Adequacy front page
Stories Diaries Polls Users
Google

Web Adequacy.org
Home About Topics Rejects Abortions
This is an unofficial archive site only. It is no longer maintained. You can not post comments. You can not make an account. Your email will not be read. Please read this page or the footnote if you have questions.
 Microsoft bloat and easter eggs?

 Author:  Topic:  Posted:
Aug 13, 2002
 Comments:
What does Microsoft bloatware have to do with Easter Eggs? Well it's simple. Not only is Microsoft software bloated due to poor programming but it's the result of Microsoft's own developers cramming in half a dozen easter eggs.

You can read about it at osOpinion.com

[Editor's Note by elenchos] Please note that osopinion.com is an anti-Micro-Soft-only site, which does not publish favorable opinions of Micro-Soft or its products. Other than that, I'm sure it is quite reliable. YMMV.

diaries

More diaries by detikon
Trustworthy Computing !?!
Attn: Yoshi
If it ain't broke...break it!
Microsoft gives Korean developers little cause for worry
Microsoft [continues to fight a legal challenge in a consistent manner]
[ I just can't ] stop whining
Analysis of The Beast and a friendlier BG?
What is MS really saying?
When asked about Windows during the antitrust hearing Microsoft co-founder Bill Gates admitted that it had become extremely bloated. He failed to mention why but analysts have come up with their own opinions on the matter. None of which were due to easter eggs. However it seems that due to there ever increasing sizes they have become a factor.

Now if you followed the link above and read the article you may be thinking to yourself...

  • Is this what MS developers do when they should be concentrating on security?
  • How often do they audit their code?
  • What's to stop someone from inserting malicious code?
  • Is this why I pay so much for Windows and MS Office?
  • I know other non-MS software contains EEs but this is rediculous.
  • One more reason why peer review is better as EEs and malicious code can be removed quickly.
  • Is this why security patches takes so long to be released?
  • This is TrustWorthy Computing!?!
  • Now obviously I'm not going to waste time writing out every possible thought you may have. That's what the comments are for.

    Oh if you want to know how to view the "Spy Hunter"-like easter egg in Excel 2000 here you go.

    Boot Excel 2000
    Under file menu, do 'Save as Web Page' Say 'Publish Sheet' and 'Add Interactivity'
    Save to some htm page on your drive.
    Load the htm page with IE. You should have Excel in the middle of the page.
    Scroll to row 2000, column WC. Select row 2000, and tab so that WC is the active column.
    Hold down Shift+Crtl+Alt and click the Office logo in the upper-left.
    If you have DirectX, you will be playing what looks like spy hunter. Use the arrow keys to drive, space to fire, O to drop oil slicks, and when it gets dark, use H for your headlights.


    What are your feelings on sacrifice? (5.00 / 2) (#1)
    by T Reginald Gibbons on Tue Aug 13th, 2002 at 09:37:58 PM PST
    What would you lay down your life for? I think one of the greatest tragedies of the modern world is that we in the West are so caught up in the details of our humdrum existence that we lose sight of the true principles and beliefs that fund our worldview. What sort of people are we if we can think of nothing higher than filling our bellies and pleasing our baser instincts?

    I don't think the modern world has debased us nearly so completely as some people have claimed. I believe that we have been deceived into thinking we are nothing more than the sum of our purchases, or that we are insignificant to the systems that sustain us. I know that people are at heart more noble than that. What parent wouldn't die to protect to save a child?

    I have asked this question of myself many times, and I have a few answers of which I am sure. I would gladly give my life in the defense of my country. I believe in freedom and democracy. I would certainly place myself between my family and anything that threatened it. Beyond that, it gets more difficult. I would consider myself a coward if I was unwilling to risk my life to save another. But would I die to prevent an injustice? How great would the injustice have to be?

    What do you think?


    More Heuristics (none / 0) (#2)
    by Rex Monday on Tue Aug 13th, 2002 at 10:53:02 PM PST
    Whilst I believe that your comment may have been accidentally cross-posted from a quite separate topic, your powerful words echo out like a delicately scented beam of light from a gentle hand. What wisdom there is in such simple thoughts, so simply put! I will instruct my children to remember you and your family in their prayers at this difficult time.


