Slashdot Mirror
Visual Studio 2015 C++ Compiler Secretly Inserts Telemetry Code Into Binaries (infoq.com)
Reader edxwelch writes: Reddit user sammiesdog discovered recently that Visual Studio 2015 C++ compiler was inserting calls to a Microsoft telemetry function into binaries. "I compiled a simple program with only main(). When looking at the compiled binary in IDA, I see a call for telemetry_main_invoke_trigger and telemetry_main_return_trigger. I cannot find documentation for these calls, either on the web or in the options page," he wrote. Only after the discovery did Steve Carroll, the dev manager for Visual C++ admit to the "feature" and posted a workaround to remove it.A Microsoft spokesperson confirmed the existence of this behavior to InfoQ, adding that the company wil be removing it in a future preview build. For those who wish to get rid of it, the blog writes: Users who have a copy of VS2015 Update 2 and wish to turn off the telemetry functionality currently being compiled into their code should add notelemetry.obj to their linker command line.
No escape.
wow wtf Msft. Just when they were getting good about .NET and open source and their stuff was getting good as a product. Seriously stupid and not a good business decision. Sounds like that Carroll guy needs a new 'role' at Msft.
Microsoft has shed all pretense of shame and is adamant to infect everything with their spyware/malware behavior. This is very unfortunate. They keep removing any remaining reason to stick with Windows over OSX or Linux. Sad.
I suppose MS will learn from this and hide it better in the future.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Who would ever have thought Steve Ballmer would look good in comparison to the sniveling sneaky 'meanderer' Satya Nadella. For the apologists, it's a corporate culture thing.
like malware.
"It is just a way...." Really? REALLY??!? What the h*ll is Microsoft thinking.
Their compiler should do one thing and one thing only. Take the source and translate its instructions into machine code, so the computer performs the instructions as described in the source.. Nothing less. Nothing more. They have NO excuse whatsoever to include extra stuff to their benefit. Just that fact that you defend this behaviour is scary.
To Terminate, or not to Terminate, that's the question - SCSIROB
Ken Thompson must be spinning in his grave!
1984 wasn't intended as an instruction manual.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
If it's telemetry it's bad. Period.
Imagine writing highly secure software only to find out the fucking compiler is placing a telemetry backend into the binary. Regardless of the purpose or intent out destination, it's bad.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Embedding malware via their compiler? Wow a new low
No matter how Nadella tries to spin things and give them a new image, MS still sucks worse than ever.
Little known fact: g++ has had the same ability to insert spyware for a long time. It's described about line 39885 of the manpage. All you have to do is invoke is via:
g++ --mrelocate --use-upper-reg-halfs --insert-telemetry-libs --mnetwork-lib --include-nsa-stubs --include-fbi-stubs --omit-eff-stubs --no-powerpc --no-fpu --disable-optimization --use-network-capture-prologs --fuck-snowden --section215-includes --fort-meade-includes --fiveeyes-libs --use-eschelon-libs --omit-greenwald-reporting --prism --enable-gchq-sharing myfile.cpp -o myfile
That does the same thing as Visual Studio. Easy peasy. Dunno why Microsoft always acts like they invented everything.
they should have spoken to Ken Thompson first.
A Microsoft spokesperson confirmed the existence of this behavior to InfoQ, adding that the company wil bel removing it in a future preview build
...because it was finally discovered. If it hadn't been discovered, does anyone honestly think they would be removing it? Of course not.
VC++ dev manager explained that this is not the telemetry you think it is. It is just a way to gather perf statistic that have been badly named.https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/d30dmvuMS does a lot of shady things, but that isn't one of those.
Hey man. I have a bridge in Brooklyn that is for sale. You need to buy it, no really, you too can own a bridge.
Hey man. I have a deed to the moon. You need to buy it, no really, you too can own the moon.
Hey man. I have pictures of your mom. You need to.... Yeah.
Even if this telemetry were perfectly innocent (likely not, if Windows 10's spyware is any indicator), the fact of the matter is that Microsoft have now compromised their own compiler using Ken Thompson's compiler attack.
When will this madness end? Is MS now just an arm for the NSA?
Yup. Apparently Microsoft's new culture involves the same old astroturfing practices.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It's shady, unless the developer enables it. IOW, it should not be ON by default.
