<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_23_1429207</id>
	<title>Widespread Attacks Exploit Newly-Patched IE Bug</title>
	<author>Soulskill</author>
	<datestamp>1264258860000</datestamp>
	<htmltext>itwbennett writes <i>"The first widespread attack to leverage the Internet Explorer flaw that <a href="http://tech.slashdot.org/story/10/01/21/2135226/Microsoft-Patches-Google-Hack-Flaw-In-IE?art\_pos=4">Microsoft patched</a> in an emergency update Thursday morning has surfaced. By midday Thursday Symantec had <a href="http://www.itworld.com/security/93670/widespread-attacks-exploit-newly-patched-ie-bug">spotted hundreds of Web sites</a> that hosted the attack code. The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec. Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a US-based, free e-mail service that Symantec declined to name."</i>
Relatedly, reader N!NJA was among several to point out that Microsoft has apparently been <a href="http://threatpost.com/en\_us/blogs/microsoft-knew-ie-zero-day-flaw-september-012110">aware of this flaw since September</a>.</htmltext>
<tokenext>itwbennett writes " The first widespread attack to leverage the Internet Explorer flaw that Microsoft patched in an emergency update Thursday morning has surfaced .
By midday Thursday Symantec had spotted hundreds of Web sites that hosted the attack code .
The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system , said Joshua Talbot , a security intelligence manager with Symantec .
Once it has infected a PC , the Trojan sends a notification e-mail to the attackers , using a US-based , free e-mail service that Symantec declined to name .
" Relatedly , reader N ! NJA was among several to point out that Microsoft has apparently been aware of this flaw since September .</tokentext>
<sentencetext>itwbennett writes "The first widespread attack to leverage the Internet Explorer flaw that Microsoft patched in an emergency update Thursday morning has surfaced.
By midday Thursday Symantec had spotted hundreds of Web sites that hosted the attack code.
The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec.
Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a US-based, free e-mail service that Symantec declined to name.
"
Relatedly, reader N!NJA was among several to point out that Microsoft has apparently been aware of this flaw since September.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869858</id>
	<title>Re:This clearly needs 10 more stories</title>
	<author>Arancaytar</author>
	<datestamp>1264264320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Is Microsoft's failure to patch speedily yet another indication that Obama's administration is failing to meet its promises?</p></div> </blockquote><p>Absolutely!<nobr> <wbr></nobr>:-P</p></div>
	</htmltext>
<tokenext>Is Microsoft 's failure to patch speedily yet another indication that Obama 's administration is failing to meet its promises ?
Absolutely ! : -P</tokentext>
<sentencetext>Is Microsoft's failure to patch speedily yet another indication that Obama's administration is failing to meet its promises?
Absolutely! :-P
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30876820</id>
	<title>Internal Access</title>
	<author>Anonymous</author>
	<datestamp>1264326300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>OK, So how many at Microsoft have access to the IE defect database?  Surely there is the risk of an insider selling knowledge of known defects to the hackers.  Logged in September, Sold in October, Exploited developed in a few months - sounds reasonable to me.</p></htmltext>
<tokenext>OK , So how many at Microsoft have access to the IE defect database ?
Surely there is the risk of an insider selling knowledge of known defects to the hackers .
Logged in September , Sold in October , Exploited developed in a few months - sounds reasonable to me .</tokentext>
<sentencetext>OK, So how many at Microsoft have access to the IE defect database?
Surely there is the risk of an insider selling knowledge of known defects to the hackers.
Logged in September, Sold in October, Exploited developed in a few months - sounds reasonable to me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870482</id>
	<title>Re:threat?</title>
	<author>Phroggy</author>
	<datestamp>1264269780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Microsoft's reasoning is this:</p><p>Most security flaws are found by white-hats, who report the flaw to the vendor and keep their mouth shut until the vendor releases a patch - and even then, the details of exactly how to exploit it are usually not disclosed right away.  However, as soon as the patch is released, the black-hats (who had previously been unaware that the flaw existed) now begin analyzing the patch itself, to see what it changes - and they soon figure out how to exploit the flaw in unpatched systems.</p><p>If Microsoft releases patches immediately as soon as the patches are available, the black-hats will begin working on them immediately and will have an exploit soon.  But although individual consumers might have automatic updates enabled, corporate IT departments prefer to test things before deployment, and this is much easier to do when patches are released on a schedule - for example, if all patches are always released on the second Tuesday of the month, then an IT department can plan to begin testing new patches on that day, push out updates to workstations Wednesday night, and schedule downtime to update production servers Friday night.  If they work this into their schedule, patches will get deployed quickly, and with any luck, the black-hats won't hit them with an exploit within those few days.</p><p>But if patches are released whenever they become available, IT departments can't prepare for them, and are more likely to put them off until it's convenient.  Maybe that'll be a couple of weeks - but maybe it'll be a couple of months, because there is no coherent plan for deploying updates at all.  This gives the black-hats plenty of time to weaponize the exploit, and script kiddies to start using it.</p><p>So, if you assume that in most cases the black-hats don't find bugs before the patch is released, Microsoft's strategy is actually good.  The danger, of course, is that if the black-hats discover the flaws before a patch has been made available, and are quietly exploiting them without drawing attention to themselves, then Microsoft's strategy is bad.</p></htmltext>
<tokenext>Microsoft 's reasoning is this : Most security flaws are found by white-hats , who report the flaw to the vendor and keep their mouth shut until the vendor releases a patch - and even then , the details of exactly how to exploit it are usually not disclosed right away .
However , as soon as the patch is released , the black-hats ( who had previously been unaware that the flaw existed ) now begin analyzing the patch itself , to see what it changes - and they soon figure out how to exploit the flaw in unpatched systems.If Microsoft releases patches immediately as soon as the patches are available , the black-hats will begin working on them immediately and will have an exploit soon .
But although individual consumers might have automatic updates enabled , corporate IT departments prefer to test things before deployment , and this is much easier to do when patches are released on a schedule - for example , if all patches are always released on the second Tuesday of the month , then an IT department can plan to begin testing new patches on that day , push out updates to workstations Wednesday night , and schedule downtime to update production servers Friday night .
If they work this into their schedule , patches will get deployed quickly , and with any luck , the black-hats wo n't hit them with an exploit within those few days.But if patches are released whenever they become available , IT departments ca n't prepare for them , and are more likely to put them off until it 's convenient .
Maybe that 'll be a couple of weeks - but maybe it 'll be a couple of months , because there is no coherent plan for deploying updates at all .
This gives the black-hats plenty of time to weaponize the exploit , and script kiddies to start using it.So , if you assume that in most cases the black-hats do n't find bugs before the patch is released , Microsoft 's strategy is actually good .
The danger , of course , is that if the black-hats discover the flaws before a patch has been made available , and are quietly exploiting them without drawing attention to themselves , then Microsoft 's strategy is bad .</tokentext>
<sentencetext>Microsoft's reasoning is this:Most security flaws are found by white-hats, who report the flaw to the vendor and keep their mouth shut until the vendor releases a patch - and even then, the details of exactly how to exploit it are usually not disclosed right away.
However, as soon as the patch is released, the black-hats (who had previously been unaware that the flaw existed) now begin analyzing the patch itself, to see what it changes - and they soon figure out how to exploit the flaw in unpatched systems.If Microsoft releases patches immediately as soon as the patches are available, the black-hats will begin working on them immediately and will have an exploit soon.
But although individual consumers might have automatic updates enabled, corporate IT departments prefer to test things before deployment, and this is much easier to do when patches are released on a schedule - for example, if all patches are always released on the second Tuesday of the month, then an IT department can plan to begin testing new patches on that day, push out updates to workstations Wednesday night, and schedule downtime to update production servers Friday night.
If they work this into their schedule, patches will get deployed quickly, and with any luck, the black-hats won't hit them with an exploit within those few days.But if patches are released whenever they become available, IT departments can't prepare for them, and are more likely to put them off until it's convenient.
Maybe that'll be a couple of weeks - but maybe it'll be a couple of months, because there is no coherent plan for deploying updates at all.
This gives the black-hats plenty of time to weaponize the exploit, and script kiddies to start using it.So, if you assume that in most cases the black-hats don't find bugs before the patch is released, Microsoft's strategy is actually good.
The danger, of course, is that if the black-hats discover the flaws before a patch has been made available, and are quietly exploiting them without drawing attention to themselves, then Microsoft's strategy is bad.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802</id>
	<title>Exactly how does it work.</title>
	<author>Murdoch5</author>
	<datestamp>1264263780000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext>What protocol is used to search the system?  sure the attacker can get in but once inside just how much access do they have.
<br>
<br>
Do they get returned an FTP / HTTP view of the computer folder by folder.  Do you get kicked into a telnet terminal / ssh terminal maybe even a NFS terminal.
<br>
<br>
Correct me if I'm wrong (but I do have a CCNA cert)  Why not block the access ports that get opened, unless it's port 80 and then filter the traffic.
<br>
<br>
Yes it's microsofts problem to roll out a patch and fix the bug but it seems like theres a lot that the user could do before the patch is ready.</htmltext>
<tokenext>What protocol is used to search the system ?
sure the attacker can get in but once inside just how much access do they have .
Do they get returned an FTP / HTTP view of the computer folder by folder .
Do you get kicked into a telnet terminal / ssh terminal maybe even a NFS terminal .
Correct me if I 'm wrong ( but I do have a CCNA cert ) Why not block the access ports that get opened , unless it 's port 80 and then filter the traffic .
Yes it 's microsofts problem to roll out a patch and fix the bug but it seems like theres a lot that the user could do before the patch is ready .</tokentext>
<sentencetext>What protocol is used to search the system?
sure the attacker can get in but once inside just how much access do they have.
Do they get returned an FTP / HTTP view of the computer folder by folder.
Do you get kicked into a telnet terminal / ssh terminal maybe even a NFS terminal.
Correct me if I'm wrong (but I do have a CCNA cert)  Why not block the access ports that get opened, unless it's port 80 and then filter the traffic.
Yes it's microsofts problem to roll out a patch and fix the bug but it seems like theres a lot that the user could do before the patch is ready.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871344</id>
	<title>Re:kind of makes you wonder</title>
	<author>awyeah</author>
	<datestamp>1264276560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The other problem is that as a company, you can't just make a patch and send it off like you can with open source.  You have to QA the thing first.  Plus, I'd bet some companies have procedures and sign-offs that need to happen.  Basically, red tape.</p></htmltext>
<tokenext>The other problem is that as a company , you ca n't just make a patch and send it off like you can with open source .
You have to QA the thing first .
Plus , I 'd bet some companies have procedures and sign-offs that need to happen .
Basically , red tape .</tokentext>
<sentencetext>The other problem is that as a company, you can't just make a patch and send it off like you can with open source.
You have to QA the thing first.
Plus, I'd bet some companies have procedures and sign-offs that need to happen.
Basically, red tape.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870122</id>
	<title>Re:A US-based, free e-mail service</title>
	<author>kaptink</author>
	<datestamp>1264266960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Wouldn't the obvious thing to do is shut the email account down and watch for people trying to log into it?</p></htmltext>
<tokenext>Would n't the obvious thing to do is shut the email account down and watch for people trying to log into it ?</tokentext>
<sentencetext>Wouldn't the obvious thing to do is shut the email account down and watch for people trying to log into it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870016</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869798</id>
	<title>Attacking hate comments ain't changing the facts</title>
	<author>Anonymous</author>
	<datestamp>1264263780000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>To all M$ lovers: once more it seems uh!?</p><p>Please paid M$ astro-turfers, do attack and mod down this comment and ignore the facts<nobr> <wbr></nobr>;)</p></htmltext>
<tokenext>To all M $ lovers : once more it seems uh !
? Please paid M $ astro-turfers , do attack and mod down this comment and ignore the facts ; )</tokentext>
<sentencetext>To all M$ lovers: once more it seems uh!
?Please paid M$ astro-turfers, do attack and mod down this comment and ignore the facts ;)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30877042</id>
	<title>Re:kind of makes you wonder</title>
	<author>Foredecker</author>
	<datestamp>1264330860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Dang - you mean that with open source you cna just patch someting and send it out with out testing it!  Wow. That's AWSOME!</htmltext>
<tokenext>Dang - you mean that with open source you cna just patch someting and send it out with out testing it !
Wow. That 's AWSOME !</tokentext>
<sentencetext>Dang - you mean that with open source you cna just patch someting and send it out with out testing it!
Wow. That's AWSOME!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871344</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870434</id>
	<title>Re:kind of makes you wonder</title>
	<author>X0563511</author>
	<datestamp>1264269480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>I like to think that the code for IE is so horribly mangled that it takes a solid month to get the thing to build (including compile errors, stupid typo bugs, compile time, compiling for all the different windows configs, etc)</p><p>It makes me feel nicer that it could just be a shitty project, rather than just shitty people.</p></htmltext>
<tokenext>I like to think that the code for IE is so horribly mangled that it takes a solid month to get the thing to build ( including compile errors , stupid typo bugs , compile time , compiling for all the different windows configs , etc ) It makes me feel nicer that it could just be a shitty project , rather than just shitty people .</tokentext>
<sentencetext>I like to think that the code for IE is so horribly mangled that it takes a solid month to get the thing to build (including compile errors, stupid typo bugs, compile time, compiling for all the different windows configs, etc)It makes me feel nicer that it could just be a shitty project, rather than just shitty people.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30887408</id>
	<title>Re:A US-based, free e-mail service</title>
	<author>isorox</author>
	<datestamp>1264412400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>Hotmail, perhaps? No?</i></p><p>I assumed that, but gmail may be more appropiate, given the nature of the first exploit to hit the news</p></htmltext>
<tokenext>Hotmail , perhaps ?
No ? I assumed that , but gmail may be more appropiate , given the nature of the first exploit to hit the news</tokentext>
<sentencetext>Hotmail, perhaps?
No?I assumed that, but gmail may be more appropiate, given the nature of the first exploit to hit the news</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870016</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870112</id>
	<title>Update your Acrobat Reader.</title>
	<author>Anonymous</author>
	<datestamp>1264266840000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>There was a similar hole in the way <a href="http://www.adobe.com/support/security/bulletins/apsb10-02.html" title="adobe.com" rel="nofollow">Acrobat Reader</a> [adobe.com] prior to 9.2 handled xml multimedia calls. And there were resent releases of updates for <a href="http://www.adobe.com/support/security/bulletins/apsb10-03.html" title="adobe.com" rel="nofollow">Shockwave Flash.</a> [adobe.com] <p> It is rather telling that the same type of buffer trouble is showing up in other peoples software. I am just wondering if the flood "Gates" are about to open and we will wind up seeing multiple trouble with things like WMP, Silverlight<nobr> <wbr></nobr>...there was already the same update happening for<a href="http://service.real.com/realplayer/security/01192010\_player/en/" title="real.com" rel="nofollow"> RealPlayer</a> [real.com] </p><p>Just maybe there is a system xml call that is easily exploited in all versions of Windows....I can just see it now some lazy MS exec using old legacy system xml that is written using the gets and puts function. I would not put it past Microsoft to use old garbage code without even checking the old source then including the pre-compiled executable</p></htmltext>
<tokenext>There was a similar hole in the way Acrobat Reader [ adobe.com ] prior to 9.2 handled xml multimedia calls .
