The Musings of Chris Samuel

In an interesting blog on patents, copying and litigation former Sun CEO Jonathan Schwartz discloses that Bill Gates and Steve Balmer tried to put the frighteners on Sun over OpenOffice.org to try and protect their office application monopoly. Their attack went like this:

“Microsoft owns the office productivity market, and our patents read all over OpenOffice.” [...] “We’re happy to get you under license.”

Of course (as ever) they do not identify any patents, as that would let us fix any problems (if there are actually any), they would much rather weave their usual web of FUD on the matter than come clean. Jonathan’s response turned the issue on them on a different tact:

“We’ve looked at .NET, and you’re trampling all over a huge number of Java patents. So what will you pay us for every copy of Windows?”

That killed that angle of attack off..

Oh joy, Microsoft have managed to introduce security problems into Firefox through a plugin for it that they silently install without your knowledge!

Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App). The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox’s AddOn Manager and disable the WPF plugin.

Mozilla might already have reacted to this, my brother (who alerted me to the above story) said:

Firefox popped up saying it’s blocking 2 Microsoft add-ons so they must be cracking down on them

Dear Microsoft – please do not stuff about with peoples web browsers that don’t belong to you, you’re just not qualified..

Chris Smart has pointed out an interesting little titbit in Greg K-H’s “Staging tree status for the .32 kernel merge” blog post:

hv (Microsoft Hyper-V) drivers. Over 200 patches make up the massive cleanup effort needed to just get this code into a semi-sane kernel coding style (someone owes me a bit bottle of rum for that work!) Unfortunately the Microsoft developers seem to have disappeared, and no one is answering my emails. If they do not show back up to claim this driver soon, it will be removed in the 2.6.33 release. So sad…

So after all that hope about MS releasing GPL’d code it turns out to be a one off code dump (presumably to get them out of a license violation hole otherwise they’d be showing more interest) with no intention of doing anything further with it..

If you were wondering why the judge came down like a ton of bricks over i4i’s XML patent, then this this is likely the reason:

In a 65-page summary opinion dated Aug. 11, U.S. District Court Judge Leonard Davis said that evidence presented during the May 2009 jury trial showed Microsoft had met with i4i executives as far back as 2001, knew of the firm’s patent for XML editing, and yet did nothing to guarantee that its implementation of “custom” XML would not infringe the i4i patent.

The judge also raises some (what look like to me) anti-trust monopolistic points:

“The trial evidence revealed that Microsoft’s intention to move competitors’ XML products to obsolescence was quite bold,” Davis said in his opinion. During the trial, i4i’s expert testified that 80% of the market for the company’s products was made moot when Microsoft added custom XML capabilities to Word 2003.

Of course you have to hand it to Microsoft for trying it on when attempting to get around the injunction, but the judge caught them again:

“Even after several years of litigation and a jury verdict of infringement, Microsoft requests the ability to continue selling the accused products and release an upcoming product with the same infringing functionality,”

Not to mention that Microsoft would have known of both the patent and the lawsuit whilst successfully railroading OOXML through the ISO standards process in flagrant disregard for the concerns about the format.

Fortunately it’s already been reported that OpenOffice.org ISO standard XML file format ODF is not affected by this patent.

Here’s some interesting news from Government Computing (via Groklaw) on the patent that has caused all the worry about Microsoft Word and XML:

i4i said it has looked at OpenOffice and found it doesn’t infringe on its patents.

Which is good news for ODF, but still demonstrates what an utter minefield software patents are. The sooner they’re gone the better.

Uh oh, this sounds really bad! LWN is reporting that:

Here is a press release from legal firm McKool Smith, which is quite proud at having gotten a US court to rule that Word violates patent #5,787,499. “Today’s permanent injunction prohibits Microsoft from selling or importing to the United States any Microsoft Word products that have the capability of opening .XML, .DOCX or DOCM files (XML files) containing custom XML.” The text of this patent is quite vague; if it stands it could almost certainly be used to make life difficult for free software as well.

Microsoft taking a beating for this is not something to celebrate, this is yet another example of how software patents are really bad for all the players in computing.

Oh joy, within 24 hours of the MS IE/ActiveX exploit we have a remote vulnerability against Firefox 3.5.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Currently Mozilla have no “known vulnerability” page for Firefox 3.5 security issues, I presume once it’s created it’ll be here.

There is a sample exploit available already, so it’ll be in the wild soon if not already.

For those people who have to care about Windows systems SANS ISC has info on a scary new ActiveX remote exploit doing the rounds that allows an attacker to run code on a Windows box rendering HTML via Internet Exploder or (presumably) Outlook, etc if you have virtually any version of MS Office installed..

This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability

There is no fix at present, though a workaround is available to disable those ActiveX controls. Attackers are actively targeting people with this too:

A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target – with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim’s domain/IP range would not reach with the server.

Remember Microsoft isn’t the answer, Microsoft is the question. “No” is the answer.

A patent infringement battle that’s been going on in the US for 6 years between Uniloc and Microsoft over an Australian invention that lies behind the product activation used in Windows and MS Office, etc has been resolved – and Microsoft has lost to the tune of a cool US$388 million – that’s over half a billion Australian dollars…

On Wednesday, the jury found Microsoft wilfully infringed the patent.

Wilful infringement means that Microsoft knew about it and didn’t care, rather than just not knowing it had been patented. Microsoft tried to argue that the patent was invalid, but the jury didn’t buy that argument. All rather ironic after the Tom-Tom issue (they settled as Microsoft were about to get their imports to the US blocked prior to any judgement on whether or not it was a real issue)..

There’s an interview with the CEO of Uniloc, Brad Gibson, about the verdict on the ABC website.

Like many western nations that built up their industries under protective laws and now demand that developing countries remove restrictions that they relied on we see Microsoft doing much the same with Tom Tom, as ZDNet points out when discussing why Microsoft are eager to avoid talking about the details of their patent case..

The TomTom claims cover such things as a multitasking computer on which you can run programs, in a car. A wireless Internet-connected computer, in a car. And how to create long file names in the MS-DOS filing system–a fix introduced in Windows 95 because MS-DOS is a direct descendent of 1974’s vintage 8-bit CP/M operating system. A direct descendant? More a bastard child: MS-DOS helped itself freely to many of CP/M’s design concepts, in some detail. But those were the days when Bill Gates could say that software patents had the potential to put the industry at “a complete standstill” and with good reason. If the sort of protection Microsoft now claims for itself had been available to CP/M then, Microsoft would never have created its monopoly, nor amassed a fraction of its power.

Hopefully Tom Tom now being a member of the Open Invention Network will give Microsoft pause for thought. As regards how the system currently works, I cannot put it better than how ZDNet sum it up:

The patent system is not just broken, it is poisonous. It works by fear, using the civil courts as cudgels in the hands of bullies.

Sadly I suspect it’s unlikely to change in the near future..