Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft, zlib, and Security Flaws

timothy posted more than 12 years ago | from the not-the-security-initiative-we-had-in-mind dept.

Security 497

nakhla writes: "News.com is reporting that Microsoft's use of code from the open-source zlib library has led to possible security problems. The flaws in zlib were reported recently, and apply to several key Microsoft technologies, such as DirectX, Front Page, Install Shield, Office, and Internet Explorer. The article also mentions how this is not Microsoft's first use of open-source code in its software, but does point out that since zlib is not GPL'd they are under no obligation to release the source code to any of their products."

cancel ×

497 comments

Sorry! There are no comments related to the filter you selected.

zlib (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3164647)

how does this compare with Apple's use of GPL code in Darwin? i mean, is zlib used at a low-level, or is it part of MFC?

Re:zlib (-1)

real_b0fh (557599) | more than 12 years ago | (#3164702)

who cares.

all that matters is that there are big service packs comin. haha

BSD is dying (-1, Offtopic)

Pi3.142 (538027) | more than 12 years ago | (#3164651)

* Important Stuff: Please try to keep posts on topic. * Try to reply to other people comments instead of starting new threads. * Read other people's messages before posting your own to avoid simply duplicating what has already been said. * Use a clear subject that describes what your message is about. * Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated.

Re:BSD is dying (1)

toby w (544933) | more than 12 years ago | (#3164679)

what?

whoah! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3164661)

big HP advert in a box! it's happened!

Seriously? Microsoft use open source code? (0)

bytes256 (519140) | more than 12 years ago | (#3164667)

Where do ya think their tcp/ip stack came from...might be BSD...hmmm

Re:Seriously? Microsoft use open source code? (1)

ZaneMcAuley (266747) | more than 12 years ago | (#3164682)

Whoops, considering they advise not even reading open source for risk of integration of the code into their codebase and risking breach of the license.

Re:Seriously? Microsoft use open source code? (1)

1g$man (221286) | more than 12 years ago | (#3164694)

Wrong. They advise not reading GPL code, not open source code.

That is quite a big difference.

Re:Seriously? Microsoft use open source code? (1)

ZaneMcAuley (266747) | more than 12 years ago | (#3164749)

Either way, browsing other competitor products code whether its free, open GPL or whatever is gonna be risky for a business in legal terms.

Re:Seriously? Microsoft use open source code? (-1)

l33t j03 (222209) | more than 12 years ago | (#3164800)

So who do you figure will take Microsoft to court?

I'd really like to see Microsoft as the defendant in the first GPL case, that'd be a blast. I'd buy a ticket.

Re:Seriously? Microsoft use open source code? (1)

ichimunki (194887) | more than 12 years ago | (#3164853)

Why? Unless you incorporate it wholesale or re-use a patented algorithm, you do have Fair Use rights under existing copyright law.

Re:Seriously? Microsoft use open source code? (1, Interesting)

Anonymous Coward | more than 12 years ago | (#3164855)

Why?

Unless it's GPL infected it's not illegal to incorporate it.

Plus, once the copyright-abolish fanatics have had their way, all the GPL licensed code (which is all protected by legal structures based on copyright law) will fall into Public Domain anyway.

Re:Seriously? Microsoft use open source code? (4, Informative)

leviramsey (248057) | more than 12 years ago | (#3164865)

Either way, browsing other competitor products code whether its free, open GPL or whatever is gonna be risky for a business in legal terms.

How is reading, even verbatim copying, of BSD-licensed code risky in legal terms. The license explicitly allows incorporation into any type of software (commercial, open, or free). Microsoft could put out their own version of one of the *BSDs, with the only difference from it's base BSD being having the Windows GUI grafted on top of it and no source included.

The relevant passage in the BSD license (from http://www.freebsd.org/copyright/license.html ):

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

All advertising materials mentioning features or use of this software must display the following acknowledgement:

[ACKNOWLEDGEMENT DELETED FOR BREVITY --LR]

There are licenses that are the BSD license, less the advertising clause (it is the advertising clause that prevents BSD from being a free license according to the FSF), such as the MIT license. These licenses are the freest of all the licenses (short of public domain).

Re:Seriously? Microsoft use open source code? (0)

bytes256 (519140) | more than 12 years ago | (#3164769)

Richard Stallman? Dick, is that you?

Re:Seriously? Microsoft use open source code? (1)

T5 (308759) | more than 12 years ago | (#3164687)

No way. M$'s doesn't perform well enough to have come from BSD.

Re:Seriously? Microsoft use open source code? (1)

Axe (11122) | more than 12 years ago | (#3164689)

It seems to be not the cae since Windows 2000 - did not they redo the stack for it? Am I right?

Re:Seriously? Microsoft use open source code? (2, Interesting)

Jinky (565098) | more than 12 years ago | (#3164725)

You'd be right :), starting with Win2k, and in WinXP, they're using basically Unix TCP/IP sockets. Must admit that it does work much better than Win9x for network connectivity.

Re:Seriously? Microsoft use open source code? (2)

larien (5608) | more than 12 years ago | (#3164724)

I get the impression that 90% of the world's operating systems (including Windows and commerical versions of Unix) use some code from the BSD TCP/IP stack. Of course, the BSD license is more forgiving than the GPL regarding source code, this isn't a license violation.

Of course, having everything derive code from the same source is a risk; isn't this part of the reason the ping of death was so much of an issue?

Re:Seriously? Microsoft use open source code? (2, Insightful)

axlrosen (88070) | more than 12 years ago | (#3164755)

Of course, having everything derive code from the same source is a risk

Depends on how you look at it. If there were N completely independent TCP/IP implementations out there, wouldn't there be N times as many bugs (each one affecting 1/N as many systems, on average). Homogeneity means only one codebase to debug and fix. But of course when a bug is found, it affects everyone.

Re:Seriously? Microsoft use open source code? (0)

Anonymous Coward | more than 12 years ago | (#3164838)

This is particularly critical with something like the TCP/IP stack. Everybody using a stack derived from a common code base means both sides of the interface on many connections, even on different platforms, are based on the same data structures, etc. This is a good thing, no matter how the Linux folk (Linus arbitrarily decided at one point 'he didn't like the Berkeley stack' so they used some other code instead) try to spin it.

Re:Seriously? Microsoft use open source code? (1, Interesting)

Anonymous Coward | more than 12 years ago | (#3164815)

I've seen this so often that it's worth a comment.

The TCP/IP code in Windows NT is streams based - it was written originally by Spider Software in Edinburgh. It's a clean room implementation that does not have any BSD code in it (I know the original architect of it). And it isn't derived from the original Unix streams code - even the underlying streams layer was written from scratch. The same code is in use by many OEM's in embedded devices etc.

Re:Seriously? Microsoft use open source code? (0)

King of the World (212739) | more than 12 years ago | (#3164839)

You sound authoritive. Any links for proof?

Re:Seriously? Microsoft use open source code? (1, Funny)

Anonymous Coward | more than 12 years ago | (#3164869)

A guy with the email address 'fake@nospam.org' is challanging someone else's credentials??

heh

Re:Seriously? Microsoft use open source code? (2, Informative)

DA-MAN (17442) | more than 12 years ago | (#3164799)

And Windriver or whoever controlled BSDI at the time made some serious cash in that deal. They got paid to make the tcp/ip stack work well in 2000/XP and they've done a good job of it.

I just wonder if Microsoft was able to taint some of the BSD coders by allowing them to view their code. I'm sure integrating something like a TCP/IP stack required access to some 2000/XP src code. Anyone know?

Just waiting for the press release... (4, Funny)

Nonesuch (90847) | more than 12 years ago | (#3164673)

Any bets on how long before Microsoft issues a press release noting that this is yet another risk of using evil open source and open standards?

Re:Just waiting for the press release... (4, Interesting)

Mr Windows (91218) | more than 12 years ago | (#3164720)

ISTR that MS are nominally in favour of open source, as long as it's not that nasty cancerous GPL open source. Now we see why: if they can use others' work without having to reciprocate, it makes life better for them (in the short term, that it).

Of course, if zlib had been GPL, they couldn't (legally...) have used it without releasing their source, and in this case, they might have avoided the security risks: either non-use of zlib (not affected by this vulnerability) or use of zlib + release of code (easy and quick for anyone to release a patch, instead of having to wait for the "official" version with all it's "added extras").

Re:Just waiting for the press release... (0, Troll)

edrugtrader (442064) | more than 12 years ago | (#3164730)

actually i'm waiting for all the open source hypocrits to issue a press release noting that this is yet another risk of using microsoft products

Re:Just waiting for the press release... (1)

Mr Windows (91218) | more than 12 years ago | (#3164768)

There is the extra risk of using a proprietry product which incorporates OS products. I've fixed (nearly...) all the software on my machine that uses zlib, because it's OS, and I can do it/use someone else's patch and check that it's been done.

How long will we have to wait for a "patch" from MS, and how will we know that it does exactly what it says on the tin? ISTR that the DCMA (if that's the correct acronym) would prevent people in the US reverse engineering any patch to verify that it works, so it's down to testing (insert comment about testing not showing the absence of bugs).