And there were resent releases of updates for Shockwave Flash .
[ adobe.com ] It is rather telling that the same type of buffer trouble is showing up in other peoples software .
I am just wondering if the flood " Gates " are about to open and we will wind up seeing multiple trouble with things like WMP , Silverlight ...there was already the same update happening for RealPlayer [ real.com ] Just maybe there is a system xml call that is easily exploited in all versions of Windows....I can just see it now some lazy MS exec using old legacy system xml that is written using the gets and puts function .
I would not put it past Microsoft to use old garbage code without even checking the old source then including the pre-compiled executable</tokentext>
<sentencetext>There was a similar hole in the way Acrobat Reader [adobe.com] prior to 9.2 handled xml multimedia calls.
And there were resent releases of updates for Shockwave Flash.
[adobe.com]  It is rather telling that the same type of buffer trouble is showing up in other peoples software.
I am just wondering if the flood "Gates" are about to open and we will wind up seeing multiple trouble with things like WMP, Silverlight ...there was already the same update happening for RealPlayer [real.com] Just maybe there is a system xml call that is easily exploited in all versions of Windows....I can just see it now some lazy MS exec using old legacy system xml that is written using the gets and puts function.
I would not put it past Microsoft to use old garbage code without even checking the old source then including the pre-compiled executable</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872146</id>
	<title>Re:kind of makes you wonder</title>
	<author>bug</author>
	<datestamp>1264238460000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>Security firm eEye used to keep a long list of Internet Explorer vulnerabilities that they had reported to Microsoft, but Microsoft hadn't developed patches for.  eEye's list tracked how many months, or even years, Microsoft had known about the vulnerabilities without releasing a patch.  A few years ago, under pressure from Microsoft, eEye agreed to take their list down.  Microsoft happens to be a big customer of eEye's, and presumably is responsible for a lot of eEye's revenue.  This has been fairly typical behavior for security firms that have signed lucrative contracts with Microsoft over the last few years, and one wonders how much of this type of thing is merely hush money.</htmltext>
<tokenext>Security firm eEye used to keep a long list of Internet Explorer vulnerabilities that they had reported to Microsoft , but Microsoft had n't developed patches for .
eEye 's list tracked how many months , or even years , Microsoft had known about the vulnerabilities without releasing a patch .
A few years ago , under pressure from Microsoft , eEye agreed to take their list down .
Microsoft happens to be a big customer of eEye 's , and presumably is responsible for a lot of eEye 's revenue .
This has been fairly typical behavior for security firms that have signed lucrative contracts with Microsoft over the last few years , and one wonders how much of this type of thing is merely hush money .</tokentext>
<sentencetext>Security firm eEye used to keep a long list of Internet Explorer vulnerabilities that they had reported to Microsoft, but Microsoft hadn't developed patches for.
eEye's list tracked how many months, or even years, Microsoft had known about the vulnerabilities without releasing a patch.
A few years ago, under pressure from Microsoft, eEye agreed to take their list down.
Microsoft happens to be a big customer of eEye's, and presumably is responsible for a lot of eEye's revenue.
This has been fairly typical behavior for security firms that have signed lucrative contracts with Microsoft over the last few years, and one wonders how much of this type of thing is merely hush money.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871456</id>
	<title>Re:kind of makes you wonder</title>
	<author>Ifni</author>
	<datestamp>1264277160000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>Not to spark a conspiracy theory, but how much do you suppose some over-worked, under-paid, and under-appreciated Microsoft employee was paid by an agent of the Chinese government to provide this flaw from the list of yet to be addressed flaws?  How much money do you think there is in selling these exploits in major software products to enemies of the state?  I'm not implying that Microsoft does this intentionally, but I can see how their cavalier attitude can certainly create such an opportunity for Microsoft employees in the know.  This should certainly be looked into by law enforcement officials to make sure that such leaks don't actually exist.</htmltext>
<tokenext>Not to spark a conspiracy theory , but how much do you suppose some over-worked , under-paid , and under-appreciated Microsoft employee was paid by an agent of the Chinese government to provide this flaw from the list of yet to be addressed flaws ?
How much money do you think there is in selling these exploits in major software products to enemies of the state ?
I 'm not implying that Microsoft does this intentionally , but I can see how their cavalier attitude can certainly create such an opportunity for Microsoft employees in the know .
This should certainly be looked into by law enforcement officials to make sure that such leaks do n't actually exist .</tokentext>
<sentencetext>Not to spark a conspiracy theory, but how much do you suppose some over-worked, under-paid, and under-appreciated Microsoft employee was paid by an agent of the Chinese government to provide this flaw from the list of yet to be addressed flaws?
How much money do you think there is in selling these exploits in major software products to enemies of the state?
I'm not implying that Microsoft does this intentionally, but I can see how their cavalier attitude can certainly create such an opportunity for Microsoft employees in the know.
This should certainly be looked into by law enforcement officials to make sure that such leaks don't actually exist.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30878690</id>
	<title>APK ALERT - DO NOT ANSWER THIS FUCKTARD</title>
	<author>Anonymous</author>
	<datestamp>1264351980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p> <b>APK ALERT - DO NOT ANSWER THIS FUCKTARD</b> </p><p>Unless you enjoy repeated copy/pasted answers and being insulted. His ego will not allow for discussion and any time you spend constructing a reasoned point for this moron will be time wasted. The only thing more terrible than him as a person is his terrible programming ability and shitty shareware utilities, for which he is inexplicably proud.</p><p>See <a href="http://forums.techguy.org/civilized-debate/663221-do-you-like-internet-explorer.html" title="techguy.org" rel="nofollow">here</a> [techguy.org] for an example of the kind of crap you'd be letting yourself in for.</p><p>Please warn others if you see him post (anonymously, he has a history of stalking). Just pretend he isn't there and you can't see his drivel. Whatever you do, DO NOT FEED THE TROLL.</p></htmltext>
<tokenext>APK ALERT - DO NOT ANSWER THIS FUCKTARD Unless you enjoy repeated copy/pasted answers and being insulted .
His ego will not allow for discussion and any time you spend constructing a reasoned point for this moron will be time wasted .
The only thing more terrible than him as a person is his terrible programming ability and shitty shareware utilities , for which he is inexplicably proud.See here [ techguy.org ] for an example of the kind of crap you 'd be letting yourself in for.Please warn others if you see him post ( anonymously , he has a history of stalking ) .
Just pretend he is n't there and you ca n't see his drivel .
Whatever you do , DO NOT FEED THE TROLL .</tokentext>
<sentencetext> APK ALERT - DO NOT ANSWER THIS FUCKTARD Unless you enjoy repeated copy/pasted answers and being insulted.
His ego will not allow for discussion and any time you spend constructing a reasoned point for this moron will be time wasted.
The only thing more terrible than him as a person is his terrible programming ability and shitty shareware utilities, for which he is inexplicably proud.See here [techguy.org] for an example of the kind of crap you'd be letting yourself in for.Please warn others if you see him post (anonymously, he has a history of stalking).
Just pretend he isn't there and you can't see his drivel.
Whatever you do, DO NOT FEED THE TROLL.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872712</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870260</id>
	<title>Re:kind of makes you wonder</title>
	<author>Runaway1956</author>
	<datestamp>1264268160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>"Kinda makes you wonder" if it's another slow news day.  I mean, how many people did NOT see this coming?  Even Joe Sixpack probably had this figured out - assuming that he even watches the evening news.  Wait - maybe I'm getting senile.  Joe stopped watching the news when he figured out how to schedule his programming around ESPN, More Gore Television, and Hot Chicks After Hours.</p><p>Phhht.  Maybe this IS news to part of the world?</p></htmltext>
<tokenext>" Kinda makes you wonder " if it 's another slow news day .
I mean , how many people did NOT see this coming ?
Even Joe Sixpack probably had this figured out - assuming that he even watches the evening news .
Wait - maybe I 'm getting senile .
Joe stopped watching the news when he figured out how to schedule his programming around ESPN , More Gore Television , and Hot Chicks After Hours.Phhht .
Maybe this IS news to part of the world ?</tokentext>
<sentencetext>"Kinda makes you wonder" if it's another slow news day.
I mean, how many people did NOT see this coming?
Even Joe Sixpack probably had this figured out - assuming that he even watches the evening news.
Wait - maybe I'm getting senile.
Joe stopped watching the news when he figured out how to schedule his programming around ESPN, More Gore Television, and Hot Chicks After Hours.Phhht.
Maybe this IS news to part of the world?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30877162</id>
	<title>Re:kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264333080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>How about this: with a commercial software vendor - heck, lets just use
Microsoft - you have a vendor that has the funds and qualified staff to fix
problems quickly; Seucrity and regular bugs alike. You likely have a
support contract that requires this. Things are found and fixed quickly
and reliably. There are people whos job it is to respond to email
and answer the telephone. Heck, they will even fly out to your site if they
need to. If you are in a moderately big city there is likely support
people already there.</p><p>Ok, with Redhat someone can get the same thing, becuase
they pay $800 a year for support.</p><p>Here is another way to look at it: you suspect you have a bug in some
OSS software...<nobr> <wbr></nobr>.Lets say its a major one like Firefox. You send the
security email alias a mail (there is no phone number). Its a good group
of people, but hey, they are busy and you dont have any kind of business
relationship with them. No money changed hands, you have no support
contract. They are under no obligationto help you at all - the
license agreemetn even says so. You downloaded Firefox for free remember?
You are dependant upon their largese and good repuation (and with Mozial, it is
good). </p><p>So you hope they can get around to it - they have some people you can
exchange email with, and a bug you can watch. Thats groovy, but there are
no solid expectations? They fix bugs and are generally reliable about
getting patches out. They have a schedule and everything, but are not
under any obligation to do so for you in particular. They are good honest
folks so Im sure they will get to it sooner or later. </p><p>Like I <a href="http://slashdot.org/comments.pl?sid=1521956&amp;cid=30877024" title="slashdot.org">just
mentioned</a> [slashdot.org] to <a href="http://slashdot.org/~X0563511" title="slashdot.org">X0563511</a> [slashdot.org], I dont by the argument that &quot;its open so anybody can look at it and fix
bugs&quot;. Thats just bogus. Yes, of course its open. I saw
a hilariously appropriate post on Slashdot a while back (paraphrasing):
</p><blockquote><div><p>	The ratio of people that comment on security problems to the people actualy
	qualifed to fix them is about 1000000:1.</p></div></blockquote><p>Its a myth that for any given open source project there are legions of
devleopers with the skills, knowledge and expertise to correctly fix complex
security bugs and issue a patch as you say &quot;fixed tomorrow&quot;.
Its not even a good myth. The Myth Busters wont be interested. </p><p>All the major OSS projects have teams that own the code - just like
Microsoft. They dont let just anybody fix bugs - let alone security
bugs. The have bug triage and code review processes - just like Microsoft.
They also have test, QA and releases processes too. Note there is at least one
guy thinks security bugs in OSS code can be fixed with no QA (read
<a href="http://slashdot.org/comments.pl?sid=1521956&amp;cid=30871344" title="slashdot.org">this
golden post</a> [slashdot.org]...) and no, hes not being subtly humorous, just naive. </p><p>All major OSS projects have a vetting and qualification process just like we
do. For example, I can fix security bugs in code I own, but not in
the Windows kernel. Even for changes in my code I get a seucrity dude to
do a code review. </p><p>Ill ask you this - how many security code reviews on other peoples code have
you done? How many bugs have been fixed as a result? How many
did you fix? Can you link to the bugs and change lists in a
repository somwhere? </p><p>Fixing security bugs is hard - harder than regular bugs and those can be
hard. You really think that just any old developer can just dive right in
and triage and fix security bugs? Really? Do you think the
owning teams would let you? If so, then go read some of polices of
major OSS projects, like the Mozilla pages
<a href="http://www.mozilla.org/projects/security/security-bugs-policy.html" title="mozilla.org">
here</a> [mozilla.org]. &quot;Virtually anyone&quot; is most certainly not
allowed to just dive in and fix security bugs in Firefox - hey wont let you
unless you are qualifed and vetted. </p><p>So look, I really do love open source software. The fact that it is
open and anyone can look at it is groovy, and cool, and noble. I
agree that it gives those projets a certain competative advantages that we do
not enjoy. But just becuase you cannot see Windows or IE source, doesnt
mean there isnt a bunch of capeable people looking at it - often. There
are - its just not you. Note this includes a lot of non-micosoft people as well.
Surprised? Have you read
<a href="http://www.microsoft.com/resources/sharedsource/default.mspx" title="microsoft.com">this</a> [microsoft.com]?
</p><p>Lastly, please excuse any spelling or punctuation mistakes - Im a terrible
proof reader and its late...</p><p>-<em>Foredecker</em> </p></div>
	</htmltext>
<tokenext>How about this : with a commercial software vendor - heck , lets just use Microsoft - you have a vendor that has the funds and qualified staff to fix problems quickly ; Seucrity and regular bugs alike .
You likely have a support contract that requires this .
Things are found and fixed quickly and reliably .
There are people whos job it is to respond to email and answer the telephone .
Heck , they will even fly out to your site if they need to .
If you are in a moderately big city there is likely support people already there.Ok , with Redhat someone can get the same thing , becuase they pay $ 800 a year for support.Here is another way to look at it : you suspect you have a bug in some OSS software... .Lets say its a major one like Firefox .
You send the security email alias a mail ( there is no phone number ) .
Its a good group of people , but hey , they are busy and you dont have any kind of business relationship with them .
No money changed hands , you have no support contract .
They are under no obligationto help you at all - the license agreemetn even says so .
You downloaded Firefox for free remember ?
You are dependant upon their largese and good repuation ( and with Mozial , it is good ) .
So you hope they can get around to it - they have some people you can exchange email with , and a bug you can watch .
Thats groovy , but there are no solid expectations ?
They fix bugs and are generally reliable about getting patches out .
They have a schedule and everything , but are not under any obligation to do so for you in particular .
They are good honest folks so Im sure they will get to it sooner or later .
Like I just mentioned [ slashdot.org ] to X0563511 [ slashdot.org ] , I dont by the argument that " its open so anybody can look at it and fix bugs " .
Thats just bogus .
Yes , of course its open .
I saw a hilariously appropriate post on Slashdot a while back ( paraphrasing ) : The ratio of people that comment on security problems to the people actualy qualifed to fix them is about 1000000 : 1.Its a myth that for any given open source project there are legions of devleopers with the skills , knowledge and expertise to correctly fix complex security bugs and issue a patch as you say " fixed tomorrow " .
Its not even a good myth .
The Myth Busters wont be interested .
All the major OSS projects have teams that own the code - just like Microsoft .
They dont let just anybody fix bugs - let alone security bugs .
