For those of you visiting from AeroXperience, you guys are likely well aware of how AeroXperience was started. We began as a set of forums in March of 2004 dedicated to Windows Code Name Longhorn, which later became Windows Vista. We’ve prided ourselves with breaking news about some of the most coveted features in Vista during the Vista development process as well as with breaking the initial reports of the direction of Windows 7. AeroXperience has been one of the most accurate (and most opinionated, in some cases) sources of Windows coverage and news; amongst our bloggers, we’ve had the pleasure of having both Stephen Chapman and Rafael Rivera posting on behalf of AeroXperience during our run, and as I sit here next to them now in the PDC press room, I want to shift the attention to what winJade is and how we plan on rolling this out.

winJade is, in some senses, a new direction for us while allowing us to persist in our current mission of delivering relevant and informative Microsoft coverage. During this initial blog roll-out (planned for PDC), the purpose of the blog will still be to deliver the informative material and solid commentary on the world of Windows which you’ve come to expect. However, the purpose of the forums will shift from merely being a place to discuss Windows to becoming more of a home for novice Windows users, experienced users, and Windows experts to come together and not only talk about Windows and help each other but to also work on individual and group projects. winJade will be a home for people with ideas to implement those ideas, gather feedback, and gain an audience for the next great Windows program, tool, or concept. Stan and I have a few ideas we will be revealing on winJade when the time comes in addition to the innovative ideas which continue to find development time on the forums.

My utmost thanks go to Sam Johnson for implementing my vision for the new winJade blog, to Frank with Contrast Hosting for helping us in this transition, and to the many members on the forums who kept track of our progress and offered the many suggestions we’ve read.

From AeroXperience’s start as a home for discovery in Windows Longhorn to winJade’s mission for information and innovation, we’re looking forward to being your home not only for Microsoft news but for some of the most promising Windows-related projects.

We’ve tried to withhold ourselves from sourcing our news from leaky valves in Microsoft as of late (and you can see where that’s gotten us. ahem), but we don’t just stay away for the sake of keeping ourselves out of that eternally stressful race for content. We tend to stay out of it because behind every leak, someone’s job suffers as a result.

I had a very open interview with someone at the launch event. This person frequently deals with product leaks, and as a result, it’s fair to say that the person knows exactly how said leaks impact work, the lives of everyone connected to the project, the public perception of a product, and so forth. My interview with this particular Microsoft employee was fulfilling in the sense that I’m able to offer an uncensored glimpse into what Microsoft has to deal with whenever someone decides to leak a build, leak a screenshot, break an embargo, and what not.

Check the break to read about how it all went down. Keep in mind that there’s no video or audio and that this is, indeed, a long read apparently not as long as some people have seen in the past. Thanks is due to the anonymous commentators who pointed this out.

Anonymous Softie: So, with regards to leaks

Bryant: Yeah

Anonymous Softie: Leaks can affect the public perception of a product. For instance, there’s a reason why we only release specific builds. You know, because we want to release a certain level of quality that people can take a look at, have faith in, and [say] "okay, this is the product, the product is progressing as planned." Sometimes, interim builds, leaked builds, they often haven’t passed any of our quality checks. They were never meant to be released.

Bryant: Right. They can easily have nasty bugs.

Anonymous Softie: Yeah, exactly, and all of a sudden, you’ve got everyone in the world taking a look at this build; everyone wants to see the leaked build, right? ’cause it’s mysterious. It’s rare. It’s from the inside. So yeah, there could be bugs in it. People [find] bugs in it. They question functionality they find in it. And so when all of that happens, my phone starts ringing [with] people asking for comments. I’m not doing my day job at that point.

Anonymous Softie: And so, one, it’s a huge distraction on all of us. Phones ring off the hook. [People say] "I can’t believe there’s this shitty quality build out there!" It’s like, look, I’m not going to take time to talk to you, first of all, ’cause you, you know, that was an unplanned leak. It’s not representative of what we ultimately want to sanction and release.

