What’s the best way to tell the whole world that your competitors are actually gaining on you against the founding premise of your business? Start advertising that one service you’ve never had to advertise. Google did just that during Super Bowl XLIV, showing off not a phone nor even a new service, but merely an ad promoting Google Search.

Since Bing and Yahoo are effectively on the same side and Bing has been gaining marketshare against Google, this is an obvious sign that Google actually feels threatened by Bing.

Competition is good. Windows 7 arose out of competitive need, and we might now see two amazing search platforms arise out of a heated Google v. Bing war. I’m looking forward to it.

We’ve tried to withhold ourselves from sourcing our news from leaky valves in Microsoft as of late (and you can see where that’s gotten us. ahem), but we don’t just stay away for the sake of keeping ourselves out of that eternally stressful race for content. We tend to stay out of it because behind every leak, someone’s job suffers as a result.

I had a very open interview with someone at the launch event. This person frequently deals with product leaks, and as a result, it’s fair to say that the person knows exactly how said leaks impact work, the lives of everyone connected to the project, the public perception of a product, and so forth. My interview with this particular Microsoft employee was fulfilling in the sense that I’m able to offer an uncensored glimpse into what Microsoft has to deal with whenever someone decides to leak a build, leak a screenshot, break an embargo, and what not.

Check the break to read about how it all went down. Keep in mind that there’s no video or audio and that this is, indeed, a long read apparently not as long as some people have seen in the past. Thanks is due to the anonymous commentators who pointed this out.

Anonymous Softie: So, with regards to leaks

Bryant: Yeah

Anonymous Softie: Leaks can affect the public perception of a product. For instance, there’s a reason why we only release specific builds. You know, because we want to release a certain level of quality that people can take a look at, have faith in, and [say] "okay, this is the product, the product is progressing as planned." Sometimes, interim builds, leaked builds, they often haven’t passed any of our quality checks. They were never meant to be released.

Bryant: Right. They can easily have nasty bugs.

Anonymous Softie: Yeah, exactly, and all of a sudden, you’ve got everyone in the world taking a look at this build; everyone wants to see the leaked build, right? ’cause it’s mysterious. It’s rare. It’s from the inside. So yeah, there could be bugs in it. People [find] bugs in it. They question functionality they find in it. And so when all of that happens, my phone starts ringing [with] people asking for comments. I’m not doing my day job at that point.

Anonymous Softie: And so, one, it’s a huge distraction on all of us. Phones ring off the hook. [People say] "I can’t believe there’s this shitty quality build out there!" It’s like, look, I’m not going to take time to talk to you, first of all, ’cause you, you know, that was an unplanned leak. It’s not representative of what we ultimately want to sanction and release.

Anonymous Softie: So, there’s the distraction, the bugs… if it’s really buggy, people might think that that’s the current state of the product when, in fact, it’s not. Internally, we’re already many many builds beyond the one that’s leaked. We don’t really care about that one. It doesn’t exist.

Bryant: Right.

Anonymous Softie: –for all we care.

Bryant: Right. It never happened.

Anonymous Softie: It never happened! But everyone is quick to jump to an opinion about that particular moment in time. They often draw incorrect conclusions, "oh my gosh, the product is incomplete, it doesn’t have this, it doesn’t have that." So that’s one.

Anonymous Softie: And quite often we have features that come out over time, right? You don’t necessarily have all the features in [Windows 7 Milestone 3], for instance. We didn’t have any [of the new] UI.

Bryant: Right. Well when we posted [the article about Milestone 3], that was it. It was just very bare and everything was hidden by a bunch of switches. I remember when we originally posted the very suggestive "we know what’s coming but we don’t actually… know" article, we got a lot of hits. We really killed your day job with that one.

Anonymous Softie: Yeah. So it’s a big distraction; it causes people to form incorrect opinions which I as a communications professional ultimately have to fix. Right? The world starts thinking "Wow, this is it?" and I go "Wait, wait wait"

Bryant: "Yeah, this was like a few months in the past. We’re much further ahead of this now, and there are different branches [besides the one with the leaked build], etc."

