One of the poets who led the Easter Rising, Padraig Pearse, wrote a letter in prison “to the General Commanding British forces in Ireland”. He requested his captors preserve four poems taken from him and deliver them to his mother or sister. Apparently the original letter is soon to be auctioned in Dublin.
More information is available from the BBC:
The title is a mouthful, but I was trying to capture the irony of the problem. You know Microsoft still has not solved its core problems when they release security software that introduces security holes into the operating system it is meant to protect.
An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.
They say there are no mitigating factors, which I find odd. They often say “do not read HTML-formatted text” is the mitigating factor for email flaws in Outlook. Perhaps they feel “block PDFs” is too strong a statement (stop the business?), but richly formatted email is merely a feature that can be turned off without losing content. Or maybe they do not want to upset their friends at Adobe yet there is no corporation to stand up for HTML formatted email. Interesting that the exploit apparently can escape the local user privileges and take over the complete system. Ooops.
This vulnerability, credited to Neel Mehta and Alex Wheeler, reminds me of a meeting I once had (well, dinner) with them. They are super nice guys and I found the message they sell very straightforward — don’t do dumb things like repeat simple mistakes when you write software. Quality, not quantity. That sort of stuff. It’s not rocket science, they said.
Did I mention that Vista is also affected?
Again we see that the stakes are so low in the rapid-release style of consumer software management that companies probably figure they can clean up things or tidy code later, perhaps even after it has reached millions of users. Bad for us, good for them as long as there is no backlash since the risks are captured mainly in externalities. Integer overflows on a rocket (speaking of science) may be a high profile explosive and expensive error, but my guess is that if you sum the number of incidents from an integer overflow mistake on desktop software you might come out with a similar total, just distributed. The cost accounting gets really messy when you find viruses written to spread via flaws in the antivirus tools themselves. Try to figure out the ROI on that one, Symantec.
I thought Dell made this commitment years ago (around the time I gave up on them for taking too long to support Linux) but I guess upper management is still not convinced and has only just realized they should have been pre-installing Linux all these years. A survey cited by the BBC shows just how far things have come:
Earlier this year, 100,000 people took part in a Dell survey. More than 70% of respondents said they would use Linux.
That is a lot of penguins!
Sad that it takes such a vast majority before Dell is comfortable announcing that they have “heard” their users. Wonder what percentage cited quality or security as their primary reason for the switch?
Speaking of ignoring reality, remember when Steve Ballmer compared open source to Communism and said Linux will never make it to the desktop? I find him to be an annoyingly ignorant fool when it comes to history and politics. Anyone that has used open source software must know that they are in the hands of not only the most brilliant minds but some of the most modest and caring hands in the world. Even Microsoft has to play catch-up by copying the ideas generated outside their halls. Vista is probably their closest attempt yet to copy Unix.
Good to hear Dell is finally trying to escape the choke-hold and embrace the free-thinking alternative to the Microsoft OS. So many years wasted, but at least Gates never succeeded in his plan to crush anyone who thought they could give something away for free. Let us not forget his ironically “open letter” from 1976, explaining the pogrom he was about to wage against American software developers that thought too openly or tried to share ideas without monetizing them:
One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in hobby software. […] Most directly, the thing you do is theft.
I guess we can just say it is a good thing he only hated software “hobbyists” instead of turning his taunts towards some race or religion? And isn’t it funny how the Gates method has produced some of the worst software and most liabilities for the users while amazingly high quality software continues to grow from an open and free source. All the more reason why it is strange for Harvard to suddenly decide to give the guy a degree in their name, especially just after his philanthropy has been accused of ulterior motives:
After the LA Times reported that the Gates Foundation often invests in companies hurting the very communities Bill and Melinda want to help, the Seattle Times reported the foundation planned ‘a systematic review of its investments to determine whether it should pull its money out of companies that are doing harm to society’. Shortly after that interview, the Gates Foundation took down their public statement on this and replaced it with a significantly altered version which seems to say that investing responsibly would just be too complex for them and that they need to focus on their core mission
According to some friends in the investment community, this core mission could be to find a place their wealth can continue to grow without risk of consumer resentment, government regulation or taxes. Just like Gates’ aim to “help” the software industry, his aim to fix ailments could really just be another strategic money and power-grab that could have serious long-term negative affects (e.g. bolstering harmful business practices) on those who believe his story.
Meanwhile, back to the real world of philanthrophy:
Captain Ronnie Young of the United States Air Force says that Craigslist and Google Earth, both popular freebies, saved lives during the Hurricane Katrina disaster. “Just because it’s free, that doesn’t mean it’s not up to the task of doing great things,” Young says.