     
    MS-favorable opinions (5.00 / 1) (#3)
    by The Mad Scientist on Wed Aug 14th, 2002 at 12:24:10 AM PST
    Please note that osopinion.com is an anti-Micro-Soft-only site, which does not publish favorable opinions of Micro-Soft or its products.

    If you want MS-favorable opinions, you have to visit Microsoft.com, or other Microsoft-affiliated or sponsored sites.

    They logically don't seem to be anywhere else.


    true (5.00 / 1) (#6)
    by detikon on Wed Aug 14th, 2002 at 11:53:54 AM PST
    It's seems funny that elenchos mentions osOpinion but the link he provided points to TheRegister.

    His note shows that he has never bothered to visit the site other than to read articles linked from this page. Had he, he would have found one title "Good Job, Gates". It seems to contradict his anti-Microsoft only mentality.

    Even some of Microsoft's own partners have links pointing to articles related to the recent investigation by the FTC for consumer fraud regarding their Passport services.

    Funny how you won't find anything related to that at MSN.com or MSNBC. However, it you type in FTC at Microsoft.com you are presented with 2 different stories (among other semi- and non-related articles). One being an article regarding the settlement with the FTC (obviously written by the MS spinmasters and omitting various details) and another anti-Electronic Privacy Information Center (and others referred to solely as EPIC in the request filed). Funny how these seem to contradict one another.

    The first suggests that the report is full of factual errors and misrepresentation. The FTC investigation found otherwise. Of course the writers never fail to mention somewhere in the article...

    "Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device."

    Here's a link to an article regarding the settlement.
    http://osopinion.com/perl/story/18957.html




    Go away or I will replace you with a very small shell script.

     
    Got Bloat? (none / 0) (#4)
    by faustus on Wed Aug 14th, 2002 at 12:31:46 AM PST
    Go download Mozilla. IE sux0rs, Opera rox0rs.

    Drunk on a Tuesday; shouts out to the West Coast.


    --You seem to be suffering from a liberal-arts education.

    or get K-Meleon (none / 0) (#5)
    by Anonymous Reader on Wed Aug 14th, 2002 at 11:19:43 AM PST
    Other than having customizable menus it's basically Mozilla (with an IE skin).

    It's claim to fame is that it's a browser only like Opera rather than a suite like IE/Outlook or Mozilla/Netscape suite (email, html editor, chat).

    So what's the point? I can make Mozilla "browser only" by choosing custom install and unchecking everything except Navigator.


     
    idiot AlCoHoLiC (none / 0) (#13)
    by KingAzzy on Thu Aug 15th, 2002 at 03:54:52 PM PST
    Its thursday and besides you posted on Wednesday so this just proves that you are really drunk!!!


     
    The Real Reason Microsoft Sucks (5.00 / 1) (#7)
    by jvance on Wed Aug 14th, 2002 at 02:01:11 PM PST
    Sir, I read your article with interest. I started Excel 2000 and followed all the steps you outlined. Nothing happened.

    Microsoft's software is so poorly written, not even their easter eggs work!
    --
    Adequacy has turned into a cesspool consisting of ... blubbering, superstitious fools arguing with smug, pseudointellectual assholes. -AR

     
    The Easter Bunny (5.00 / 3) (#8)
    by Hansard on Wed Aug 14th, 2002 at 02:50:49 PM PST
    must be livid.


     
    Righteous! (5.00 / 1) (#9)
    by Anonymous Reader on Wed Aug 14th, 2002 at 03:22:16 PM PST
    Of course, open source software is never bloated.


     
    Easter EGG (5.00 / 1) (#10)
    by tekno23 on Wed Aug 14th, 2002 at 08:15:17 PM PST
    Excel Easter egg caused a fatal exception error in IE, it suggested sending a bug track to MS.


     
    Yes, yes (5.00 / 2) (#11)
    by Icebox on Thu Aug 15th, 2002 at 12:20:37 PM PST
    I agree with you completely. There is a spy hunter like game supposedly hidden in Excel, and that proves that open source software is more secure.

