technet.com · Domains · Slashdot Mirror

Re:makes perfect sense to me by Anonymous Coward · 2011-04-20 19:02 · Score: 0 · on IPv6 Traffic Remains Minuscule

IPv6 for an internal network doesn't make any sense at all, it's not worth the switch for most people.

While it might not be usefull to turn everything to IPv6 only overnight there are lots of financial reasons to turn IPv6 support on in internal networks. I'll give you an example.

The town where I work uses 200 000 € / year for the current VPN solution for laptops. We just decided to replace it with Direct Access. The good part is that the cost is fractional to the current system. It's also more userfriendly as the computers have certificates and no separate typing of VPN passwords is needed. The problem is that DA supports only IPv6 connections from the laptops. For more in-depth information see http://blogs.technet.com/b/tomshinder/archive/2010/06/22/uag-directaccess-and-client-application-compatibility-considerations.aspx

The solution is to upgrade your server networks to IPv6 as soon as possible as it is starting to cost more money if you don't do it. You will find that even building a new Windows Domain without IPv6 means you need to do more work then when you have IPv6 available. The workstation networks can be upgraded slowly as part of natural upgrading schedule.

Re:Did Microsoft ever claim it was? by Anonymous Coward · 2011-04-14 13:59 · Score: 0 · on Groklaw: Microsoft Cloud Services Aren't FISMA Certified

Even the "Google was lying" part wasn't from Microsoft, but from sensationalist media.

If you had read TFA then you might have seen this blog entry by David Howard who is Corporate Vice President & Deputy General Counsel for Microsoft. He says Google is lying about their FISMA certification:

Google can't be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?

Nor does it seem likely that Google believes that the two offerings are so similar that the differences simply won't matter to people. After all, if the facts are so good, why persist in telling a fiction?

Why do you continue to lie in order to try to cover up the previous lies? Didn't your mother ever teach you the story about the boy who cried wolf?

The app does have FISMA certification by doperative · 2011-04-11 21:40 · Score: 1 · on Microsoft Blasts Google For False Claims In Court Documents

"On December 16, 2010, counsel for the Government learned that, notwithstanding Googles representations to the public at large, its counsel, the GAO, and this Court, it appears that Googles Google Apps for Government does not have FISMA certification. See Attachments 1-5 to this motion. We immediately contacted counsel for Google, shared this information and advised counsel that we would bring this to the Courts attention".

"According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government. See Attachment 3. To be clear, in the view of GSA, the agency that certified Googles Google Apps Premier, Google does not have FISMA certification for Google Apps for Government." link

a) The basic app does have FISMA certification, b) The more "restrictive version" is the more secure version for government, no attempt at deceit here .. link

Re:Shock - Big Business Lies by Overly+Critical+Guy · 2011-04-11 08:53 · Score: 2, Interesting · on Microsoft Blasts Google For False Claims In Court Documents

According to the court papers, filed in opposition to Google, Microsoft is not lying here.
FTFY.

Hello, anonymous Google supporter who shows up in every article. The information is in a statement from the Department of Justice in the court briefing. It's not an allegation or statement of opinion; Google really doesn't have the FISMA certification they claimed they did. Microsoft further made the point in the linked article that if the FISMA certification for Google Apps Premier applied to Google Apps for Government, Google wouldn't be applying for another certification specifically for Google Apps for Government.

Re:So they said ... by PhrostyMcByte · 2011-03-31 01:59 · Score: 3, Informative · on Microsoft Files EU Competition Complaint Against Google

Woops, I meant to include a link to this blog post at Microsoft that explains it in more detail. It seems Youtube isn't all that they're complaining about.

They're claiming Google is trying to gain exclusive rights to out-of-print books, which prevents Bing and others from searching the content. I seem to recall the latest Books proposal involved non-exclusive rights, so I guess someone didn't get the memo.

And finally they've got a beef with Google Ads. On the advertiser side, Google isn't allowing advertisers to share any data gleamed from Ads with anyone non-Google. On the user side, Google is disallowing competing search bars from being embedded on websites that display Google Ads. Microsoft wants to get its Bing search bar out there, and Google is making it tough.

