Slashdot Mirror
Microsoft To Add A Black Box To Windows
An anonymous reader writes "According to ZDNet, Microsoft plans to add the software equivalent of a 'black box' flight recorder to Windows. According to the article, 'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'" Commentary available via C|Net as well.
Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.
"occupant of 17A was eating peanuts, doing inflight magazine crossword and had dirty underwear"
"Our stance on this is that the user is in control," Sullivan [Windows lead product manager] said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."
Sounds reasonable, so long as it doesn't hide anything from view. Of course, if you have Visual Studio you can hit Debug and lookie yourself, which is usually more helpful than anything I've ever got back from Microsoft.
The probablem was likely caused by a faulty driver
And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.
Consumers stick with what works. If hitting Don't Send works, they stick with it. If the problem persists then they'll probably send.
It said, "what we have here is failure to communicate." What's that mean?
A feeling of having made the same mistake before: Deja Foobar
It will record your screams as your computer crashes.
At first I was tempted to do like most: yell out that this was a privacy issue. Microsoft has no right knowing what software I'm using! But there are so many instances where I could claim that my privacy is invaded that I'm afraid I'm becoming more accepting of it.
...". So Steam/Valve know each time I play half-life. Interesting stats for them.
...
The latest of these instances occurred when I fired up Half Life 2 last night. "Logging on to Steam as
Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux. Sure, I could hack my user agent string, but really. Most people don't, right? So now the slashdot editors know what I run, what my IP address is,
I only boot to Windows to play games like Half-Life, and it bothers me that Microsoft would know about everything I'm running on that Windows box, but how else are they to fix issues if they don't know what I'm running and what I was doing when it crashed? When do we draw the line between normal computer use and invasion of privacy?
The biggest issue I see with this, at least in the short term, is the possible use of this feature in the corporate setting.
With businesses, however, IT managers typically set the policy. If they wanted total information, they could configure systems so that they'd know not only that a user was running Internet Explorer, for example, but also that he or she was watching a video from ESPN.com. Or, they might find out not only that a worker was running Instant Messenger but also that he or she was talking to a co-worker about getting a new job.
This is a major invasion of privacy if you ask me. Of course, while at work you are using company resources so they really do get to say how and when they are used but I feel there is an important difference between monitoring your employee's resource usage and actually reading their emails and instant messages. You don't have to totally invade everyone's privacy to enforce your company policy of internet usage.
But Sullivan pointed out that businesses can already install third-party software to monitor workers' computer usage and some do.
While the above is most certainly true, having something like this built into Windows by default just makes it that much easier and thus inviting for a company to implement this sort of monitoring. I just can't wait for the day when all employees have a tracking system attached to them at all times and are reprimanded if they spend too much time going to the bathroom or chatting to a coworker. What great fun that is going to be!
Another issue with this that is mentioned in the article is the fact that while you will be able to look through all the data being reported, most people will not have the knowledge to determine how much of it is sensitive.
And consumers could have a tough time knowing just what information they were sending. Though they'll be able to see the contents of a document, they may not recognize the significance of the technical data--such as register settings--that's being sent.
Not everything is totally obvious, such as personal emails or credit card numbers. Not to mention the fact that it will very likely be buried among a lot of other unintelligable data. Also, given the habit of most Windows users of just clicking 'OK' or 'YES' to anything and everything that pops up on their screen, I doubt many people will actually review the information being sent in the report.
Will it survive after I kick the shit out my computer and then throw it off a cliff?
'The tool will build on the existing Watson error-reporting tool in Windows but will provide Microsoft with much deeper information, including what programs were running at the time of the error and even the contents of documents that were being created.'
So one mans spyware is another mans "helpful utility"?
Right, now many of you will call me a Mac fanatic and mod me down, but seriously: Apple does not think of shit like this... I can just see the new virus' composed to utilize the flaws in this feature... Wait, I got it, they will use it to compete with Apple's Automator in Tiger:
"Tired of having to go to the store to buy the latest Microsoft product? Now you will never have to again! The windows automator(tm) scans all your messages, emails, text documents, and computerized purchase orders for your credit card information, bank number, PIN numbers, etc; sends the data to the Microsoft data servers. Your information is then carefully protected, until the newest Microsoft product is ready for shipment. Then your accounts are drained, and everything you needed, even if you didn't know it, will be shipped to your door. Remember: Microsoft works...."