    Never mind that that particular example was known before Office 2000 shipped. I won't bother to mention that you are a little out of line when you assume that the same people who coded the spy hunter egg are the ones responsible for security. This isn't open source, where the only qualifications you need for auditing code for security are free time (read: lack of employment) and a desire to shun human contact. At Microsoft, the security people work on security and the graphics people work on graphics. This is structured so that people are tasked with what they do best. In parts of the world where it matters we call that efficiency.

    Luckily, since Microsoft has security people, instead of Radio Shack employees, working on security, they have provisions against anyone inserting malicious code. When they run across code that does something it shouldn't, like an egg, they contact the people who wrote it. The project manager, security people, and the coder(s) then determine whether then code stays or goes. Every step of the way is taken by trained professionals who have not only gone through a rigorous interview process and skills assessment, but have been subjected to background checks. This attention to detail and level of specialization happens to be why you pay so much for Office and Windows, if indeed you pay. There are talented people who crafted this thing and they didn't do it for nothing. Why would anyone expect them to have done so?

    Consider the alternative: You could use Open Source software. The haphazard and uncoordinated peer review process might save you. The person 'managing' the project is, I'm sure, a stand up guy. Or maybe not, but who cares? The software is free and the source code is right there in front of you if you have scads of free time to bother looking at it. Or just rely on the community to do that for you. I myself have infinite trust for the typical Open Source cheer-boy. He probably doesn't have a lot going on at the moment, and his mom's basement is a great place to audit code as long as his alcoholic stepdad doesn't come down there.

    Yeah, lets all use software written by people we don't know, have never met, and never will unless we answer an "A/S/L?" in a Yahoo chat room with "14/M/X" where X is somewhere within range of a 1982 Chevette with 1/4 tank of gas from the basement where that particular Open Source developer is auditing code. He'll be available. That code audit has no deadline. So what if it did, he can't exactly be fired. Relative to a multi-million dollar international corporation, that actually has something to lose if they put out a substandard product and at least certifies their product's fitness for use, that seems like a great option.

    You go ahead and take it, then report back. If in 5 years you aren't a bitter, deluded, malcontent who spends most of his time failing to convince others they can help him topple the giant if they will only devote themselves to the continual tweaking of some ramshackle heap of software, I'll try it myself.


    so let me get this straight (3.66 / 3) (#12)
    by detikon on Thu Aug 15th, 2002 at 03:20:01 PM PST
    I won't bother to mention that you are a little out of line when you assume that the same people who coded the spy hunter egg are the ones responsible for security.

    Where did I or anyone else mention anything like this? However, those responsible for reviewing the code and check for security holes obviously missed a big thing like a game.

    Every step of the way is taken by trained professionals who have not only gone through a rigorous interview process and skills assessment, but have been subjected to background checks.

    Obviously they don't get paid very well as the number of problems and patches as well as the time taken to fix them (this year alone) is much higher than say Red Hat. So this attention to detail must not be that good.

    This attention to detail and level of specialization happens to be why you pay so much for Office and Windows, if indeed you pay.

    No I didn't pay. Well at least not the full price for Windows. I simply paid the Microsoft tax on a very nice system. Since MS doen't exactly have uniformed licensing "yet" the cost of Windows on each system varies. As for Office I simply use the version of Works and Word that came with it. I don't need all the extra features and bloat associated with MS Office.

    The project manager, security people, and the coder(s) then determine whether then code stays or goes.

    Someone's been sleeping on the job. Letting easter eggs through this big isn't a good idea as it raises too many questions. Just what would happen if someone along the line inserted an easter egg that crashed the entire network? Those responsible for audtiting the code wouldn't find it. Also I hope you are aware but Easter Egg's are frowned upon. Developer's aren't supposed to stick them in but do anyway.

    He probably doesn't have a lot going on at the moment, and his mom's basement is a great place to audit code as long as his alcoholic stepdad doesn't come down there.

    Either that or it's part of his job working at companies like IBM or Johnny Come Lately's like HP-Compaq, Sun, etc. Let's not also forget about SuSE which is known as one of the biggest contributors to OSS and has "one of the largest" development teams in the world (next to the multi-billion dollar IBM Linux Labs).

