Slashdot Mirror

mauriceh writes "Since Monday Dec. 7, the Microsoft eOpen license website has been mostly 'Down for Maintenance.' When we do not see this message, we still do not see most of the normal functionality. As this is Microsoft's main channel for managing and installing licenses for products such as Server, and for open license products for business, this makes the company effectively 'closed for business!' Attempts to connect to https://eopen.microsoft.com/ are redirected (after a bad certificate warning) to https://www.microsoft.com/licensing/servicecenter/sitemaintenance.html. For those who wish to activate Microsoft Business Solutions software need to obtain Software Registration keys, and these also can not be obtained, as the site http://www.microsoft.com/BusinessSolutions/MBSRegistration does not resolve; instead one gets a Microsoft Search page. Telephone calls to their support numbers for the licensing program yield either busy signals, or a message saying one should 'call back later.'"

mauriceh writes "Since Monday Dec. 7, the Microsoft eOpen license website has been mostly 'Down for Maintenance.' When we do not see this message, we still do not see most of the normal functionality. As this is Microsoft's main channel for managing and installing licenses for products such as Server, and for open license products for business, this makes the company effectively 'closed for business!' Attempts to connect to https://eopen.microsoft.com/ are redirected (after a bad certificate warning) to https://www.microsoft.com/licensing/servicecenter/sitemaintenance.html. For those who wish to activate Microsoft Business Solutions software need to obtain Software Registration keys, and these also can not be obtained, as the site http://www.microsoft.com/BusinessSolutions/MBSRegistration does not resolve; instead one gets a Microsoft Search page. Telephone calls to their support numbers for the licensing program yield either busy signals, or a message saying one should 'call back later.'"

mauriceh writes "Since Monday Dec. 7, the Microsoft eOpen license website has been mostly 'Down for Maintenance.' When we do not see this message, we still do not see most of the normal functionality. As this is Microsoft's main channel for managing and installing licenses for products such as Server, and for open license products for business, this makes the company effectively 'closed for business!' Attempts to connect to https://eopen.microsoft.com/ are redirected (after a bad certificate warning) to https://www.microsoft.com/licensing/servicecenter/sitemaintenance.html. For those who wish to activate Microsoft Business Solutions software need to obtain Software Registration keys, and these also can not be obtained, as the site http://www.microsoft.com/BusinessSolutions/MBSRegistration does not resolve; instead one gets a Microsoft Search page. Telephone calls to their support numbers for the licensing program yield either busy signals, or a message saying one should 'call back later.'"

theodp writes "In the world envisioned by Microsoft's just-published patent application for Social Marketing, monopolists will maximize revenue by charging prices inversely related to the perceived influence an individual has on others. Microsoft gives an example of a pricing model that charges different people $0, $5, $10, $20, or $25 for the identical item based on the influence the purchaser wields. A presentation describing the revenue optimization scheme earned one of the three inventors applause (MS-Research video), and the so-called 'influence and exploit' strategies were also featured at WWW 2008 (PDF). The invention jibes nicely with Bill Gates's pending patents for identifying influencers. Welcome to the brave new world of analytics."

Eukariote writes "In an article outlining hidden strife in the processor world, Andreas Stiller has reported the scoop that Microsoft advised against the use of Intel Nehalem Xeon (Core i7/i5) processors under Windows Server 2008 R2, but was pressured by Intel to refrain from publishing this advisory. The issue concerns a bug causing spurious interrupts that locks up the Hypervisor of Server 2008. Though there is a hotfix, it is unattractive as it disables power savings and turbo boost states. (The original German-language version of the article is also available.)"

CWmike writes "Microsoft has denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. 'Microsoft has not and will not put "backdoors" into Windows,' a company spokeswoman said, reacting to a Computerworld story Wednesday. On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 'to enhance Microsoft's operating system security guide.' Thursday's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. 'The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit,' said the spokeswoman. The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system."

spongman writes "Microsoft's Senior Vice President, Developer Division, S. Somasegar has announced that Microsoft has acquired Teamprise from Sourcegear, LLC, and will be shipping it as part of the upcoming Visual Studio 2010 release. Teamprise is an Eclipse plugin (and related tools) for connecting to Team Foundation Server, Microsoft's source-control/project-management system. What's most interesting about this is not only that Microsoft has realized that heterogeneous development platforms are important to their developer customers, but the fact that Microsoft themselves will now be developing and shipping products based on those heterogeneous platforms, including 5 versions of Unix."

spongman writes "Microsoft's Senior Vice President, Developer Division, S. Somasegar has announced that Microsoft has acquired Teamprise from Sourcegear, LLC, and will be shipping it as part of the upcoming Visual Studio 2010 release. Teamprise is an Eclipse plugin (and related tools) for connecting to Team Foundation Server, Microsoft's source-control/project-management system. What's most interesting about this is not only that Microsoft has realized that heterogeneous development platforms are important to their developer customers, but the fact that Microsoft themselves will now be developing and shipping products based on those heterogeneous platforms, including 5 versions of Unix."

spongman writes "Microsoft's Senior Vice President, Developer Division, S. Somasegar has announced that Microsoft has acquired Teamprise from Sourcegear, LLC, and will be shipping it as part of the upcoming Visual Studio 2010 release. Teamprise is an Eclipse plugin (and related tools) for connecting to Team Foundation Server, Microsoft's source-control/project-management system. What's most interesting about this is not only that Microsoft has realized that heterogeneous development platforms are important to their developer customers, but the fact that Microsoft themselves will now be developing and shipping products based on those heterogeneous platforms, including 5 versions of Unix."

In a recent college recruiting tour, Microsoft's Craig Mundie was able to showcase some of the experiments coming out of their Research division. Among some of the interesting projects were another pass at the Minority Report interface, eye-tracking, intelligent data sorting, a global carbon-climate model, and several other software and hardware experiments. A video and supporting slideshow are also available via Microsoft's press site. "Mundie also will discuss the kinds of computers students will soon be using – machines that will respond to gestures through new natural user interfaces; deploy the power of new microprocessors; migrate data to the cloud; and use live data to drive new simulations and visualizations. He’ll center on an environmental theme to show what it might be like to be a research scientist working on zero carbon energy in the future using new interactions with data and computers to increase insight."