A comment by someone on my post about the death of the Armenian PM got me thinking about export death and tobacco. I did a little reading and searching and ran into a Trade and Environment Database (TED) report called Zimbabwe Tobacco Exports (ZIMTOBAC Case). I think it’s from 1994 and it has some interesting claims. Consider, for example, this little nugget in the Description section:
Tobacco smoke is the most widespread of known pollutants. In developed countries, ethanol and tobacco are the two principal causes of avoidable death.
Based on what? More than lead? More than mercury? And what’s that about ethanol?
A little more reading and it appears it has been flagged by the EPA. Here is a revealing story from 2002:
Factories that convert corn into the gasoline additive ethanol are releasing carbon monoxide, methanol and some carcinogens at levels “many times greater” than they promised, the government says.
[…]
States started measuring VOC emissions at ethanol plants about a year ago following complaints of foul odors. One small facility in St. Paul, Minn., had to install $1 million in pollution control equipment to reduce the emissions.
“To the extent that this new test procedure is identifying new VOC emissions, the industry has certainly agreed to address those,” said Bob Dinneen, president of the Renewable Fuels Association, the recipient of EPA’s letter.
Is that ethanol pollution or ethanol plant pollution? A study from 1997 speaks directly of pollution from ethanol fuel:
A recent field study in Albuquerque, N.M., published this month in Environmental Science & Technology, showed that use of ethanol fuels leads to increased levels of toxins called aldehydes and peroxyacyl nitrates (PAN).
[…]
PAN is highly toxic to plants and is a powerful eye irritant. It has been measured in many areas of the world, indicating that it can be carried by winds throughout the globe.
“Although these pollutants are not currently regulated,” said Argonne chemist Jeff Gaffney, “their potential health and environmental effects should be considered in determining the impact of alternative fuels on air quality.”
Incidentally, Dinneen’s comment reminds me of a discussion I had recently with a guy in charge of thousands of servers running all over the world. He had the classic “tell me what’s wrong, but don’t tell me anything I don’t want to know” approach to risk management. Yes, it’s contradictory. Or maybe I should say he did not seem to fully appreciate the opportunity to review a comprehensive list of issues in order to prioritize risks to his environment. Even my basic tests revealed important risks, but he slipped into denial and then anger when a messenger brought the message. Eventually he agreed to a Dinneen-like position — to address things brought to his attention. More on that later.
Back to the ethanol, it turns out that a million dollars spent on emission controls is just the beginning of the story on the Minnesota plant. Data released by the Minnesota Pollution Control Agency and the US Department of Justice showed that there were to be impressive results:
The agreements announced today will ensure each plant installs air pollution control equipment to greatly reduce air emissions such as volatile organic compounds (VOCs) by 2,400-4,000 tons per year and carbon monoxide (CO) emissions by 2,000 tons per year. In addition to contributing to ground-level ozone (smog), VOCs can cause serious health problems such as cancer and other effects; CO is harmful because it reduces oxygen delivery to the body’s organs and tissues. The settlement also will result in annual reductions of nitrogen oxides (NOx) by 180 tons, particulate matter (PM) by 450 tons and hazardous air pollutants by 250 tons.
This of course was the tail end of the Clinton EPA and the start of the Bush and Cheney policies to remove regulation of harmful emissions, as a Washington Post story explains with regard to coal:
The case against Duke Energy was one of many initiated by the EPA across the country in the waning days of the Clinton administration.
The Clinton crackdown was bitterly opposed by utilities, and the Bush administration promised to change EPA enforcement policy.
But the EPA continued to press cases that were already pending when the administration took office in 2001, so the Bush EPA and Environmental Defense had been on the same side of the Duke Energy case until the 4th Circuit’s ruling.
That soon changed. I’m certain Cheney or one of his minions thinks it is best for the industry to shoot messengers who bring the wrong messages instead of spending efforts on innovation and research to solve the actual problems. Solving problems requires that he acknowledge they exist and address them.
So, with the high profile of this coal case and the number of deaths cited I am curious if ethanol actually has a higher risk?
Environmental Defense says that about 17,000 facilities are covered by the rules, and it cites studies that show 20,000 premature deaths per year traceable to pollution from coal-fired plants.
The decision on coal is apparently due this July. Wonder if it will set a precedent for other energy companies, especially as the Bush administration appears to want to pander to the corn lobby with bold invitations into the fuel industry.
Still looking for data on ethanol-related deaths in industrialized countries…