07.18.08
Posted in Red Hat, Microsoft, Deception, Patents, Security, Europe, FOSS at 1:58 pm by Roy Schestowitz
Meet Microsoft, a High-brow Software Patents infringer
T
he lawsuit over Silverlight was mentioned a fortnight ago, along with other new evidence of an out-of-control system. People in Microsoft Watch and elsewhere seemed very curious about the status of this case. Between the Lines offers some details.
Silverlight suit: Microsoft’s conduct is “unlawful” and “willful”
[…]
In its complaint, filed July 2, Gotuit alleges that Silverlight, Microsoft’s rival to Adobe’s Flash for Video and the technology powering the online video coverage of the games, infringes on Gotuit patents that allow “for the enhancement, personalization and monetization of video and other media.”
You can explore further the ridiculousness of this. Microsoft now drinks from the same well which it poisoned.
Begging for RAND and Intellectual Monopolies
It has only been a week since IDC, Microsoft and the BSA (all are financially linked) pulled their usual stunts in Europe in attempt to legalise software patents, make RAND the standard in standards, and push forward the proprietary software agenda with propaganda terms like “piracy”. Well, it’s happening again, according to The Register.
BSA: Software piracy’s ‘tragic’ impact on US society
[…]
The BSA-sponsored IDC study, available here (pdf), pinpointed eight US states in the report. It found significant variations from the national piracy figure of 20 per cent.
Be sure to learn what Microsoft and the BSA have been doing recently [1, 2, 3]. It barely receives media attention, so it tends to progress under people’s noses. It doesn’t meet the sheer resistance it truly deserves.
It was only weeks ago that the BSA (and maybe its hired associates like IDC) were pushing for RAND on behalf of Microsoft et al (the funding sources). Meanwhile, and probably independent from this, the EU is also strengthening intellectual monopoly laws.
Following the April 2007 initiative on “Enhancing the patent system”, the European Commission has now published a communication on a European industrial property rights strategy (PDF). It hopes this will improve access to the patent system and to trademark protection for small and medium-sized enterprises (SMEs). The Commission has also announced that it intends to work harder on ensuring the quality of patents granted and the promotion of innovation associated with it.
European Commission sounds new patent offensive
Following the April 2007 initiative on “Enhancing the patent system”, the European Commission has now published a communication on a European industrial property rights strategy (PDF). It hopes this will improve access to the patent system and to trademark protection for small and medium-sized enterprises (SMEs). The Commission has also announced that it intends to work harder on ensuring the quality of patents granted and the promotion of innovation associated with it.
Patent Busting
We wrote about the Peer-To-Patent project only yesterday. There are some more details about it in Mark Webbink’s blog.
In my last blog I talked about the PeerToPatent project and how it is attempting to improve the U.S. patent system one patent at a time. As you may see in the press today, my interest in PeerToPatent is not benign. Starting back on June 1 I have joined New York Law School as a visiting professor and as executive director of the new Center for Patent Innovations, home of PeerToPatent.
The need for patent busting is evident and fruits of this project imminent. There is already this new report about a major claim getting binned because of a patent’s obviousness (it got invalidated).
Finisar, which makes high-speed data transmission equipment, accused Comcast of infringing with its digital cable systems. Alsup invalidated the only claim asserted by Finisar because of obviousness. Morgan & Finnegan represented Finisar.
Trend Micro Begs for FOSS Forgiveness
Trend Micro shot the wrong target using the wrong weapon
It’s feeling the heat as a result. Perhaps.
Trend Micro, potentially terrified due to the boycott (on top of poor business health at the moment), bothers to repeat Chen’s claim via another executive. In CBR he insists that the software patent lawsuit is not about Free software (well, it sure is in practice). Maybe they have regrets now. It’s a tad amusing to see the ‘damage control’ that they do. Interestingly enough, in this article from Jason Stamper they also sneak in the sentence: ‘Dean Drako, president and CEO of Barracuda Networks, said: “Innovation will lead to a safer Internet, litigation will not.”’ He said this elsewhere too. █
“I would much rather spend my time and money and energy finding ways to make the Internet safer and better than bickering over patents.”