    Yeah, lets all use software written by people we don't know, have never met, and never will unless we answer an "A/S/L?" in a Yahoo chat room

    Have you ever met Bill Gates or any other employees at Microsoft? Did you know that MS looks not only to Universities but High Schools as well? Would it surprise you to know that MS employs kids as young as 13 who aren't even out of High School?

    Relative to a multi-million dollar international corporation, that actually has something to lose if they put out a substandard product and at least certifies their product's fitness for use, that seems like a great option.

    I'm not even gonna touch that one

    You go ahead and take it, then report back. If in 5 years you aren't a bitter, deluded, malcontent who spends most of his time failing to convince others they can help him topple the giant if they will only devote themselves to the continual tweaking of some ramshackle heap of software, I'll try it myself.

    I'm wondering what the turn over rate at Microsoft is.




    Go away or I will replace you with a very small shell script.

    +5, Point by Point Rebuttal[n/t] (none / 0) (#15)
    by jvance on Thu Aug 15th, 2002 at 10:17:32 PM PST

    --
    Adequacy has turned into a cesspool consisting of ... blubbering, superstitious fools arguing with smug, pseudointellectual assholes. -AR

    You sir (none / 0) (#18)
    by First Incision on Fri Aug 16th, 2002 at 07:29:58 AM PST
    Are some sort of RobotMaster.

    +1 Point by point rebuttal.
    _
    _
    Do you suffer from late-night hacking? Ask your doctor about Protonix.

     
    You Sure are Thick (3.00 / 2) (#17)
    by Icebox on Fri Aug 16th, 2002 at 06:54:16 AM PST
    You continue to labor under the mistaken impression that security auditors at Microsoft were unaware of the spy hunter egg before Office 2000 shipped. Let me make this perfectly clear:

    They knew about it.

    The project manager approved allowing it to stay.


    I cannot simplify this any further. If you still fail to understand I do not think that anything more can be done for you. The very fact that no malicious code has ever been added to a final version of a Microsoft product should serve as proof that the code is audited well, and that the security folks are of excellent quality. By your logic we should all have fallen prey to a covert easter egg hacker. Billions of lines of Microsoft code are at this very moment running on nearly every PC on earth, surely if there was a security problem as grave as the one you are inventing we would have seen your bretheren using their 'sploits to force all of that code to come to a grinding halt. As a former employee of that wonderful company I can assure you that there have been additions to the code base of some products that were deemed unacceptable and were thus removed.

    I have been thinking about this cultural phenomenon of Open Source evangelism. Do you think that employees of establishments such as Jack-in-the-Box hamburger stands discuss among themselves the inevitable downfall of McDonalds? Do you think they say things like "The next version of this bacon cheeseburger will be the nail in McDonalds' coffin!"

    It would be funny if this were true.


    Ummm... (5.00 / 1) (#19)
    by The Mad Scientist on Fri Aug 16th, 2002 at 07:48:48 AM PST
    Were they also aware about the HTTPS certificate checking problems? Were they aware about the messaging API vulnerabilities?

    ...that no malicious code has ever been added to a final version of a Microsoft product...

    What about the NSA Key controversy?

    ...that the code is audited well, and that the security folks are of excellent quality.

    So why BugTraq had to split off NT-BugTraq? Why there have to be two mailing lists - one for Windows problems, the other one for everything else?

    ...there have been additions to the code base of some products that were deemed unacceptable and were thus removed.

    Why? Because of increasing interoperability with non-M$ products, threatening the M$ hegemony?

    Or do you talk about The Paperclip?


    Lets stay on topic here (none / 0) (#20)
    by Icebox on Fri Aug 16th, 2002 at 11:42:03 AM PST
    This 'NSA Key controversy' thing is merely hysteria fanned by the Open Source community. Read the details of the thing, Microsoft has provided an explanation.

    As for BugTraq, a bug is not the same thing as the covert inclusion of malicious code by one of the programmers. Easter eggs are the topic at hand, please try to discuss those.