Re:Just waiting for the press release... (0, Troll)

Ooblek (544753) | more than 12 years ago | (#3164876)

Oh please, so its an OS originated bug and now people are already criticizing Microsoft about it. What do you think they are going to do? Release a patch that does nothing just for the fun of it?

I don't think Microsoft could ever look good, not matter if the bug is theirs or not. Hell, the next bug found in any OS software should be blamed on Microsoft. Just because they're there.

Re:Just waiting for the press release... (3, Insightful)

jmu1 (183541) | more than 12 years ago | (#3164779)

I'll bite, but only for a nibble.

The way I see it, Microsoft can't complain b/c zlib will have a fix LONG before they have even thought about patching. They won't have to do near as much work to find the fix... they'll just rebuild.

Point: Open Source. (0)

metacell (523607) | more than 12 years ago | (#3164747)

No... Microsoft will, of course, apply the open source patch to it's zlib package and recompile, thus demonstrating the viability of the open source approach to security (keep the system open, so anyone can patch the security holes, instead of keeping it closed, hoping that nobody will discover the security holes that are inevitably there).

And Open Source scores one point.

Re:Point: Open Source. (-1)

l33t j03 (222209) | more than 12 years ago | (#3164816)

Too bad you haven't scored any dollars. Or market share. Or women.

Re:Just waiting for the press release... (1)

gr3g (119302) | more than 12 years ago | (#3164774)

Well then what are we are waiting for? GPL zlib 1.4.4 (is that the right number?) and then if M$ wants to upgrade we will have them! of course this won't work, oh well.

Re:Just waiting for the press release... (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3164776)

It's very interesting...I was talking with the CTO of a company that is partnered with MS and he said in their agreement it says they can't use any OpenSource code in their products. Strange that MS doesn't practice the same.

Oh well .NET is looking quite cool...sad to say it but Linux is dying largely because Java is taking a backseat to this .NET stuff.

Re:Just waiting for the press release... (1)

graystar (223824) | more than 12 years ago | (#3164806)

Except they used it. So if they use evil and risky open source software why did they do it?

they use open source BECAUSE (1)

filbert009 (564686) | more than 12 years ago | (#3164848)

1. It was already written and IMHO they are too cheap to write thier own software 2. read #1 over and over ALSO they used it extensivly so if they patch.... look for TONS of new "feature/bug/phone home style apps to be inserted"

I'm not sure I understand... (0, Troll)

YoPt (172577) | more than 12 years ago | (#3164677)

the real implications behind. I'll proabbly be flamed for just looking for info, but how does this change anything that we have known about MS software being insecure?

Insecurity. (-1, Troll)

metacell (523607) | more than 12 years ago | (#3164812)

I don't think the point of the article is that Microsoft is insecure ('cept about keeping their market share, of course :). I think it was interesting that Microsoft used open source code in software they sell externally. I didn't know that before. It was also interesting that security flaws in Microsoft products was caused by open source code. Kind of turns the tables on those geeks. (Wait... what site am I at? Oh, Slashdot! Damn...)^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^HKind of turns the tables on those Microsofties, doesn't it? And then comes the interesting question: what will they do about it? Apply the open source patch within 24 hrs, and admit that open source gets fixed damn fast, then hang their head in shame waiting week after week for the patch to reach out to all the end-users. Muahahahhahaha... So, I dissed Microsoft. Do I get my Karma now?

Darn! (1, Flamebait)

sysrequest (325177) | more than 12 years ago | (#3164678)

"[...]but does point out that since zlib is not GPL'd they are under no obligation to release the source code to any of their products."


Darn, and I thought they were caught with their pants down.

But to me it still is interesting that a company that is trying to stomp every competitor, and is spreading so much FUD about any sort of free or open software is using it themselves. (We all knew that, I just thought I'd emphasize it again.)

Re:Darn! (2, Informative)

danheskett (178529) | more than 12 years ago | (#3164748)

Microsoft doesnt hate Open Source; they give away a bunch of source to a bunch of stuff (though nothing really good).


Its actually the GPL they hate. And this code wasnt GPl'd, so they dont hate it.

Re:Darn! (-1)

October_30th (531777) | more than 12 years ago | (#3164823)

That's like saying that Microsoft doesn't hate the free market economy. They just hate a free market economy where they can't abuse their monopoly status.

... pants on fire! (0)

metacell (523607) | more than 12 years ago | (#3164852)

""[...]but does point out that since zlib is not GPL'd they are under no obligation to release the source code to any of their products.""

"Darn, and I thought they were caught with their pants down."

Hey, that's a great idea. Find a way to sneak GPL'd code into, say, MFC, without Microsoft knowing it, then go to court to make them release all their software as Open Source.

Microsoft will, of course, apply all the delaying tactics they can... which gives us time to patch and rerelease Windows NT, IE and SQL server while the legal grinds are churning.

It just might work!

If we can't see MS's source (1, Offtopic)

darnellmc (524699) | more than 12 years ago | (#3164700)

How do we know they never used GPL'ed code anywhere?

Re:If we can't see MS's source (0)

Anonymous Coward | more than 12 years ago | (#3164733)

You don't, and you never will know.

That's one of the neat things about GPL'd code. It can't just be pulled in fullcloth and made something you sell, but you can easily incorporate parts of it, after scrubbing off mention of the GPL, that copying.txt file, and doing some global search-and-replace on some trivial structures. Use a little different calling/passing method for a few of the routines and it's YOURS.

Besides, once the IP radicals have forced copyright to be a short-term thing, say seven years, all the GPL'd code older than seven years will magically become public domain anyway.

Re:If we can't see MS's source (5, Informative)

Stonehand (71085) | more than 12 years ago | (#3164734)

Quite a few people can, at universities and other sites. They just need to sign NDAs, that's all. Also, given that they take several hundred interns per year, and they aren't all fanatical Gates fans, there's a fair bit of opportunity for internal leaks as well.

Re:If we can't see MS's source (2, Flamebait)

Mr Windows (91218) | more than 12 years ago | (#3164795)

That's OK in principle, but how can anyone who looks at a piece of code know whether it really was written by MS or was GPLed with the serial number (erm, copyright notice) filed off? MS removed the copyright notice of zlib, according to the article, so it's not beyond them to do that with a piece of GPLed code. Not that I'd ever suggest that they'd do such a thing, but it's obviously very hard to check for plagarism (unless MS put all their code through turnitin!).

Well, duh. (0)

Anonymous Coward | more than 12 years ago | (#3164701)

since zlib is not GPL'd they are under no obligation to release the source code to any of their products.

Gee, well duh.

'Since Bill Gates office is not within the boundaries of the Cleveland zoo, he doesn't have to pay admission each day to go to work.'

I mean, what does 'obligation to release the source code' have to do with anything? Is this going to be one of those 'flog any non GPL license' discussion threads?

Re:Well, duh. (1)

Chris Burke (6130) | more than 12 years ago | (#3164858)

Well, I could hope that maybe the reason is that lots of people might be familiar with zlib, but not know that it is under a non-GPL free software license, and they were just trying to stave off "Does Microsoft have to release their code now?!" type crap...

No, I don't think that's true either.

Tally anybody? (2, Offtopic)

ILikeRed (141848) | more than 12 years ago | (#3164703)

I wonder if anyone is keeping a running tally since the security initiative started???

Here is another bug [appsecinc.com] with the MicroSoft SQL server. They've got overflows in their stored procedures. No fix, but you can delete the files if you can live without them....

oh goody (-1, Troll)

smack_attack (171144) | more than 12 years ago | (#3164708)

Time for today'$ round of +5 Funny Micro$oft ba$hing (I u$e the $ in$tead of a 's' to $ymbolize that they are an axi$ of evil computing, no one has thought of this before me. HAHA!)

Re:oh goody (1, Offtopic)

NanoGator (522640) | more than 12 years ago | (#3164803)

Heh yah I've noticed that. It's really cool to hate Microsoft. It sure is great that we get news of MS screwing up. Too bad nobody ever pays attention to the good things MS does. I bet that most ppl who bash MS have never spent time with Windows 2000.

Re:oh goody (1, Offtopic)

smack_attack (171144) | more than 12 years ago | (#3164856)

Yeah, I've got plenty of karma to burn as well, so those mods who feel it's appropriate to mod me down because I don't march to the drums can kiss my ass.

BTW, I use XP on my desktop and I love it. I use Debian on my servers and I love that too. Windows does not fit well on a server just as Linux does not fit well on the Desktop, why can't people understand that?

Re:oh goody (3, Funny)

pyrrho (167252) | more than 12 years ago | (#3164884)

> have never spent time with Windows 2000.

I'm sure this is a typo. You must have meant "did time".

Re:oh goody (2)

Chris Burke (6130) | more than 12 years ago | (#3164887)

I use Win2k on a daily basis and I hate it. But I take comfort in that my main workstation is a linux box, and the win2k box is there just because I'm porting code at the moment. But yes, I have spent much time with win2k. Much like a venereal disease, intimite knowledge of the subject doesn't make me want to bash it -less-.

Wasn't this partly on fault of glibc? (0)

Anonymous Coward | more than 12 years ago | (#3164709)

I thought the bug was caused by glibc, which made the bug worthless on non-glibc systems.

