Polarman

In The Washington Monthly, Kevin Drum discusses a new SEC disclosure requirement.  I am in favor of transparent executive pay.  Various schemes such as deferred compensation, executive suites, use of corporate planes leads to confusing shareholders or the IRS.  Just spell out what the executives make in total.  How hard is that?

I agree with Kip in  A Stitch in Haste On English-Only Drivers Licenses. Of course, I agree with him so much of the time, I was tempted to name my blog "Me too!".

Fred Wilson says that when the Baby Bells are talking about charging Google to deliver their pages at the same fast rate as everyone else that the telco's are jealous of Google's margins and stock performance.  I am outraged by this concept and only a bunch of Monopolies like BellSouth and Verizon could suggest it.  It's exactly like an airline being told by your travel agent that you're ultimately going to be staying at a Four Seasons hotel.  So the airline calls up the Four Seasons and says "Hey, pay up a spiff or your customer will have his packets, er, I mean his lugguage delayed."  It's a kind of blackmail:  "Google, If you don't pay up, I'll slow down your bytes so that everyone will switch to your competitors". 

I believe the real reason that the Baby Bells are talking about this concept is the threat that VOIP has to their traditional phone service.  They absolutely need to slow down and add static to Vonage and competitors so that they will continue to be able to charge monopoly rates for phone service.

I hope that WiMAX or some other technology gives these dinosaurs the competition they richly deserve.

Glenn Fleishman says Municipalities Forced into Broadband Business.  This is similar to why cities must build stadiums to subsidize rich football teams and baseball owners.  Private money doesn't see the justification so get the tax payers to do it since "everyone" wants it.  One of the justifications is that you give someone (Verizon, etc) an exclusive license to do something and then regulate their rates.  Since their rates are capped, they naturally want to give as little as they can for that amount of money.  Since they are now not giving everything that some of the people might want, that's justification to have the taxpayers pay up for the rest. 

Ed Bott says that Microsoft did the right thing by under promising and over delivering on the WMF fix.  I agree.  However, I would have liked to have seen more agressive blocking of the WMF exploit other than by the Operating System group at Microsoft.  I think hotmail could have blocked it; MSN messenger, etc.  I was pleased to hear that they had something like 200 people working on the problem.  To coordinate that big of team in a short time is pretty remarkable.

Link: Sunbelt BLOG: Get safer web browsing with the Vmware Browser Appliance.  Wow, this is a cool idea.  I've occasionally fired up VMware or Virtual PC to do something similar to this, but to have it all bundled sounds very intriguing.

In the WSJ Law Blog : Judge to Scrushy: Give HealthSouth Back Its Money.  Who can feel sorry for Richard Scrushy?   He's staying out of jail but might have to give back $47 million of bonus money because the bonuses were performance based and the performance of the company didn't turn out to be real.

Link: Hex blog: Silent WMF Hotfix Installer.

The unapproved WMF hotfix has been improved to allow silent installation.

I just tried Hex blog: WMF Vulnerability Checker at Hexblog.  It crashed on my system.  That's Good, because I have DEP turned on for all programs and that's what should happen when a program tries to execute code in a data segment.

What Microsoft should do about the WMF exploit.

·                 Use automatic update to immediately unregister the shimgvw DLL.  When they’ve fixed the problem, they can turn it back on.

·                 Negotiate to use the current fix of Ilfak Guilfanov’s.  Pay him at least a six digit payment for this.

·                 Immediately patch MSN Messenger to not transmit WMF’s.  This goes double if they are pretending to be a JPEG.

·                 Patch Microsoft Exchange not to send or receive WMF’s. 

·                 Patch Outlook not to send or receive WMF’s.  This should be easy; they already eliminate dangerous items like batch files and executables.

·                 Patch Internet Explorer to not accept WMF’s especially if they are pretending to be a JPEG.  Why do they look inside a file to guess at what it is anyway?

·                 Change hotmail to not transmit or receive WMF’s.

·                 Advertise in all real time media how to react to this.  Set up a special website just for this.

I think Microsoft is acting flatfooted on this very serious exploit.  All of the items I have suggested can be started run in parallel by multiple teams.  I suspect they have one small security team looking at this problem and haven’t really asked every Microsoft team how they can help reduce the risk.  Please, Microsoft, take this problem a lot more seriously!  Scoble has chimed in, maybe that will get some action.