The have bug triage and code review processes - just like Microsoft .
They also have test , QA and releases processes too .
Note there is at least one guy thinks security bugs in OSS code can be fixed with no QA ( read this golden post [ slashdot.org ] ... ) and no , hes not being subtly humorous , just naive .
All major OSS projects have a vetting and qualification process just like we do .
For example , I can fix security bugs in code I own , but not in the Windows kernel .
Even for changes in my code I get a seucrity dude to do a code review .
Ill ask you this - how many security code reviews on other peoples code have you done ?
How many bugs have been fixed as a result ?
How many did you fix ?
Can you link to the bugs and change lists in a repository somwhere ?
Fixing security bugs is hard - harder than regular bugs and those can be hard .
You really think that just any old developer can just dive right in and triage and fix security bugs ?
Really ? Do you think the owning teams would let you ?
If so , then go read some of polices of major OSS projects , like the Mozilla pages here [ mozilla.org ] .
" Virtually anyone " is most certainly not allowed to just dive in and fix security bugs in Firefox - hey wont let you unless you are qualifed and vetted .
So look , I really do love open source software .
The fact that it is open and anyone can look at it is groovy , and cool , and noble .
I agree that it gives those projets a certain competative advantages that we do not enjoy .
But just becuase you can not see Windows or IE source , doesnt mean there isnt a bunch of capeable people looking at it - often .
There are - its just not you .
Note this includes a lot of non-micosoft people as well .
Surprised ? Have you read this [ microsoft.com ] ?
Lastly , please excuse any spelling or punctuation mistakes - Im a terrible proof reader and its late...-Foredecker</tokentext>
<sentencetext>How about this: with a commercial software vendor - heck, lets just use
Microsoft - you have a vendor that has the funds and qualified staff to fix
problems quickly; Seucrity and regular bugs alike.
You likely have a
support contract that requires this.
Things are found and fixed quickly
and reliably.
There are people whos job it is to respond to email
and answer the telephone.
Heck, they will even fly out to your site if they
need to.
If you are in a moderately big city there is likely support
people already there.Ok, with Redhat someone can get the same thing, becuase
they pay $800 a year for support.Here is another way to look at it: you suspect you have a bug in some
OSS software... .Lets say its a major one like Firefox.
You send the
security email alias a mail (there is no phone number).
Its a good group
of people, but hey, they are busy and you dont have any kind of business
relationship with them.
No money changed hands, you have no support
contract.
They are under no obligationto help you at all - the
license agreemetn even says so.
You downloaded Firefox for free remember?
You are dependant upon their largese and good repuation (and with Mozial, it is
good).
So you hope they can get around to it - they have some people you can
exchange email with, and a bug you can watch.
Thats groovy, but there are
no solid expectations?
They fix bugs and are generally reliable about
getting patches out.
They have a schedule and everything, but are not
under any obligation to do so for you in particular.
They are good honest
folks so Im sure they will get to it sooner or later.
Like I just
mentioned [slashdot.org] to X0563511 [slashdot.org], I dont by the argument that "its open so anybody can look at it and fix
bugs".
Thats just bogus.
Yes, of course its open.
I saw
a hilariously appropriate post on Slashdot a while back (paraphrasing):
	The ratio of people that comment on security problems to the people actualy
	qualifed to fix them is about 1000000:1.Its a myth that for any given open source project there are legions of
devleopers with the skills, knowledge and expertise to correctly fix complex
security bugs and issue a patch as you say "fixed tomorrow".
Its not even a good myth.
The Myth Busters wont be interested.
All the major OSS projects have teams that own the code - just like
Microsoft.
They dont let just anybody fix bugs - let alone security
bugs.
The have bug triage and code review processes - just like Microsoft.
They also have test, QA and releases processes too.
Note there is at least one
guy thinks security bugs in OSS code can be fixed with no QA (read
this
golden post [slashdot.org]...) and no, hes not being subtly humorous, just naive.
All major OSS projects have a vetting and qualification process just like we
do.
For example, I can fix security bugs in code I own, but not in
the Windows kernel.
Even for changes in my code I get a seucrity dude to
do a code review.
Ill ask you this - how many security code reviews on other peoples code have
you done?
How many bugs have been fixed as a result?
How many
did you fix?
Can you link to the bugs and change lists in a
repository somwhere?
Fixing security bugs is hard - harder than regular bugs and those can be
hard.
You really think that just any old developer can just dive right in
and triage and fix security bugs?
Really? Do you think the
owning teams would let you?
If so, then go read some of polices of
major OSS projects, like the Mozilla pages

here [mozilla.org].
"Virtually anyone" is most certainly not
allowed to just dive in and fix security bugs in Firefox - hey wont let you
unless you are qualifed and vetted.
So look, I really do love open source software.
The fact that it is
open and anyone can look at it is groovy, and cool, and noble.
I
agree that it gives those projets a certain competative advantages that we do
not enjoy.
But just becuase you cannot see Windows or IE source, doesnt
mean there isnt a bunch of capeable people looking at it - often.
There
are - its just not you.
Note this includes a lot of non-micosoft people as well.
Surprised? Have you read
this [microsoft.com]?
Lastly, please excuse any spelling or punctuation mistakes - Im a terrible
proof reader and its late...-Foredecker 
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871766</id>
	<title>Re:kind of makes you wonder</title>
	<author>Dilligent</author>
	<datestamp>1264279080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Mod parent up, exactly my thoughts as a Software Developer as well.</htmltext>
<tokenext>Mod parent up , exactly my thoughts as a Software Developer as well .</tokentext>
<sentencetext>Mod parent up, exactly my thoughts as a Software Developer as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870134</id>
	<title>Re:This clearly needs 10 more stories</title>
	<author>Anonymous</author>
	<datestamp>1264267080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Anyone who falls victim to it now" is a typical Microsoft client. The IE security flaw in Windows has been arguably patched for years already anyway -- it's called Firefox.</p><p>Right now we're in NASCAR effect - this is the slowmo replay of the latest pileup that has included major governments saying stop using the browser. You think it stopped being notable after the original tire blew? Rub a lamp. There's at least a full week's worth of commentary about the individual cars wrapping into balls on the guardrail now.</p><p>Which is great. MS's crap approach to security needs broader, louder coverage. Clearly it hasn't been loud enough yet.</p></htmltext>
<tokenext>" Anyone who falls victim to it now " is a typical Microsoft client .
The IE security flaw in Windows has been arguably patched for years already anyway -- it 's called Firefox.Right now we 're in NASCAR effect - this is the slowmo replay of the latest pileup that has included major governments saying stop using the browser .
You think it stopped being notable after the original tire blew ?
Rub a lamp .
There 's at least a full week 's worth of commentary about the individual cars wrapping into balls on the guardrail now.Which is great .
MS 's crap approach to security needs broader , louder coverage .
Clearly it has n't been loud enough yet .</tokentext>
<sentencetext>"Anyone who falls victim to it now" is a typical Microsoft client.
The IE security flaw in Windows has been arguably patched for years already anyway -- it's called Firefox.Right now we're in NASCAR effect - this is the slowmo replay of the latest pileup that has included major governments saying stop using the browser.
You think it stopped being notable after the original tire blew?
Rub a lamp.
There's at least a full week's worth of commentary about the individual cars wrapping into balls on the guardrail now.Which is great.
MS's crap approach to security needs broader, louder coverage.
Clearly it hasn't been loud enough yet.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872712</id>
	<title>Foredecker, let me "lay it on the table" for you</title>
	<author>Anonymous</author>
	<datestamp>1264242780000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><div class="quote"><p><b>"So are you are calling people at Microsoft shitty? If you are than Ill ask you this: Really? Is that the best you can do? Name calling? Okey dokey then..."</b> - by Foredecker (161844) * on Saturday January 23, @02:12PM (#30871504) Homepage</p></div><p>Well, then I'll just "cut to the chase" here, for you Foredecker, as I did here vs. these STUPID trolls in your defense today -&gt; <a href="http://slashdot.org/comments.pl?sid=1518398&amp;cid=30871878" title="slashdot.org" rel="nofollow">http://slashdot.org/comments.pl?sid=1518398&amp;cid=30871878</a> [slashdot.org]</p><p><b>THEY ARE A PACK OF UNDEREDUCATED SHITHEAD TROLLS MAN, who are DEFINITELY "big talkers" but no substance OR visible accomplishments to their names/credits, first of all...</b></p><p><b>Secondly?</b></p><p><b>They'll do ANYTHING so their [insert *NIX flavor of the day here] gets a bit more "market share"... lol, only thing is? Well, I have been hearing "THIS IS THE YEAR OF LINUX" or "THIS IS THE YEAR OF MACOS X v whatever" for oh, almost 6++ yrs. whilst I 'hang around here'</b></p><p>(NO *NIX variant, ever will, or it would have by now... &amp; they're in the stark realization that your companies' softwares ARE ON TOP, &amp; it makes them angry they made the "incorrect choice" basically... lol, and we ALL know it!)</p><p>So, they then resort to their what I call "NOT MEN" ways, &amp; b.s., lie, or otherwise harass &amp; troll others who point these WIDELY KNOWN FACTS out to they... as they did to me here this week -&gt; <a href="http://linux.slashdot.org/comments.pl?sid=1519330&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30853490" title="slashdot.org" rel="nofollow">http://linux.slashdot.org/comments.pl?sid=1519330&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30853490</a> [slashdot.org] &amp; all they had was ATTEMPTED "adhominem attacks" directed my way, but, nothing of substance (&amp; I even easily turned aside their b.s. there on those too... as they're NOT too well, generally "intellectually gifted", lol, shall we say!)</p><p>So, now that I've got that "all said &amp; aside", well, in closing...?</p><p><b>Don't let these little prick trolls get to you man - they're something to amuse yourself with actually, because WE ALL KNOW WHO IS #1 OUT THERE</b> (MS).</p><p>APK</p><p>P.S.=&gt; I don't HAVE to be "nice" about this either, as you most likely do... you have a position to defend as a representative of your company in Microsoft here - were I in the SAME position? I'd do the same, I'd have to... sucks to have "chains" on you but, that's how it is @ times!</p><p>NOW - <b>WHAT they DO want you to "pop" on them. Their only "weapons" lol, as trolls, are "effete mod downs" w/out justifications, or adhominem attacks, and lastly making YOU "get angry" &amp; to waste your time @ the point when they are unable to defeat facts, with their fictions + lies &amp; more... they're pitiful man: Get a laugh out of them!</b></p><p>NOW, couple last things:</p><p>I actually DO like LINUX (it's come a LONG WAYS since I first tried it in Slackware 1.02 circa 1994 iirc, &amp; even MacOS X... both work, both are a pleasure to use, &amp; they generally are pretty solid @ this point...</p><p>However/by the same token?</p><p><b>I do NOT like their "Pro-*NIX troll community" around here... they're nostly juvenile 10-below plantlife IQ bearing little PUNKS, &amp; ones with no accomplishments to their names &amp; they waste time b.s.'ing others with false PR that is very "Anti-MS" in its sentiments usually... so, instead of ACTUALLY WORKING TO HELP PATCH OR IMPROVE THEIR OPERATING SYSTEMS OF CHOICE THAT ARE *NIX VARIANTS?</b></p><p><b>These "beyotches" that gossip like women around here instead troll &amp; harass others... why is that? Because they have no real skills &amp; are useless punks, pretty simple!</b></p><p>No, this isn't ALL of you folks here @<nobr> <wbr></nobr>/. but a good deal of them fit this critique of mine, by ALL means... apk</p></div>
	</htmltext>
<tokenext>" So are you are calling people at Microsoft shitty ?
If you are than Ill ask you this : Really ?
Is that the best you can do ?
Name calling ?
Okey dokey then... " - by Foredecker ( 161844 ) * on Saturday January 23 , @ 02 : 12PM ( # 30871504 ) HomepageWell , then I 'll just " cut to the chase " here , for you Foredecker , as I did here vs. these STUPID trolls in your defense today - &gt; http : //slashdot.org/comments.pl ? sid = 1518398&amp;cid = 30871878 [ slashdot.org ] THEY ARE A PACK OF UNDEREDUCATED SHITHEAD TROLLS MAN , who are DEFINITELY " big talkers " but no substance OR visible accomplishments to their names/credits , first of all...Secondly ? They 'll do ANYTHING so their [ insert * NIX flavor of the day here ] gets a bit more " market share " ... lol , only thing is ?
Well , I have been hearing " THIS IS THE YEAR OF LINUX " or " THIS IS THE YEAR OF MACOS X v whatever " for oh , almost 6 + + yrs .
whilst I 'hang around here ' ( NO * NIX variant , ever will , or it would have by now... &amp; they 're in the stark realization that your companies ' softwares ARE ON TOP , &amp; it makes them angry they made the " incorrect choice " basically... lol , and we ALL know it !
) So , they then resort to their what I call " NOT MEN " ways , &amp; b.s. , lie , or otherwise harass &amp; troll others who point these WIDELY KNOWN FACTS out to they... as they did to me here this week - &gt; http : //linux.slashdot.org/comments.pl ? sid = 1519330&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30853490 [ slashdot.org ] &amp; all they had was ATTEMPTED " adhominem attacks " directed my way , but , nothing of substance ( &amp; I even easily turned aside their b.s .
there on those too... as they 're NOT too well , generally " intellectually gifted " , lol , shall we say !
) So , now that I 've got that " all said &amp; aside " , well , in closing... ? Do n't let these little prick trolls get to you man - they 're something to amuse yourself with actually , because WE ALL KNOW WHO IS # 1 OUT THERE ( MS ) .APKP.S. = &gt; I do n't HAVE to be " nice " about this either , as you most likely do... you have a position to defend as a representative of your company in Microsoft here - were I in the SAME position ?
I 'd do the same , I 'd have to... sucks to have " chains " on you but , that 's how it is @ times ! NOW - WHAT they DO want you to " pop " on them .
Their only " weapons " lol , as trolls , are " effete mod downs " w/out justifications , or adhominem attacks , and lastly making YOU " get angry " &amp; to waste your time @ the point when they are unable to defeat facts , with their fictions + lies &amp; more... they 're pitiful man : Get a laugh out of them ! NOW , couple last things : I actually DO like LINUX ( it 's come a LONG WAYS since I first tried it in Slackware 1.02 circa 1994 iirc , &amp; even MacOS X... both work , both are a pleasure to use , &amp; they generally are pretty solid @ this point...However/by the same token ? I do NOT like their " Pro- * NIX troll community " around here... they 're nostly juvenile 10-below plantlife IQ bearing little PUNKS , &amp; ones with no accomplishments to their names &amp; they waste time b.s .
'ing others with false PR that is very " Anti-MS " in its sentiments usually... so , instead of ACTUALLY WORKING TO HELP PATCH OR IMPROVE THEIR OPERATING SYSTEMS OF CHOICE THAT ARE * NIX VARIANTS ? These " beyotches " that gossip like women around here instead troll &amp; harass others... why is that ?