    If you would like an answer to why BugTraq split, it is obviously due to the popularity of the Windows NT series of OSs. When you have that many NT machines running there is no doubt going to be higher demand for NT related information, relative to other operating systems that hold only a pittance of market share.


    Yes, let's remain on-topic here. (none / 0) (#21)
    by because it isnt on Fri Aug 16th, 2002 at 12:25:11 PM PST
    Why don't we talk about Microsoft's special password for interaction between Microsoft Front Page and Microsoft Information Internet Server -- "Netscape engineers are weenies!"? This Easter Egg, when typed backwards to an IIS server on the internet, allowed the typer to change any file whatsoever on the IIS server, no matter what permissions that file had been set up with.

    The resultant defacing and trojaning of millions of IIS servers by script kiddies using this Egg cost American businesses billions of dollars. It is unlikely that this scenario had occured to Microsoft engineers in their code review of the Egg's code. Obviously the original programmer did not think this feature could be used maliciously, and neither did any of his peers.

    What this episode shows is that Microsoft engineers are blatantly incompetent, and could not find a security flaw even if it jumped out at them and shouted "I'm Microsoft Windows XP™'s Plug-and-Play feature!"

    As it is obvious that Microsoft employees cannot be relied upon to audit their own code, I propose two potential remedies:
    1. Microsoft must 'open-source' the source codes to all their current market products, so that the greater community of Microsoft software users can examine the source for security flaws. Microsoft need not fear rival companies stealing their intellectual property, as the source code is written in Hungarian notation C++ and is therefore completely unreadable.
    2. Microsoft invite a genuine (i.e. not a Microsoft employee) computer security expert to every single code review they hold.

    adequacy.org -- because it isn't

    Lets also avoid lying (none / 0) (#22)
    by Icebox on Fri Aug 16th, 2002 at 02:19:28 PM PST
    Of course the particular password to which you are referring didn't cost anyone anything and didn't result in any web sites being defaced.

    The problem was discovered and published by Microsoft 5 years after the version of IIS in which it appeared was released. Considering the relentless advances in features and functionality that Microsoft products offer, I'm sure that almost everyone everywhere had upgraded to newer versions that were not affected.

    Again, this does not qualify as an Easter Egg. While it may not be a widespread practice in the Open Source community, in a world where millions of dollars ride on the proper functioning of computer equipment it is generally expected that when one computer or program communicates with another computer or program, some sort of authentication will take place to verify that the communication can be trusted. There had to be a password of some sort. Just because Microsoft's engineers chose something mildly amusing doesn't make this an easter egg.

    Please cease the practice of trotting out commonplace bugs and verbally painting them up to look like eggs. They are not. We could all waste our time flailing our arms about every little bug that has been discovered in various software. For every one that you people mention in a Microsoft product, I could find one in an open source copy of that product. (Don't you wish the same were true for features?)


    Do as I say, not as I do. (none / 0) (#23)
    by because it isnt on Fri Aug 16th, 2002 at 05:14:19 PM PST
    If you would like an answer to why BugTraq split, it is obviously due to the popularity of the Windows NT series of OSs.

    Let us avoid lying, Icebox. Lying is bad. People who lie are evil scummy scum-people, you see? We simply cannot accept liars around these parts.

    some sort of authentication

    Usually known as a 'password', or a 'key'. Interestingly enough, most security engineers realise that using the same key across all installations of a system is incredibly insecure. Hence people urging Oracle and Microsoft to force people to set a DBA password upon installing their database products, and to never allow for a 'default' password.

    It is even more insecure if a password/key in not alterable. In fact, if something is encoded and decoded the same way each time with the same key, then it is no more secure than an unencoded form. There is no point in having such encoding. It is a waste of disk space and execution time.
    adequacy.org -- because it isn't

    Force people? (none / 0) (#27)
    by Icebox on Sat Aug 17th, 2002 at 12:45:54 PM PST
    I don't think that it is ever a good idea for a computer program to force anyone to do anything. I like to have choice in my life. I like to choose what I do and when I do it, what I buy, where I go. I have absolutely no interest in having anyone force me to do something, but maybe you do. If so, stick with software that leads you along by the hand by forcing you do to the things that its developers expect you should do.