Checked out the new (A)nal (C)unt CD? (-1, Offtopic)

JohnDenver (246743) | more than 12 years ago | (#3164710)

Has anyone ever noticed that Amazon dotcom lists (A)nal (C)unt as just plain vanilla AC?

What would AC/DC mean then? (A)nal (C)unt or (D)anal (C)unt?

You thought I was going to say (D)ick (C)unt, huh? The reason I came up with Danal can be attributed to a cigarette brand. Have you guys ever seen the brand, Doral? I know it ryjmes with Coral, but I always pronounces it Oral plus a D. Hence, Danal, the only suppository cigarette.

Share the idea with a really drunk buddy, and he'll pee himself.

So now I have 50 karma, might as well turn troll...

In other words (0)

Anonymous Coward | more than 12 years ago | (#3164711)

So in other words, Microsoft software sucks because of Open Source. Did anyone NOT see this coming?

Re:In other words (1)

DA-MAN (17442) | more than 12 years ago | (#3164831)

No, Microsoft sucks because they've been on an anti-opensource crusade and are using open source in all their products. It's the hippocricy(sp?).

GZIP Patch (4, Informative)

Embedded Geek (532893) | more than 12 years ago | (#3164713)

The patch can be found at http://www.gzip.org/#patch [gzip.org] . It turns out that passing a filename over 1200 characters would cause an overflow.

For the record, I've used GZLIB in many embedded products and like it.

DHO!! Correct Details & SecurityFocus link (5, Informative)

Embedded Geek (532893) | more than 12 years ago | (#3164751)

It's actually 1020, not 1200 chars. The entire statement is here:

i>gzip 1.2.4 may crash when an input file name is too long (over 1020 characters). The buffer overflow may be exploited if gzip is run by a server such as an ftp server. Some ftp servers allow compression and decompression on the fly and are thus vulnerable. See technical details here [securityfocus.com] . This patch [slashdot.org] to gzip 1.2.4 fixes the problem. The beta version 1.3.3 [gnu.org] already includes a sufficient patch; use this version if you have to handle files larger than 2 GB. A new official version of gzip will be released soon.

Obligation (0)

October_30th (531777) | more than 12 years ago | (#3164714)

no obligation to release the source code to any of their products

I find it hard to understand how any sane person would think this is a bad thing.

I mean forcing people to release the source code of their products is the same as forcing them to give their product out for free.

What's the point??

Microsoft Dont make InstallShield... (3, Informative)

dhopton (252883) | more than 12 years ago | (#3164722)

As the subect. InstallShield Corp. Make install shield.

This wouldn't have happened... (2, Funny)

bourne (539955) | more than 12 years ago | (#3164727)

...if the government hadn't worked so hard to limit Microsoft's ability to innovate.

:P

Re:This wouldn't have happened... (0, Troll)

rusty0101 (565565) | more than 12 years ago | (#3164860)

I beg your pardon, this looks like the same level of Inovation microsoft has been doing since Day one.

port basic
buy qdos
borrow from Apple and Xerox
borrow from BSD
borrow from open source.

....

-Rusty

InstallShield (5, Informative)

sharkey (16670) | more than 12 years ago | (#3164735)

InstallShield is written and published by a company named InstallShield, and has been for many years. It is not a "Microsoft technology", but rather a technology that has support for creating software installation routines for Windows, amongst other OSes.

Redhat stock's in the shitter. (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3164736)

$7 according to one share [oneshare.com] . That's only $6 more than K-MART!! Haha hahahah. OSS is NOT a valid business model. http://goatse.cx

Win2k news thought... (0)

Anonymous Coward | more than 12 years ago | (#3164737)

that they should post this [infoworld.com] infoworld article this morning. and I quote
Just for some balance, Linux also has its problems. If you actually compare them, the amount of vulnerabilities found in Windows and all Linux flavors combined are almost the same on a yearly basis. So just choose the best OS platform for the application and PRACTICE SECURE COMPUTING.

Oh the irony.

Re:Win2k news thought... (4, Informative)

ghostlibrary (450718) | more than 12 years ago | (#3164791)

Argh! Bad statistics alert!

"vulnerabilities found in Windows and all Linux flavors combined are almost the same"

So if I am running RedHat, Mandrake, SUSE, and Debian simultaneously, I have the same number of flaws as a single run of Win2k?

They should either use the average (among linux dists) or the max (ditto), vs Win. Or sum across all current Win flavors (ME, Win2k. maybe NT) to compare against all linux flavors (summed).

Argh!

not enough bugs eh? (1)

sydney (119599) | more than 12 years ago | (#3164739)

I don't have any idea why MS chose to use the zlib library but it wasn't for "buglessness". MS creates enough of their own bugs they don't need to go borrow someone elses. Of course they didn't know about the bugs at the time, but still, methinks they used the code for less altruistic purposes.

Re:not enough bugs eh? (1)

DA-MAN (17442) | more than 12 years ago | (#3164864)

Hey it could have been worse, they could have contributed to the main project!

We gotta be careful what we wish for. Microsoft using open source with a BSD-style or X11-style licenses is really a godsend, imagine Microsoft code in the Linux kernel...

notification issue (5, Insightful)

ethereal (13958) | more than 12 years ago | (#3164744)

Here's what I want to know: the zlib maintainers know that their code is heavily used in open source product, and they can easily use ldd on a typical Linux or *BSD install to find out exactly which programs use zlib. So they know who to contact about vulnerabilities. However, if Microsoft just takes open source code and incorporates it into their products, how will the zlib folks know to contact them prior to public disclosure? It surely can't be the responsibility of the zlib team to grep through every single closed-source binary out there in order to make sure that it didn't use zlib.

It seems like if there isn't a mailing list for every single library's security issues, then closed source vendors will become second-class citizens when it comes to getting forewarning about a big security announcement like this. This seems like what has happened to Microsoft in this case; otherwise they would have had a raft of fixes available when the original story was released, right?

The other alternative is the vendor early warning list idea that Microsoft has been pushing, but the problem with that is: the more people on the list (and you'd have to have hundreds of vendors in the case of a base library like zlib, I'd think), the more likely that one of them will leak the story to the black hats, so that the delay while vendors prepare patches becomes a liability for the unpatched public. That doesn't seem like a good scenario to me either.

Re:notification issue (5, Informative)

garett_spencley (193892) | more than 12 years ago | (#3164850)

I don't see it as the zlib author's responsibility to notify everyone that uses their library.

I do feel that they should (but are not obligated to) send out a few public notices that will be spread around so that people who's programs use the library can update it and that's exactly what they did.

Also the big problem with this security issue isn't programs that dynamically link to libz.so. Those are easy to fix because all you have to do is upgrade your zlib and they're automagically fixed.

It's the programs that statically link the zlib library (meaning it gets copied right into the actual binary at compile time) that you have to worry about because an ldd won't show you that.

Also many people use their own modified version of zlib (XFree86, rpm, rsync, the linux kernel etc.) and so those are very hard to catch as well.

Florian Weimer wrote a perl script which will check for binaries on your system that are statically linked. You can read his post to Bugtraq here [securityfocus.com] .

--
Garett

Slow, buggy M$... (1, Flamebait)

IO ERROR (128968) | more than 12 years ago | (#3164750)

Microsoft is still trying to determine which apps incorporated zlib code? My Linux box already has all its apps fixed. How long until M$ gets patches out? Weeks? Months?

Re:Slow, buggy M$... (0)

Anonymous Coward | more than 12 years ago | (#3164789)

You're part of the small percentage of unemployed Linux users who can sit on Usenet reading about every new bug as it comes out.

Many people in the past have praised Linux as 'the box just sat up there and accrued hundreds of days of uptime doing it's job.' There are thousands of Linux boxes that have NOT been fixed. Some were set up by a Linux guru who moved on, and now there's nobody who knows anything more than the root password, if that.

Part of the TCO of Linux is nursing it along, i.e. applying the bug fixes every day or so.

InstallShield patches will come from the company who sells that product, BTW. Not 'emm-dollarsign' whatever the fuck that means.

Re:Slow, buggy M$... (-1)

October_30th (531777) | more than 12 years ago | (#3164871)

Indeed.

Recently some university admins I know have started banning private Linux installations on the campus network simply because the default distros are leaky as hell and with the latest SSH hole things have gotten even worse.

Some have even said that the latest Windows versions are more secure out of box than the mainstream Linux distros.

Um? (1, Offtopic)

jonnyfish (224288) | more than 12 years ago | (#3164754)

And yet again, it is being reported that this zlib issue is leaving a "hefty" portion of systems vulnerable to attack. Forgive my ignorance, but how? In the previous discussion on the topic, I read some posts that sort of explained a possible risk that might occur if there's a full moon and the lighting is just right.

So I ask you: what? From what I've heard the worst that could happen is your system could crash. I hardly see that as any sort of real issue, since programs like to do that all the time.

Re:Um? (1)

Mr Windows (91218) | more than 12 years ago | (#3164811)

It's OK for me if my system crashes when I'm in bed: I just powercycle when I get up. If I'm running a bank (say) which depends on its machines to stay in business, it's a different matter: denial of service is more than a pain, it's a P45 (pink slip??) kind of thing.

Innovation? (1)

Conare (442798) | more than 12 years ago | (#3164756)

Is this another example of why MS needs to be free of regulation in order to Innovat...ively copy other peoples work?