Because they have no real skills &amp; are useless punks , pretty simple ! No , this is n't ALL of you folks here @ / .
but a good deal of them fit this critique of mine , by ALL means... apk</tokentext>
<sentencetext>"So are you are calling people at Microsoft shitty?
If you are than Ill ask you this: Really?
Is that the best you can do?
Name calling?
Okey dokey then..." - by Foredecker (161844) * on Saturday January 23, @02:12PM (#30871504) HomepageWell, then I'll just "cut to the chase" here, for you Foredecker, as I did here vs. these STUPID trolls in your defense today -&gt; http://slashdot.org/comments.pl?sid=1518398&amp;cid=30871878 [slashdot.org]THEY ARE A PACK OF UNDEREDUCATED SHITHEAD TROLLS MAN, who are DEFINITELY "big talkers" but no substance OR visible accomplishments to their names/credits, first of all...Secondly?They'll do ANYTHING so their [insert *NIX flavor of the day here] gets a bit more "market share"... lol, only thing is?
Well, I have been hearing "THIS IS THE YEAR OF LINUX" or "THIS IS THE YEAR OF MACOS X v whatever" for oh, almost 6++ yrs.
whilst I 'hang around here'(NO *NIX variant, ever will, or it would have by now... &amp; they're in the stark realization that your companies' softwares ARE ON TOP, &amp; it makes them angry they made the "incorrect choice" basically... lol, and we ALL know it!
)So, they then resort to their what I call "NOT MEN" ways, &amp; b.s., lie, or otherwise harass &amp; troll others who point these WIDELY KNOWN FACTS out to they... as they did to me here this week -&gt; http://linux.slashdot.org/comments.pl?sid=1519330&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30853490 [slashdot.org] &amp; all they had was ATTEMPTED "adhominem attacks" directed my way, but, nothing of substance (&amp; I even easily turned aside their b.s.
there on those too... as they're NOT too well, generally "intellectually gifted", lol, shall we say!
)So, now that I've got that "all said &amp; aside", well, in closing...?Don't let these little prick trolls get to you man - they're something to amuse yourself with actually, because WE ALL KNOW WHO IS #1 OUT THERE (MS).APKP.S.=&gt; I don't HAVE to be "nice" about this either, as you most likely do... you have a position to defend as a representative of your company in Microsoft here - were I in the SAME position?
I'd do the same, I'd have to... sucks to have "chains" on you but, that's how it is @ times!NOW - WHAT they DO want you to "pop" on them.
Their only "weapons" lol, as trolls, are "effete mod downs" w/out justifications, or adhominem attacks, and lastly making YOU "get angry" &amp; to waste your time @ the point when they are unable to defeat facts, with their fictions + lies &amp; more... they're pitiful man: Get a laugh out of them!NOW, couple last things:I actually DO like LINUX (it's come a LONG WAYS since I first tried it in Slackware 1.02 circa 1994 iirc, &amp; even MacOS X... both work, both are a pleasure to use, &amp; they generally are pretty solid @ this point...However/by the same token?I do NOT like their "Pro-*NIX troll community" around here... they're nostly juvenile 10-below plantlife IQ bearing little PUNKS, &amp; ones with no accomplishments to their names &amp; they waste time b.s.
'ing others with false PR that is very "Anti-MS" in its sentiments usually... so, instead of ACTUALLY WORKING TO HELP PATCH OR IMPROVE THEIR OPERATING SYSTEMS OF CHOICE THAT ARE *NIX VARIANTS?These "beyotches" that gossip like women around here instead troll &amp; harass others... why is that?
Because they have no real skills &amp; are useless punks, pretty simple!No, this isn't ALL of you folks here @ /.
but a good deal of them fit this critique of mine, by ALL means... apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870900</id>
	<title>Re:kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264273320000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I probably know more about software development than you do, but I still don't have the free time to go around manually patching everything I run.  Open source won't solve the problem, and you're a god damned moron for thinking it would.</p></htmltext>
<tokenext>I probably know more about software development than you do , but I still do n't have the free time to go around manually patching everything I run .
Open source wo n't solve the problem , and you 're a god damned moron for thinking it would .</tokentext>
<sentencetext>I probably know more about software development than you do, but I still don't have the free time to go around manually patching everything I run.
Open source won't solve the problem, and you're a god damned moron for thinking it would.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870778</id>
	<title>Time to Bury IE</title>
	<author>Anonymous</author>
	<datestamp>1264272000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>For God's sake and all of our digital information, it is time for a revolution.</p><p>IE has failed so many times with so many bad consequences it is time to simply outlaw the use of IE.</p><p>How many car crashes due to any number of causes before they yank ALL those car models and force the manufacturer to replace the brakes.</p><p>Get rid of MS Internet Explorer, once &amp; for ALL.  If Microsoft were an honest company they would have stopped IE and started including FireFox a long time ago.  At least then, everyone can examine code and offer patches.</p></htmltext>
<tokenext>For God 's sake and all of our digital information , it is time for a revolution.IE has failed so many times with so many bad consequences it is time to simply outlaw the use of IE.How many car crashes due to any number of causes before they yank ALL those car models and force the manufacturer to replace the brakes.Get rid of MS Internet Explorer , once &amp; for ALL .
If Microsoft were an honest company they would have stopped IE and started including FireFox a long time ago .
At least then , everyone can examine code and offer patches .</tokentext>
<sentencetext>For God's sake and all of our digital information, it is time for a revolution.IE has failed so many times with so many bad consequences it is time to simply outlaw the use of IE.How many car crashes due to any number of causes before they yank ALL those car models and force the manufacturer to replace the brakes.Get rid of MS Internet Explorer, once &amp; for ALL.
If Microsoft were an honest company they would have stopped IE and started including FireFox a long time ago.
At least then, everyone can examine code and offer patches.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873148</id>
	<title>Can someone please post an URL...</title>
	<author>ArsenneLupin</author>
	<datestamp>1264246080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>... I am currently in a Sauna, who refuse to put anything but Internet Exploder on their PCs....</htmltext>
<tokenext>... I am currently in a Sauna , who refuse to put anything but Internet Exploder on their PCs... .</tokentext>
<sentencetext>... I am currently in a Sauna, who refuse to put anything but Internet Exploder on their PCs....</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871230</id>
	<title>Re:kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264275840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw.</p></div><p>That's also the problem with open source software: Even those who don't really know what they're doing can implement a "fix" and may introduce more bugs, incompatibilities, etc.</p><p><div class="quote"><p>0day? Fixed tomorrow!</p></div><p>Fixed by which standards?</p></div>
	</htmltext>
<tokenext>That is the main problem with closed source software ; in the event of a security hole , you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw.That 's also the problem with open source software : Even those who do n't really know what they 're doing can implement a " fix " and may introduce more bugs , incompatibilities , etc.0day ?
Fixed tomorrow ! Fixed by which standards ?</tokentext>
<sentencetext>That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw.That's also the problem with open source software: Even those who don't really know what they're doing can implement a "fix" and may introduce more bugs, incompatibilities, etc.0day?
Fixed tomorrow!Fixed by which standards?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874292</id>
	<title>Re:Foredecker, let me "lay it on the table" for yo</title>
	<author>Anonymous</author>
	<datestamp>1264255500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Don't worry<nobr> <wbr></nobr>:)</htmltext>
<tokenext>Do n't worry : )</tokentext>
<sentencetext>Don't worry :)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872712</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30902518</id>
	<title>Statements of fact are not insults and quit raving</title>
	<author>Anonymous</author>
	<datestamp>1264511820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p> <a href="http://slashdot.org/comments.pl?sid=1521956&amp;cid=30881936" title="slashdot.org" rel="nofollow">http://slashdot.org/comments.pl?sid=1521956&amp;cid=30881936</a> [slashdot.org] </p><p>Primarily it sounds like you are stalking him online from your -wherever you go- statement above in the reply of yours I reply to now. It now seems others are asking if you have ever done anything of worth that was noted as his listings of noted deesd in respectable publications and books in computing over time here in this thread <a href="http://slashdot.org/comments.pl?sid=1521956&amp;cid=30900928" title="slashdot.org" rel="nofollow">http://slashdot.org/comments.pl?sid=1521956&amp;cid=30900928</a> [slashdot.org]. That's been put out here now here by others also probably afraid to have a real egomaniac psycho like you troll them as well now no less. With your url you put up though, I did a bit of reading. It's my opinion that You have also given yourself away as this Acecandy or ~Candy~ seeing as how his post shamed you to the point of changing your name there upon my cursory inspection of it. His reply wasn't mean about Internet Explorer and Opera. It was based on facts, and being factual in the end it even actually complimented you in fact. You took it the wrong way. In the end, you're just a nobody on that forums link you posted. Your frothing reaction has only shown me that his reply there certainly got to you didn't it? I have to say yes, it did judging by your lunatic raving. Do you really think someone who has a list like his from the time you were still in diapers couldn't do that also were he to join up at Microsoft's forums? Clue - he's been interviewed by Microsoft for work and years ago as a post of his I have bookmarked here <a href="http://developers.slashdot.org/comments.pl?sid=155172&amp;cid=13007974" title="slashdot.org" rel="nofollow">http://developers.slashdot.org/comments.pl?sid=155172&amp;cid=13007974</a> [slashdot.org]. I read his posts and this is how I know this much as I belong to other forums he belongs to myself. He could do what you have in mvps status and probably with ease. He also summarily destroyed you on other things now that I read that posting, but only after you attacked he because somehow and I do not see how in the url you put up as some sort of evidence as to his alleged egotism, he tore your ego to shreds by making you and yours look rather foolish. Most of all via a post on registry cleaners <a href="http://forums.techguy.org/windows-xp/662877-solved-registry-cleaners-2.html" title="techguy.org" rel="nofollow">http://forums.techguy.org/windows-xp/662877-solved-registry-cleaners-2.html</a> [techguy.org] which I found interesting in how you all had to ban him when he challenged you to find his registry cleaner freeware damaging windows. He's also done posts shown how they can be used as forensics tools here <a href="http://www.tcmagazine.com/forums/index.php?s=8b73f8ac359f5d4395f12b5169367a38&amp;showtopic=2662" title="tcmagazine.com" rel="nofollow">http://www.tcmagazine.com/forums/index.php?s=8b73f8ac359f5d4395f12b5169367a38&amp;showtopic=2662</a> [tcmagazine.com] where his guide is all over the world with replies from people who have applied it having no problems anymore with viruses after they apply his tips and follow what he says to do. Now, let's see you do what he had when you were still a child probably on your part to your credit. You cannot and you never will and that is that. It seems that the other repliers to you in this trolling attack of your are correct that your incorrect statement about he is wrong. He commended slashdot. You are not slashdot. You are an unaccomplished troll that cannot handle facts that make you look what you are, which is stupid. Amusing us also, in your trying to use others here in your trolling defense and it's not working. We can read you know. You are not slashdot and you are not the types of people you spoke of. Show us otherise and prove you are, because otherwise you're another windbag troll full of hot air. Comparing the list others put up shows he's done a lot of good note from some reputable sources in this science from as far back as 1997 it seems and continues to do so, whereas you have not. He is also correct that you in all likelyhood never will because you are a forums troll and clearly no</p></htmltext>
<tokenext>http : //slashdot.org/comments.pl ? sid = 1521956&amp;cid = 30881936 [ slashdot.org ] Primarily it sounds like you are stalking him online from your -wherever you go- statement above in the reply of yours I reply to now .
It now seems others are asking if you have ever done anything of worth that was noted as his listings of noted deesd in respectable publications and books in computing over time here in this thread http : //slashdot.org/comments.pl ? sid = 1521956&amp;cid = 30900928 [ slashdot.org ] .
That 's been put out here now here by others also probably afraid to have a real egomaniac psycho like you troll them as well now no less .
With your url you put up though , I did a bit of reading .
It 's my opinion that You have also given yourself away as this Acecandy or ~ Candy ~ seeing as how his post shamed you to the point of changing your name there upon my cursory inspection of it .
His reply was n't mean about Internet Explorer and Opera .
It was based on facts , and being factual in the end it even actually complimented you in fact .
You took it the wrong way .
In the end , you 're just a nobody on that forums link you posted .
Your frothing reaction has only shown me that his reply there certainly got to you did n't it ?
I have to say yes , it did judging by your lunatic raving .
Do you really think someone who has a list like his from the time you were still in diapers could n't do that also were he to join up at Microsoft 's forums ?
Clue - he 's been interviewed by Microsoft for work and years ago as a post of his I have bookmarked here http : //developers.slashdot.org/comments.pl ? sid = 155172&amp;cid = 13007974 [ slashdot.org ] .
I read his posts and this is how I know this much as I belong to other forums he belongs to myself .
He could do what you have in mvps status and probably with ease .
He also summarily destroyed you on other things now that I read that posting , but only after you attacked he because somehow and I do not see how in the url you put up as some sort of evidence as to his alleged egotism , he tore your ego to shreds by making you and yours look rather foolish .
Most of all via a post on registry cleaners http : //forums.techguy.org/windows-xp/662877-solved-registry-cleaners-2.html [ techguy.org ] which I found interesting in how you all had to ban him when he challenged you to find his registry cleaner freeware damaging windows .
He 's also done posts shown how they can be used as forensics tools here http : //www.tcmagazine.com/forums/index.php ? s = 8b73f8ac359f5d4395f12b5169367a38&amp;showtopic = 2662 [ tcmagazine.com ] where his guide is all over the world with replies from people who have applied it having no problems anymore with viruses after they apply his tips and follow what he says to do .
Now , let 's see you do what he had when you were still a child probably on your part to your credit .
You can not and you never will and that is that .
It seems that the other repliers to you in this trolling attack of your are correct that your incorrect statement about he is wrong .
He commended slashdot .
You are not slashdot .
You are an unaccomplished troll that can not handle facts that make you look what you are , which is stupid .
Amusing us also , in your trying to use others here in your trolling defense and it 's not working .
We can read you know .
You are not slashdot and you are not the types of people you spoke of .
Show us otherise and prove you are , because otherwise you 're another windbag troll full of hot air .
Comparing the list others put up shows he 's done a lot of good note from some reputable sources in this science from as far back as 1997 it seems and continues to do so , whereas you have not .
He is also correct that you in all likelyhood never will because you are a forums troll and clearly no</tokentext>
<sentencetext> http://slashdot.org/comments.pl?sid=1521956&amp;cid=30881936 [slashdot.org] Primarily it sounds like you are stalking him online from your -wherever you go- statement above in the reply of yours I reply to now.
It now seems others are asking if you have ever done anything of worth that was noted as his listings of noted deesd in respectable publications and books in computing over time here in this thread http://slashdot.org/comments.pl?sid=1521956&amp;cid=30900928 [slashdot.org].
That's been put out here now here by others also probably afraid to have a real egomaniac psycho like you troll them as well now no less.
With your url you put up though, I did a bit of reading.
It's my opinion that You have also given yourself away as this Acecandy or ~Candy~ seeing as how his post shamed you to the point of changing your name there upon my cursory inspection of it.