Anonymous Softie: So, there’s the distraction, the bugs… if it’s really buggy, people might think that that’s the current state of the product when, in fact, it’s not. Internally, we’re already many many builds beyond the one that’s leaked. We don’t really care about that one. It doesn’t exist.

Bryant: Right.

Anonymous Softie: –for all we care.

Bryant: Right. It never happened.

Anonymous Softie: It never happened! But everyone is quick to jump to an opinion about that particular moment in time. They often draw incorrect conclusions, "oh my gosh, the product is incomplete, it doesn’t have this, it doesn’t have that." So that’s one.

Anonymous Softie: And quite often we have features that come out over time, right? You don’t necessarily have all the features in [Windows 7 Milestone 3], for instance. We didn’t have any [of the new] UI.

Bryant: Right. Well when we posted [the article about Milestone 3], that was it. It was just very bare and everything was hidden by a bunch of switches. I remember when we originally posted the very suggestive "we know what’s coming but we don’t actually… know" article, we got a lot of hits. We really killed your day job with that one.

Anonymous Softie: Yeah. So it’s a big distraction; it causes people to form incorrect opinions which I as a communications professional ultimately have to fix. Right? The world starts thinking "Wow, this is it?" and I go "Wait, wait wait"

Bryant: "Yeah, this was like a few months in the past. We’re much further ahead of this now, and there are different branches [besides the one with the leaked build], etc."

Anonymous Softie: Exactly. It’s a distraction for developers that are… you know, so we have an enormous [Independent Software Vendor] community that tests various milestones. They test their software. They test their drivers. They test their apps.. and for them it’s a distraction too because they’re wondering "wow, what’s going on? Should I look at this? Should I stop what I’m doing and look at this leaked build?" and so it tends to slow everything down.

Anonymous Softie: Those are the biggest issues that we have. And then so many people get sucked into potentially having to respond to all the questions that people are raising about that particular moment in time. We just don’t have time to deal with that, and so, generally, we don’t comment on unreleased builds.

Bryant: There you go.

Bryant:
I guess… how does it affect, I mean, you talked about how it affects you guys, what you guys do, but let’s say… how does it affect the actual development of a product itself? Or, on a similar line, how does it affect the timeline? Let’s say you’ve got a bunch of leaks setting things back.

Anonymous Softie: It generally doesn’t affect the timeline. The developers are always heads down; they’re writing code, they’re fixing bugs, but even they will stop and read the reviews of the leaked build. So there’s loss of progress there, potentially. And so, when you add it all up, it really does no one any good. ’cause even all the people that pause to download it– we also have the problem of viruses. People leak builds. They stuff them with payloads, and everyone wants the leaked build. They get a bunch of viruses, and now I have to deal with that problem. So, in some sense, it’s "dangerous" as well, and we have no control over what’s out there, what the quality is…

Anonymous Softie: but leaks generally don’t affect the schedule, but they affect the communication. They affect the perception They’re a distraction for all of the outside developers in the world that are trying to be focused on the right builds, and they might see something they didn’t expect, but when you catch us in between, all bets are off. We establish a contract with developers. We say "here are the APIs." It’s a contract between Microsoft and the developers. [We tell them] "we’re not going to change these APIs." and interim builds could actually have changes, maybe some things that we’re actually just testing out, prototyping. And so, you get some people on the outside that are, you know, wondering "Gosh. Did Microsoft– Did I not– Did I miss something? Did Microsoft not tell me what’s happened?" And so it’s pure theater.

Bryant: Right.

Anonymous Softie: People like to see it because it’s secret and nobody else can see it, but if you download some rogue binary from some site and you get infected, or you download something that, you know… people accuse that, even, of being Microsoft’s fault, and I’m generally the one that has to deal with… you know, whenever press call, my phone rings. I would rather spend my time preparing for that next big real milestone, making sure people have the most accurate information and keeping everyone on track instead of being distracted by all of these external issues.