Shame.

Debian? (2, Interesting)

DRO0 (252117) | more than 12 years ago | (#3164757)

Naive question probably, but if zlib isn't GPL then does Debian use a different library and if so, is it affected by this issue?

Re:Debian? (1)

DRO0 (252117) | more than 12 years ago | (#3164796)

Never mind, I need more sleep.

Re:Debian? (1)

Mr Windows (91218) | more than 12 years ago | (#3164846)

Debian aren't restricted to GPLed stuff; any piece of software which fits the Debian Free Software Guidelines [debian.org] (which includes stuff with the GPL, BSD, and Artistic licences) can be included in main. Other stuff can be included in non-free too.

Now what would have been interesting... (4, Funny)

borgquite (197429) | more than 12 years ago | (#3164780)

is if when they released the patch for the security flaw they made the patch GPL... just imagine Microsoft having to recode all that stuff for themselves :)

Re:Now what would have been interesting... (1)

DA-MAN (17442) | more than 12 years ago | (#3164888)

or fork off the last version before the GPL, that would be hilarious....

Imagine http://mszlib.sourceforge.net/

LOL!!

Corrections (-1)

Seor Obvious (549685) | more than 12 years ago | (#3164784)

1. MS does not make InstallSheild (perhaps you meant MSI)

2. zlib is not GPL, it's zlib license, DUH.

3. You are a moron

4. So are Slashdot "editors".

hrm... (2, Informative)

Em Emalb (452530) | more than 12 years ago | (#3164787)

"The zlib library has been a fundamental open-source software component for almost a decade and can be found in almost every Linux and Unix system. That means the so-called "double free" flaw in the library may leave a hefty portion of Linux and Unix systems open to attack. Because it adopted some of the code, Microsoft apparently has made itself vulnerable to the flaw as well. "

Disclaimer: I am not a security weenie, so I don't know this for fact......*deep breath*....

If this is true, why is it only news for MS? It appears that Linux and Unix is also vulnerable. So why only set up the article as MS related?

*bash MS* bash bash bash....it's popular right?

Re:hrm... (0)

Anonymous Coward | more than 12 years ago | (#3164807)

This is the 'deflect as much blame as possible on Microsoft while tsk tsking the zlib developers for not using the GPL' skit.

If you wanted anything interesting, you shouldn't have clicked to read the comments.

Re:hrm... (5, Interesting)

IO ERROR (128968) | more than 12 years ago | (#3164821)

If this is true, why is it only news for MS? It appears that Linux and Unix is also vulnerable. So why only set up the article as MS related?


Because we found out for Linux/Unix several days ago and got our systems fixed within 24 hours. Microsoft is still trying to figure out what the hell is going on.


*bash MS* bash bash bash....it's popular right?


It's popular, easy, and well-deserved in this case. So much for M$ paying attention to security. Someone in M$ should have known they used zlib code, exactly where it was, and gotten patches out in a reasonable timeframe. They didn't. Bash bash bash.

Re:hrm... (1)

Why Should I (247317) | more than 12 years ago | (#3164847)

Because the other Open Source OSes have already been patched, primarily because of the fact that they are open source.

Silly you.

Re:hrm... (0)

Anonymous Coward | more than 12 years ago | (#3164867)

Because that's what this board is about. If you do a: "man Slashdot" it comes back with "attack Microsoft". I leave it up to somebody to demonstrate the exploit of this on a Windows box.

FIRST HETEROSEXUAL POST (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3164790)

Note to GAY MODERATORS: This post is NOT offtopic; it's INFORMATIVE. GET A CLUE
INTRODUCTION

Eating a woman's pussy is about the most wonderful thing you can do for her. It makes her feel loved, admired, sexy, and of course it makes her cum like crazy. Many women prefer it to intercourse, and for most, it is the easiest way to cum with a man. You may have the littlest dick on the planet, but if you give great head, you will be appreciated as a fabulous lover. Yes, it's that important. Besides, lots of women expect it these days - you might as well know what you're doing.

First off, guys seem to have a strange love/hate relationship with women's genitalia. Guys that can't wait to get their dick into one are often reluctant to put their face "down there". For every guy who says he loves to eat pussy, there's another one who's squeamish. Women know this, and it affects their ability to lay back and enjoy the experience. There is nothing more exciting to a woman than to know that her partner finds her delicious. Don't be coy; tell her. When a guy fingers a lady and then smells, licks, sucks the juice off his finger and sighs as if in heaven, she knows this is her lucky day.

What if your sweet lady doesn't smell or taste very sweet? Don't suffer. (Don't complain, either.) Take a nice hot shower or bath together. Lather up both of your bodies and slide them together. It's like a whole body fuck. Soap up her vulva, washing between her outer and inner lips. Spread her lips apart and gently wash her clitoris. Hey, don't stop - this feels great! Run your soapy hand down the crack of her ass, and rub a finger all around her anus. You can stick one finger in and wash around inside too, if you anticipate any anal play, and I suggest you do. But don't put those soapy fingers up her vagina. Instead, rinse them off well and stick one or two inside, making a circular motion. Think about washing the inside of a tall glass - same thing. Now wasn't that fun? And now you can feel free to let your tongue wander anywhere it pleases...

So now what? You've found a comfy spot to play, you've been kissing passionately, your tongues darting around each other's mouths like playful otters. You've moved down to nibble one of her hardening nipples and she's starting to groan, grinding her pelvis against your stomach. STOP. I know it was just starting to get good. But was she really groaning and humping you, or was it your own excitement you were detecting? I strongly prefer to be excited before a guy starts plunging his tongue into my inner recesses. Use your judgement, and kiss, lick, and fondle your way down her stomach, up her thighs, until she's arching up her back trying to get you to eat her. Of course, if she really was groaning and grinding, go for it... I also don't particularly enjoy a guy endlessly nibbling my inner thigh while my clit is quivering in anticipation.

POSITIONS

If the woman you are with is somewhat hesitant about your going down on her, start off with her lying on her back, perhaps half-sitting. Lay down between her legs, with her legs over your shoulders. She may enjoy laying or sitting at the edge of the bed with you kneeling. She can also straddle your face, but be prepared to get very wet. There are endless varieties of positions where you can press your face up to her cunt, some of which strike me as more acrobatic than erotic, but feel free to experiment. And then there's 69...

69 is one of my favorite positions. On the plus side, you both get to enjoy the sublime sensations of getting head, simultaneously. The upside down positioning of a woman's pussy and your mouth is an easy fit and there's more room for your hands. On the negative side, it's a less than ideal position for a woman to give head. Plus, if you need to read this article, you may be better off concentrating your energies on pleasing her, without too much distraction. But even for experienced 69'ers, it's easy to short-change your partner. "It feels soooo good, I'm just gonna stop for a second and concentrate on what you're...aaaarrrgghhh". Get the picture? Some show of will-power is in order.

69 can be done male on top, female on top, or side by side. The latter two are easier, though it's more restful with both partners laying down. Some women love being licked on all fours, so if female-on-top 69 drives her wild, take the hint and find some other ways to eat her in this position. I happen to enjoy male on top, but for many women this is a sure choking position. If a woman can, or wants to try, to deep throat you, this is THE position. When her head is thrust back you can really slide your cock all the way down her throat. But don't forget what you're supposed to be doing!

So there you are staring at it - the mysterious hole from whence you came, and into which you hope to cum again... First, an anatomy lesson...

THE CLITORIS

Before I go any further, a few words about the clitoris, accent on the first syllable. Most of you know it, but for those who don't, it is THE woman's sex organ, period. It may feel great to be fucked vaginally, anally or otherwise, but if the stimulation is not right there, on the clitoris, you're ignoring the place that's going to make her cum, and presumably that's why you're reading this, right? It's right there at the top juncture of her inner lips, a small knob of pink flesh. This is where it's at boys, and don't forget it. Almost any licking and sucking of the labia or vaginal entrance is going to feel just dandy; just remember that this is pleasurable teasing, not the main event. I can't tell you how many guys have thrust their tongues up my vagina thinking that this was going to make me cum. They were wrong. Of course, with a little manual stimulation....but I'm getting ahead of myself.

Women feel differently about how much direct stimulation they can take on their clitoris. Some women will adore it if you suck hard on their exposed clits, others will shriek in pain. You may encounter a woman who is completely unable to take direct stimulation of her clit; the goal is still the same, but you'll have to stimulate it indirectly, such as through her labia. IMPORTANT NOTE: Often, what is unacceptably rough at first may be fine after she's very excited. The fact is, most women really need a good bit of stimulation before a targeted attack on their clitoris, but once they're there, that's where you want to devote your attention.

The key here is go slow, ask questions, and if she's comfortable with it, leave the lights on and really explore. Body language often does tell what feels best, but I promise, she will appreciate your attentiveness if you ask outright. If she seems shy, get her to guide your hands and mouth with her own hand, and pay attention. If she starts bucking up against your mouth and gasping in ragged little breaths, for God's sake, don't use this opportunity to try something different. Just keep doing exactly what you're doing.

