Tag Archives | Microsoft

Slashdot: reports Microsoft Anti-Spyware to Be Free of Charge. Well, that seems only fair. All the spyware is free, too, right? Free as in free beer, although not free as in free speech.

Let see those Open Source folks match this one!

Slashdot points to a Register column by Opera CTO HÔkon Lie suggesting Opera Claims Microsoft Has Poor Interoperability. Tell me it ain’t so! Scoble replies “I gave Scott crap about just this problem in that interview and he says that they are working hard to fix it in IIS 7.0 and the next version of ASP.NET.” What an interesting response.

InfoWorld: Top News reports “Microsoft warns customers about exploits for new flaws. BOSTON – Microsoftæwarned customers about computer code that exploits holes in the company’s software and blamed security researchers for publishing proof of concept code to trigger the vulnerabilities, which was then turned into working attacks.”

This isn’t about shooting the messengers. It’s common practice to notify vendors of a flaw when you find them and give a reasonable grace period before publicly releasing sufficient information to exploit the flaw, to give the vendor, Open Source or Closed, a chance to distribute a patch. In this case, the patches are already out there, as I blogged on Wednesday. It just takes a while for a few million people to patch. Most of us like to wait to hear if others discover problems with the patches.

However, it was Microsoft that publicized the vulnerabilities, and you can bet that others had already duplicated the exploits, based on the description Microsoft provided, as well as the binary patches that pointed to the affected code.

This still points back to Microsoft. Downloading and displaying a graphic should not allow remote code to be executed under any circumstances. A deep problem with the Microsoft operating system security model is exploited once again.

InfoWorld: Application development reports “Judge questions impact of Microsoft settlement. WASHINGTON – A U.S. district court judge on Wednesday praised Microsoft for efforts to improve technical documentation for its communications protocols, but questioned the effect in the marketplace of her final judgment in the U.S. government’s antitrust case against the software giant.”

Computerworld News reports Thirteen patches planned in next Microsoft security update. “Microsoft has telegraphed its plans to release 13 security patches as part of its regular monthly security update next Tuesday.”

Details on MS05-04 through -015 include critical patches to prevent remote code execution in Internet Explorer, OLE, COM, the DHTML editing control, the License Logging system, PNG processing, the Windows Shell, Sharepoint, ASP.NET and Microsoft Office. Microsoft Bob appears to be unaffected. It is the seventh week of 2005.

Hide Your IPod, Here Comes Bill. Apple’s music player apparently is wildly popular on Microsoft’s campus. Thousands of Microsofties own the devices, to the great irritation of management. By Leander Kahney. [Wired News]

Jon Udell asks the question: “How can high-tech product support be so abysmally bad? And how did we arrive at the point where users, not vendors, provide so much of the useful information?”

What an unusual perspective! I’d been a fan of the PCVENDB forum on CompuServe for support from Fox Software, but far more importantly from the many wonderful “users” — fellow developers and consultants — who taught me Fox software and consulting and so much wisdom. Even after the purchase by Microsoft, support didn’t come from the vendor, but from the forums – CompuServe’s FoxForum and the FoxForum Wiki and Ed Leafe’s ProFox mailing list. The vendor might occasionally post a knowledgebase article confirming what we already knew. But users have always supported software. They have no choice.

I recall seeing a directory on some vendors CDs labeled UNSUPPORTED, with a disclaimer that said the vendor would provide no technical support for the included tools. My question: Unsupported? How can you tell?

Andrew MacNeill points out that the VFP 9 EULA is posted in its entirety to the FoxForum Wiki at http://fox.wikis.com/wc.dll?Wiki~VFP9EuLA~VFP.

It’s great to see the brain-dead requirement of having to uninstall previous versions has been removed. However, there are some really bizarre new phrases added. Rush Strong points out the weirdest: “You may not.. work around technical limitations in the software,” Excuse me? That’s how I have made my living for the past fifteen years. VFP doesn’t include your inventory system, but that’s a technical limitation I can help you work around. Yes, it’s true that DROP TAG ALL will remove all relations, but I know of a product that works around that technical limitation… VFP crashes when used with some HP drivers, but there’s a technical work-around on the Microsoft KnowledgeBase that lets me work around this technical limitation.

I find it hard to believe that such a silly requirement could be enforced in court. On the one hand, OJ was found innocent and Sacco and Vanzetti executed. On the other, Microsoft was found guilty, guilty, guilty. I have neither the money nor the interest in finding out what is and isn’t enforceable in the EULA! But I think a lawyer at Microsoft needs to be flogged for writing such nonsense.

Ken Levy responded to my earlier post with:

Based on the feedback from you and others in the VFP community after the release of VFP, I met with the Microsoft legal team who worked on the VFP 9.0 EULA and they allowed that section to be removed.æ So anyone can upgrade to VFP 9.0 and use “any” previous version on the same machine, no restrictions in the EULA on previous versions related to upgrading.æ You can blog my comment on that if you want so people know who don’t have VFP 9.0 yet.