Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  dorpus, 12 Sep 2003 @ 1:45am

  
  

  DLL's

  I've read that most windows crashes are caused by bad DLL's made by 3rd-party vendors. Not Microsoft's fault.
  
  
  

  [ link to this | view in chronology ]

  • 

    Kevin, 12 Sep 2003 @ 2:09am

    
    

    Re: DLL's

    Dorpus, this is old news and I think it was *supposed* to be fixed long ago. But on the other hand, an operating system should be able to protect itself from programs/drivers/etc. Unix/linux has always done this although admittedly a few times I've locked up linux was with video drivers, but who knows, they may have just locked up the card.
    Mac computers have been really bad about this until recently, but the OS is now candy coated unix.
    
    Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. The title of that article is really poor.
    
    You're lucky you didnt post that on slashdot, you'd be all crispy now.

    [ link to this | view in chronology ]

    • 

      dorpus, 12 Sep 2003 @ 2:39am

      
      

      Re: DLL's

      "Anyway, I dont think they are complaining as much about bugs as they are about security flaws/exploits. "
      
      What about the security flaws/exploits of other OS's? There are plenty of unix viruses.
      
      "You're lucky you didnt post that on slashdot, you'd be all crispy now."
      
      Too much traffic, too complicated filtering system, so I don't do slashdot.
      

      [ link to this | view in chronology ]

      • 

        bbay, 12 Sep 2003 @ 3:48am

        
        

        Re: DLL's

        I think the point is that a preemptively multitasking, protected mode virtual memory operating system shouldn't be letting third party DLLs crash the system. It just shouln't happen.
        

        [ link to this | view in chronology ]

        • 

          dorpus, 12 Sep 2003 @ 3:58am

          
          

          Re: DLL's

          I seem to recall that for about a decade after windows introduced plug-and-play, Sun terminals would still crash whenever someone accidentally unplugged the keyboard. The jacks were very loose and easy to come off, too. Seems like something that shouldn't happen for an operating system that is supposed to be more "heavy duty" and "reliable" than windows.
          

          [ link to this | view in chronology ]

          • 

            westpac, 12 Sep 2003 @ 6:34am

            
            

            Re: DLL's

            I've seen loose keyboard connectors blow a PC motherboard. This is a hardware issue instead of software.
            
            VMS is an amazingly stable OS. Our VMS servers never crash. But if you want to upgrade or add anything you're locked into proprietary hardware and software. Ever since Compaq bought up DEC they've been trying to kill off the VMS product line and now the whole Alpha product line.

            [ link to this | view in chronology ]

          • 

            glazier, 15 Sep 2003 @ 12:26am

            
            

            Re: DLL's

            If you jiggle the keyboard on My XP box, you lose all ability to type - nothing bar a reboot will fix it. So it still happens.

            [ link to this | view in chronology ]

      • 

        Kevin, 12 Sep 2003 @ 5:23am

        
        

        Re: DLL's

        "What about the security flaws/exploits of other OS's? There are plenty of unix viruses."
        
        whoa there Dorpus. Who is feeding you this info? I've know of viri on windows, macos and I even remember them back on the Amiga, but I dont think I've ever heard of a unix/linux virus.
        
        Worms, sure. But I'll bet that most of the bad publicity that unix/linux got was from the two most craptastically exploitably programs apparently written by drunks: bind and sendmail. These two programs have a fairly simple function but for some reason keep getting cracked. If those were written correctly unix/linux would have a much better track record.
        
        As for those terminals locking up when the keyboard was unplugged I suspect it was a hardware problem, not the OS, but even if it was you cant really judge a OS's robustness by its ability to handle changes in hardware while its running. I dont even know if old sun terminals were running unix, it might have been some stripped down OS that ran an X server.

        [ link to this | view in chronology ]

      • 

        unixman, 15 Sep 2003 @ 12:24am

        
        

        Re: DLL's

        "Plenty of UNIX viruses"? Name me one. There have been a couple of worms (entirely different) but no viruses that I have ever heard of and I've been doing Unix for 25 years and more. Viruses just don't work on UNIX because of its securty model.

        [ link to this | view in chronology ]

• 

  alternatives, 12 Sep 2003 @ 4:01am

  
  

  Ok, then explain this.

  that doesn't necessarily make them negligent.
  
  There is a call that lets you get the MAC layer address from your network card. When Mircosoft 'patched' for the blaster issue, that call now returns a fixed address.
  
  Please explain how such programming is not negligent?
  

  [ link to this | view in chronology ]

  • 

    Patrick, 12 Sep 2003 @ 10:32am

    
    

    Re: Ok, then explain this.

    "There is a call that lets you get the MAC layer address from your network card. When Mircosoft 'patched' for the blaster issue, that call now returns a fixed address."
    
    Please clarify--why is a call for the MAC address a problem, and what do you mean by 'fixed address'?

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Sep 2003 @ 8:07am

  
  

  Yes, because "the hood is welded shut."

  Software vendors of closed source products should be held liable for flaws because the opaque nature of their products.
  

  [ link to this | view in chronology ]

• 

  kettlechips, 12 Sep 2003 @ 8:10am

  
  

  ms = bugs = profit

  the basic difference/problem is that open source leans towards accountability and hence relability, while mickeysoft leans toward profitability thru monopoly, lawyers & obfusication. why fix something ifyou can charge for it in the next release. microsoft is a monopoly that minimises competition & hence improvement. ie despite what pr they generate, they are greedy, short sighted, arseholes who cause as much problems as they solve.

