Slashdot Mirror
Microsoft To Add A Black Box To Windows
An anonymous reader writes "According to ZDNet, Microsoft plans to add the software equivalent of a 'black box' flight recorder to Windows. According to the article, 'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'" Commentary available via C|Net as well.
Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.
"occupant of 17A was eating peanuts, doing inflight magazine crossword and had dirty underwear"
"Our stance on this is that the user is in control," Sullivan [Windows lead product manager] said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."
Sounds reasonable, so long as it doesn't hide anything from view. Of course, if you have Visual Studio you can hit Debug and lookie yourself, which is usually more helpful than anything I've ever got back from Microsoft.
The probablem was likely caused by a faulty driver
And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.
Consumers stick with what works. If hitting Don't Send works, they stick with it. If the problem persists then they'll probably send.
It said, "what we have here is failure to communicate." What's that mean?
A feeling of having made the same mistake before: Deja Foobar
It will record your screams as your computer crashes.
At first I was tempted to do like most: yell out that this was a privacy issue. Microsoft has no right knowing what software I'm using! But there are so many instances where I could claim that my privacy is invaded that I'm afraid I'm becoming more accepting of it.
...". So Steam/Valve know each time I play half-life. Interesting stats for them.
...
The latest of these instances occurred when I fired up Half Life 2 last night. "Logging on to Steam as
Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux. Sure, I could hack my user agent string, but really. Most people don't, right? So now the slashdot editors know what I run, what my IP address is,
I only boot to Windows to play games like Half-Life, and it bothers me that Microsoft would know about everything I'm running on that Windows box, but how else are they to fix issues if they don't know what I'm running and what I was doing when it crashed? When do we draw the line between normal computer use and invasion of privacy?
The biggest issue I see with this, at least in the short term, is the possible use of this feature in the corporate setting.
With businesses, however, IT managers typically set the policy. If they wanted total information, they could configure systems so that they'd know not only that a user was running Internet Explorer, for example, but also that he or she was watching a video from ESPN.com. Or, they might find out not only that a worker was running Instant Messenger but also that he or she was talking to a co-worker about getting a new job.
This is a major invasion of privacy if you ask me. Of course, while at work you are using company resources so they really do get to say how and when they are used but I feel there is an important difference between monitoring your employee's resource usage and actually reading their emails and instant messages. You don't have to totally invade everyone's privacy to enforce your company policy of internet usage.
But Sullivan pointed out that businesses can already install third-party software to monitor workers' computer usage and some do.
While the above is most certainly true, having something like this built into Windows by default just makes it that much easier and thus inviting for a company to implement this sort of monitoring. I just can't wait for the day when all employees have a tracking system attached to them at all times and are reprimanded if they spend too much time going to the bathroom or chatting to a coworker. What great fun that is going to be!
Another issue with this that is mentioned in the article is the fact that while you will be able to look through all the data being reported, most people will not have the knowledge to determine how much of it is sensitive.
And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.
Not everything is totally obvious, such as personal emails or credit card numbers. Not to mention the fact that it will very likely be buried among a lot of other unintelligable data. Also, given the habit of most Windows users of just clicking 'OK' or 'YES' to anything and everything that pops up on their screen, I doubt many people will actually review the information being sent in the report.
didn't people complain about the one in the corvette?
unbelievable.
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
Will it survive after I kick the shit out my computer and then throw it off a cliff?
'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'
So one mans spyware is another mans "helpful utility"?
Right, now many of you will call me a Mac fanatic and mod me down, but seriously: Apple does not think of shit like this... I can just see the new virus' composed to utilize the flaws in this feature... Wait, I got it, they will use it to compete with Apple's Automator in Tiger:
"Tired of having to go to the store to buy the latest Microsoft product? Now you will never have to again! The windows automator(tm) scans all your messages, emails, text documents, and computerized purchase orders for your credit card information, bank number, PIN numbers, etc; sends the data to the Microsoft data servers. Your information is then carefully protected, until the newest Microsoft product is ready for shipment. Then your accounts are drained, and everything you needed, even if you didn't know it, will be shipped to your door. Remember: Microsoft works...."
And yes, I read the article, and the passage: " "Our stance on this is that the user is in control," Sullivan said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."
But it kinda hurts the joke... That and with Microsoft's record of error, would you really trust this?
3 degrees of separation from Vladimir Putin
Now I've got some MS techie looking through the contents of my text editor when an error log gets sent.
Thanks guys!
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
as long as I can shut it off!
If you are running some "non-approved" app, or driver, or whatever, MS will simply blame somebody else's code. And now they'll have a "black box" to prove it.
Nice.
Why not make the Whole OS out of the black box stuff? Then nothing can damage it!
He's been a real asset to Windows over the years.
Microsoft will provide important customized personal advertisements right on your desktop. [/sarcasm]
This is another way of starting a sig with this and ending it with that.
I wonder if it will have the links to all the porn sites I had up at the time of the crash as well.? Dan - western NC
Wouldn't it be faster for them to sift through the logs of what was happening when the system was stable? I mean, dear God, imagine the size of the log files if they logged crashes.
If you mod me down, I shall become less powerful than you could possibly imagine.
1984.
Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.
Pleasuring yourself one last time before you die?
I am defenseless. Use your button. Mod me down with all of your hatred.
All data will be sent unencrypted! So if your system does crash, someone (besides MS) will have partial a copy of that document you need to recover.
See what value they offer.
How much would you like to bet that the default settings has constant stream of activities to FBI/RIAA/MPAA Headquarters?
Help a poor college student. Send a couple cents via paypal to chucks86@gmail.com
As soon as you can no longer get support from M$ because you are not using the 'black box' crash creation application, they will start blaming Linux and Apache for the crashes... quickly creating a patch to prevent users from going to sites that are 'bad' for their Internet experience... thus protecting the world from all sorts of evil... spam, spim, worms, joy, information, and other evils like that
Support NYCountryLawyer RIAA vs People
Talk about an invasion of your privacy and a HUGE hole to reveal corporate IP. It won't be long until someone invents an hack or virus to exploit this and capture all of what you are working on. I'm supposed to trust that MS won't use any of my info they captured to debug thier software?
A plane crash is a bit more severe (and much less common), than a Windows crash.
What if that mime really is trapped in a box?
...including what programs were running at the time of the error and even the contents of documents that were being created
...not only that a user was running Internet Explorer, for example, but also that he or she was watching a video from ESPN.com.
So everytime my windows crashes, the stuff I worked on gets sent to MS. Everytime IE crashes, MS gets to know where I browse. How does this motivate them to make crashes less frequent? I don't like the idea at all. Another reason to leave MS products completely (already switched at home, still have to use them at work).
Microsoft Sucks *ERROR* You must have been trying to type "I love Bill Gates. Would you like to..."
http://www.apple.com *ERROR* This program has performed an illegal operation and will be shut down...
Windows isn't the answer... it's the question. NO is the answer!
I understand that they need better debug tools but this is going to turn alot more people off from using it. This may be good news for Linux because Microsoft cannot be trusted with protecting your information.
The truth suffers more from convictions than from lies.
That there's nothing compulsory about this, obviously. And furthermore, it appears that the system will be suited to provide for the customer's preservation of personal privacy:
For consumers, the choice of whether to send the data, and how much information to share, will be up to the individual. Though the details are being finalized, Windows lead product manager Greg Sullivan said users will be prompted with a message indicating the information to be sent and giving them an option to alter it, such as removing the contents of the e-mail they were writing when the machine crashed. Also, such reporting will also be anonymous.