THE TONGUE

I want to reiterate, there is almost nothing you can do that won't feel terrific, so relax! I promise, you may be confused and uncertain, but she's in heaven. Any licking and sucking of the labia, vaginal entrance, clitoris, or anal area is going to feel just great, and I'd no sooner tell guys to "do it exactly like this" than I would tell every chef to follow the same recipe. But for those who are compelled to RTFM, here are a few techniques that you might like to try:

Try lapping her pussy from vaginal entrance up to her clit, leaving your tongue soft and jaw relaxed. This is a good way to start your tonguing.
Run your tongue between the inner and outer labia on one side, while holding the two together with your lips. Good job, now do the other side.
Fuck her pussy with your tongue - in and out, around and around, etc. This feels nice. Not wonderful or incredible or earth-shaking; nice.
Spread her outer lips with your hand. Then, with your tongue pointed and stiff, gently flick here and there. Feel free to roam, but keep coming back to her clit. This drives some women wild, and others can't take it. Some may prefer that you always leave your tongue soft, so when you try this, pay attention to whether those moans are ecstacy or pain.
The following techniques should not be introduced until your partner is really hot (i.e. she's no longer coherent). These are very intense actions which may be "too much" for some women, even when nearing orgasm.

With her clit still exposed, give it a quick little suck - pulling it into your mouth briefly and letting it go. This is a lot like licking a bit of cake batter off of your pinky. This feels incredible, and is a fine thing to do if you feel like torturing her (see PUTTING IT ALL TOGETHER below).
Take her exposed clit into your mouth and gently (at first, anyway) suck on it, simultaneously flicking your tongue over and around it. This can be done very lightly or very aggressively, and combined with fingering, will usually rapidly produce an intense orgasm.
Another choice technique involves rolling your tongue into a tube. If you can't do this with your tongue, you can't learn it - it's genetic. For those who can, this works best in an inverted or 69 position. Roll your tongue into a tube around the shaft of her clitoris. Slide it up and down; in effect, your tongue makes a tiny pussy for her clit to fuck. This also is likely to bring her over the edge.
FINGERS
Fingers are a valuable adjunct to eating pussy. Most women masturbate by pressing a finger or fingers over their clit, possibly "thru" the skin of their inner or outer lips, and vigorously rubbing in a circular or back-and-forth direction. You can do this too, and it is most helpful to ask, or better yet, have her show you how she likes it done. You will never be a good lover until you can bring your woman to climax with your hands. When you fuck her from behind, or up her ass, or really in any position which doesn't allow her to simultaneously rub her vulva against your body, reach down or around and rub her clit. I know it's distracting, but just do it anyway. One important point to note: make sure that your fingers are well lubricated. There is nothing more uncomfortable (and sometimes downright painful) than a dry finger roughly rubbed across one's clitoris.

Of course, that's not all you can do with your fingers. One technique which is very exciting is to spread her lips wide apart with one hand, and with your index finger straight like a pencil, flick the side of it rapidly across her clit. This motion alone will often bring a woman to orgasm. Combining this with the addition of some tongue action elsewhere is nothing short of bliss.

Sticking one or more fingers inside her vagina is also wonderful. You can simply move them in and out (this feels best with at least two or three fingers, pushed in hard), or wriggling them around. A particularly intense motion is to face your hand so that you have two fingers inside her with your palm facing the front of her body. Now move your fingers rapidly, as if waving hello. You are aiming to stimulate a particular part of the woman's vagina - namely the lower anterior (front) part. When combined with sucking her clit, this is nearly certain to bring her to a fast and intense climax.

An excellent way to begin manual stimulation is to stick one (and later two) fingers inside her, with your palm cupped over the mons area. I'm talking about that fleshy "mound" over her pubic bone. Your finger goes in and out and the ball of your hand is pressed hard against her vulva. You may want to rub or even shake the entire area with your palm.

Fingers also do nice things to tight little butt holes, but that's a whole other story...

ANAL PLAY

This stuff is purely optional. If anal play doesn't turn you on, don't do it. If you're uncomfortable, she'll pick up on your feelings and start wondering if it's her pussy that's turning you off. Don't feel that you can't be a good lover without anal play; you can.

Cleanliness is of the essence. (remember that nice soapy shower?) Scoop out some luscious juices (from a very wet pussy) with your finger and rub it around her anus. (If she isn't well lubricated, saliva works too.) If that's all you or she feels comfortable with, fine - it still feels great. But I think most women enjoy the feel of a finger pushed up their ass while they're being fucked or eaten. You need to be gentle, possibly even leaving your finger still. Try moving it in and out a little, or around in a circle. If she starts moaning, you know you're doing something right.

It's really fun to feel a woman's anus rhythmically squeezing your finger as she cums. (And it's great for her, too) You're probably thinking about what that would feel like around your dick, and it's something you should certainly explore. Ass-fucking is somewhat out of the scope of this article, but suffice to say, if she doesn't like a finger up her butt, she sure as hell won't want your big dick up there. Even if she does enjoy this sort of play, she may still be somewhat apprehensive about putting something so large up there. The keys to success are sufficient (i.e. copious amounts of) lubrication (a water-soluble type such as K-Y, which is safe for condoms), relaxation on her part, and a slow, gentle, approach. She'll certainly tell you if she wants you to thrust harder or deeper. And remember, if you want to feel that delicious squeezing around your cock, reach around and diddle that clit!

As for anallingus - why not? Don't feel like you HAVE to do it to satisfy your woman. But if the idea turns you on, great. Let your tongue rove as it pleases. It's not necessary to actually put your tongue inside her butt to stimulate the area. Back and forth, around and around, you get the picture.

One hygiene note: once that finger (or your penis) has been inside her ass, don't even think about putting it anywhere else. Carelessness in this regard can cause a horrendous infection.

MENSTRUATION

I haven't met a lot of men who are completely comfortable going down on a woman when she has her period. But some are. Most women are at their horniest before and sometimes during their period. You should definitely find a way to make her cum when she's bleeding, be it thru intercourse, manual, or oral stimulation. If you feel comfortable going down on her, great. It's perfectly safe. You may suggest that she insert a tampon, and then wash up. (As you now know, you don't need to get anywhere near her vagina to make her cum.) Or you could lay down a few old towels, turn out the lights, and forget about it.

PUTTING IT ALL TOGETHER

I think variety is crucial. Some guy posted an article detailing a road map of kissing and licking (first here, then here, etc.) Much better to do the unexpected; sometimes a hungry, aggressive approach, other times a laid-back, leisurely one. You can even even include your nose, or your chin into the act. Start slow, that's the key, and let your lover guide the speed of the crescendo. In all cases, start gently. Roughness and clumsiness are big turn-offs. As she gets more and more excited, pay more attention to her clitoris. When she's three breathes away from cumming, moving your mouth off or away from her clit is agony. That's fine if you're intentionally torturing her, just understand that this is what you are doing. The only prohibition is to be reasonably gentle with her clit. Nibbling or biting is fine elsewhere, but we're talking about a sensitive spot.

Speaking of prolonging the agony... I think this is great fun. Bring your partner just to the edge of orgasm, and stop. This is not easy unless you really know your lover well. Instead, just have her help you. Say, "Grab my head and stop me just before you think you're gonna cum." Then take your sweet time. Blow on her clit, take it into your mouth just briefly, flick it just the very slightest bit. You will have this woman squirming and moaning like she's dying. Finger her deeply, enjoy the ecstasy you are imparting, and finally, have pity. Let the poor woman cum.

UUUUNNNNGGGGGHHHHHH!!!!!! (or, I'M COMING!!!)

Okay, she's practically suffocating you, she's pressed so hard against your face; she's screaming and bucking up in the air; you feel her pussy contracting wildly - how long should you keep it up?? The simple answer is, until she makes you stop. Some women may stop you after five seconds from the start of their climax, others may be able to roll right into another orgasm if you keep going. Do come up for air, but remember, her excitement does not drop off as sharply as yours does. Play it safe by continuing the stimulation.

How many times does she need to cum? Some women are very content to have one orgasm. A whole lot of women would really like to cum again, but need about five minutes to recoup. Many women are so sensitive right after they cum that they may push your head violently away. This doesn't necessarily mean they've had enough, only that you need to stop for a few minutes. In fact most women, given a short rest between, are capable of cumming again and again. A smaller percentage of women are able to cum repeatedly with continued stimulation. This is the much-touted multiple-orgasm that is experienced by a minority of women. I know this makes it difficult to know when enough is enough, but there's a simple answer: ask her.

GODI'MSOEXCITEDITFEELSGREATBUTIJUSTCAN'TCOME

It happens to all of us sometimes - distraction, embarrassment, anxiety, or just an inability to "let go". What do you do about it? The first question is, can she easily bring herself to a climax in the privacy of her own home. If the answer is no - then she needs to do some homework. There are two books on the subject that I know of: For Yourself: The Fulfillment of Female Sexuality by Lonnie Barbach, and Sex for One: The Joy of Selfloving by Betty Dodson; pick up one. Then tell her to read it, study it, and practice, practice, practice!

Now if your partner is orgasmic only when alone - ask her point blank: "Is there something different I can do?" Many women are shy about criticizing their lovers, but if asked outright will surprise you with a very specific answer. It may be a simple matter of mechanics, like a little to right please, or not so rough, or more pressure and faster. Ah... perfect.

