__/ [rex.ballard@xxxxxxxxx] on Sunday 12 February 2006 23:22 \__
> Roy Schestowitz wrote:
>>
http://dylanknightrogersblog.blogspot.com/2006/02/will-executable-internet-ruin-security.html
>>
>> Exellent Article. The original title is a misfit though.
>
> What I find interesting is that the cited article is no longer
> available. Is this just a poor cite, or did Microsoft have it forcibly
> removed? Could you recheck your link and repost it if necessary?
I believe that Tim has answered that question:
__/ [Tim Smith] on Monday 13 February 2006 03:59 \__
> In article <1sRHf.1989$_c.1424@xxxxxxxxxxxxxxxxxxxxxxx>,
> "billwg" <billw@xxxxxxxxxxx> wrote:
>> I suspect that Dylan Knight Rogers' lawyer advised him as to the wisdom
>> of making such unsubstantiated slurs in public and Dylan Knight Rogers
>> did the sensible thing and erased his blog!
>
> Far more likely is that he wasn't able to handle Slashdot. What's
> amusing is that he is the one that submitted the story to Slashdot.
Some later comments which got bound to that story indicated that it became
unavailable. Perhaps he was working on a Slashdot-friendly, lightweight (or
static) version of the page. Ironically, it was him who called for that
traffic surge, which in turn took him down.
>> "Microsoft paid little to no attention to and still don't today would be
>> gaming consoles, advertising, portable music devices, and computer
>> security."
>
> Microsoft is a bit two-headed about security. On one hand, they want
> to create the illusion of security, providing simple firewalls and
> supporting third party virus and spyware scanners, but at the same
> time, they want to control access into the PC, and maintain the ability
> to access and modify files. Their primary objective is quite
> legitimate. By knowing what combinations of software people are using,
> they can better support customers who are having problems with their
> computers. They can better plan their upgrades, and better plan their
> releases and testing of new products.
This comes with a cost. Privacy is one and penetrability is another.
> The problem is that their monopoly control of this information also
> gives them the ability to target markets being developed by
> competitors, often moving in and taking control just as a competitor
> has generated a market which would have provided profitability.
>
> The biggest problem is that these "back doors" controlled by Microsoft
> and companies controlled by Microsoft (for example - Microsoft owns a
> 25% stake in Verisign) amount to search and seizure of information
> without a search warrant or similar court order.
>
> If Microsoft walked into your house and began photographing your books,
> financial records, reading materials, and then used this information to
> bankrupt the companies you most enjoyed doing business with, and
> replace those businesses with Microsoft controlled competitors who
> charged more and provided inferior products and services, but forced
> you to use these instead of the businesses you liked - because they had
> gone bankrupt, or couldn't afford to continue to provide that service,
> you might be upset.
>
> If Microsoft broke into your home, held you at gunpoint, and physically
> browsed your workstation, and then decided that because your computer
> was a Compaq and that they had installed Netscape, that your copy of
> Windows needed to be purchased at full retail price - and they demanded
> immediate payment or they would reformat your hard drive - you would be
> screaming bloody murder and calling the police.
>
> Because Microsoft is accessing this most confidential information
> through the impersonal TCP/IP connection, and you can't see what
> information they are gathering, or the impact it has on how Microsoft
> interacts with your favorite products, you politely give them all the
> information they want - by using Windows and accepting the terms of the
> EULA.,
Most people never accept or even read the EULA. Windows is pre-installed.
> Consider a slightly more sinister scenario. Merely theoretical at the
> moment, but entirely possible. Imagine that Microsoft had been able to
> target and scan Ken Starr's computer, and publish information which
> only the special investigator would know to a BBS as a "rumor" - then
> cover that with their MSNBC cable channels. Suppose Microsoft were
> able to tap into the medical records of George Bush, and pass the
> electronic copies of the records to Dan Rather at ABC News during the
> election? Suppose Microsoft were able to tap into the computers of
> players like Scooter Libby, and pass that information to the right
> media outlets?
Well, Google Desktop 3 raises similar questions.
> Imagine if Microsoft were able to tap into the computers of federal
> prosecutors, identify companies being investigated, have holding
> companies sell short, then release leaks of the stories which would
> legally have to be confirmed.