Re:What the hell? by schwaang · 2011-03-29 13:10 · Score: 1 · on Browser Power Consumption Compared

That said, considering all the power wasted by an OS like Windows and whatever other programs you may have resident in RAM for convenience's sake, and plug-ins like Flash that are ubiquitous even on netbooks, measuring the difference in a browser's power consumption is probably laughable.

Yeah, kinda laughable in the bigger scheme of things, BUT I have to hand it to Microsoft for their part in getting Adobe to fix a problem where Flash prevented Windows from autosleeping. That was huge energy waste when multiplied across probably millions of home PCs that would normally have been asleep for at least 12 hours a day.

What's more, that was part of a wider Microsoft effort that promotes efficiency across their products, including in data centers where a 10-15% efficiency win can really add up. So a begrudging kudos to MS on this -- and I hope FF kicks IE's lilly white hiney in every regard next go-round!

Re:Mutiplier by igreaterthanu · 2011-03-27 07:55 · Score: 1 · on Expensify CEO On 'Why We Won't Hire .NET Developers'

You can't claim .NET is Microsoft only either, Mono runs on *nix and works absolutely fine for server code and most windows forms code.

Bullshit. It was right here in /. that you Windows fanboys said that Mono is a joke compared to "real" .NET

Maybe that was the case a couple of years ago, however Mono has caught up. It still has not implemented WPF and there are a few .NET 4.0 library features that they haven't implemented either. But anything designed for .NET 3.5 without WPF will work fine.

And it was here in /. that MS, effectively, threatened to use patents they have in .NET technology.

.NET is under the Microsoft Community Promise.

Re:IF they hold the patents by scdeimos · 2011-03-21 13:30 · Score: 1 · on Microsoft Continues Android Legal Assault

Except that nothing in the alleged infringements is Android-specific. Microsoft could just as easily go after Apple, or even the authors of Windows applications but instead they're currently trying to cast FUD on Android so as to get people to use Windows Phone. From Micorsoft's blog entry on the legal actions:

The Microsoft-created features protected by the patents infringed by the Nook and Nook Color tablet are core to the user experience. For example, the patents we asserted today protect innovations that:

Give people easy ways to navigate through information provided by their device apps via a separate control window with tabs;

Enable display of a webpage's content before the background image is received, allowing users to interact with the page faster;

Allow apps to superimpose download status on top of the downloading content;

Permit users to easily select text in a document and adjust that selection; and

Provide users the ability to annotate text without changing the underlying document.

Re:Don't make assumptions... by Foredecker · 2011-02-27 05:14 · Score: 1 · on Microsoft Rewarding Employees Who Phone It In

It is highly unlikely that Microsoft would screw Bob (the real name of Paint.NETs author). Its just not the right thing to do. It is very unlikely that Microsoft would tell Bob to stop working on paint.net. First, it would make Bob very happy, second its very, very unlikely that Paint.NET would be materially impactful to anything Microsoft would do. Of course, I cant say this with authority, but I know Bobs management chain really well (I used to be his skip manger) and we just wouldnt do this.

I know slashdotters love to assume that being a developer at Microsoft is a mind-numbingly boring, tedious, manual, excruciating, soul-crushing bureaucratic exercise. This couldn’t be further from the truth – especially in Windows.

People that work at Microsoft , like Bob, work for real people. Human beings. Nice folks. Mangers, like myself enjoy treating people fairly, liberally, and nicely. It makes us happy. It engenders friendships. It is essential to making work fun and enjoyable.

I know folks just dont want to believe it, but Microsoft has some of the most liberal and supportive policies of any company, not just high tech companies. We treat our people really well. Yes, yes, not everyone is happy - just go read the Mini-Microsoft blog. But, I claim this is a very small minority - compare the number of posts on MM with the number of blogs on blogs.msnd.com and blogs.technet.com. Whats the factor? 1,000 to 1? Higher?