Anonymous Softie: Exactly. It’s a distraction for developers that are… you know, so we have an enormous [Independent Software Vendor] community that tests various milestones. They test their software. They test their drivers. They test their apps.. and for them it’s a distraction too because they’re wondering "wow, what’s going on? Should I look at this? Should I stop what I’m doing and look at this leaked build?" and so it tends to slow everything down.

Anonymous Softie: Those are the biggest issues that we have. And then so many people get sucked into potentially having to respond to all the questions that people are raising about that particular moment in time. We just don’t have time to deal with that, and so, generally, we don’t comment on unreleased builds.

Bryant: There you go.

Bryant:
I guess… how does it affect, I mean, you talked about how it affects you guys, what you guys do, but let’s say… how does it affect the actual development of a product itself? Or, on a similar line, how does it affect the timeline? Let’s say you’ve got a bunch of leaks setting things back.

Anonymous Softie: It generally doesn’t affect the timeline. The developers are always heads down; they’re writing code, they’re fixing bugs, but even they will stop and read the reviews of the leaked build. So there’s loss of progress there, potentially. And so, when you add it all up, it really does no one any good. ’cause even all the people that pause to download it– we also have the problem of viruses. People leak builds. They stuff them with payloads, and everyone wants the leaked build. They get a bunch of viruses, and now I have to deal with that problem. So, in some sense, it’s "dangerous" as well, and we have no control over what’s out there, what the quality is…

Anonymous Softie: but leaks generally don’t affect the schedule, but they affect the communication. They affect the perception They’re a distraction for all of the outside developers in the world that are trying to be focused on the right builds, and they might see something they didn’t expect, but when you catch us in between, all bets are off. We establish a contract with developers. We say "here are the APIs." It’s a contract between Microsoft and the developers. [We tell them] "we’re not going to change these APIs." and interim builds could actually have changes, maybe some things that we’re actually just testing out, prototyping. And so, you get some people on the outside that are, you know, wondering "Gosh. Did Microsoft– Did I not– Did I miss something? Did Microsoft not tell me what’s happened?" And so it’s pure theater.

Bryant: Right.

Anonymous Softie: People like to see it because it’s secret and nobody else can see it, but if you download some rogue binary from some site and you get infected, or you download something that, you know… people accuse that, even, of being Microsoft’s fault, and I’m generally the one that has to deal with… you know, whenever press call, my phone rings. I would rather spend my time preparing for that next big real milestone, making sure people have the most accurate information and keeping everyone on track instead of being distracted by all of these external issues.

Bryant: Now that was with regards to, um, actual build leaks. How about news leaks? Like, um, if somebody leaks a screenshot of something in progress– I figure that would possibly be the same ordeal. You know, news leaks, perception leaks [such as reviews], let’s say an embargo is broken about something. How about those? How does that work?

Anonymous Softie: Both a similar and a whole different set of issues as well. You know, we have a… I have a very professional relationship with all of the professional journalists that I work with. And so, it’s difficult. When I en masse pre-brief journalists and I say "okay, all of the information that I’m telling you under confidence–" professionals embargoed under this certain date. For the most part, people respect that. But then, somebody breaks the embargo, and then all the other journalists look around [and think] "well, they went! I gotta go!" And then it jeopardizes my relationship with other people ’cause suddenly everybody is going. At the end of the day, it often causes a lot of misinformation to be out there because people– I haven’t had a chance to talk to you, Bryant, yet, to let you know what’s our intent, What do we do and what is this about, why are we delivering this thing, who is it for, what’s it capable of doing. And so, if I don’t have that opportunity to kinda frame everything with everybody and put it in context, everybody starts speculating. "Maybe it means this. Maybe it means this. Maybe it means that.” Again, huge distractions. The people that need accurate information don’t have that accurate information any longer, and I spend weeks trying to sorta put things back in order so that everyone has the accurate Microsoft view of things instead of 30 different conspiratorial opinions on what may or may not be true.

Bryant: Yeah, of course. And, well I suppose for now that’s all I’m really looking for.

Anonymous Softie: Cool.

