Slashdot Mirror
Microsoft Pressures Testers After Software Leak
narramissic writes "ITworld reports that Microsoft is 'taking tough measures to find out who leaked a Community Technology Preview (CTP) of Windows Home Server to The Hotfix.net blog.' The software preview was posted on the site by a user named 'Richard' soon after it was released to a small group of testers. In an e-mail to MVPs whose names contain 'Richard,' Kevin Beares, the Windows Home Server community lead at Microsoft, wrote: 'For right now, you have no access to the beta until I can find the Richard who posted the WHS (Windows Home Server) CTP on this site.... I will work with the Connect Admin team to determine which one of you is the real culprit of this leak.'"
If this was Apple we would get many posts defending their right and need to do this. Since it is MS we won't. -Larry
foreach (Tester ReallyUnluckyGuy in GetTestersByName("Richard"))
{
ReallyUnluckyGuy.DenyAccess(Now);
ReallyUnluckyGuy.AskQuestions(Later);
}
The leaker was arrogant/foolish enough to use his real name.
:)
Probably, at least. Granted, you'd think he was just being a Richard and it needn't have anything to do with his name, but think about--someone leaked MS's follow-up email to people named Richard. Might it have been the Richard we're looking for?
...the whole class being kept behind at school until they found the culprit.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
"The software preview was posted on the site by a user named 'Richard' soon after it was released to a small group of testers."
I'd think that Microsoft's bigger question whether someone this dimwitted should allowed to work with their code. Why would I not be surprised if "Richard" really was the guy's name. Talk about poor judgment.
Three Squirrels
...for leaking the letter too.
Translation, "Are you the Dick who leaked?"
[
Sheesh,
this is about as well-thought out as the no-fly list "algorithm". Well, Abdul looks a bit like Andrew so you're a suspect, eh?
If they didn't watermark, or put some other individual identifying marks in each of the CTPs handed out, then they have no clue who leaked it, and punishing the innocent is not going to improve their chances.
Dear Slashdot,
Thankyou for agreeing to help publicize our new products by spreading information about our phoney leak. You have my personal assurance that if we ever find this "Richard" character, I will be certain to punish him very severely for creating public awareness of our super-innovative new server software. Gosh, I do hope no-one downloads a pirate version and sees how awesome it is!
Also, thanks for your good work on the Xbox 360. Who would have thought so many Linux dorks would be willing to buy into our wall-to-wall DRM and platform lockin?
-- Bill Gates
(This is a private email, right? IE is doing something strange....)
Oh...
And I wonder why Kevin Beares thinks it was a Richard who leaked this. If I was doing such a thing, especially when there are only a small group of testers, I would use a pseudonym. Richard is as good a one as any other.
Also, I wonder how he thinks he can work it out? Contacting the ISPs perhaps? (From the article it seems as if the webmaster for the site where the leak was posted will help.) I'm sure all the testers will deny being "Richard" of leaking fame.
This whole thing seems like a big beat up.
I wank in the shower.
The next time this guy decides to leak something under a false name I suggest he try 'Bill' instead of 'Richard'.
Bill
OK, get me if I am wrong here but the testers were working for free, correct. If MS (or any other company for that matter, even Apple), does not want to pay for work, then they take their chances. If they want testers that will follow their rules, they should pay the testers then. Very simple concept.
Could it be Richard Stallman in the conservatory with the wrench?
Which one of you Bills is abusing your monopoly?
Well for starters:
1) Single instance store automatic differential backups. none of this shitty "dd" stuff; this compares each 4 kb block with a database on the server and only uploads ones that have a different hash. Very efficient and very nice.
2) Automatic warnings if any Windows machine on your network has AV or AntiSpyware turned off.
3) Automatic warnings if any of your machines has not backed up in the last several days. (and the software will wake machines from sleep mode to do the backup and then have them go back to sleep).
4) Ability to serve as a remote control gateway to your computers (where you go to the website of the server and can initiate secured remote desktop sessions to your other machines from there with only 2 ports forwarded to the server and none to any other machines.
But then again, I have actually tried the beta instead of just making shit up about it.
Did they ever stop to consider the fact that besides these testers, undoubtedly lots of people on the inside will have had access to the leaked version?
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Anyone have a torrent of this so called leak?
Only the State obtains its revenue by coercion. - Murray Rothbard
"Dick leaks, causes embarassment."
That's not really front page news now, is it?
I'm sorry this does sound kinda cool for a Windows environment, but in the Linux world, WHS looks a day late and a dollar short.
Under the influence of Post-Cyberpunk Gonzo Journalism
Wouldn't it be funny if all of them contacted MS, claiming to be this Richard?
Duct tape is like the Force. It has a light side, a dark side, and it holds the universe together.
"Intended for users who have never seen or touched a server OS."
Yeah, that's the supposed Idea. I remember when they pitched that line for NT, too.
"Redundant storage and hot pluggable drives for those for whom RAID is an insect spray can."
If you don't know what RAID is, why would you bother specing a home-pc with hot swappable drives?
"To add storage just slip in another drive and you are good to go."
