Advogato: “Release early, release often. For programmers that’s written in stone. However, how many non-programmers try (insert favourite opensource/free OS here), fire up that puppy, and find that the ‘released early’ application they sat down to use is ‘buggy’. While it is freshmeat to you and I, to these new end-users, it’s what they’re running away from. And guess what? There is currently no good solution for this… those bugs are generally uninteresting and newbies don’t program yet.”

Caldera: “Researchers at the university of Oulo, Finnland, discovered several remotely exploitable vulnerabilities in ucd-snmp. This security update fixes these vulnerabilities. This update also contains a patch from the SuSE security team that cleans up a number of unchecked memory operations.”

______________________________________________________________________________
                   Caldera International, Inc.  Security Advisory

Subject:                Linux - Various security problems in ucd-snmp
Advisory number:        CSSA-2002-004.0
Issue date:             2002, January 22
Cross reference:
______________________________________________________________________________


1. Problem Description

   Researchers at the university of Oulo, Finnland, discovered several
   remotely exploitable vulnerabilities in ucd-snmp. This security update
   fixes these vulnerabilities. This update also contains a patch from
   the SuSE security team that cleans up a number of unchecked memory
   operations.


2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3                 not vulnerable

   OpenLinux eServer 2.3.1       All packages previous to
   and OpenLinux eBuilder        ucd-snmp-4.2.1-17

   OpenLinux eDesktop 2.4        not vulnerable

   OpenLinux Server 3.1          All packages previous to
                                 ucd-snmp-4.2.1-17

   OpenLinux Workstation 3.1     All packages previous to
                                 ucd-snmp-4.2.1-17

   OpenLinux 3.1 IA64            not vulnerable

   OpenLinux Server 3.1.1        All packages previous to
                                 ucd-snmp-4.2.1-17

   OpenLinux Workstation         All packages previous to
   3.1.1                         ucd-snmp-4.2.1-17



3. Solution

   Workaround

     none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

    not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

    5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

        ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

The corresponding source code package can be found at:

        ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

       39455abae12c26af0767e73ce5fa21ba  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       2a13a2370c9da23d09a9fdfb94242cb0  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       552a1f07b57743ea2f83a77878f8b307  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       02914263b92c14023b6a8a986739975a  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm


   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm 
              ucd-snmp-devel-4.2.1-17.i386.rpm 
              ucd-snmp-tkmib-4.2.1-17.i386.rpm 
              ucd-snmp-utils-4.2.1-17.i386.rpm


6. OpenLinux eDesktop 2.4

    not vulnerable

7. OpenLinux 3.1 Server

    7.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

The corresponding source code package can be found at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

7.2 Verification

       e1f2eab37121fd66aefab49da3f6173b  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       ad7405f4578ca3f25a56d8e5d96020bb  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       980115ed7580c8a772e8111ad1494067  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       48f82f6ee0561fc0961cf99e471a14de  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm


   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm 
              ucd-snmp-devel-4.2.1-17.i386.rpm 
              ucd-snmp-tkmib-4.2.1-17.i386.rpm 
              ucd-snmp-utils-4.2.1-17.i386.rpm


8. OpenLinux 3.1 Workstation

    8.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

The corresponding source code package can be found at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

8.2 Verification

       e1f2eab37121fd66aefab49da3f6173b  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       ad7405f4578ca3f25a56d8e5d96020bb  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       980115ed7580c8a772e8111ad1494067  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       48f82f6ee0561fc0961cf99e471a14de  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm


   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm 
              ucd-snmp-devel-4.2.1-17.i386.rpm 
              ucd-snmp-tkmib-4.2.1-17.i386.rpm 
              ucd-snmp-utils-4.2.1-17.i386.rpm


9. OpenLinux 3.1 IA64

    not vulnerable

10. OpenLinux 3.1.1 Server

    10.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

The corresponding source code package can be found at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

10.2 Verification

       0bf1e8d5ec70518f2b548871fb1d00b7  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       7b8f7fd19b3a0dd61a1113e3d12bd00d  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       b0bf4250ba668660b0c9d859d164e918  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       df84f06b86e973ee8d38f5f995fa7905  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm


   10.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm 
              ucd-snmp-devel-4.2.1-17.i386.rpm 
              ucd-snmp-tkmib-4.2.1-17.i386.rpm 
              ucd-snmp-utils-4.2.1-17.i386.rpm


