Although I do believe that ESR is so self-centered, I'm amazed that the world hasn't started revolving around his ego, he is still capable of understanding WHAT arguments are important.
And this is one such time.
The argument that closed-source should be immune from disclosure of one type of failure or another is stupid and naive. If Microsoft had claimed that people should not disclose the color of the page showing kernel panics, people would laugh. So what's the big f'ing difference?
The difference is that these specific faults give Microsoft a Bad Name, especially at a time when security is such a Big Issue. That's it.
(Actually, under the Unified Copyright Act, even the publication of the color of the GPF screen would be a Federal Offence.)
However, sticking with sanity for a moment, what is the big deal if someone published the statement that doing X, Y and Z will give you system admin priviliges? Who, seriously, even WANTS access to a Microsoft box???
However, let's assume that someone does, and is not in therapy or hospitalized. First, what the hell is a mision-critical box doing exposed on the Internet, with no firewall?
Ok, ok, admins can be naive and bloody stupid, and don't deserve to be boiled in hot oil for it. Well, not usually. However, this gets to the second point.
The second point is that the failures exist, whether they are known about or not. Worse, when there is one error, there are usually a whole host of related errors. Non-fatal bugs are still bugs, and can cause data corruption.
So, we have a choice. "Crackers" corrupting data, or users doing all on their own, in total ignorance. Ignorance may be bliss, but bliss is a piss-poor excuse to give your boss, if you can't give him/her your reports on time.
This leads me to the third point - the absolute requirement imposed on ALL other merchandise: that it be fit for the purpose for which it was designed. This law should be imposed on ALL merchandise. If that means programmers need to work a little harder, so be it. I don't mind purtting in a few extra minutes to fix the bugs in my code.
Yes, I did say minutes. Ooops! You mean, Microsoft coders are incompetent? You think that would pass by a judge, if it was a company making electric heaters, which kept burning houses down?
How could I possibly fix my bugs in minutes? It's called good coding practices, good design practices, some intelligence, and the wonders of a good compiler development kit (gcc and gdb).
If you program in BASIC (visual or otherwise), the liklihood of an error is high. It's unstructured beyond belief, and coders are typically the dregs of society, never mind the programming world.
Is that elitism? Probably. On the other hand, not all elitism is undeserved. SIXTY FIVE THOUSAND known bugs in Windows 2000, when it was released? Sorry, but there is no excuse for such a pathetic showing. Even assuming slow progress and poor communication, a competent team of programmers should be able to fix 1 bug per programmer per 10 minutes of work.
So, 10 programmers (a typical team size) should resolve 1 bug per minute, on average. So, 10 coders should have been able to fix the entire of Windows 2000 in 27 working weeks. Don't even begin to tell me that the overrun was less than that, and that Microsoft couldn't afford 10 debuggers.
Conclusion: Microsoft's "request" (read: demand) is in moral (although not legal) violation of the Consumer Protection legislation, is endangering users by exposing their work to concealed hazards, and is promoting dangerous network practices.
Last point, and then I'll shut up. Let's say that Microsoft knows that doing X, Y and Z will provide admin privs, but has not released this information publicly. (How can I possibly believe that they'd do that? Because there are 65,000+ such examples.) Let's say a terrorist gets into Microsoft and finds this flaw. You think they'll do the Right Thing and throw that information away? Not Bloody Likely!