>
> Now, suppose that some other force got access to that same back
> channel. International terrorists? Right Wing Republicans? Left Wing
> Democrats? Fox News? CNN? PBS? The KGB, the CIA? DHS? IRS? DYFS? DEA?
> SEC?
The most scary day is that when the Federal Government liaises with Microsoft
in efforts to spy on and glance at files owned by people all around the
world. One wonders if this could be a motive for mutual affection between
Microsoft and certain governments, to whom closed-source and wiretapping is
a powerful tool. Mind you, Microsoft never hesitated when the government
requested search engine logs (MSN search).
> Imagine any of these factions, or better yet, all of them, using those
> back doors to nullify political opponents? Imagine them; distrupting
> people's finances? Exposing personal sexual fantasies? Exposing the
> most private and confidential thoughts of anyone.
Source code is power. More powerful when it is hidden to all, except for a
few. The weak security model does make you wonder, does it not?
>> [...]
>>
>> "So, we can assume three things:
>>
>> 1.) Microsoft developers are either lazy, incompetent,
>> or a mixture of the two.
>
> Or they are extremely competent and their REAL goals, which involve
> establishing and maintaining control over the world's information.
> Information is power, capturing the right information, and disclosing
> it to the right people, can be the most extraordinary use of power. ...
FUD in itself is a form of information control. Bill Gates once said that he
disagrees with Google's goal, which is to organise the world's
knowledge/information. Gates said he only provides tools for that task --
for people to manage their information on their own. He doesn't appear to be
any different though. He is just late to join the party, as always.
Look at some of the recent projects: a clone of Google Maps and Earth, book
scanning, and so forth. All are highly controversial, but it was usually
Google that got told off by authorities and the public. Microsoft are
treading behind doing exactly the same things. So does Gates do as he once
preached?
> ... One who could do this, and could remain completely invisable, and
> maintain unchallanged control of the companies and infrastructures that
> allowed them to collect and disclose this type of information in a
> strategic way - could literally rule the world. They could choose
> political candidates during the primaries - who would be friendly to
> their political and economic agenda, and remove them almost immediately
> if they attempted to challenge the structure.
...which is the motive their huge drive to improve and promote MSN search,
using a built-in search bar merely everywhere in Vista and software which is
yet to be discovered. Microsoft fear the fact that Google have become a
gateway to information to most people. Google can steer people at Open
Source (Firefox or even Linux) if they desire. They can even make a masacre
in China vanish, if only they set their mind to it. Microsoft want that
power. It's a brainwash heaven.
>> 2.) Microsoft's customers are extremely ignorant of security.
>
> Keep in mind that Microsoft's "Customers" are not the end users.
> Microsoft has two groups of Customers who, together, make up about 98%
> of their PC based revenue stream. The very biggest group is the OEMs.
> This group pays as much as $200/PC for about 80 million PCs/year - more
> than 1/2 of Microsoft's total revenue. The other group is the
> corporate customers - the 5,000 largest companies in the world. These
> companies pay for upgrades or support contracts - often in excess of
> $50/user/month for "support" contracts. The irony of course being
> that most of this "Support" consists of security patches which must be
> tested by the company before bing rolled out - even more costly than
> the support that retail OEM customers get.
>
> The problem is that there are $Trillions tied up in Microsoft dependent
> information and technology. Microsoft's annual revenue is about $40
> billion/year, but this is traditionally less than 10% of the price of
> the computers involved, and only about 2% of the salaries of the
> workers who use Microsoft products.
>
> At the same time, most corporations also don't put themselves entirely
> into Microsoft's hands. For most companies and workers, Windows
> provides the display for applications, tools, and systems which run
> UNIX and Open Source technologies.
>
> Even when you are running IE, the system you are accessing 80% of the
> time - is based on UNIX or Linux, and/or Open Source. The e-mail might
> be Outlook, but 2/3 of the mail accounts you will be sending to or
> receiving from - will be Sendmail based. The catalogue might be
> displayed by IE, but the databases were UNIX/Linux and DB/2, Oracle,
> PostGreSQL or MySQL.
In a layman's eye, Google is often a better case study. As regards E-mail, we
had an Exchange server installed in this department (don't look at me!) a
couple of years ago and nothing but trouble has hit local E-mail accounts
since. Something as simple and fundamental as E-mail causes trouble every
week.