But suppose everything is wonderful. She says you're doing everything right but she just can't cum. There are two probable causes: selfconsciousness and/or self-loathing. For women who can't help watching themselves, the best approach is to eliminate anything that focuses her attention on what the two of you are doing. This is a "be here now" kind of thing - definitely not an introspective activity. Get that mirror off the ceiling. Dim the lights or turn them off completely. Put on some soft music. Share a glass of port. (I said A glass - getting drunk will definitely not help). Have her lay on her back, or propped up comfortably with some pillows. This is not the time for her to sit on your face, or the edge of the bed, or standing up against a wall. Arrange a time when you can devote a long period to eating her pussy, and then just keep it up. Forget everything I said about asking her questions - just close your eyes and get into it. I know this can be a difficult and exhausting exercise, but she will be extravagantly thankful for your efforts. It gets easier each time. If all else fails, get accustomed to masturbating together. Gradually begin to add your stimulation to her own, right before she's about to cum anyway. Over time, you can take over completely.

For women who themselves feel that their cunts are dirty or distasteful, all of the above methods may be helpful, but the underlying issue must also be addressed. I am amazed at how many women are ambivalent about their own genitals. They don't love "that part" of their body, and they can't believe that you would either. Yes, it is important to be clean. But clean means a daily shower which includes washing the vulva. It doesn't mean vainly attempting to remove every trace of smell or taste. The natural fragrance and secretions of a healthy woman are beautiful and erotic. Hopefully you agree (and if not, try hard to cultivate this attitude). When she learns to love her pussy, she will be infinitely more comfortable with your loving it too.

How to Eat Pussy

Hey, I have a lot of respect for all you guys who like to eat pussy because there are too few of you out there. And I'm not the only woman who says this. Furthermore, some of you guys who are giving it the old college try are not doing too well, so maybe this little lesson will help you out. When a woman finds a man who gives good head, she's found a treasure she's not going to let go of too quickly. This is one rare customer and she knows it. She won't even tell her girlfriends about it or that guy will become the most popular man in town. So, remember, most guys can fuck, and those who can usually do it satisfactorily, but the guy who gives good head, he's got it made.

Most women are shy about their bodies. Even if you've got the world's most gorgeous woman in bed with you, she's going to worry about how you like her body. Tell her it's beautiful, tell her which parts you like best, tell her anything, but get her to trust you enough to let you down between her legs.

Now stop and look at what you see. Beautiful, isn't it? There is nothing that makes a woman more unique than her pussy. I know. I've seen plenty of them. They come in all different sizes, colors and shapes; some are tucked inside like a little girl's cunnie and some have thick luscious lips that come out to greet you. Some are nested in brushes of fur and others are covered with transparent fuzz. Appreciate your woman's unique qualities and tell her what makes her special.

Women are a good deal more verbal than men, especially during love-making. They also respond more to verbal love, which means, the more you talk to her, the easier it will be to get her off. So all the time you're petting and stroking her beautiful pussy, talk to her about it.

Now look at it again. Gently pull the lips apart and look at her inner lips, even lick them if you want to. Now spread the tops of her pussy up until you can find her clit. Women have clits in all different sizes, just like you guys have different sized cocks. It doesn't mean a thing as far as her capacity for orgasm. All it means is more of her is hidden underneath her foreskin.

Whenever you touch a woman's pussy, make sure your finger is wet. You can lick it or moisten it with juices from inside her. Be sure, by all means, to wet it before you touch her clit because it doesn't have any juices of it's own and it's extremely sensitive. Your finger will stick to it if it's dry and that hurts. But you don't want to touch her clit anyway. You have to work up to that. Before she becomes aroused, her clit is too delicate to be handled.

Approach her pussy slowly. Women, even more so than men, love to be teased. The inner part of her thigh is her most tender spot. Lick it, kiss it, make designs on it with the tip of your tongue. Come dangerously close to her pussy, then float away. Make her anticipate it.

Now lick the crease where her leg joins her pussy. Nuzzle your face into her bush. Brush your lips over her slit without pressing down on it to further excite her. After you've done this to the point where your lady is bucking up from her seat and she's straining to get more of you closer to her, then put your lips right on top of her slit.

Kiss her, gently, then harder. Now use your tongue to separate her pussy lips and when she opens up, run your tongue up and down between the layers of pussy flesh. Gently spread her legs more with your hands. Everything you do with a woman you're about to eat must be done gently.

Tongue-fuck her. This feels define. It also teases the hell out of her because by now she wants some attention given to her clit. Check it out. See if her clit has gotten hard enough to peek out of it's covering. If so, lick it. If you can't see it, it might still be waiting for you underneath. So bring your tongue up tot he top of her slit and feel for her clit. You may barely experience it's presence. But even if you can't feel the tiny pearl, you can make it rise by licking the skin that covers it. Lick hard now and press into her skin.

Gently pull the pussy lips away and flick your tongue against the clit, hood covered or not. Do this quickly. This should cause her legs to shudder. When you sense she's getting up there toward orgasm, make your lips into an O and take the clit into your mouth. Start to suck gently and watch your lady's face for her reaction. If she can handle it, begin to suck harder. If she digs it, suck even harder. Go with her. If she lifts her pelvis into the air with the tension of her rising orgasm, move with her, don't fight her. Hang on, and keep your hot mouth on her clit. Don't let go. That's what she'll be saying too: 'Don't stop. Don't ever stop!'

There's a reason for that, most men stop too soon. Just like with cock sucking, this is something worth learning about and worth learning to do well. I know a man who's a lousy fuck, simply lousy, but he can eat pussy like nobody I know and he never has trouble getting a date. Girls are falling all over him.

But back to your pussy eating session...There's another thing you can do to intensify your woman's pleasure. You can finger-fuck her while she's enjoying your clit-licking talents. Before, curing or after. She'll really like it. In addition to the erogenous zones surrounding her clit, a woman has another extremely sensitive area at the roof of her vagina. This is what you rub up against when you're fucking her. Well, since your cock is pretty far away from your mouth, your fingers will have to do the fucking.

Take two fingers. One is too skinny and three is too wide and therefore can't get deep enough. Make sure they're wet so you don't irritate her skin. Slide them inside, slowly at first, then a little faster. Fuck her with them rhythmically. Speed up only when she does. Listen to her breathing.

She'll let you know what to do. If you're sucking her clit and finger-fucking her at the same time, you're giving her far more stimulation than you would be giving her with your cock alone. So you can count on it that she's getting high on this. If there's any doubt, check her out for symptoms. Each woman is unique. You may have one who's nipples get hard when she's excited or only when she's having an orgasm. Your girl might flush red or begin to tremble. Get to know her symptoms and you'll be a more sensitive lover.

When she starts to have an orgasm, for heaven's sakes, don't let go of that clit. Hang in there for the duration. When she starts to come down from the first orgasm, press your tongue along the underside of the clit, leaving your lips covering the top. Move your tongue in and out of her cunt. If your fingers are inside, move them a little too, gently though, things are extremely sensitive just now.

If you play your cards right, you'll get some multiple orgasms this way. A woman stays excited for a full hour after she's had an orgasm. Do you realize the full impact of that information? The potential? One woman was clocked at 56 orgasms at one sitting. Do you know what effect you would have on a woman you gave 56 orgasms to? She'd be yours as long as you wanted her.

The last advice I have for you is this: After you've made her come, make her your slave by giving her the best head she's ever had, don't leave her alone just yet. Talk to her, stroke her body, caress her breasts. Keep making love to her quietly until she's come all the way down. A man can get off and go to sleep in the same breath and feel no remorse, no sense of loss. But a woman by nature requires some sensitivity from her lover in those first few moments after sex.

Oral sex can be the most exciting sexual experiences you can have. But it's what you make it. Take your time, practice often, pay attention to your lover's signals, and most of all, enjoy yourself.

Female Oral Sex Techniques

TASTE:

In my experience, one of the main reasons that partners avoid female oral sex is due to a percieved or even experienced poor taste. While it is true that women run the range from pleasant (tasty!) to sour or uric tasting, there are easy steps to ensure that your partner will be tasting her sweetest.

First and most obviously, a good vigorous shower will do much to neutralize the taste of your partner. In fact, oral sex in the shower, while not a favorite method of mine, has a completely neutral taste if you stick to the upper regions of your partner's sex. If your partner has not showered recently, or has physically exerted herself recently, her taste will be much stronger. This, however, can be a good thing!

Secondly, foreplay will improve upon both the taste and the experience in general if your can get her juices flowing. I have never found an extremely aroused, wet woman to taste unpleasant. Quite the contrary!

FOREPLAY:

Do it! Take your time! Have fun! Experiment! A common male misunderstanding is that females are aroused most through physical contact. Not true. I have aroused women greatly simply by acting sexy. Tension is a wonderful tool, use it. If you can build tension to the point where the barest touch sends electric shivers through both of you, you can't lose! Similarly, even the best love techniques will not turn on a woman who isn't in the mood. (If you can get her in the mood, well then you're talking.)

Take your time, explore your partner (there's a lot more there than nipples and a clitoris!), build tension, have fun.

