As MS discovers its once huge following of web code writers leaving for easier free open source approaches. They have of course tried to recapture some of its base by offering things in the past like Iron Python and now they are doing the same with Iron Ruby.

While at Redmond few can actually point out the benefits of running these things the framework verses just simply tossing a Linux box up with a free CentOS distro, and just running it native with the only real cost being the hardware investment.

The approach always seems to be at MS we can fit a round peg in a square hole just as long as the radius is small enough.

This is not to say that the .net platform is by itself somehow flawed. But rather that MS has focused on the enterprise at a time when many small web business applications simply do not have the budgets that MS seeks. This really reminds me of a replay that IBM once saw as a solution to their loss of market share. Lets not forget the PC was invented by IBM and the open hardware standards of almost every PC was created by them.

It really seems MS has forgot how to compete. Perhaps a replay of the late 1990s and the fight with Netscape in both the browser wars, and web servers, was waged and MS won hands down. How did they do it? Simple they gave away a browser Netscape tried to sell, and gave away a web server, that then Netscape tried to sell.

Enough of this and on to the great news of MS and Iron Ruby. While it might be a bit late at least they are trying, and we have to give them points for that.

A majority of members of the Federal Communications Commission have cast votes in favor of punishing Comcast Corp. for blocking subscribers' Internet traffic, an agency official said Friday. Comcast, the nation's largest cable company, was accused of violating agency principles that guarantee customers open access to the Internet.

Three commissioners have voted in favor of an order reaching agreement with the finding, enough for a majority on the five-member commission. But the decision will not be final until all five members have cast their votes. The commission is scheduled to take up the issue at its Aug. 1 meeting.

The potentially precedent-setting move stems from a complaint against Comcast that the company had blocked Internet traffic among users of a certain type of "file sharing" software that allows them to exchange large amounts of data.

The text of the order is not public. But Martin has said it will not include a fine. He also said it will require Comcast to stop its practice of blocking; provide details to the commission on the extent and manner in which the practice has been used; and to disclose to consumers details on future plans for managing its network going forward.

"I continue to believe that is imperative that all consumers have unfettered access to the Internet," Martin said in a statement released early Saturday morning. "I am pleased that a majority has agreed that the Commission both has the authority to and in fact will stop broadband service providers when they block or interfere with subscribers' access."

The FCC approved a policy statement in September 2005 that outlined a set of principles meant to ensure that broadband networks are "widely deployed, open, affordable and accessible to all consumers."

The principles, however, are "subject to reasonable network management."

Comcast spokeswoman Sena Fitzmaurice in a statement released Friday night said the company's network management practices are "reasonable, wholly consistent with industry practices and that we did not block access to Web sites or online applications, including peer-to-peer services."

The action is the first test of the agency's network neutrality principles. Members of both the House and Senate have sponsored network neutrality bills, but they have never come close to becoming law.  Full Article

Yang advised Yahoo's employees to brace for even more turbulence during the next few weeks, predicting that Microsoft may make more buyout proposals as Icahn ridicules the board.

I know Yang is alot smarter than me but really it seems like he missed some serious economic class somewhere. How low does the share of stock have to go before the current board gets the point. MS plays hardball there is no doubt about this. But really let's say that MS no longer has any interest in Yahoo. What is the plan then Yang? What does the stock shares have to drop to and then what is the real plan?

MS has already said that the last offer of $33.00 with the current share price of $21.19 even the $30.00 per share offer is more than fair. Yet this was called Microsoft's "ludicrous" offer in its own shareholder letter, which underscored the Silicon Valley company's determination to fend off Icahn's attempted coup.

If the shareholds are really what Yang has said was his interest anyone who can add or subtract should question this claim. Personally anyone who has had to deal with Yahoo mail can tell that the company is on the ropes. You cannot lay off this many people and think the company can continue to grow. I have personally had people ask; How could Yahoo go broke? I can only assume they have never watched a take over happen.

I won't even go into the clear Anti Trust issues associated to Yahoo and Google working together as a solution to the problem.

This is the most current Yahoo article though the positions are weak. Icahn likely will get the board replaced and we will all wait until the August 1 shareholders vote.

While it is clear that Dan Kaminsky did report a flaw without any method to verify or reproduce the flaw. I have to ask what exactly would others do in the same situation? I will only say this; if the flaw is in fact the same one that Thomas Ptacek claims related to the 16 bit session id and has been around for years. Then given time this too will be known and Dan Kaminsky is setting himself up for a rather unpleasant period. Though honestly there is nothing Dan Kaminsky has to gain by simply doing the right thing. Each of us are faced with these types of decisions in our lives! Piling on as a critic without any details seems totally unproductive.