The only concern, one might suppose, is for people who don't want this information accumulated should their computer later be searched by others (the law? An employer? A relative?). This is perhaps a legitimate concern, but hard to argue for, as a reason to cripple error reporting.
How Microsoft is the one who gets all this information. On other operating systems, it wouldn't be assumed that the operating system vendor for some reason needed bug and crash reports for every single application running on the system (Including. Y'know. The crash reports for software by competing companies.).
But then, I guess, now that I think about it, on Windows these days, every single application either is written by Microsoft or mere support or widgets for Microsoft applications. I seem to remember a time when there was more than one windows word processor, but those days are long gone.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
I just have to ask... Why don't they make the WHOLE OS out of the black box?
begin seinfeld
What is the *deal* with the black box...? If they can keep the black box software from crashing, why don't they make the rest of the operating system out of the same material? am I right, people?
end seinfeld.
For those with more technical knowledge, what are the security implications of this?
I mean, suppose a hypothetical malicious program artifically induces a crash. Then, if the program finds a way to divert this information, then a cracker would be able to access all sorts of sensitive information.
I think it's awfully interesting that Microsoft has begun announcing tiny feature announcements one by one in a nice string of succession throughout the month of April. And slashdot's just eating it up! They wouldn't be, say, announcing one feature plan at a time for the next 30 day to steal some of Apple's thunder while rolling out OS X Tiger would they? Not a friendly entity like Microsoft?!?!
If you're half as beautiful naked, you'd be 4 times as beautiful with twice as many clothes on.
...now I can simply tool back the trojans I write so they just interface with this "feature" of windows.
Thank you, Microsoft, for thinking of the little guys.
Little korean guys. Who's job it is to write trojan and key loggers.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
"For consumers, the choice of whether to send the data, and how much information to share, will be up to the individual."
Just like the WER error pop-up box that appears when Windows crashes asking you to send information to Microsoft? Who knows if they have the time to research all of these crashes.
That worked wonders for creating a more stable XP according to Bill Gates...."One thing that's been amazing at Microsoft is the impact that our monitoring data has had on how we prioritize our software work. I'm sure you've all seen in Windows XP that whenever an application or the system malfunctions, you get the ability to send a report back to Microsoft. We get a lot of those reports, and we've created very good data-management systems to go in and look at those things, and therefore understand what drivers aren't reliable."
Bill Gates, Los Angeles, California October 27, 2003
He who knows best knows how little he knows. - Thomas Jefferson
Clippy to the rescue (not work safe)
anyone know if they just look at statistics of crashes, etc or is there a team of people that actually goes through them and sees how to 'improve' upon the system?
maybe it's just to give the users a false sense of feedback...
kinda like some recycling programs, they tell you to seperate colored glass from the regular transparent type, only to find that the same dumpster truck is used to pick them up (in the same trash compartment i might add)
FUD?
This sig contains repetition and redundancy.
What a terrific quality control idea. Finally an innovation out of Redmond that has nothing to do with licensing, marketing, or increased profit margin.
....
After all, there's no way they could have the "black box" record whether or not you have a duplicate license key. Hmmm....
But we know that spying on users is not the purpose of the "black box". Right?
Maybe they'll release the source for the "black box". Then all we have to do is recompile Windows and
It's getting really difficult to believe what I'm supposed to.
sigs, as if you care.
What ports can I block off so MS will never get these logs?
that the volume of messages could do some damage...
although, having RTFA, this doesn't seem much different than the crash reporter that mozilla or apple use. And we all dutifully report crashes to them, no? (is it just me?)
I have to admit being much more nervous about MS doing it than those others, but I am probably just a victim of somebody's marketing...
(I also don't use a PC anymore, so what do I care...)
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
Although I have seen some alternate window managers for Windows. It'd be cool to see an actual Blackbox port for Windows.
- A
Is it just me or does this scream SPYWARE?
Profanity is the language all programmers know best.
I know that i never allow programs that have crashed to send debug info to microsoft. I am worried about my privacy, so will there be a way for me to disable this, I have purchased a program with the expectations that it is complete enought for use, however i have been bitten by several incomplete programs.
Onenotes: unbearably shitty, it works well for a time, but eventually it just runs into a bloat baloon and steals all the resources
Windows explorer: huge ramsteal on attempting to open corrupt avi files,
Macafee spam killer: again with the ramsteal, and 99% pc utilization on a 3 GHz machine.
and a couple more
Check journal for info on Anti-TextBook, an idea by me.
You send much worse information when you surf. Like the last page you visited in the Referer: header.
is encrypted right? ...
What's to stop people from just flooding it with nonsense data?
I mean EVEN if it's "MS signed" or whatever... it's made by a program on your computer.
I say people should reverse engineer the program and make a bot that spews nonsense into it.
Tom
Someday, I'll have a real sig.
Personally, I'd draw the line at the point where "opt-in" becomes "opt-out". If the customer is being asked whether they want to send this information to M$, and told just what is being transmitted, then I don't see that much of a problem.
However, it's important that you actually have to acknowledge this - so, for example, the default button (the one that has the focus) should be "No" rather than "Yes", so users actually have to make a conscious decision instead of just saying hitting return because that's what they always do when an error pops up.
In other words, consent is required, but it also has to be informed consent. Someone who just says "Yes, do this" because they don't understand what's going on and what the implications are does not consent IMO.
quidquid latine dictum sit altum videtur.
Because you know that in the commercial unix world it's common to send core files around, core files which can contain email messages, documents, you name it.
So please, let's only whine when we need to.
2 years and no mod points. Join reddit. Because openness is good.
as if we needed anymore reasons to switch to Linux or Mac.
I only boot to Windows to play games like Half-Life, and it bothers me that Microsoft would know about everything I'm running on that Windows box
:P if there will be the option to disable the error reporting service, as it is there now. That's all that counts.
Well, there are some of us who run a load lot more than that, and no, not willing to let anyone trustworthy get their hands on anything. And no, I don't consider some MS developer browsing through crash data trustworthy.
Anyways, I don't care what their boxes' color will be
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
I can just see it. Clippy will get replaced by a stern man's face watching you. The power switch to the monitor will no longer work...
The truth is an offense, but not a sin.------R. N. Marley
So they have to invade your privacy because they did not write a robust OS in the first place ? What an argument!
--
Go Debian!
But there are so many instances where I could claim that my privacy is invaded that I'm afraid I'm becoming more accepting of it.
I find this quite disturbing. This seems to be the case with every aspect of our lives as of late and it is only going to get worse. The more often these sorts of things happen the more accustomed to it we become and the further such invasions of privacy can be expanded. Where does it all end?
I'm really starting to worry about the future we're creating.
"When do we draw the line between normal computer use and invasion of privacy?"
When information is reported without your consent.
Beauty is in the eye of the beerholder.
This has been around for years on the IBM Mainframe. Its called the syslog.
The Mainframe logs almost everything in MVS. Thats why Mainframes and AS/400's are so much more stable. They log everything and there has been 40 years to analyze it...
If MS would just do decent logging, there would not be a need for a "Black Box"
If you agree to this ( EULA I'd assume ), then once the data leaves your computer, it then belongs to MS, right?
So, then, if a government wanted to see what you were up to, they could cause a crash ( power outage ), wait for you to upload the data, then sopena ms for the details.
