Monday 26th November, 2007
Yes, I know that Windows flaws are ten a penny. It's just that this one is quite amusing.
The bug ... resides in a feature known as Web Proxy Autodiscovery (WPAD), which helps IT administrators automate the configuration of proxy settings in Internet Explorer and other web browsers.
So far so good. But wait, Microsoft fixed this problem years ago!
... the flaw affects every version of Windows including Vista and is actually the continuation of an old vulnerability that Microsoft supposedly fixed years ago.
Oops.
Microsoft appears to have released a patch for the vulnerability in 1999. But the patch only protected domain names ending in .com, so WPAD servers using all other addresses have remained vulnerable.
Hilarious! These idiots would have you believe that the security of Microsoft products rivals that of Linux? Unbelievable.
Thursday 13th September, 2007
There is a small storm in a teacup brewing over recent events in which it's been confirmed that Microsoft has updated copies of Windows XP and Windows Vista without the users' consent, even if auto-updates have been turned off. Obviously these folks don't read (or is it "understand") the Windows EULA which they clicked on and agreed to when they first started their newly-purchased PC (or when they actually paid for and installed the software.)
Most users of Microsoft Windows seem to have their collective heads buried in the sand. The thing the don't seem to get is that Windows users are just that, users. They don't own the software, they have just purchased the right to use it. Microsoft explicitly retain ownership and the right to update their system as and when they choose.
I don't understand why people are acting so shocked. Windows doesn't belong to you. If it bothers you having a third party changing files on the PC you use without your permission, you can always use an OS which you do own.
Monday 13th August, 2007
Amazingly, Windows Vista's content protection will protect it's users from seeing their own multimedia content.
"If there was any threat modeling at all, it was really badly done," Gutmann, from the University of Auckland, New Zealand, said while giving a talk on Vista content protection. "Once the enemy is the user and not the attacker, standard security thinking falls apart."
It's a strange world were people cannot play their HD-DVDs or listen to their own music:
While Microsoft's intent is to protect commercial content, home movies are increasingly being shot in high definition, Gutmann said. Many users are finding they can't play any content if it's considered "premium."
"This is not commercial HD content being blocked, this is the users' own content," Gutmann said. "The more premium content you have, the more output is disabled."
People actually pay money to be treated like this.
Friday 10th August, 2007
Groklaw has the news which we already really knew in the SCO vs Novell case:
The court concludes that Novell is the owner of the UNIX and UnixWare Copyrights.
It's not quite over yet, but a big chunk of decisions which are due to be made depended on the outcome of this ruling. As Groklaw's PJ says:
That's Aaaaall, Folks! The court also ruled that "SCO is obligated to recognize Novell's waiver of SCO's claims against IBM and Sequent". That's the ball game. There are a couple of loose ends, but the big picture is, SCO lost. Oh, and it owes Novell a lot of money from the Microsoft and Sun licenses.
That's good news. Well done, Novell.
Tuesday 7th August, 2007
Mark Shuttleworth, the CEO of Canonical, the company behind Ubuntu Linux, thinks Microsoft has managed to fracture the Open-Source Community. He also suggests that what Microsoft is doing amounts to extortion:
"To say, as [Microsoft CEO Steve] Ballmer did, that there is undisclosed balance sheet liability, that's just extortion and we should refuse to get drawn into that game. On the other side, if Microsoft is concerned about its intellectual property, there is no one in the free software community that wants to violate anyone's IP. Disclose the patents and we'll fix the code. Alternatively, move on."
He's also noted that those companies which did make deals with Microsoft have made short-term gains, but will lose out in the long run.
"I don't think this will end well for the companies that slipped up and went down that road," Shuttleworth said. "Ultimately, it is the spirit of open source that really motivates your best developers. Developers have been abandoning Novell ever since they did the deal with Microsoft, and they have gone to Oracle and Google among others. That's unfortunate for Novell, but was a fairly predictable consequence of their decision and it ultimately portrays a lack of understanding about what it is that really empowers free software."