–Dean Drako, Barracuda’s CEO
Permalink
Send this to a friend 
View as PDF
07.17.08
Posted in Red Hat, Microsoft, Patents, Security, FOSS at 5:57 am by Roy Schestowitz
Squashing Software Patents
T
his site was probably bit harsh on Red Hat yesterday. In practice, Red Hat is among those who push for the elimination of software parent and it now turns out that former Red Hat senior, Mark Webbink, becomes a junk patents swatter at Peer-to-Patent.
Peer to Patent Project Extended and Expanded - Mark Webbink Exec. Dir. of New Center
I’m very happy to tell you that it’s just been announced that the Peer-to-Patent project, which is a cooperative project between New York Law School and the USPTO, has been extended after the first year’s trial. It’s also been expanded to include business methods patents! Yum. I can’t wait to see you try to invalidate some of those.
While working at Red Hat, Webbink protested against software patents (video). Alan Cox did too (video) and he still works for Red Hat.
Squashing the System with Software Patents
A day or so ago, the Microsoft-backed patents abuser known as Blackboard claimed to have begun collaborating with Sakai, which is an open source project. The press release is here. An article covering this has already been published.
Blackboard, the dominant player in course management software, has the ability to inspire devotion and, for the more fervid open-source adherents, not a little contempt. So today’s announcement may cause a stir among those more apt to liken Blackboard to the devil than a gentle giant: The company is partnering with Syracuse University to develop a way to integrate Blackboard with Sakai, one of the primary open-source alternatives.
One has to wonder if it’s a Novell-like deal of ‘interoperability’. Remember that Blackboard has been harassing FOSS projects [1, 2, 3]. Here is a reminder from the news about Moodle, which is another FOSS project that competes with Blackboard. It’s moving (or running away) to the cloud now.
Moodle says it is doing all this, by the way, in part because Blackboard, the market leader in this area, has been so aggressive in defending its patents.
Blackboard is not the only Microsoft-funded company that causes so much harm with ridiculous software patents. Here’s the Microsoft-backed patent harasser (maybe troll) called Finjan [1, 2, 3, 4, 5]. It seemingly tries to legalise or at least legitimise software patents in the UK where it is currently based. It’s getting some undeserved publicity at the moment.
The report includes real documented discussions conducted by Finjan’s researchers with resellers of stolen data and their “bosses”, confirming Finjan’s analysis of the current state of the cybercrime economy.
Some more here.
A security vendor, Finjan, reported Wednesday that the city’s Web site was one of over 1,000 sites treating visitors to malicious code.
Sadly enough, Finjan not only fights to ‘defend’ its software patents from the UK. It also puts barriers in the face of scrutiny software and therefore it assists cybercrime. If this carries on, it means that the bad guys win. It means that those bullying with their software patents can drive away competitors and make the Internet a lot less secure. █
“I would much rather spend my time and money and energy finding ways to make the Internet safer and better than bickering over patents.”
–Dean Drako, Barracuda’s CEO
Permalink
Send this to a friend View as PDF
07.14.08
Posted in Microsoft, Security at 2:11 am by Roy Schestowitz
We mentioned Dan Geer several times before [1, 2] because he is said to have lost his job for legitimately criticising Microsoft over poor security. Almost 1 in 2 Windows PCs is now a zombie PC, so he was right all along.
For saying the truth, other people seem to have gotten sacked as well. This is an old story, but one which is worth bringing up again.
It seems that my post is seen by Microsoft Security as being a security violation. The picture itself might have been permissible, but because I also mentioned that I worked at the MSCopy print shop, and which building it was in, it pushed me over the line. Merely removing the post was also not an option — I offered, and my manager said that he had asked the same thing — but the only option afforded me was to collect any personal belongings I had at my workstation and be escorted out the door. They were at least kind enough to let me be escorted out by one of my co-workers, rather than sending security over to usher me out, but the end result is the same.
[…]
So, I’m unemployed. I am somewhat lucky in that I’m not technically unemployed — I am still on the roster for my temp agency, who has been very good to me so far (and hopefully will continue to be), but as their ability to place me anywhere does depend on the current job market, it’s not a foolproof guarantee of employment coming in quickly. I’ve put a call into them and let them know of the situation and that I’m available and willing for whatever can be found, so with any luck, they’ll be able to find a placement for me. However, it appears that it’s also time for me to start hitting the streets and shopping my resume around again.
It was only 2 days ago that we also mentioned how Microsoft strong armed Tracy Reed for discovering weaknesses in ActiveX.