POSITIONS:

There are two basic positions that I have found very versitile and succesful. For a very comfortable session, have her lie on her back with legs spread and knees bent slightly. Lie on your stomach between her legs, put your right arm under her left leg and your left arm under her right - somewhat of an intimate hug. Now you should find your head situated conveniently and comfortably near the center of your attention.

Less comfortable, but a bit wilder is the following. Lie on your back, prop a couple of pillows (or fold one over) under your head. Have your partner kneel facing you with one knee on each side of your head, above your shoulders. The sexy part of this position (IMHO) is that your partner can look down at you and watch you eating her out. (Yum) Versatility and comfort are reduced for the giver, so I only occasionally partake in this position.

These are by no means the only positions. Again, experiment, have fun. If you can find a bed where your partner can lie down with her legs dangling off the bed and resting flat on the floor, you're in luck. Now you can have her sit just at the edge of the bed, lie back, and give you plenty of access while you kneel/sit in front of her sex.

GEOGRAPHY:

Woman are very different in some respects of their genitalia, but the major parts are the same. A woman's sex from the oral sex point of view consists of two sets of lips (outer and inner) that meet just below the vaginal opening and some variable distance above the clitoris; the vaginal opening (immediately above the nether meeting of above-mentioned lips), a smooth section of skin between the vaginal opening and the clitoris (I have no clue as to its technical name, hereafter it will be refered to as the "scav") and the clitoris and its surrounding folds.

If you get the chance, explore your partner in a location with decent lighting. Use your hand to spread her sex and explore her, find out what's where and what's what. Like I said earlier, women are different. Especially the location and shape of the clitoris. It can be buried, protruding, surrounded by many folds of flesh, or hanging out it the open. The best method I have found for finding your partner's clitoris (If all else fails, ask!), is to place a finger at the very base of her sex and gently run it up her scav until you feel a slight bump. That's it.

OK, ENOUGH OF THE DETAILS, NOW THE NITTY-GRITTY:

So your partner is showered, excited and feeling sexy. It's the big moment, what to do? Don't simply dive in. Take your time, excite her. In my opinion, I can usually tell how good my partner is at oral sex by how she "goes down" on me. By "going down" I mean the process by which she goes from kising my lips to sucking oh-so-wonderfully on my sex.

Depending on your partner, different methods of going down will work more effectively. If you've gotten to this point with your partner, you should have a fair idea of what she likes. Take advantage of that knowledge. One thing that I highly recommend however, is a sexy look. Sexy looks can make all the difference, and the best place to throw one in is as you're licking, sucking and kissing your way down her stomach stop, look up and smile devilishly.

Unbutton your partners jean's, pull the tabs back and kiss her newly exposed flesh. Unzip her pants, pull the tabs back as far as they can go and place light, tender kisses on her abdomen and around the top of her panties. Watch it, some women are very ticklish here!

(Note the above doesn't work so well if she doesn't have jeans on but you're all smart enough to figure it out...) Once you've removed everything but her panties, stop. You have a unique opportunity for further arousal. Kiss her legs and inner thighs with gentle kisses. Work your way up each leg and make a point of stopping at the line of her underwear. Kiss again along the top of her underwear, and along the other two borders.

Now move to her cotton (silk? lace? latex?) covered sex. Plant firm, dry kisses through her underwear on her sex, low and right around the vaginal entrance works best for me. If your partner is really excited, often her underwear will be damp and will smell (pleasantly) of her sex.

Removing the underwear is again a matter of choice. You know your partner best, I prefer either gently sliding it all the way off with my fingers, or pulling it part way down with my teeth first.

DIRECT KISSING:

It is not unusual for your partner's lips to be closed together. A very excited woman's lips may be slightly spread allready ("pouting"). Again, building tension can be accomplished by light kisses on either side of her sex as well as light blowing. (Do not inflate your partner! This can be very dangerous!!) Spreading her lips can be accomplished by placing your tongue first at the base of her sex, and then firmly running your tongue all the way up. Continue with a few long licks from the base of her sex all the way to the top past her clitoris. Vary the firmness of your tongue from hard and pointed to broad and soft.

THE BIG "O":

The best and most proven method of making your partner cum through oral sex is by repeated, rythmic stroking of her clitoris with your tongue. The tongue is uniquely suited for this purpose because of it's texture, versatility, and pliability. It is difficult (and tiring) to apply too much pressure to your partner's clitoris. Some women are much more sensitive than others however. Be receptive to any sharp gasps, you could be being too affectionate. If this is the case, move away from direct contact or adopt a gentler technique.

Repeated, rythmic stroking can be accomplished in a variety of ways. I prefer either rapid, repeated verticle licks with a firm, pointed tongue, or planting your tongue firmly against your partner's clitoris and vigorously shaking your head back and forth. (Tiring, maybe. But it's worth it!) If you are having trouble finding the correct angle or method for rhythmically lingually carresing her clitoris, or if you want to try something fun and new:

Toungue the abc's. No seriously! This is a great oral excercise on any part of the body. Toungue the abc's starting with lower case, and moving though upper case. (Heck, you could do the whole ANSI ASCII set if you'd like!) Be especially perceptive while you do this, vary your speed and watch for sharp intakes of breath - chances are you've hit the right angle. The abc's give a large variety of different strokes, so come back to this excersize as often as you'd like.

A general rule of thumb (tongue?) is to start slow and pick up the pace as you go along. This is definately a general rule though, feel free to break it by varying your rhythm, both slowly and predictably as well as quickly and startlingly.

OTHER FUN THINGS TO DO:

Lick between the inner and outer lips; penetrate the vagina deeply (a much stronger, iron-like taste here); "tease" the entrance to her vagina with rapid pokes of your toungue at varying depths; don't forget your hands, often a woman will feel a need or ache for something inside of her while very aroused, oblige her with a finger or two. Both kissing and manually manipulating your partner is tough, anyone with succesful methods is welcome to pipe in.

Talk to your partner, ask her what she likes. Experiment (if you can) with many different partners. What excites one woman a lot may not excite another as much, but may still be well worth trying. On the other hand, you may not notice a subtle pleasurable technique on one woman that can be easily learned on another. The better you know your parnter, the more effectively you can please her. Have fun!

A FINAL NOTE:

I tried to be a lot less pretentious than the male version of this article for a few reasons. The major one is that women are very different, the above suggestions may work wonderfully with one woman and so-so with another. Some women simply aren't responsive to oral sex due to strong moral constraints. Secondly, I am not an expert, though I love oral sex and have had the joy of pleasuring 10-20 women. Third, I am still young (18) and have a lot to learn.

So feel free to comment on what you've read (men and women) and reply either over the net or to me personally. Thanks. Hope you found this helpfull and enjoy!

Q. What is cunnilingus?

Cunnilingus is the fine art of making love to a vagina with your mouth and tongue. It is a delicate skill, requiring patience, practice, and dedication to get it right, but any woman you learn to do it right for will appreciate you all the more for it.

What applies to the penis applies to the vulva-- every one is different, requiring a different touch to make its owner happy. But few tools can equal the tongue for the amount of pleasure it can deliver to a happy vagina.

This article assumes that you know what a vulva looks like and can identify with some precision the mons veneris, labia majora, clitoral hood, clitoris, labia minora, urethra, vagina, and perineum, to name them (approximately) from top to bottom.

Q. How fast should I go?

This isn't an attack. Don't go after the clitoris like a fireman attacking a fire. Quite often at first, the clitoris is far too sensitive for direct stimulation. Lick around it, stimulating the hood, teasing her inner labia, tasting her. Take your time and listen to her. Some women make noise, and some do not. It will be a while before you learn exactly what your lover prefers as far as oral sex is concerned.

Some women may like additional stimulation-- a finger or two into the vagina, or perhaps even the anus. She may want your hands to reach up and play with her breasts, or she may want your fingers to hold her labia apart so that your tongue can get at her vulva more directly.

Q. I've heard cunnilingus doesn't taste good.

If the taste or smell bothers you or is a concern, ask her to wash first. Most people who enjoy cunnilingus agree that a clean vagina is a good, if acquired, taste.

As a woman nears her climax, she may want more direct stimulation. In general, fast, rhythmic stimulation is most effective at causing climax-- but there shouldn't be a rush to get there. Take your time and learn to appreciate what you can do for her.

Q. What about cunnilingus during menstruation?

Some people are particularly turned off at the suggestion of cunnilingus during menstruation. If it is a concern to you, then wait. A tampon may well hold the blood back, as will a diaphragm, but some men can't stand the taste anyway. If your partner is healthy, however, there is no particular danger in menstrual blood, and some women find that orgasms during their periods allievate cramps.

In my experience, when you try to explain to a man "in the moment" that he is doing oral sex (or sometimes anything) wrong, often the result is a disaster. You aren't into it, because you are trying to direct, and I guess for many guys it comes off as simply insulting. It isn't a very "supportive process," to borrow a friend's phraseology.

Example: "No, not there,...there..." (Quizzical looks, no change in behavior.)

Now, if you go looking for diagrams of women's vaginas, you will find yourself either looking at medical textbooks or special references, such as Our Bodies, Ourselves --- which, is presented as a "for women only" sort of thing. The original edition even gave this little rap to men about not buying it "for" women. Yeesh! Good book, but talk about "attitude." The new edition has thankfully dropped this negative proscription.