-Foredecker

Re:Funny by LO0G · 2011-02-09 17:00 · Score: 1 · on Microsoft Kills AutoRun In Windows

Except that TFA says that what MSFT did was to backport the Vista change to XP (which it did two years ago). It's been available for XP all that time. What's changed is that they've collected enough data to make them believe that pushing it to more users is a good thing.

When MSFT first announced they were disabling autorun on Win7, people screamed that the world was going to end. Well, it didn't.

Part of the reason that they were able to make this change is that they've had two years of operational experience with Windows 7 where nothing horrible happened.

There's a decent post on the MSRC blog that describes the logic behind the change.

Re:Still available for CDs and DVDs. by bananaendian · 2011-02-09 16:15 · Score: 1 · on Microsoft Kills AutoRun In Windows

How about also linking to the original source.

Who reads slashdot TFA:s anyway these days? All they do is linkfuck you into some blogfarm multipage sprawl with regurgitated 'content' from the actual source. Most of the time you have to google the original source: corporate press-release, university research group submission etc. because they can't be bothered to put in an actual hyper-link to their hyper-fucking-document!

Sincerely TimBL

Re:Knowledge Base references by initialE · 2011-02-09 15:45 · Score: 5, Informative · on Microsoft Kills AutoRun In Windows

Hate to reply to myself, but this http://blogs.technet.com/b/mmpc/archive/2011/02/08/breaking-up-the-romance-between-malware-and-autorun.aspx needs a read too. It plots the relationship between autorun and malware. Interesting how Microsoft still considers this a "non-security related update", as autorun has been an easy vector with which to poison your windows installation. Important to note that autorun will still work as expected on CD and DVD media, meaning Sony Rootkits are still going to be installed on your computer.

Re:Knowledge Base references by initialE · 2011-02-09 15:34 · Score: 3, Informative · on Microsoft Kills AutoRun In Windows

Someone needs to mod this up. Anyway another interesting link: http://blogs.technet.com/b/msrc/archive/2011/02/08/deeper-insight-into-the-security-advisory-967940-update.aspx

"shiny media" not affected, actually by Anonymous Coward · 2011-02-09 14:38 · Score: 0 · on Microsoft Kills AutoRun In Windows

Or an infected CD-ROM or DVD, etc. Or the infected ISO you downloaded and mounted as a drive.

Presuming it's mounted as an optical drive, all of the aforementioned are not affected by this update. You have to follow a few links to find it, but...
http://blogs.technet.com/b/msrc/archive/2011/02/04/deeper-insight-into-the-security-advisory-967940-update.aspx

it does not impact "shiny media" such as CDs or DVDs that contain Autorun files. We are aware that someone could write malware to take advantage of that, but we haven't seen it in the wild. (We also think malware on shiny media would be less likely to have widespread impact, because people burn CDs less often than they insert USB drives.)

Re:Well I'll be damned.... by LO0G · 2011-01-29 02:59 · Score: 1 · on Amazon Flaw Lets Password Variants Through

Pass the hash - you mean the attack technique that Microsoft fixed in Windows 2000 with the addition of Kerberos? You're right that Microsoft didn't stop using the weak NTLM hashes until Windows Vista, but it's not like Microsoft hasn't offered a solution for over 10 years.

If you want to pick on Microsoft for stupid security decisions, instead of pass the hash, why not pick on credential reflection attacks. They're a much better example of Microsoft being clueless (or more accurately, people who depended on integrated windows authentication being clueless, Microsoft included).

Any feedback on the actual appliances? by brittjohnston · 2011-01-22 20:48 · Score: 1 · on MicroHP — the New IT Giant?

As someone from Microsoft who works closely with a team at HP building the actual appliances mentioned discussed here, I'd love more feedback on the HP Business Decision Appliance (HPBDA) mentioned here. The appliance is designed to support 80-150 concurrent PowerPivot users (doing what we call Self-Service BI) in a 1U server (24 cores/96GB memory) with all the storage required inside the appliance. The appliance is configured to provide backup storage initially. The HPBDA from cardboard box to production takes less than an hour to configure and the only pre-req is existing AD infrastructure.

Here are product details to learn more and an unboxing video which can help understand what we're talking about.