Why improve security when you can just gag (or get fired) those who know and spread the truth? Remember this story? █
“If you can’t make it good, at least make it look good.”
–Bill Gates, Microsoft
Permalink
Send this to a friend View as PDF
07.12.08
Posted in Microsoft, Security, OpenDocument, Open XML, ISO at 2:13 pm by Roy Schestowitz
Any Windows/Office debuggers in the audience?
The following is a reproduction of a new post from Rex Ballard (I started this discussion thread), whose previous post we quoted the other day.
Message-ID: <31a66169-d9e7-4715-9e9e-e3488ebd36a9@25g2000hsx.googlegroups.com>
From: Rex Ballard <rex.ballard@gmail.com>
Newsgroups: comp.os.linux.advocacy
Subject: Re: Leaked ISO Document Reveals Crooked ISO Amid MS OOXML Corruptions
Date: Sat, 12 Jul 2008 08:20:23 -0700 (PDT)
[…]
ODF is a comprehensive document that provides detailed specifications
from the high level document content down to the smallest elements of
scalable vector graphics. There are some “standard” mime object types
that are supported, such as PNG and JPEG, but other embedded formats
must be installed using plug-ins which have to be authenticated by the
user and by the system at installation time, and cannot be installed
by the content. Furthermore, the installed content can easily be
identified as trustworthy or not, and can be restricted in it’s
capabilities.
OpenXML on the other hand, is a high-level specification which
describes the high level envelopes used to embed binary objects which
are included in the content. The content itself contains the binary
code which can call any function in any Microsoft library and has all
permissions of the person opening the document. If a user account is
set up as “Administrator”, then the application can mess with the
registry, create, download, and hide files, can execute applications
in those files, can install any number of new viruses, and generally
wreak havoc on the system.
I’ll leave it to others to document the exact details (as I said, I’m
busy these days), but I’m sure anyone who tries to publish these
vulnerabilites will probably find themselves getting the same
treatment that Tracy Reed of Ultraviolet.org got when he tried to
publish his warnings about ActiveX controls back in 1997. Microsoft
got a court injunction against him, and forced him to take down the
content, claiming that it was being used to encourage hacking, and was
damaging the Microsoft brand.
“I got a couple of docx documents and had trouble getting them to open, even with the plug-in for Office XP. Next thing I know, I get a notice from my registry auditor that I have 1300 new registry errors.”Over the last 10 years,
we’ve seen these very same
techniques, documented back in 1997,
used widely to spread viruses including
Melissa, Nimda, Sky, BugBear, and about
250,000 other viruses, worms,
and malware, not including spy-ware and
other “Microsoft Authorized”
invasions of our privacy.
I got a couple of docx documents and had trouble getting them to open,
even with the plug-in for Office XP. Next thing I know, I get a
notice from my registry auditor that I have 1300 new registry errors.
And suddenly, my PC is churning the disk-drive and the network
connection at 3:00 AM (I’m getting old and have to get up), and the
network shows that I’m uploading something at full speed, even though
my computer is supposedly sleeping.
It isn’t a back-up program that I’m running.
I would encourage COLA readers and OSS advocates to explore this in
more detail.
get someone with Office 2007 to send you a docx file.
unzip it using pkzip or winzip or unzip.
look at the binary files.
replace one binary object with another.
zip up the document,
see if your office-2007 user can read the “enhanced” document.
For those of you with OLE programming skills, create an OLE object
that creates a file, and e-mails that file to you using smtp.
Send a document with this new ole object embedded (along with the
others) and see if you get an e-mail.
I haven’t tried this, and I don’t know if it will work. I’m not sure
how hard it would be to make it work. I just think it might be an
interesting project worth investigating, especially if you are
considering the migration of a few thousand users to Vista and Office
2007.
I’d love to see what the results turn out to be. After all, if it’s
that easy to take control of a recipient’s machine just by sending
them a “trusted” Word, Excel, or PowerPoint attachment, just think how
much chaos a really aggressive malicious hacker, with a goal of
obtaining marketable information about your business, could do.
Does ISO really want to approve such a ‘virus’? As an international standard even? If someone tests the above, please post the outcome here or elsewhere. It would prove invaluable.
The last time a chain of ISO problems was cited, Ian Easson challenged an argument from Groklaw. He might wish read the following lengthy follow-up. ISO is in a deeper puddle of mud than before.
