There are multiple wallpaper apps from that developer; 75 in fact if the doubletwist search is to be believed.

Are you going to drop Micro$oft now? Is it $teve Job$? O$ X? What?

Actually no. As an H1B myself we're supposed to carry the passport containing visa and the last entry we received when entering the country. I have a US drivers license, but that doesn't prove I'm here legally - after all my visa could have ran out. Now do I do it? No I don't, because the risk of being stopped and jailed is minimal compared to the risk of losing my passport, which is an even bigger mess. Even with a green card you're supposed to carry that around all the time, lose it and it's $290 to get another. And passport or green card loss leaves you ripe for identity theft.

Yes but the irony of people doing what they're told on a facebook page and buying a song that exhorts "I won't do what you tell me" is delicious.

the projects you will see in contract websites like elance, rentacoder and the like will be predominantly php+mysql

Well of course you will. The projects on those sites are looking for cheap implementation and damn any sort of quality or maintainability. The register didn't look at those sorts of sites, they looked at recruiting sites instead, the ones businesses use. Using the slime pool that is the "Write me a twitter clone for $100" sites to say LAMP is the most popular in businesses is laughable.

cloud applications can be cashed

That's certainly what google is hoping for.

Actually you'll find that most security flaws are treated like this, in order to give the vendor time to patch. It's part of the whole responsible disclosure credo. As an indication of how seriously MS take this they facilitated the disclosure of Kaminsky's DNS cache poisoning discovery. he was contracting there at the time. MS called all the major vendors, and hosted meetings in Redmond to kick the whole response off. He talked about it at Bluehat on 2008. Heck even Bluehat itself demonstrates something. They had speakers from Adobe and other "rivals" this year, and after about a month they put the session videos up and available to all for free.

Dear god, that's impressive. Now if we read down and take all the "MS are doing this embarrass Google", would it be said for bugs reported from Google to Microsoft? No, don't be silly. *sigh* Hypocrisy abounds.

Microsoft didn't make any noise about this at all. The only reason you know MS discovered it was because google credited them in the update. So what exactly would shutting up do? Would you prefer them not to have told google at all perhaps?

Then you haven't been paying much attention. Billy Rios has discovered the GIFAR problem with Java. Of course they're only looking at things that affect their software, in much the same way that Google doesn't go looking for software bugs in Microsoft products.

Why is it so surprising that security researchers employed by a company only look at that company's software, and aren't credited in the security patch reports for just doing their jobs?

Well exactly. In this case Microsoft paid for what they believed was closed source code, it was a third party vendor that broke the GPL, but because Microsoft released the executable, well they're responsible.

Which raises a question - how do you check these things? If the vendor cut and pasted code in, and removed comments that identified its source and the source's licensing agreement how do you spot this? It's not feasible to download every single open source project and start a diff against every single file they contain, so how do you do it?

In theory the author of the code whose copyright they broke, if they did indeed break it.

Indeed. The summary assertion that "The fact the company pulled the tool doesn't bode well" is really daft. Of course they'd pull it, there's been a claim made against it - if they keep distributing it whilst they investigate the potential for damages rises with every download. Pulling the tool is not an admission of anything other than the fact that an accusation has been made and they're investitaging it.

OK what costs? Scanning/turning into an e-book? I'd bet that the vast majority of the offered titles are the same as they offer in the US, and processed/made in the US (or wherever it gets outsourced to) - so there's no extra cost there? Hosting could be an additional cost, Amazon do have a data centre in Dublin, London and Frankfurt, but bandwidth isn't that much more expensive here. Tax? Well perhaps, although books tend not to be taxed in the UK - who knows how ebooks will be treated though. Or it's the typical US move of take the dollar price and convert it to pounds or euros by changing the currency symbol.

Yes but considering you can download a free (no cost) versions of MS SQL2005 or a time limited version of SQL2008 how hard would it have been to check? If you don't have anyone on your team who knows SQL then why is the site starting to comment on the SQL you discovered using strings? If you don't know it can you really offer an opinion?

Saying it's vandalised when you didn't even perform the basic checks with someone who knows the MS platform is something you should be beaten up for, it's sensationalist, and now, if you do discover something, how much of your message will get hidden simply because you cried wold at the very beginning?