Considering it can take months to design and build one of these yourself starting from scratch (choosing approach/software/hardware/tuning/etc) we're hoping this enables many of you to deliver a very cool capability called PowerPivot to your own organizations with minimal effort because of this.

Look forward to hearing what everyone thinks.

Britt...

Re:Riding coattails! by hairyfeet · 2011-01-21 11:42 · Score: 1 · on FSF Announces Support For WebM

Nobody cares about Linux because at best you are looking at 3%, so in the big scheme of things it is right there with Amiga and OS/2 Warp, OSX users don't care because they have H.264 support which as I pointed out will be kept to keep from alienating those millions of iDevice users, and for the one that modded me down the Windows plugin calls the WMP API which means it WILL work on XP/Vista if your WMP supports H.264 (which many do, since all it takes is running into a DivX file that won't play for them to install a codec pack) so that covers a good 97% of the public when you figure in Windows + OSX+ iDevices.

So I'm sorry if it makes you unhappy, but maybe instead of yelling "free as in freedom!" and getting mad when everyone ignores you, maybe you should work on raising your numbers legitimately? Perhaps by demanding a hardware API and pushing for the community to rally behind a single distro instead of constantly reinventing the wheel? But frankly nobody cared what Apple wanted either until the iPod exploded onto the scene and now I predict with the iDevice they will make H.264 one of two standards (along with flash thanks to Google trying to start a format war) so if you want the public or manufacturers and website designers to care about your OS you REALLY need to work on your numbers friend. Hell last I checked the combo of Win98/Win2K had more users than you. With numbers that low nobody is gonna change policy simply because a codec doesn't fit your agenda, sorry.

Re:Misleading report by Anonymous Coward · 2010-12-23 07:20 · Score: 0 · on New IE Zero Day

| Referece?

http://blogs.technet.com/b/srd/archive/2010/12/22/new-internet-explorer-vulnerability-affecting-all-versions-of-ie.aspx

It's the second link in the article linked by Slashdot:
"...In a few words, Internet Explorer loads mscorie.dll..."

As with most news articles, the security advisory (first link) *does not* mention mscorie.dll, describing the problem as "within Internet Explorer".

Re:Blocked updates only helped botnets by Anonymous Coward · 2010-12-20 22:48 · Score: 0 · on Microsoft Kills Office Anti-Piracy Program

I'm not sure that that's true. I don't think it blocked security updates. I did a quick search on the web and found this: http://blogs.technet.com/b/ecostrat/archive/2010/03/11/who-gets-it-and-who-doesn-t-windows-genuine-advantage-and-security-updates.aspx

Re:thx for helping us, Love M$ by 3vi1 · 2010-11-15 05:47 · Score: 1 · on Exciting Kinect Stuff Already Coming Out

>> Microsoft is notoriously unable to reuse free (as in libre) software that can't be repackaged into a binary that they can sell for $$$ without releasing the source code for.

Yeah, that'll *never* happen: http://port25.technet.com/archive/2009/11/13/update-on-the-windows-7-download-tool-or-microsoft-to-open-source-the-windows-7-download-tool.aspx

Re:Windows XP Mode by DocSavage64109 · 2010-10-29 03:45 · Score: 1 · on IE6 Addiction Inhibits Windows 7 Migrations

I was about to write about how Windows XP Mode only works on certain processors, but apparently Microsoft has patched this: http://blogs.technet.com/b/windows_vpc/archive/2010/03/19/windows-virtual-pc-and-windows-xp-mode-no-longer-require-hav-processors.aspx

nicely twisted summary by Anonymous Coward · 2010-10-27 21:07 · Score: 0 · on Microsoft Charging Royalties For Linux

"our patents relate to key features that users have come to expect from every smartphone .. That Microsoft has important patents in this area should not surprise anyone - we've spent over 30 years developing cutting-edge computer software link

"How wonderfully twisted summary. Even the article doesn't say Microsoft is demanding license for installing linux. It says Acer and Asustek should patent license fees just like everyone else:", weachiod

Microsoft plans to impose royalty fees on Taiwan-based vendors of Android handsets for using its patents in e-mail, multimedia and other functions, with Acer and Asustek Computer being targets in an actual attempt to prevent the two vendors from adopting Android and Chrome OS for their netbook and tablet PCs, according to Taiwan-based makers.