Yeah, assuming you got a server chassis with hot swappable drives. Which, by definition, the end-user this is targeted at doesn't.
"Automated backups for every system on the net. Recover older versions of files. Single instance storage"
Yeah, that's a good pitch, too. So far? Vapor-ware!
"Remote access and administration. Remote control over the web --- again, intended for users who have no experience in any of this."
Oh, there's a security hole just waiting for a portscan to come along!
This is aimed at Fanbois who just don't have the brains to make the leap to Ubuntu or Fedora.
IOW, A cute toy.
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
I hate to break it to you, MS, but the higher-end linksys routers (for about $100) now have a usb port where I can stick a hard drive and share it with all the network even if I'm not real computer literate. Likewise, the airport extreme from apple does the same.
I'm not sure what all your "home server" does, but coming from you it probably uses far more hardware than most people want to buy for the purpose and it probably locks me into using one of your buggy, insecure operating systems to access it. Put another way, you're going to have a tough time convincing people who want to have a hard drive shared on the network (probably 99.99% of all people who would want a "server" in the house) to go with your buggy crap rather than the linksys router.
I might be wrong, and laugh at me in 10 years if I am, but I really think you guys are getting in a huff because someone leaked your latest "Microsoft Bob" to the world.
By the way, the people who downloaded it probably didn't do so to use it; it was probably most hackers getting their paws on it to figure out how to break into it.
Do you have ESP?
Want a Windows Home Server? Load a copy of Linux/*BSD and Samba on to a spare PC.
Want to save some power, desk space, and money on hardware?
http://www.simpletech.com/commercial/simpleshare/
Here is a Linux package without the bulk and power requirements of a PC. The wall wart to power it is rated at 36 Watts max. It provides disk encryption, user based or share based access control, SMB and nfs. With the addition of external USB drives it provides RAID mirroring and striping. If you don't use RAID, it can simply expand using external USB drives. If you are not using both USB ports for drives, it can be used as a USB printserver.
For the ultimate geek, the firmware is hackable. You can add telenet for example. No warranty for making a brick however.
Units other than the 160 Gig model have a 3 year warranty. (I've used it. I mis-configured the software by enabling user based rights and share password based rights (a no-no that is not documented) and they recovered it under warranty.
Drive spin-down works except under version 1.07 of the firmware where drive health monitoring keeps it awake.
The truth shall set you free!
1) Single instance store automatic differential backups. none of this shitty "dd" stuff; this compares each 4 kb block with a database on the server and only uploads ones that have a different hash. Very efficient and very nice.
Sort of like rsync, bacula, amanda?
2) Automatic warnings if any Windows machine on your network has AV or AntiSpyware turned off.
With *nix, we have essential services started automatically at boot time. I'd be interested to know if it checks for Microsoft AV and antispyware software only, or any companies. If MS only, possible antitrust violation here.
3) Automatic warnings if any of your machines has not backed up in the last several days. (and the software will wake machines from sleep mode to do the backup and then have them go back to sleep).
Easily set up on Linux, I presume *BSD also.
4) Ability to serve as a remote control gateway to your computers (where you go to the website of the server and can initiate secured remote desktop sessions to your other machines from there with only 2 ports forwarded to the server and none to any other machines.
Remember the GP's request? "Please tell us what features Microsoft Home Server has that are not available for free and already in widespread use on the net under Linux." Why would you even bring up remote desktop sessions?
But then again, I have actually tried the beta instead of just making shit up about it.
Yes, but you didn't mention any useful features not available in linux/*BSD for free. 1,3 and 4 are available and included in mainstream linux disto's (again, I presume *BSD also, but easily obtainable if not). Without further info, 2 seems possibly aimed at increasing Microsoft marketshare of security products, despite (so I hear) being among the worst available, and even if it isn't, it doesn't seem very useful. Set up your AV etc to run as desired.
http://marriedmansexlife.com/
For right now, you have no access to the beta until I can find the Richard who posted the WHS (Windows Home Server) CTP on this site.... I will work with the Connect Admin team to determine which one of you is the real culprit of this leak.'
It's great to know that a corporation always has plenty of funds for a witch-hunt even if product security is sacrificed due to "budget constraints"...
Seven puppies were harmed during the making of this post.
If this was Apple, we would get a bunch of people bitching about Apple's secrecy, like we always do. Kudos on the "I'm pointing out Slashdot double standards, mod me up!" karma whore routine, though. It's a worthy classic.
And you're wrong, there will be plenty of Microsoft shills defending Microsoft.
"Sufferin' succotash."
Unless this person was exceptionally stupid and brags about it, they are home free. Their ISP will *not* release the information.
Of course, this does bring out that simply having someone sign an NDA in today's climate means nothing. If you release a product to beta testers, they are going to feel free to distribute it to potential competitors worldwide without any fear of retribution. Why? Because it can be done and it isn't going to be traceable.
I suppose you could watermark each copy that is distributed. It would be a hassle to do and still probably not really mean all that much. Yes, you might then be able to visit some kind of retribution on the person that did it. Do you really think they are going to care? I think most people these days would regard having letters sent to their employer from Microsoft as sort of a merit badge of achievement, even if it got them fired.