11. OpenLinux 3.1.1 Workstation

    11.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS

The corresponding source code package can be found at:

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS

11.2 Verification

       0bf1e8d5ec70518f2b548871fb1d00b7  RPMS/ucd-snmp-4.2.1-17.i386.rpm
       7b8f7fd19b3a0dd61a1113e3d12bd00d  RPMS/ucd-snmp-devel-4.2.1-17.i386.rpm
       b0bf4250ba668660b0c9d859d164e918  RPMS/ucd-snmp-tkmib-4.2.1-17.i386.rpm
       df84f06b86e973ee8d38f5f995fa7905  RPMS/ucd-snmp-utils-4.2.1-17.i386.rpm
       6f3b52721566b814f3937f135a82c6f5  SRPMS/ucd-snmp-4.2.1-17.src.rpm


   11.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

         rpm -Fvh ucd-snmp-4.2.1-17.i386.rpm 
              ucd-snmp-devel-4.2.1-17.i386.rpm 
              ucd-snmp-tkmib-4.2.1-17.i386.rpm 
              ucd-snmp-utils-4.2.1-17.i386.rpm



12. References

   This and other Caldera security resources are located at:

    http://www.caldera.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 10987.


13. Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

14. Acknowledgements

   Caldera International wishes to thank the Secure Programming Research
   Group at Oulu University for their work, and for sharing their research
   results in this fashion. We also wish to thank Thomas Biege at SuSE for
   his additional patches.
______________________________________________________________________________

Since the advent of computers, do-it-yourself
documentation has been a foundation of grassroots technology
development. FreeBSD, Linux, Perl, Apache, MySQL, and other core
Internet technologies have flourished with the help of documentation
created by dedicated members of their technical communities. The
O’Reilly Community Press, a new series from technical publisher
O’Reilly & Associates, publishes essential community-generated
documentation. Thanks to that classic user interface, the book, hackers
can now access the wisdom of their community on the bus, at the beach,
or in the bathroom.

“We learned long ago that good, accessible documentation spurs the
development of interesting technologies,” said Tim O’Reilly, founder
and president of O’Reilly & Associates. “And our customers tell us that
they want to wrap their hands around a hard copy of the documentation
they use, even if it’s also available online. Through the O’Reilly
Community Press, we’ll publish the best of the documentation that
emerges from the technical communities we serve.”

Unlike classic O’Reilly animal books, which are created to fill an
information void, the Community Press titles simply provide convenient
printed copies of documentation that is already available online.
Although the books must meet O’Reilly’s standards for containing clear,
useful information, our role is limited to providing manufacturing and
distribution services rather than editorial development. Each book
reflects the editorial voice and organization of the community that has
created it.

As a result, the covers of O’Reilly Community Press titles are distinct
from O’Reilly’s classic animal books. “The series look is a direct
descendent of early O’Reilly Nutshell handbook covers, which featured
simple, classic line drawings printed with black ink on nubbly brown
paper,” said Edie Freedman, O’Reilly’s creative director and original
cover designer. “The oak tree on the cover of the books in the series
represents the organic way the O’Reilly Community Press titles develop.
The covers also evoke the books’ importance to their communities, for
oak trees grace the ‘town common’ in most New England towns, anchoring
the town’s gathering place.”

The first O’Reilly Community Press title, available in April 2002,
is the “MySQL Reference Manual.” Other books in the pipeline include a
new edition of Greg Lehey’s “The Complete FreeBSD” and “DocBook, 2nd
Edition” by Norm Walsh and Lenny Muellner.

About O’Reilly
O’Reilly & Associates is the premier information source for
leading-edge computer technologies. We communicate the knowledge of
experts through our books, conferences, and web sites. Our books, known
for their animals on the covers, occupy a treasured place on the
shelves of the developers building the next generation of software. Our
conferences and summits bring innovators together to shape the
revolutionary ideas that spark new industries. From the Internet to the
Web, Linux, open source, and now peer-to-peer networking, we put
technologies on the map. For more information: http://www.oreilly.com.

O’Reilly is a registered trademark of O’Reilly & Associates, Inc. All
other trademarks are property of their respective owners.

Matthew Rothenberg writes, “Baseline has a scoop story from Mary Jo Foley about Microsoft’s plans to push into the growing enterprise market for customer relationship management. Sources say Microsoft will unveil MSCRM at the Great Plains Convergence conference in March and pitch it to companies with 100 to 1,000 employees.”

