The FAQ and info on https://openwireless.org/ doesn't seem to address security and privacy from the "guest user" point of view. They do have a link at the top "Using a network named "openwireless.org"? Check out important information about this network." which provides information for a guest user - but only mentions about being considerate and not abusing the service.
How does a user establish trust with each Open Wireless access point in order to determine it is not a rogue/fake AP? How are potential guest users being educated, besides a mention of HTTPS Everywhere? (Which most potential guest users don't really understand, and can also easily be manipulated into overriding SSL security warnings, such as one that may come up if the guest is being routed through a mitm SSL proxy.)
If this does become more widespread, I could definitely see a lot of money to be made for "Open Wireless VPN proxy" subscription services. But if the point is to "help change the way people and businesses think about Internet service" then shouldn't the guest user security issues be in the forefront with at least as much important as the host?
That last sentence sounded strangely familiar:
"If biological intelligent design is taught, any proposed identity of the intelligence responsible for earth's biology shall be verifiable by present-day observation or experimentation and teachers shall not question, survey, or otherwise influence student belief in a nonverifiable identity within a science course."....
`I refuse to prove that I exist,' says God, `for proof denies faith, and without faith I am nothing.' `But,' says Man, `The Babel fish is a dead giveaway, isn't it? It could not have evolved by chance. It proves you exist, and so therefore, by your own arguments, you don't. QED.' `Oh dear,' says God, `I hadn't thought of that,' and promptly disappears in a puff of logic.
Thanks for the response, I am one critic who appreciates the response, whether I'm being put in my place or not, I firmly believe in always questioning everything, including myself when necessary.
Had I not received the invitation email last week from Microsoft, I probably would have nothing about the article to disagree with. However, my impression upon reading the invitation email from Microsoft was that the client software end of the project is ready and stable, but the "functional" side (detection patterns, accuracy, etc) was still in the early stages and still a long way off from being useful to the public. When reading the article I got the impression it was being reviewed like a final product, however my impression from Microsoft is that this is a long way from a final product. That being said, you do bring up a very valid point, it is being called a Preview Release and does not have an NDA, which a commenter in a thread above referred to as guerrilla marketing. After reading your reply to my criticism, it does seem fishy for Microsoft to release a product not labeled beta with no NDA, but with beta quality functionality, regardless of how their invitation email is written. (I have participated in a number of Microsoft betas, both public and private, and this project does not fit the usual pattern.)
So I wasn't looking for bias, however my viewpoint was different since I have already used the application and read the information from Microsoft before reading the article. I agree with the main point of the article... at this point in time it is a useless application. But many people reading the article are going to completely pass over the part that mentions "preview release", since these days everything is a preview release or beta of some type, and just assume the tool is junk even though it only part that is complete is the client side scanner. (Kind of like finishing an antivirus engine, but not maintaining your definition database yet.)
So the bigger question is, did Microsoft intend for information about this upcoming tool to spread around in an attempt to inspire confidence, or did someone mess up and should this have been under an NDA while being developed for the next six months until it is ready? After taking into account your response, along with some other criticism of my comments, maybe a different title and disclaimer would clear up any confusion. "Microsoft Launches PC Advisor Repair Utility" to me seemed untrue as it is not available to the general public, but with no NDA as you mention, maybe it is more accurate than I gave you credit for.
Keep up the good work, I've been a subscriber for years and plan to keep it that way:)
What guerrilla marketing campaign? The Microsoft PC Advisor has not been marketed to anyone. Previous members of the Windows Feedback Program were invited to participate in testing and improving the product to prepare it for public release in the future. Nowhere in the article, or anywhere else, have I seen Microsoft PC Advisor being marketed to anyone. Point me to this marketing, and I'll retract my statements, but this program is not a finished or public product, and is not part of any of Microsoft's existing marketing campaigns.
Again, the article leaves out information provided in the original Microsoft invitation. The 10-minute survey has nothing to do with what will be the finished product at least 6 months from now, it is more like an informal beta-application. The users testing this will also be filling out additional surveys as Micro$oft makes more tweaks and fixes in order to gather feedback on what works and what doesn't. The key here is that this is not intended as a public project at this point in time. The finished product will not require a survey. And the users that the finished product will target are the users that have no clue what other free tools are out there... it is for users that want to have Flash on their system to watch youtube, but have no idea what "Flash" is, to help them keep up to date on security fixes, etc. Unfortunately TFA excludes information from the original invitation that makes the entire story completely out of context.
Exactly. And, the author does not mention that this tool is not ready for the general public (why else would it be invitation based to select individuals?), and has at least 6 months to go of information gathering and expansion of their tweak/settings/problem database before it will be ready for prime time. The article leaves out some important details about the status of this application and is completely misleading. In the end, it will still not be a useful tool for power users, but *if* Microsoft has the right team on this, it could be useful for non tech-savvy people.
The thing that seems to not be addressed is that this tool is specifically targeted for a small number of people. The software itself is not "beta", however the issues and problems that it searches for and repairs should be considered beta. The whole point of releasing this to a small, specifically invited group of people is to fine tune and make the detection and repair database much more useful before it is ready for the general population. The following is taken directly from the invitation email:
"As part of this study, you would download and install the Microsoft PC Advisor application and provide feedback on the impact on your Windows Vista PC through 3 brief surveys over the next 6 months"
For a product that is at least 6 months away from being released to the general public, this article is no more than a misrepresentation of the goals of the software at this point in time. And as the "invited" users use the tool, they will have the chance to provide feedback to help improve the capabilities of the utility.