  [ link to this | view in chronology ]

  • 

    LittleW0lf, 12 Sep 2003 @ 5:34pm

    
    

    Re: ms = bugs = profit

    Haha...
    
    When I read this subject line, only one thing came to mind..."We are getting a hell of a profit fixing Microsoft's bugs!"
    
    After all, if it wasn't for Microsoft, I probably wouldn't have the decent paying, great experience, "god I love to come to work" job I have right now. They are literally paying my paycheck with their lack of security.
    
    Of course, my job as a Linux/BSD/Cisco administrator is stable, so I could always just spend all my time at work doing that, but it is more fun doing heavy patching of Windows boxes, and then of course the extra time spent investigating the break-ins and viruses under the Windows OS which makes my life complete...
    
    Hidden and tags within document.

    [ link to this | view in chronology ]

• 

  mgallagher, 12 Sep 2003 @ 8:29am

  
  

  Analogies with other products

  The article points out that what you really get when you purchase software is a license, not a "good" (although certainly in the economic sense you're buying a good) so all of the consumer protection laws don't apply. Clearly this will need to addressed legislatively, even though I'm generally opposed to such things.
  
  With many products there's a concept called "merchantability", which basically says that if a device is sold as a sewing machine, it needs to be able to sew in the way a reasonable person would expect to do so. Another example is a used car, the steering should turn the wheels, it should move when expected to, it should eventually stop when the brakes are pushed. After that, you're on your own.
  
  Maybe there's a way to include concepts like this for software. Perfection isn't expected, but a package should state it's intended functions, and should, at a minimum perform those functions in any reasonable computing environment. Using the Firestone example, I should be able to fit the tire to any appropriately sized wheel, and I should be able to expext a reasonable product lifetime when driven over typical surfaces. If I put the tires on the wrong size wheels and drive 150 MPH on gravel, well, I guess it's my fault if I get a flat (or worse).
  
  Security-wise there's plenty of precedent for "reasonableness" in other areas - I can't very well accuse someone of theft if I leave my CD player on the sidewalk overnight with no identification on it. If they break into my locked car to get it, that's a different story. Maybe these sorts of examples can be made into a workable "reasonable" standard for security expectations for software vendors.
  
  The key here is to provide some sort of information (and possibly recourse) to consumers without creating barriers to entry for new software authors. Not an easy problem, but probably not impossible either.

  [ link to this | view in chronology ]

  • 

    Rick Colosimo, 12 Sep 2003 @ 9:26am

    
    

    Re: [False] Analogies with other products

    Two comments:
    
    1. The concept of implied warranties of merchantability or fitness for a particular purpose were legal constructs designed to allow for physically injured persons to recover when they were harmed by a product. Those doctrines became strict liability, which says that you can't bargain away, as in an EULA, your protection from physical harm. Legal thinking then and now is that people should be allowed to bargain away their protection from economic harm since people and businesses do this all the time - it's called insurance or hedging or any of a dozen other forms. Those concepts are not readily transferred to software.
    
    2. You most certainly can be convicted of theft of a CD player with no name on it left on the street. States have slightly different versions of their statutes, but in NY for example, anything you find has to be turned in to the police and, if unclaimed, you may claim it. So your premise is unfortunately wrong (in spite of all we've heard, finders are not keepers and losers not always weepers).
    
    Even if it were true, I'm not sure that "reasonableness" is as good a standard in this situation as we might think. I am not a Mac expert or even casual user, but do we all believe it's *really* true that Macs are impervious to viruses, or that MS is simply a bigger target (for many reasons)? What Mac users think is "reasonable" may simply be luck or anecdotal evidence.

    [ link to this | view in chronology ]

    • 

      mgallagher, 12 Sep 2003 @ 1:21pm

      
      

      Re: [False] Analogies with other products

      Both are excellent points.
      
      You are quite correct when you talk about exisitng liability concepts having trouble in application to software. The original article makes this point as well. That's why I think we'll eventually be in a situation where definitions and applicability will need to be legislatively determined. Not an appealing idea when you consider how bad some of our computing-related laws have been. But you're right, in thier current form you'd have trouble getting merchantability laws to work for software.
      
      As for the second point - I simplified the example to the point of inaccuracy. We're not even talking about criminality here, rather civil matters (for which liability limits need to be defined). I probably should have referred to being able to recover damages if you haven't met the burdens of discovery and minimization in relation to minding your own "security" - but that just seemed to be a little too obtuse.
      
      So, thanks for the excellent points. Have a great weekend.

      [ link to this | view in chronology ]

      • 

        Joe Perches, 12 Sep 2003 @ 1:33pm

        
        

        Re: [False] Analogies with other products

        The article says:
        
        "But since the mid-1990s, a string of court decisions has upheld the validity of using license (nb: context implies shrink-wrap) agreements to limit a software maker's liability."
        
        Is this true?
        
        Have products sold over the counter ever been determined to be not Uniform Commercial Code?
        
        Can anyone cite a reference please?
        

        [ link to this | view in chronology ]

• 

  Adam Barr, 12 Sep 2003 @ 11:50am

  
  

  Possible marketing advantage for Microsoft

  If they *do* become liable in some way, then they can use it as a marketing advantage against Linux. "If on the off chance you are hurt by a remote exploit, we've got $50 billion you can sic your lawyers on! Top that, Red Hat!"
  
  - adam

  [ link to this | view in chronology ]

• 

  mhh5, 15 Sep 2003 @ 12:24am

  
  

  MS should not be liable...

  I think it's justifiable that MS could not be held liable, but if that's the position MS holds, then they can't turn around and criticize open source OS's for their lack of liability...

  [ link to this | view in chronology ]