His reply wasn't mean about Internet Explorer and Opera.
It was based on facts, and being factual in the end it even actually complimented you in fact.
You took it the wrong way.
In the end, you're just a nobody on that forums link you posted.
Your frothing reaction has only shown me that his reply there certainly got to you didn't it?
I have to say yes, it did judging by your lunatic raving.
Do you really think someone who has a list like his from the time you were still in diapers couldn't do that also were he to join up at Microsoft's forums?
Clue - he's been interviewed by Microsoft for work and years ago as a post of his I have bookmarked here http://developers.slashdot.org/comments.pl?sid=155172&amp;cid=13007974 [slashdot.org].
I read his posts and this is how I know this much as I belong to other forums he belongs to myself.
He could do what you have in mvps status and probably with ease.
He also summarily destroyed you on other things now that I read that posting, but only after you attacked he because somehow and I do not see how in the url you put up as some sort of evidence as to his alleged egotism, he tore your ego to shreds by making you and yours look rather foolish.
Most of all via a post on registry cleaners http://forums.techguy.org/windows-xp/662877-solved-registry-cleaners-2.html [techguy.org] which I found interesting in how you all had to ban him when he challenged you to find his registry cleaner freeware damaging windows.
He's also done posts shown how they can be used as forensics tools here http://www.tcmagazine.com/forums/index.php?s=8b73f8ac359f5d4395f12b5169367a38&amp;showtopic=2662 [tcmagazine.com] where his guide is all over the world with replies from people who have applied it having no problems anymore with viruses after they apply his tips and follow what he says to do.
Now, let's see you do what he had when you were still a child probably on your part to your credit.
You cannot and you never will and that is that.
It seems that the other repliers to you in this trolling attack of your are correct that your incorrect statement about he is wrong.
He commended slashdot.
You are not slashdot.
You are an unaccomplished troll that cannot handle facts that make you look what you are, which is stupid.
Amusing us also, in your trying to use others here in your trolling defense and it's not working.
We can read you know.
You are not slashdot and you are not the types of people you spoke of.
Show us otherise and prove you are, because otherwise you're another windbag troll full of hot air.
Comparing the list others put up shows he's done a lot of good note from some reputable sources in this science from as far back as 1997 it seems and continues to do so, whereas you have not.
He is also correct that you in all likelyhood never will because you are a forums troll and clearly no</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30878690</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506</id>
	<title>Re:kind of makes you wonder</title>
	<author>b4dc0d3r</author>
	<datestamp>1264269960000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>I'm a software developer.  I have a list of things I need to fix, some things are higher priority.  We set a date, and work as many patches as we can toward that date, into a single release or patch.  Makes it easier to test when you bundle several things together, and can test 5 patches with a single test case instead of individually.  That makes the cycle more efficient.</p><p>Now, a large company would have more patches, and more would be high priority.  So they fix what they can, that makes sense.  Open the bug list, sort by priority, own one (or get assigned one).  To the developer, this is just one of several (hundred?) problems on the list.  Management has to increase the priority based on input from triage.</p><p>The entire world might know a defect is a security vulnerability, but if it's not made clear to the triage guy, it will sit as "possible denial of service" medium or medium-well priority until the known vectors are taken care of.</p><p>Thinking about it this way makes Microsoft's blunders understandable.  Not forgivable of course.  My customer sends me a bug report and says "gwah, you're exposing my entire database to everyone fix it now or face a lawsuit!!!!eleventy".  I say, let's take a look, we find out that yes you can see the entire data set - after you enter your credentials and only while on your company's network, and you just sent a mail to your competitor with your credentials in it.  Change your password, WONTFIX.  In other words, MS has to have good info in order to decide how to prioritize.</p><p>At the same time, they have to keep their customers and shareholders happy, so while the triage guy says "this is the worst bug ever in the history of everything and it needs to be fixed yesterday" the company itself says to the employee "sure, but follow all processes and have it reviewed and put it in the next patch cycle and we'll test all of them next week and prepare for a release next week."</p><p>Then to its customers and shareholders it says "A small, hard-to-exploit exploit has been found and even though ASLR and DEP and sandboxing are in place, someone might after a million failures be able to exploit this exploit so we've decided to be proactive and fix this exploit.  We haven't heard of anyone exploiting this exploit, but we didn't really ask any of our friends in the malicious software industry - but that was just because we didn't want to tip our hand.  Your security is, after all, very important to us.  Exploit."</p><p>In short: there are more than we'll ever know.</p></htmltext>
<tokenext>I 'm a software developer .
I have a list of things I need to fix , some things are higher priority .
We set a date , and work as many patches as we can toward that date , into a single release or patch .
Makes it easier to test when you bundle several things together , and can test 5 patches with a single test case instead of individually .
That makes the cycle more efficient.Now , a large company would have more patches , and more would be high priority .
So they fix what they can , that makes sense .
Open the bug list , sort by priority , own one ( or get assigned one ) .
To the developer , this is just one of several ( hundred ?
) problems on the list .
Management has to increase the priority based on input from triage.The entire world might know a defect is a security vulnerability , but if it 's not made clear to the triage guy , it will sit as " possible denial of service " medium or medium-well priority until the known vectors are taken care of.Thinking about it this way makes Microsoft 's blunders understandable .
Not forgivable of course .
My customer sends me a bug report and says " gwah , you 're exposing my entire database to everyone fix it now or face a lawsuit ! ! ! ! eleventy " .
I say , let 's take a look , we find out that yes you can see the entire data set - after you enter your credentials and only while on your company 's network , and you just sent a mail to your competitor with your credentials in it .
Change your password , WONTFIX .
In other words , MS has to have good info in order to decide how to prioritize.At the same time , they have to keep their customers and shareholders happy , so while the triage guy says " this is the worst bug ever in the history of everything and it needs to be fixed yesterday " the company itself says to the employee " sure , but follow all processes and have it reviewed and put it in the next patch cycle and we 'll test all of them next week and prepare for a release next week .
" Then to its customers and shareholders it says " A small , hard-to-exploit exploit has been found and even though ASLR and DEP and sandboxing are in place , someone might after a million failures be able to exploit this exploit so we 've decided to be proactive and fix this exploit .
We have n't heard of anyone exploiting this exploit , but we did n't really ask any of our friends in the malicious software industry - but that was just because we did n't want to tip our hand .
Your security is , after all , very important to us .
Exploit. " In short : there are more than we 'll ever know .</tokentext>
<sentencetext>I'm a software developer.
I have a list of things I need to fix, some things are higher priority.
We set a date, and work as many patches as we can toward that date, into a single release or patch.
Makes it easier to test when you bundle several things together, and can test 5 patches with a single test case instead of individually.
That makes the cycle more efficient.Now, a large company would have more patches, and more would be high priority.
So they fix what they can, that makes sense.
Open the bug list, sort by priority, own one (or get assigned one).
To the developer, this is just one of several (hundred?
) problems on the list.
Management has to increase the priority based on input from triage.The entire world might know a defect is a security vulnerability, but if it's not made clear to the triage guy, it will sit as "possible denial of service" medium or medium-well priority until the known vectors are taken care of.Thinking about it this way makes Microsoft's blunders understandable.
Not forgivable of course.
My customer sends me a bug report and says "gwah, you're exposing my entire database to everyone fix it now or face a lawsuit!!!!eleventy".
I say, let's take a look, we find out that yes you can see the entire data set - after you enter your credentials and only while on your company's network, and you just sent a mail to your competitor with your credentials in it.
Change your password, WONTFIX.
In other words, MS has to have good info in order to decide how to prioritize.At the same time, they have to keep their customers and shareholders happy, so while the triage guy says "this is the worst bug ever in the history of everything and it needs to be fixed yesterday" the company itself says to the employee "sure, but follow all processes and have it reviewed and put it in the next patch cycle and we'll test all of them next week and prepare for a release next week.
"Then to its customers and shareholders it says "A small, hard-to-exploit exploit has been found and even though ASLR and DEP and sandboxing are in place, someone might after a million failures be able to exploit this exploit so we've decided to be proactive and fix this exploit.
We haven't heard of anyone exploiting this exploit, but we didn't really ask any of our friends in the malicious software industry - but that was just because we didn't want to tip our hand.
Your security is, after all, very important to us.
Exploit."In short: there are more than we'll ever know.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871462</id>
	<title>Re:kind of makes you wonder</title>
	<author>Reaper9889</author>
	<datestamp>1264277220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That is not really true. You, as a outsider, will need some time to understand the code and what is causing the error before you can fix it. That will take time and you can bet (for everything, but the smallest pieces of software) that it won't be "Fixed tomorrow".</p><p>I suppose you could find someone who knows the code and throw money at him to fix it, but I suspect you could do the same with Microsoft, if you cared enough about the problem (but proberly quite a bit more expensive).</p><p>I expect to be modded down for this (old, but what you said is the conventional wisdom on<nobr> <wbr></nobr>/.).</p></htmltext>
<tokenext>That is not really true .
You , as a outsider , will need some time to understand the code and what is causing the error before you can fix it .
That will take time and you can bet ( for everything , but the smallest pieces of software ) that it wo n't be " Fixed tomorrow " .I suppose you could find someone who knows the code and throw money at him to fix it , but I suspect you could do the same with Microsoft , if you cared enough about the problem ( but proberly quite a bit more expensive ) .I expect to be modded down for this ( old , but what you said is the conventional wisdom on / .
) .</tokentext>
<sentencetext>That is not really true.
You, as a outsider, will need some time to understand the code and what is causing the error before you can fix it.
That will take time and you can bet (for everything, but the smallest pieces of software) that it won't be "Fixed tomorrow".I suppose you could find someone who knows the code and throw money at him to fix it, but I suspect you could do the same with Microsoft, if you cared enough about the problem (but proberly quite a bit more expensive).I expect to be modded down for this (old, but what you said is the conventional wisdom on /.
).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870748</id>
	<title>And do I care?</title>
	<author>bradbury</author>
	<datestamp>1264271880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Cough, no, because I am running a Linux system with a variety of browsers (epiphany, galeon, Firefox, Chromium) and I simply do not run MS software (and to read the ongoing saga, lucky me), why does<nobr> <wbr></nobr>/. even bother to track these items?  We know the MS users are brain-dead (they hover under a belief that the software doesn't have bugs or is secure and that will protect them -- how wrong they are.).</p><p>I have no misconceptions that Linux based software is any more secure -- but I rest in confidence that epiphany, galeon, Firefox and Chromium are *all* open source -- and if there is a security problem within them I can update and take advantage of it within hours -- not months as Microsoft seems inclined to do.</p><p>Using closed source software is akin to laying oneself out on the Washington Mall and saying, hey "rape me".  Its not so bad "I'll recover".</p></htmltext>
<tokenext>Cough , no , because I am running a Linux system with a variety of browsers ( epiphany , galeon , Firefox , Chromium ) and I simply do not run MS software ( and to read the ongoing saga , lucky me ) , why does / .
even bother to track these items ?
We know the MS users are brain-dead ( they hover under a belief that the software does n't have bugs or is secure and that will protect them -- how wrong they are .
) .I have no misconceptions that Linux based software is any more secure -- but I rest in confidence that epiphany , galeon , Firefox and Chromium are * all * open source -- and if there is a security problem within them I can update and take advantage of it within hours -- not months as Microsoft seems inclined to do.Using closed source software is akin to laying oneself out on the Washington Mall and saying , hey " rape me " .
Its not so bad " I 'll recover " .</tokentext>
<sentencetext>Cough, no, because I am running a Linux system with a variety of browsers (epiphany, galeon, Firefox, Chromium) and I simply do not run MS software (and to read the ongoing saga, lucky me), why does /.
even bother to track these items?
We know the MS users are brain-dead (they hover under a belief that the software doesn't have bugs or is secure and that will protect them -- how wrong they are.
).I have no misconceptions that Linux based software is any more secure -- but I rest in confidence that epiphany, galeon, Firefox and Chromium are *all* open source -- and if there is a security problem within them I can update and take advantage of it within hours -- not months as Microsoft seems inclined to do.Using closed source software is akin to laying oneself out on the Washington Mall and saying, hey "rape me".
Its not so bad "I'll recover".</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870498</id>
	<title>three months, max.</title>
	<author>Anonymous</author>
	<datestamp>1264269960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>What's unfortunate here is there's still a lot of people out there that don't understand why some security researchers publish security bugs they find.  It's issues like this where <i>"We reported this to you FOUR MONTHS AGO and you haven't fixed it yet.  We're going public with it tomorrow."</i>  Oh noes!  Everyone's computer getting owned, it's all your fault, you should keep security bugs QUIET so we have time to fix them!.</p></div><p>I think three months (a quarter) should be sufficient to fix just about any bug. If I ever found a bug, I'd given them at least that long, and then set up a cron/at job to send out the announcement after the ~90 days expired. Of course if they agree to a shorter period all the better. If they act all huffy and refuse to acknowledge it or give a deadline, fuck'em release right away. I think most coders want to do the right thing (unless they're ass hats).</p><p>Remember, even in the open-source world, a little time would be helpful to co-ordinate with (say) the security teams of the distributions as well.</p><p>But in general at least try to be civilized yourself.</p></div>
	</htmltext>
<tokenext>What 's unfortunate here is there 's still a lot of people out there that do n't understand why some security researchers publish security bugs they find .
It 's issues like this where " We reported this to you FOUR MONTHS AGO and you have n't fixed it yet .
We 're going public with it tomorrow .
" Oh noes !
Everyone 's computer getting owned , it 's all your fault , you should keep security bugs QUIET so we have time to fix them ! .I think three months ( a quarter ) should be sufficient to fix just about any bug .
If I ever found a bug , I 'd given them at least that long , and then set up a cron/at job to send out the announcement after the ~ 90 days expired .
Of course if they agree to a shorter period all the better .
If they act all huffy and refuse to acknowledge it or give a deadline , fuck'em release right away .
I think most coders want to do the right thing ( unless they 're ass hats ) .Remember , even in the open-source world , a little time would be helpful to co-ordinate with ( say ) the security teams of the distributions as well.But in general at least try to be civilized yourself .</tokentext>
<sentencetext>What's unfortunate here is there's still a lot of people out there that don't understand why some security researchers publish security bugs they find.
It's issues like this where "We reported this to you FOUR MONTHS AGO and you haven't fixed it yet.
We're going public with it tomorrow.
"  Oh noes!
Everyone's computer getting owned, it's all your fault, you should keep security bugs QUIET so we have time to fix them!.I think three months (a quarter) should be sufficient to fix just about any bug.
If I ever found a bug, I'd given them at least that long, and then set up a cron/at job to send out the announcement after the ~90 days expired.
Of course if they agree to a shorter period all the better.
If they act all huffy and refuse to acknowledge it or give a deadline, fuck'em release right away.