Ya ya, I know, tinfoil hat and all that. However, if that tool did exist, that's what would happen. Were I a cop, that's what I'd do.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
finally, the M$ Borgbox.... I can't wait to see how they try to handle the "portions of your documents" part in the EULA. "Microsoft hereby reserves the right to become the largest acredited repository for confidential, secret, top secret, and any other information which resides in any document generated via it's software...ever. The lube provided in the installation kit is intended for human anuses only. Failure to use such lube may result in a "non frictionless transaction" between microsoft and the user."
-- http://www.criticalassets.com
Most people worry that Blackbox software is a privacy concern. Coming from Microsoft, I believe it would be, but in general, I feel very strongly about black box software. Some black box software can go as far as trace the executable C or C++ code that is running and provide a step by step look at what the code was doing when, say, an error occured. When aprogrammer steps through it, they easily see the problem and can correct it. For support reps like me this is huge in correcting problems.
;)
However, not all languages are supported by black boxes. I hope over time a black box software type comes out to support Powerbuilder, because this would make my life so much easier. I could have this black box running on the user's system and simply "trace" their activity. When a problem occurs, they send the log and I send to programmers.
This of course would leave me the rest of the day to read slashdot and take the occasional "how do I click a mouse" case
"All great wisdom is contained in .signature files"
it was from "cool hand luke"
the prison guard talking to/about paul newman
http://imdb.com/title/tt0061512/quotes
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
When the vendor leverages the market information to make the decision for you that you should upgrade, I daresay you may feel invaded, while falling short of concluding whether or not Daddy Knows Best.
Time will Tell.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
--Mike--
"anyone trustworthy"
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
This sounds familiar. Anyone know of DCOM? Exploit. ActiveX? Exploit. Being-online-at-all? Security issue. I think we're seeing a trend here with Micro$oft and their constant persistance to give us "features" that end up biting us in the ass.
This scenario is a bit far out, but it seems possible that this could lead to a potential violation of the GPL (or many other sofware licenses).
... Or should I just ignore it?
If I have licensed code open in my text editor when my computer crashes, could some microsoft techie see it? What about the clauses in various licenses that only permit the transmittal of code via tightly controlled methods?
Now I don't think that MS had any nefarious design in mind when they though of this, but is this a rational to fear the sticky legal issues that could come from this?
Online Starcraft RPG? At
Dietary fiber is like asynchronous IO-- Non-blocking!
Plus, Qui custodet ipsos custodies? Microsoft just created a new target for hackers, both writing to (for hiding their own tracks) and reading from (for extracting information when searching for personal user information.) Not insurmountable problems, but will M$ think to solve them before being bit on the backside?
One step forward, two steps back...
//Information does not want to be free; it wants to breed.
Christ, they've got all the money, so now they want all the data, too?
Fortunately I use double ROT-13 encryption on my "Secret Plot to Destroy Microsoft" document, so they'll never figure it out.
Example Log:
2012-03-14 @ 17:20: Windows Media Player crashed trying to load "Amazing Asses 70: The Return of the Brazilian Butts"
2012-03-16 @ 18:11: Windows Media Player crashed trying to load "The Adventures of Buttman".
Sounds like invasion of privacy to me. Not that I'm a porn addict or anything.
*runs out of thread fast*
...embracing stupid people and pissing off smart people since 1975.
FLR
This is not really anything too revolutionary. When an application dies in OS X the Crash Reporter application gives the user the option of mailing the crash report and debug info to Apple. Crash Reporter does not, as far as I am aware, include the contents of any files being edited. I usually paste in any file snippets that I think might be relevant (like wacky javascripts when Safari dies).
If MS makes including files the default, however, there will be serious legal and privacy concerns. Imagine medical workers, lawyers, government employees, military officers, and psychologists all being given an OK/Cancel type dialogue box every time Word crashes. How long do think it will be before MS has a large collection files in violation of a number of laws?
.. from a core dump?
There are no secrets in a core dump. Everything is there.
Any Solaris problem determination needs either an fjsnap (fujitsu) or explorer (sun) and the core. We need to know all, so we can determine what happened.
So whats the big deal. I take it that Microsoft actually wants to fix problems, thats good, right?
So what happens when the latest e-mail worm redirects the feedback URL in your hosts file, and then proceeds to crash the computer, sending extremely detailed diagnostic information back to some random address? Is MS going to somehow ensure this "black box" information doesn't fall into the wrong hands?
Where this is dangerous is that it can be used to secretly collect data. For example, Windows Media Player 10 always contacts the internet (and I think Microsoft itself) when you start it regardless if you are viewing a streaming video or something on your machine. Well, in order to Media Player to accept streaming content you have to allow it access to the internet. This black box technology could be use to quietly keep track of what consumers are watching.
Today, I can use a firewall to control when wmp can and cannot use the internet. Will this technology allow for such fine control?
Well, there's spam egg sausage and spam, that's not got much spam in it.
In the future, Windows will print out shipping labels so you can send the whole box to them for evaluation. It may seem inconvenient, but it will make the windows-using experience much more pleasant. At least until you get it back.
Has M$ sent the specs to the Russian crackers yet?
Get a free ipod.
China announced today that Red Flag linux has matured to the point where it is ready for distribution on desktops throughout the nation.
/var/log/messages is good enough for me.
"Logging on to Steam as ...".
[...]
Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux.
When you send your agent string, it's not tied to any personally identifiable data. When you log into steam, it is.
Aggregate data doesn't invade your privacy. Given those two cases, the line seems pretty easy to draw.
I thought Windows already WAS a black box?
If the black box in invulnerable to the crash, why don't they make the whole computer out of the same stuff?
You see? You see? Your stupid minds! Stupid! Stupid!
What microsoft needs is a 'Sounds too evil' person, who can vet these ideas.
"Hey - we wanna incorporate a black box that will send user data back to us for analysis."
"Nope. Sounds too evil."
You mean kinda like CrashReporter?
Or is it already?
If sending your computer's configuration to Microsoft in the background was found to be illegal by the courts back in the Win95 days...
Wouldn't sending configuration information PLUS document contents be considered illegal today?
I mean, come on now, this couldn't possibly be happening, and out in the open to boot?
...
Why would they need a black box if "it just works"?
> When information is reported without your consent.
What constitutes consent? What if your consent was "given" by agreeing to a EULA (I know there are many other flaws in that, but hypothetically)? Would they then be able to send whatever info they wanted?
It's none of their business what is in my document when it crashed.. Or any other invasive data collection. ( like 'lets see what your software inventory is, and oh, what is that serial number )
What is next, 'auto suits' for suspected pirated files, much as 'traffic cameras' do now?
Oh, thats right, its to keep our sysetems stable.. its for the kids.. or some such nonsence.
---- Booth was a patriot ----
What if you are a competing company like Sony or even Apple. So now when you are working on a document in Word to the CEO explaining some sort of secret and then Windows decides to crash, your document content gets sent back to M$ ..... That would be a big problem.
The other day, I was looking for reasons why a computer had crashed. I thought it might be a good idea to check the system log but at first I failed to locate it in system folders.
/var/log/everything that Gentoo machine has.
So I used the "search" function Windows Explorer has (yes the one with the brown hairless dog at the bottom left corner of the screen). No system log was found.