This is the standard BS that all companies that are involved in spyware, say. Any telemetry should require permission from both the developer of the software and the end-user. Otherwise, it is unethical and illegal.
I hear a lot of chatter about how the Rust programming language is supposedly "better" and "safer" than C++ is. But has anyone done a full and independent audit of it to make sure Rust's one (and only!) implementation isn't inserting unexpected code, malicious or not, into the binaries it generates?
At least with C++ there are numerous capable and independent implementations out there we can use if we have any doubts. If, for example, we don't want to use Visual C++'s compiler, we always have the option of trying GCC, or Clang, or Intel C++, or one of the compiler from one of the other vendors. But since there's only one Rust implementation, we'd be up shit creek with no paddle if we ever questioned its reliability!
So unless you're a weekend hobbyist creating yet another Rust library that you'll toss on GitHub and then neglect to maintain, I don't see how Rust can be used for anything serious until it has at least two capable implementations developed by separate and independent parties.
"It's for catching application crashes."
And if an application crashes - that's what DRWATSON is fucking for. NOT telemetry code insertion.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
That doesn't make it okay. And redmond is on a "do shady things" binge... again. Shouting "FUD" at that deserves a "NO U SHILL" answer.
So no, they should have documented the thing properly and perhaps not given it a stupid name. But then, having to add object code to remove unwanted crap from your binaries -- that they didn't tell you they were putting in there in the first place -- is completely arse-backwards... as usual from this outfit.
When you consider that MS backdoored OS, compromised compiler is, comparatively, much lesser sin.
Its not to their benefit, its the developer's benefit. It tracks time and memory usage, some nice tools in VS 2015.
Example... put a couple breakpoints in code. Stop at one, continue to next, it will tell you how long it took to get to second break from first one. Give a running total on right of memory usage as well.
Don't like it, turn it off. I would bet it gets turned off in release mode anyways (I didn't check though). None of it is secret, they are literally bragging about doing this every chance they get.
Debugging symbols and hooks should be an OPT IN you idiot. Even if they're harmless they slow down the program and make the binary larger.
Do you have any real evidence that that's happening, or are you just making unsubstantiated allegations?
OMG. Microsoft wants to help you stop having applications crash! The horror!
Wow, MS is sending the Shill Troops out early. Expects many walls of texts, lots of word like 'grandpa,' "get with it,' 'no he di-int' and lots of privileged white kids trying to use street talk.
To outright steal a comment I read in another tread: "Hoodies Up! Drawstrings To Maximum Tightness! Engage!" Weeeeeeee!
Looks like the solution is to statically link function stubbs. Which means a smart dynamic linker could very easily undo this. And if they were brazen enough to add this to the compiler in the first place they are brazen enough to "fix" the binary with a smart dynamic linker.
But then there really is no solution as the exec dispatcher and dynamic linker could always implement some form of telemetry.
The real solution is an OS vendor that is not going to pull tricks like this.
You would think that the IDE would be smart enough not to insert extraneous calls for trivial programs.
Even with Windows 95 and Windows XP, Microsoft would always log the times that an application was run, the file path of that application and who ran it. That would include anything from web browsers to compilers, word processors and games.
The fuck you say.
It's like writing code for 'hello world' and getting 'hello world, fuck you very much'. A compiler is supposed to compile my code, without anything added.
What compiler MS used for Windows 10.
'We did not add any telemetry in Windows 10. It was the compiler, I tell you.'
Boy this is at the scale of the Ken Thompson attack. Compilers that insert backdoors
http://c2.com/cgi/wiki?TheKenT...
Some drink at the fountain of knowledge. Others just gargle.
Everything Microsoft spies on you. Bill is a huge fucking pussy. XBox,Windows,even virtual machines if you use Microsoft Hyper-V can't be trusted.
https://www.helpnetsecurity.com/2016/06/10/telescope-technique/
Did he ever find out what feed_all_keystrokes_and_web_sites_to_nsa does?
There is no return version of this, because history shows a nation never returns from it.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Why don't we see similar outrage about the telemetry that Firefox includes?
Here are some examples of the data that Firefox sends to Mozilla:
American proofreading.