According to DNS expert Paul Vixie, one of the few people who has been given a detailed briefing on Kaminsky's finding, the exploit is different from the issue reported three years ago by SANS. While Kaminsky's flaw is in the same area, "it's a different problem," said Vixie, who is president of the Internet Systems Consortium, the maker of the most widely used DNS server software on the Internet.

By day's end, Kaminsky had even turned his most vocal critic, Matasano's Ptacek, who issued a retraction on this blog after Kaminsky explained the details of his research over the telephone. "He has the goods," Ptacek said afterward. While the attack builds on previous DNS research, it makes cache-poisoning attacks extremely easy to pull off. "He's pretty much taken it to point and click to an extent that we didn't see coming."

Kaminsky's remaining critics will have to wait until his Aug. 7 Black Hat presentation to know for sure.

I admit I personally have never been a huge fan of Opera. However, Opera 9.5 is the best I have seen.

New Features:

New browser engine
Quick Find
Download Manager with BitTorrent
Opera Link
Mouse Gestures
Tabs and Sessions
Zoom and Fit to width
Content blocking
Quick and customizable Web search
Stay safe with new Fraud Protection and EV
Opera Dragonfly

Get it Now

This video is extremely well done and can help change the email mindset which seems to overwhelm most people.

Recently there has been a rash of SQL injection due to the approach of the thugs who honestly have nothing better to do with their time. In the first code writer wanted the attempt to appear as if it really just worked and moved on. In the second the writers actually used a Response.Write warning. Though the code writers in the second clearly have more targeted regular expression, and is more focused to current attacks. We offer these code snippets which work, and have offered to others to save time.

'Function IllegalChars to guard against SQL injection
Function IllegalChars(sInput)
'Declare variables
Dim sBadChars, iCounter
'Set IllegalChars to False
IllegalChars=False
'Create an array of illegal characters and words
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
'Loop through array sBadChars using our counter & UBound function
For iCounter = 0 to uBound(sBadChars)
'Use Function Instr to check presence of illegal character in our variable
If Instr(sInput,sBadChars(iCounter))>0 Then
IllegalChars=True
End If
Next
End function

(Author: Aalia Wayfare)

In example 2:

I put this function in place on every public page...

array_split_item = Array("-", ";", "/*", "*/", "@@", "@", "char", "nchar", "varchar", "nvarchar", "alter", "begin", "cast", "create", "cursor", "declare", "delete", "drop", "end", "exec", "execute", "fetch", "insert", "kill", "open", "select", "sys", "sysobjects", "syscolumns", "table", "update", "<script", "/script>", "'")

for each item in Request.QueryString
   for array_counter = lbound(array_split_item) to ubound(array_split_item)
      item_postion1 = InStr(lcase(Request(item)),array_split_item(array_counter))
         if item_postion1 > 0  then
           Response.Write("Command cannot be executed.")
           Response.End()
         end if
    next
next

(Authors: Nick Jensen & Steve Kluskens)

I will not start this article beating on the Washingtonpost.com. One should seriously question the headline of the article! I guess if it hits the United Nations it is news! The world has problems; #1 is certainly determining blame, followed by a posse mentality.

Giorgio Maone at hackademix was the one consistent calm in the storm of comments. When you look for answers to the Universe this is always good reading material. It is only a joke people so lets not get too serious. This article does point out the problem and suggest some solutions.

I do seriously wonder why the WashingtonPost.com article included the wrong assertion by PandaLabs that the problem is actually Microsoft's, with IIS being the cause. Perhaps just a case of fair and balanced reporting? But then going on for several more paragraphs, with non relevant links over an advisory which is not even the point, is beyond me!

The article's comments did bring the usual Linux desktop dorks out of the woodwork. It always amazes how MAC and Linux people have this idea that they are 10 foot tall and bullet proof. I do have several Linux machines but really this attack has nothing to do with the OS or the web server. A SQL injection is all about poorly formed code. I see you there looking for the person to blame! Stop It!

"Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers" is the headline at ZDNet! It is a great article and should be read by anyone who has any questions about this type of attack also this article. But really lets not go through life with this posse mentality. Lets try to focus more on the thugs who cause this type of thing. I don't mean getting bottom feeding law makers involved. Sharing information and taking action is the only real cure.