Any sort of anonyminity will result in this kind of behavior. Most people - not everyone, but most - will do things they would never consider doing if they believe their actions cannot be traced back to them. Would you rob a bank or steal someone's wallet? Most people would not. Would you pick up a wallet in an alley that was clearly abandoned and take whatever was inside? Most people would if they were sure nobody would see them. Nobody sees you on the Internet, and the ISPs believe they have an interest in keeping users isolated from consequences of their actions.
WIM is a mashup of existing technologies reformulated in to a proprietary format, nothing else. Cron and tar is what I called a hack, I use it for the most important stuff like /home and /etc. I don't need some fancy image space saver because there is never duplicate files in my backups each only backs up what was modified since last week, really simple actually. Just three backups of the stuff most likely to break for the past three weeks.
If they have 3rd party software that works fine too. Mine has McAfee (came with it) and that AV and Anti Spy works fine with it. So do all the others.Fair enough, but what if I have systems that don't run AV or antispyware, what if I also have a Mac on the network or a Debian box? Sorry, but I can ask questions about this all day.
What if they don't run because the machine has a dependency issue or some other software broke the backup?All the more reason to use cron and tar or stay in the official repository of your favorite distribution. For home users I suspect the most likely reason for missing a backup will be that the computer wasn't on to begin with. Which will be really annoying when every time they start their computer they get a warning and a slowed network while the backup system commences or even just pokes it's nose around their computer.
No, but it is very nice and it is a lot easier to setup for a real home user than most anything else.Back to the point, *nix has offered all of this and more for YEARS. The usability aspect can be patched together over Google's summer of code by some moderately intelligent CS sophomore. I'm happy Windows users will be able to poke their noses out of the cave a little bit, but don't go on acting like Microsoft has something *nix doesn't, cause *nix has had it for years and Microsoft's implementation is barely in beta. Microsoft is playing catch up again and calling it innovation, nothing to see here.
Under the influence of Post-Cyberpunk Gonzo Journalism
That was my first reaction.
Msft: Who leaked this onto a newsgroup?
Lackey: The username on the account was "Richard."
Msft: Richard who?
Lackey: We don't know. The account name is just "Richard."
Msft: Suspend all priveledges to anyone with a "Richard" in their name!
Lackey: Sir, yes sir!
Msft: Man, this Richard guy is a real dick.
Lackey: *snickers*
Msft: What?
Well, what can we say?
The typical Microsoft=Evil bash aside, their response was rather understandable and logical. They have beta-software, and they have low number of people who a previewing/testing that software. That software ends up leaked on the internet. Thus the only logical conclusion is that (at least) one of those people is responsible for the leak.
Assuming that leaks is not what you want and that somebody who leaked software before, will do so again, it is best to freeze the entire process until the one(s) responsible has been found. Also assuming that they accepted a NDA (the usual stuff forfeiting your propery, soul, and firstborn) this one guy or gal will not be in a happy place.
So, all in all, its nothing extraordinary.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
Based on the little that is known, the most obvious explanation is that this leak was intended to be discovered (there's no shortage of far more public sites that would offer far greater protection to the person involved) and that in turn makes the idea that an actual "Richard" was involved much less likely.
We won't know until the culprit is found (if they ever are, and if we ever have any reason to believe that anyone unmasked isn't simply a convenient scapegoat) but if I were in this Kevin's shoes, I'd be far more interested in gathering information than issuing threats. For that matter, Mandatory Access Controls have existed for decades. Why was such valuable IP even placed under a discretionary access control system?
(For those not familiar with MAC, it's a concept popularized by the US military but widely used in any secure environment. The idea is that the controls prohibit a user from copying to a location with weaker controls. In the military, you don't want people copying Top Secret files into an unclassified filespace or reassigning them to a user of lower classification, for example. So you simply program the access controls to block any such transfer. Properly implemented, there is no "superuser" - no need of one - and there is no possible way of violating permission boundaries directly or through privilege escalation.)
Yes, this is theft. So would be taking a hundred dollar bill nailed to the gatepost. At some point, a little personal responsibility is called for and a few reasonable precautions should be taken. Kevin Beares' bosses should be asking why neither has happened here - although that might be asking a bit much of Microsoft. Failure to secure trade secrets has, in the past, been grounds for courts to nullify the protections on those trade secrets, and undue harassment by employers of employees has spawned its own lawsuits. (If a Richard isn't found soon, with definite blood on hands, harassment suits can't be far behind.)
This is a very ugly situation for Microsoft to be in and they are hardly an innocent party as they have clearly shown they are not using suitable methods to protect that which is theirs. In a world that has been manipulated into believing there's a bogeyman hiding in every server cupboard, being able to protect your own is key to keeping the confidence of customers. The rights and wrongs are totally a side issue in all of this. The fact it was even possible is everything.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Why is Microsoft even putting a lot of work into WHS? Most people have already moved onto DWD. :P
Carbon based humanoid in training.
Should have posted it under the username SteveBallmer
+5, Truth