Brazil is a P member of SC 34, so according to my reading of the clause, it has the right to appeal if any of the three above issues apply, and arguably they all do. According to South Africa, if the issue is ISO’s reputation, or if there is a matter of principle involved, Brazil can appeal. Even point three could apply, in that Brazil raises matters such as incorrect tabulation of votes, which, if true, one would hope ISO wasn’t aware of.
[…]
Why did they bother to go, one might ask? Why vote, if votes disappear from the record? By my reading, Brazil paints a picture of an orchestrated event, tilted away from criticism or a negative result and a refusal to give substantive consideration to issues delegates wanted to discuss, due to time constraints Brazil calls arbitrary, and worse.
For details about the BRM in question, see [1, 2, 3, 4, 5, 6, 7, 8] and have your jaw sink to the floor. It was a bad plan from the get-go [1, 2, 3, 4, 5], but Emperor Microsoft was in a hurry and it even used its lobbyist Jan Van Den Beld to change the rules ‘on the fly’. █
From the Campaign for Document Freedom
Permalink
Send this to a friend View as PDF
Posted in Microsoft, GNU/Linux, Novell, SLES/SLED, Security, IBM, Identity Management at 6:11 am by Roy Schestowitz
It has been a quiet week because some people embark on their vacations and companies make very few announcements. Here are the few things we picked up. They fit a single post for a change.
SUSE (SLES/SLED)
Novell and Sun Microsystems are both cited as companies that debunk the myth about lack of support for Free software. This appeared in europa.eu, whose reputation is fairly decent.
Sun Microsystems and Novell, two IT services firms promoting Open Source, are telling government CIOs there is plenty of support for this kind of software, the IT news site Zdnet reports.
[…]
Support for the Open Source operating system GNU/Linux rivals that of proprietary systems, Zdnet last April quoted Paul Kangro, applied technology strategist for Novell. He suggests fears over support are spread by companies that feel threatened by this kind of software.
Read the rest of this entry »
Permalink
Send this to a friend View as PDF
07.07.08
Posted in Microsoft, Security, Europe, SUN, RAND, FOSS at 3:56 pm by Roy Schestowitz
The lunacy that was mentioned here a couple of days ago surely continues. In order to keep you up to date, here’s some of the latest.
Brussels
ACT carries on with its fight for RAND terms that essentially leave FOSS out of the cold. They try to enforce these anti-FOSS laws by ridiculing the EU (e.g. “scoring an own goal”) and by calling Free software a “religion” — i.e. daemonising it in ways. They are also camouflaging themselves and their funding sources. They don’t really represent small businesses.
Glyn Moody wrote to explain what ACT actually is and what it tries to achieve.
Both posts now have extensive postings from Mark Blafkin, who is Vice President for Public Affairs at the Association for Competitive Technology (ACT). It bills itself as “protecting small business innovation”, but it also boasts “several Sponsor Members including eBay, Microsoft, Oracle, Orbitz and VeriSign.” Significantly, its offices are located in Washington in the US, and in Brussels in the EU: in other words, it’s a lobbying organisation aimed at swaying the two most powerful political machines.
Watch the comment from Simon Phipps. He understands tis better than most people.
Meanwhile, also in Europe, Microsoft is protesting against old fines. It’s slowing down the process using bureaucracy ahead of more heavy fines.
Microsoft Calls EU Fine ‘Excessive’
[…]
The Commission said it issued the fine because Microsoft did not follow an order in 2004 from Brussels to offer information to competitors on reasonable terms.
Hasn’t ACT done enough ‘protesting’ over this already? Watch this old story.
EU Internet
Many people are probably aware by now of the media industry’s Web grab. For those who are new to this, read the press release Kathy Sinnott’s:
Kathy Sinnott MEP for Munster will be voting against a series of amendments to the European Telecommunications Directive designed to give the EU control over citizen’s internet usage. The proposed amendments to the could force internet service providers to turn over information on customers and monitor their internet usage. It could also force software makers to include spyware in their products to allow not only governments but also corporations to monitor citizen’s activities whether or not they are suspected of unlawful behaviour.