CWmike writes "Users should wait for Microsoft to work out the bugs in Windows 7 before jumping on the new OS, computer support company Rescuecom said on Friday. 'From the calls we're getting, as well as our own experience in the past with all Microsoft's operating systems, we're recommending that people stick with their time-tested OS and wait for the dust to settle,' said Josh Kaplan, president of Rescuecom. Citing a litany of reasons, ranging from the risk of losing data during an upgrade to tough economic times, Kaplan urged Windows users to put off upgrading to Windows 7 or buying a new PC with the operating system pre-installed. 'There are some compelling reasons for both businesses and home users to move to Windows 7,' Kaplan said, 'so we're saying "just wait for a bit."' Upgrading an existing machine — whether it's running the eight-year-old Windows XP or the much newer Vista — is particularly risky, he added, especially if users haven't taken time to make a full backup before they migrate their machines. Some users have found that out first hand. Among the top subjects on Microsoft's support forum is one that has put some PCs into an endless reboot loop when their owners tried to upgrade from Vista to Windows 7. Microsoft has not yet come up with a solution that works for all the users who have reported the problem, sparking frustration."

Frequent Slashdot contributor Bennett Haselton writes "A simple experiment shows that it's easy to find the IP addresses used by the UltraSurf anti-censorship program, and block traffic to all of those IP addresses, effectively stopping UltraSurf from working. But this is not a fault of UltraSurf; rather, it demonstrates that an anti-censorship software program can be successful even if it's relatively trivial to block it." Read on for Bennett's analysis.
UltraSurf is an enormously popular program used to circumvent Internet censorship in countries like China (as well as schools and workplaces in mostly-free countries like the US, with mixed success). When you run UltraSurf on your computer, it re-routes your outgoing Internet traffic to external IP addresses controlled by UltraSurf, so that it looks to observers (and network censors) as if you are connecting to UltraSurf's IP addresses, rather than a website like YouTube or Facebook that may be banned on your network.

UltraSurf uses a list of thousands of external IP addresses, to make it non-trivial for an adversary to locate all of their IP addresses and block them all. However, using a few steps that would be obvious to many programmers facing the same problem, I did find a way to detect all the IP addresses that UltraSurf connects to, and block all of them so that UltraSurf stopped working. It would not be hard for a government censor operating the filter in a country like China to do the same thing. But this does not mean that UltraSurf's network is likely to collapse any day now; on the contrary, it means that it and similar programs are likely to flourish for years to come, since the censors obviously have other priorities.

Some background information first. Most Internet censorship circumvention tools fall into one of two categories (whose names I have just invented for the purpose of this article):
(1) Self-bootstrapping. If a program is self-bootstrapping, then in a censored country you simply run a copy of the program and it will establish a connection to an IP address outside the country, one of many in a large "cloud" of IP addresses controlled by the software program's publisher. Thereafter, your Internet usage is routed through that connection in order to evade your country's filter. UltraSurf and Tor fall into this category.
(2) Non-self-bootstrapping. To use one of these programs from a censored country, first you have to get a friend in a non-censored country to install the software on their computer (or their webserver, if they have one). Then they give this location (normally in the form of a URL) to their friend in the censored country, and their friend types that URL into their browser to circumvent their country's filtering. Psiphon is the best-known program in this group.

In 2006 I wrote that even though the first category of programs was more convenient to use (not requiring you to rely on a friend in an uncensored country), any program in that category could be blocked by an adversary willing to make only a modest amount of effort: Install the program, see what IP addresses it connects to, block those, see if the program connects to any other backup IP addresses, block those, and so on, until the program runs out of IP addresses to use. There are a few simple countermeasures that designers of a program could take, but they can also be defeated easily.

(For example, if the program randomly chooses an IP address from a large internally stored list, then you just have to run the program over and over until you've found most of the IP address chosen by its random algorithm. A cleverly written program could try to evade this as follows: Pick a set of IP addresses at random from the list, and then "lock in" to that set of IP addresses, so that future runs of the program on that PC will always connect to those IP addresses, ignoring the other ones in the list. This makes it a little bit harder for the censor to pry out all of the IP addresses in the program's internal list. But then you, as the censor, can either (a) run the program repeatedly, but find where the program stores its "locked set" and erase that between each run, so that on future runs the program will keep selecting a different IP address set, or (b) if you can't figure out where the program is storing its "locked set" between each run, then just install the program repeatedly on different machines.)

One way or another, if the program knows what IP addresses to connect to when it bootstraps itself, the attacker can trick the program into revealing all of them. The attacker doesn't even need to reverse-engineer the software to see the set of instructions that it's executing internally; they only need to be able to see the IP addresses that the program is connecting to.

Much later, I was able to reduce this to practice in an experiment on my own machine, using a Perl script, the built-in Windows "netstat" tool to list connections from locally running programs to outside IP addresses, and the "ipseccmd" tool to add new firewall rules blocking those IP addresses. After the script was left running overnight, it had collected and blocked all the IP addresses that UltraSurf apparently used, and on future runs, UltraSurf would display an error message saying that it couldn't find any IPs to connect to.

(Interestingly, netstat also showed that UltraSurf frequently opened connections to www.google.com over SSL -- that is, accessing URLs that would begin with "https://www.google.com/" -- so that traffic between the program and the Google website would be encrypted, and the contents would be invisible to censors in China. When I saw it was doing that, I added an exception to the script so that the Google IP addresses would not be blocked. Perhaps it was submitting search terms to Google in order to find pages that give the location of the latest UltraSurf connection points, or perhaps it was checking a GMail account created by UltraReach that stores messages containing more IP addresses; I didn't reverse-engineer UltraSurf to find out. But even if this was UltraSurf's clever means of obtaining new IP addresses, the system still runs up against the same problem: Any IPs that can be connected to by the UltraSurf client, can also be ascertained by the attacker who watches UltraSurf to see where it connects to, and then blocks those IPs as well.)

Naturally I had mixed feelings about pointing this out publicly, since I agree with UltraReach's goal of providing unfiltered access to users in China and other censored countries. But this idea is sufficiently obvious, that I don't think anything is lost by demonstrating it. There may be programmers interested in creating even more programs to help users in censored countries, and it would be counterproductive for those programmers to believe that existing programs like UltraSurf "magically" evade the censors by using some complex algorithm to hide the IP addresses that they connect to. In fact, the program doesn't conceal the IP addresses that it connects to (how could it?), and it would be straightforward to design and build a new program that did roughly the same thing. We should give UltraReach credit for the right things: they made a tool that provides unfiltered access to millions of people, they made the tool small and easy to use, and they arranged with their partners to subsidize the unfiltered Internet connections at no expense to those end users (although see some caveats, which have been pointed out the Hal Roberts at the Berkman Center, about the price of this "free" access). But the one thing UltraReach did not do is find a way to get around the problem of an attacker installing the problem to see what IP addresses it connects to. That's not a criticism of UltraReach; this is presumably an impossible problem to solve.

