I felt so smugly satisfied with this response to an InformationWeek article that y’all are about to suffer a reprint:
zlib is used by practically everything on the planet, including MS-Windows and Mac OS X programs, all of the BSDs, VMS, embedded systems and so on. On top of that, Linux uses other compression libraries as well. Calling it “Linux Compression” is fundamentally silly.
Neither is it a flaw in “the” format (zlib is used in many file formats), but in the implementation of the libraries which usually handle the format.
Such ignorance is most unbecoming in a magazine which purportedly exists to provide expert information. But let us move on...
A typical well-equipped Linux system will have one (1) copy of the zlib libraries installed. A bulletproof replacement for this will typically arrive as part of the machine’s next update run (I typically set mine up to do this nightly or weekly).
OS X and the BSDs and so on also have at least adequate packaging systems to provide similar functionality, and will generally only have exactly one well-known copy of the library.
A typical well-equipped MS-Windows system will have one, two or three copies of various versions of the DLLs in the system folders, plus often more copies built into applications and the libraries peculiar to them. If any CygWin-based tools are installed, there will almost certainly be another version of it for those. When will these be updated? Who knows? Maybe never. MS-Windows’ half-baked excuse for a packaging system is entirely inadequate to the task of even locating – let alone updating – all of the extant copies of zlib code.
In summary, if any system has a lasting problem with this implementation flaw, it will be MS-Windows.
I don’t see this reflected anywhere in the article.
I was happy, though, to see many other highly MS-Windows-centric sites reporting the zlib flaw as a risk to MS-Windows programs. The cluetrain is starting to gain more passengers.
Comments