A tip to developers: Don't write code and walk away. If you have a contract like this, it must come with warnings to the client. If you maintain a site it is your duty to remain vigilant and update code. If you are not charging for this; you should revise your contracts to assure you have covered all the bases. If you are charging, then do your job!

Microsoft is a company that usually keeps plenty busy advising users of security issues with its products. Redmond is now advising users about a blended security threat that involves users running Apple's Safari Web browser on Windows.

The threat could potentially allow Safari to download a malicious file that Windows would then execute. Microsoft has a work-around it suggests, though no patch is available from Apple (NASDAQ: AAPL) for the issue.

"Security Advisory (953818) does not refer to vulnerability in either Safari or Windows," Tim Rains, security response communications lead for Microsoft said in a statement sent to InternetNews.com.

The Safari issue had been publicly disclosed by security researcher Nitesh Dhanajani on May 15. Dhanajani described the issue as a 'Safari Carpet Bomb' in his discussion of the security risk.

E-mail Marketing is fast becoming an essential channel for all website owners, and the tool that powers this channel can make or break your efforts. Choosing a reliable autoresponder software that has all features such as sequential autoresponse, timed mailings, bounced management, etc. is usually found in subscription-based service or expensive software.

The Omnistar Mailer email mailing list manager is a serious contender that meets (and exceeds) all of that for a very good price. Based on the popular PHP and MySQL combo, this web-based mailing list software is flexible and customizable. Follow me as I take you step by step to install and test it.

The Omnistar Mailer can be purchased online at www.omnistarmailer.com and can downloaded instantly. It comes with a 30-day money back guarantee and free installation. Being the propeller head that I am, I decided to get my hands dirty.

The download, unzipping and uploading was fairly fast and simple, and soon, I'm greeted with the install screen. Here's where you might benefit from using their install service. Theres' some file permissions which needed to be sorted out before you can proceed with the install. After filling in all the necessary details (don't worry if you don't know some of them, just give the nice support people there your hosting signup details) and the installation took care of itself. Note: Omnistar is careful here to warn you to use a NEW MySQL database.

Symantec Corp. yesterday released a free tool that wipes spurious entries from Windows' registry that had crippled some PCs running the company's security software after they were upgraded to Windows XP Service Pack 3 (SP3) or Vista SP1.

The tool, SymRegFix, had been promised by Symantec two weeks ago when users reported that upgrading to XP SP3 emptied Windows' Device Manager, deleted network connections and packed the registry with thousands of bogus entries.

Symantec initially blamed Microsoft for the snafu, but later accepted some responsibility. Last week, the company said the combination of a Microsoft process and the SymProtect feature of its Norton-branded consumer security software had added the errant registry entries, and it told users to turn off that feature before upgrading.

SymProtect, designed to protect Symantec's security software from being hacked by malware, guards against unauthorized changes to the registry. When some users on that same thread noted that the tool had not deleted all the spurious registry keys, another Symantec employee stepped in. "The other garbage entries may have been created by Microsoft's Fixccs.exe outside of the Symantec registry keys," said Steve Dang.

Earlier, Symantec had identified the Fixccs.exe executable as the Microsoft side of the problem; it had also contended that other security software that monitors registry changes can cause registry pollution, although few incidents have been logged to Microsoft's support forums.

"If you have any other security applications, especially any that monitors/protects the registry, please disable those," said Dang. "Then, open a command prompt and type 'symregfix /override.' This will attempt to delete the garbage registry keys under the entire HKLMSystemCurrentControlSet hive, not just those under the Symantec registry keys."

Symantec has also issued a patch via its LiveUpdate service that prevents the registry corruption from occurring, although users must run LiveUpdate from within their security software, then reboot the PC before attempting an upgrade to Windows XP SP3 or Vista SP1.

That the problem could also affect users updating to Vista SP1 was new information last week; before then, only Windows XP SP3 upgrades had been fingered as causing trouble. In a message posted to the Symantec support forum last Friday, Anschultz downplayed the threat posed to Vista users. "Given how long Vista SP1 has been available relative to the XP SP3 upgrade and the rarity of this issue on Vista, it appears that the FixCCS.exe program doesn't need to 'fix' stuff as often on Vista, but it may on occasion," he said.

Symantec's SymRegFix clean-up tool can be downloaded from the company's site.

Security appliance vendor Barracuda Networks is looking to buy Sourcefire, makers of the open-source Snort and ClamAV security software.
 