Wired.com reports that the Grid, an Open Source, connected-computing project, is “moving out into the real world and has Microsoft’s .Net in its sights.”

sales@qlilinux.com writes:
QliTech Linux Computers is proud to announce their latest addition, the Gen2 to their line of Linux Laptops.

The Gen2, QliTech’s fastest, second generation Linux laptop features a 14.1 LCD Display,
an Intel Pentium 4 processor (up to 2.0Ghz) and is available with up to 1GB of system RAM.

The Gen2 also features a 16MB ATI Mobile Radeon video chipset, onboard 10/100 Mbps lan port,
and optional CDRW / CDRW-DVD Combo Drives.
More information on QliTech’s entire laptop line can be found at:
http://www.qlilinux.com/products/laptops/index.htm l

QliTech Linux Computers are available with the customers choice of Linux distribution pre-installed,
as well as Sun Microsystems’ Star Office.
Laptops feature a 1 year parts and labor warranty
(extended warranties available) and free technical support.

About QliTech:

QliTech, founded in 1998, and based in Moline, Illinois is one of the midwest’s leaders in Linux systems.
Along with their line of Linux Laptops, QliTech also offers Clustering/HPC solutions,
Linux servers and their acclaimed Advanced Multimedia Workstation high-performance graphics workstation,
as well as Small Office / Home Office Linux systems.

For more information contact:

QliTech Linux Computers
1-877-24-LINUX
(1-877-245-4689)
Toll Free U.S.A and Canada
http://www.qlilinux.com

Steve Mallett writes, “After giving authors and maintainers over nine months to make their own product-listing on Open Source Directory we have opened listing up to volunteers who would like to make a directory listing of their favourite or complimentary application. We continue to give preference to the original authors. Details can be found at OSD.”

From NWfusion.com: “Microsoft is benefiting from the proposed settlement with the Department of Justice and nine U.S. states by using it to impose onerous licensing terms that squeeze PC makers out of their patent rights, several nonsettling states charged Tuesday.

In a filing with the U.S. District Court for the District of Columbia, seeking rejection of the proposed settlement, the states cited testimony from a Microsoft executive to prove their claim that the settlement ‘has fostered new monopolistic practices and fettered the market with new anticompetitive practices.'”

From EuroLinux Alliance: The European Commission is
likely to approve this wednesday a proposal of directive on software
patents. EuroLinux has managed to obtain a draft version of the
proposed directive. The same document was sent to a few official
representatives in European national governments.

Incidentally, the author of this document, according to the Microsoft
Word file (http://petition.eurolinux.org/pr/proposal.doc), is Francisco
Mingorance (franciscom@bsa.org), patent expert and director of public
policy at BSA (Business Software Alliance), an association which
represents the interests of large US software publishers in Europe.

Software patents are a major legal issue in the information society.

Copyright is currently the right way to protect software publishers
against piracy. “Copyright provides a simple and very efficient
protection to the software economy” says Matthias Schlegel, CEO of
Phaidros. “Copyright is the prefered protection of SMEs and
independent software developers [1]. EuroLinux strongly supports
copyright.” adds Harmut Pilch, speaking for the EuroLinux Alliance.

On the other hand, software patents allow one company to monopolize an
idea of software (ex. patent EP0800142 on the conversion of file names
between DOS and Windows) or an idea of business on the Internet (ex.
EP0756731 on generating buying incentives from the distribution of
cooking recipes), thus prohibiting other companies to use the same
idea, even when implemented differently. Because software is always
based on a creative arrangement of a few innovative ideas and many
common ideas, all European software publishers are infringing on
hundred patents among the 50.000 software patents owned by IBM,
Microsoft, Sun or Sony, etc. “Thus, instead of protecting software
publishers, software patents create a tremendous juridical uncertainty
and allow large IT companies to completely control the software
economy, block innovation and block competition by prohibiting one
software to be compatible with another” says Stéfane Fermigier, CEO of
Nuxeo. “Software patents allow large IT companies to steal the
intellectual property of smaller players, both by taking control of
their copyrighted creations and by forcing them to disclose and trade
their most competitive ideas in return for being allowed to live.”
adds Jean-Paul Smets, CEO of Nexedi.