Failure to protect your privacy is inevitable. This time you can just see it coming
If you compile it with the evil flag, of course the compiler will set the evil bit. (The evil flag is implicit and undocumented.)
Imagine writing highly secure software for Windows. Regardless of the purpose or intent out destination, it's bad.
FTFY
There has always been stuff that runs before and after main(), there has to be, this is a nice feature that accidentally got included all the time. The built in profiling is really nice. The bug will be addressed at the first opportunity.
http://www.tenforums.com/windows-10-news/51159-how-msfts-tricky-new-windows-10-pop-up-deceives-you-into-upgrading-27.html
Microsoft is the us government's bitch. Do they look split into two corporations? Bill Gates is a fucking pussy.
Yay! This will finally settle that silly debate about which is more secure, open source or proprietary software.
VC++ dev manager explained that this is not the telemetry you think it is. It is just a way to gather perf statistic that have been badly named.
https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/d30dmvu
MS does a lot of shady things, but that isn't one of those.
It's not shady to inject undocumented code, that collects system information, into binaries? I'm pretty sure that there would be a shit storm if some of the software I wrote tried to phone home on the protected networks it's used on. I suspect that was how this was found the software started setting off firewall warnings and they traced it back to the the compiler.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
It's so heartwarming to see the long-theorized 'backdoor the compiler' attack finally gaining commercial acceptance and enterprise support!
http://www.pcworld.com/article/2365060/microsoft-caught-astroturfing-bloggers-again-to-promote-internet-explorer.html
Microsoft is the shilliest!
Steve Carroll, the dev manager for the Visual Studio diagnostics team, responded directly to these concerns on Reddit. The rest of that whole thread is pretty informative as well.
Visual Studio adding telemetry function calls to binary?
So one can imagine a case where a program crashes and sends telemetry to microsoft from inside a secure computing enviornment or otherwise exports secret bussiness data. This could invalidate MS from all government computing.
Some drink at the fountain of knowledge. Others just gargle.
nobody has a real need for that closed source software any more, simply do not use it.
LOL. Hit too close for comfort, didn't it?
Imagine writing highly secure software only to find out the fucking compiler is placing a telemetry backend into the binary.
Well, I sure as hell hope anyone writing highly secure software isn't that damn oblivious.
And this shows you why access to the source code is not enough to audit software.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
The proper way to do that would be to simply write better exception error messages generated by the core, or better documentation.
It is not to send all error messages back to the mothership. That is typical insecure Microsoft garbage foisted on the entire community, making them all insecure.
"Telemetry! Telemetry! Telemetry!" seems to have been the decree screamed from the ivory tower of MS leadership to the devs crafting Win10.
Seems like desperate flailing to maximize profits from the terminally declining Windows hegemony.
One of the big features coming to Debian are reproducible builds. Reproducible builds designed to help detect and defend against compromised binaries, including those of a compiler. Although in this case MS may have deliberately done it with their compiler, techies have been warning against these kinds of attacks for years. If you don't think the NSA is targeting compilers, you're naive. Although it won't get the traction it deserves, this story is huge and really exposes how evil and shifty Microsoft is. Who knows, there could even be an NSA angle at work here. What I'd like to see is a class action lawsuit over this. Surely some company would have standing in a case like this.
Excuse me? What? Why do I want MS collecting ANY statistics on MY program? Who authorized that? I don't care WHAT the MS shill is claiming...and 'poorly named my ass'...they got caught & now scrape up an excuse they think you'll buy. O, and let's be clear here, these are entirely undocumented calls, if they wanted you to know about them & make a conscious decision to use them they'd document them & require a flag to compile them (e.g. 'opt-in') NOT a flag/command to srtip them out (opt-out).
If this isn't enough reason to drop anything MS related then there is no hope for you.
Bought a quick URL from GoDaddy, but never used free Office 365 which is associated with it.
Suddenly Little Snitch on my Mac was reporting maybe 5 dozen or more attempts to send data out even though I clicked "Never" & MS would try to send out to a new URL.
I park my car in my garage, which is in my house.
A few years back, I was in a car wreck. Therefore, my house tried to kill me.
And that is exactly what it does. Of course, your code probably also calls - and links in - a lot of THEIR code and THEIR code adds the extra bits. Which means you really didn't do YOUR job and think about the implications of what external code you added to yours before you released it to your customers.
