Luis Villa (lawyer who works for Mozilla) also wrote an important rebuttal to Thom's post: http://tieguy.org/blog/2010/03/26/more-patent-101-and-some-patent-licensing-201-advanced-class/

Opera is the most ported application in history and it has _native_ support for Theora on all it's platforms/products; Opera Mobile, Opera Mini etc. Don't worry; it _WILL_ be possible to view open video content on all mobile devices.

It's a plugin to the windbg debugger. so that when it hits an access violation (which is MS speak for SIGSEG) you can do !expoitable and it will use some heuristics to guess whether this bug is an exploitable security vulnerability.

Since Microsoft receives millions of crash dumps every days for every single Windows app (including third-party apps) they need hardcore bug triaging tools.

For decades each crash they received went into the "!analyze -v" automatic bug triage tool which tries go figure out whether it's a Microsoft bug or a bug in the third-app. It also tries to classify the bug using advanced heuristics which has been refined over many years.

Now, they have decided to do the same for security bugs as well and thus they created the !expoitable windbg plugin. This plugin has been in production use inside Microsoft for over a year already. However, they know that it doesn't matter in what application the security hole is, if a box is owned Microsoft always get's bad press regardless.

Also note that this tool cannot easily be used to find security bugs in the linux kernel and not in linux-only apps either because you must run it inside windbg. Further, in order for windbg to be useful you just have debug symbols loaded from the proprietary debug symbol format PDB that Microsoft created, which in practice mean you must have compiled it with Visual Studio (and not mingw etc).

So you need not just a port to windows (using mingw or similar) but you actually need to port the app to compile under MS compiler if you want to use this.

Apps like Firefox will be able to use this tool though, they already have debug symbol server online that hosts PDB debug symbols for every single release build of Firefox.

I absolutely think the open source community should use this tool to scan cross-platform apps but in the long term, I hope there will be a gdb plugin with similar functionality which also has heuristics geared for *nix exploits.

I have a long C# background and I found that the Vala programming language has been a great learning experience for me. It's not a rock solid platform yet and there is also very few tools for it but if you look at the code for the Vala compiler itself, it's just an awesome project! It allows you to write comfortably in a syntax similar to C# but you still have 100% interop with C (you can use all the normal Linux libraries like GTK, libpng etc etc) and it compiles to native code. Since Vala is growing very fast right now, it's also an opportunity to be part of a new revolution. To be in it from the beginning. You have a chance to make a difference and impact this terrific new platform. If you don't feel comfortable working without mature IDE tools you should just stick with C# for now and use Mono and MonoDevelop for instance. Long term you will not be able to make significant contributions to the open source community using Mono though because many users will reject the apps just based on the platform (which is silly in a way but it's a fact unfortunately). Java rocks for server side but has been reject on the desktop due to the bloatiness of apps like Eclipse. Python is great for scripting and small utilities.