Live from Austin!

Microsoft Corp. itself was exposed to the virus-like attack that crippled global Internet activity last weekend because it failed to install crucial fixes to its own software on many Microsoft computer servers.

Although Microsoft contends its failure to keep up with its own updates did not cause major problems, security experts said it points to a larger issue: Microsoft’s process for keeping customers’ software secure is hugely flawed.

The virus-like attack, called “slammer” or “sapphire,” exploited a known flaw in Microsoft’s “SQL Server 2000” database software, used by businesses, government agencies, universities and others around the world. Microsoft had issued a patch for the flaw in July, but many—including some units within Microsoft—had failed to install it.

—Lycos Business News

Update on the “did not cause major problems” claim:

“All apps and services are potentially affected and performance is sporadic at best,” Mike Carlson, director of data center operations for Microsoft’s Information Technology Group, stated in an e-mail sent at 8:04 a.m. PST Saturday to other members of Microsoft’s operations groups. “The network is essentially flooded with traffic, making it difficult to gather details concerning the impact.”

In the case of SQL Slammer, it seemed that Microsoft had done it right. The company had informed customers six months earlier about a flaw and included patches in both a roll-up patch—a software update that includes all the latest patches—and in the company’s latest service pack for Microsoft SQL Server 2000. But even within Microsoft, something went wrong.

“At approximately, 10:00 p.m. (PST, Friday), traffic on the corporate network jumped dramatically, eventually bringing all services to a crawl,” stated Carlson’s memo. “The root cause appears at this time to be a virus attacking SQL.”

On Saturday, the Microsoft’s Windows XP Activation service was down, not because the servers were vulnerable, but because the company’s internal network was inundated with junk data, Rick Devenuti, the chief information officer for the software giant, said in an interview Monday.

—C|net

Wednesday we got a courtesy car pick-up from the rental company. We rented a Toyota Prius. I was intrigued by how well a hybrid gasoline/electric car would work, and this seemed a good chance to give one a thorough test drive. Or rather, for sara to give one a thorough test drive…

What we hadn’t been expecting was that it was a fully tricked-out Prius, complete with GPS satellite navigation system and route finder DVD-ROM for the onboard computer. We told it to take us west to the coast, and then south to the Monterey Bay Aquarium via the coastline route. It verbally directed sara out of the city. What with the directions and having our position shown on a scrolling zoomable map at all times, we were both able to forget about navigation and concentrate on the scenery. (Sand dunes. Surf. People surfing.)

As we arrived at the aquarium, it was otter feeding time. There was an enormous crowd of people around the tank, so we went out onto the deck instead and looked out into the bay. Sure enough, there were wild sea otters floating out in the kelp beds! Four of them. With the aid of the 18x zoom on the camcorder, I got some DV footage of otters at play.

We were hungry on the way back, so we asked the car to find us a nearby Indian restaurant. It turned out we were just off the El Camino Real, probably the world’s largest strip mall, so that wasn’t a problem. Unfortunately the first restaurant was closed, so we had to argue with the car a little to get a route to a different place. Phil Dick would have loved it, walking into a restaurant because our car had recommended it…

We got an average of over 50mpg, both city driving and highways, even with San Francisco’s hills to deal with. We travelled 280 miles total on $10 of gas, which was half a tank full.

I noticed that IBM had a huge ad on the freeway exit that leads to Oracle’s headquarters, saying “Our database software is the #1 seller. Now, who’s got game?” Larry Ellison must be really pissed off.

Russian experts have identified a serious flaw in Microsoft database software used to track nuclear warheads, which results in gradual data loss. The buggy software has been in use for over ten years. Los Alamos uses the same software, and has destroyed its paper records. Locating the ‘missing’ warheads will require a full inspection of all US nuclear sites, at an estimated cost of $1 billion. In the mean time, terrorists wanting to steal warheads can pick one of the ‘missing’ ones, and nobody will notice…