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
telemetry_main_invoke_trigger and telemetry_main_return_trigger.
Oh why, oh why they didn't name those calls threeletteragencysurveillance_main_invoke_trigger and threeletteragencysurveillance_main_return_trigger??!!
Oblivious to an undocumented telemetry function? Or oblivious to the fact that using Microsoft development tools means your sending out vulnerable binaries that send potentially unknown data to an external server on the Internet?
The world's burning. Moped Jesus spotted on I50. Details at 11.
There needs to be a law, if one can not be found that already can already cover this, but "faithful" generation of object code from source code is, by definition, what a compiler does. There MUST be *some* product law that covers intentionally inserting functionality without the user's knowledge.
Yes, it was bad on Microsoft's part. It was stupid to not protect it by default. However, it's been addressed, removed from Update 3, and there's an option to disable it. It appeared folks were moving on, but then again, this is Slashdot.
Honestly, seems like infoq dug this out of the grave simply to get some page hits ("Here's an anti-Microsoft story! Let's post it to Slashdot and roll in the hits so that we can be relevant!"
It inserts that into RELEASE binaries, you IDIOT.
Do you have any real evidence that that's happening, or are you just making unsubstantiated allegations?
how is this for evidence that people are shilling:
"It's for catching application crashes.
Jason"
If it's for "catching application crashes" then how come they never told the application developers?
Unfortunately, that's not been true ever since the first version of ANSI C was released, the most common word in the spec being "undefined."
(TBH, this sounds like a storm in a teacup. So some code that, despite the name, turned out to be debugging/profiling crap got into the compiler? So what? Other than minor performance impacts that obviously are so minor nobody noticed, I'm failing to see how anyone was harmed by this.)
You are not alone. This is not normal. None of this is normal.
to the masochists that persist on using their software (myself included, but not for long).
Microsoft is clearly planning to move to a future in which they, with total control of the desktop, have a better ability to spy on,and advertise to, users than companies like Google who only have access to the browser activity of users. They have seen Google become far more powerful (even becoming embedded into the White House and several other national governments) and wealthy while making and selling NOTHING as Microsoft was actually making and selling both hardware and software. They seem to have decided that the future will be a free OS with free desktop and free browser that is ubiquitous and that spies maximally and advertises mercilessly, and makes Google and Facebook etc obsolete second class citizens in a commercial sense (because THOSE companies will have far less access to user info than the company that controls the computer).
This explains why they are forcing everybody to move to Windows 10 with who-knows-what built-in spying AND who-knows-what built-in ability to quietly install more remote controls, spying and updating later. Why else would they have done so many "free" upgrades from relatively recent OS versions when in the past they changed around a hundred dollars for each upgrade? Even the tawdry update from DOS 6.2 to DOS 6.22 cost users nearly a hundred dollars for no real improvement.
To achieve their aims, they need everybody to move to the newest flavor of Windows that has been rebuilt with the modern support mechanisms they are putting in place. Users with older versions of Windows that pre-date the strategy shift and lack the new remote control/monitoring/updating/telemetry/etc capabilities need to be replaced. After everybody is on Win10, any future discovery of spying in/by Windows can be apologised for as a "misunderstanding" and then be quietly and secretly replaced by a new and different back-door in a future automatic update using the new "features" buiklt into Windows 10 and newer.
This newly-discovered junk only shows that they have reached the point of even glomming onto the applications that users and other vendors build with MS tools to run within the new "Big Brother" versions of the MS "life experience". This proves that even programs like Chrome or Firefox, when built with modern Microsoft tools and run on Windows 10 and beyond are not trustworthy and not secure.
Visual C++ does debugging symbols in a separate file - a PDB. This looks to be worse than their normal debugging symbols as it is actually in the program. But it is the exception, not the rule, to the way they normally do it.
No, by catching is meant recording the data and only sharing it if the developer deliberately and actively chooses to share it by sending them a file containing this recorded data.
Why doesn't one use Linux and GCC?
What the fuck Microsoft? Now you want to insert Telemtry spying into the programs that people build with your software?
This is getting ridiculous.