I ditched the local servers /before/ they even moved to Exchange. How
fortunate was I. Sadly, there is often lag when I mail my colleagues, who
are still bound to the piece of junk, which is sometimes down for half a
day. The staff are taking care of their servers as if it was a 100-year-old
in a parent's home. How much time and money (TCO) does that cost?
A few weeks ago they bought a new server because the older one was too much
trouble. This reminds me of that "throw your spyware-plagued PC in the
garbage" scenario.
> The browser might be IE, but the java applet connects to WebSphere or
> some other Apache/Jakarta/Struts/J2EE implementation. Even when the
> server is IIS and .NET, the back-end is almost always *nix, Open
> Source, and non-Microsoft technology..
>
> Very few architects use Microsoft for the entire solution chain. In
> reality, it's rarely practical to do so. Most corporate solutions
> involve integration to *nix systems, mainframes, and third party
> applications on *nix and mainframs - which requires open source and
> third party products as "glue" to pull all of that together.
>
> In fact, most of the documents stored as Microsoft Office documents are
> almost like "static archives". Any "Final versions" are usually stored
> in either Adobe PDF format, or in some form of GML format (SGML, XML,
> HTTP). Most publishers store their content in almost the exact same
> format used by the Linux Documentation project - SGML with standard
> DTDs. This format minimizes the storage, makes it easier to archive,
> and makes it easier to reconstruct using evolving technologies. It
> also makes it easier to keep the documents up to date using scripts.
>
>> 3.) Microsoft wishes to create a monoculture of Microsoft products that
>> are destined to be insecure, ultimately resulting in cashflow due to
>> Microsoft's OneCare solution, ignorance and unwillingness to change to
>> better alternatives. In short, really sadistic social engineering."
>
> Sure Microsoft wants to get as much revenue as possible, as long as
> possible, and at the lowest possible cost. More than a few CEOs have
> publicly stated that they wished that they could make an 85% profit
> margin. And this is actually one of the reasons why CEOs are now
> looking with a great deal more interest at Open Office, FireFox, and
> Linux as well as other ways to reduce or eliminate their need for
> upgrades, support contracts and in general eliminate or reduce their
> dependence on a company who was taking as much as 25% of their budget.
I agree with you on that. Interestingly, Firefox played a huge role in making
people better aware of Open Source and its value. Right before them laid the
evidence that Internet Explorer from Microsoft was a POS. I can think of at
least 3 other browsers that were better than IE, but they never got the same
public exposure as Firefox.
> In fact, one of the reasons why Google is such a huge threat to
> Microsoft, is that it shows an example of a company that is
> extraordinarily successful, using almost NO direct Microsoft contracts
> (Google does use OEM Windows and Office on their workstations, but does
> not pay for support contracts), and significant amounts of Open Source,
> including Linux. Furthermore, Google has used and endorsed the use of
> OpenOffice and PDF documents instead of Word documents. Finally,
> Google converts millions of Microsoft word documents to HTML using Open
> Source tools.
Yes, but I think they ought not to index PPT and DOC files at all. It only
encourages people to disseminate proprietary formats over HTTP and make it
available to the WWW, regardless of one's available tools.
> Microsoft has been feeling the pressure. OEMs are pushing back, making
> sure that their hardware will run Linux rather than just accepting
> Microsoft's recommendations for the "Standard Platform" which include
> hardware which is known NOT to work with Linux. Many OEMs now see that
> the only way they can get 64 bit and dual-core processors to market is
> with Linux. HP has made a huge dent in the market with their AMD-64
> laptops and desktops. Microsoft has tried to hold back the industry
> and keep the OEMs stuck to the Intel 32 bit architecture, they have
> promised a 64 bit version of XP but don't have the applications -
> especially 3rd party applications to support it.
You mentioned that once. Interesting observation.
> Promises of Vista have been broken and it has been reduced to a bunch
> of eye-candy and appears to be designed to lock-out competitors such as
> VMWare and VMWare player as well as Linux VMs. There is even the
> possibility that Microsoft will make the same mistake that IBM made in
> 1992. IBM tried to push Microchannel and OS/2 and force OEMs to choose
> between Windows and OS/2 - the OEMs, not happy with the lack of
> documentation for certain pins on the Microchannel bus, went with
> Microsoft.