(Side note about counter- and counter-counter-measures: If UltraReach does think that censoring countries might try harder to block UltraSurf at some point in the future, they should start releasing different versions of the product every month that use different sets of IP addresses. Release one version for September 2009 that uses one set of IP addresses, then another version in October 2009 that uses another set, and so on. Then if the censors decide in December 2009 to start seriously trying to block all UltraSurf IP addresses, they'll be able to find and block all the IP addresses used by the Dec09 version, just by installing a copy of the program and observing it. But, users who downloaded previous months' versions of the program will be able to continue using their copies. If the Chinese censors wanted to find and block the IP addresses used by preivous months' copies of UltraSurf, they would have to either (a) figure out how to distinguish UltraSurf traffic from other Internet traffic, not an easy thing since UltraSurf uses encrypted traffic on port 443, the same port used for encrypted Web traffic, or (b) obtain copies of the program that users had downloaded in previous months, which is no longer as trivial as simply observing the current version of the program. The more often UltraReach swaps out a new version of UltraSurf that connects to a new set of IP addresses, the harder it will be for the Chinese censors to find all the sets of IPs used by previously released versions. However, once the Chinese censors start trying seriously to block UltraSurf, even though the trick just described will allow previous downloaders of the program to continue surfing freely, all new users who download the program after that point, can be easily blocked -- because the Chinese censors can just watch how often a new version of UltraSurf is made available for download, and block the IPs used by that copy.)

But I think the fact that the Chinese have not done this reveals something usually overlooked about the nature of the anti-censorship arms race. The situation is frequently cast as a battle between the evil geniuses who run the government filters and the good geniuses who write the software to get around the filters, while the grateful citizens of the censored country are the beneficiaries. But if the government censors haven't even done some simple experiments like this in order to block UltraSurf, they must not think it's a high priority to stop the program from working. This in turn suggests that the number of people using UltraSurf in a country like China, while large in absolute numbers, don't constitute a large enough proportion of the population to worry the government. Presumably either the ideas leaking in through an unfiltered Internet are not reaching a large enough proportion of the population, or the ideas are not expected to take hold in enough people's minds to reach a tipping point that causes a problem for the ruling party.

It's not that the Chinese censors don't care about controlling the Internet and the effect that it has on their citizens' thinking. The Chinese have reported fielded a droid army of about 50,000 cubicle drones to help fight Internet propaganda battles, such as drowning out anti-government posts on public forums. Why would they spend such enormous efforts to generate forum posts, but not make the effort to find and block all UltraSurf IP addresses? Because the battlefront is about defaults. If the user tries to access a site and it's blocked, then only a tiny proportion will make a significant effort to circumvent the block. (The exception would be when an extremely popular site like YouTube is blocked; operators of Web proxy sites report that during these periods, they get so much traffic from Chinese users trying to view YouTube videos, that the servers often crash.) Similarly, if users see that 90% of the posts on a given forum are on one side of the issue, then they're more likely to think that's the majority viewpoint (whether they agree with it or not). Hence the usefulness of the army of 50,000 to invade forum threads. Defaults matter; would Internet Explorer have ever displaced Netscape's browser (kids, ask your parents) if it hadn't been the default browser in all versions of Windows?

So the moral for any would-be designers of new anti-Internet-censorship tools, is not to worry too much about whether there's a theoretical way (or even a practical way) that the censors could shut the tool down. UltraSurf became enormously popular without solving that problem, and perhaps another tool could as well.

Frequent Slashdot contributor Bennett Haselton writes "A simple experiment shows that it's easy to find the IP addresses used by the UltraSurf anti-censorship program, and block traffic to all of those IP addresses, effectively stopping UltraSurf from working. But this is not a fault of UltraSurf; rather, it demonstrates that an anti-censorship software program can be successful even if it's relatively trivial to block it." Read on for Bennett's analysis.
UltraSurf is an enormously popular program used to circumvent Internet censorship in countries like China (as well as schools and workplaces in mostly-free countries like the US, with mixed success). When you run UltraSurf on your computer, it re-routes your outgoing Internet traffic to external IP addresses controlled by UltraSurf, so that it looks to observers (and network censors) as if you are connecting to UltraSurf's IP addresses, rather than a website like YouTube or Facebook that may be banned on your network.

UltraSurf uses a list of thousands of external IP addresses, to make it non-trivial for an adversary to locate all of their IP addresses and block them all. However, using a few steps that would be obvious to many programmers facing the same problem, I did find a way to detect all the IP addresses that UltraSurf connects to, and block all of them so that UltraSurf stopped working. It would not be hard for a government censor operating the filter in a country like China to do the same thing. But this does not mean that UltraSurf's network is likely to collapse any day now; on the contrary, it means that it and similar programs are likely to flourish for years to come, since the censors obviously have other priorities.

Some background information first. Most Internet censorship circumvention tools fall into one of two categories (whose names I have just invented for the purpose of this article):
(1) Self-bootstrapping. If a program is self-bootstrapping, then in a censored country you simply run a copy of the program and it will establish a connection to an IP address outside the country, one of many in a large "cloud" of IP addresses controlled by the software program's publisher. Thereafter, your Internet usage is routed through that connection in order to evade your country's filter. UltraSurf and Tor fall into this category.
(2) Non-self-bootstrapping. To use one of these programs from a censored country, first you have to get a friend in a non-censored country to install the software on their computer (or their webserver, if they have one). Then they give this location (normally in the form of a URL) to their friend in the censored country, and their friend types that URL into their browser to circumvent their country's filtering. Psiphon is the best-known program in this group.

In 2006 I wrote that even though the first category of programs was more convenient to use (not requiring you to rely on a friend in an uncensored country), any program in that category could be blocked by an adversary willing to make only a modest amount of effort: Install the program, see what IP addresses it connects to, block those, see if the program connects to any other backup IP addresses, block those, and so on, until the program runs out of IP addresses to use. There are a few simple countermeasures that designers of a program could take, but they can also be defeated easily.

(For example, if the program randomly chooses an IP address from a large internally stored list, then you just have to run the program over and over until you've found most of the IP address chosen by its random algorithm. A cleverly written program could try to evade this as follows: Pick a set of IP addresses at random from the list, and then "lock in" to that set of IP addresses, so that future runs of the program on that PC will always connect to those IP addresses, ignoring the other ones in the list. This makes it a little bit harder for the censor to pry out all of the IP addresses in the program's internal list. But then you, as the censor, can either (a) run the program repeatedly, but find where the program stores its "locked set" and erase that between each run, so that on future runs the program will keep selecting a different IP address set, or (b) if you can't figure out where the program is storing its "locked set" between each run, then just install the program repeatedly on different machines.)

One way or another, if the program knows what IP addresses to connect to when it bootstraps itself, the attacker can trick the program into revealing all of them. The attacker doesn't even need to reverse-engineer the software to see the set of instructions that it's executing internally; they only need to be able to see the IP addresses that the program is connecting to.

