing about how the EU worked.

“It eventually developed into a grassroots movement equal in strength to the business associations and lobby groups you normally find in Brussels, to those whose views are normally heard and listened to,” he says.

Patent protest

The movement grew out of the blogosphere – or more correctly, Josefsson says, out of the ‘mailsphere’ – and the organising element was no individual or organisation, but a classical self-generating political process.

“It was like seeing a catastrophe about to happen. Imagine a bus about to drive into a crowd of people; you want to stop the bus before it happens. We didn’t have time to launch a proper organisation and we never asked questions about how we should do things. We just had to do it.”

By early 2005, more than 400,000 people had signed a petition against the software patent directive and later that year it was rejected by the Parliament.

In other interesting news, intellectual monopoly now arrives at another curious domain.

How Wolfram Alpha could change software

The upstart “computational knowledge engine” claims its results are original works, raising important questions about software and intellectual property

TechDirt has a a few words to add on the subject. It goes under the title “Can You Copyright Algorithmic Output?”

One of the biggest stories of the week was about Skype and once it is explored properly it turns out that patents are part of the problem which may shut Skype down. TechDirt has the gist:

Net2Phone Jumps Into The VoIP Patent Lawsuit Business: Sues Skype


In the last year, we’ve witnessed plenty of companies dig up VoIP patents with which to sue market innovator Vonage. Verizon, AT&T, Sprint and Nortel all were able to get Vonage to cough up some money, rather than continue to fight some questionable patents.

More here, here, and here:

Joltid, a company owned by Skype’s founders, merely licensed some of the system’s core technology to eBay when it sold Skype to the auction giant in 2005. Joltid now says that the license has been revoked and eBay is infringing on its rights by continuing to use the technology. The case is scheduled to go to court in June of 2010 but eBay is trying to replace the technology in the meantime. It may not succeed.

The president of the FFII says that “Skype [is] doing some copyright infringement by citing source code it does not own in US patent trials.” He links to this page from the SEC and some lessons worth learning are that: (i) Free software prevents risk of a project suddenly coming under survival threat; (ii) software patents are not beneficial to end users.

Free software is definitely going strong in some areas, especially in the server market. However, there are other areas where free software and free protocols have failed. Internet based voice and video communication is one of those areas. The market is basically fully owned by Skype, a piece of proprietary software based on a proprietary (and abusive) protocol in the hands the same company that runs eBay. Free software advocates have been saying “what if Skype was discontinued?” for years. Then I read about eBay considering shutting Skype down. Pardon?

Skype’s area of operation is a sordid mess of patent thickets and it is getting worse now that dictation becomes a patent (see corresponding USPTO page) and audio-casting too becomes a patent.

VoloMedia, a podcast analytics, advertising, and distribution company, just received a patent for “providing episodic media,” including podcasts. According to the company, which filed for the patent in November 2003, U.S. Patent 7,568,213 covers all episodic media downloads, not just the RSS-dependent downloads that power today’s podcasts. VoloMedia CEO Murgesh Navar says that the company doesn’t plan to go after individual podcasters, but that the company plans to “work collaboratively with key participants in the industry.” We do wonder, however, if VoloMedia can really claim to have invented podcasting in 2003, given that the concept was already under development by Dave Winer and others in late 2000 and early 2001.

This is another symptom of a broken patent system. It needs changing.

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources




Samba logo

We support

End software patents


GNU project


EFF bloggers

Comcast is Blocktastic? SavetheInternet.com

Recent Posts