Slashdot Mirror
Windows ID
Igor wrote in with a link to a San Jose
Mercury article about the discovery of the "Windows ID", and claims it "has been quietly used to create a
vast database of personal information about computer users." It seems Windows 98
and other programs, like Office, embed a unique ID based on a MAC address into every document created (Office), or
even submit an ID unique to a user during Windows Update (where it
specifically says Microsoft will not send any information like that). The Intel thing
never bothered me too much, but I'm not so sure about this...
Slackware installs with a /var/spool/mail/root that has a couple of messages in it. It doesn't *really* send you an email; you can verify by installing off a network. Email is still there.
-- Erich
Slashdot reader since 1997
Why does /. post this irelavant article? Am I to believe that Justin is implying people actually still use Microsoft products? If so, poor suckers.
-Brett.
What's wrong with using StarOffice?
Bram@grmbl.com
--
People using html in email should be shot.
You know, it'd be interesting to have the setup
programs for the different distros have an option
to "phone home" -- give us some idea of a census
of the Linux comminuty. I wouldn't dream of it
being this sneaky and underhanded, but I can't
imagine why I *wouldn't* want to be counted in
such a way.
At the end of the install process, just say
something like "We are trying to get a reasonable
count of how many people use Linux. To be counted,
say "Yes" here. We won't keep any other info than
which IP you're at and what distro you're using."
I don't see anything wrong with that, so long as
the terms weren't violated.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
However, if they're selling these products and collecting this information in Europe, then they're in violation of several countries' privacy laws. People really need to get over thinking that just because Microsoft (or any other company) sells you some software that they have the right to tell you what to do with your computer or collect all the information about you that they want.
It's a weak mind indeed that falls for their "it's just good business" BS.
I always like to draw a parallel between Bill Gates and Steve Jobs. They both want to be in control. They both want to be on top. But Steve Jobs wants to do it to prove he's better than everyone else. If he doesn't do it by being better, it doesn't count. Gates, on the other hand, just wants to be on top and doesn't care how he gets there, as long as he gets there.
The company said it will alter the way the registration process works in the next maintenance release of Windows 98
;)
What about '95, NT, and existing '98 customers?
Moot point: they will alter it by sending the ID _twice_ instead of once. That constitutes altering it.
the company will create a software tool to let customers clear the ID number from the Registry
So it's an opt-out. Chances they'll publicize this "tool"?
Again, you're thinking small: says they will create it, nowhere does it say they will _distribute_ it, does it?
"If it is, it's just a bug," Bennett said. "If it is indeed happening, and we have testers working this weekend, we'll absolutely fix that."
It's a "bug" that information is included in the documents?
"Just" a bug. Also, I deduce that MS testers don't work weekends
Bennett promised that Microsoft also will wipe any of those numbers from its internal databases that the company can determine may have been inadvertently collected.
"can determine"? "inadvertently"? This is probably sufficient qualification to avoid doing anything.
You got it! Since they collected all these numbers on purpose (their war on piracy seems like the most logical explanation for this behavior) clearly no numbers at all need be wiped. None were inadvertent: they meant every one. Maybe it's helping them sue copiers of MS software.
I know this: I'm warning my workplace about this. We'd best not take any chances, and if that means doing without, maybe we'd better do without. It's actually pretty funny- I'm the guy who's been swearing up and down that Intel PIDs are not for individual tracking, but for asserting that the chip is not a Celeron or AMD (I am PIII! 'You may pass'). And suddenly, here MS is, actively doing the very thing Intel was only suspected of trying to set up to do (and far less effectively, to boot).
_This_ is what people were flipping out about, and it's bizarre that they originally saw this behavior in a CPU ID which is only good for intentionally limiting compatibility and forcing monopoly of Intel chips in the long run.
This slashdot poster has four various Macs at home (only one is serious, the others are bitty boxes) one of which dualboots linuxppc... but!
I do tech support at a computer repair place, and though I am a Mac tech, we totally depend on two Windows boxes. One's out front as a financial records keeper and answering machine, and nothing is ever done to it- the one out back has drives and stuff constantly thrown at it in the course of repair work, and consequently gets reinstalled a lot. Both are connected to the net...
It doesn't matter that we can't trust MS. We still have to use it to fix other broken MS stuff: maybe the front box could be a Mac or Linux machine (answering machine software with caller ID anyone? on either platf... wait, you can get 'YoYo' for the Mac. But who's paying?) but the back machine needs to run a Microsoft PC setup just to be able to deal in case somebody brings in a winprinter to be fixed or some such thing... so we're vulnerable.
We had better do without, and keep an eye on our windows tech- guy is one of those crotchety griping jovial characters who clearly does not _respect_ the MS license agreements if he thinks he can get away with ignoring him- and he could be putting us in danger by pirating stuff internally. I will have to ask about that, ask whether he's been doing that for anything.
Interesting world we live in, no? Wonder if we got sued, would they let us off with a slap on the wrist and a legal contract to get rid of our Mac, never do Mac repair again, never make a Linux box and in general become an exclusively MS shop?
As a final note- they must have repeated copies of our information, because W98 hates most hardware, and we've installed it on hardware it hates _many_ times... *install install install* the 'doze guys get real grouchy and aggravated at the way the quality went downhill so much...
"Why would you want to run Photoshop when GIMP can do all that photoshop can?"
;)
Bollocks
...for their own use, telling folks they aren't there. If people buy 'em, it's their responsability. Right?
Making software that sends information without permission is every bit as morally wrong.
Note that I specified that they deny the existance of the aforementioned devices; It can thus be assumed that they're not used in providing services.
Excellent argument.
Been a while since I read "The Dead Past". The point of gov't intervention, as I understood it, was stability of society -- as such a complete removal of personal privacy would completely destroy it.
At the moment, we're under an acceptable government.
Not everyone always is. There've been folks who've needed to use the strong crypto you anti-privacy types attack to hide lists of folks participating in human-rights protests or other Good Things. There are times when privacy and crypto are good and neccesary, and just because we have it good right now and don't need them doesn't need that we won't 10, 25, 50 or 100 years down the line.
On principal, the empowerment of the individual is not to be questioned. Privacy is an important part of that empowerment.
And anyhow, "they" can't trace all cash by fingerprints; It's logistically impossible (where do they do this? Banks? Where do they get fingerprints of folks who don't get arrested?). I'm not advocating unreasonable paranoia.
And does Microsoft HAVE TO keep track of who made each document? I sure as hell think not. You can use RTF or something of the like on all docs you save (and read Word docs just fine). All your word-using friends will be just fine.
...are best handled by LaTeX. Really -- its formatting is just beautiful, and LyX makes creating 'em simple.
And a postscript document can hardly be messed up at all on the other end; Your docs are safer that way than as word docs (where the right fonts may not exist on the other end or they may have an incompatible version of Word).
Btw, what is it you folks do using NT at work? Development? You could try developing your Windows apps with winelib (unless they make you use VB... ugh!) and be able to ensure that your company's product'll run under linux while getting your work done. Or word docs? Save in RTF (or in Word format without QuickSave) and StarOffice/WordPerfect/Whatever should do fine.