The content of the proposed directive draft legalises the illegal
practice [5] of the European Patent Office of granting patents on
software and on business methods [2]. The proposed directive draft
requires inventions to be “technical” but fails to define what is
technical, thus creating an undefined limit to patentability in
Europe. The proposed directive draft does not contain any provisions
to prohibit patents on Internet standards, to garantee
interoperability and fair competition, to protect SMEs against
juridical terrorism or to to ensure that shareware and open source /
free software are not put at a disadvantage. It paves the way to a
global control of the information society by multinational — mostly US
— IT corporations.

Patents are supposed to promote innovation. However, all economic
studies show that the introduction of patents in the software economy
stiffles innovation. [3,4,6,7,8]

Patents are supposed to protect independent innovators. However, all
official studies show that most if not all European software creators
will just face more juridical risk without better protection.

According to the Rome Treaty, EC directives are supposed to raise the
level of protection for consumers and to promote the development of
technologies. However, this directive discourages competition and
innovation, and by allowing large corporations to tax – through the
use of IT – all economic activities, this directive goes against the
Rome Treaty. It is thus constitutionally illegal.

Eurolinux hopes that, by making public this draft document, the
European Commission will be encouraged to publish without delay the
final version of the proposed directive, at the same time as the
expected press release and to provide the same level of information to
European Citizens as to the BSA.

Draft Directive

Please download the draft directive at
http://petition.eurolinux.org/pr/proposal.doc

In order to understand the technical language of the directive and its
juridical implications, EuroLinux has prepared a commented version at
http://swpat.ffii.org/vreji/papri/eubsa-swpat0202/. Please do not
hesitate to call for more explanations on this technical material.

References

[1] Acceptable protection of software intellectual property: a survey
of software developers and lawyers. Effy Oz. Information & Management
34. Elsevier 1998.

[2] European Software Patent Horror Gallery –
http://swpat.ffii.org/vreji/pikta/mupli/index.en.html

[3] What is behind the recent surge in patenting? Samuel Kortum, Josh
Lerner. Research Policy 28. 1999. Elesevier

[4] Abstraction oriented property of software and its relation to
patentability. Tetsuo Tamai. Information and Software Technology.
1998. Elsevier.

[5] Juridical Coup at the European Patent Office –
http://petition.eurolinux.org/pr/pr14.html

[6] Software Patentability with Compensatory Regulation: a Cost
Evaluation. Jean Paul Smets and Hartmut Pilch. Upgrade February 2002
http://swpat.ffii.org/stidi/pleji/
http://www.upgrade-cepis.org/issues/2001/6/up2-6Smets.pdf

[7] Fraunhofer Study about the Economic Effects of Software Patents.
Micro and Macroeconomic Implications of the Patentability of Software
Innovations. German Federal Ministry Economics and Technology.
November 2001.

http://www.bmwi.de/Homepage/Politikfelder/Technologiepolitik/Technologiepolitik.jsp#softwarepatentstudie

http://www.bmwi.de/Homepage/download/technologie/Softwarepatentstudie_E.pdf

[8] Stimulating competition and innovation in the information society.
Conseil Général des Mines. September 2000. –
http://www.pro-innovation.org

About EuroLinux – www.EuroLinux.org

The EuroLinux Alliance for a Free Information Infrastructure is an
open coalition of commercial companies and non-profit associations
united to promote and protect a vigourous European Software Culture
based on Open Standards, Open Competition, Linux and Open Source
Software. Companies, members or supporters of EuroLinux develop or
sell software under free, semi-free and non-free licenses for
operating systems such as Linux, MacOS or Windows.

The EuroLinux Alliance launched on 2000-06-15 an electronic petition
to protect software innovation in Europe. The EuroLinux petition has
received so far massive support from more than 100.000 European
citizens, 2000 corporate managers and 300 companies.

Permanent URL for this press release

http://petition.EuroLinux.org/pr/pr17.html

Legalese

Linux is a registered trademark of Linus Torvalds.
All other trademarks and copyrights are owned by their respective
companies.

– By Jack Bryar –

Is it really possible that when Microsoft set out to market a “Linux killer” last November it began to get itself into more legal difficulty than ever before? And could it blow up into a political scandal as well?

Perhaps the weeping Canadian figure skaters kept you distracted this week, but if you were sifting through the public comments in the Microsoft antitrust case, you’d notice that the New York Times, among others, is hinting that the sweetheart settlement proposed between Microsoft and Assistant Attorney General Charles A. James is about to blow up, big time.