Bryant: Now that was with regards to, um, actual build leaks. How about news leaks? Like, um, if somebody leaks a screenshot of something in progress– I figure that would possibly be the same ordeal. You know, news leaks, perception leaks [such as reviews], let’s say an embargo is broken about something. How about those? How does that work?

Anonymous Softie: Both a similar and a whole different set of issues as well. You know, we have a… I have a very professional relationship with all of the professional journalists that I work with. And so, it’s difficult. When I en masse pre-brief journalists and I say "okay, all of the information that I’m telling you under confidence–" professionals embargoed under this certain date. For the most part, people respect that. But then, somebody breaks the embargo, and then all the other journalists look around [and think] "well, they went! I gotta go!" And then it jeopardizes my relationship with other people ’cause suddenly everybody is going. At the end of the day, it often causes a lot of misinformation to be out there because people– I haven’t had a chance to talk to you, Bryant, yet, to let you know what’s our intent, What do we do and what is this about, why are we delivering this thing, who is it for, what’s it capable of doing. And so, if I don’t have that opportunity to kinda frame everything with everybody and put it in context, everybody starts speculating. "Maybe it means this. Maybe it means this. Maybe it means that.” Again, huge distractions. The people that need accurate information don’t have that accurate information any longer, and I spend weeks trying to sorta put things back in order so that everyone has the accurate Microsoft view of things instead of 30 different conspiratorial opinions on what may or may not be true.

Bryant: Yeah, of course. And, well I suppose for now that’s all I’m really looking for.

Anonymous Softie: Cool.

Whether this person’s account of how leaks affect things at Microsoft represents the Microsoft way of thinking is beyond me. I didn’t ask, but it’s safe to infer that this person isn’t the only person who thinks along these lines.

1. The day after 7: perspective… and Brad Brooks (October 23, 2009) (Update: video brightened)
2. The Windows 7 tweet-up in New York City, Winners, etc. (October 24, 2009)
3. The Effects of Leaks: A Candid Interview (October 25, 2009)
4. Unfortunately, the Windows 7 Keynote Interview with  Thorsten Ganz cannot be published due to technical issues.
   

That’s it. Keep an eye on us for PDC!

Thursday evening, I attended and taped the tweet-up which occurred in the Antarctica Bar. Other pressies besides @conhopper (me) who attended include @withinrafael, @thurrott (who organized the event), @tom_warren, @edbott, @maryjofoley, and @inafried. The event can be described in the following concise bullets:

• It was very packed.
• We gave a lot of stuff away. The (almost) complete list of items is in the video.
• A lot of people walked away happy regardless of whether or not they actually won anything.
• Antarctica may have had their best business in a while. You’re welcome, guys!
• A few Microsofties came and contributed to the giving away of items. My thanks in particular goes to Chris Flores, but others were also involved when it came to securing some of the prizes.
• Everyone was generally stunned at how awesome this whole thing was.

In all honesty, this is the first time I’ve seen the power of twitter when it comes to organizing group attendances like this. The enthusiasm here was fantastic, and I met some truly wonderful people as a result (and signed a Kindle. That thing better see some good use).

It didn’t even matter that this was a group of Windows enthusiasts. The discussions ranged anywhere from tech to politics to economics and even to women (I didn’t pay attention to what the women were talking about). One geek even managed to score a girl’s number, and to him I issue a hearty salute for successfully debunking the butt of all jokes in geekdom, at least in his own world.

Anyway, this video here is a tribute to everyone who came even though the people you’ll see here are people who won a giveaway item at the tweet-up. I recorded other video from inside the event, though the question of practicality (do you guys want to see it? What is there to see besides people talking and Ed&Paul giving things away?) still lingers.

The video can be caught after the break.