...at least they don't deny this. And there are alternatives which are far less incompatible.
I CAN have privacy in my transactions with Average Joe Vendor if I want to. I can't have it with Average Joe Word User if he insists I create my docs with his app.
Word (or WordView) will run in Wine well enough to do any test views.
Anyhow, I don't advocate this; In the case of docs that are just going to be turned in with no furter editing, PostScript's better.
I'm a poor student. I don't have two computers. I can't afford Photoshop and don't need anything so professional. And I'm very, very happy with the apps I use (PINE, gtkICQ, Netscape -- though I don't need to do any stylesheet stuff, LyX WP or SO depending on the job). And I run three servers in the background. If I get one Windows app, no way in hell I'm buying a copy of Windows, repartitioning, etc to be able to use it. So finding ways to work in a 100% linux environment works for me. If it doesn't work for you, fine.
So where do I lose time? I DON'T. But that's not to say that there may not be situations where it's elsewhere; I work w/ plenty of folks who run Windows and don't advocate that they switch unless they do development or server work.
Sorry 'bout the rambling form... I'm somewhat tired.
And, as I pointed out earlier, there are ways around this (WP8/SO's conversion w/ WordView to verify, for instance).
Anyhow, I didn't go saying "Using NT? Evil! Switch to a pure linux system!". I simply pointed out ways one could do equivalent work with a pure linux system, opening new options in his decisions regarding which OS to use for what jobs; I didn't say any other options were invalid.
I can understand/appreciate the rant, though. I would be rather annoyed by someone advocating that I use FreeBSD for my word processing, even if they were right about it being better for my servers.
Posted by Mr. Assembly:
A wise person (somebody tell me who please) once said that people have a good reason for dong things, then they have the REAL reson.
Why do I feel like I been fed the good reason here?
I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain.
You know it's not one reson why I am moving to Linux, it's about a dozen now and counting....
Posted by Mr. Assembly:
A wise person (somebody tell me who please) once said that people have a good reason for dong things, then they have the REAL reason.
Why do I feel like I been fed the good reason here?
I really hope that the WINE project will reach maturity so that we can junk this ID shackle, and the Microshift ball and chain.
You know it's not one reason why I am moving to Linux, it's about a dozen now and counting....
Posted by Stephen "The Carp" Carpenter:
About a year and a half ago I got a
computer problem call set on my desk with
the words "Grant Pending" written on it.
I rushed out to the site to find a Doctor
had been saving his entire grant proposal
paper on 1 floppy disk in a word file and been
using fast save (as it is enabled by default)
The file was corrupted. Word refused to open it.
I grabbed notepad and opened it and said 'Voila'
He was so happy to see his document back...then he
realized that it was 2 weeks old! he had been
working 10 hour days for 2 weeks and all his
changes were gone!
The man then proceded to practically break into
tears. Ever since I have turned off fast save
on ever computer I see.
Sure this guy was stupid for saving all his work
on 1 floppy with no backups but...if it wasn't
for fast save...I may have been able to recover
most of it.
Posted by Mephie:
Ask your ISP really nicely to burn it on cd for you, ALOT of ISP's have burners and most local ISP's are pretty keen to your needs. And if that fails, buy one of the midnight techs a six pack. =)
--Mephie
This kind of assumption might be defensible if MS were to finally come out and admit that its Windows crap isn't really multiuser at all. It's assumptions like this on their part that run contrary to their claim to be 'mutli-user'. (With Intel's PIII ID it's even more annoying than the Windows ID, because putting the ID the CPU starts to affect real multiuser systems like Linux too.)
Don't let them spread the myth that workstations must be single-user. Letting that myth take root will kill one of the things that makes Unix better than the rest.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Since I first installed Slackware, it's always sent mail to root imediately after completion of installation. What was the message? Please head to the Linux counter and add this machine.
That's what is so cool about Open Source, everyone gets to see what da hell is going on in the code under the hood . . . When we were developing Cytlok and working with VxD (Virtual Device Drivers) and wrapping around the File System and the TCP/IP stack . . . NOTHING is documented, you can't get it from Microsoft either!
.dlls ? Delete all Word docs ? Transmit all excel files to ftp.microsoft.com ?
.is it possible YES !
That's what is so scary, and let's talk about Easter eggs, when you have a Flight Simulator in Excel, and a Pinball game in Word, when triggered by a sequence of keystrokes (which in definition is called a Trigger Virus technically), no telling what else there is !
Who knows what else is in there, a key sequence to delete all
Is it probable, NO .
This is definately NOT FUNNY, but at least NOW we are talking about CLIENT/WORKSTATION security that has been LONG over looked.
(This is the inspiration for why me and Protocol created Cytlok)
I suppose you naturally wouldn't mind registering your ballpoint pen and having microtags suspended in the ink? Perhaps you would also like to have an id system built into your pants? After all, they made the pants, they have a right to know where you wear them.
They have a right to know who bought what from them, and that's it. What you do with it (as long as it isn't piracy) is none of their business.
O.K. let's put it this way. You are sitting in your living room reading a book. A book which is widely recognised as a good book. It is not the least bit controversial. Absolutely nothing wrong here.
Now, someone you don't know pulls a chair up to your window and proceeds to stare in at you while you read your safe book. Do you mind?
If not, you are in a minority.
Then, there are cases where your activity is legal, perhaps even legally mandated (such as blowing the whistle on government corruption). Unfortunatly, if the document is connected back to you before the corruption is halted by authorities (consider that the corruption may be in local authorities) there could be serious negative consequences. I'll bet you'd like some privacy then.
It isn't hard to create an ID which is opaque, says nothing about who created the object, and is still guarenteed to be unique.
For example, $id = MD5(Date,Time,Pid,MAC,AppID,Salt):
It won't be repeated for a very long time, yet because of the one way hash, it says nothing about you.
Anything that can't be edited with a texteditor :-)
should be banned!
COM/DCOM is based open the OSF's DCE RPC when calling remote objects. Objects are identified using a Globally Unique Identifier (GUID), which usually is a fudging of your MAC address + a timestamp + some randomness.
CORBA does this too, though in a slightly different way, (plus it usually hides its unique identifiers from the end-programmer through a persistent name that's called through a COSNaming service, which is why its a lot less clunky to use than COM).
MS did not do this intentionally to 'track' people, it's a way of insuring uniqueness in a theoretical "universal distributed object" namespace.
For a bunch of technical people, I'm surprised you guys don't see the logic of this. Did you even read the whole article? It was pure FUD - the quotes in the article were totally uninformed about the real use of these GUIDs.
Sure, it's kind of annoying, and I'm in favor of a better uniqueness algorithm that DOESN'T use my MAC addy, but this isn't something to get totally worked up over - MS will fix it (they have to, or it'll be a PR nightmare. Try explaining a GUID to a cluebie.)
-Stu
Office documents use the COM structured storage API to save info, from my inderstanding, so essentially, a doc is a serialized com object.
Of course, if this is wrong (which I doubt), you have a point.
-Stu
"no technically valid reason"?
Again, it depends how they store the document. I think it's done through a COM-oriented API, which would explain the GUID. Microsoft likes COM-everything for some reason, even if COM is ugly.