I snooped around the C:\Windows a bit more with no results and asked for guidance in a IRC chatroom. It was only then that I was able to find the darn log. And to my surprise, it did not contain any data that would have been of any use to me -- it had system boot times, shutdown times, start times of some (for me) unknown programs. No detailed information.
I'd expect a bit more from a system log -- but then again maybe I was looking from the wrong place?
Anyways, glad to see Microsoft improve their OS and I hope there will be a time when Windows will have something like
A power switch! She'll get years for that...
.
the choice of whether to send the data, and how much information to share, will be up to the individual
Looks like Microsoft is fine, then.
Sort of. These 'agents' know how you access their systems and when. But your privacy is not invaded to any appreciable degree. This type of information is analogous (loosely mind you) to your appearance at the local store. The merchant (and anyone paying attention) knows what you look like, (your ethnicity, gender etc.) what clothes you wear, when you came in, what you bought, etc. But do either of them know who are your friends are or where you live or what you had for breakfast or even what political party you belong to? Maybe, what bumper stickers do you have on your car when you drive up. Oh no, the local merchant may now also know what car you drive and it's license tag. Even if you pay cash you've given away quite a bit. Pay by credit card and you may (depending on the scruples the merchant) have given away much much more. It's possible that in either realm you are giving away more information about you than you may believe you are giving away. Both types of presence require that your contacts know something about you. In both worlds you can achieve total anonymity if you work for it. But is it worth the hassle?
Just be careful not to hand out sensitive information on line just like you would in the real world.
______________________________________
There are 10 kinds of people,
Those who know binary and those who don't.
Microsoft wants all our developers to have the tools they need, when they need them. It used to be that only the big shots got their needs met by the OS. Now even the script kiddies and spammers have new tools to let them get on with their work.
WARNING! All our new software has the same solid security you have come to expect from Microsoft. So only those who can hack a buffer overflow will have access to this data.
-John Van Voorhis
including what programs were running at the time of the error and even the contents of documents that were being created
What if the user is creating a document whose contents are confidential?
Comment removed based on user account deletion
Thing is, I have no issue with this IF it's solley used as agregate data. But as soon as they tie this with my IP-adress, then there is a huge privacy concern.
But what I don't think is even neccessary is the contents of the document I'm working on: that has no place whatsoever being sent to MS. But, hell, let MS do that: it means instantly that governments and corporations will not adopt that version of windows for reasons of due dilligence and privacy. Hell, as someone posted before, hospitals etc will be legally bound not to use any OS which could potentially send confidential client information in this way.
-- Waht? Tehr's a preveiw buottn?
I wonder if AppSight will be upset with nom de guerre?
This may be good news for Linux because Microsoft cannot be trusted with protecting your information.
I don't think I'd even be quite as worried about. I'd be worried about whether Microsoft are the ones getting that data in the first place. This seems really susceptible to a man-in-the-middle attack. Please tell me these crash reports are at least SSLed?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
The day they develop a dumb decision detector they will have their next killer app...
Testing LAB:
management sample1: dumb
management sample2: dumb
management sample3: dumb
NEOCA - Custom LED Flashlights
C'mon, man. If the plane's going down, even a slahdork could probably find some girl on the plane who would be interested in a final go-round. Don't underestimate the power of impending death. It might be your best hope for losing your virginity.
You know what?
How does this affect health care companies? How does this affect banks? How can we sue them if they use windows with this with our data on the machine?
Pause you who read this, and think for a moment of the long chain of iron or gold, of thorns or flowers, that would never have bound you, but for the formation of the first link on one memorable day. --Dickens, Great Expectations
get a free laptop
How many executives at IBM, HP, Dell, Red Hat, Sun, SGI, etc. use Windows? I'm sure the data sent is anonymous...sure it is.
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
Strawman. This isn't about giving my address to someone, this is about potentially telling them every detail of what I sent through the mail, including credit card information, private letters to loved ones, potentially sensitive business documents, etc.
The concern isn't that a stack trace might be sent to MS -- it's that they want to have a copy of any document open on one's computer at the time. For now, we can turn it off. But, it pays to keep an eye on things to make sure we can always turn it off. After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
So - if this thing knows about what software is installed/running - can it report on spyware apps that are otherwise not visible in Add/Remove programs... or Task Manager?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
How about "check the yes box or the no box and then hit the send box". That way if you were typing away, and didn't notice the box you won't accidentally hit no or yes.
I mod down so you can mod up. Your welcome.
OK Turn off the sarcasm switch.
Black boxes usually don't record credit card accounts, passwords or the contents of work in progress.
It's one thing to record information that's useful in assisting you as a consunmer, but the kind of black box they're indicating would capture information inputted into your system. Even if the cache is limited and cycled, just think of the opportunity for a backdoor. For those who handle valuable or sensitive information this is a nightmare.
Just the existance of this feature may violate some of the accountability laws and regulations that some industies operate under.
I'm not even considering how it might compromise personal privacy, that's another issue altogether.
Unless someone can make sure nothing sensitive is included in the dump - it's a risk.
...carrier dead.....
All versions of Mac OS X used CrashReporter to report crashes. Normally it was dumped onto the econsole. Now they are logged in /Library/Logs/CrashReporter
This signature was left intentionally blank.
I have a much simpler solution: If it's running windows, it can't talk to the internet. At all.
Yes, perhaps I'll eventually set up a hyper-paranoid web proxy to allow some connectivity, but even the kids only use windows for games. Sure, there's one game that my daguhter would like to play that needs an internet connection, but that box has been around so long I wonder if the servers even still exist.
hawk
Oh sure, crashes happen, but every time I've experienced one it's been due to bad memory or a bad (third-party) driver. Honestly, I've had more crashes under Linux than Windows these days (before Core 3, Fedora really didn't like my Dell laptop). I just see no need for such an invasion of privacy.
By the way, before blasting me as a Windows fanboi, know that I spend 90% of my work time on Fedora Core 3 and 90% of my computer time at home on Mac OSX. Windows make me nauseous, but not because of instability.
We apologize for the inconvenience.
Is it me or does anyone else think that MS would be better off spending their time on actually getting longhorn out the door?
--- Don't ever trust a woman until she's dead- B.B. King
"After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?"
Which brings up HIPPA concerns, here in the US.
Granted, this is little more than pure paranoia now, but then again, just look at how badly some folks want to collect such data. If the demand for collection is this high, just how high is the demand for access? How soon before this information becomes a commodity?
I'm not tense. I'm just terribly, terribly, alert.
Well then you have a choice: DO NOT USE THE OPERATING SYSTEM. Period. End of discussion.
The sad part about this entire story is that the same group of lame people (yes, slashdot users) are whining about how bad Microsoft's OS quality is, but when they want to add a feature to better support or help them diagnose their OS, you complain about privacy. Sorry, but you can't have it both ways!
If Microsoft's software violates any laws which affect a business, then those companies who use Microsoft products will either 1) change to a different OS vendor or 2) risk being fined, etc for violating the law.
So my sarcasm is for a reason... you have a choice, use it... and stop whining.
When do we draw the line between normal computer use and invasion of privacy?
When someone either makes me give information or try to ask for my information at their convenience. If I want to give someone information, they'll hear from me. None of this "Would you like to send us information now? We think it's the right time for you to give us information." or getting information about me behind my back bullshit.
Ah, but, you see, your arm will be most artfully twisted.
The trick with you hard cases is to sell you the strategically bad idea in small, tactically tasteful packages...