Much later, I was able to reduce this to practice in an experiment on my own machine, using a Perl script, the built-in Windows "netstat" tool to list connections from locally running programs to outside IP addresses, and the "ipseccmd" tool to add new firewall rules blocking those IP addresses. After the script was left running overnight, it had collected and blocked all the IP addresses that UltraSurf apparently used, and on future runs, UltraSurf would display an error message saying that it couldn't find any IPs to connect to.

(Interestingly, netstat also showed that UltraSurf frequently opened connections to www.google.com over SSL -- that is, accessing URLs that would begin with "https://www.google.com/" -- so that traffic between the program and the Google website would be encrypted, and the contents would be invisible to censors in China. When I saw it was doing that, I added an exception to the script so that the Google IP addresses would not be blocked. Perhaps it was submitting search terms to Google in order to find pages that give the location of the latest UltraSurf connection points, or perhaps it was checking a GMail account created by UltraReach that stores messages containing more IP addresses; I didn't reverse-engineer UltraSurf to find out. But even if this was UltraSurf's clever means of obtaining new IP addresses, the system still runs up against the same problem: Any IPs that can be connected to by the UltraSurf client, can also be ascertained by the attacker who watches UltraSurf to see where it connects to, and then blocks those IPs as well.)

Naturally I had mixed feelings about pointing this out publicly, since I agree with UltraReach's goal of providing unfiltered access to users in China and other censored countries. But this idea is sufficiently obvious, that I don't think anything is lost by demonstrating it. There may be programmers interested in creating even more programs to help users in censored countries, and it would be counterproductive for those programmers to believe that existing programs like UltraSurf "magically" evade the censors by using some complex algorithm to hide the IP addresses that they connect to. In fact, the program doesn't conceal the IP addresses that it connects to (how could it?), and it would be straightforward to design and build a new program that did roughly the same thing. We should give UltraReach credit for the right things: they made a tool that provides unfiltered access to millions of people, they made the tool small and easy to use, and they arranged with their partners to subsidize the unfiltered Internet connections at no expense to those end users (although see some caveats, which have been pointed out the Hal Roberts at the Berkman Center, about the price of this "free" access). But the one thing UltraReach did not do is find a way to get around the problem of an attacker installing the problem to see what IP addresses it connects to. That's not a criticism of UltraReach; this is presumably an impossible problem to solve.

(Side note about counter- and counter-counter-measures: If UltraReach does think that censoring countries might try harder to block UltraSurf at some point in the future, they should start releasing different versions of the product every month that use different sets of IP addresses. Release one version for September 2009 that uses one set of IP addresses, then another version in October 2009 that uses another set, and so on. Then if the censors decide in December 2009 to start seriously trying to block all UltraSurf IP addresses, they'll be able to find and block all the IP addresses used by the Dec09 version, just by installing a copy of the program and observing it. But, users who downloaded previous months' versions of the program will be able to continue using their copies. If the Chinese censors wanted to find and block the IP addresses used by preivous months' copies of UltraSurf, they would have to either (a) figure out how to distinguish UltraSurf traffic from other Internet traffic, not an easy thing since UltraSurf uses encrypted traffic on port 443, the same port used for encrypted Web traffic, or (b) obtain copies of the program that users had downloaded in previous months, which is no longer as trivial as simply observing the current version of the program. The more often UltraReach swaps out a new version of UltraSurf that connects to a new set of IP addresses, the harder it will be for the Chinese censors to find all the sets of IPs used by previously released versions. However, once the Chinese censors start trying seriously to block UltraSurf, even though the trick just described will allow previous downloaders of the program to continue surfing freely, all new users who download the program after that point, can be easily blocked -- because the Chinese censors can just watch how often a new version of UltraSurf is made available for download, and block the IPs used by that copy.)

But I think the fact that the Chinese have not done this reveals something usually overlooked about the nature of the anti-censorship arms race. The situation is frequently cast as a battle between the evil geniuses who run the government filters and the good geniuses who write the software to get around the filters, while the grateful citizens of the censored country are the beneficiaries. But if the government censors haven't even done some simple experiments like this in order to block UltraSurf, they must not think it's a high priority to stop the program from working. This in turn suggests that the number of people using UltraSurf in a country like China, while large in absolute numbers, don't constitute a large enough proportion of the population to worry the government. Presumably either the ideas leaking in through an unfiltered Internet are not reaching a large enough proportion of the population, or the ideas are not expected to take hold in enough people's minds to reach a tipping point that causes a problem for the ruling party.

It's not that the Chinese censors don't care about controlling the Internet and the effect that it has on their citizens' thinking. The Chinese have reported fielded a droid army of about 50,000 cubicle drones to help fight Internet propaganda battles, such as drowning out anti-government posts on public forums. Why would they spend such enormous efforts to generate forum posts, but not make the effort to find and block all UltraSurf IP addresses? Because the battlefront is about defaults. If the user tries to access a site and it's blocked, then only a tiny proportion will make a significant effort to circumvent the block. (The exception would be when an extremely popular site like YouTube is blocked; operators of Web proxy sites report that during these periods, they get so much traffic from Chinese users trying to view YouTube videos, that the servers often crash.) Similarly, if users see that 90% of the posts on a given forum are on one side of the issue, then they're more likely to think that's the majority viewpoint (whether they agree with it or not). Hence the usefulness of the army of 50,000 to invade forum threads. Defaults matter; would Internet Explorer have ever displaced Netscape's browser (kids, ask your parents) if it hadn't been the default browser in all versions of Windows?

So the moral for any would-be designers of new anti-Internet-censorship tools, is not to worry too much about whether there's a theoretical way (or even a practical way) that the censors could shut the tool down. UltraSurf became enormously popular without solving that problem, and perhaps another tool could as well.

theodp writes "It was the best of operating systems, it was the worst of operating systems. When it comes to the merits of Windows 7, it looks like Slate's Farhad Manjoo and PC Magazine's John Dvorak are going to have to agree to disagree. Manjoo gives Windows 7 a big thumbs-up (a sincere one, unlike Linus!), calling it a 'crowning achievement,' while Dvorak is less than impressed, saying, 'Win 7 is really just a Vista martini. The operating system may have two olives instead of one this time out, but it's still made with the same cheap Microsoft vodka.' So, for those of you who've had a chance to check things out, are things really different this time?" Multiple readers have also pointed out that there have been problems with the download and installation of Windows 7 upgrades obtained through the student discount offer, which Microsoft has confirmed.

theodp writes "Microsoft's Open Value Subscription offering didn't get the warmest reception. Nor did the follow-up announcement of Albany, a planned MS-Office Subscription Service. Now comes word from the USPTO that Microsoft feels it deserves a patent for the 'invention' of 'Time-Based Licensing,' which aims to make the traditional pay-once perpetual license model a thing of the past. Hey, if your customers were waiting nine years between OS upgrades, you'd try touting a three-year lease with a balloon buy-out payment, too!"

