Microsoft Patents “Legal Intercept” of VoIP and other Network Protocols

In 2009 some bright sparks at Microsoft decided that they should patent how to legally intercept VoIP (explicitly SIP traffic in the patent) and other network protocols. The SIP attack basically boils down to tweaking the SDP packets to remove an option:

If SIP invite messages are intercepted on their way to the call server or in the call server then the “a=candidate” lines referring to a direct peer to peer voice connection may be removed from the SDP parameters. As a result, the terminating call VoIP entity is not offered local paths and will not respond with them in the answer SDP. This forces the call through the NAT and into the public network where it can be transparently recorded.

But of course this is a patent and so the broad principles are couched in heaps of legal mumbo-jumbo and so what is actually covered is impenetrable.

One interesting point, given recent developments, is:

For example, VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like.

This is long before they bought Skype, but I’m sure that won’t stop conspiracy theorists.. :-)

How computers fail to entice people into being programmers

An old friend of mine from the UK, Steve Usher, has pretty much nailed things with this blog on “Enthusing teen minds: Why today’s computers won’t create tomorrow’s programmers“. He says:

The computers of the early 80s were a blank canvas. You plugged them in, switched them on and (hopefully) the input cursor blinked at you. There was no decoration, no clutter and it was something waiting for YOU to do something to it.

Ah yes, I remember those days, when 3.5KB was a lot of memory! But what about today’s computers ?

They’re immediately brimming full of functionality all vying for your attention, but it’s also incredibly locked down. You can do absolutely anything… ANYTHING as long as it’s what the visionary who steered the programming teams thinks that you should want to do. Woe betide you if you want to do anything different. It’ll either ignore you or give you an unhelpful suggestion in a dialog box. You can be creative, but only in the ways you’re told you can be.

But before us free software types get all puffy and “I told you so”, he points out that things aren’t that much better on our systems with all our SDK’s, IDE’s, toolkits, compilers and interpreters:

It’s like taking a 5 year old into an engineering workshop, sitting him down and then complaining when he doesn’t build a car as he had all the tools available to him to do it and hence it must be his fault.

I’m not as sure that we need to build something new from scratch though, I think it might be more the case that what we need to do is to sort through all the various projects that could fit what he is after and build a distro (of whatever OS) that boots up straight into that application and lets them play with it. Perhaps something like SDLbasic (a BASIC interpreter for game development) might be a good start ?

Portable Hardware Locality (hwloc) Library v1.0 Released

One of the things that us HPC folks tend to get hot under the collar about is hardware locality, basically making sure that your memory accesses are as fast as possible by optimising where on the system you’re getting memory from and making sure your process doesn’t get moved further away. Just binding your processes to the cores they are on can make for a significant speed up so it’s well worth doing. If you’ve just got a single socket, or a pre-Nehalem Intel x86 system then your path to RAM has been pretty much identical wherever you are so the only benefits are from not moving away from your CPU cache lines but on AMD Opteron, Nehalem, Itanic, Alpha, etc you really should care a lot more about locality for best performance.

The open source Torque queuing system (which I help out with) does some of this already, if you compile it with –enable-cpuset and have the /dev/cpuset virtual filesystem mounted then before it starts a job on a node it will create a cpuset for that (based on what cores have been allocated on the node) and then put the HPC processes into that cpuset. If you’re using Open-MPI 1.4.x and have the environment variable OMPI_MCA_orte_process_binding set to core then each of the MPI ranks will bind itself to one of the cores within that cpuset.

All good ? Well not quite as Torque is reliant on /dev/cpuset being there and being able to parse the contents of it and Open-MPI 1.4.x uses the Portable Linux Process Affinity (PLPA) library which, as its name suggests, is only for Linux. So the good Open-MPI people looked at their PLPA library and decided it needed extending and teamed up with the INRIA libtopology team who were working on how you discover the topology of various architectures and decided to merge the two projects together under the banner of the Portable Hardware Locality (hwloc) library.

The Portable Hardware Locality (hwloc) software package provides a portable abstraction (across OS, versions, architectures, …) of the hierarchical topology of modern architectures, including NUMA memory nodes, sockets, shared caches, cores and simultaneous multithreading. It also gathers various system attributes such as cache and memory information. It primarily aims at helping applications with gathering information about modern computing hardware so as to exploit it accordingly and efficiently.

The portable bit of the name comes from the fact that it works on Linux, Solaris, AIX, Darwin, FreeBSD, Tru64, HP-UX and Windows (though with limitations on some architectures – e.g. Windows – which don’t expose all the info it needs) and can extended for other OS’s if people feel they need to scratch that itch (OpenVMS anyone?). This release is also embeddable into projects (such as Open-MPI 1.5) and I have an interest in Torque picking it up to improve and extend its cpuset support.