And yes, I read the article, and the passage: " "Our stance on this is that the user is in control," Sullivan said. "In the consumer environment, you will be presented with a dialog that clearly gives you the choice whether to share the information and then also provides exactly what the detail is so you can parse character by character what's being sent."
But it kinda hurts the joke... That and with Microsoft's record of error, would you really trust this?
3 degrees of separation from Vladimir Putin
as long as I can shut it off!
If you are running some "non-approved" app, or driver, or whatever, MS will simply blame somebody else's code. And now they'll have a "black box" to prove it.
Nice.
Why not make the Whole OS out of the black box stuff? Then nothing can damage it!
Wouldn't it be faster for them to sift through the logs of what was happening when the system was stable? I mean, dear God, imagine the size of the log files if they logged crashes.
If you mod me down, I shall become less powerful than you could possibly imagine.
Except the blackbox on a jet won't (unless I'm woefully uninformed more than usual) tell what you were doing in your own seat when the plane went down.
Pleasuring yourself one last time before you die?
I am defenseless. Use your button. Mod me down with all of your hatred.
As soon as you can no longer get support from M$ because you are not using the 'black box' crash creation application, they will start blaming Linux and Apache for the crashes... quickly creating a patch to prevent users from going to sites that are 'bad' for their Internet experience... thus protecting the world from all sorts of evil... spam, spim, worms, joy, information, and other evils like that
Support NYCountryLawyer RIAA vs People
Talk about an invasion of your privacy and a HUGE hole to reveal corporate IP. It won't be long until someone invents an hack or virus to exploit this and capture all of what you are working on. I'm supposed to trust that MS won't use any of my info they captured to debug thier software?
A plane crash is a bit more severe (and much less common), than a Windows crash.
What if that mime really is trapped in a box?
...including what programs were running at the time of the error and even the contents of documents that were being created
...not only that a user was running Internet Explorer, for example, but also that he or she was watching a video from ESPN.com.
So everytime my windows crashes, the stuff I worked on gets sent to MS. Everytime IE crashes, MS gets to know where I browse. How does this motivate them to make crashes less frequent? I don't like the idea at all. Another reason to leave MS products completely (already switched at home, still have to use them at work).
That there's nothing compulsory about this, obviously. And furthermore, it appears that the system will be suited to provide for the customer's preservation of personal privacy:
For consumers, the choice of whether to send the data, and how much information to share, will be up to the individual. Though the details are being finalized, Windows lead product manager Greg Sullivan said users will be prompted with a message indicating the information to be sent and giving them an option to alter it, such as removing the contents of the e-mail they were writing when the machine crashed. Also, such reporting will also be anonymous.
The only concern, one might suppose, is for people who don't want this information accumulated should their computer later be searched by others (the law? An employer? A relative?). This is perhaps a legitimate concern, but hard to argue for, as a reason to cripple error reporting.
I think it's awfully interesting that Microsoft has begun announcing tiny feature announcements one by one in a nice string of succession throughout the month of April. And slashdot's just eating it up! They wouldn't be, say, announcing one feature plan at a time for the next 30 day to steal some of Apple's thunder while rolling out OS X Tiger would they? Not a friendly entity like Microsoft?!?!
If you're half as beautiful naked, you'd be 4 times as beautiful with twice as many clothes on.
Personally, I'd draw the line at the point where "opt-in" becomes "opt-out". If the customer is being asked whether they want to send this information to M$, and told just what is being transmitted, then I don't see that much of a problem.
However, it's important that you actually have to acknowledge this - so, for example, the default button (the one that has the focus) should be "No" rather than "Yes", so users actually have to make a conscious decision instead of just saying hitting return because that's what they always do when an error pops up.
In other words, consent is required, but it also has to be informed consent. Someone who just says "Yes, do this" because they don't understand what's going on and what the implications are does not consent IMO.
quidquid latine dictum sit altum videtur.
as if we needed anymore reasons to switch to Linux or Mac.