Barracuda said late Thursday that it had made a US$186 million cash offer to Sourcefire's board of directors Tuesday. Barracuda is willing to pay $7.50 per share, a 13 percent premium on the company's current stock price, but about half what shares Sourcefire fetched a year ago.

"Barracuda Networks is uniquely positioned to address the challenges that have impacted the company's performance and stock price," Barracuda said in a statement.

Although Sourcefire is best known for its intrusion detection software, the company bought the ClamAV open source antivirus project last August, and is now working on ways to commercialize this code.That's an area where Barracuda believes it can help out. ClamAV is included in Barracuda's appliance products.

The open-source software has been at the source of a high-profile legal dispute between Barracuda and competitor Trend Micro, which claims that ClamAV violates one of its patents.

Because it is already fighting a lawsuit with Trend Micro, Barracuda feels it is already addressing what could turn into a legal problem for Sourcefire, Barracuda President and CEO Dean Drako said in a Tuesday letter to Sourcefire's board of directors, which Barracuda made public Thursday.

"We also feel that the company's inaction in dealing with the looming threat of litigation from Trend Micro has had an effect on the stock price," he wrote.

Sourcefire representatives could not be reached immediately for comment, but the fact that Barracuda felt compelled to take its offer public suggests that it was not well-received by Sourcefire's board of directors.

Dirk Meyer confirms

Dirk Mayer, President and Chief Operating Officer of AMD, has said to AMD's investors at its last week’s conference call that the new CPU architecture codenamed Bulldozer will debut in 45nm; and according to current agenda this is supposed to happen in 2009.

From what we know AMD will sample Bulldozer at late 2009, but the production parts are planned for 32nm. There is a possibility that AMD will launch Bulldozer in 45nm, but it will try to quickly move to 32nm.

AMD didn’t even start its 45nm production, and it has to heavily plan to go to 32nm. If you have one and a half fabs, their transitions tend to become real headache.

Currently, fab 36 produces all the Athlon, Phenom, Sempron and Turion CPUs you can buy, and Fab 38 is quickly coming to the rescue.

According to several sources close to the hard drive industry, Western Digital is working on a 20,000 RPM Raptor hard drive to combat the increasing pressure from SSD manufacturers.

Alot of people out here in Taipei about this industry’s direction and one thing is becoming clear: SSDs are going to be affordable in the next 12 to 18 months.

Because of this, hard drive manufacturers are starting to get a little worried about what marketshare SSDs might eventually take away from them—especially where performance is more of a concern than storage capacity.

And that’s exactly what Western Digital’s Raptor line is all about.

The new drive will be very similar to the recently-released VelociRaptor, in that it’ll be a 2.5in drive with a custom 3.5in housing built around it. Details are incredibly light at this stage, given that the product is still in development, and we don’t even have a release time frame at the moment.

Sources said that the drive will be ‘silent’ – that’s the last thing I would have expected from a drive with platters spinning at 20,000 RPM. Western Digital is apparently working on silencing the beast by improving the housing technology, which will now not just act as a heatsink, but also as a noise cancelling device. We’d also hope that the drive enclosure has some vibration dampening technology as well, because that’s also likely to be a problem given the high spindle speeds.

Gallery Server Pro is a powerful and easy-to-use ASP.NET web application that lets you share and manage photos, video, audio, and other files over the web.

• Stable, production ready
• Use any web browser to organize your media files into albums you can easily add, edit, delete, rotate, rearrange, copy and move
• Easily add thousands of files using one-click synchronize and ZIP file upload functions. Thumbnail and compressed versions are automatically created
• Powerful user security with flexible, per-album granularity
• Integrates with DotNetNuke and other Frameworks to provide a superior media gallery
• Image metadata extraction. Supports these formats: EXIF, XMP, tEXt, IFD, and IPTC
• Search function queries title, caption, filename, and image metadata
• Image watermarking with your own text and/or image
• AJAX-enabled for more responsive UI
• Web-based installer makes installation painless
• Uses SQL Server 2000 or higher as the data store. Supports MSDE 2000 and SQL Server 2005 Express
• Uses ASP.NET Membership provider so you can integrate with your existing accounts, including Active Directory
• Data access uses the ASP.NET Provider model, which allows other data stores such as MySQL, Microsoft Access, or Oracle to be used instead of SQL Server
• 100% managed code written in C# and ASP.NET 2.0
• Source code is released under the open source GNU General Public License
• All web pages target XHTML 1.0 Strict and CSS 2.1 standards to ensure maximum forward compatibility

Learn More and screen shots

Problem

You know, if you make just one change and don't transfer it on the other instanses it can cause big errors and stop your scripts from working. But (as in our case) opening 50 control panels and going to the MySQL administration and running manually these ALTER TABLE or CREATE TABLE statements was a cumbersome task, taking all of our time.