There are only several Taiwan-based handset vendors and only HTC has signed for licensed use of Microsoft patents, leaving Acer and Asustek being the targets for the royalty charge, the sources indicated link

Re:Third Party JVMs (FROM TFA) by michaelok · 2010-10-21 04:32 · Score: 1 · on Apple Deprecates Their JVM

Hm, mod the parent up, that is informative, thanks. Suddenly it occurs to me that this might have more to do with the skyrocketing exploits of vulnerabilities with Java recently, which I've seen nary a mention in all the comments here. Well, maybe a few. Apple may just realize that it would be easier keeping up with closing these security holes if they open up the JVM more.

Re:Repost by Gadget_Guy · 2010-10-17 15:51 · Score: 5, Informative · on MS Gives Free Licenses To Oppressed Nonprofits

I hate to tell you this, but itworld.com is not an official Microsoft outlet. What Microsoft actually said was:

One challenge, however, is that some NGOs in a number of countries, including Russia, are unaware of our program or do not know how to navigate its logistical processes, which involves ordering the donated software through a Microsoft partner. We'll solve this problem by providing a unilateral NGO Software License that runs automatically from Microsoft to NGOs and covers the software already installed on their PCs. We'll make this new, non-transferable license applicable to NGOs in a number of countries, including in Russia.

So they started in a few (mostly unnamed) countries and now they have expanded it.

Re:How serious is this really? by DiegoBravo · 2010-09-27 15:33 · Score: 1 · on Microsoft To Release Emergency Fix For ASP.NET Bug

I really don't understand why some random client can access such information, even after breaking any encryption mechanism.

From http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

"For example, if the ASP.Net application stores sensitive information, such as passwords or database connection strings, in the ViewState object this data could be compromised. The ViewState object is encrypted and sent to the client in a hidden form variable, so it is a possible target of this attack.

If the ASP.Net application is using ASP.Net 3.5 SP1 or above, the attacker could use this encryption vulnerability to request the contents of an arbitrary file within the ASP.Net application. The public disclosure demonstrated using this technique to retrieve the contents of web.config. Any file in the ASP.Net application which the worker process has access to will be returned to the attacker. "

Re:But wait by MrHanky · 2010-09-21 06:10 · Score: 1 · on Linux Kernel Exploit Busily Rooting 64-Bit Machines

Fact: you don't know that the iOS hole hasn't been exploited by others.

This story is about a local root hole. Apple has them, Linux has them, Windows has them, OpenBSD has them. To use it, you need to make the computer run the code, you need an infection vector. Linux is more or less exclusively exploited as a server OS, as it has services running and accepting connections from the outside 24/7. OS X is no different. Not at all. Etc, etc. As a desktop or phone OS, I've never heard of Linux being targeted, but at least I'm not saying it's never happened.

Why is desktop Linux and OS X targeted so rarely? Think about the infection vector: either getting people to install a trojan, or planting malicious code e.g. on a web server, and then hoping that a bunch of random users should stumble across the site, hopefully running the correct versions of the right browsers -- it just wouldn't be very effective. So you don't get widespread infections, and they aren't reported. If such an exploit were to be worthwhile, you'd expect it to be targeted to a specific user or organisation with a known software stack, using your ordinary social engineering skills to lure people into clicking a link, for instance. This shouldn't be too hard, and it would more often go undetected. Perfect for spying. The same goes for iOS, of course, although it's a lot simpler, for obvious reasons.

Re:ZoneAlarm users get what they deserve by Spad · 2010-09-20 19:29 · Score: 1 · on ZoneAlarm Employs Scare Tactics Against Its Users

http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx

Yes, it's just interfacing with the com object, which is a little cumbersome, but given the rate at which MS are adding service-specific Powershell modules, it wouldn't surprise me if there are some proper PS tools for working with the Windows firewall in the near future.