alphadogg writes "Microsoft appears to have reached an agreement with the European Commission that concludes an antitrust battle that has lasted a decade, Europe's top competition regulator said today. A proposal the company offered in July to address charges of monopoly abuse were dismissed as insufficient by the Commission, as well as by rivals in the software industry. But the latest iteration appears to have mollified the EC's regulator. 'We believe this is an answer,' said competition commissioner Neelie Kroes in a press conference. 'I think this is a trustful deal we are making. There can't be a misunderstanding because it is the final result of a long discussion between Steve Ballmer and me.' The new settlement offer addresses charges that Microsoft distorted competition in its favor in the market for web browsers, by giving its Internet Explorer browser an unfair advantage over rivals." The Register points out this interesting quote from the materials Microsoft released on the subject: "Microsoft shall ensure that third-party software products can interoperate with Microsoft's Relevant Software Products using the same Interoperability Information on an equal footing as other Microsoft Software Products."

Trailrunner7 writes "Today vendors are finally releasing patches for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco's IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities today. The Microsoft Patch Tuesday release included the fix for the TCP flaw, which affects Windows Server 2003 and 2008, as well as Windows Vista, both the 32-bit and 64-bit editions, and Windows 2000 SP4, for which no fix is coming. The TCP flaws were identified several years ago and were made public last year by two researchers at Outpost24, Jack C. Louis and Robert E. Lee. Louis, who has since died, developed a tool called Sockstress that tested for the flaw and was able to maintain extremely long-term TCP connections with remote machines using very little bandwidth."

Scythal writes "In-game advertising provider Massive Inc., acquired by Microsoft in 2006, has signed up or renewed contracts with several publishers, notably EA, Blizzard Entertainment, THQ, and Activision. Eagerly anticipated games like Need for Speed: Shift will feature the technology that continuously collects 'anonymous' information about users, sends them to the Massive database for analysis, and downloads advertisements to be shown in the game. All that happens insidiously, without the users' explicit consent and out of their control, which raises further concerns about privacy, security and quite frankly, customer abuse. Would you feel concerned about software that collects personal information and sends it so that you get more personalized ads in a game you paid for?" (More, below.) "The technology has already been implemented, and was present in older titles. For example, Far Cry 2, released in October 2008 by Ubisoft Montreal, had it. You could discover that if you cared to read the manual up to the last pages: 'This game incorporates technology of Massive Incorporated ("Massive") that, when activated, enable the presentation of in-game advertisements and other in-game objects which are uploaded temporarily to your personal computer or game console and changed during online game play. As part of this process, when Massive technology is activated, Massive may have access to your Internet Protocol address. Your Internet Protocol address, and other basic anonymous information, available to Massive are temporarily used by Massive for the general purposes of transmitting and measuring in-game advertising.' However, it seems the technology was not used at the time, for some reason. This time, be assured it will be. How are we supposed to react to something like this? Shouldn't it be called adware? And, gratified by the success of this technology, what would be the next logical step of companies like Massive? Wouldn't they seek new publishers and use it in other software?"

Frequent Slashdot contributor Bennett Haselton writes "A judge rules that IP addresses are not 'personally identifiable information' (PII) because they identify computers, not people. That's absurd, but in truth there is no standard definition of PII in the industry anyway, because you don't need one in order to write secure software. Here's a definition of 'PII' that the judge could have adopted instead, to reach the same conclusion by less specious reasoning." Hit the link below to read the rest of his thoughts.

US District Court Judge Richard Jones's recent ruling in Johnson v. Microsoft has been much ridiculed for saying that IP addresses are not "personally identifiable information" (PII) because they identify computers, not individual users. Legions of critics have pointed out that this is like saying home addresses are not PII because they identify houses, not people. And it was pretty silly for Jones to say that "the only reasonable interpretation" of PII would be to exclude IP addresses from the definition — when, as the plaintiffs pointed out, Microsoft's own website defined PII to include IP addresses. (Microsoft has since removed from that definition from their online glossary and replaced with a link to their privacy statement.)

But the open secret in the privacy tech industry is that nobody knows exactly what "personally identifiable information" means anyway, and nobody cares, either. This is not because industry leaders don't care about privacy and security. They do. But being a good, privacy-conscious software architect has nothing to do with nit-picking the details of what counts as PII. If you're designing the new Hotmail, you should just know that passwords should be encrypted when users log in over the Web, that third parties should not be able to query the Hotmail database and harvest e-mail addresses, that users shouldn't be able to extract personal data such as birthdates that are associated with another user's e-mail address, etc. If you don't instinctively know those things already, then memorizing a definition for "PII" is not going to make you a good security-conscious programmer.

Conversely, the major security threats facing Windows users — malware infection through security holes in Windows and Internet Explorer — have nothing to do with the definition of PII or the finer points of Microsoft's privacy policy. There may even be public relations gurus at Microsoft who are glad to see the "IP addresses as PII" controversy in the headlines, if that relatively minor privacy issue distracts the public from the vastly more serious threats posed browser security holes.

There are indeed published definitions of "PII" — the US Office of Management and Budget Memo 07-16 defines PII as:

"information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc."

But that doesn't pass the test of what makes a good definition, which is: If two different people read that definition, and then you gave them an example of a piece of data (such as the school that someone graduated from), would they usually be able to agree on whether that data counts as "PII?" How about IP addresses? From the written definition alone, there's no way to tell for sure.

I actually worked as a contractor at Microsoft at the onset of the PII craze, and in order to commence working on what would eventually become Windows Live, we all had to watch a streaming video about PII, what it was, how to secure it, etc. Near the beginning, the narrator gave some examples of PII, including e-mail addresses, and mentioned that PII should be encrypted when transmitted over the Internet. (I'm not violating any confidentiality; these standards were all publicly released later.) Full of first-week-on-the-job idealism, I looked up the narrator in the company directory and earnestly typed out an e-mail raising some points, such as: Doesn't Hotmail display your e-mail address over an unencrypted connection when you're signed in to Hotmail? And anyway, because the standard e-mail protocols always transmit To: and From: addresses unencrypted over the Internet, how would it ever be possible to "encrypt e-mail addresses in transit" anyway? Wouldn't it make more sense to specify that individual e-mail addresses can be transmitted in the clear one at a time, but if we're ever transferring a large number of them in bulk, it would be wise to encrypt the list, to reduce the chance of it falling into the hands of a spammer?

Then the video kept rolling, and making more statements that seemed to contradict earlier ones, or that were too vague to give me any idea of what I was actually supposed to do in a given situation, and eventually I got the point: We do care about privacy and security. But, there is no algorithm that can determine unambiguously what counts as "PII" or what you're supposed to do in order to safeguard it. You just have to use your common sense and ask around if you're not sure. The main point of the video is to reinforce how important this is, not to impart any actual information.