I agree there probably is a suitable alternative, but you're making a very large, illogical leap from "bad technical choice" to "tracking piracy".
-Stu
you're quite right, and it probably would be a better solution, but as I said, GUIDs are 'historical baggage' from DCE RPC...
-Stu
'technical squarmish' ?
clue: http://msdn.microsoft.com
read "Structured Storage" in the Platform SDK
then come back when you have a real argument.
info is sent to MS during the Win98 registration. CLUE: a GUID is a unique identifier - WHY NOT USE IT to identify a person who has registered, as in a DATABASE PRIMARY KEY? Gee.
The concern is that it may not have been the wisest privacy choice as it's tied to the MAC address, but my point is that it was a technical decision. If MS were "really" using it, why would they say "oh we'll just purge the info out of our database".. Gee, sounds like it was a relational database ROW identifier to me....
Oh wait, don't tell me you don't understand relational databases, either?
;sigh;
I *DO NOT* like Microsoft, but I dislike bullshit FUD a lot more.
-Stu
oh, I give an answer that you don't understand and I'm billed an arrogant computer geek. how wonderfully childish.
what arrogance? i said I could be wrong. I seriously don't know if office docs use com structured storage - I think they do, otherwise you couldn't save compound documents.
i'm speaking in the language of the facts & if you can't deal with it, stop spreading your bullshit fud.
-Stu
Btw, what is it you folks do using NT at work? Development? You could try developing your Windows apps with winelib (unless they make you use VB... ugh!) and be able to ensure that your company's product'll run under linux while getting your work done.
This "everyone MUST use Linux for EVERYTHING" attitude is really starting to bug me. If I'm developing projects that are meant to be deployed on NT systems, you'd better damn well bet I'm going to be developing and testing these things on NT. It's significantly easier and more productive for me if I use existing established tools under NT to do this task than to resort to using experimental, support-less OSS tools under Linux.
And despite what you may think, SO's RTF/Word format is not always perfect. I've come across quite a few inaccuracies when viewing a document cross-platform. This means he will be required to write his document in SO, reboot to Windows, "test view" it in Word to be sure it's right, make any corrections, and only then send it.
Or, you can reduce this time-consuming document creation steps to just two: Write it in Word for Windows, and then send it.
Let's face it, folks: Linux is useful for a myriad of tasks, but when you're working in a Windows environment or need Windowscentric documents, it's a WHOLE LOT more convenient and efficient to just do it in Windows. I myself have two computers at home, one Linux and one Win98. Since I do a great deal of stylesheet work on an Intranet, I use IE as my web browser (since Netscape's handling of stylesheets is far inferior, and ngLayout is not ready for real use), Word as my word processor, and Photoshop5 as my graphics app. I run an X server under Windows where my Linux apps appear, and occasionally I'll move my graphics over to the GIMP since the GIMP is easier to use for a few types of effects. I use IRC in an rxvt window, Windows ICQ, mutt for my e-mail, Outlook Express for newsgroups, etc.
All in all, I think I have it easy. I get to use the real productivity workhorses from Linux alongside the good Windows apps. Yes, I effectively have to reboot once a week or so, but I think that more than makes up for the amount of time I've saved.
Using a 100% Linux environment in many cases can be JUST as time-draining and inefficient as working in a 100% Windows environment. Educated people know to use the best tools for the job, and don't get involved in all of these stupid "everything MS is bad, everything linux is superior" arguments.
I noticed Microsoft is suing a lot of companies these days for pirating their software ... how do they know?
Because someone tipped them off, they did some investigation, and then filed a lawsuit.
Anyone that thinks that Microsoft somehow used this GUID information to determine who has registered software and who doesn't, and who to go suing is just an easily-frightened, paranoid sheep. What about those organizations that buy 10 copies of Windows but only use one CD/key to install on their workstations? To my knowledge there's nothing really wrong with this, yet your alleged GUID abuse would point to these guys as being evil, yes?
Think about it. The ID was only sent as part of the online Win98 registration process. The odds that you are even affected by this are remote.
Stop believing everything you read in the media (or on Slashdot) and learn to think for yourself. Get educated about the facts behind this matter before you go off spouting nonsense.
If you're right, Micros~1 is criminally negligent in allowing this privacy bug to slip out the door.
They broke no laws here. Your entire argument is flawed. I really feel like a dirty bastard having to defend Microsoft here. I don't care for them any more than most of you do, but when people don't seem to care that they don't know SQUAT about the issues at hand, and only want to jump on the "Microsoft is evil" bandwagon and start badmouthing them, I feel I need to step up.
The GUID is only sent to Microsoft as part of the online Win98 registration. If this applies to you, then you've ALREADY given MS your name, address, etc. along with your IP address. The addition of a GUID perhaps allowing identification of your MAC address (which is all but useless to MS) and generally just being a unique ID doesn't necessarily degrade your privacy any way.
Yes, it does seem suspicious and odd that this information would be required and stored in Word documents among others, but you should at least open yourself up to the possibility that there IS a logical explanation for why it's there, and I sincerely doubt that explanation has anything to do with violating your privacy or tracking you down.
Stop being an uneducated paranoid slashdot sheep and think about this for a while.
Do you have ANY idea what you're talking about here?
The only reason for this is so that Microsoft has hard evidence of piracy of their software.
How in the WORLD can this be used as evidence of piracy? Do you have any idea how many people and organizations buy 3 or 5 or 50 copies of software and just use the same CD/key to install it on every machine? To my knowledge this is perfectly kosher. What about someone installing Win98 on their PC, selling that copy of Win98 to someone else, and having that person install it on *their* PC? There are a million examples like this that totally shoot down the idea of this GUID being able to identify software pirates. If Microsoft were really tracking this information in some sort of piracy database, they would have to spend a LOT more time investigating the discrepancy than you'd think, and in most cases, it simply wouldn't be worth it.
Your argument is basically the same as the one dealing with Intel's CPU ID mechanism and software piracy. The whole idea is totally absurd and impractical.
They don't have to follow up on it (or even track it for that matter). Just knowing that the capability is there cows corporate customers into diligently keeping their licenses current.
And this is bad?
Firstly, I don't know about the types of places you work, but the corporation I work for has valid licences for every piece of software on every system. If unfounded fear (paranoid stupidity) in the minds of managers and administrators is really a factor here, while I'm laughing my asses off at these people, I don't see it as a bad thing at all.
Secondly, saying this whole PR mess is a plot by Microsoft to instill fear in the big corporations who are allegedly pirating thousands of dollars in Microsoft products is just silly. It really disturbs me that so many people actually think along these lines. I guess maybe when you end up with a real job in the real world and deal with real companies and real tactics and real technologies to solve real problems, you'll start seeing what's really going on.
This is all paranoid silliness.
Anyhow, I don't advocate this; In the case of docs that are just going to be turned in with no furter editing, PostScript's better.
This isn't always acceptable. If they're asking for it in Word format, they probably have a reason. Chances are, they're using a Word file viewer to browse through each document. When they come up to your Postscript file they're going to toss it in the trash can and give you an F for not following directions.