Whether this person’s account of how leaks affect things at Microsoft represents the Microsoft way of thinking is beyond me. I didn’t ask, but it’s safe to infer that this person isn’t the only person who thinks along these lines.

In the wonderful world of Zune, all the Zune teamsters, Zune coders, Zune pushers, and Zune lovers are busy celebrating the launch of the Zune HD. That’s not to say there aren’t any snags with which to deal. Case in point: I came across this wonderful screen when I tried to sign into my account under Zune 4.0 for the first time:

“Great, there’s no terms to which I must agree. I’ll just go ahead and click Accept,” (the result of which you can see after the jump)

“Crap.”

I’ll chalk it up to quick thinking on behalf of Michael Gillet (@Gilly2468) for coming up with the bright idea of signing in online and accepting the terms there. If you’re one of the few people who, for whatever reason, aren’t able to sign into the Zune account for which you may have paid, try signing in via Zune.net and accepting the new terms there (you’ll see your account edit screen when you sign in, which is where you’ll do this). Once you’re done, you can sign back in via the Zune software and voila, life is good again.

On Tuesday, some no-good hackers decided to post a vulnerability, complete with a proof-of-concept Python script, that can remotely crash any Windows-based computer that has the SMB 2.0 network protocol enabled, which includes any system running Windows Vista or later. So like anybody with a bunch of free time would do, I cracked open a couple of VM’s and had some BSoD fun with Vista but noticed that 7 didn’t budge whenever I sent the exploit packets, so I suspected that they probably tested the RC version against this exploit

Well my gut feeling was right, and Microsoft released a security advisory later that day stating that it only affected Windows Vista and Server 2008, as well as the Windows 7 RC, but no mention of the 7 RTM (or Server 2008 R2). Plus, the scope was narrowed further when it was revealed that Public network locations were unaffected (they blocked incoming connections anyway). So nothing that bad to get riled over.

Of course, until a hotfix is released, if you’d like to completely protect yourself from the exploit you can follow the directions to either

• Block ports 139 and 445 from inbound connections using a firewall
• Disable the SMB2 driver
• Both (why not? unless you’re actively using file/printer sharing)

For the uninitiated,

FSF = Free Software Foundation

CC = Creative Commons

That out of the way, let’s get to the point: The Free Software Foundation’s latest ridiculous hit piece on Microsoft (after the break) not only uses a license considered a “cardinal sin” (as stated by Matt Asay) amongst free open source software proponents, they actually render their own licensing null and void by blanketing IP which they don’t actually own. Let’s take a look.

The important part, circled in mspaint-esque red, can be found at the bottom of the campaign’s page. Basically, their Creative Commons license requires attribution, denies derivative works (the “cardinal sin”), and, quite ironically, puts no limits on commercial reproduction. I’ve saved a copy of the page to commercially reprint for the sake of covering my PDC bills since they apparently don’t care, but that’s beside the point. The point is that they applied a Creative Commons license to the entire page, which of course spans all of the elements used within the page. This also spans the header image, which violates Microsoft’s trademark by reproducing the new Windows logo with the primary four colors intact, thereby qualifying as a gross breach of Microsoft’s trademark. Because the FSF did not receive permission to use the Windows logo and because they did not exempt the trademark from the license, they’re now left with a license which covers items in violation… which renders the Creative Commons license spanning their entire page (and every other page mentioning that license with that header) null and void. This, of course, also means that my derivative works are perfectly allowed. Score one for defense.

To summarize, not only did the Free Software Foundation violate their own principals, they hypocritically denied the right to create derivative works from the campaign page while creating a derivative work from Microsoft’s logo which is close enough to the original as to give grounds to Microsoft for a lawsuit. In addition, it begs the question of whether the funds they happen to have are truly being used to better the open source cause or if they’re just burning money in a campaign of FUD.

Microsoft, of course, likely won’t sue because giving the Free Software Foundation their own Streisand Effect would be a nightmare scenario.

All of the above is from my primitive understanding of IP law and licenses. I am not a lawyer, but I would love to be corrected by someone who is and hasn’t chosen a side in this mess.