On Tuesday, some no-good hackers decided to post a vulnerability, complete with a proof-of-concept Python script, that can remotely crash any Windows-based computer that has the SMB 2.0 network protocol enabled, which includes any system running Windows Vista or later. So like anybody with a bunch of free time would do, I cracked open a couple of VM’s and had some BSoD fun with Vista but noticed that 7 didn’t budge whenever I sent the exploit packets, so I suspected that they probably tested the RC version against this exploit

Well my gut feeling was right, and Microsoft released a security advisory later that day stating that it only affected Windows Vista and Server 2008, as well as the Windows 7 RC, but no mention of the 7 RTM (or Server 2008 R2). Plus, the scope was narrowed further when it was revealed that Public network locations were unaffected (they blocked incoming connections anyway). So nothing that bad to get riled over.

Of course, until a hotfix is released, if you’d like to completely protect yourself from the exploit you can follow the directions to either

• Block ports 139 and 445 from inbound connections using a firewall
• Disable the SMB2 driver
• Both (why not? unless you’re actively using file/printer sharing)

The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

• This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
• This particular label only applies to this specific proof-of-concept
• A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

Spambots were registering zero-post user accounts and filling the About-Me profile information with ads for the usual cocktails of worthless medications. We’ve done a mass deletion of all zero-post accounts made after the 20th of May and temporarily disabled the ability for a member with less than 100 posts to edit his/her profile. As a result, the spam links associated were typically in this format:

http://www.aeroxp.org/board/index.php?showuser=insert_number_here

We expect to return back to normal operating conditions soon.

Again, my sincerest thanks to William and Pastor Johnnie Sloan for tipping me off, and to the Akismet crew for guidance on the matter.

For those looking for IPs and emails to block, I can’t give block-worthy IPs as the automated nature of the spam meant that new IPs were used for each account. However, one domain suffixed to the bulk of our spam was “@top-medz.com”. If you operate your own forums and have recently fallen victim to spammers using your board to spam others, please check for this domain and any others and pass it to the guys at Akismet.

I’m doing this because many people have contacted me during the course of PDC to find out what I would recommend doing in order to get the most out of PDC and other similar events, so I’ll almost definitely put up posts like this after every single major event which I attend.

You can catch the list after the break, though here’s the quick summary:

Virgin America: Overrated.
The Omni Hotel in Downtown Los Angeles: Amazing.
AMD: Awesome, even if afflicted by some minor foibles.
Microsoft: Wonderful with most everything this time around.

The Airline: Virgin America.
My thoughts: Overrated.

There’s a number of problems I experienced with Virgin America, from Customer Service to seating to the entertainment system, among other things. Mind you, the atmosphere was pretty good, and the few things that did work on the entertainment system actually seemed to work pretty well (with the exception of Doom, which ran at a pathetic 3 frames per second, literally). However, that’s basically where the list of good stuff ends. Here’s what went wrong:

• Legroom? Non-existent.
• The “Red” entertainment system is still in beta, and super-hyped features such as cross-seat chatting were not in the build seen on my flight to LA.
• Satellite TV was ridiculously broken. For a flight which had zero clouds above it, this shouldn’t have happened.
• Movies didn’t play.
• Games were boring overall.
• Exit seats charge a premium… why? What if a premium-paying person is too weak to open the exit door?
• Customer service is worth nothing.

There’s an interesting scenario which serves to justify the last point: This couple happened to win four VIP  tickets for the Clippers v. Nuggets game Friday night from the venerable Jennifer Ritzinger (runs by the name of Ritzy on Channel9) but the pair only needed two tickets, so they gave me the other two. In effect, I won two VIP tickets.

Unfortunately, the game is Friday night, and my flight is Friday morning. Unlike my experience with The Omni (which I’ll describe after this), Virgin America seems to have a comparatively stubborn policy. I tried to elevate my case, but I was told I was already at the supervisor. After a 7 minute wait, all I get is an unsympathetic late night “supervisor?” So much for that.