I'm not saying my specific (2 PC's) is appropriate or even desirable for everyone. I'm just saying you should let people use what they need to use. I don't recall hearing the original poster say he wished he could do all of his work under Linux, yet it was implied that he was foolish for doing his NT development under NT and experimental Linux alternatives were supplied.
Now, granted, my rant was more generic and was more or less against "everyone" that has this "Use Linux for Everything" attitude... Your post was just the one I broke down and chose to reply to. Nothing personal.
Because when you then need to throw something into Premiere, it's a lot easier not to reboot.
If you use smail on a Debian system, the configuration script already does this. After smail is configured, it asks the user if he would like to send a test message to the Linux Counter project. If you answer yes, Linux Counter++.
whoa. careful there, you might start a panic. (Or throw another stick on the ignorance fire.)
Slackware sends an email from Patrick Volkerding to root when installed, and asks very nicely for the newly-rooted to visit the Linux Counter and register.
It does not "phone home" all by itself.
Here is something even more scary...
There are these wonderful things that you can use to purchase things without money, I believe they're called credit cards. Anyway, you can buy stuff over the internet, or from the local store, or even of TV Informercials. But then they keep track of where you bought stuff! Good GOD! And for about 7 cents a piece companies can buy 4000 pieces of information about from places like Experian. You have no privacy. Deal with it, okay?
My Slashdot account is old enough to drink...
Its not that much of a different issue. They both are used to track what you have done. Using a credit card I can track your movements around the country and personal habits. Using the windows thing I can track what you have written. If anything, the credit card thing should scare you more because its easier to get access to.
Also, I was not reffering to storage of credit card numbers. Thats a completely different thing.
My Slashdot account is old enough to drink...
and Caldera hit them with a big lawsuit over it.
Blizzard got in big trouble for doing this.
:-)
Class-action suit anyone?
Just wiped out my last Windows box
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Aside from the legal issues, how many people do you know that really like their movements tracked?
How many folks would stop using MS stuff RIGHT NOW if they knew? 30% More?
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Yes. Let's all take some soma, and get over it.
Leave the thinking to the Alphas, they are so frightfully clever!
I am glad I am an Epsilon-minus semi-moron. Operating elevators is where true joy lies!
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Ever see his deposition?
Gates has a strange habit of curling into a fetal position and rocking back and forth when he gets nervous. They say Scott McNealy always has this effect on him.
The only other people I know who do this are paranoid schizophrenics.
Then of course there's the story about the $.50 coupon.
Bill was buying a carton of ice cream, and held up the line for a solid 15 minutes while he searched for this coupon. A guy behind him in line gave him $.50 to move him along, and Bill took it. This would be unremarkable, except Bill was already worth several billion at the time.
He took the money. Who does this. Small children, that's who.
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
All true. More recent versions do not have this "feature"
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Robert X. Cringely relates this story in his book "Accidental Empires". If its a UL, it's a good one.
--
As long as each individual is facing the TV tube alone, formal freedom poses no threat to privilege.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
I bet they look for Warez d00ds with it.
It would be nice if they hunted them down and prosecuted them; however, I think it is much worse. Does the typical company use Microsoft software? Is it all properly licensed? Shareware registered? They can build a database and calculate the top violators for the so called Microsoft/SPA raids. Ever wonder why so many companies so easily fall for a Total Microsoft Solution after a raid?
Do not use improperly licensed software. It gets expensive if you are caught and coerced into a "settlement."
However, will say that I have been used many illegal copies of Windows for some time.
I have every right to report your unauthorized software to the SPA and Microsoft. They have every right to prosecute violations to the maximum extent of the law. If you cannot pay the price, you will be doing the time.
... is GUID embedded in every word/excel document?
I'd love to see the memorandum or directive that specified the code for these programs to put the such information in documents. This was most likely a coordinated effort that required planning that came from a person. I wish this would be brought to trial and have the documents subpoenaed. Microsoft set a precident for getting documents to subpoena the bad-attitude list from Netscape and this should be no exception.
According to the article, the ID can only be generated when your name and a few other serial numbers are combined together.
Well yeah, what's the sense of transmitting the database before any apps are installed. It waits for a few serial numbers are entered, then the missile is fired.
For M$ to have your name, you have to have registered,
The whole point of putting personal information in all those little boxes. Suppose you do not put your personal information and something else in those boxes. They may get an IP address with your name on it anyway! Surprise!
Are these IDs being sent to Redmond? Is there any information where Redmond people may read "General X., commander SuperTaskForce "Kamikadze", Room 0, The Hexagon, MAC XXXXXXXXXX". Can anyone else read this?
I wonder what happened when that navel destroyer got a bad entry in its database and the whole ship was rendered dead in the water. Was there any final IP packets delivered to an evil software company that declared: "US DESTROYER DISABLED, LOCATION: xxxx.xxxx"
I wonder if Microsoft can gather enough information from a computer and use it against the onwer in court? Is it legal to get information this way?
No, it is not legal and not usable in court. That will not stop them from launching a legal investigation from which they may get enough information for a search warrant. Perhaps then they will request to visit your site. If you refuse, you might get a paper signed by a judge forced in your face as they enter your door escorted by the police. Everything from then on is fair game.
When you violate a license agreement, the software companies ARE the police.
After that is reconciliation if your credit is worth the time. Otherwise you will be fed to the dogs.
I seem to recall that he is a huge fan of Napoleon.
Which just begs the question: which disaster will be his Waterloo?
Consider the behavior of an anorexic, that person is driven by a thought "I need to be thin" that overrides everything - they may look in the mirror and see a bag of bones but "I need to be thin" continues to be their driving goal, they may step on the scale and see 70 pounds but "I need to be thin" pushes them onward. I think for bill gates that thought is "I need to demonstrate that I am a success". Think about it, the guy became exceedingly rich and powerful *years* ago but is still fixated on the thought that somehow, someway someone might come along and take him down a peg. I suppose he feels like without his accomplishments he'd be left with just himself and that is apparently a terrifying thought. You know, MS might well have been able to beat out Netscape by just making a better product but because of Gates' paranoia they had to stack the deck - coerce all the AOL users into using IE, bundle IE with the OS - Gates couldn't leave any possibility that he might not come out the victor. You know, thinking about it there are some scary parallels with Hitler's behavior. Initially he did a great deal for Germany but in the end it was ultimately his neurotic nature that caused his country's downfall. I suppose it goes without saying that history has an annoying tendency to repeat itself.
there are two kinds of people in this world - those who divide people into two groups and those who don't
This sort of knee jerk defense of Microsoft is almost as nauseating as Microsoft's own evil actions.
Professional Wild-Eyed Visionary
That's all very true. But there's nothing at stake here, unlike the courtroom, and your tone was very annoying, as was the fact that you didn't bother to read the article before taking a (sharply worded) position.
Professional Wild-Eyed Visionary
I lock the door when I go to the toilet but that isn't because I don't want people I know to find out I'm having a crap...
-- Arm yourself when the Frog God smiles.
Looks like it might be time to drag out this old chestnut again...
-- Arm yourself when the Frog God smiles.
A friend of mine told me that when you run a copy of any of their games in Windows and then use any internet gaming features, the game copies information from your registry and sends it to Blizzard. This is just what I was told second hand so it might not be totally accurate.