Photopapered derivative of site content ©2009 Bryant Zadegan, all rights reserved. Original site ©2009 Free Software Foundation. No rights were reserved by the FSF, apparently, because they violated the license they were using to cover their stuff.

Oh hey, seems like Windows 7-E is making a comeback (source-link is German) after having lived and died a very uneventful life in the EU. The German-language Microsoft Store is selling it for 299 euros, and the box art (as well as the page) clearly notes the lack of internet explorer on this version.

Mistake? Joke? A sign that Microsoft might’ve gotten pissed at Opera’s and Mozilla’s recent efforts to milk even more out of them? Who knows, but the box art for “Ultimate-E” has a weird stuttery look to it.

Credit goes to Andre Da Costa for pointing me to the buy page via MSN. I can’t read German, but from the presence of the box art, I’m certain this is for a retail copy of Windows 7-E.

Students.

Many schools suggest tablets for note-taking or engineering work. Heck, some even mandate them. This market is currently owned by Microsoft, and given Apple’s de facto hip-couture status in universities, it’s only logical to see that Apple wants to snatch the remaining Windows tablet users and turn them to the dark side, preferably before Windows 7 strolls along. My own discussions with students of various universities which suggest or mandate tablets (the biggest one which comes to my mind is a school I was considering attending myself and which currently lists as alumni a few of my friends, Virginia Tech), lead me to believe that a vast number of the attending students wish they could use Apple’s own hardware. Sure, there are a few hackintoshy solutions (modbook) but these aren’t official, supported by Apple, or anywhere near as “hip.”

Granted, Apple’s rumored tablet offering isn’t actually aiming for the engineering students, but that’s beside the point. The point is that if one Apple tablet succeeds, they will swiftly aim for turning it into a billion-dollar business, just as they have with the iPod, the iPhone, et. al.

Here’s the problem: Microsoft is coming with Windows 7 on October 22nd. That’s long after classes begin and likely a month after Apple’s seemingly-real tablet offering, which might still find its way into the hands of hipster-poseurs and college students. If Apple’s tablet happens to be an unproductive media device with no purpose other than to watch films and browse the internet, then I suppose only the crunchpad may possibly need to worry, but if Apple’s tablet offers any decent means of taking notes or generally being even slightly productive, Microsoft quickly needs to put it to bed.

Otherwise, Apple’s legions will embrace it like the second coming of choose-your-deity rather than the outcast child the business world would much prefer to see (before these students force said businesses over to the worlds most unproductive OS). Given Apple’s recent streak of screwing the consumer, the last thing people need is another outlet for the consumer to be, well, screwed.

Yes, I wrote this on a MacBook, which thankfully currently possesses no trace of any Leopards, Snow Leopards, or any other endangered sources of luxury furs. I also gracefully stole the article’s image from PC World.

The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

• This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
• This particular label only applies to this specific proof-of-concept
• A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

For those who don’t know, DreamSpark throws free software at students (after verifying their student-hood, of course). I previously wrote about using DreamSpark to get and use a free OS in place of Vista over here.

Now, keeping the awesomeness of DreamSpark in mind, Expression 3 was only very recently released. A number of threads have popped up on the internet, with the most notable first result for me being this thread on Channel 8. Coupled with requests from other students I personally know as well as faculty from schools near the DC area (thanks for reading, guys!), I figured I’d look into it.

There’s good news, and there’s the news which isn’t exactly bad. I’ll spill the news which isn’t exactly bad first.

There’s no official target date on getting Expression Studio 3 up on DreamSpark, nor will it be available in July, nor is the target timeframe a certainty or guarantee. There; that’s the news which isn’t exactly bad.

The good news: the target timeframe is still before the point when classes start for many of you. The word, as given by a Microsoft spokesperson, is that a “target timeframe would be [the] end of August.”

If you can’t wait ‘til then, go grab Expression Studio 2 from DreamSpark right now. Otherwise, show some patience, be awesome, and grab Expression Studio 3 once it drops for you guys for free in a month. Cheers to dreamers at Channel 8 for holding out, and I’ll have an update for people once a specific date has been settled upon.