HAL 10

» Microsoft confirms Vista Speech Recognition remote execution flaw | George Ou | ZDNet.com

I heard back from the folks at the MSRC, and they let me know that Microsoft is investigating public reports of a possible vulnerability in Windows Vista’s speech recognition feature. Microsoft’s initial investigation reveals that this vulnerability could allow an attacker to use the speech recognition feature in Windows Vista to verbally execute commands on a user’s computer.

Say No to Microsoft Window Vista

Microsoft Windows is a pain to diagnose. However, Run has many of the tools to determine issues. Someone at Microsoft hates it. Can someone tell me why? Finding Run has gotten more and more difficult over time. Now in Vista they hide it by default. 🙁

Where’s the “Run” dialog box in Windows Vista? » The PC Doctor’s blog

…If you the link back on the Start Menu, right click on the Start button and click Properties.  On the Start Menu tab click Customize.

The Customize Start Menu dialog will then be displayed.

Scroll down to Run command and check the box. 

Finally click OK and OK again.

The link has screenshots.

Ready to Switch?

I was disappointed the only IE competitor mentioned was Firefox. Opera, Safari, and Netscape are well known enough that it would behoove a more balanced view to mention them as well.

My only use of IE lately is replicating a user problem I can’t replicate in Firefox and the very, very infrequent case a web site site doesn’t work in Firefox or Netscape. 🙁 Quite frankly, it scares me to surf with IE. Of course, I am the person my friends call about cleaning up their computer when it runs slow because it is a computer virus, spyware, and adware infested mess. So my fears are based on the horror of cleaning up the after effects of using IE.

Internet Explorer Unsafe for 284 Days in 2006 – Security Fix

For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.

In a total of ten cases last year, instructions detailing how to leverage “critical” vulnerabilities in IE were published online before Microsoft had a patch to fix them.

Microsoft labels software vulnerabilities “critical” — its most severe rating — if the flaws could be exploited to criminal advantage
without any action on the part of the user, or by merely convincing an IE user to click on a link, visit a malicious Web site, or open a
specially crafted e-mail or e-mail attachment.

The small mention of competitors:

In contrast, Internet Explorer’s closest competitor in terms of market share — Mozilla’s Firefox browser — experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.

Technorati Tags: , , , , , , , ,

Look for a Patent Wiki in 2007

Patent review goes Wiki – August 21, 2006:

That’s the basic concept behind a pilot program sponsored by IBM and other companies [including HP and Microsoft], which the U.S. Patent and Trademark Office appears poised to green-light. The project would apply an advisory version of the wiki approach to the patent-approval process.

The issue is that patent applications have tripled in the past two decades, leaving examiners only 20 hours on average to comb through a complex application, research past inventions, and decide whether a patent should be granted.

As a result, critics contend, quality has declined and lucrative patents have been granted for ideas that weren’t actually new.

One solution is to let astute outsiders weigh in during the patent-review process, as online encyclopedia Wikipedia does, vastly increasing the information available to the patent examiner.

This acknowledges there is a quantity and quality issue with people who are approving patents. The applications are complex (certainly when I read them my eyes glaze over). Do the examiners have access to good research tools? Are the examiners good at digesting the research they find? It sounds like all one needs to do is create a patent full of buzzwords the examiner is not likely to understand.

Personally, I think the USPTO should forbid hand drawn figures. Take the Blackboard patent for an “Internet-Based Education Support System and Methods” granted this year and the basis of a lawsuit against Desire2Learn (who posted the complaint and patent). I know the systems pretty well having supported a few. However, I find these hand drawn figures of a browser screen more difficult to understand than the same figure would be of a screenshot or a CAD drawing. I figure the ubiquitousness of drawing software should make this a fairly reasonable request.

Also, I would like to see more in patents about what existing technology the patent is based upon. The major complaint from people about these patents being granted is the amount of prior art. The USPTO is dependent upon the patent applicant and anyone who reviews these applications to find prior art. In knew of students who had papers rejected because there was obviously not enough references. Why not reject a patent for the same reason? Back when the office was founded, I could understand because it was so difficult to find evidence of other’s work. But the USPTO has given patents to Google! Surely with the wealth of information out there they can tell applicants they need to provide more information about prior art? Even make them provide information about items that are similar?