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
With this concern, and given the stringent regulations that hospitals and health care providers have to obey, it should be mandatory that this feature be turned off permanently and irrevocably at install time for any system purchased by any health care provider. If this technology is even available on the computers they use, hospitals are opening themselves up to massive liability.
You can a floor nurse working at the same time next to another nurse who has a patient with an unusual disease. If you log in and look up the patient's record--or even look over the shoulder of your coworker when he logs in--the hospital is liable under HIPAA for privacy violations. They can be fined, and they can be sued, and enforcement of these rules happens frequently. Now imagine what could happen if THIS system is used in a hospital computer!
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
The article seems to indicate that Microsoft is treading fairly lightly here - don't get me wrong, I love a good MS bash as much as anyone, but it remains to be seen how this will work (whereas those of us who didn't receive it early will know how a certain OTHER OS works as of this Friday - sorry, couldn't resist). If what they say is true (everything is optional and controllable by the user, AND all data transmitted will be anonymous), it seems on the surface to be okay.
/., but not necessarily a good way to present a rational synopsis of an article.
What is the larger issue, in my opinion, is the erosion of the line between what's yours and what's public. This in itself isn't harmful, but it introduces to the consumer market more technology that can eventually be abused.
That's not Microsoft's fault, though, and I don't know if it's avoidable. After all, if you restricted the invention of e-mail because it could be used to scam people, things would be very different today. I don't like the thought that it's Microsoft that we're trusting with this (all malice aside, they've exhibited a very skitchy idea of what's secure and what's not in the past), but the idea of more comprehensive error reporting in and of itself is a good one and one that will allow better development in the future.
Now, as has been brought up elsewhere here, how anonymous is this? In other words, if you're surfing kiddie porn and crash (and are dumb enough to submit the error report with content of your browser), can that be subpoenaed and traced back to you? Again, a valid question but not necessarily a problem with Microsoft.
I guess all I'm saying is that there are plenty of reasons to be pissed at Microsoft (and I cherish them all), but I think this particular instance is just a very interesting and worrisome ethical and legal issue and not specific to MS. And I guess all I'm asking is that we follow the lead of some of the posters here and stay away from the MS bashing this time. Both in our responses and in how we post these things in the first place - the original post quotes the article up to the scary bit, but then doesn't indicate the rest. Good way to start an animated thread on
T
It is pitch black. You are likely to be eaten by a grue.
Or you could do the typical Slashdotter method of protecting your privacy at work: Be such an annoying dork that nobody is interested in what you say.
My beliefs do not require that you agree with them.
Very insightful, thanks. I had originally wrote about the store analogy in my post, but I removed that part because a store is a public location as opposed to your computer running software. But I hadn't thought of the whole credit-card issue.
I just want to know what it will do when Dr. Watson crashs - i know it is rare but i have seen it happen.. will be intresting
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
in the UK any company/organisation which handles personal information (customers for example) wouldn't be allowed to use this OS because of the data protection act.
I mean after a couple of years of development, thorough testing and bringing out the most professional cool software in the world? Microsoft should pay the users for that information; not make them pay for beta-quality software :-(
Switch to Linux :)
Sorry, it had to be said!
When information is reported without your consent.
In the larger world of banks, magazines, health insurance companies, credit card companies, employers, etc. information about you is being reported without your consent every day.
Well, not entirely. Sometimes there are innocuous looking fine print near some agreement you signed years ago, just like clicking through a EULA, that provides those entities with those powers. But since it's inordinately difficult to travel by air and rent a car and afford health care if you don't sign those agreements, it's not like choosing privacy comes with as little cost as we might like.
"Provided by the management for your protection."
Unethical? Yeah. Legal? Definitely.
Not necessarily. The company gets to decide what constitutes legitimate use of its respurces. The company can require, for example, that you use company DNS servers. (For that matter, many corporate firewalls force you to.) Many companies also force the use fo a proxy server; everything you browse is in the logs. Depending on the company'ss policies, what laws it falls under, past history at the company, and advice from the company's lawyers, a reasonable policy may be one that checks the logs only when advised of a problem (worker was observed surfing porn), random checks of the logs, or anything up to real-time log monitoring.
If the company says "no personal use of computers, period", and you in any way violate that (such as sending encrypted mail to an email address you can't prove a work relationship with), you are subject to legal, disciplinary action for your illegal theft of services. If you can't live with that, you should work for change within the company or leave. (I've done both.)
We work hard along the lines of Google's policy of "Don't be evil". But there's plenty of evil around, and sometimes it forces IT people to take actions others will see as invasions of privacy ("oh, no, that's evil!"), when in reality there is no privacy protection under the law, and in fact the company must be protected to protect the jobs of all the workers.
The car you drive is in plain sight. But where you drive with it is not unless somebody goes to a lot of effort to follow you.
Telling Microsoft the applications you're running is like your wife getting a trip report that tells her you went to an adult bookstore.
Giving Microsoft a copy of the documents you have open is like your wife getting a report on the videos you considered renting. You know, the ones involving BSDM and a sheep.
Not that there's anything wrong with that.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I know for sure that the temp internet folders hold onto much of the information as to where you have on the net even after you "clear files" in IE.
Staying one step ahead of Big Brother is a poor substitute for privacy rights. What would stop a "black box" recorder from noting the fact that you were circumventing monitoring by the aforementioned methods? You can still get slammed for "unauthorized use of Company equipment" by this even if the content of the website, email, IM, or whatever, is encrypted; you are obviously hiding something from the monitoring systems, so it obviously is not work-related...
Your suggestions are sensible (I use them), but will only work in unsophisticated environments, and for a limited period of time.
Together, we will drive the rats from the tundra.
And here I was thinking Microsoft was going to officially support the BlackBox for Windows effort. Silly me.
I am growing to love Microsoft. These sorts of moves mean Microsoft are doing more for Linux advocacy than any other company.
oh wait... it's not that kind of blackbox.
So now the slashdot editors know what I run, what my IP address is, ...
/. currently only logs the MD5 of your IP. At least, that's what I think I remember CmdrTaco saying...
Your point generally holds, but
He's not very popular.
I dunno the potential is always there- I've had mail that was incorrectly addressed and opened to find the correct address, and I've had (torn up) open letters come to me in a little plastic bag with an apology for the overly-agressive mail machine. Who knows who saw what was inside?
This rating is Unfair ( ) ( ) Fair (*) Funny
Sigh... If only. Modding would be so much more fun.
Man, does being a coder get easier and easier... Wonder what their turnaround time is going to be?
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) expressely forbids the external transmission of client data, which would no doubt include the documents on our firm's computers, without their consent.
I can't see too many of our clients agreeing to let the confidential contents of their documents be sent to Microsft to figure out why our PCs crashed.
If you don't want to repeat the past, stop living in it.
No man can eat 50 eggs.
Hands in my pocket
So they have to invade your privacy because they did not write a robust OS in the first place ? What an argument!
All Operating Systems crash. Wether it be the fault of the OS or the application. This is a tool to allow them to figure out which it was.
I will continue to click "don't send" like I have always done.
So MS will know I was watching porn the next time Windows crashes?
The best way to do this is for it to be an optional add-on for windows, not something that gets added on during install or windows update. Rather something someone has to decisively has to visit the Microsoft website and choose to be a MS beta tester.
You mean like a core dump, or kernel crash dump?