>
>> [...]
>>
>> "Fortunately for those who are being scammed and lied to (the three
>> hundred million Windows users worldwide), Microsoft is running out of
>> excuses."
>
> Microsoft has been making and breaking promises for decades. It's part
> of how they do business. They were investigated by the United States
> Federal Trade Commission for fraud resulting from their use of
> "Vaporware", included in this investigation was Microsoft's fraudulent
> claims dating back as far back as 1987 when Microsoft had promised true
> multitasking - in response to Digital Research, who was offering
> DR-DOS, which had true Multitasking, and GEM, which provided a Windows
> like Interface - which was being pitched to OEMs as well as retail
> markets and corporate markets. The investigation cited similar
> fraudulent claims related to nearly every release of MS-DOS and every
> release of Windows.
>
> Many of Microsoft's competitors have hoped that the courts would
> intervene. Keep in mind that it isn't Microsoft's technology which is
> illegal, it's their business practices. Microsoft executives,
> including Steve Ballmer and Bill Gates, have openly admitted in court
> cases, to fraud, sabotage, extortion, blackmail, embezzlement, and
> obstruction of justice - perhaps BECAUSE they knew that they would
> ultimately be able to offer settlements in which they paid what
> amounted to a trivial fine or cash settlement - along with sealing of
> the records and immunity from civil or criminal prosecution - and no
> admission of wrong-doing.
>
> Put simply, Microsoft has been able to engage in criminal acts, then
> pay the plaintiffs/victims enough to make them say that no crime was
> committed. If Bill Gates murdered someone, and paid the victim's
> family $1 billion, would that me that the murder was never commited?
> The irony is that the courts would probably dismiss the case, due to
> lack of evidence, and the family wouldn't sue. Ergo - in the courts
> eyes, the crime never happened.
Michael Jackson or Pedo Phile?
> The one place Microsoft is sensitive is New Mexico. This is the one
> state where Bill Gates was arrested and charged with criminal acts.
> His father flew out, cut a deal which sealed the records, and Bill
> Gates left New Mexico, never to return. When attempting to settle the
> DOJ lawsuit, Microsoft approached New Mexico first, because they could
> have unsealed the records as part of the remedy hearing.
>
> Even after being found guilty of illegal acts, Microsoft was able to
> negotiate a settlement which has pretty much allowed them to completely
> ignore the Judgement.
>
> The ultimate result has been that the market has decided to take
> matters into it's own hands. IBM divested itself of it's unprofitable
> Laptop and Desktop business, selling the line to Lenovo, sending those
> jobs to People's Republic of China. Now IBM can purchase those
> computers, with their OEM licenses, and do anything they want -
> aftermarket, as a Value Added Reseller.
>
> Hewelett Packard has introduced a line of AMD-64 machines, made sure
> that they would all run Linux with a minimum amount of effort. They
> provided drivers to SUSE and rejected any hardware which would not run
> on Linux.
I like would have been appreciated here.
> Dell has also begun offering machines that are fully Linux compatible,
> and can be purchased with or without Windows. Nearly all of Dell's
> machines can be configured with Linux without special drivers.
I have two Dell machines. One runs Ubuntu and the other runs SuSE. I never
tried any other distributions on them. The success rate is 100% (2 out of
2), so thumbs up.
> Gateway has been explorig the Linux world as well. Many of their
> cheaper machines still don't support Linux, but most of the higher
> priced - higher profit machines, have been made Linux friendly - and
> the Linux friendly machines have been holding their price value while
> the Windows-only machines have been experiencing massive price erosion.
Gateway are having some financial problems and the future seems grim.
http://www.businessweek.com/technology/content/feb2006/tc20060210_467932.htm?campaign_id=de2
" FEBRUARY 10, 2006
Troubled Times at Gateway
Will the sudden departure of Wayne Inouye and a slumping stock
price leave the computer maker open to a buyout or takeover?"
I hope they embrace Linux and become yet another large vendor to back Open
Source.
> Most corporations are also making Linux-compatibility a requirement.
> Often, corporations will order hundreds, even thousands of machines,
> but before even one machine is ordered, the corporate customer
> eveluates the candidates. These days, running under Linux is one of
> the critical tests. Machines that don't run Linux are going nowhere in
> the corporate market.