If this was for piracy, it would be in MicroSoft's interest to advertise the fact that they can catch pirates using this. Prevention of piracy is far more useful than persecution after the fact.
Since they have not advertised this it would indicate the purpose of the ID is something else.
IMHO, this is just idiot programmers making a mess, not some great plot by the evil Redmond geniuses. In fact I fear the idiot programmers more than the evil monopoly!
Sanity.html - Error 404 not found
I used to be one of the few around here (it seems) that didn't think using Microsoft software was one of the worst things a human being could do. I've changed my mind since reading that article.
This database -- which seems to already exist -- could have plenty of information about anybody out there who has ever used a recent Windows product. Me being one of those people, unfortunately, this news shocks me to no end. I will not tolerate these "bugs" any more.
I also find it interesting that they try to point the finger at the Open Software Foundation, saying that it was some sort of standard at the time. That is nothing but bull and a pathetic attempt to save face.
This could become a very clear argument in favor for using free software. GNU&Linux forever!
I was very much suprised to find that it sent a number of packets to Microsoft on startup, the oddest of which was a broken IP packet. I felt that this was probably just a debugging feature in the development version. Well it looks like I was wrong!
Personally, I feel that we should be outraged by this action. The Microsoft Corperation is clearly violating our rights in a way that not even the US government is allowed. Aquiring personal information under the guise of innocent support requirements, is little more that an unauthorized search and seizure of personal property. Should not corperations be held to the same 4th ammendment requirements that our government is? (Last I checked purchasing a Microsoft program was not a warrent to search my hard drive.)
--Karl
I find that really difficult to believe. It sounds like the usual paranoid nonsense I remember from reading alt.fan.bill-gates.
> In OSS you can recompile your kernel to get rid of anything that you don't like!
WorldGroup Manager BBS software. And WWIV as well. Both have/had source code available (with restricted licensing on the modified source, if I remember correctly). I work with a WorldGroup system about once a week - if you make a configuration change, it recompiles the files that are modified by your changes.
Pretty amazing stuff.
But I can't give you my WGMAN directory, source included. I can't give you my WWIV source code distribution, however old it may be.
Back to Windows (3.3.3.1 can't run an S3 ViRGE GX chipset #385, oops).
LightFusion
You don't get the whole point behind privacy, don't you? Try educating youself on the subject, it will make come accross as a far more intelligent person when posting on subjects such as these.
There's another little dollop of code over in Cambridge that can help with this matter:
ftp://net-dist.mit.edu/pub/PGP/
I spose the bright side to all this is...um, well...I guess there isn't one after all.
--Rick
from
http://www.microsoft.com/asf/spec3/c.htm
C.5 Node IDs when no IEEE 802 network card is available
If a system wants to generate GUIDs but has no IEE 802-compliant network card or other source of IEEE 802 addresses, then this section describes how to generate one.
The ideal solution is to obtain a 47-bit cryptographic quality random number, and use it as the low 47 bits of the node ID, with the high-order bit of the node ID set to 1. (The high-order bit is the unicast/multicast bit, which will never be set in IEEE 802 addresses obtained from network cards.)
Let's see, how to obtain a random number, hmmm, a random number generator in the c.p.u. maybe? Where have I heard of that sort of thing lately?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
For freeware that demands your name and e-mail address, why not use Lucent Personal Web Assistant?
http://www.lpwa.com/
Or better yet, use LPWA in conjunction with a web-based e-mail forwarding service or throwaway e-mail account.
I have not done this with some (I thought) reputable companies, and lived to regret it.
right on.
granted I use windows at work, but at home its a linux only shop.
---
I don't know what the hell you are doing to your documents, but I have tables, graphs, and bitmaps from my scope in all of my lab reports, and star office handles them fine. If teachers are complaining about any type of formmating errors, then use ghostscript to convert the output to a PDF, and then everyone is happy.
---
Frankly, I don't care. They can track me all they want. I also think that, assuming that the article is true, what Microsoft is doing is very underhanded, nasty and reprehensible. It's akin to spying. They should be brought up on this.
However, will say that I have been used many illegal copies of Windows for some time. Also, their number of users has got rather inflated as I ususally use a different name every time I have to install it - which is _very_ often.
Maybe it's just to inflate their egos - "The more installs we have, the better our OS is!"
Remember some guy writing a scary article making scary predictions how someone would stick a trojan into a program or a patch and then distribute it to others? Remember how most Slashdot readers responded by saying that it's more likely to happen in proprietory software, since noone but the developers sees the source? Here's proof.
---
It doesn't surprise me one bit. I always suspected M$ would do such a thing. Next thing you know they'll patent oxygen and respiration. You'll have to pay them an annual fee to breath.
...Linux!
"I've got to run some errands. I need to stop my the M$-Bank to get some M$-Money so I can go to the M$-Grocery Store and pick up some M$-Pork Chops."
Joe Bob, 2003
I think it's about time someone bomb Redmond.
Andrew
--
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
Of course there's a way to disable it... a hex editor comes to mind. Assuming the IP addy is stored as a string, one could change it to a different address as long as it had the same number of digits... Now, which dll's are those?
.
Think about this, the smartupdate HAS to connect to Microsoft.com to do the Update... Duh.. that doesn't prove anything... What would prove something would be to do a sniffer capture and look at the traffic that the dammed thing sends.
I don't have 98 installed anywhere, but I'm trying to talk a friend of mine into letting me capture his...
Short, Sweet, and to the point. I LIKE IT!
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
I can put up with your crashes. I can put up with your bloated programming. I can put up with your slow performance. But I cannot, and will not put up with wrongful and illegal invasions of my privacy. This is not something that you can fix with a patch or a program, Microsoft. This is not something you can cover with FUD. Violating my rights is the fastest way to your inevitable destruction and collapse.
I am in the process of downloading Red Hat Linux 5.2, and will no longer use Windows on any active internet connections. Good bye, and good riddance, Microsoft.
I had DRDOS 5.0 installed and it worked
beautifully. I needed to run PALASM. It would
crash if I used extended memory. I was told
that the program was using some Microsoft
libraries which were responsible for the crashes
and I should install DOS 4.0 if I wanted it to
run without crashing. I kept DRDOS but had to
disable that feature in PALASM.
I never used winblows at the time so I wouldn't
know about any crashes on DRDOS.
If PPP doesn't work under Linux you read some
of the misc HOWTOS and find out which file
you take of the CD to fix the problem when
it's not your hardware that's shot.
With winblows you have to hide the shotgun
as it would be a bit too tempting. Make sure
your winblows CD is close by for the reinstall.
Don't lose the codes. On Win 95 I had lost
my codes and managed to get a clean install with
bogus numbers. I don't know if that would still
work on Win 98.
I did read what you wrote but I don't think
you went thru all the possibilities. I used
to run Slackware on a 486 and had similar
problems. I managed to get PPP to work a program
that generates the script for me. None of the
ones you stipulate works. I would have to look
for it and I would remember by the name.
My modem needed a particular initialization
string and with \ replaced by \\
Also my ISP uses pap.