Unsympathetic CS reps generally do a company in for me unless they can make up for it through an insane feature offering. Virgin America, quite flatly, didn’t. I hope this changes soon; I’ll probably never again get the chance to hit a sports event as a VIP in my life.

Edit: The second time I called, the other rep (Tony) was much better with describing why they’d be unable to help, but it still got me nowhere, and the logic didn’t make much sense as hotels have to deal with the same things (regarding booking and such).

I’ll almost definitely resume flying with Southwest again for MIX or PDC next year (depending on which one I attend)

The Lodging: The Omni Hotel in Downtown Los Angeles
My thoughts: Amazing.

It all comes down to this: everything was managed beautifully while Sandro and I were away from the room. The 195USD per night price may be steep for people (ironic given how it’s a discounted PDC price), but it’s worthwhole when split with someone else. The room is fairly generic, but it’s the experiences which make things great.

• Room Service actually does a good job without stealing things, which is a first in my experience.
• The shower always has hot water, and the toilet always flushes without messing up (these little details matter)
• The wifi, though it asks for a fee, can easily be obtained for free and runs at speeds of 11/11 MB/s synchronous. The only limits are likely the radios themselves.
• You’re given a chocolate mint before coming back every night, along with a card with the next day’s weather.
• Everything has been clean.
• Customer service is understanding.

To demonstrate the last point: The Omni extended to me a late checkout after seeing my VIP tickets in-hand. The late checkout would normally cost 99USD, but The Omni’s management team did it for free with no hassles. This is supremely unlike my experience with Virgin America’s customer service.

The Hardware Guys: AMD
My Thoughts: Awesome, even if afflicted by some minor foibles.

AMD’s PR guys routinely send me equipment to use, which I return (unlike most of the others who get stuff from them) back to them after the event for which I borrowed… said equipment. This time, after getting invited on very short notice  for PDC 2008, AMD still managed to pseudo-sponsor what we stand for and fire a Phenom 9950 and an ATI 4870 my way for the event with overnight shipping the day before/day of my flight. I wasn’t able to use any of it this year, but AMD definitely showed that they care about the communities out there. In the end, the equipment still goes back to them (or you guys, as was the plan after MIX had the GPU in that box not failed), but it’s great to see a company which still cares for the enthusiast community.

The Event: Microsoft
My Thoughts: Wonderful with most everything this time around.

Microsoft is one of those bureaucratic organizations which happens to have limbs which are unaware of what the other limbs are doing. Sometimes, this impacts their products and technologies quite negatively, but then again, PDC 2008 definitely brought a welcome change. This year’s event was far more laid back than previous events I’ve been to; the PR teams (Waggener Edstrom being the primary one) were very accomodating with my requests, even if only such accomodation was present solely in their attempts to answer my questions, and the employees I spoke to were very open with their topics. Shout-outs go to Chaitanya Sareen, Rebecca Deutsch, and Dan Polivy for wonderful interviews on Wednesday, Thursday, and an unknown future date.

No Microsoft event is an event without a generous allotment of parties, and PDC 2008 was no exception. Besides a hefty number of press receptions, there were also many other general receptions for PDC attendees on Monday, Tuesday, and Wednesday. On the other hand, when times got serious, the presenters still knew how to present their topics. All in all, Microsoft did a good job here this week, as did the guys at WaggEd (at least for my causes)

That’s about it in terms of who deserves praise and who deserves less business. We still have two videos and an audio interview coming up over the next week, so be sure to stick around.

For those of you who aren’t convinced, the old taskbar actually happens to still be around, but only in the sense that the opened applications can have text next to their icons in the new taskbar. Besides that, the new taskbar functionality will all still remain intact, even though you can bring it close to looking like the old taskbar. Take a gander below; you’ll see more in our interview next week.

Yesterday was packed with much news about Azure and other cloudy things. Thus, I’ll focus instead on some of the other things which took place on the 27th of October, the first day of PDC.

Today’s happenings, likely including images from the party as well as images from other goings-on, will come near the end of the night (pacific time).