Depends /which/ corporate environment.
> During the most recent review of the DOJ settlement compliance, the DOJ
> said that a complaint had been raised related to the restrictions on
> the "first boot" configuration clauses of the contract. Microsoft's
> representatives claimed that they had talked with the OEMs and that no
> one had a problem. Shortly after that, it became public knowledge that
> it was Hewlett Packard who had raised the complaint and they were
> appearantly very upset that Vista was being designed to make sure that
> it would NOT run under Linux/Xen or VMWare.
>
> Microsoft is claiming that this is an attempt to improve security.
> It's pretty clear that most of Microsoft's attempt to improve security
> seem to be more focused at protecting Microsoft from competitors -
> especially Linux.
Sometimes no effort is made. Extensions that break crossover application are
perhaps convenient for the sake of extension and, provided that backward
compatibility holds, there is little or no empathy. No account is taken of
what'll happen to non-cutomers. It's aggressive behaviour at its worst.
> The irony may be that this could backfire. If Microsfot really forces
> the "Either/Or" choice on OEMs, end-users, and corporate customers,
> Microsoft may find itself "shut out" of the market. Linux
> distributions such as Xandros and other distributions which offer
> Crossover and Win4Lin may be able to fill the needs of those who still
> need to run Windows programs on Linux systems. Since Linux is offering
> backward compatibility, customers may opt to switch to
> Linux/WINE/Crossover or Linux/Xen/Win4Lin, which would create a very
> sudden push for switching those traditionally Windows applications to
> Linux.
What about IBM's recent alliance and push to port .NET to Java (not strictly
so) and Linux?
> Microsoft has been tracking the exponential growth of Linux and Open
> Source and has been mounting their own countermeasures. Perhaps one of
> the most significant is their shift to XBox/360, pretty much shutting
> down the low end of the Windows "game machine" market for the OEMs. In
> addition, Microsoft has been engaging in diversification, investing
> more in entertainment, media, and partnerships in other services.
The XBox might actually have a reverse effect, much like The Sony
Playstation, the GameCube, and others. They rid people from the need to play
games on a PC. As most games are built solely for Windows, there is no
longer that dependency. Then again, with or without the XBox, people could
use gaming console from one of the many vendors (giants). Microsoft is
trying to adapt to an evolving trend in order to sustain some revenue and
have another piece in the puzzle, which they can in turn use to impose new
lock-ins. Just wait and see. The same applies to servers, PDA (smart
telephony), the Internet, music shops, porttable players and so forth.
> This isn't so new, many corporations have to transform themselves. IBM
> went from being a company whose primary sources of revenue were
> Hardware and high-end software sales to Consulting - shifting the
> entire corporate culture to providing the customer with WHATEVER they
> needed to solve their business problems, even Open Source and Linux.
> Ironically, this has lead to market growth for IBM hardware and
> software. Linux literally recreated the Mainfram Market and Linux is
> now the "trigger" for many Z-Series hardware sales. In some cases,
> clients using Z-Series for traditional COBOL/CICS solutions will add
> Linux VMs to their mainframes as part of their integration solutions.
>
> .HP has consolidated technologies it inherited from Compaq who got DEC,
> Tandem, and HP9000 technologies, and has made Linux a key part of their
> laptop to Supercomputer migration strategy.
>
> Even though Dell is not real focused on the high-end market, Dell has
> been very successful offering Linux machines for laptop to Blade-array
> solutions. Dell has been widely used in large Linux clusters.
Our department buys Dell hardware almost exclusively. All machines are set up
as dual-boot with SuSE 9.3 as standard, I suspect. I am happy to walk into
the M.Sc. cluster on occasions (to test pages with IE) and find that almost
half the machines have the SuSE login screen, which implies that people
prefer it to Windows XP. "Simply change" is the slogan.
> Microsoft may still be getting the OEM license revenue, but they are
> quickly losing negotiating leverage. In the corporate desktop market,
> OEMs have far more vested interest in offering Linux as the primary
> operating system with Windows as a secondary offering - even if this
> means that the User must actually do the final configuration.
> Microsoft cannot afford to force the the OEM or End-user or Corporate
> desktop to choose between Linux and Vista. If they try, it's quite
> likely that Vista will go the path of Windows NT 3.1 - DOA.