I think most coders want to do the right thing (unless they're ass hats).Remember, even in the open-source world, a little time would be helpful to co-ordinate with (say) the security teams of the distributions as well.But in general at least try to be civilized yourself.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870008</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871508</id>
	<title>Stuff works optimally with IE6!</title>
	<author>Zero\_\_Kelvin</author>
	<datestamp>1264277520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>"Get rid of MS Internet Explorer, once &amp; for ALL."</p></div></blockquote><p>But the intertubes will cease to function properly.  Are you trying to starve children in Massachussets? Don't you know that lots of out of work website designers need to use <a href="https://ipasssecurity.detma.org/ipass/loginnew.asp?ipc=3" title="detma.org">a website that works optimally with IE version 6</a> [detma.org]??!!!</p></div>
	</htmltext>
<tokenext>" Get rid of MS Internet Explorer , once &amp; for ALL .
" But the intertubes will cease to function properly .
Are you trying to starve children in Massachussets ?
Do n't you know that lots of out of work website designers need to use a website that works optimally with IE version 6 [ detma.org ] ? ? ! !
!</tokentext>
<sentencetext>"Get rid of MS Internet Explorer, once &amp; for ALL.
"But the intertubes will cease to function properly.
Are you trying to starve children in Massachussets?
Don't you know that lots of out of work website designers need to use a website that works optimally with IE version 6 [detma.org]??!!
!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870038</id>
	<title>Re:Exactly how does it work.</title>
	<author>Anonymous</author>
	<datestamp>1264266180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I don't have your fancy "CCNA cert", so maybe these technical things are beyond me... but I have to ask.</p><p>What's an "NFS terminal"?</p></htmltext>
<tokenext>I do n't have your fancy " CCNA cert " , so maybe these technical things are beyond me... but I have to ask.What 's an " NFS terminal " ?</tokentext>
<sentencetext>I don't have your fancy "CCNA cert", so maybe these technical things are beyond me... but I have to ask.What's an "NFS terminal"?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873084</id>
	<title>Re:kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264245600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I installed Ubuntu in company laptop.</p></htmltext>
<tokenext>I installed Ubuntu in company laptop .</tokentext>
<sentencetext>I installed Ubuntu in company laptop.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871162</id>
	<title>Re:Exactly how does it work.</title>
	<author>jesset77</author>
	<datestamp>1264275300000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Correct me if I'm wrong (but I do have a CCNA cert)  Why not block the access ports that get opened, unless it's port 80 and then filter the traffic.</p></div><p>Ah, CCNA.<nobr> <wbr></nobr>;D</p><p>Most users, if they have a router at all, have a SOHO router with minimal firewalling ability, just NAT/PAT.</p><p>The simplest worm I could think of that would drink your milkshake would just dial home via SSL port 443. Client-initiated connection, redialed as needed: what on earth could your fancy firewall do about that?<nobr> <wbr></nobr>:3</p><p>Moral of story: Don't get rooted.<nobr> <wbr></nobr>:(</p></div>
	</htmltext>
<tokenext>Correct me if I 'm wrong ( but I do have a CCNA cert ) Why not block the access ports that get opened , unless it 's port 80 and then filter the traffic.Ah , CCNA .
; DMost users , if they have a router at all , have a SOHO router with minimal firewalling ability , just NAT/PAT.The simplest worm I could think of that would drink your milkshake would just dial home via SSL port 443 .
Client-initiated connection , redialed as needed : what on earth could your fancy firewall do about that ?
: 3Moral of story : Do n't get rooted .
: (</tokentext>
<sentencetext>Correct me if I'm wrong (but I do have a CCNA cert)  Why not block the access ports that get opened, unless it's port 80 and then filter the traffic.Ah, CCNA.
;DMost users, if they have a router at all, have a SOHO router with minimal firewalling ability, just NAT/PAT.The simplest worm I could think of that would drink your milkshake would just dial home via SSL port 443.
Client-initiated connection, redialed as needed: what on earth could your fancy firewall do about that?
:3Moral of story: Don't get rooted.
:(
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871980</id>
	<title>Bundling</title>
	<author>zogger</author>
	<datestamp>1264237200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why is bundling multiple changes/patches better? Seems like if you did it one at a time, if something broke, you would be pretty confident the new code was doing it. With multiple simultaneous changes, if something broke, you would have to sort out *which* of the new changes was responsible first, or also contemplate if the random combination of any of the changes was responsible, which greatly ups the number of potential problems to look at.</p></htmltext>
<tokenext>Why is bundling multiple changes/patches better ?
Seems like if you did it one at a time , if something broke , you would be pretty confident the new code was doing it .
With multiple simultaneous changes , if something broke , you would have to sort out * which * of the new changes was responsible first , or also contemplate if the random combination of any of the changes was responsible , which greatly ups the number of potential problems to look at .</tokentext>
<sentencetext>Why is bundling multiple changes/patches better?
Seems like if you did it one at a time, if something broke, you would be pretty confident the new code was doing it.
With multiple simultaneous changes, if something broke, you would have to sort out *which* of the new changes was responsible first, or also contemplate if the random combination of any of the changes was responsible, which greatly ups the number of potential problems to look at.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871216</id>
	<title>Re:kind of makes you wonder</title>
	<author>westlake</author>
	<datestamp>1264275660000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw. Until he does, you can do nothing but become increasingly concerned...<br>0day? Fixed tomorrow!</i> </p><p>You can patch only what you know how to patch.</p><p> In 2008 there were between 6 and 10 million lines of code in the Linux kernel alone. <a href="http://linux.slashdot.org/article.pl?sid=08/10/22/1713241" title="slashdot.org">Linux Kernel Surpasses 10 Million Lines of Code</a> [slashdot.org] </p><p> In 2003 OpenOffice.org had 9 million lines of code. <a href="http://www.openoffice.org/FAQs/build\_faq.html#source" title="openoffice.org">Build FAQ for OpenOffice.org</a> [openoffice.org] </p><p>You can only test your patch only on systems you can access.</p><p> That your home-brewed solution is seriously flawed may only be discovered by your neighbors.</p><p>The next time they load a JPEG from your site.</p><p><i>As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.</i> </p><p>Most likely by staying out of the way.</p><p>There is the final problem of how to roll out a patch. The naive end-user who auto-patches was spared Cornflicker.</p><p> <a href="http://secunia.com/blog/71" title="secunia.com">Secunia integrated with Microsoft WSUS</a> [secunia.com]</p></htmltext>
<tokenext>That is the main problem with closed source software ; in the event of a security hole , you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw .
Until he does , you can do nothing but become increasingly concerned...0day ?
Fixed tomorrow !
You can patch only what you know how to patch .
In 2008 there were between 6 and 10 million lines of code in the Linux kernel alone .
Linux Kernel Surpasses 10 Million Lines of Code [ slashdot.org ] In 2003 OpenOffice.org had 9 million lines of code .
Build FAQ for OpenOffice.org [ openoffice.org ] You can only test your patch only on systems you can access .
That your home-brewed solution is seriously flawed may only be discovered by your neighbors.The next time they load a JPEG from your site.As soon as a security hole is discovered , virtually anyone can contribute to a timely resolution .
Most likely by staying out of the way.There is the final problem of how to roll out a patch .
The naive end-user who auto-patches was spared Cornflicker .
Secunia integrated with Microsoft WSUS [ secunia.com ]</tokentext>
<sentencetext>That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw.
Until he does, you can do nothing but become increasingly concerned...0day?
Fixed tomorrow!
You can patch only what you know how to patch.
In 2008 there were between 6 and 10 million lines of code in the Linux kernel alone.
Linux Kernel Surpasses 10 Million Lines of Code [slashdot.org]  In 2003 OpenOffice.org had 9 million lines of code.
Build FAQ for OpenOffice.org [openoffice.org] You can only test your patch only on systems you can access.
That your home-brewed solution is seriously flawed may only be discovered by your neighbors.The next time they load a JPEG from your site.As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.
Most likely by staying out of the way.There is the final problem of how to roll out a patch.
The naive end-user who auto-patches was spared Cornflicker.
Secunia integrated with Microsoft WSUS [secunia.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870966</id>
	<title>Time to bury Firefox</title>
	<author>Anonymous</author>
	<datestamp>1264273860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><a href="http://www.mozilla.org/security/known-vulnerabilities/firefox35.html" title="mozilla.org" rel="nofollow">http://www.mozilla.org/security/known-vulnerabilities/firefox35.html</a> [mozilla.org]<br><a href="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html" title="mozilla.org" rel="nofollow">http://www.mozilla.org/security/known-vulnerabilities/firefox30.html</a> [mozilla.org]</p><p>Firefox works with user's permissions on current systems - at least Google Chrome and IE are sandboxed.</p></htmltext>
<tokenext>http : //www.mozilla.org/security/known-vulnerabilities/firefox35.html [ mozilla.org ] http : //www.mozilla.org/security/known-vulnerabilities/firefox30.html [ mozilla.org ] Firefox works with user 's permissions on current systems - at least Google Chrome and IE are sandboxed .</tokentext>
<sentencetext>http://www.mozilla.org/security/known-vulnerabilities/firefox35.html [mozilla.org]http://www.mozilla.org/security/known-vulnerabilities/firefox30.html [mozilla.org]Firefox works with user's permissions on current systems - at least Google Chrome and IE are sandboxed.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30891572</id>
	<title>eWEEKeurope.co.uk</title>
	<author>Anonymous</author>
	<datestamp>1264440240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The moves by governments to boycott Microsoft's Internet Explorer sound like a kneejerk reaction. Peter Judge says security settings are more important than which browser you are using.</p><p>Read here: http://www.eweekeurope.co.uk/comment/stay-calm-over-internet-explorer-security--3077</p></htmltext>
<tokenext>The moves by governments to boycott Microsoft 's Internet Explorer sound like a kneejerk reaction .
Peter Judge says security settings are more important than which browser you are using.Read here : http : //www.eweekeurope.co.uk/comment/stay-calm-over-internet-explorer-security--3077</tokentext>
<sentencetext>The moves by governments to boycott Microsoft's Internet Explorer sound like a kneejerk reaction.
Peter Judge says security settings are more important than which browser you are using.Read here: http://www.eweekeurope.co.uk/comment/stay-calm-over-internet-explorer-security--3077</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30884110</id>
	<title>Re:kind of makes you wonder</title>
	<author>rcharbon</author>
	<datestamp>1264339980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That makes no difference at all to most people.  Whether or not the problem software is Open, they still have to wait for someone else to fix it.</p></htmltext>
<tokenext>That makes no difference at all to most people .
Whether or not the problem software is Open , they still have to wait for someone else to fix it .</tokentext>
<sentencetext>That makes no difference at all to most people.
Whether or not the problem software is Open, they still have to wait for someone else to fix it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758</id>
	<title>threat?</title>
	<author>Anonymous</author>
	<datestamp>1264263240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>Microsoft has apparently been aware of this flaw since September.</p></div><p>Further evidence that the only "threat" as far as MS is concerned is the threat of a damaged public perception. Although I suppose that's an improvement in itself.</p></div>
	</htmltext>
<tokenext>Microsoft has apparently been aware of this flaw since September.Further evidence that the only " threat " as far as MS is concerned is the threat of a damaged public perception .
Although I suppose that 's an improvement in itself .</tokentext>
<sentencetext>Microsoft has apparently been aware of this flaw since September.Further evidence that the only "threat" as far as MS is concerned is the threat of a damaged public perception.
Although I suppose that's an improvement in itself.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869720</id>
	<title>Cum</title>
	<author>Anonymous</author>
	<datestamp>1264262820000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>It's what for breakfast.</p></htmltext>
<tokenext>It 's what for breakfast .</tokentext>
<sentencetext>It's what for breakfast.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870502</id>
	<title>Re:threat?</title>
	<author>Anonymous</author>
	<datestamp>1264269960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Microsoft don't give a shit about public perception - if Windows/IE is part of your corporate strategy and/or you have tied your organisation into Microsoft products and all-but need IE at the front to make them work what are you going to do? Go elsewhere? So your corporate sales contact at Microsoft gets a bollocking and you get some discounted licences, free support time or some Microsoft mugs. No skin off Microsoft's nose and we all move on.</p><p>Home user? System infected? Well, you have a backup don't you? Wipe clean, reinstall, restore and repeat. How much in sales will MS lose if you switch to another browser - sweet F.A. And when it comes to the time when you need a new PC you're going to be paying the MS tax again anyway, aren't you?</p><p>Tech savvy and already gone to Linux or considering it - well, MS has lost you anyway so there's no point investing in your retention or recovery is there?</p><p>The MS juggernaut is so big that this 'problem' is merely a bump in the road.</p></htmltext>
<tokenext>Microsoft do n't give a shit about public perception - if Windows/IE is part of your corporate strategy and/or you have tied your organisation into Microsoft products and all-but need IE at the front to make them work what are you going to do ?
Go elsewhere ?
So your corporate sales contact at Microsoft gets a bollocking and you get some discounted licences , free support time or some Microsoft mugs .
No skin off Microsoft 's nose and we all move on.Home user ?
System infected ?
Well , you have a backup do n't you ?
Wipe clean , reinstall , restore and repeat .
How much in sales will MS lose if you switch to another browser - sweet F.A .
And when it comes to the time when you need a new PC you 're going to be paying the MS tax again anyway , are n't you ? Tech savvy and already gone to Linux or considering it - well , MS has lost you anyway so there 's no point investing in your retention or recovery is there ? The MS juggernaut is so big that this 'problem ' is merely a bump in the road .</tokentext>
<sentencetext>Microsoft don't give a shit about public perception - if Windows/IE is part of your corporate strategy and/or you have tied your organisation into Microsoft products and all-but need IE at the front to make them work what are you going to do?
Go elsewhere?
So your corporate sales contact at Microsoft gets a bollocking and you get some discounted licences, free support time or some Microsoft mugs.
No skin off Microsoft's nose and we all move on.Home user?
System infected?
Well, you have a backup don't you?
Wipe clean, reinstall, restore and repeat.
How much in sales will MS lose if you switch to another browser - sweet F.A.
And when it comes to the time when you need a new PC you're going to be paying the MS tax again anyway, aren't you?Tech savvy and already gone to Linux or considering it - well, MS has lost you anyway so there's no point investing in your retention or recovery is there?The MS juggernaut is so big that this 'problem' is merely a bump in the road.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874046</id>
	<title>Infected web sites since THURSDAY?</title>
	<author>Anonymous</author>
	<datestamp>1264253160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>8 days ago I started getting a flood of alerts from my IPS on what a few hours later (when patched with a vendor emergency signature) was positively identified as this exploit on several big name public web sites. It was attempting to infect my users who were browsing them. McAfee seemed to make a big deal about their involvement in uncovering 'Aurora' so were they in fact flagging false positives if this has only hit general sites in the last few days?</htmltext>
<tokenext>8 days ago I started getting a flood of alerts from my IPS on what a few hours later ( when patched with a vendor emergency signature ) was positively identified as this exploit on several big name public web sites .
It was attempting to infect my users who were browsing them .