You will sometimes NOT even find a clear picture of a woman's vagina in a general sex reference, such as the original The Joy of Sex. And you won't find a discussion of the parts of the vulva in most places. Now, go look for a picture of a man's penis that is reasonably edifying, and you'll find them all over. I only discovered this when I tried to look it up, and since I had never purchased Our Bodies, Ourselves, I was SOL (corrected that, recently). I however, and all women, have a ready-made "reference manual," provided we have gotten over the idea, or never had it, that looking at it will somehow be a "bad thing." Men don't have this reference manual readily "at hand," at least if their partner, if they have one, is not immediately available and cooperative.

I have also read, and just reread, the Cunnilingus FAQ. Though it seemed excellent in terms of mood, style of approach, all the "beginning" stuff, I found when I applied her technique suggestions to me and my experience as a recipient, or my experience as a giver, it was a bit short on specifics. I am sure the described approach works very well for the woman who wrote it :), but I have a few things that seem unsaid.

So, you have gone through all the beginning motions, taking a reasonable amount of time, and you are starting to "get down to business." First, PLEASE turn on the lights. Working in the dark is for experts at best. I am assuming you are sitting between her legs, facing her, or some variation on this. Now really LOOK at what is there. Where her hair is (or was, some people shave) is the mons veneris, the pubic mound. If she is not aroused, everything is likely, but not guaranteed, to be enclosed within the outer lips or labia majora, the edges of the pubic mound that comes together to enclose her vulva.

As you spread this apart (she can bring her knees up and out, and/or you can use your hands), you will now see the inner folds of skin of the vulva, the inner lips or labia minora. These (usually) go all around the vaginal opening, and come in a variety of interesting and pleasing shapes and textures.

As you observe that this encircles the vaginal opening, at the top of this you will find what might look like a button or might look like a very tiny penis, covered by an additional flap of skin. The flap of skin is the "hood" of the clitoris, and is very sensitive, as is the clitoris. This is the female equivalent of the male foreskin, though it is much looser than that corresponding organ.

If you see what looks like a button underneath the hood, then what you are seeing is the glans of the clitoris, exactly equivalent to your own penis glans, or head of the penis. If you see a bit more than that, then there is probably some of the shaft of the clitoris extending in your partner. I stress this since most men would not be particularly enthused by a blow job that only gave attention to their penis head and extended not a centimeter below there. Many might find it annoying or even painful, depending on how rough their partner is with them and how sensitive they are to pain in that area. However, told "give attention to the clitoris," by fable and book, many brave soldiers run to do battle on the field of their woman's desires with their tongue, only to find their partner is telling them to please stop, it hurts, or it doesn't do anything for me. This may or may not be a comment on your technique, some women don't like oral sex. I would just like to suggest an approach that probably has a higher average success rate.

The shaft of the clitoris is attached internally, back into the body of the woman. Pressure on the spot above the glans and underneath the hood will generally give you access to the part of the shaft equivalent to the part of your penis that is towards your body, whereas underneath the glans will give you access to the part of the shaft that is equivalent to the part of your penis that is away from your body. It is likely that the skin directly below the glans will be functionally equivalent to what is for most men the most sensitive and pleasurable part of the penis for play, and the inner vaginal lips are also usually quite sensitive "in a good way." Going down/in/back, you may or may not see the urethra, if you do this is the location of the grafenberg spot (g-spot), which we have all heard on this newsgroup is quite varied in response, some women love stimulation there, others do not. Try licking your tongue around there, if it is visible, and see, in the course of your "investigations."

O.K., so now you have the picture. You did trim/file your nails first, didn't you? Play with your hands, play with your mouth, go all over, gently at first, increasing stimulation and focus as her body responds, and coming in "closer on" the clitoral area as she becomes more aroused. Lick, suck, point your tongue and apply pressure, use it like a "miniature penis" under the glans, penetrating her as you go, make little circles with your tongue, lick up and down along the skin in front of the clitoris, up and down the inner vaginal lips, etc. These are ideas, find some others, listen to her responses and comments. Remember to GO SLOW --- I believe impatience and expectations of quick response are "generally recognized as" the most common error in sexual encounters. Eventually the clitoris will become probably become erect, and stimulation that is "more direct" (like enclosing your mouth on the area and gently sucking) will stimulate a sufficient amount of the organ in question to be interesting. Watch what you are doing, and what happens, the entire area will become "engorged" and swollen if things are proceeding closer to orgasm.

Some women may not, or may prefer not, to orgasm this way. Most will probably, however, enjoy the experience a great deal. Hopefully this "explanation and comparison" to the corresponding male body parts will allow you to not be (still) in the dark with the lights on.

Memo from Bill (1, Funny)

soap.xml (469053) | more than 12 years ago | (#3164792)

Development Team,
Thank you! I have been saying for years that Open Source is EVIL! Now we have even more proof. With this latest failure of open source code we can push even more people into using our products. We can even say that we "tried" to use open source, and look what it brought us. Once again, Thanks! Marketing and I appriciate it.

-Bill

walk like a man (-1)

Yr0 (224662) | more than 12 years ago | (#3164794)

Marie has set up home
With a man who's half my age
A halfwit in a leotard
Stands on my stage

The standards have fallen
My value has dropped
But don't shed a tear

Some walk like they own the place
Whilst others creep in fear

Try if you can
To walk like a man
But you don't come near

You've got to fly like an eagle
Prowl like a lion in Africa
Leap like a salmon
Pulled from the sea
To keep up with me
You've got to walk like a panther tonight
Walk like a panther tonight

The old home town just looks the same
Like a derelict man who has died out of shame
Like a jumble sale left out in the rain
It's not good
It's not right

The standards have fallen
My value has dropped
But don't shed a tear

Some walk like they own the place
Whilst others creep in fear

So try if you can
To walk like a man
But you don't come near

You've got to fly like an eagle
Prowl like a lion in Africa
Leap like a salmon
Pulled from the sea
To keep up with me
You've got to walk like a panther tonight
Walk like a panther tonight

Where did you leave your self-respect?
You look like a reptile
Your house is a wreck
Your existence an insult
And stains that are suspect
Cover your clothes

The standards have fallen
My value has dropped
But don't shed a tear

Some walk like they own the place
Whilst others live in fear

So try if you can
To walk like a man
But you don't come near

You've got to fly like an eagle
Prowl like a lion in Africa
Leap like a salmon
Pulled from the sea
To keep up with me
You've got to walk like a panther tonight
Walk like a panther tonight x5

Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic,nflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic.Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) > Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic,nflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic.Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) >Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic,nflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Please try to keep posts on topic.Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) >

Here is a list of apps vunerable (2, Informative)

ZaneMcAuley (266747) | more than 12 years ago | (#3164801)

http://www.gzip.org/zlib/apps.html

At least nine of Microsoft's major applications--including Microsoft Office, Internet Explorer, DirectX, Messenger and Front Page--appear to incorporate borrowed code from the compression library and could be vulnerable to a similar attack.

"Borrowed"? Whats the license for zlib?

Re:Here is a list of apps vunerable (1)

Mr Windows (91218) | more than 12 years ago | (#3164859)

zlib has it's own licence [gzip.org] , which doesn't prohibit what MS have done. At the moment, that is... :)

Re:Here is a list of apps vunerable (1)

ZaneMcAuley (266747) | more than 12 years ago | (#3164880)

So if they use that version with that license, theyre ok, but if the license changes (in other releases), can they still use that version but not the new one unless they comply with the new license (for that version).

What im asking is what if the license changes for code (after that version is used and released according to the license with it) that is existing within products are there today. How are they impacted?

Borrowed Code? (2, Funny)

Spit_Fire1 (247104) | more than 12 years ago | (#3164814)

The next-generation Graphics Device Interface is part of Windows XP, meaning that the operating system itself could be at risk.
the colors were just screaming security flaw already weren't they?

Yet, the incident seemingly proves that Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products.
And now they are forced to admit what we already knew, they haven't written anything original since...well...ever! :P

The zlib compression library doesn't use the GPL, however.
and the war between MS and GPL coninues, maybe the linux community could use Anime-based uniforms to storm microsoft and take the code back.

This might be considered a troll? (1, Interesting)

Anonymous Coward | more than 12 years ago | (#3164822)

But perhaps that is why microsoft is so afraid to let the states in the antitrust case look at their code. If some one were to discovered they actually a lot of open source code, that would be a huge embarrasement.

GPL is not about giving things away (2, Interesting)

pyrrho (167252) | more than 12 years ago | (#3164834)

Microsoft is an old hand at using public domain stuff! They don't dislike it... like all companies they grew used to swallowing it up! It's even cheaper than buying QDOS was.

No, the GPL is not about giving software away, that was already happening. It was about KEEPING software GIVEN AWAY.

you make this crap up (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3164870)

you make this up /.

anything to bash MS you spread, don't matter WHO makes it up.

What do YOU want to do today?
/. says "Bash Microsoft"

Which explains why MS is not attacked more (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3164886)

As long as MS makes heavier use of OSS, they will be less prone to attacks.
They currently use the TCP Stack from BSD, they redesigned SMB services based on Samba (they had to cold room it due to GPL). This helps explain how MS is getting faster and less cracks.
Of course, this also explains why they oppose GPL.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>