It took me a long time to get it to work so
I was using only OS/2 for connecting to the
net.
When I upgraded to RedHat it worked right
out of the box with a few clicks.
Michel Catudal
bbcat@netonecom.net
http://www.netonecom.net/~bbcat
So many things I could say, but I just have to shake my head at this. Just hope WordPerfect for Linux doesn't preserve this ID.
Any enterprising h4xx0r want to make a patch to corrupt/obscure/wipe this ID?
And, seeing the number of scans & attacks hammering my machines on this cable modem network makes me wonder if there's a possible bit of nastiness that could be done by submitting a flood of bogus ID's to MS Windows Update?
All academic ponderings, I assure you...
> At the moment, we're under an acceptable government.
When you have your car and your house siezed and your children taken away from you because you've been ACCUSED (not convicted) of a crime, you come tell me we have an acceptable government. How about police choppers with infrared units looking for growrooms in attics? How's it feel to live in the land of the free now?
I've finally had it: until slashdot gets article moderation, I am not coming back.
Program ... Data ... You say these are different, bwana? How is this? In this land of ours, program is data, document object is data, data use methods to manipulate. data must attach handlers or have name that lists handlers in big hut we call registry.
Tell me of this strange world where all your data has no name?
I've finally had it: until slashdot gets article moderation, I am not coming back.
I've got a thought here.
What if the slothlike responses we've seen to various security bugs were intentional?
Wouldn't it be possible that some of these bugs weren't much of a surprise to them, in light of this latest outrage?
Makes the old 'They're just arrogant & unresponsive to customer needs' seem a poor piece of reasoning.
Enh, just food for (slighty paranoid) thought.
~Grell
My definition of an expert in any field is a person who knows enough
about what's really going to be scared. --P.J. Plauger, Computer Language,
Programming on Purpose, p.29, March 1983
...when it gets down to fundamentals, do what you have to do and shed no tears. Dr. Matson in Tunnel in the Sky
Ok, you, me, my brother's comp and my neighbor's one...
Besides they are trying to control the Government also.
Yesterday I read an article on NT crap security and how the governement institutions are violating rules by installing NT 4 in their comps. The problem was that on one side they wanted to use Office97 and IE on their work. NT 3.5 is the only certified system to go under federal security rules and we all know under what conditions can be set. However in places where Orange Book is law they are using 4.0 _networked_.
The article had also a reference on the tribulations of a security expert trying to warn about the danger these institutions were falling in. However he was unsucessful.
The article echoed a suggestion that the US government "was taken hostage by Microsoft".
Well is this ID stuff a sign of it? Do governmental systems send Microsoft _their_ information? Are people at critical sectors aware of this?
We may not stop here. Let's think about any other government of any country (ally, foe, whatever). Let's think about such guys like CityCorp or CMB. Let's think about the UN and its branches. About NATO, Pentagon or even the Russian Army. Let's think even about the American Navy and _that_ ship with NT ruling on it... Or let's think about some critical industrial complex like a Oil rig.
Are these IDs being sent to Redmond? Is there any information where Redmond people may read "General X., commander SuperTaskForce "Kamikadze", Room 0, The Hexagon, MAC XXXXXXXXXX". Can anyone else read this?
If you don't wanna think so high then let's think about your insurance company.
It looks like a nightmare coming right from a SF cheap story. It looks like the "Shadow World Government".
I wonder the worse. In a future not far away:
"Welcome to Windows2xxx. Where do you wanna go today?" Uh, well Persian Gulf. Coordinates XXE XXN. "Ok grab a cup of coffee and wait a moment while we are proceeding your request..."
Meanwhile, somewhere in lost corner of the world, some crazy mojaheddin runs into his colleagues hut and says "Ok Abdullah I just got that damn M$ crap out!!! Let's take that scapegoat of Satan. There's a russian destroyer, also with Win2xxx server ruling it, around in the Red Sea. According to MSWeatherSat, conditions are foggy. Do that and that and let's send USS Yorktown into the deeps of Hell!"
Like Bond's stories. It may look childish and quite fantastic, but I'm really afraid if something near this may happen somewhere in the future.
PS: Microsoft's Official reaction:
It was not a bug. It was a feature. However who cares after IIIWW?
But also about privacy & piracy and most worse about confidentiality. Sometime ago I was told of a very scaring episode that happened to one friend of mine. He grabbed a very hot document to be sent to another company. He took Excel and ripped off every highly confidential information which should not, by any way, be seen by their partners-to-be.
Somehow he decided to look at the size of the document. And the thing look bigger than it should have been. Looked through a simple file manager (not from crappy M$ stuff) and OH WONDER! Everything was still there... Together with his name and a lot of more stuff that pointed to him, his office, E-mail and company.
This is a well known feature on M$ Oriffice documents. They have produced several patches and SPs that seem to "solve" it. But I have heard of situations when even SPed systems seem to "revive" these features.
Now add the above story to it, add some imagination, and think:
Their partners-to-be are a little smart. They get the doc. And they see what they should not know. So they grab the info, _the_ ID and try to dump into this poor guy's comp. Considering that all is run under M$ crap they may have a chance. A trojan through Outlook for example.
I wonder if in court this doc could have such explosive consequences as to set the whole guilty part over my friend. Maybe he was "offering" his services. Maybe he wanted to put down his company. Considering that some courts hardly understand what's going on here, my friend could have fallen in very big trouble. Just by sending such doc would have given him enough trouble to his sleep. Fortunately a little wondering about sizes, managed him to avoid the possibility of a huge mistake from his part.
Why is the press so damned nimsy-toed?
Say, you don't remember that quote by R.A.H.
about feeding inconsistant data to surveys
,questionairs etc ? The idea was to make the data
collected on you so incoherent that it was useless. Of course that won't work with what
M$ is doing, but is fun nonetheless.
It is a known fact that Bill politely waits in lines all over the Seattle area. In living around here for 20 years in Bill G "central" I never ever heard the story about the .50 cent coupon. Sounds to me that you got caught by an urban legend. ;-)
The only people that think GIMP can do everything Photoshop can are people who don't know thing one about Photoshop. Get a book. Get a clue. Come back tommorrow. Thanks.
I bet they look for Warez d00ds with it.
xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
I bet they look for Warez d00ds with it. 1st POST!
xm@GeekMafia.dynip.com [http://GeekMafia.dynip.com/]
Read the article, they use MAC addresses not the windoze serial number.
http://www.microsoft.com/asf/spec3/c.htm
I used the MSDN CD to install 98 on her system. It inserted it's own serial number during the install. I wonder if they can track that number to a specific subscription? I wonder if she'll start getting invites to M$ events? I wonder what mom would do at an Exchange seminar?
This "feature" was widely publicized when Windows 95 was released, and is somewhat widely known. For those of you who don't use MS software, here's how it works:
(1) When you install Windows, Office, or any other MS software, the setup program has a screen which tells you the GUID. You can also see it from a Help dialog. So, it's existance is no secret.
(If it didn't occur to you that this could be used for tracking, you just never thought about it. Strange because everyone is so MS-paranoid.)