McAfee seemed to make a big deal about their involvement in uncovering 'Aurora ' so were they in fact flagging false positives if this has only hit general sites in the last few days ?</tokentext>
<sentencetext>8 days ago I started getting a flood of alerts from my IPS on what a few hours later (when patched with a vendor emergency signature) was positively identified as this exploit on several big name public web sites.
It was attempting to infect my users who were browsing them.
McAfee seemed to make a big deal about their involvement in uncovering 'Aurora' so were they in fact flagging false positives if this has only hit general sites in the last few days?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869986</id>
	<title>I wonder if responsibility is ever assigned</title>
	<author>Anonymous</author>
	<datestamp>1264265700000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>So someone or a project team writes some code.  The code is later found to be used as part of an exploit that further harms the reputation of the company.  Does anyone ever go back and say "hey, you wrote this crappy code!  You're fired!"?</p><p>It almost seems there are more vulnerabilities (both patched and unpatched) than there are lines in the Windows source code.  I know there will be no end to the finger pointing where developers decry the problem of deadlines while management points to the lack of skilled coders.  But seriously, how much of all this can be attributed to poor programming practices?  I remember from the earliest days of coding C that there were a few functions that existed that wise programmers should avoid as the use of those functions would immediately make your programs vulnerable.  Further, it seems that bounds checking and other data validation needs to go on more often as well.  How is it that the top dog in the software game can't keep up with these very simple principles?</p><p>And what of public disclosure?  Some people try to say that public disclosure is what is responsible for most of the hacking that goes on out there.  Meanwhile, this was essentially a -1 day vulnerability that didn't get disclosed until after the damage was done... or was it?  Was this yet another of the reported bugs that Microsoft sits on rather than acts on?  While following the bugtraq and other mailing lists, I observe that Microsoft tends to ignore or disregard a great many of the bugs reported to it, so I have to wonder.</p></htmltext>
<tokenext>So someone or a project team writes some code .
The code is later found to be used as part of an exploit that further harms the reputation of the company .
Does anyone ever go back and say " hey , you wrote this crappy code !
You 're fired !
" ? It almost seems there are more vulnerabilities ( both patched and unpatched ) than there are lines in the Windows source code .
I know there will be no end to the finger pointing where developers decry the problem of deadlines while management points to the lack of skilled coders .
But seriously , how much of all this can be attributed to poor programming practices ?
I remember from the earliest days of coding C that there were a few functions that existed that wise programmers should avoid as the use of those functions would immediately make your programs vulnerable .
Further , it seems that bounds checking and other data validation needs to go on more often as well .
How is it that the top dog in the software game ca n't keep up with these very simple principles ? And what of public disclosure ?
Some people try to say that public disclosure is what is responsible for most of the hacking that goes on out there .
Meanwhile , this was essentially a -1 day vulnerability that did n't get disclosed until after the damage was done... or was it ?
Was this yet another of the reported bugs that Microsoft sits on rather than acts on ?
While following the bugtraq and other mailing lists , I observe that Microsoft tends to ignore or disregard a great many of the bugs reported to it , so I have to wonder .</tokentext>
<sentencetext>So someone or a project team writes some code.
The code is later found to be used as part of an exploit that further harms the reputation of the company.
Does anyone ever go back and say "hey, you wrote this crappy code!
You're fired!
"?It almost seems there are more vulnerabilities (both patched and unpatched) than there are lines in the Windows source code.
I know there will be no end to the finger pointing where developers decry the problem of deadlines while management points to the lack of skilled coders.
But seriously, how much of all this can be attributed to poor programming practices?
I remember from the earliest days of coding C that there were a few functions that existed that wise programmers should avoid as the use of those functions would immediately make your programs vulnerable.
Further, it seems that bounds checking and other data validation needs to go on more often as well.
How is it that the top dog in the software game can't keep up with these very simple principles?And what of public disclosure?
Some people try to say that public disclosure is what is responsible for most of the hacking that goes on out there.
Meanwhile, this was essentially a -1 day vulnerability that didn't get disclosed until after the damage was done... or was it?
Was this yet another of the reported bugs that Microsoft sits on rather than acts on?
While following the bugtraq and other mailing lists, I observe that Microsoft tends to ignore or disregard a great many of the bugs reported to it, so I have to wonder.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870016</id>
	<title>A US-based, free e-mail service</title>
	<author>Anonymous</author>
	<datestamp>1264265940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p> <em>[...] the Trojan sends a notification e-mail to the attackers, using a US-based, free e-mail service that Symantec declined to name.</em> </p><p>Hotmail, perhaps? No?</p></htmltext>
<tokenext>[ ... ] the Trojan sends a notification e-mail to the attackers , using a US-based , free e-mail service that Symantec declined to name .
Hotmail , perhaps ?
No ?</tokentext>
<sentencetext> [...] the Trojan sends a notification e-mail to the attackers, using a US-based, free e-mail service that Symantec declined to name.
Hotmail, perhaps?
No?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870866</id>
	<title>Re:kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264273020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.</p><p>0day? Fixed tomorrow!</p></div><p>You're flat out wrong. "Virtually anyone" implies that a there's a high probability that a randomly selected person could do the task. However, the vast majority of the population does not know how to program software at all (even among the people who use computers regularly), so it is quite clear that most people are clearly not capable of fixing a security problem.</p></div>
	</htmltext>
<tokenext>As soon as a security hole is discovered , virtually anyone can contribute to a timely resolution.0day ?
Fixed tomorrow ! You 're flat out wrong .
" Virtually anyone " implies that a there 's a high probability that a randomly selected person could do the task .
However , the vast majority of the population does not know how to program software at all ( even among the people who use computers regularly ) , so it is quite clear that most people are clearly not capable of fixing a security problem .</tokentext>
<sentencetext>As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.0day?
Fixed tomorrow!You're flat out wrong.
"Virtually anyone" implies that a there's a high probability that a randomly selected person could do the task.
However, the vast majority of the population does not know how to program software at all (even among the people who use computers regularly), so it is quite clear that most people are clearly not capable of fixing a security problem.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871182</id>
	<title>Re:Exactly how does it work.</title>
	<author>Zero\_\_Kelvin</author>
	<datestamp>1264275420000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><blockquote><div><p>"Correct me if I'm wrong (but I do have a CCNA cert)"</p></div></blockquote><p>That's just plain wrong</p></div>
	</htmltext>
<tokenext>" Correct me if I 'm wrong ( but I do have a CCNA cert ) " That 's just plain wrong</tokentext>
<sentencetext>"Correct me if I'm wrong (but I do have a CCNA cert)"That's just plain wrong
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870672</id>
	<title>Re:kind of makes you wonder</title>
	<author>cheftw</author>
	<datestamp>1264271280000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>The attack installs a Trojan <b>horse program</b> that is able to bypass some security products</p></div><p>I don't see why you're so worried, this obviously refers to the equestrian unit.</p></div>
	</htmltext>
<tokenext>The attack installs a Trojan horse program that is able to bypass some security productsI do n't see why you 're so worried , this obviously refers to the equestrian unit .</tokentext>
<sentencetext>The attack installs a Trojan horse program that is able to bypass some security productsI don't see why you're so worried, this obviously refers to the equestrian unit.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776</id>
	<title>This clearly needs 10 more stories</title>
	<author>Anonymous</author>
	<datestamp>1264263480000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>1</modscore>
	<htmltext>This has been covered ad nauseum here. Do we really need an update every 10 hours? A bug was exploited, it is now patched. Anyone who falls victim to it now deserves to do.
<br> <br>
No doubt there'll be more stories about this. Was the patch larger than it needed to be? Does the patch break applications (it already breaks ones that exploited! It must break more!). Is Microsoft's failure to patch speedily yet another indication that Obama's administration is failing to meet its promises?
<br> <br>
Stay tuned as Slashdot milks this story for another week!</htmltext>
<tokenext>This has been covered ad nauseum here .
Do we really need an update every 10 hours ?
A bug was exploited , it is now patched .
Anyone who falls victim to it now deserves to do .
No doubt there 'll be more stories about this .
Was the patch larger than it needed to be ?
Does the patch break applications ( it already breaks ones that exploited !
It must break more ! ) .
Is Microsoft 's failure to patch speedily yet another indication that Obama 's administration is failing to meet its promises ?
Stay tuned as Slashdot milks this story for another week !</tokentext>
<sentencetext>This has been covered ad nauseum here.
Do we really need an update every 10 hours?
A bug was exploited, it is now patched.
Anyone who falls victim to it now deserves to do.
No doubt there'll be more stories about this.
Was the patch larger than it needed to be?
Does the patch break applications (it already breaks ones that exploited!
It must break more!).
Is Microsoft's failure to patch speedily yet another indication that Obama's administration is failing to meet its promises?
Stay tuned as Slashdot milks this story for another week!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504</id>
	<title>Re:kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264277520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sorry to pop your fantasy bubble, but IE, Windows, Office, Visual Studio and
pretty much everyting else we ship build every day.   That includes all the flavors: release, checked (debug), 32-bit, 64- bit, Itanium (yes, we still build that), and several languages.
The build pretty quickly to - usually just a few hours. This is from
100\% source to a fully installable product. </p><p>With few exceptions, the code base is very 'clean'.  That's true for most our products as well.  For example, we have what we call 'MQ' phases of a project where we do nothing but clean things up.
Of course, nothing is perfect: one thing great about code is that it can always
be better. Thats true for our code, and others as well.</p><p>So are you are calling people at Microsoft shitty? If you are than
Ill ask you this: Really? Is that the best you can do?
Name calling? Okey dokey then...</p></htmltext>
<tokenext>Sorry to pop your fantasy bubble , but IE , Windows , Office , Visual Studio and pretty much everyting else we ship build every day .
That includes all the flavors : release , checked ( debug ) , 32-bit , 64- bit , Itanium ( yes , we still build that ) , and several languages .
The build pretty quickly to - usually just a few hours .
This is from 100 \ % source to a fully installable product .
With few exceptions , the code base is very 'clean' .
That 's true for most our products as well .
For example , we have what we call 'MQ ' phases of a project where we do nothing but clean things up .
Of course , nothing is perfect : one thing great about code is that it can always be better .
Thats true for our code , and others as well.So are you are calling people at Microsoft shitty ?
If you are than Ill ask you this : Really ?
Is that the best you can do ?
Name calling ?
Okey dokey then.. .</tokentext>
<sentencetext>Sorry to pop your fantasy bubble, but IE, Windows, Office, Visual Studio and
pretty much everyting else we ship build every day.
That includes all the flavors: release, checked (debug), 32-bit, 64- bit, Itanium (yes, we still build that), and several languages.
The build pretty quickly to - usually just a few hours.
This is from
100\% source to a fully installable product.
With few exceptions, the code base is very 'clean'.
That's true for most our products as well.
For example, we have what we call 'MQ' phases of a project where we do nothing but clean things up.
Of course, nothing is perfect: one thing great about code is that it can always
be better.
Thats true for our code, and others as well.So are you are calling people at Microsoft shitty?
If you are than
Ill ask you this: Really?
Is that the best you can do?
Name calling?
Okey dokey then...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870434</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30876128</id>
	<title>Re:kind of makes you wonder</title>
	<author>X0563511</author>
	<datestamp>1264272720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So then, what is the justification for such bugs "laying" around for so long? Perhaps you are doing something. What then? You are a black box to 99\% of the people out there, some indication of activity on the issue would probably be appreciated.</p><p>All we can see is: bug gets noticed, and - maybe - it gets fixed in a few weeks, a month, maybe longer.</p><p>Can you really fault us for having this opinion, if you look from our perspective?</p></htmltext>
<tokenext>So then , what is the justification for such bugs " laying " around for so long ?
Perhaps you are doing something .
What then ?
You are a black box to 99 \ % of the people out there , some indication of activity on the issue would probably be appreciated.All we can see is : bug gets noticed , and - maybe - it gets fixed in a few weeks , a month , maybe longer.Can you really fault us for having this opinion , if you look from our perspective ?</tokentext>
<sentencetext>So then, what is the justification for such bugs "laying" around for so long?
Perhaps you are doing something.
What then?
You are a black box to 99\% of the people out there, some indication of activity on the issue would probably be appreciated.All we can see is: bug gets noticed, and - maybe - it gets fixed in a few weeks, a month, maybe longer.Can you really fault us for having this opinion, if you look from our perspective?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870240</id>
	<title>Re:Exactly how does it work.</title>
	<author>Anonymous</author>
	<datestamp>1264267980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p>but I do have a CCNA cert</p></div></blockquote><p>But haven't managed to master basic written English. That's about par for the course these days.</p></div>
	</htmltext>
<tokenext>but I do have a CCNA certBut have n't managed to master basic written English .
That 's about par for the course these days .</tokentext>
<sentencetext>but I do have a CCNA certBut haven't managed to master basic written English.
That's about par for the course these days.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869926</id>
	<title>Re:This clearly needs 10 more stories</title>
	<author>Anonymous</author>
	<datestamp>1264264980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>This has been covered ad nauseum here. Do we really need an update every 10 hours? A bug was exploited, it is now patched. Anyone who falls victim to it now deserves to do.</p></div><p>Thats not entirely fair. It's not practical for many people to update all systems within a day or two. Most organizations don't move that fast.</p></div>
	</htmltext>
<tokenext>This has been covered ad nauseum here .
Do we really need an update every 10 hours ?
A bug was exploited , it is now patched .
Anyone who falls victim to it now deserves to do.Thats not entirely fair .
It 's not practical for many people to update all systems within a day or two .
Most organizations do n't move that fast .</tokentext>
<sentencetext>This has been covered ad nauseum here.
Do we really need an update every 10 hours?
A bug was exploited, it is now patched.
Anyone who falls victim to it now deserves to do.Thats not entirely fair.
It's not practical for many people to update all systems within a day or two.
Most organizations don't move that fast.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871720</id>
	<title>MSFT has no reasonable excuses</title>
	<author>Anonymous</author>
	<datestamp>1264278780000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>3 billion dollars in profit a quarter. Just think about that. That is 120k software developers paid 100k a year. That's how many more people they could have fixing any bug you have. It may be unreasonable to ask a public company to not make a profit, but it is quite reasonable, that, even with the mythical man month, they could hire 5k more developers and testers and fix this BS. This was the size of the Windows 2000 team, when I was there that year.</p><p>I knew IE 6 was going to be bad though - people from the QA team came to me and asked if managers in other teams tell you to stop entering bugs because it makes the dev team look bad. Seriously. Trident was even worse.</p></htmltext>
<tokenext>3 billion dollars in profit a quarter .
Just think about that .
That is 120k software developers paid 100k a year .
That 's how many more people they could have fixing any bug you have .
It may be unreasonable to ask a public company to not make a profit , but it is quite reasonable , that , even with the mythical man month , they could hire 5k more developers and testers and fix this BS .
This was the size of the Windows 2000 team , when I was there that year.I knew IE 6 was going to be bad though - people from the QA team came to me and asked if managers in other teams tell you to stop entering bugs because it makes the dev team look bad .
Seriously. Trident was even worse .</tokentext>
<sentencetext>3 billion dollars in profit a quarter.
Just think about that.