I only boot to Windows to play games like Half-Life, and it bothers me that Microsoft would know about everything I'm running on that Windows box
:P if there will be the option to disable the error reporting service, as it is there now. That's all that counts.
Well, there are some of us who run a load lot more than that, and no, not willing to let anyone trustworthy get their hands on anything. And no, I don't consider some MS developer browsing through crash data trustworthy.
Anyways, I don't care what their boxes' color will be
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
I can just see it. Clippy will get replaced by a stern man's face watching you. The power switch to the monitor will no longer work...
The truth is an offense, but not a sin.------R. N. Marley
So they have to invade your privacy because they did not write a robust OS in the first place ? What an argument!
--
Go Debian!
"When do we draw the line between normal computer use and invasion of privacy?"
When information is reported without your consent.
Beauty is in the eye of the beerholder.
it was from "cool hand luke"
the prison guard talking to/about paul newman
http://imdb.com/title/tt0061512/quotes
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
When the vendor leverages the market information to make the decision for you that you should upgrade, I daresay you may feel invaded, while falling short of concluding whether or not Daddy Knows Best.
Time will Tell.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Plus, Qui custodet ipsos custodies? Microsoft just created a new target for hackers, both writing to (for hiding their own tracks) and reading from (for extracting information when searching for personal user information.) Not insurmountable problems, but will M$ think to solve them before being bit on the backside?
One step forward, two steps back...
//Information does not want to be free; it wants to breed.
Example Log:
2012-03-14 @ 17:20: Windows Media Player crashed trying to load "Amazing Asses 70: The Return of the Brazilian Butts"
2012-03-16 @ 18:11: Windows Media Player crashed trying to load "The Adventures of Buttman".
Sounds like invasion of privacy to me. Not that I'm a porn addict or anything.
*runs out of thread fast*
/var/log/messages is good enough for me.
"Logging on to Steam as ...".
[...]
Every time I browse a web page, I'm telling everyone I use Firefox/1.0.3 on x64 Linux.
When you send your agent string, it's not tied to any personally identifiable data. When you log into steam, it is.
Aggregate data doesn't invade your privacy. Given those two cases, the line seems pretty easy to draw.
Or is it already?
If sending your computer's configuration to Microsoft in the background was found to be illegal by the courts back in the Win95 days...
Wouldn't sending configuration information PLUS document contents be considered illegal today?
I mean, come on now, this couldn't possibly be happening, and out in the open to boot?
...
Why would they need a black box if "it just works"?
What if you are a competing company like Sony or even Apple. So now when you are working on a document in Word to the CEO explaining some sort of secret and then Windows decides to crash, your document content gets sent back to M$ ..... That would be a big problem.
A power switch! She'll get years for that...
.
the choice of whether to send the data, and how much information to share, will be up to the individual
Looks like Microsoft is fine, then.
Thing is, I have no issue with this IF it's solley used as agregate data. But as soon as they tie this with my IP-adress, then there is a huge privacy concern.
But what I don't think is even neccessary is the contents of the document I'm working on: that has no place whatsoever being sent to MS. But, hell, let MS do that: it means instantly that governments and corporations will not adopt that version of windows for reasons of due dilligence and privacy. Hell, as someone posted before, hospitals etc will be legally bound not to use any OS which could potentially send confidential client information in this way.
-- Waht? Tehr's a preveiw buottn?
C'mon, man. If the plane's going down, even a slahdork could probably find some girl on the plane who would be interested in a final go-round. Don't underestimate the power of impending death. It might be your best hope for losing your virginity.
You know what?
Pause you who read this, and think for a moment of the long chain of iron or gold, of thorns or flowers, that would never have bound you, but for the formation of the first link on one memorable day. --Dickens, Great Expectations
get a free laptop
Strawman. This isn't about giving my address to someone, this is about potentially telling them every detail of what I sent through the mail, including credit card information, private letters to loved ones, potentially sensitive business documents, etc.
The concern isn't that a stack trace might be sent to MS -- it's that they want to have a copy of any document open on one's computer at the time. For now, we can turn it off. But, it pays to keep an eye on things to make sure we can always turn it off. After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
"After all, how would you like it if it came out that you had a confidential illness because a medical transcriptionist hit 'Send' after Word crashed while mail-merging your test results?"