Solution

All the instances of our app were running on one physical server, not always the possible. But you can implement similar solution even if your ap is running on different servers - you just need to allow connection to the master host - the one which will run the Synhronizer - the script i will describe below. Our Synchronizer is actually a simple PHP script which is started manually and have one only purpose - to synchronize all 50 databases with one "master" database. In our case we needed that script to synchronize only the DB structure, but not the content. But if you understand the simple logic of the script, you can easy extend it to copy/synchronize your content if this is you case.

Implementation

First, you need to select all the tables and their fields from the master database:

//select tables from the master
$q="SHOW TABLES FROM master_database";
$tabs=$DB->aq($q); //$DB is a database fetching object, you can use the
built PHP functions to select from mysql if you prefer

$tables=array();

foreach($tabs as $tab)
{
       //select fields
       $q="SHOW FIELDS FROM $tab[0]";
       $fields=$DB->aq($q);

       array_push($tables,array("name"=>$tab[0],"fields"=>$fields));
}

You see how our script fills an array $tables with all the table names and itself containing another array - with the table fields.

Secondly, you need a list with the databases or domains where the instances of the synchronized application are running. Once having that list, you can browse thru it with "foreach" or another cycle.

Now we are going to select all the tables in the database on each target domain. (Of course you need to connect to its database, and disconnect from master one! We already did our job in selecting the tables from the master database :)

In the same way as above, you need to select the tables from the target domain.

Then below, just compare the tables:

foreach($tables as $table) //browse thru master tables
{
       $found=false;

       foreach($dtables as $dtable)
       {
          if($dtable[name]==$table[name]) $found=$dtable;
       }

       if(is_array($found))
       {
          //table exists, check fields
          foreach($table[fields] as $field)
          {
             $ffound=false;
             foreach($found[fields] as $dfield)
             {
                if($field[Field]==$dfield[Field]) $ffound=true;
             }

             if(!$ffound)
             {
                //alter table add field
                if($field[Key]=='PRI') $primary=" PRIMARY KEY ";
                else $primary='';

                     $q="ALTER TABLE `$table[name]` ADD `$field[Field]` $field[Type] NOT NULL
                     $field[Extra] $primary";
                     $DB->q($q);
          }
          }
          else
          {
             //table does not exists, create
             $q="CREATE TABLE `$table[name]`(";

             foreach($table[fields] as $cnt=>$field)
             {
                if($field[Key]=='PRI') $primary=" PRIMARY KEY ";
                else $primary='';

                $q.="`$field[Field]` $field[Type] NOT NULL $field[Extra] $primary ";
                if($cnt<(sizeof($table[fields])-1)) $q.=", ";
             }

             $q.=")";
             $DB->q($q);
             }
       }
}

And that's all! You may need to work a little on this code, but the logic is here provided for your needs. Feel free to use the ideas for your own applications.

The Author:
Bobby Handzhiev senior developer in PIM Team Bulgaria

The new power-sipping Atom processor line is already poised to become the standard in next-generation ultra-mobile laptops like the Eee PC 900 and MSI's Wind. But that hasn't stopped Intel from pushing its tiny 45nm, low-voltage darling into more mobile territory. Smartphone integration is in the works, but in the meantime, Intel is pushing Atom into a decidedly larger mobile platform: the automobile.

Pairing with Intel, device software optimization heavyweight Wind River recently announced an in-vehicle "infotainment platform" based on an automotive-optimized Linux platform tailored specifically for Intel's Atom processor. The idea is to create a single, open-source platform that will allow developers to create software that can be scaled across components in different vehicles, and create a broader range of consumer electronics integration options, while still allowing auto makers to differentiate the systems with their own configurations and branding.

X-bit Labs is reporting that BMW, Bosch, Delphi, and Magneti Marelli are all on board with the idea, which is a good thing, because Wind River plans to unleash the code on the Moblin.org Linux-centric auto-enthusiast community sometime in August.

Are you overwhelmed by your own inbox?
Do you use outlook as your mail client?

Then there is a must have plugin application for you. There simply is not much more to say accept get it now. Xobni is inbox spelled backward.

Mozilla warned Wednesday that a malicious program inserted adware code into a Firefox plugin that has been downloaded thousands of times over the past three months.