So Judge Jones could have picked from many possible definitions of "PII," and nobody would be able to call him "wrong," as long as the industry doesn't know what it means, either. What he was really trying to decide was whether Microsoft violated its promise "not to collect PII" during the Windows Update process, because the IP addresses of users doing the downloads were visible to Microsoft's servers. The plaintiffs made some other claims in Johnson v. Microsoft that I think have more merit (basically, arguing that the "Windows Genuine Advantage" anti-piracy tool should not have been foisted on users without their consent as part of the Windows Update process), but on this particular point, I think they were bound to lose on the claim that collecting IP addresses during a download was a privacy violation. After all, if the judge had ruled in their favor on this point, Microsoft would have had to discontinue Windows Update in order to comply with the ruling, and I don't think anybody wants that.

So, maybe Judge Jones just decided that he didn't want to be known as the judge who outlawed Windows security updates, so he determined in advance that he was going to rule that Microsoft did not violate users' privacy by collecting IP addresses during Windows Update. Then he worked backwards from there to find reasoning that supported this conclusion. That's not really how it's supposed to work, but at least he could have had good intentions.

Unfortunately, the reasoning that he hit on was the absurd argument that IP addresses are not PII because they identify computers, not the people who own them. Here's something that he could have said instead:

"I'm not counting IP addresses as PII, because in order to find out who was using an IP address at a particular time, you have to subpoena the ISP. That's what makes them different from names and home addresses, which can be matched to individual people without a subpoena. As long as Microsoft isn't subpoenaing ISPs to find out who was using a particular IP address, for all practical purposes they are not 'personally identifiable.'"

Judge Jones actually started out in that direction by quoting from another case, Klimas v. Comcast Cable Communications, Inc., where the court wrote, "We further note that IP addresses do not in and of themselves reveal 'a subscriber's name, address, [or] social security number.' That information can only be gleaned if a list of subscribers is matched up with a list of their individual IP addresses." And that list matching up subscribers with the IP addresses they were using at a given time, can only be obtained with a subpoena. Jones could have quit while he was ahead and stuck with that reasoning, and he would have avoided all the ridicule that came from his statement about IP addresses.

Or maybe Judge Jones could have just said,

"Look, you don't have a standard definition for PII anyway. You adapt it to each individual situation, in order to determine what privacy protections should be built into each program, by using your common sense. So that's what I'm doing to do in this situation too. And my common sense tells me that having IP addresses visible to Microsoft's servers during the Windows Update process, is not a privacy violation, because that's how downloads work."

That's as good a definition of PII as any. Now let's get back to the real work of stopping Russian porno spammers from pwning our machines in the first place.

mjasay writes "Microsoft used to call the GPL 'anti-American.' Now, as Microsoft releases Hyper-V Linux Integration Components (LinuxIC) under the GPL (version 2), apparently Microsoft calls the GPL 'ally.' Of course, there was little chance the device drivers would be accepted into the Linux kernel base unless open source, but the news suggests a shift for Microsoft. It also reflects Microsoft's continued interest in undermining its virtualization competition through low prices, and may suggests concern that it must open up if it wants to fend off insurgent virtualization strategies from Red Hat (KVM), Novell (XEN), and others in the open-source camp. Microsoft said the move demonstrates its interest in using open source in three key areas: 1) Make its software development processes more efficient, 2) product evangelism, and 3) using open source to reduce marketing and sales costs or to try out new features that highlight parts of the platform customers haven't seen before."

theodp writes "Okay Tux fans, let's see how badly you want to see Feynman's Messenger Lectures on Physics. Bill Gates has the goods over at Microsoft Research's Project Tuva site. Also, CNET's Ina Fried has an interesting interview with Gates. He goes into why he spent his own money to make a series of classic physics lectures available free on the Web, talks about the possibility of Project Natal bringing gesture recognition to Windows, gives his thoughts on Google's Chrome OS, and discusses plans to patent 'cows that don't fart.' The last is a joke. I think."

ucanlookitup writes "Microsoft has warned of a 'privately reported' vulnerability affecting IE users on XP or Windows Server 2003. The vulnerability allows remote users to execute arbitrary code with the same privileges as the users. The vulnerability is triggered when users visit a web site with malicious code. 'Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability.' The advisory can be found at TechNet. Until Microsoft develops a patch, a workaround is available."

ucanlookitup writes "Microsoft has warned of a 'privately reported' vulnerability affecting IE users on XP or Windows Server 2003. The vulnerability allows remote users to execute arbitrary code with the same privileges as the users. The vulnerability is triggered when users visit a web site with malicious code. 'Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability.' The advisory can be found at TechNet. Until Microsoft develops a patch, a workaround is available."

ko9 writes that Microsoft has re-launched its "'Get the facts' campaign, in an attempt to promote Internet Explorer 8. It contains a chart that compares IE8 to Firefox and Chrome. Needless to say, IE8 comes out as the clear winner, with MS suggesting it is the only browser to provide features like 'privacy,' 'security,' 'reliability.' It even claims to have Firefox beat in 'customizability.'"

Anonymous writes "Engineering students at Duke University have taken advantage of the accelerometers in emerging cell phones to create an application that permits users to write short notes in the air with their phone, and have that note automatically sent to an e-mail address. The 'PhonePoint Pen' can be held just like a pen, and words can be written on an imaginary whiteboard. With this application a user could take a picture with a phone camera, and annotating it immediately with a short caption. Duke Computer Engineering Professor Romit Roy Choudhury said that his research group is envisioning mobile phones as just not a communication device, but a much broader platform for social sensing and human-computer interaction. Such interactivity has also emerged in the work of other research groups, such as MIT's Sixth Sense project, Dartmouth's MetroSense project, and Microsoft Research's NeriCell project, to name a few."

snydeq writes "InfoWorld's Martin Heller takes VS2010 Beta 1 for a test drive and finds the upgrade promising, particularly with regard to improved thread debugging and a revamped UI. But the biggest enhancements have to do with parallel programming, Heller writes. 'I'm not sure that I've completely grasped the power of the new .Net Framework and native C++ support for task and data parallelism in VS2010, but what I've seen so far is impressive.' Heller points to intriguing parallel programming samples posted to CodePlex and offers numerous screenshots of VS2010 Beta 1 functionality. He also notes that the beta still lacks support for ASP.Net MVC, smart devices, and the .Net Micro Framework."

As we discussed last February, and again a few days ago after the Washington Post noticed, Microsoft installed without permission a hard-to-remove Firefox extension along with a service pack for .NET Framework 3.5. Reader Pigskin-Referee lets us know that, as it turns out, Microsoft issued a fix a month ago; details here.