This project has the potential of an RFC (Request For Comment) to the whole world. To go the wiki route and allow people to change the language of the request seems kind of scary?

Internet Elephant (in the Corner)

In the web design and web application world, Internet Explorer is always the Elephant in the Corner. The most popular web browser is one of the more cantankerous and annoying web browsers to design HTML and JavaScript for use inside it. For a long time a few web designers have preached a need for Web Standards. However, IE’s lack of standards made that unlikely. Only when IE actually move ever so slightly towards standards did the WS crowd feel vindicated.

Additionally, Internet Explorer is the gaping hole in computer security. People rarely need to patch Windows or Office so much as patch IE (and often).

Normally I roll my eyes at just about anything Dvorak writes. However, he does point out a new argument for the “No More IE” crowd. Unfortunately until Microsoft stockholders put the pressure on the company to change, I really doubt this elephant is going anywhere.

Column from PC Magazine: The Great Microsoft Blunder

I think it can now be safely said, in hindsight, that Microsoft’s entry into the browser business and its subsequent linking of the browser into the Windows operating system looks to be the worst decision—and perhaps the biggest, most costly gaffe—the company ever made. I call it the Great Microsoft Blunder.

BellSouth vs. Google – Round 1

What about the customers? Companies all too often play chicken. It is the consumers who get screwed. A few years ago, a Sun vs. Microsoft disagreement meant no adequate Java Runtime Environment for the brand new Windows XP personal computers for months. Developers for online classes often tap Java for mini-applications (HTML editors, chat, file managers, etc.). No Java? May as well find an old computer that does or drop or fail. Sorry….

The Jeff Pulver Blog: Jeff Pulver to Eric Schmidt: Turn the Tide – Turn off BellSouth!

Given the market power that Google has today, they are more relevant to the Internet community than BellSouth. Given that, if I were running Google today, I would choose to implement a BellSouth Boycott and stop offering access to Google to BellSouth customers and would start advertising Cox Cable service on any requests that came from BellSouth customers in their regions. I’m willing to wager that by Q3 2006, BellSouth’s DSL group will feel the effects of their grave error in judgment.

As the battle between the Internet Access Providers and Internet Application Providers rages on, it is the customers who will be hurt more than any of the underlying companies selling access or offering applications. Welcome to the game of Internet Chicken and the race to mutually assured destruction. Who will flinch first before it is too late?

Customers are not all as dumb as you think. Placing ads to BellSouth’s competitors on through the BS network would not convert many. They listen to people like me, who would view Google acting like a bully as very, very counter to what we like about Google. At that point, I would remove Google as our search engine of choice and drive my clients to Yahoo!

Disconnect

Wow, there is a disconnect between Microsoft and end users.

Even if users experience PC trouble after installing the patch, they will still be protected against any attack exploiting the Windows flaw, a Microsoft representative said.

But but but

The patch could lock users out of their PC, prevent the Windows Firewall from starting, block certain applications from running or installing, and empty the network connections folder, among other things, the software maker said.
(Bold added by me.)

Maybe this is just me, but I could really care less if my computer is protected from some computer worm if I cannot get into my computer! If the program I need (yes, need, not want) to use will not start, then the computer is broken.

I don’t consider this rocket science.

Sniff Tests

As Dvorak points out, BitTorrent is the largest single protocol. The Web’s HTTP barely counts compared to BitTorrent and the other P2P protocols. That’s a heck of a lot of traffic—as any network administrator knows—and having it increased with crapware is not good news.

In addition, some anti-virus and anti-spyware programs don’t look at Torrents for trouble. That means even users who are bright enough to run programs like those are still in danger of having junk delivered to their computer. That’s a problem.

The real problem is that now BitTorrent, like e-mail, the Web, and soon, I’m sure, IM, is being used to deliver malware.There Is No Conspiracy Against BitTorrent

Perhaps there is a conspiracy within Microsoft to pollute every standard ever made?

Microsoft also said it had created some new extensions to the RSS format, which will be available for content publishers to use under the Creative Commons licence.
Microsoft makes web feeds easier

C’mon, people!! Your Pseduo-HTML created by people clicking on “Save as Web Page” drives people batty attempting to figure out why it does not work. Why does it not work? Because web browsers often cannot read parts. Why can they not read parts? Because it is not HTML!