EMET Video by gbrayut · 2010-09-13 08:32 · Score: 1 · on Microsoft Helps Adobe Block PDF Zero-Day Exploit

Here is a Technet video describing EMET and here is the download url.

Re:Yeah it's crap. by Itninja · 2010-09-12 16:46 · Score: 1 · on Google Instant Announced

You do not understand how Javascript works. It's not as if JavaScript has some hard-coded limitations on what it can be used for. If scripts are allowed to run unchecked they can do anything to your PC the coder wants them to do. From reading the entire file system of your system, to launching full-screen video that cannot be terminated without unplugging your box, to more technical things like using the "Function.toString()" or launch those darling (and numerous) Facebook nasties. Unfettered script execution is exactly how so-called 'drive-by downloads' work. It's the scripting language I am afraid of, it what the coder does with it.

It appears you also do not understand HTML, CSS, or web images. There is zero possibility of HTML doing anything to you. It's a markup language, not a coding language. The only way HTML could hurt you was if was launching scripts (or showing a link to a site that did). Same goes for CSS. Nothing be executed with CSS, unless it invokes a script. And images? Are you kidding? The best they do is prompt someone to do something to themselves (like this one does).

Just spend a hour or so strolling through some sites (like those ending with .ru) and see how it goes. Have fun with that.

MS Malware Protection Center info by jamesl · 2010-09-09 22:53 · Score: 1 · on New Email Worm Squirming Through Windows Users' Inboxes

Worm:Win32/Visal.B is a new worm, written in Visual Basic, that is currently propagating in part using social-engineering. We strongly encourage customers to be cautious about clicking suspicious or even simply unexpected links in email, even if it's sent by someone you know. Getting infected by Visal.B is an example of what happens if you aren't careful.

http://blogs.technet.com/b/mmpc/archive/2010/09/09/emerging-malware-issue-visal-b.aspx

Details here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Visal.B

And here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FVisal.B

Re:What do you mean 2001? by Johnno74 · 2010-09-09 15:06 · Score: 1 · on New Email Worm Squirming Through Windows Users' Inboxes

And another useless factoid is the team behind Outlook Web Access invented AJAX. (call it web 2.0 if you are that way inclined)
(but wait, I thought microsoft never did anything truely innovating...)

They wrote an ActiveX control for IE 4 to do asyncronous http requests that could be called from client-side scripts on the page for OWA in exchange 2000. Microsoft saw the potential in this, and added support for XMLHTTP into IE 5. It was quite a few years until the rest of the world woke up to the potential of this technique, and AJAX really took off.

You can read the full history of OWA here.

Well let's go straight to the source then. by symbolset · 2010-09-06 13:26 · Score: 4, Informative · on Google Says Microsoft Is Driving Antitrust Review

Dave Heiner, Microsoft Vice President and Deputy General Counsel. You're looking for Paragraph 6 if the whole thing is TL;DR. Completely admits they've been behind some of these hijinks at the DOJ and the European Commission, and so on.

Re:Hold Me, I'm Scared by LinuxIsGarbage · 2010-08-30 02:54 · Score: 1 · on Freetype Lands In... Microsoft Office?

It started to get cold over two years ago... http://port25.technet.com/archive/2008/04/01/open-source-day-at-microsoft.aspx

Use Windows boot loader to boot Linux or other OS by Pelam · 2010-08-29 23:01 · Score: 1 · on Some Windows Apps Make GRUB 2 Unbootable

If Windows and Windows programs insist on controlling the boot sector (and stuff that comes after it), you can still boot Linux.
At least starting with Vista, Windows has completely extensible boot loader of its own (the configuration data is called BCD).

The idea is that the Grub (or whatever) is installed on the same Linux *partition* where all the system files are installed (not on the MBR).
(At least Ubuntu installer has the option to install Grub on a partition instead of MBR out of the box.)

Windows boot loader is then used to load Grub from the beginning of that partition. No matter what
windows updates, programs etc. do this does not break.

Too bad that the default Linux installers don't support this option, since it
has been very hassle free for me at least. The initial setup could just as well be automatic.