(2) When you use the "Register" program with 95 or NT, or you use an ActiveX thingy on the Win98 "Windows Update", it scans your registry and Windows subdirectory for various competitive products, like WordPerfect or Lotus Notes. (I've heard that it does not upload a list of all installed software - but I have not checked myself.) It also uploads all of your MS GUIDs.
You can actually use the Windows Update site by just refusing to let the Survey ActiveX run. Set your IE security preferences properly.
(3) If you call MS technical support, you will also need to turn over a "Registration Number".
(4) If you attempt to use Microsoft's web support stuff, like the Knowledge Base or downloads, you will need to fill out a standard marketing survey (Do you make computer buying decisions? What industry do you work for?) All of this information is stored in a user profile (cookie-based) which can presumably be associated with your GUID info.
So, nerdboys, if you are using a pirated copy of Windows 98 or MS Office, just don't register it and don't use Windows Update, and certainly don't call technical support. If you would do something that stupid, you deserve to get tracked down.
On the other hand, if you are legit, this all seems like the standard marketing information that every company is trying to get. Kinda cheezy that they don't tell you what's going on, but certainly not a police state tactic, because it is all optional.
As for GUIDs in your Word and Excel documents - just how many of the gazillion Word and Excel documents in existance does Microsoft see?
--
Business. Numbers. Money. People. Computer World.
MS probably only uses this info for individuals and very small businesses. Big companies (with site licenceses) have their software so hap-hazardly installed that it's impossible for MS to track. Microsoft doesn't really care, if you are paying for it.
--
Business. Numbers. Money. People. Computer World.
Premiere: ???
Quark: ???
AfterEffects: ???
$$$!
--
Business. Numbers. Money. People. Computer World.
Ralph Nader wrote President Clinton about this
e s/msg00151.html
very subject not long ago.
http://lists.essential.org/1995/info-policy-not
Microsoft is only changing their mind to the idea because they cannot stand the bad PR hits that they will take if they don't immediately recant.
Score another hit for why OSS is ultimately going to win this war.
Ralph Nader wrote President Clinton about this very subject not long ago. http://lists.essential.org/1995/info-policy-notes/ msg00151.html Microsoft is only changing their mind to the idea because they cannot stand the bad PR hits that they will take if they don't immediately recant. Score another hit for why OSS is ultimately going to win this war.
I have personally known that MS sticks your registration info in every document you create for a rather long time. What is news to me is the fact that MS also sticks your MAC addy in there. I think the potential for abuse in this case is rather small, but none the less I don't think they should be doing it. This ironically might prove to be yet another hacking tool. Imagine this scenario. A windows user has their netbios partially open, sharing certain selected documents with network. And those documents contain that users MAC addy, and maybe other machines.... There are some tricks that can be played on DHCP and bootp, amongst other things, that are made much easier when provided with the MAC address. I don't think this attack ever be trivial enough to reduce to a single exploit/warez program, but I do think it might end up being used by some hacker type. Never mind the fact that netbios already has a hundred other bugs.....
This has absolutely nothing to do with the OLE2 object registration process, though the MS fud and misdirection and half-truths would have you believe that.
Executables and DLLs that implement COM objects are registered with GUIDs, not users or documents.
This is a well thought-out feature from M$ that has their software create hard evidence of piracy by corporations. With this in place, corporate users that are using multiple installations of software from the same CD not only broadcast this fact to M$ as part of the update process, they also create a papertrail in the form of Word documents and Excel spreadsheets that can be used in court to demonstrate that:
a) User A and user B have different workstations (i.e. different ethernet adaptor IDs)
b) User A and user B have the same software license numbers.
therefore:
c) Illegal copies of the software have been made.
As with most things from Redmond, its not about marketing or privacy or anything except money.
Left shift 1 for e-mail...
So what? The OLE DLLs use the GUID of the embedded or linked object to look up the implementing executable or DLL, start it up and hand it the archive handle.
There is no technically valid reason why anyone that is not developing COM components should be generating GUIDs.
The only reason for this is so that Microsoft has hard evidence of piracy of their software. If people are really stupid they will send this information to M$ using the Winders update. If they don't fall for this very obvious trap the incriminating evidence will infect every piece of persistent information created by the company.
Left shift 1 for e-mail...
> If Microsoft were really tracking this > information in some sort of piracy database, > they would have to spend a LOT more time > investigating the discrepancy than you'd think, > and in most cases, it simply wouldn't be worth > it.
They don't have to follow up on it (or even track it for that matter). Just knowing that the capability is there cows corporate customers into diligently keeping their licenses current. Fear is a great motivator. And the fact that this information is embedded in all the company's documents (the lifeblood of many companies) makes this an additional imperative. Its quite brilliant really.
Left shift 1 for e-mail...
No, No, No. Yes, transmitting the GUID to MS is bad, but the storage of the number in documents is just as troubling, as is the use in creating cookies as implied in the article. It's just the bad design of OLE if this is "required." I can see a session based UUID, but one that is stored in the documents themselves is just ignorant.
Did you read the freekin article? What's your response to the possibility of a company finding out who a whistleblower is because thier "ID" is stored in a document they create and send to authorities?
Why are you an AC if you don't mind everyone knowing every single document that you authored and being able to tie them back to you?
The ONLY time I give out correct information is when I'm presented with a privacy policy that says (something to the effect) "...we only collect aggregate data... you can't be individually identified..."
So for MP3Spy, I entered my real age and some other stuff.
I think it's fun supply email addresses like support@micorosoft.com to registration wizards :)
Especially when there's language about "newsletters" and "product announcements"
Here are some log files to show you exactly what happens during the *first two HTTP requests* of a Windows Update session. I didn't submit any form, just went to the URL. What is that CLSID? I don't know. I searched to registry, to no avail.
--- CUT ---
*** Received Client Request ***
GET http://windowsupdate.microsoft.com/ HTTP/1.0
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 19 Feb 1999 19:41:09 GMT
If-None-Match: "80781bcc3f5cbe1:d6a"
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
Host: windowsupdate.microsoft.com
Proxy-Connection: Keep-Alive
Cookie: MC1=GUID=ca530262d4bb11d298830008c7d9e3db; page=ProductUpdates
*******
*** Received Server Data ***
HTTP/1.1 304 Not Modified
Server: Microsoft-IIS/4.0
Date: Sun, 07 Mar 1999 19:20:15 GMT
Content-Location: http://windowsupdate.microsoft.com/Default.htm
ETag: "80781bcc3f5cbe1:c4a"
Content-Length: 0
*******
*** Received Client Request ***
POST http://activex.microsoft.com/objects/ocget.dll HTTP/1.0
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)
Host: activex.microsoft.com
Content-Length: 44
Proxy-Connection: Keep-Alive
Pragma: No-Cache
Cookie: MC1=GUID=ca530262d4bb11d298830008c7d9e3db
CLSID={2DE96BE6-FD91-11D1-AA0B-00C04FB16F9E}
*******
æeee!
Perhaps that was a piece of FUD on my part. I looked at the first redirecter page and found the CLSID right there. As for what this object is, I'm not sure. I think it's probably harmless though. Sorry for the FUD. :)
æeee!
Can you give a URL for the story of the $.50 coupon? Thanks.