Kathy Sinnott MEP said “I am a great proponent of net neutrality. The reason the internet is what it is today, is that no-one owns it and no company or government has as yet taken control over it. These amendments being pressed by some MEP’s seek to move Europe closer to the Chinese internet model where usage is monitored and where an individual goes online can be curtailed. This will give vast control over our lives to governments and in some cases corporations. I believe that law enforcement agencies should be allowed to pursue specific targets (eg. child pornography, terrorism) but monitoring the entire populace is not the way to go about it. These intrusions into our privacy would be unacceptable and I will be urging my colleagues to vote down all such amendments on July 7th.”
It does affect software, too.
Other amendments added to the packet of laws allow governments to decide which software can be used on the web.
How about this from Bill Thompson, who typically writes about (and in favour of) digital freedom and rights?
Another amendment put forward by Mr Kamall allows that “traffic data may be processed… to ensure the security of a public electronic communication service”, which the campaigners read as giving carte blanche to the content providers to monitor and control what happens on the network on the grounds that copying files or breaking digital rights management counts as a “security” breach.
I’m not so sure.
Nicolas Sarkozy deserves some of the blame. In fact, he deserves a lot of the blame for initiating lots of what we have now. Going all the way up to the source, it turns out that Vivendi-Universal may actually deserve most of the blame for working behind the scenes.
Corruption overflow in the policy-making environment
[…]
At the centre of this story of corruption lies one company, but please, don’t think it is a unique case (others will be quoted below): it is just the most impudent and shameless one. This company is Vivendi (formerly Vivendi-Universal).
Brazil Too
It was hardly surprising to find some sneaky last-minute amendments also in Brazil. It’s the same type of situation over there. [via Simon Phipps]
Downloading files from the Internet to become a crime in Brazil
[…]
Another article from the draft law – article 22 – is also being targeted by ISPs and the law professors. It imposes an obligation to ISPs requiring them to secretly inform authorities of any suspicion of criminal activity of which they acquire knowledge.
According to the professors, the article creates a system of private surveillance and finger-pointing affecting every net user, since ISPs will be obliged to communicate cases in which – according to their own convictions – there would be potentially criminal activity.
In Germany, You Share the PC… with Big Brother
Another reason to avoid proprietary software: Germany now takes further steps to legalise government spyware. Of course, everyone is told that it’s part of the ‘Fight Against Terrorism’.
Terrorism ‘this and that’ (sometimes “paedophiles”) is the perfect excuse for justifying warrentless wiretapping. This one seems like no ordinary measure.
Bavaria has become the first German state to approve laws that allow police to plant spyware on the PCs of terror suspects.
What makes some person a ‘terror suspect’? What is the criterion?
Some laws which were passed to supposedly combat terrorists have already been abused to interrogate an animal activist (by divulging PGP keys). That happened last year.
The “terrorist” term (or “religion”, or “zealot”, or “basement dweller”) is often just an excuse for passing laws or starting something that later expands in terms of scope. You can’t ever say “no” to the “fight against terror” though.
Like any such broad change (for instance, public databases that see data theft due to no encryption, missing laptops and security flaws), it’s only a matter of time before things go out of control, Legalising government spyware? Back doors as standard? What would prevent cybercriminals from entering the very same back door. They already exist by the way. █
Permalink
Send this to a friend View as PDF
06.28.08
Posted in Microsoft, Finance, Novell, Security, Oracle, IBM, Virtualization, Dell, Identity Management at 6:48 am by Roy Schestowitz
This is the last portion of news for today. It’s subdivided into the main developments that came up over the past week.
Upgrade, Buybacks
This may not actually mean much, but Katherine Egbert has upped NOVL, which led to a rise in share value. It may have something to do with Novell’s recent buybacks [1, 2, 3, 4].
Read the rest of this entry »
Permalink
Send this to a friend View as PDF
« Previous entries ·
Highlight: Novell was the first to acknowledge that Microsoft FUD tactics had substance. Novell then used anti-Linux FUD to market itself. 
Highlight: Xandros let Microsoft make patent claims and brag about (paid-for) OOXML support. 
Highlight: Linspire's CEO not only fell into Microsoft arms, but he also assisted the company's attack on GNU/Linux. 
Highlight: Microsoft craves pseudo (proprietary) standards and gets its way using proxies and influence which it buys. 
Highlight: The invasion into the open source world is intended to leave Linux companies neglected, due to financial incentives from Microsoft. 
Analysis: Xen, an open source hypervisor, possibly fell victim to Microsoft's aggressive (and stealthy) acquisition-by-proxy strategy.