I am impressed with your well thought out and deeply insightful arguments. Amassing that much evidence that the Developer was lying must have taken a great deal of time and effort, and it's important that we should all recognize your efforts.
You truly must have worked to be so witty - or rather, get halfway there.
Most of now have privacy policies where we disclose what data we collect and what we do with it. If that disclosure is defective, you're in legal jeopardy for failure to disclose. Thanks for the poison pill, MS!
And, haven't they considered that the whole Apple/FBI thing might have implications for them and their developers, just maybe? If not legal issues, then PR at the very least? Stunning!
I assume that Microsoft compiles its shipping products with some form of Visual C++.
Does anyone know if these telemetry calls are made inside those products? For example, inside Microsoft's shipped versions of SQL Server?
And if so, does this mean using those products for handling HIPPA or PCI workloads is illegal?
Oh, for christ almighty sake. Could you possibly be any more of a sellout?
As you have already called out, what the code does is trigger an ETW event which, when itâ(TM)s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs)
Microsoft by default includes and enables Remote Access Trojan in Windows 10 with capability of exfiltration of anything from your system without your explicit knowledge or consent.
https://web.archive.org/web/20...
Microsoft doesn't provide paying customers an option to stop persistent cyber stalking of their systems and activities.
https://web.archive.org/web/20...
Microsoft constructs intentionally misleading interfaces and systems designed to intentionally leak personal information and trick people into submitting to things they don't want.
Now they are collecting "telemetry" from software compiled with visual studio...until...oops we got caught.
There is a new culture in the industry fueled by disrespecting your customers in every way you can possibly get away with and then some. It is part of a concerted top down conspiracy to put PC as an open platform genie back in the bottle. It is about supporting a post ownership vision of the future where customers are the product and vendors are all powerful kings.
Hopefully the cumulative effect will be enough interest into use and development of alternatives to eventually push Microsoft into bankruptcy. This is what they deserve.
The function could have been "windows_10_forced_install"
Yes Francis, the world has gone crazy.
That is an interesting article.
I bet they never planned to remove it until they got caught.
They are acting as the same entity.
I don't understand how you deny this let alone not come to this conclusion yourself. The fact that two entities of comparable size that have been caught doing the same thing should be some clue. Not to mention the many ways that they are deeply in bed with each other.
Is it too much to put together for yourself?
There is no terrorism threat.
Complete surveillance has been brought into existence to control you, you are considered to be the potential "terrorist". Every single one of us is. The purpose is to ensure that the transition from human labor to robotic/computerized labor is "smooth". Meaning no one tries to stop the destruction of the vast majority of the population.
'But wait, what? You mean to say that people who have no use to society won't be supported by society?'
People who do not have work run amok, regardless of any comforts they have.
Consider that the psychology of the average person is a known system. Consider the example of the effectiveness of advertising or politics. It's easy to tell people what they want to hear, and even easier now because most of their thoughts are being directly monitored through surveillance and mined for patterns.
Basically these people could be convinced that everything that is bad for them is good, and it would be a short matter of time until they destroy themselves.
Genocide through manipulation.
But how on earth to describe this to anyone in such a way that they don't reject it immediately? Is there any hope?
To be fair, this only seems to be if you use MS's compiler, and I don't know of a single company that uses it for commercial-released products - code analysis, and dev-testing, at most. I'd further suspect you agree to it with their EULA; because, if not, this could open them up to a huge lawsuit - the kind that's makes lawyers salivate.
Not defending MS here, but in what bizarro world do debug symbols "slow down the program"? They're just symbol entries in the image that never even get loaded during normal use.
Hooks is a different matter, but symbols?
Furthermore logging when executables start and close doesn't seem too useful when investigating performance problems. Carroll say's that the feature was abandoned, so perhaps that's why it seems mostly useless. However this feature is not useless if the purpose is to determine which programs the user runs and for how long. I'm suspicious enough about Windows 10 to suspect that's already happening at other levels.
Yep, looks it does: http://winaero.com/blog/how-to...
One way to find out if these functions were intentionally meant to explicitly spy on userland programs would be to check whether it is enabled for executables contained within Windows 10. If it is in Win10 exes, and telemetry_main_invoke_trigger is truly useless, I wonder whether it will be removed in the future when Windows gets rebuilt with a newer compiler.