They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- C. Sagan
Man, even those aggregate people are just going to have to be annoyed by me. I even enter contests with bogus info. Someday, someone's going to win something they didn't enter to win. I wonder if Uncle Samantha can still collect taxes on such winnings.
Digital Wokan, Tribal mage of the electronics age
Yeah, I did that on a word file I made under windows once, and found a list of urls I was looking at about half an hour before making the word file. And they think an id number is a privacy problem? How about everyone you send a word file to knowing what you were looking at on the web?
I believe, if it is within our right, we can sue! MS over this.
Is there a site yet dedicated to this fact?
-Michael J. Lu
-Michael J. Lu
"The little secret that haunts Corporate America...a techonology that won't go away."
Isn't that what Scott McNealy said?
Get the feeling they know something you don't?
> What's wrong with using StarOffice?
The fact that it doesn't too a very good job reading word documents other than text with rather simple formating. Tables, especially are crap, and I work with a lot of tables.
My company is slowing moving from Wordperfect to Word, and I've already had to boot windows once rather than Linux to do work at home. Not a good trend.
I understand there's an update to SO5 with better filters, but you have to d/l hte whole freaking ~65 MB or so again. Arg!
But Wait! There could be hidden code somewhere in the English in the document. Instead, use babelfish to translate the document into German and then back into English again! Voilà!
Photos of bits of the past hiding in the present: afiler.com
According to the article, the ID can only be generated when your name and a few other serial numbers are combined together. For M$ to have your name, you have to have registered, and although there's a zillion poor slobs out there who registered Office and Windows in order to get M$ tech support (which you and i both know is an oxymoron)... US SMART PEOPLE NEVER REGISTERED THEIR M$ PRODUCTS!!!
Slakware 3.4 (at least) already does this
Yes, they do have a right to do whatever they want with the software they develop. *But* if they are collecting and sending this type of information out over the net, they have a responsibility to tell everyone about it *before* they make it available for purchase. How long has thing kind of crap been going on with MS products?
A history of the Evergreen Point floating bridge
Is the broken-down 520 bridge on last its legs?
Old span, new urgency
520 bridge reopens after costly shutdown
520 bridge may close more often as lower wind threshold considered
One step closer to 520 solution
Don't think that Microsoft is the only one that has this problem. It's created by people simply not clearing memory before they use it.
I've seen cases of unused segments in Macintosh Resource forks having extraneous data that most people probably wouldn't want getting sent out.
So this isn't something that is unique to Microsoft. If anything the lack of programmers doing memset is probably one of biggest privacy issues around now. Thing is nobody has really said anything about it.
I think :-)
Word has the "fast save" function, and what this essentially does is append a "diff" style thingy to the main document. (wow, I'm verbose today I don't think!). Anyway, the fast save function is buggy, so it picks up some memory and dumps it in as well. If you disable the fast save function, this problem will go away (at least, it has for me).
cheers!
--Remove SPAM from my address to mail me
Given this information, how can any company processing confidential personal or financial information use Microsoft products?
:v)
Documents can be traced; Microsoft might know more about your files than you do; Now you can find out who wrote that damning report by comparing it with sample documents.
What Microsoft have done is probably an illegal practice in many countries.
So who is now going to trust MS software unless MS go Open Source and we can check it for ourselves?
I for one am going to be asking my bank to make my downloadable banking files accessable in a non-MS compatible format for security reasons.
Vik
Not all of us are the sole users of every computer in the house. My mom has no interest in Linux, and I wouldn't want to teach her anyway (she's so irritating!). We have dual-boot on 2 of 3 computers, and win98 only on the third. Linux is ready for primetime in the server market, but it can't run Photoshop, Word (for my mom), or any of my games. So back off.
Mike
--
Mike
--
"Wi nøt trei a høliday in Sweden this yër?"
Actually, I think the Hitler reference was fairly right on. What Hitler did for Germany immediately after WWI was tremendous. He gave Germans a sense of national pride back, and unified them to be the best damn Germans they could be. Hence the "Man of the Year" award.
It's just that somewhere in there what was best for Germany was obviously killing non-aryans and taking over the rest of the world. That is not good, and no one in their right mind would ever argue that it is. That's the aforementioned "point" that he was good up to.
True, you can argue that Hitler himself never was truly "good," and that all his reforms in Germany between WWI and WWII were just to achieve his twisted goals, but regardless of why he did it, he made a lot of good changes in Germany after WWI. Then erased it, of course, by being a raging psychopath...or whatever.
(yeah, that last statement is weak, but I just _can't_ end the argument making it sound like I'm sticking up for Hitler. Gives me the willies.)
--
Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
It didn't really make it CRASH. It just came up with some _completely_ bogus error message that was more than enough to scare people away from DR DOS.
It had no bearing on the functionality of Windows. It was just FUD
----
Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
You can read a print of the article on News.com at:
http://www.news.com/News/Item/0,4,33413,00.html
-----
http://www.Windows2Linux.org (Submit your Links)
http://www.Windows2Linux.org (Submit your Links)
Everything y
Actually that is wrong. The constitution grants Americans several specific rights to privacy - unreasonable search and seizure, no self incrimination, etc. and in fact many of the most important Supreme Court rulings have been based on a right to privacy - for example Roe v. Wade making abortion legal in the US was based on a right to privacy.
The problem with this cyber stuff is that it's too now for much case law to be built up, so abusive companies like Microsoft think that they have free reign. Well, they don't, and soon they will find that their abuses will result in legislation or legal action that will make them wish they had been more careful.
Still can't run my games, which is the only reason I still have Windows 95.
I believe he was saying that such an explanation would be ok coming from a single arrogant computer geek WHO HAD WRITTEN THE SOFTWARE, WITH LIMITED RESOURCES but Microsoft has a large amount of resources to use to ensure that this type of "bug" doesn't occurr.
- Free tabletop fantasy gaming! Grey Lotus
My freshman year roommate's computer actually did order a pizza once. At least, there was nobody in the dorm named George that had ordered one, and his computer went by George. That's just one of the strange things it's done.
- Free tabletop fantasy gaming! Grey Lotus
Micro$haft Doesn't Deserve Sympathy This time. Not even about warez or any other thing, no one has any right to say they HAVE the right to see what you are doing. The EULA, does in no way say you will be monitored or subject to. As well it says in no way that any personal information or property will be tagged, tracked, etc. Micosoft has no right to do that, whether you want to buy their software or not.
"How the hell do you inadvertently collect data. Is their Microsoft VC++ compile so crappy that printf("Hello World\n"); accidently generated a MS SQL database application that accepted registration requests and logged globally unique ids to their database?"
Yes, it is that crappy. It wouldn't suprise me if I compiled "hello world" on VC++ and 20 minutes later a pizza was delivered to my house.
-"I talked to God and here's the deal/ He said to floss between each meal" -- Uninvited
Awfully tough words against privacy issues for someone who hides behind an "Anonymous Coward" label... But, regardless, if you invite someone over for dinner, they have no right to start taking an inventory of what you have and setting up eavesdropping equipment to keep track of that after their stay is over...
.This is just another reason to use open source
software where you can see for your self
what the app or kernel does and change it
if need be