Instructions for doing this manually here:

http://port25.technet.com/archive/2006/10/13/Using-Vista_2700_s-Boot-Manager-to-Boot-Linux-and-Dual-Booting-with-BitLocker-Protection-with-TPM-Support.aspx

Re:This is likely why MS has GPOs in W7 by Anonymous Coward · 2010-08-26 10:10 · Score: 0 · on Pentagon Confirms 2008 Computer Breach — 'Worst Ever'

Now, if MS can put autoplay/autorun to rest six feet under with Clippy and Bob, that would be a good security advance.

...Already in W7.

Ad hominem by benjymouse · 2010-08-18 06:59 · Score: 4, Interesting · on Linux X.org Critical Security Flaw Silently Patched

Here is a novel idea: Stop misrepresenting what actually happened and stop ad hominem attacks questioning posters' motives .

Microsoft took five weeks to prepare the Ormandy patch. During that time, they made no comment - there was no transparency into whether or not it would be fixed.

They made no comments? Did you actually look or did you just assume?

Tavis Ormandy reported the issue June 5th (a Saturday). He wanted MS to commit to a 60-days timeline.
Tuesday (a busy patch Tuesday, no less) MSRT get back to him and say they can present a schedule the upcoming Friday, June 11th (which is less than 5 workdays after the bug report).
Not good enough for Ormandy he goes public immediately, Wednesday June 9th on the 3rd workday after reporting the bug

Now to your claim that they "made no comments":

Microsoft blogs about the issue June 10th: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
June 10th Microsoft makes another blog entry on the issue (2nd that day): http://blogs.technet.com/b/msrc/archive/2010/06/10/security-advisory-2219475-released.aspx
June 26th, Microsoft updates the blog entry from June 10th: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx (scroll down for update)
June 30th, Microsoft reports on how code similar to Ormandys PoC code is used in attacks: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx
July 16th Microsoft releases a security bulletin: http://www.microsoft.com/technet/security/advisory/2286198.mspx.
August 2nd Microsoft updates the bulletin from July 16th,

Hardly a "no comments" approach. If you click through those posts I think you'll find them smack full of info. And I've even excluded their communication on the preliminary "fix it" tools.

Admit it. You are biased, but not classy.

Like your misrepresentation and ad hominem demonstrate more class?

It seems to me that it is indeed interesting that this fix was 2 months in the making (responsibly disclosed). And that is only measuring the time until the kernel had been fixed. Now the distros would have to pick up on it and perform their own regression testing, prepare packages/updates etc.

GP did raise some really interesting questions. For some reason you chose to disregard them right away and go straight for the mans posting history.

Will you be publishing stats on my posting history as well. Am I a shill, too?

Ad hominem by benjymouse · 2010-08-18 06:59 · Score: 4, Interesting · on Linux X.org Critical Security Flaw Silently Patched

Here is a novel idea: Stop misrepresenting what actually happened and stop ad hominem attacks questioning posters' motives .

Microsoft took five weeks to prepare the Ormandy patch. During that time, they made no comment - there was no transparency into whether or not it would be fixed.

They made no comments? Did you actually look or did you just assume?

Tavis Ormandy reported the issue June 5th (a Saturday). He wanted MS to commit to a 60-days timeline.
Tuesday (a busy patch Tuesday, no less) MSRT get back to him and say they can present a schedule the upcoming Friday, June 11th (which is less than 5 workdays after the bug report).
Not good enough for Ormandy he goes public immediately, Wednesday June 9th on the 3rd workday after reporting the bug

Now to your claim that they "made no comments":

Microsoft blogs about the issue June 10th: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
June 10th Microsoft makes another blog entry on the issue (2nd that day): http://blogs.technet.com/b/msrc/archive/2010/06/10/security-advisory-2219475-released.aspx
June 26th, Microsoft updates the blog entry from June 10th: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx (scroll down for update)
June 30th, Microsoft reports on how code similar to Ormandys PoC code is used in attacks: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx
July 16th Microsoft releases a security bulletin: http://www.microsoft.com/technet/security/advisory/2286198.mspx.
August 2nd Microsoft updates the bulletin from July 16th,