Think of it as a M$ key-logger, file downloader and as nasty a virus as you Never wanna get (okay Marburg & Ebola are worse.)
Think of your mother (and some evangelist,) walking in on you and a 'friend' as you're doing the deed.
Now worry about what Bill G.'s got in mind: "You WILL update to this new windiows 'eXcreTa!' won't you?"
Come to think of it, Bill'll have all your credit card info so you may find that tour computer has jus ordered the latest 'upgrade' for you, and a whole lot of crap you'd never listen to on Microsoft new music site...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The first time you find a buffer overflow that crashes Microsoft Word or Microsoft Outlook, you can have all sorts of fun with this. You just write all sorts of conspiracy threories into word documents and then make Word crash (How hard can that be?) and then make sure that they get sent off to Microsoft. Since the feedback is anonymous and all, you can feel free to pretend that you are the President of Sun or IBM, or whatever you want. Well, Red Hat is probably out... But, you get the idea.
Anyway, as long as this information can be used to collect corporate espinage that users inadvertantly send them, I say that people use it to send Microsoft disinformation.
Like, a good thing to send them would be rumors that random large companies are planning on suddenly switching all of thier desktops to Linux in a surprise press release that is being drafted.
Or rumors that Sun is about to suddenly abandon Windows in favor of an open source version of OS/2 which it is planning to buy in a surprise move.
Randy.Flood@RHCE2B.COM
Now when my computer crashes, I'm going to have to search the adjacent countryside looking for the damn blackbox. I hate Microsoft!
I wonder if it will survive the crash.
If this tool is really to catch errant drivers, it's usually pretty serious for the OS to throw up its hands.
I wonder if the OS will maintain enough smarts to flush the BSOD information and other stuff to disk properly.
For that matter, if it's not a critical driver (e.g. a sound card driver or network card driver, etc), that goes wonky, why BSOD completely? Why can't the OS log a critical message stating 'This driver encountered an unrecoverable error and has been disabled'. Please close what you were doing and reboot *NOW*'.
While this post will no doubt generate some "Eurotrash" comment, I think this will not be legally acceptable in the EU, as data privacy laws are far stricter there. Sharing of private data without the explicit consent of a person is against the law.
I wonder if a yes/no or send/don't send box is enough to be considered as explicit consent.
From an corporate perspective I would expect that most corporations would automatically set this feature to disabled. Most corporations have privacy policies in place to cover information being sent outside the company. Additionally, to meet these privacy policies, it would take time to sanitize the information going out to Microsoft. Can you see many managers allocating time for their employees to sanitize the information to send to Microsoft? Its not a revenue generating activity. Thus, we can conclude that most corporations will simply disable the "feature".
Home users and small home offices are the ones most likely to leave the functionality on and/or use the feature. This often simply comes from a lack of understanding of the feature and its implications. As previously mentioned, uninformed users will often just click OK to attempt to continue on with their work. They don't want the interruption but often don't know enough to turn it off and so click through the dialog boxes thoughtlessly.
Draw your own conclusions on the value of this feature to end users and to Microsoft. 'nuf said!
Note to self: buy powerbook, not IBM.
11:34:46: A few exception stack numbers etc. 11:34:49: User said:"Duck". 11:34:53: User said:"Ewe phukkan piss of shirt". 11:34:53: HDD reports tracking errors due to high impact shock.
Engineering is the art of compromise.
it's about time windows moved away from their crappy explorer to a good window manager. of course, personally i would have preferred something a little more configurable, like sawfish, but it's a start... i wonder what this will do to projects like litestep and geoshell.
wait, that's not the black box we are talking about?
If I don't put anything here, will anyone recognize me anymore?
I have a Linux/Windows dual boot. Only the Linux stuff is configured to access the outside world. The MS stuff is strictly offline.
Engineering is the art of compromise.
Does the current method even have any value?
Does MS actually figure out anything from these dumps? Especially when most users don't bother to send them?
If so, it appears to me that this is just another "feature" being added to the OS which has only marketing value and nothing else - like most of the rest of Windows.
If a third party program crashes on your system, how is MS's black box going to help? It's the third party programmers who should be cleaning up their act. If Windows crashes, MS should have done better testing.
The basic problem obviously is that Windows is too bloated and complex to function properly. A black box isn't going to help that.
Instead of making "black boxes", the morons at MS should be figuring out ways to make their code more reliable by improved testing or better yet, improved design.
Which means advancing the state of the art in software development rather than spending that $37 billion on a one time stock prop scheme as they did. Instead they spend their system designers's time trying to figure out ways to suck more stuff from the end user's machine.
And then Bill has the nerve to talk about "information overload".
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
All Operating Systems crash.
I haven't seen my current thinkpad or my previous one under debian crashed for years. Thus, no, all operating systems do not crash.
And no, it is not normal to have to click somewhere on a regular basis to avoid leaks about your personal system configuration / documents. It is actually very interesting to see how people seem to accept that new state of facts.
Obviously, with the omnipresent network updates, network authentification, DRM and web-based applications (mail readers or chat), there is a shift in what people consider as their data and their system. In fact, more than interesting, this is disturbing.
--
Go Debian!
Upon furter questioning, Microsoft declared that the errors that will be reported on, include such events as:
- downloading acc or ogg format media,
- writing computer code under a viral license,
- closing the clippy window,
- submitting informed posts to slashdot.
DNA is the ultimate spaghetti code.
Probably not? Spoken like a true clueless slashdot fanboy.
Windows Error Reporting
Obviously there are some hoops to jump through. Both so you can't sign up to view adobe's crash logs, and to make sure that that you protect the personal info that may be in the dumps (per the agreement.
If I'm doing a paper on such-and-such technical topic, and Microsoft sees that, when I submit it, the reviewers could see that Microsoft has already published this and reject it.
It may be fun in these forums to criticise M$, but the fact is they put together some very capable software that's normally "good enough" for the vast majority of users. And most of us simply will use what we already have rather than upgrade if Microsoft decides to abuse their position. You can think of it like a couch. If the couch is comfortable, the only way we'd be willing to upgrade it is if we break it completely, or if we move house, and even in the latter case, if the house arrives furnished we still have the option of throwing out their stuff and replacing it with our old furniture, even if the original owners of the new house would prefer we use their old furniture, which chances are we don't want anyway even though it's likely to match the way the house is decorated.
In other words, we need an incentive to upgrade. And we'll happily plod along with what we have unless there's a very good reason. I know many people with XP who upgraded from the 9X range of operating systems, but a lot of people happy with Windows 2000 who'll not upgrade unless forced to at the barrel of a gun because it's no worse than XP and doesn't have that stupid activation stuff, and XPs lack of support for floppies and its "no more than three applications at once" restriction in some versions.
Microsoft clearly believes these features will be useful to future users. I think it's reasonable to hold out and see whether they really are abusive before claiming they are. Time will tell.
You are not alone. This is not normal. None of this is normal.
So here's what I would propose as an alternative to sending "Bill Gates eats Monkey Cheese" as a crash dump - steamy letters with all sorts of "personal info", containing the names of Microsoft employees pulled at random.
Tech support people would then spend a LOT more time reading the crash dumps, thinking they're getting dirt on their coworkers, bosses, supervisors, etc.
Only time will tell if this would this have the desired effect, but it would be an interesting experiment.
You're absolutely right. {turns to the grandparent poster} Don't you know that pushing your religion on others isn't allowed in a Democratic society?