As we discussed last February, and again a few days ago after the Washington Post noticed, Microsoft installed without permission a hard-to-remove Firefox extension along with a service pack for .NET Framework 3.5. Reader Pigskin-Referee lets us know that, as it turns out, Microsoft issued a fix a month ago; details here.

techwrench was one of several readers to send word that Microsoft has officially announced Windows 7 will be generally available on October 22nd. They also mentioned the Windows 7 Upgrade Option Program: "This program enables participating retailers and OEMs to offer a special deal to upgrade to Windows 7 for customers purchasing a qualifying PC. I'll be doing another blog post about this program with a date and more details when we get closer to availability. Obviously, Release To Manufacturing (RTM) is an important milestone on the path to GA. We anticipate that we'll be able to make the RTM code for Windows 7 available to our partners sometime in the 2nd half of July. We also expect to be able to make RTM code for Windows Server 2008 R2 available to our partners in this time frame as well."

An anonymous reader writes "Microsoft has finally released the final build of Service Pack 2 for Windows Vista and Windows Server 2008. 'There are a few significant additions that are included in SP2: Windows Search 4.0, Bluetooth 2.1 Feature Pack, the ability to record data on to Blu-Ray media natively in Vista, Windows Connect Now (WCN) is now in the Wi-Fi Configuration, and exFAT file system supports UTC timestamps. The service pack contains about 800 hotfixes.' A list of other notable changes is available on TechNet. SP2 isn't included in Automatic Update yet, but it will be 'during the coming months.'"

postermmxvicom writes "I program only occasionally and mostly for personal interest. I went to update my favorite free IDE, Dev C++, yesterday and noticed that it had not been updated since 2005! I went looking for other free IDEs and came across Code::Blocks and Visual Studio Express. I work from a Windows machine, use C++, and make mostly console apps; but have written a few Windows apps and D3D or OpenGL apps. I wanted to know what free IDEs you use and recommend. What do you like about them? What features do they lack? What about them irritate you (and what do you do to work around these annoyances)? For instance, when I used Visual C++ 6.0 in college, there was an error in getline that had to be fixed, and the code indenting in DevC++ needed to be tweaked to suit my liking."

theodp writes "Ever get a workaround for a bug from a vendor that's so rigoddamndiculous that there has to be a clueless MBA or an ornery developer behind it? For example, Microsoft once instructed users to wiggle their mouse continuously for several minutes if they wanted to see their Oracle data make it into Excel (yes, it worked!). And more recently, frustrated HP customers were instructed to use non-HP printers as their default printer if they don't want Microsoft Office 2007 to crash (was this demoed in The Mojave Experiment?). Any other candidates for the Lame Workaround Hall of Fame?"

theodp writes "Ever get a workaround for a bug from a vendor that's so rigoddamndiculous that there has to be a clueless MBA or an ornery developer behind it? For example, Microsoft once instructed users to wiggle their mouse continuously for several minutes if they wanted to see their Oracle data make it into Excel (yes, it worked!). And more recently, frustrated HP customers were instructed to use non-HP printers as their default printer if they don't want Microsoft Office 2007 to crash (was this demoed in The Mojave Experiment?). Any other candidates for the Lame Workaround Hall of Fame?"

eldavojohn writes "Windows XP (and a lot of MS OS code before that) had a fundamental security flaw whereby the default setting made the ordinary user run as the superuser. Vista & Windows 7 have fixed that and implemented The Correct Paradigm. But what about the pre-Vista applications written to utilize superuser privileges? How do you migrate them forward? Well, running a virtualized instance of XP in Windows 7 is an option we've talked about. But Microsoft is pushing the idea of using 'shims,' which are a way to bypass or trick the code into thinking it's still running as user/superuser mode in Windows XP. This is an old trick that Microsoft has often employed, and it has brought the Windows kernel a long ways, in a duct-tape sort of fashion. At the TechEd conference in LA, Microsoft associate software architect Chris Jackson joked, 'If you walk too loudly down the hall near the [Windows] kernel developers, you'll break 20 to 30 apps.' So for you enterprise developers fretting about transitioning to Windows 7, shims are your suggested solution."

theodp writes "Newly-disclosed USPTO documents show that Microsoft is seeking patent protection for a 'Magic Wand,' a device with various gizmos and sensors that can manipulate and interact with its environment, including video and holographic images, while using biometrics to connect with the user. 'Even the most pragmatic individual,' explains Microsoft, 'would have trouble arguing against the merits or utility of, say, a magic wand that actually worked to control or communicate with objects or components in an associated nearby environment.' No doubt. The inventors include CXO/CTO J Allard, and Sr. Researcher Andy Wilson."

theodp writes "Newly-disclosed USPTO documents show that Microsoft is seeking patent protection for a 'Magic Wand,' a device with various gizmos and sensors that can manipulate and interact with its environment, including video and holographic images, while using biometrics to connect with the user. 'Even the most pragmatic individual,' explains Microsoft, 'would have trouble arguing against the merits or utility of, say, a magic wand that actually worked to control or communicate with objects or components in an associated nearby environment.' No doubt. The inventors include CXO/CTO J Allard, and Sr. Researcher Andy Wilson."

SkiifGeek writes "Both Microsoft and Apple have released major security updates in the last 24 hours. Microsoft's single update (MS09-017) addresses fourteen distinct vulnerabilities across all supported versions of PowerPoint, but it isn't the number of patched vulnerabilities that is causing trouble. Instead, the decision to release the patch for Windows versions while OS X and Works versions remain vulnerable to the same remote code execution risks (including one that is currently being exploited) hasn't gone down well with some people. Microsoft have given various reasons why this is the case, but this mega-update-in-a-patch is still interesting for other reasons. Meanwhile, Apple has updated OS X 10.5 to 10.5.7 as part of the 2009-002 Security Update, as well as a cumulative update for Safari 3 and the Public Beta for 4. As well as addressing numerous significant security risks, the 10.5.7 update provides a number of stability and capability enhancements and incorporates the Safari 3 update patch. Probably the most surprising element of the Apple update is the overall size of it; 442MB for the point update, and 729MB for the ComboUpdate."

zokier writes "Microsoft has released a new programming language called Axum, previously known as Maestro and based on the actor model. It's meant to ease development of concurrent applications and thus making better use of multi-core processors. Axum does not have capabilities to define classes, but as it runs on the .NET platform, Axum can use classes made with C#. Microsoft has not committed to shipping Axum since it is still in an incubation phase of development so feedback from developers is certainly welcome."