Microsoft Tried to get Patent Royalties for OpenOffice.org from Sun

In an interesting blog on patents, copying and litigation former Sun CEO Jonathan Schwartz discloses that Bill Gates and Steve Balmer tried to put the frighteners on Sun over OpenOffice.org to try and protect their office application monopoly. Their attack went like this:

“Microsoft owns the office productivity market, and our patents read all over OpenOffice.” [...] “We’re happy to get you under license.”

Of course (as ever) they do not identify any patents, as that would let us fix any problems (if there are actually any), they would much rather weave their usual web of FUD on the matter than come clean. Jonathan’s response turned the issue on them on a different tact:

“We’ve looked at .NET, and you’re trampling all over a huge number of Java patents. So what will you pay us for every copy of Windows?”

That killed that angle of attack off.. :-)

Microsoft Silently Installs Firefox Plugins, Introduces Security Vulnerabilities

Oh joy, Microsoft have managed to introduce security problems into Firefox through a plugin for it that they silently install without your knowledge! :-(

Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App). The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox’s AddOn Manager and disable the WPF plugin.

Mozilla might already have reacted to this, my brother (who alerted me to the above story) said:

Firefox popped up saying it’s blocking 2 Microsoft add-ons so they must be cracking down on them

Dear Microsoft – please do not stuff about with peoples web browsers that don’t belong to you, you’re just not qualified..

Microsoft Hypervisor Code to be Removed from 2.6.33 ?

Chris Smart has pointed out an interesting little titbit in Greg K-H’s “Staging tree status for the .32 kernel merge” blog post:

hv (Microsoft Hyper-V) drivers. Over 200 patches make up the massive cleanup effort needed to just get this code into a semi-sane kernel coding style (someone owes me a bit bottle of rum for that work!) Unfortunately the Microsoft developers seem to have disappeared, and no one is answering my emails. If they do not show back up to claim this driver soon, it will be removed in the 2.6.33 release. So sad…

So after all that hope about MS releasing GPL’d code it turns out to be a one off code dump (presumably to get them out of a license violation hole otherwise they’d be showing more interest) with no intention of doing anything further with it.. :-(

Why Microsoft Got Hammered by the Judge over XML Patent

If you were wondering why the judge came down like a ton of bricks over i4i’s XML patent, then this this is likely the reason:

In a 65-page summary opinion dated Aug. 11, U.S. District Court Judge Leonard Davis said that evidence presented during the May 2009 jury trial showed Microsoft had met with i4i executives as far back as 2001, knew of the firm’s patent for XML editing, and yet did nothing to guarantee that its implementation of “custom” XML would not infringe the i4i patent.

The judge also raises some (what look like to me) anti-trust monopolistic points:

“The trial evidence revealed that Microsoft’s intention to move competitors’ XML products to obsolescence was quite bold,” Davis said in his opinion. During the trial, i4i’s expert testified that 80% of the market for the company’s products was made moot when Microsoft added custom XML capabilities to Word 2003.

Of course you have to hand it to Microsoft for trying it on when attempting to get around the injunction, but the judge caught them again:

“Even after several years of litigation and a jury verdict of infringement, Microsoft requests the ability to continue selling the accused products and release an upcoming product with the same infringing functionality,”

Not to mention that Microsoft would have known of both the patent and the lawsuit whilst successfully railroading OOXML through the ISO standards process in flagrant disregard for the concerns about the format.

Fortunately it’s already been reported that OpenOffice.org ISO standard XML file format ODF is not affected by this patent.

i4i Says XML Patent Doesn’t Affect OpenOffice.org!

Here’s some interesting news from Government Computing (via Groklaw) on the patent that has caused all the worry about Microsoft Word and XML:

i4i said it has looked at OpenOffice and found it doesn’t infringe on its patents.

Which is good news for ODF, but still demonstrates what an utter minefield software patents are. The sooner they’re gone the better.

Microsoft Word Falls Foul of XML Patent

Uh oh, this sounds really bad! LWN is reporting that:

Here is a press release from legal firm McKool Smith, which is quite proud at having gotten a US court to rule that Word violates patent #5,787,499. “Today’s permanent injunction prohibits Microsoft from selling or importing to the United States any Microsoft Word products that have the capability of opening .XML, .DOCX or DOCM files (XML files) containing custom XML.” The text of this patent is quite vague; if it stands it could almost certainly be used to make life difficult for free software as well.

Microsoft taking a beating for this is not something to celebrate, this is yet another example of how software patents are really bad for all the players in computing.

Firefox 3.5 0day Vulnerability

Oh joy, within 24 hours of the MS IE/ActiveX exploit we have a remote vulnerability against Firefox 3.5.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Currently Mozilla have no “known vulnerability” page for Firefox 3.5 security issues, I presume once it’s created it’ll be here.

There is a sample exploit available already, so it’ll be in the wild soon if not already. :-(