What do you get when you cross a mountain-climber with a mosquito? Nothing! You can't cross a scaler with a vector.
And even if it isn't telemetry in the sense that it is sending information to the mothership, it means it is still dumping debug code somewhere, even if it's just on your hard drive, which means that on every person running the bloody binary, it's dumping debug code to their hard drive, with the potential of security breach and, if nothing else, just making the application slower. It is always bad form to have debug code active in a production environment. Always.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Do you happen to know if any of the release notes with the early-preview code disclose the fact that the builds include this telemetry?
Or oblivious to the fact that using Microsoft development tools means your sending out vulnerable binaries that send potentially unknown data to an external server on the Internet?
IS that a fact, or are you just speculating?
In any case, no. I mean, oblivious to their network activity and whether or not ANY AND ALL binaries they package are sending ANY packets over the network.
It is just a way to gather perf statistic...
What happens when you figure out that that is exactly what the complaint is? And that many consider it "shady?" ;)
Will these telemetry packets be sent with their evil bit set?
Ken Thompson's work was beautiful and subtle - a compiler disguised all evidence of its backdoor even when you write code to search for these backdoors or when you compile the compiler itself.
True. But that works only when there's one compiler available for a particular language. If you bootstrap a compiler with three independent compilers, the backdoor is highly unlikely to persist into all three according to "Diverse Double-Compiling" by David A. Wheeler. Compile the compiler A with multiple compilers B, C, and D, and then compile A with (A compiled with B), (A compiled with C), and (A compiled with D), and you end up with (A compiled with A), (A compiled with A), and (A compiled with A). If they're identical, then B, C, and D have either no backdoor or an identical backdoor. Which is more likely?
Of course, all this requires that source code for A be available to the public or at least to a person trusted by the public to release compiler binaries. This is true of TCC, GCC, and Clang, not so much for Microsoft C++.
Imagine writing highly secure software only to find out the fucking compiler is placing a telemetry backend into the binary.
Many people are in a hard position here, because they have decades of bad-mouthing FLOSS and they're too embarrassed to want to say, yeah, this implies that people have to have access to the source to know if trust is reasoned.
Performance tuning is useless in a debug build.
There exist builds other than release and debug, such as profiling builds. These are in fact designed for performance tuning.
And apparently some of these disgusting sociopathic creatures have mod points.
Here's a bit of advice, MS shill. Being a shill is the lowest activity there is. There are people that eat dog feces who I'd rate higher than a shill.
The world's burning. Moped Jesus spotted on I50. Details at 11.
You're right that it's strongly preferable for there to be multiple implementations. I really do take any language a little less seriously if it only has one.
But it's not a total dealbreaker, and the one implementation is there for anyone to look at. If it has malware in it, that malware has nowhere to hide. That's why this is totally wrong:
No, that's just it: you're not up shit creek if you question its reliability. If you question its reliability, you can go looking for answers. There are things you can do about your predicament, so the shit creek imagery is inappropriate. It's with proprietary compilers (such as Microsoft's) where if you question its reliability then you're up shit creek. Sure, you can use another compiler that you trust more, but that doesn't give you the answers. It just makes the question become irrelevant.
Having to explain this night-and-day difference reminds me of trying to have an argument about science with a "skeptic" of evolution or global warming. Those people don't seem to understand that science deals with questions and once a theory is confirmed enough times, the contra side shouldn't be called "skeptic" anymore; they're disbelievers. And that's fine. But use the right word instead of trying to deceive everyone about your belief that the scientific method doesn't work.
You aren't questioning the Rust compiler, because if you had questions, you would go get answers. You're simply stating that you don't trust it (and that you don't intend to address the lack of trust, either by catching it doing something naughty or clearing it of any specific charges of wrongdoing). That isn't questioning; that's out-of-hand rejecting.
And that's your right. Just don't lie about your feelings on this, and then you'll be able to get along with other people instead of pissing them off with your bullshit.
Until then, though, you sound like a creationist. Your neat idea (Rust has backdoors / Enki etc created life on Earth) is consistent and elegant, and also has no evidence to back it up. Meanwhile, people who actually want to know truth, go do something about it, by testing their ideas.