Think of it in the sense of "Oh God... I'm cumming!"
Grow a sense of humor man!
Online backup with Mozy, sounds like Ozzie, but more!
"Steve, find me a woman, quick!"
kurzweil_freak
5th Kyu Genbukan Ninpo/KJJR student
Be the darkness that allows the light to shine.
When Windows crashes (which is fairly often) it is only an inconvience not a matter of life or death.
There are 11 types of people, those who know unary and those who don't.
In most cases we are talking about here, an application should not be able to crash an operating system, even if it tries.
What keeps me going is my inertia.
It comes pre-installed! Tracker, keylogger, you name it, we got it!
I am Spartacus
I wonder if it will also send a picture of the user via their webcam incase they are using a pirated version of Windows.
Not using the OS is not always a desireable alternative.
There are ways to better support the consumer without compromising security, an implementation as invasive as this one should be optional.
Personally I could drop MS without a care. I use various flavors of *nix and MS for personal use, and if this feature gets in, no new MS for me.
BUT...My employer has millions of dollars invested MS based apps (as well as *nix). To convert the MS apps to other OSes would be prohibitive, but if this "feature" makes it in as a required component, government and industry regulations will most likely force us to another OS, at great expense. Complaining is truly justified in this case. MS needs consider the facts, but they won't know if no-one yells at them or sounds off in public forum. If no-one complains, then MS will feel there's no opposition, or need for an alternative.
I'm not whining, I'm excercisng my right to express my opinion. If enough users do so, MS may get the idea. They do back down once in a while.
...carrier dead.....
No application should crash due to bad data. At worst it should close gracefully. However I've found that Microsoft apps, more than any other, are very sensitive to their data. Why should parsing and displaying HTML ever bring down a web browser? It shouldn't but there's been HTML to crash IE for many years (and other browsers, also). Word, Excel, and the other Office apps run user scripts saved within documents. Those scripts can also very easily crash those apps.
So while I don't believe that they should be sent any document data I do understand why they need it. They could, however, work on making sure their apps never crash due only to data (if that's even entirely possible).
Developers: We can use your help.
catch most bugs by running this BB on their in-house machines. If MS employees receive any sort of subsidy like free windows, then MS could run it on their employees machines too. The incremental benefit of putting this BB thing in every machine on the planet just doesn't justify doing it when other thngs are considered.
It's a fact that the opt-in feature will not protect my privacy if some-one/business dutifully pushed the 'all your data go to mama' button and my info is in there. This will eventually result in a successful action against M$. BB in all MS and MS employee owned windows gives them more direct access to the fault with much less volume of reports to deal with.
This only confirms that there is no point of running anti-spyware software on a windows box. Simply because with this litle toy windows will be spyware by itself.
"People's problem is not that they are mortal, but that they are suddenly mortal" Terry Pratchett
Thanks for explaining that to me.
-gjr
Microsoft is just giving themselves a reason to record anything they wish on your computer.. Invasion of privacy act ring any bells?
So basically what they are saying, is they are going to have a core-dump like functionality as is found in UNIX, right?
Eric B
ebresie@gmail.com
Sure, we cry foul when it's Microsoft... but if tomorrow Google released Google Crashes and it allowed you to search people's crash records it'd be peachy. ;)
Seriously, Google is starting to scare me.
That would lead me to the conclusion that this feature of Windows will only work if apps are specifically coded to integrate with the blackbox.
Unless of course, it just takes a snapshot of the programs heap and stack....
but a lot of people happy with Windows 2000 who'll not upgrade unless forced to at the barrel of a gun because it's no worse than XP
You can pry my copy of Windows 2000 out of my cold dead hands...
The only temptation I have to ditch Windows 2000 comes from a lack of UPnP support that makes running certain applications behind my router much more difficult. I can sacrifice a machine and run a proxy server on it and put it in the DMZ, but it is unhandy. I've looked around for another fix for this problem, but couldn't find one.
I'm waiting for longhorn before I consider upgrading.
Freedom is merely privilege extended unless enjoyed by one and all.
I never figured out WTF is that little dr watson icon thinguie, just using up disk space, then again, windows just used up my disk space AND RAM!
Now I use Linux ha!
Now they intend to use this as an excuse to poke into MY information?
That does it! is microsft actually rewriting the constitution here?
Dear american, do you think there's really a constitution that protects you? damn!
I hope this means we could sabotauge our Windows's software to send so much, we'll make them shutdown!
Err.. On the more serious side.. I don't think this is going to be very popular..
In the Soviet Union, signatures writes you!
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.
Did mainframes need this? Do embedded computers need this feature? I agree aircraft need it when it crashes and all on board are dead.
We need a computer that when it crashes people die, like a completely green one that runs on nuclear energy. I would have to agree that this system should have a black box, run by an external process with a different OS.
Microsoft just needs to write good code. If they can't fix it they should start over with a new OS that runs on UNIX, like OS X.
Your Average Joe
When an OS X app crashes, the user is offered the opportunity to send the entire crash log to Apple. This includes a stack trace of every thread, as well as some other handy system info. Frankly, I'm sure Apple couldn't care less what happened when Macromedia Bloatware 8.3 Pro fell over, but the option is there. I wonder what they do with all the reports?
In Apple's case, the default option is NOT to send it, but if the user does, they get to preview the exact file that gets sent, as well as the opportunity to append their own comments. I don't see it as an invasion of privacy in this form, though I do think it must generate so much noise for Apple that the reports serve little purpose. By the sound of it the MS "black box" intends to be mor edetailed than this, so I don't know if this is a fair comparison.
lol.
Anyways... The purpose of this blackbox is so they can prematurely shove software out the door and not have to worry about debugging until after its in market; when these magical programs will help them fix things fast, and keep Longhorn from looking bad, or slow-to-release. It will also help do a "quick" job of debugging longhorn.
ALso, it will help debug other programs, so they can release quickly on Longhorn, etc. - so Microsoft can attempt to Trump Macintosh. Wont work though; fierce animals put up a good fight! Panther, Tiger, Cougar...
Also, if they can view code and information about other applications crashing, it will allow them to either make life easier for that program (if they like it) or make things REALLY DIFFICULT for that program (like Corel programs). Everytime you send in a detailed Corel-error report to Microsoft, it gets used to "fix" Corel - fix 'em for good!
I generally make it a rule to only send error reports if theyre easy, on a machine thats "clean" (privacy), and the error report GOES TO WHO MADE THE PROGRAM. This blackbox thing seems OKAY, the intent is innocent enough right now, the problem is, Microsoft has a habbit of taking programs like this and gradually mixing in "evil intent" - either that or the intent is originally hidden well.
For example, DCOM: easy remote-runing programs, and stuff. Sounds great for corperate networks. But it never worked properly! Then, gradually mix in evil (backdoors, manditory, invisibly), and it becomes a tool to help Microsoft be in control. And thats what this is about too - it will gradually turn into yet another control mechanism.
They always pull this crap, and not only is it abusive and annoying, it sucks away cycles, leaving one to wonder what their computer is doing, churning away, when NO PROGRAMS ARE RUNNING. I used to say, windows is like a teenager - leave him alone with nothing to do, and he'll go into the corner and start wankin'. Windows is the same way. ALways doing something-or-other, mostly stuff thats to help microsoft or make them look good. Eg: Windows networking - poorly written convoluted mess. They make up for it by throwing in services to check things and store information, to make it seem instant, like every other OS.