It already is dead on arrival, prior to its ever-delayed arrival. It is
Windows XP with some eye candy while security issues have not been addressed
at the core. It will be the same mess all over again and Microsoft will run
out of excuses. They already have, in some people's minds.
> In 1993, Microsoft was able to razzle-dazzle the industry with a few
> "sneak peaks" and prevent the media from covering Linux, OS/2,
> Solaris/86, UnixWare, and other competitors. They had a huge
> advertizing budget, and leveraged it with co-op and brand trademark and
> logo control.
>
> In 2005, Microsoft has had to deal with the runaway success of Firefox,
> OpenOffice, and Live-CD implementations of Linux which are giving
> almost everyone a chance to "taste" Linux. In 2006, Microsoft is
> facing drop-ins such as VMWare Player, complete with some excellent
> VMWare images which demonstrate products and options ranging from
> simple "safe browser/email" "appliances" to full development
> environments incnluding WebSphere and DB2.
>
> Many companies are now beginning to create their own "Client Images"
> for Linux. These can be deployed as VMWare Images or as Installations.
>
> Microsoft is watching this with horror as well. After all, if Linux
> VMs become "must have" features, and users using Linux VMs are having
> fewer problems with viruses, spam, and trojans, this might be a big
> "MIcrosoft Killer" - because Windows users can get a first-hand look at
> Linux - without having to give up Windows.
Exactly.
http://video.google.com/videosearch?q=dennis+daniels+edubuntu
> The even bigger win would be if Windows VMs gain popularity - as Linux
> clients. If users can install and configure a Windows image, and back
> that image up, then configure the image as much as they wanted, adding
> third party software and other applications then be able to recover
> from corrupted systems with minimal effort - even Microsoft would have
> a hard time sayng that this was a "bad thing".
>
> Misinformation only works on those who are ignorant. Those who have no
> information which contradicts the information being provided by those
> providing the misinformation. As more and more corporate customers get
> first-hand experience with Linux, Microsoft's "Fast Facts" are getting
> to be more and more absurd. Microsoft's claims of better security,
> better performance, better reliability, lower TCO, and better ROI are
> getting blown away by first-hand experience.
Believe it or not, many people read that propaganda and believe it too. It is
often those who find themselves in a state of inner-conflict -- those to
whom Linux is an unknown. It makes me sick, personally.
> About the only weapon Microsoft still has in it's arsenal is the
> ability to prevent these Linux customers from publishing their
> "benchmarks". Unfortunately, Microsoft has been losing more and more
> of these cases, with Judges ruling this clause of the EULA to be
> illegal and even fraudulent. Microsoft settles, and has the records
> sealed, but this doesn't stop more and more judges from ruling against
> Microsoft very early in the preliminaries.
Don't worry, Rex. There are many bloggers these day, to whom the rules do not
apply. They can say whatever the hell they see fit, as the original post
shows. Fewer and fewer people will read newspapers from mainstream media,
which is moderated by Ballmer /et al./. Moreover, search results on the Web
cease to point at large media sources and microsoft.com. That relates to my
earlier point, which argues that Microsoft need better control over
information quite miserably.
> An even bigger problem for Microsoft, is that more and more companies
> are dumping Microsoft entirely, which means that Microsoft has no
> recourse. Microsoft can threaten to revoke the licenses, but since
> these companies are no longer using Windows, it's getting to the point
> where they are able to publish their stories with impunity. This is a
> very persuasive testimony.
Success stories and the cattle effect add to inertia too. I say "cattle
effect" to refer to a new phenomenon: people ditching Windows.
> The irony is that many of these companies have gone "All *nix" because
> they are fed up with the Microsoft failures, and have made a fully
> informed decision to make the transition, often only after months, or
> even years, of careful planning.
>
> That's pretty persuasive!
>
> Rex Ballard
> http://www.open4success.com
Thanks for a good post.
Roy
--
Roy S. Schestowitz | Open Source Othello: http://othellomaster.com
http://Schestowitz.com | SuSE Linux | PGP-Key: 0x74572E8E
4:55am up 27 days 0:11, 12 users, load average: 0.56, 0.41, 0.54
http://iuron.com - next generation of search paradigms
|
|