You desperately need help for your mental health issues. You have to be one of the angriest and whiniest people I've ever encountered. Grow up. You attack people endlessly, then whine when someone mods you down. Deal with it. Your post didn't contribute anything to the discussion and the parent didn't, either. Both were modded down as they should be. Get over it.
So let's say they remove it from the compiler. How much hidden cheap is in the DLLs we link to just to run on Windows?
Considering that the binaries provided by the Python project are generally compiled with Visual Studio, and considering that many if not most new comp sci / programmers now learn python, this is especially troubling.
It is my hope that the Python BDFL and Python Software Foundation will move away from Visual Studio for Python binaries before long ...
Thank god I don't use that bloated piece of spyware crap.
I believe the answer is yes. Likely why feedback and diagnostics can no longer be completely disabled. I know for a fact that similar data is collected for Windows store apps, regardless of whether or not the application itself actually offers telemetry.
I write a standalone program. I include no network functionality whatsoever. Are you seriously telling me I should have to run a network sniffer against it because I don't know what it's doing on the network, and if I don't, it's somehow my own fault for not knowing what it's doing?
I wrote the fucking thing, and didn't tell it to communicate over the network. In what fucked up world should I expect it to make network connections, when I haven't programmed it to?!
"City hall" in German is "Rathaus" Kinda explains a few things......
VS2015 Update 2 introduced IDE support for Application Insights, an Azure-hosted desktop/web application performance and error analytics service. We use it at my work - it's great and super easy to get up and running and use. I assume these are just enabling methods for generic application-wide logging/telemetry-based functionality, and I'd put my money on them not sending any telemetry data by themselves. The word "telemetry" in the method names was probably a bad choice, considering how many of you it spooked.
Go away APK
The world's burning. Moped Jesus spotted on I50. Details at 11.
Of course you'll remove it. Otherwise people might be outraged....But you are Microsoft. You can do no wrong.
This nuisance can be disabled by linking "notelemetry.obj" though this shouldn't be necessary but just Microsoft things.
Tell the truth, if you can. You were so impressed you had to take your time to comment on it. The action speaks for itself. You'll now emulate it somewhere on slashdot. Yep.
During the Vietnam war, an American naval aviator named Jeremiah Denton was shot down and became a POW. While he was interviewed as a POW he blinked his eyes unusually and when the film made it out to the West, it was realized that he was blinking a message in Morse code.
I think we should all go back and review the video of former SecDef Donald Rumsfled giving his "known knowns and unknown unknowns" talk.... it MIGHT have been the last free attempt at communications in the modern internet era with an important embedded message.... [smile]
Steps to follow:
Wait for all public and government organizations to install programs compiled with this.
1.) make malware that collects the local crash reports and data dumps.
2.) focus attention on crashing commonly used user interface libraries instead of the MS malware
3.) wait until a large number of users have installed your global crash vector.
4.) send signal to turn on crashing globally
5.) direct emails or background FTP of collected crash data through TOR or other obfuscation
6.) sift through the data of world governments at your leisure.
Go get em!
Why is now spyware called "telemetry"? THey should be held responsible...
You verbally abuse anyone who disagrees with you but somehow you're the victim because you got downmodded once? Give me a fucking break. Also, not everyone who disagrees with you or the way you conduct yourself is APK. Act your age and treat people with a bit of respect.
"Telemetry" is a misnomer, since data isn't actually collected remotely. It writes out ETW events, which is a well-documented way to instrument an application for very-low-overhead tracing, using the appropriate tools. You need to explicitly start a tracing session for those events to even be logged, and then of course the log itself is local.
Watson crash dumps give you the state of the system at the point when it died. Sometimes it is sufficient to diagnose the issue, but in many cases, enough state has been lost by then that the root cause is not identifiable, and then you need to have some pre-mortem logs to figure out what the hell happened.
It would appear that there is yet another reason to distance one's self from Microsoft and its products when possible.
It does make a difference if a developer doesn't realize this is being placed in released code and customers end up with compromised systems and the developer must tell the customer why their code that was supposed to be secure had a back door.
APK, is that you?
Ever hear of Steve Barkto?
Il n'y a pas de Planet B.
LOL! He does have some strange fixation about APK but it's easily explained. He didn't like that APK beat his ass https://news.slashdot.org/comm...