This "after-the-fact", "patch-based" programming method is just pathetic. It clogs up RAM, cpu cycles, etc. Frig - just make it right the first time!
This is why i run linux; it does exactly what i tell it to, no more, no less, and its not a messy patch-work.
You may want to do what I did after getting crazy mad at that whole STEAM bs. There is a cracked copy of half life 2 you can download which is just a directory, no install required, and there is no steam in it, it tries to connect to the net, but you can just block it with a firewall to no ill effect. Just hunt around for emp_proper_hl2 and you should fix that retarded steam problem like I did. Makes the game a hell of alot more fun to know I'm not being spied on by some jackass. However it does loose it's multiplayer functionality. And yes, I did buy the game, and never played it until I found this steamless copy because steam annoyed the living piss outa me.
HAVE FUN - HAVE YOU FILED YOUR CANADIAN CITIZENSHIP PAPERS?
Are you talking about the country that bans people talking about current legal cases. Like Homolka and the more recent one?
Face it, no country is perfect.
Just because it CAN be done, doesn't mean it should!
"black box" orange or "Microsoft" blue...
Perl Programmer for hire
"...will provide Microsoft with... the contents of documents being created." The words I cut out don't alter the meaning I have shown. Doesn't that bother anyone? For example when an "evil" user is writing a document to send to someone he's stalking and the machine crashes, does he want his evidence to go to M$? Probably not. But seriously this might cause problems..
Gentoo Linux - Wouldn't have it any other way. And fuck beta.
I doubt that this is true. If it was, then nobody under HIPPA guidelines would be able to use that OS....
--
Time is on my side
If this sends everything thats in memory when a program crashes, what happens when one of those hungry applications (3DS Max comes to mind) crashes, and your trying to upload a GB to Microsoft?
Maybe they only send the stack, not the heap, but even so, that could be rather large.
What if something weird in your document is crashing, say, the spellchecker or causing some buffer to overflow ?
Now, certainly you should have a *choice* as to whether or not that information is transmitted, but it certainly has the potential to be an important part of locating and fixing any bugs.
I've been reading the posts on this topic and would be glad to provide information to people who are interested in learning more about this functionality.
First, let me clarify what this actually is. Longhorn will contain the next generation of the Windows Error Reporting functionality (also known as "Watson") which is designed to detect problem states and allow customers to optionally report the problems to Microsoft to see if information is available to help them resolve it. More information on this functionality can be found here: http://www.microsoft.com/presspass/newsroom/office
We currently respond to about half of the reports sent per/day with information about how to fix, workaround, or troubleshoot the problem. This includes both Microsoft and 3rd party applications, and there are over 1300 software vendors who are using WER to fix problems in their code, based on customer reports.
The most common questions/concerns I've seen posted seem to be:
"Can I turn this off?"
Yes, this is easy to turn off either through UI or Group Policy
"Is this opt-in or opt-out?"
This is strictly opt-in. In other words, no data is sent without express permission of the customer. Even the default for the buttons is "don't send" so that customers don't accidentally send by pressing Enter. This is true with both XP and Longhorn. The data collection policy for WER can be reviewed here: http://oca.microsoft.com/en/dcp20.asp. This is the statement customers can review before they click "send".
"What exactly is being sent to Microsoft?"
Name, version, and time/date stamp of the exe
Name, version, and time/date stamp of the dll
Hex offset into the module where the crash occurred.
"What is the risk that reports may contain personal or sensitive data?"
its what 4 billion possible ips?
4 billion possibilities is WELL within the brute forceable range
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
The capability built into the OS would be a very poor way for a company to monitor employee activity, as data is only sent when the system encounters a problem (crash, hang, etc.), and the data is limited to that problem. Contrary to speculation, WER does not log activity such as which websites were browsed, emails sent, etc. If a problem occurs, a small snapshot of memory is collected if the user consents to send it. (The author of the story is correct that within a corporation the IT department can choose to send reports automatically to an internal site, but not automatically to MS.) You can satisfy your curiosity about what data would be sent fairly easily; write a small app that crashes (deref a null pointer or div/0). When the crash dialog comes up, take a look at what's included - load the minidump in the debugger to get a good look. You'll see that trying to use this data to monitor employee activity would be essentially useless. In an 8hr workday you'd be indescribably lucky to get a 1/2 second peek at what the employee was doing in just one thread of one app.
I have a better idea. Microsoft should put the equivalent of that recording software that records everything that happens on the display in an AVI file, kind of like that software that parents can install to see what their kids are viewing on the Internet, or wives can put to see if their husbands are watching pr0n, or whatever. This will constantly feed to Microsoft's servers, where thousands of Microsoft employees will sift through the data to find trade secrets that Microsoft can use, or damaging evidence that Microsoft can blackmail people with, or other things like that. Also, this will record all key presses, mouse movements, communications going in and out of the machine, communications to all devices and peripherals that might be connected, and all information that can be obtained from a debugger so that Microsoft can, at all times, have complete control and information over the contents and operation of every computer using their software.
Comment removed based on user account deletion
Comment removed based on user account deletion
you can download it from here ;)
http://bb4win.org/news.php
But if "Microsoft isn't like that, mmkay" doesn't cut the mustard with you, why not read the article:
the prison guard talking to/about paul newman
Yea, George Kennedy's the guard.
FGalconShould there be a Law?
Well, good thing is that they did not choose Twm. Blackbox is more modern!
class he-man extends man!
First, nothing says the data log has to be shipped to Microsoft for analysis. It's kept on your machine; in case you ask them for help, they can ask you to send it. You're free to say "no, it has my taxes on it" or "never mind, I want to keep my goat pr0n private." It's also typically kept in a circular buffer that's several megabytes in size. I'm pretty sure Microsoft won't want to receive 5MB unrequested logs for every application crash.
Next, the log is extremely difficult to read without the proper software. I'm not saying if it will be encrypted or not because I do not know, but I do know the unencrypted data is pretty 'cryptic.' I found it contains data that's much less readable than a raw memory dump. This is by design -- the vendor only makes money by selling the debugger consoles; the black boxes are distributed with free licenses.
If your company does purchase the consoles (and you're a developer,) I'd suggest asking (begging) them to license one to your desktop. This thing is one of the greatest debugging tools ever. It's kind of a bitch to set up, but once you get one running, it's definitely got the WOW! factor going. No more asking your clients "so what key did you press?" and getting "I just hit Enter!" in reply. You don't even ask them: you just watch the playback of their screen, and you can see them click the "divide by zero" button, or whatever else they may have done wrong. (BTW, that means you should fix the UI so they can't do that.) Or, you start at the point of the crash and hit "play in reverse", watching what happened prior to the crash.
If you have full capture going (you might do this to catch an intermittent bug) you can turn it on at such detail that it can display your executing code line by line with the source (assuming you still have the PDB files generated by the linker.) It's very much like watching it in a regular debugger, except you can step backwards as well as forwards. This seriously affects performance, though, so I only turn it on with the cooperation of the user or tester, and then I typically only watch a few select objects, not the whole of the codebase.
You can also click "compare all loaded modules with a gold standard" to figure out what's different in their environment. Nothing induces "Aha!" like finding out they have a pre-release version of IMPORTANT_CRAP.DLL instead of the shipping version.
std::disclaimer("I have no relationship to Identify Software or to Microsoft, other than as a satisified customer of Identify."};
John