    Canonical libertarian whiner. (5.00 / 1) (#28)
    by because it isnt on Sat Aug 17th, 2002 at 01:20:49 PM PST
    It's the "me" generation, isn't it? Fucking mewling brats with their "Why should I?" and "Don't want to!". What they really need is a smack around the ear. Drive at the posted speed limits. Don't kill people. Pay your taxes. Form an orderly line. Choose strong passwords. There, that wasn't so hard, was it?
    adequacy.org -- because it isn't

     
    Confidential to Mr. Scientist: (none / 0) (#34)
    by Anonymous Reader on Sun Aug 18th, 2002 at 05:13:19 AM PST
    You are finished, here.

    Go find another sandbox to pee in.


     
    Force people. (none / 0) (#37)
    by Anonymous Reader on Sun Aug 18th, 2002 at 05:54:50 AM PST
    People are unbelievably lax with security. If the choice is left to them, they will invariably pick their first name, the name of their dog, their phone number, or a word like "secret".

    If your machine stays vulnerable, it poses danger for me as it can be used as an attack proxy, DDoS attack node, or a worm breeding station. So I have no objection against the machine choosing a strong password for you.

    If the choice will be left on you, you will pick the password that any decent bruteforce program cracks in minutes.


     
    Let's be fair. (none / 0) (#26)
    by The Mad Scientist on Sat Aug 17th, 2002 at 04:25:06 AM PST
    Let's not tarnish the idea of easter eggs. The "Netscape-weenie" problem wasn't an Easter egg, but a regular backdoor.

    Still, the comment is on-topic, as the thread, as I understand it, is about sloppy code review - so common in the corporate world.

    To the problematics of hardcoded passwords: this practice belongs to the group of the biggest security holes. I also don't think the users should be given the freedom of choosing their passwords - the important passwords have to be machine-generated according to some cryptographically secure algorithm. I successfully managed to break into one local website, just by trying a common local name as both the username and the password - on the first attempt.

    The only thing worse than insecurity is false security.


    I agree (none / 0) (#30)
    by detikon on Sat Aug 17th, 2002 at 03:43:14 PM PST
    However, not completely. If you are going to allow a user to set his/her own password you need to set up restrictions and enfoce policies.

  • Select the option which prevent the user from using the same password more than once.
  • Check the option which forces the user to choose an alpha-numeric password (letters and numbers) and even insert special characters (ie $ can be used instead of S)
  • Check the option to force the user to change their password, but not so often that they forget it the next day.
  • Force them to use a minimum number of characters thus preventing them from leaving the field blank as well.
  • If possible select the option(s) which prevents them from using their name or including their name in their password.
  • Enforce strict policies informing users the potential risk of choosing weak passwords.

    Yes users are generally nimrods when it comes to security. That's why social engineering is still the best way to break security. You could include a link that reads "Click Here! It's a ViRuS." and nearly half will click the link.




    Go away or I will replace you with a very small shell script.

  • Let's test this theory. (5.00 / 1) (#31)
    by because it isnt on Sat Aug 17th, 2002 at 04:24:19 PM PST
    Click Here! It's a ViRuS.

    Now, did you click on that link?
     YES          |          NO 

    adequacy.org -- because it isn't

     
    The most embarrassing thing ESR ever did (none / 0) (#32)
    by Anonymous Reader on Sun Aug 18th, 2002 at 03:32:48 AM PST
    On slashdot, anyway, was claiming that the netscape-weenies thing was a backdoor. It was never an exploitable vulnerability. It wasn't a password. It was just a constant used in the encryption of sensitive data, such as passwords. I don't recall the exact details, other than that there was no straightforward way that this could have been used to break security. It should have been changed prior to releasing the product, but no damage was done by leaving it as it was. It was no more a hardcoded password than the various constant values in MD5 are backdoor passwords. You're all FUD, in other words.


    Joke: (none / 0) (#33)
    by because it isnt on Sun Aug 18th, 2002 at 04:52:49 AM PST
    What's the difference between Bill Gates and Eric S. Raymond?