PL/SQL Guy writes "Hackers have repeatedly broken into the air traffic control mission-support systems of the US Federal Aviation Administration, according to an Inspector General report sent to the FAA this week, and the FAA's increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said. Intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities. In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, 'including critical incidents in which hackers may have taken over control' of operations computers, the report said."

davidmwilliams sends in his IT Wire review of how Windows 7RC1 performs on an Acer Aspire One netbook. Summing up: it runs, it won't win any speed competitions, you won't want to play Crysis on it, and it's pretty OK for light-duty, everyday tasks. In related news, several readers have noted that Windows 7 RC1 is now available; one anonymous reader notes "This time, Microsoft was smart not to limit the time that it's available or the number of keys. It will be up for download until July, so there's lots of time to grab a copy."

shutdown -p now writes "On April 28, Microsoft released service pack 2 for Microsoft Office 2007. Among other changes, it includes the earlier-promised support for ODF text documents and spreadsheets, featured prominently on the 'Save As' menu alongside Office Open XML and the legacy Office 97-2007 formats. It is also possible to configure Office applications to use ODF as the default format for new documents. In addition, the service pack also includes 'Save as PDF' out of the box, and better Firefox support by SharePoint."

nandemoari writes "With only a few weeks until Microsoft's Windows 7 Release Candidate 1 (RC1) is released, Microsoft is already looking for people to help with Windows 8. An April 14th job ad posted by Microsoft says the upcoming version of Windows will have new features like cluster support and support for one way replication. Apparently the Windows 8 kernel is being reworked to provide dramatic performance improvements. Windows 8 will also include innovative features that, according to Microsoft, will revolutionize file access in branch offices." Relatedly, several users tell us that both 32 and 64-bit versions of the Windows 7 release candidate have been leaked into the wild via p2p networks. The current leaked version shows little change beyond bug fixes, so it would seem what you see is what you get. This all comes as Microsoft posts quarterly sales that have fallen for the first time in the company's 23-year history. Seeing a 6% drop in revenue and a 32% drop in earnings, some within the Redmond giant expect the downward trend to continue.

CWmike writes "Microsoft will deliver a release candidate of Windows 7 in about two weeks, the company's Web site revealed Saturday. According to a page posted on Microsoft's partner program site, Windows 7 Release Candidate (RC) may be available to paying subscribers to Microsoft's developer and IT services before May 5. Partners will be allowed to download the release candidate on that date, the first Tuesday of the month. 'Partners: If you have a subscription to MSDN or TechNet, you can download Windows 7 RC now,' the page read Saturday afternoon. 'Otherwise, you can download Windows 7 RC starting May 5, 2009.' The link to the download, however, shunted users to the TechNet download page, which did not list Windows 7 RC as one of the available files. This is the second time in just over three weeks that Microsoft's Web site has leaked information about Windows 7 RC. Accidental, or buzz-builder?"

CWmike writes "Microsoft will deliver a release candidate of Windows 7 in about two weeks, the company's Web site revealed Saturday. According to a page posted on Microsoft's partner program site, Windows 7 Release Candidate (RC) may be available to paying subscribers to Microsoft's developer and IT services before May 5. Partners will be allowed to download the release candidate on that date, the first Tuesday of the month. 'Partners: If you have a subscription to MSDN or TechNet, you can download Windows 7 RC now,' the page read Saturday afternoon. 'Otherwise, you can download Windows 7 RC starting May 5, 2009.' The link to the download, however, shunted users to the TechNet download page, which did not list Windows 7 RC as one of the available files. This is the second time in just over three weeks that Microsoft's Web site has leaked information about Windows 7 RC. Accidental, or buzz-builder?"

mike.rimov writes "I saw that part of the brand new Windows Live package is the Family Safety Filter, so I decided to give it a spin. Turned it on, set it to 'basic filtering' (their lowest level), and went to Google ... oops, it blocks Google! So I logged into the settings and added Google as an exception. Google still wouldn't come up. Just in case, I turned off the family filter: voila, Google. As we all know, 'Don't be evil' is not part of Microsoft's motto! Oh yeah — and with the filter on, Microsoft's own search engine, live.com comes up." Anomaly?

pkluss noted Kevin Turner, COO of Microsoft making the proclamation that "Vista today, post-Service Pack 2, which is now in the marketplace, is the safest, most reliable OS we've ever built. It's also the most secure OS on the planet, including Linux and open source and Apple Leopard. It's the safest and most secure OS on the planet today."

theodp writes "Gov. Christine Gregoire applauded Microsoft's job training partnership with WA state and county government agencies, which calls for the distribution of 30,625 training vouchers statewide during the next 90 days. 'This program [Elevate America] is all about equipping people with the new skills they'll need to get a job in the changing economy,' said Microsoft Counsel Brad Smith, who also made it very clear that getting 'workforce ready' won't involve acquiring any Linux skills. At least this offer appears to be no-cost, unlike the $35 Microsoft requested in an e-mail come-on for 'The Stimulus Package for Your Career' (so much for Smith's and Gregoire's war on spam)."

theodp writes "Gov. Christine Gregoire applauded Microsoft's job training partnership with WA state and county government agencies, which calls for the distribution of 30,625 training vouchers statewide during the next 90 days. 'This program [Elevate America] is all about equipping people with the new skills they'll need to get a job in the changing economy,' said Microsoft Counsel Brad Smith, who also made it very clear that getting 'workforce ready' won't involve acquiring any Linux skills. At least this offer appears to be no-cost, unlike the $35 Microsoft requested in an e-mail come-on for 'The Stimulus Package for Your Career' (so much for Smith's and Gregoire's war on spam)."

Harry writes "Microsoft's new Windows ad, with shopper Lauren buying a cheap 17-inch HP laptop instead of a $2,800 MacBook Pro, has unleashed the whole 'Are Macs Expensive?' debate again. I'm diving in with a pretty exhaustive comparison of the MacBook Pro against machines from Dell, HP, Lenovo, and Sony that were as comparably configured as I could manage. The conclusion: High-end laptops tend to carry high-end prices, whether their operating system hails from Cupertino or Redmond. And the MacBook Pro wasn't the priciest of the systems I compared." We looked at this question, not in as much depth, a couple of years back.

Z80xxc! writes "Microsoft recently announced a new product called Expression Web SuperPreview, which lets developers view their web pages in any browser installed on their system, as well as in different versions of IE, all from the same interface. The product has one genuine innovation — a built-in tool for overlaying the rendering from one browser over another to compare (referred to as 'onion skins'). There are also HTML debugging aids and other helpful tools for web developers. A beta version is available for download. However, the current build only has support for IE — it will compare rendering in IE6 with either IE7 or IE8, whichever is installed. An internal build shows Firefox and Safari on Windows as well. The final product will appear as part of MS Expression Web Studio 3 when it is released later this year. (It will not be available in the Expression Mac suite.)"