Which brings up HIPPA concerns, here in the US.
Granted, this is little more than pure paranoia now, but then again, just look at how badly some folks want to collect such data. If the demand for collection is this high, just how high is the demand for access? How soon before this information becomes a commodity?
I'm not tense. I'm just terribly, terribly, alert.
With this concern, and given the stringent regulations that hospitals and health care providers have to obey, it should be mandatory that this feature be turned off permanently and irrevocably at install time for any system purchased by any health care provider. If this technology is even available on the computers they use, hospitals are opening themselves up to massive liability.
You can a floor nurse working at the same time next to another nurse who has a patient with an unusual disease. If you log in and look up the patient's record--or even look over the shoulder of your coworker when he logs in--the hospital is liable under HIPAA for privacy violations. They can be fined, and they can be sued, and enforcement of these rules happens frequently. Now imagine what could happen if THIS system is used in a hospital computer!
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Staying one step ahead of Big Brother is a poor substitute for privacy rights. What would stop a "black box" recorder from noting the fact that you were circumventing monitoring by the aforementioned methods? You can still get slammed for "unauthorized use of Company equipment" by this even if the content of the website, email, IM, or whatever, is encrypted; you are obviously hiding something from the monitoring systems, so it obviously is not work-related...
Your suggestions are sensible (I use them), but will only work in unsophisticated environments, and for a limited period of time.
Together, we will drive the rats from the tundra.
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) expressely forbids the external transmission of client data, which would no doubt include the documents on our firm's computers, without their consent.
I can't see too many of our clients agreeing to let the confidential contents of their documents be sent to Microsft to figure out why our PCs crashed.
If you don't want to repeat the past, stop living in it.
I wonder if it will survive the crash.
If this tool is really to catch errant drivers, it's usually pretty serious for the OS to throw up its hands.
I wonder if the OS will maintain enough smarts to flush the BSOD information and other stuff to disk properly.
For that matter, if it's not a critical driver (e.g. a sound card driver or network card driver, etc), that goes wonky, why BSOD completely? Why can't the OS log a critical message stating 'This driver encountered an unrecoverable error and has been disabled'. Please close what you were doing and reboot *NOW*'.
11:34:46: A few exception stack numbers etc. 11:34:49: User said:"Duck". 11:34:53: User said:"Ewe phukkan piss of shirt". 11:34:53: HDD reports tracking errors due to high impact shock.
Engineering is the art of compromise.
It may be fun in these forums to criticise M$, but the fact is they put together some very capable software that's normally "good enough" for the vast majority of users. And most of us simply will use what we already have rather than upgrade if Microsoft decides to abuse their position. You can think of it like a couch. If the couch is comfortable, the only way we'd be willing to upgrade it is if we break it completely, or if we move house, and even in the latter case, if the house arrives furnished we still have the option of throwing out their stuff and replacing it with our old furniture, even if the original owners of the new house would prefer we use their old furniture, which chances are we don't want anyway even though it's likely to match the way the house is decorated.
In other words, we need an incentive to upgrade. And we'll happily plod along with what we have unless there's a very good reason. I know many people with XP who upgraded from the 9X range of operating systems, but a lot of people happy with Windows 2000 who'll not upgrade unless forced to at the barrel of a gun because it's no worse than XP and doesn't have that stupid activation stuff, and XPs lack of support for floppies and its "no more than three applications at once" restriction in some versions.
Microsoft clearly believes these features will be useful to future users. I think it's reasonable to hold out and see whether they really are abusive before claiming they are. Time will tell.
You are not alone. This is not normal. None of this is normal.
So basically what they are saying, is they are going to have a core-dump like functionality as is found in UNIX, right?
Eric B
ebresie@gmail.com
Well...
Yes, your unix/linux box can be configured to automatically send dump information to a server. This is a useful feature -- but needs to be explicitly enabled.
If dump information from the Windows box can be sent to a central server that is controllable (eg. not an outside agency), then I am all for this feature -- plus I want to be able to disable this feature.
Same as being able to forward logging information (again, under installation control on those Unix boxes).
So, having this feature available is a "good thing" (tm) but I would like to see it configurable to use an internal server. Glad to see Microsoft is offering this as a problem resolution mechanism!
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061