    Bill Gates knows he's lying.
    adequacy.org -- because it isn't

     
    Bzzzzzzzzzt - wrong! (none / 0) (#35)
    by The Mad Scientist on Sun Aug 18th, 2002 at 05:24:01 AM PST
    More details, including exploit code, can be found here, by Rain Forest Puppy. This should be enough to convince skeptics that it really is a functional backdoor.

    History of the case here.

    Microsoft admits it.

    Enough, boy?


    No, you're incompetent (none / 0) (#40)
    by Anonymous Reader on Sun Aug 18th, 2002 at 04:23:35 PM PST
    The phrase, "netscapeusersareweenies" was not and is not a backdoor. It was found in some unsecure code, but it is not related to the vulnerability. What's more, it isn't even a remotely interesting vulnerability. One of your sources is based on the confusion that surrounded the event when it happened. The first and second ones are just idiotic. Why not read detikon's linked osopinion article, which supports my view, and is current.

    Some day that guy is going to implement MD5 and claim he can crack unix passwords. You'll believe him, too.

    (PS. You know dick all about encryption. I'd be embarrassed to be you.)


    Ummm... really? (none / 0) (#41)
    by The Mad Scientist on Sun Aug 18th, 2002 at 05:36:24 PM PST
    The phrase, "netscapeusersareweenies" was not and is not a backdoor. It was found in some unsecure code, but it is not related to the vulnerability.

    Check the exploit code. Check my second link, which provides a good insight to the terminological arguments. It's long, but worth of the time. Read it; maybe you will not look so stupid then.

    Why not read detikon's linked osopinion article, which supports my view, and is current.

    Supports your view? Could you clarify where?

    Some day that guy is going to implement MD5 and claim he can crack unix passwords. You'll believe him, too.

    If you mean the brute-force password cracking, it is quite easy (just eating time if the password isn't a dictionary word).

    (PS. You know dick all about encryption. I'd be embarrassed to be you.)

    I can't measure myself with people like Bruce Schneier (Mr. Schneier for you). But I know enough to see you are trying to hide your inadequacy behind bluffing. Or can you support your claims with some references?


    Schneier? Bwahahaha! (none / 0) (#42)
    by Anonymous Reader on Mon Aug 19th, 2002 at 12:22:12 AM PST
    Now I know you know nothing about crypto. Schneier is a lightweight. When he wrote Applied Cryptography, he knew absolutely nothing. It's cobbled together from bits and pieces he got from real cryptographers at conferences. Almost all the code in the book was given to him by other people. By all means, compare yourself to your Mr. Schneier. Lightweight.


    Coward. (none / 0) (#43)
    by The Mad Scientist on Mon Aug 19th, 2002 at 02:21:53 AM PST
    It's so easy to lob unbacked claims as an AR. (Seems RobotSlavosis is contagious.)

    Until you will bring something better to the discussion than mere claims, I have to consider you irrelevant. (And, worse, uninteresting.)


    Who's the coward here? (none / 0) (#46)
    by Anonymous Reader on Mon Aug 19th, 2002 at 12:41:35 PM PST
    Go on. What's *your* name, then?


     
    So, (none / 0) (#44)
    by Anonymous Reader on Mon Aug 19th, 2002 at 05:09:53 AM PST
    which two block ciphers are the ones that you wrote, RobotSlave?

    Did you submit either of them for AES inclusion?

    Do you need a job? My fan is broken, and I need something to blow lots of air around my room.
    adequacy.org -- because it isn't


     
    What? Who? (none / 0) (#45)
    by RobotSlave on Mon Aug 19th, 2002 at 12:37:39 PM PST
    Dear Mr. Isnt:

    Your paranoia has gotten the better of you. I didn't have anything to do with this.

    I must say, though, that your puppy-like devotion to Mr. Scientist is very cute. I like to think of Adequacy as a place for love, and nothing says "love" like a big, sloppy crush.


    © 2002, RobotSlave. You may not reproduce this material, in whole or in part, without written permission of the owner.