That is 120k software developers paid 100k a year.
That's how many more people they could have fixing any bug you have.
It may be unreasonable to ask a public company to not make a profit, but it is quite reasonable, that, even with the mythical man month, they could hire 5k more developers and testers and fix this BS.
This was the size of the Windows 2000 team, when I was there that year.I knew IE 6 was going to be bad though - people from the QA team came to me and asked if managers in other teams tell you to stop entering bugs because it makes the dev team look bad.
Seriously. Trident was even worse.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873642</id>
	<title>Re:Bundling</title>
	<author>mce</author>
	<datestamp>1264249560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
Because some problems interact. For instance because they affect the same code modules and fixing them one by one would actually be require more work overall - possibly involving additional throwaway temporary work. This could even delay getting them both fixed compared to fixing them in one go.
</p></htmltext>
<tokenext>Because some problems interact .
For instance because they affect the same code modules and fixing them one by one would actually be require more work overall - possibly involving additional throwaway temporary work .
This could even delay getting them both fixed compared to fixing them in one go .</tokentext>
<sentencetext>
Because some problems interact.
For instance because they affect the same code modules and fixing them one by one would actually be require more work overall - possibly involving additional throwaway temporary work.
This could even delay getting them both fixed compared to fixing them in one go.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871980</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870228</id>
	<title>Re:This clearly needs 10 more stories</title>
	<author>the eric conspiracy</author>
	<datestamp>1264267920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>The problem is that M$ gets the timeline wrong so often. It should be:</p><p>1. Find bug<br>2. Patch bug</p><p>Not:</p><p>1. Find bug<br>2. Ignore bug for n months<br>3. News released about exploit<br>
&nbsp; compromising customers installations<br>
&nbsp; causing international incident.<br>4. Release self serving announcement<br>
&nbsp; that other systems are not affected<br>5. More exploits appear<br>
&nbsp; affecting larger numbers of customers<br>6. Patch bug</p><p>Until this irresponsible behavior stops there should ba a lot more stories. These guys need to have the light shown on their absurd practices as brightly as possible.</p></htmltext>
<tokenext>The problem is that M $ gets the timeline wrong so often .
It should be : 1 .
Find bug2 .
Patch bugNot : 1 .
Find bug2 .
Ignore bug for n months3 .
News released about exploit   compromising customers installations   causing international incident.4 .
Release self serving announcement   that other systems are not affected5 .
More exploits appear   affecting larger numbers of customers6 .
Patch bugUntil this irresponsible behavior stops there should ba a lot more stories .
These guys need to have the light shown on their absurd practices as brightly as possible .</tokentext>
<sentencetext>The problem is that M$ gets the timeline wrong so often.
It should be:1.
Find bug2.
Patch bugNot:1.
Find bug2.
Ignore bug for n months3.
News released about exploit
  compromising customers installations
  causing international incident.4.
Release self serving announcement
  that other systems are not affected5.
More exploits appear
  affecting larger numbers of customers6.
Patch bugUntil this irresponsible behavior stops there should ba a lot more stories.
These guys need to have the light shown on their absurd practices as brightly as possible.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086</id>
	<title>Re:kind of makes you wonder</title>
	<author>BartholomewBernsteyn</author>
	<datestamp>1264266600000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw. Until he does, you can do nothing but become increasingly concerned, since you're left to the increasing danger of having your machine compromised in the meantime.
This might be the right time to educate people about the main merit of open source software: As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.

0day? Fixed tomorrow!</htmltext>
<tokenext>That is the main problem with closed source software ; in the event of a security hole , you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw .
Until he does , you can do nothing but become increasingly concerned , since you 're left to the increasing danger of having your machine compromised in the meantime .
This might be the right time to educate people about the main merit of open source software : As soon as a security hole is discovered , virtually anyone can contribute to a timely resolution .
0day ? Fixed tomorrow !</tokentext>
<sentencetext>That is the main problem with closed source software; in the event of a security hole, you as a customer / company are left to the mercy / arrogance of your software vendor to patch the flaw.
Until he does, you can do nothing but become increasingly concerned, since you're left to the increasing danger of having your machine compromised in the meantime.
This might be the right time to educate people about the main merit of open source software: As soon as a security hole is discovered, virtually anyone can contribute to a timely resolution.
0day? Fixed tomorrow!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870262</id>
	<title>Re:kind of makes you wonder</title>
	<author>Penguinisto</author>
	<datestamp>1264268160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>I'm the last guy you can accuse of being a Microsoft fanboy, but let's be fair on at least one aspect: it is helpful if the patches do their job (closing the hole) without breaking functionality (especially with enterprise software, where Microsoft counts its biggest customers).</p><p>I agree perfectly that it is a fundamental flaw in proprietary software to have potentially exploitable vulns that only, say, Microsoft and maybe the script kiddies know about. I further agree that failing to disclose them prevents users from implementing some sort of work-around (depending on severity, blocking certain script actions at the proxy, implementing certain GPO actions to mitigate damage, etc). OTOH, most of Microsoft's customer base wouldn't even know what a work-around is (aside from just using a different browser, which is probably not what you'll see Microsoft recommending).</p><p>The nasty stuff is lurking in there, certainly. Whether the bad guys know about it and can actually use it is another matter. I personally subscribe to the philosophy of full disclosure - it is better that everyone using the product know about flaws in it, if only to protect themselves. OTOH, I can see and appreciate (though not quite agree to) the opposite tack of limiting fields of research for the bad guys, as evidenced by the bad guys' habit (among others) of sifting through patches to find the flaws... where I part ways is in knowing that the patch-sifting is only one of many tools in which to find vulns. Whether it is the most popular method or not, I do not know.</p></htmltext>
<tokenext>I 'm the last guy you can accuse of being a Microsoft fanboy , but let 's be fair on at least one aspect : it is helpful if the patches do their job ( closing the hole ) without breaking functionality ( especially with enterprise software , where Microsoft counts its biggest customers ) .I agree perfectly that it is a fundamental flaw in proprietary software to have potentially exploitable vulns that only , say , Microsoft and maybe the script kiddies know about .
I further agree that failing to disclose them prevents users from implementing some sort of work-around ( depending on severity , blocking certain script actions at the proxy , implementing certain GPO actions to mitigate damage , etc ) .
OTOH , most of Microsoft 's customer base would n't even know what a work-around is ( aside from just using a different browser , which is probably not what you 'll see Microsoft recommending ) .The nasty stuff is lurking in there , certainly .
Whether the bad guys know about it and can actually use it is another matter .
I personally subscribe to the philosophy of full disclosure - it is better that everyone using the product know about flaws in it , if only to protect themselves .
OTOH , I can see and appreciate ( though not quite agree to ) the opposite tack of limiting fields of research for the bad guys , as evidenced by the bad guys ' habit ( among others ) of sifting through patches to find the flaws... where I part ways is in knowing that the patch-sifting is only one of many tools in which to find vulns .
Whether it is the most popular method or not , I do not know .</tokentext>
<sentencetext>I'm the last guy you can accuse of being a Microsoft fanboy, but let's be fair on at least one aspect: it is helpful if the patches do their job (closing the hole) without breaking functionality (especially with enterprise software, where Microsoft counts its biggest customers).I agree perfectly that it is a fundamental flaw in proprietary software to have potentially exploitable vulns that only, say, Microsoft and maybe the script kiddies know about.
I further agree that failing to disclose them prevents users from implementing some sort of work-around (depending on severity, blocking certain script actions at the proxy, implementing certain GPO actions to mitigate damage, etc).
OTOH, most of Microsoft's customer base wouldn't even know what a work-around is (aside from just using a different browser, which is probably not what you'll see Microsoft recommending).The nasty stuff is lurking in there, certainly.
Whether the bad guys know about it and can actually use it is another matter.
I personally subscribe to the philosophy of full disclosure - it is better that everyone using the product know about flaws in it, if only to protect themselves.
OTOH, I can see and appreciate (though not quite agree to) the opposite tack of limiting fields of research for the bad guys, as evidenced by the bad guys' habit (among others) of sifting through patches to find the flaws... where I part ways is in knowing that the patch-sifting is only one of many tools in which to find vulns.
Whether it is the most popular method or not, I do not know.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750</id>
	<title>kind of makes you wonder</title>
	<author>Anonymous</author>
	<datestamp>1264263120000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>in TFA: <i>The flaw was in the Microsoft Security Response Center's (MSRC) <b>queue to be fixed in the the next batch</b> of patches due in February but the targeted zero-day attacks against U.S. </i></p><p>Kinda makes you wonder just <b>how many</b> of these critical security bugs IE currently has in their queue to be fixed "sometime in the near future"?</p><p>And at the same time you have to wonder just how <b>nasty</b> some of the others are that haven't made the cut yet, just waiting to become the next "zero day we own your computer, again"?  We see how big of an issue this is, and MS was clearly in no hurry to fix it, so you'd have to assume that there are at least a few more of these that they know about and aren't fixing yet.</p></htmltext>
<tokenext>in TFA : The flaw was in the Microsoft Security Response Center 's ( MSRC ) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. Kinda makes you wonder just how many of these critical security bugs IE currently has in their queue to be fixed " sometime in the near future " ? And at the same time you have to wonder just how nasty some of the others are that have n't made the cut yet , just waiting to become the next " zero day we own your computer , again " ?
We see how big of an issue this is , and MS was clearly in no hurry to fix it , so you 'd have to assume that there are at least a few more of these that they know about and are n't fixing yet .</tokentext>
<sentencetext>in TFA: The flaw was in the Microsoft Security Response Center's (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. Kinda makes you wonder just how many of these critical security bugs IE currently has in their queue to be fixed "sometime in the near future"?And at the same time you have to wonder just how nasty some of the others are that haven't made the cut yet, just waiting to become the next "zero day we own your computer, again"?
We see how big of an issue this is, and MS was clearly in no hurry to fix it, so you'd have to assume that there are at least a few more of these that they know about and aren't fixing yet.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870008</id>
	<title>Re:threat?</title>
	<author>v1</author>
	<datestamp>1264265820000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>What's unfortunate here is there's still a lot of people out there that don't understand why some security researchers publish security bugs they find.  It's issues like this where <i>"We reported this to you FOUR MONTHS AGO and you haven't fixed it yet.  We're going public with it tomorrow."</i>  Oh noes!  Everyone's computer getting owned, it's all your fault, you should keep security bugs QUIET so we have time to fix them!.</p><p>Ya, right, whatever.  They don't want the researchers to keep the bugs quiet so they "have time to fix them".  Clearly four months is more than enough time to fix anything important.  So, just <i>how many more</i> of these critical security bugs are we continuing to keep under wraps until someone exploits them before getting around to fixing?  The logical conclusion is the researchers should give companies like MS a flat 30 days notice, and then go public immediately after that.  At least we'd be getting the bugs patched 35 days after discovery, instead of 130 days.  Either way, the amount of exposure we experience is the same, they're going to drag their feet until someone lights a fire under them.  The only one this "irresponsible disclosure" hurts is the publisher.  In the end, it <i>helps</i> the users, because the publishers now have a concrete deadline to avoid losing face, rather than <b>"lets hope no one else discovers this before spring".</b></p><p>We don't need them gambling with our security, and that's exactly what they're pushing with their cries for "responsible disclosure".</p></htmltext>
<tokenext>What 's unfortunate here is there 's still a lot of people out there that do n't understand why some security researchers publish security bugs they find .
It 's issues like this where " We reported this to you FOUR MONTHS AGO and you have n't fixed it yet .
We 're going public with it tomorrow .
" Oh noes !
Everyone 's computer getting owned , it 's all your fault , you should keep security bugs QUIET so we have time to fix them ! .Ya , right , whatever .
They do n't want the researchers to keep the bugs quiet so they " have time to fix them " .
Clearly four months is more than enough time to fix anything important .
So , just how many more of these critical security bugs are we continuing to keep under wraps until someone exploits them before getting around to fixing ?
The logical conclusion is the researchers should give companies like MS a flat 30 days notice , and then go public immediately after that .
At least we 'd be getting the bugs patched 35 days after discovery , instead of 130 days .
Either way , the amount of exposure we experience is the same , they 're going to drag their feet until someone lights a fire under them .
The only one this " irresponsible disclosure " hurts is the publisher .
In the end , it helps the users , because the publishers now have a concrete deadline to avoid losing face , rather than " lets hope no one else discovers this before spring " .We do n't need them gambling with our security , and that 's exactly what they 're pushing with their cries for " responsible disclosure " .</tokentext>
<sentencetext>What's unfortunate here is there's still a lot of people out there that don't understand why some security researchers publish security bugs they find.
It's issues like this where "We reported this to you FOUR MONTHS AGO and you haven't fixed it yet.
We're going public with it tomorrow.
"  Oh noes!
Everyone's computer getting owned, it's all your fault, you should keep security bugs QUIET so we have time to fix them!.Ya, right, whatever.
They don't want the researchers to keep the bugs quiet so they "have time to fix them".
Clearly four months is more than enough time to fix anything important.
So, just how many more of these critical security bugs are we continuing to keep under wraps until someone exploits them before getting around to fixing?
The logical conclusion is the researchers should give companies like MS a flat 30 days notice, and then go public immediately after that.
At least we'd be getting the bugs patched 35 days after discovery, instead of 130 days.
Either way, the amount of exposure we experience is the same, they're going to drag their feet until someone lights a fire under them.
The only one this "irresponsible disclosure" hurts is the publisher.
In the end, it helps the users, because the publishers now have a concrete deadline to avoid losing face, rather than "lets hope no one else discovers this before spring".We don't need them gambling with our security, and that's exactly what they're pushing with their cries for "responsible disclosure".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874076</id>
	<title>Re:kind of makes you wonder</title>
	<author>nev\_ski</author>
	<datestamp>1264253460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>A scary thought but true nonetheless</htmltext>
<tokenext>A scary thought but true nonetheless</tokentext>
<sentencetext>A scary thought but true nonetheless</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874076
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870262
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871182
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871216
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873084
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870038
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871508
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870966
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870260
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30887408
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870016
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871230
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30884110
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870240
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30876128
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871162
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874292
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872712
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870502
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30902518
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30878690
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872712
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870498
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870008
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870866
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870134
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869858
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870482
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30877162
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870900
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871766
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30877042
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871344
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871456
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870228
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870122
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870016
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873642
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871980
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_23_1429207_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869926
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869776
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870228
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869926
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870134
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869858
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870016
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870122
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30887408
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869798
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869986
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869720
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869802
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871162
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870038
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870240
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871182
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869758
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870502
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870008
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870498
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870482
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870748
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870112
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30869750
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870672
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870434
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871504
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872712
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30878690
-----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30902518
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874292
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30876128
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870260
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30872146
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870262
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870086
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870866
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871344
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30877042
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30884110
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871216
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30877162
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871230
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870900
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871462
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873084
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870506
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30874076
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871980
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30873642
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871766
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871456
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_23_1429207.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870778
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30871508
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_23_1429207.30870966
</commentlist>
</conversation>