The proposed antitrust settlement between Microsoft and the U.S. Department
of Justice drew about 30,000 comments, more than any business case in
recent memory. The DOJ and the court released 47 of the most substantial of
these comments. They
are worth reading.

Most of them lay out the technical and legal flaws in the
settlement. A couple of comments, notably the detailed
suggestions of connectivity maven Dan Kegel, lay out the wording needed to make the settlement
an effective document.

However, several other comments focused on whether or not the
Microsoft and the DOJ have violated the Tunney Act in its first
big test since the Act was passed in 1974. At issue: the legal obligation of Microsoft and the DOJ to document exactly what was said to justice officials by Microsoft during negotiations. Was there an covert deal, generated by secret Microsoft lobbying and tons of soft money contributions?

Among the curious is none other than former U.S. Senator John V. Tunney,
the author of the sunshine legislation bearing his name. The Tunney Act
is supposed to prevent government litigators from entering into
sweetheart deals with their adversaries. One of the mechanisms of the act is supposed to be full disclosure of all contacts and all
representations made during negotiations between parties. Tunney filed
a comment with Judge Colleen Kollar-Kotelly insisting that,
in order to comply with the Tunney Act, Microsoft must specify all
contacts between it and the government and what was said. In his
statement, Tunney said, “In my opinion, it is essential that all discussions
between the defendant corporation and the government … that might have led to
a proposal settlement decree be disclosed.”

The Senate Judiciary Committee made much the same point, stating
that “Microsoft has made no secret of the political influence it has sought
to create during this trial.” The committee suggested that is was
concerned that Microsoft had engaged in precisely the sort of secret
lobbying of Justice Department officials that the Tunney Act was designed to
expose.

The New York Times has also weighed in
with an opinion that, contrary to the Tunney Act, Microsoft has
not disclosed who attended this and other meetings. “Nor has Microsoft
described in even the most cursory fashion the substance of any
of these communications,” the Times stated.

Two sets of dates are of particular interest to outside observers.
These are October 5 and October 30-31.

I earlier wrote a column about the Halloween negotiations between
Microsoft and Assistant Attorney General Charles A. James, when James
effectively left the
Justice experts advising him outside the room. Litigators for the
states that have refused to accept the settlement are understandably curious about just what was said in those negotiations.

They are even more curious because of the possibility that James and
his staff may have been misled by Microsoft officials at an earlier
meeting, and the effect it may have had on any discussions of unbundling.

Unbundling was an idea in circulation during most of the antitrust
litigation. Part of what brought Microsoft into court was the company’s bundling of
Internet Explorer (and since then, its video package) into the core of
the Windows operating system. Microsoft vehemently insisted throughout the last
several years that unbundling Explorer, in particular, couldn’t be accomplished
without wrecking the integrity of the platform.

The state attorneys general could not help but notice when last
November Microsoft announced … an unbundled Windows! Marketed as a Linux killer, Microsoft newest iteration of its codebase was
called Windows
XP Embedded. To the holdout states’ way of looking at it, here were all the components that Microsoft asserted couldn’t be separated,
available at a price for developers who wanted to Windows enable their CD players
or cell phones.

It would be hard to imagine that in October, Microsoft senior management would not know about XP Embedded’s pending release in November. This why observers are curious about what was said at a “technical” meeting held October 5 between Microsoft and Justice officials.

Microsoft has failed to disclose the purpose of the meeting, but its representatives there were a who’s who of senior Microsoft managers most likely to be affected by any
unbundling and most likely to make a technical case for why the Microsoft code
elements couldn’t be separated. Accompanied by a person listed in Microsoft
documents as “Chad Knowlton,” were Linda Averett, the product unit manager for
the Windows Digital Media Platform division. Joining them was Michael
Wallent, the product unit manager for Internet Explorer, and Robert Short, vice
president for Windows Core Technology.

What they discussed has not been made public. Whatever they said
made an impression, as unbundling was taken off the table as a possible
remedy, even though it was the remedy that plaintiffs had asked for at the
beginning of litigation all these years ago. Litigators for the states are
understandably curious about just what exactly was said by these individuals. While
Microsoft is claiming that the issue is irrelevant to the plaintiffs’ original
complaints, others are curious about what is being covered up, and whether
Microsoft is about enmesh itself into further legal trouble.