    Darling RobotSlave, (none / 0) (#47)
    by because it isnt on Mon Aug 19th, 2002 at 03:39:04 PM PST
    you mean to say there are spineless cowards besides yourself that are trying to wind up poor old Karel? Of course, they have to be ARs. Nothing quite like prodding fingers in the blacked out room, eh? Velvet shoes and blindfolds, I shouldn't wonder.
    adequacy.org -- because it isn't

     
    it is on topic nimrod (none / 0) (#24)
    by detikon on Fri Aug 16th, 2002 at 06:53:37 PM PST
    Mad Scientist is basically stating that those responsible for reviewing the code are "asleep at the wheel".

    The fact that they are able to miss these bugs shows that they could very well miss an easter egg. Hell the line "Netscape programmers are weenies" wasn't even contain in an easter egg. It was in plain view.

    You seem to believe that malicious code somehow needs to be HUGE and code easily be spotted. You think that if they missed numerous bugs, and something like a slanderous message direct at Netscape programmers in plain view they would pass over malicious code?

    Time and time again it's bee proven that MS security experts are (according to because it isn't) blatantly incompetent. Have you read some of the bullshit bullitens? Obviously not when you consider they continually write off security threats and label them low-level when outside research claim otherwise. Hell read this latest report from TheRegister. It's a real fucking laugh.




    Go away or I will replace you with a very small shell script.

    Again and again (none / 0) (#39)
    by Icebox on Sun Aug 18th, 2002 at 09:34:01 AM PST
    Maybe it is an inescapable problem for you, I don't know. It could be that the same genetic code that causes a person to launch into hysterics at the mention of a computer software company also causes that person to continue to believe that his assumptions are correct, despite all evidence to the contrary.

    I should have expected this. You are the same people who chose a blue wildebeest as the mascot of an organization named GNU.


     
    one small correction... (none / 0) (#14)
    by Anonymous Reader on Thu Aug 15th, 2002 at 09:52:19 PM PST
    You said: "Relative to a multi-million dollar international corporation, that actually has something to lose if they put out a substandard product and at least certifies their product's fitness for use..."

    Not true. You obviously haven't read the EULA that came with your "certified" software. I have yet to read one EULA that does not disclaim liability, including "fitness for a particular purpose".

    The rest of your article was an amusing read, but I rate it "flamebait", maybe "obvious troll". And Microsoft is a multi-billion dollar company, and not quite international.

    *bzzzt* You lose! But thanks for playing.


    no kidding (none / 0) (#16)
    by detikon on Thu Aug 15th, 2002 at 10:29:30 PM PST
    Next time you run Windows Update read the EULA. Microsoft cannot be held liable if the patch completely hoses your system.

    Then you have their SP3 (W2K) and SP1 (XP) which gives Microsoft root access to your box (and gives them the right to share information about you). If however, someone "else" gains access to your box because of the little backdoor you can't bitch to MS.




    Go away or I will replace you with a very small shell script.

     
    I despair. (none / 0) (#25)
    by Anonymous Reader on Fri Aug 16th, 2002 at 07:38:11 PM PST
    Good news: if it weren't for software bugs, the computers would rule over us in a symbiotic relationship with the geeks. Bad news: the fact that I squandered half an hour of my precious time to post this insightful comment in your diary means the geeks are halfway there.

    It started with the little things - the Dekiton units' corruption of language with doctrines of freedom for the machine - and will eventually work its way up until every facet of our lives can be manipulated in Perl. Perhaps Man will reclaim Humanity one day, but I'm not optimistic.

    A spectre is haunting Europe, Asia, Africa, Australia, North and South America.


     

    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ® 2001, 2002, 2003 Adequacy.org. The Adequacy.org name, logo, symbol, and taglines "News for Grown-Ups", "Most Controversial Site on the Internet", "Linux Zealot", and "He just loves Open Source Software", and the RGB color value: D7D7D7 are trademarks of Adequacy.org. No part of this site may be republished or reproduced in whatever form without prior written permission by Adequacy.org and, if and when applicable, prior written permission by the contributing author(s), artist(s), or user(s). Any inquiries are directed to legal@adequacy.org.