Because of a virus infection, the Vietnamese language pack for Firefox 2 was polluted with adware, Mozilla security chief Window Snyder said in a blog posting. "Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy," she wrote. "Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload."

Mozilla is now going to add additional scans of its software to prevent this kind of thing from happening in the future.

The malware in the language pack is from the Xorer Trojan, according to discussion on Mozilla's Bugzilla developer Web site, which indicates that Mozilla developers first discovered the issue on Tuesday.

Mozilla missed the code during its initial scan because antivirus vendors had not yet added detection for Xorer into their products. Antivirus vendor Panda Security first detected Xorer on Feb. 28, 10 days after the infected plugin was published. Firefox developers have now scanned all of their plugins.

The open-source browser maker does not know how many people were infected with the adware, but the plugin was downloaded more than 1,200 times in the past week and has been downloaded 16,667 times since November.

The first public release of Moonlight, which provides a Linux client implementation of Microsoft's Silverlight rich Internet application (RIA) technology, was made available this week.

Moonlight, an open source project, supports the Silverlight 1.0 profile for Linux.

According to a blog post by Novell Vice President of Engineering Miguel de Icaza, the lead on the Moonlight project, Moonlight comes in two forms. In one form, no media codecs are supported but it is easy to install. In the other form, source code compilation is featured with users able to optionally compile FFMpeg codecs themselves.

Moonlight is intended to work on the Firefox 2 and?? Firefox 3 browsers, but recent changes in Firefox 3 prevent Silverlight and Moonlight from working on that browser. A Greasemonkey script is available that will work around this bug for some sites, de Icaza said.

A major problem has been revealed in Debian Linux and derivative packages, such as Ubuntu. Debian revealed the other day that a fix they made back in September 2006 had the unintended consequence of crippling the strength of their OpenSSL distribution.

OpenSSL is used, of course, for Secure Sockets Layer which provides authentication and encryption for web traffic, but it's also used for other cryptography functions. OpenSSL is a very important package that brought public key cryptography to the masses; prior to OpenSSL, https web sites were expensive and complicated to build.

The strength of public key encryption relies, in large part, on the large number of potential keys that could be used to encrypt data. Keys are often 1024 or 2048 or 4096 bits long; these store very large numbers so a brute force attack, trying all of the possibilities, could take a prohibitive amount of time.

But the bug introduced by Debian effectively reduces the strength of the key to 32768 permutations, which is 16 bits. Famed security researcher HD Moore has actually already pre-calculated all of the potential keys for the most common cases. It took mere hours. So now you can be hacked even without someone brute-forcing your encryption.

Because of it's centrality, Linux sites are often deeply-reliant on certificates generated by OpenSSL to encrypt network traffic. Fixing the problem is not just a matter of updating the software; you also have to go back and generate new certificates and have them signed. This is complicated stuff, not for the novice Linux user. Expect tools to come along soon to help.

In a letter sent Friday to the judge overseeing the case in Delaware, a lawyer for the shareholders argued Yahoo is trying "to whitewash embarrassing documents" because the company thinks the information will damage the board's efforts to repel a challenge by activist investor Carl Icahn.

Angered by the board's handling of Microsoft bid, Icahn has nominated an alternate slate of candidates to oppose Yahoo's 10 current directors — including Chief Executive Jerry Yang — at the Sunnyvale-based company's July 3 annual meeting.

Yahoo is trying "to sanitize the public record and maintain a cloak of secrecy regarding unflattering evidence of breach of fiduciary duty," shareholder attorney Joel Friedlander wrote in a letter to Chancellor William B. Chandler III.

The redacted documents include information about an employee severance plan that Yahoo adopted shortly after Microsoft made its initial bid Jan. 31 and notes about a conversation between Yang and Microsoft CEO Steve Ballmer, Friedlander wrote.

Yahoo had no immediate comment Friday. Generally, companies often seek to keep parts of publicly available lawsuits under seal for competitive reasons.Yahoo had previously disclosed the plans would give its 13,800 employees anywhere from four month to two years pay. Every $1.4 billion in severance cost theoretically would translate into about $1 per share less that Microsoft would have available to offer Yahoo shareholders.

Ballmer orally offered $33 per share, or $47.5 billion, but then withdrew the bid when Yang held out for $37 per share. Legg Mason money manager Bill Miller, whose fund is Yahoo's second largest shareholder, has publicly said he would have happily supported a Microsoft offer of $34 per share.

Friedlander's letter also indicated the redacted documents include comments that Yahoo's top executives made about the severance plans.