That being said, this tool will never be a useful tool for power users that already know how to tweak their systems and update software, and the final release database may not be much better in the end anyway. But if that is the case, write an article at that point Will Smith, not when a product has barely begun building a database and is on an invitation only basis. I like to bash Micro$oft as much as anyone else, but this article is FUD. I'm guessing that Will had this passed along to him from a third party with some missing information, at least I hope, it is the worst piece of "journalism" I have seen from the man.
Well at least I'm not the only one confused about how many times I keep hearing about this "new" attack. A few weeks ago the same code was hitting a ton of coldfusion servers within a two day period. So maybe the reason this keeps showing up as "new" is it seems to put emphasis on different server side languages at different times. (All with common databases behind them.) But as usual, if the code is written properly and validating the data coming in, this won't do a thing.
I have to agree that it is a superior product. Of course, after installing it, the first thing you need to do is turned off the annoying audio help and sponsorship links (which IMHO the sponsorship links shouldn't exist in the first place for a product you paid money for.)
But in my experience, Money has proven to be a convenient and reliable way to track and budget my finances. The toughest part of my original switch to MS Money was the fact that choosing to use a Microsoft product made me feel a bit dirty =/
Slashdot Mirror
The FAQ and info on https://openwireless.org/ doesn't seem to address security and privacy from the "guest user" point of view. They do have a link at the top "Using a network named "openwireless.org"? Check out important information about this network." which provides information for a guest user - but only mentions about being considerate and not abusing the service.
How does a user establish trust with each Open Wireless access point in order to determine it is not a rogue/fake AP? How are potential guest users being educated, besides a mention of HTTPS Everywhere? (Which most potential guest users don't really understand, and can also easily be manipulated into overriding SSL security warnings, such as one that may come up if the guest is being routed through a mitm SSL proxy.)
If this does become more widespread, I could definitely see a lot of money to be made for "Open Wireless VPN proxy" subscription services. But if the point is to "help change the way people and businesses think about Internet service" then shouldn't the guest user security issues be in the forefront with at least as much important as the host?
That last sentence sounded strangely familiar: ....
"If biological intelligent design is taught, any proposed identity of the intelligence responsible for earth's biology shall be verifiable by present-day observation or experimentation and teachers shall not question, survey, or otherwise influence student belief in a nonverifiable identity within a science course."
`I refuse to prove that I exist,' says God, `for proof denies faith, and without faith I am nothing.'
`But,' says Man, `The Babel fish is a dead giveaway, isn't it? It could not have evolved by chance. It proves you exist, and so therefore, by your own arguments, you don't. QED.'
`Oh dear,' says God, `I hadn't thought of that,' and promptly disappears in a puff of logic.
Thanks for the response, I am one critic who appreciates the response, whether I'm being put in my place or not, I firmly believe in always questioning everything, including myself when necessary.
Had I not received the invitation email last week from Microsoft, I probably would have nothing about the article to disagree with. However, my impression upon reading the invitation email from Microsoft was that the client software end of the project is ready and stable, but the "functional" side (detection patterns, accuracy, etc) was still in the early stages and still a long way off from being useful to the public. When reading the article I got the impression it was being reviewed like a final product, however my impression from Microsoft is that this is a long way from a final product. That being said, you do bring up a very valid point, it is being called a Preview Release and does not have an NDA, which a commenter in a thread above referred to as guerrilla marketing. After reading your reply to my criticism, it does seem fishy for Microsoft to release a product not labeled beta with no NDA, but with beta quality functionality, regardless of how their invitation email is written. (I have participated in a number of Microsoft betas, both public and private, and this project does not fit the usual pattern.)
So I wasn't looking for bias, however my viewpoint was different since I have already used the application and read the information from Microsoft before reading the article. I agree with the main point of the article ... at this point in time it is a useless application. But many people reading the article are going to completely pass over the part that mentions "preview release", since these days everything is a preview release or beta of some type, and just assume the tool is junk even though it only part that is complete is the client side scanner. (Kind of like finishing an antivirus engine, but not maintaining your definition database yet.)
So the bigger question is, did Microsoft intend for information about this upcoming tool to spread around in an attempt to inspire confidence, or did someone mess up and should this have been under an NDA while being developed for the next six months until it is ready? After taking into account your response, along with some other criticism of my comments, maybe a different title and disclaimer would clear up any confusion. "Microsoft Launches PC Advisor Repair Utility" to me seemed untrue as it is not available to the general public, but with no NDA as you mention, maybe it is more accurate than I gave you credit for.
Keep up the good work, I've been a subscriber for years and plan to keep it that way :)
What guerrilla marketing campaign? The Microsoft PC Advisor has not been marketed to anyone. Previous members of the Windows Feedback Program were invited to participate in testing and improving the product to prepare it for public release in the future. Nowhere in the article, or anywhere else, have I seen Microsoft PC Advisor being marketed to anyone. Point me to this marketing, and I'll retract my statements, but this program is not a finished or public product, and is not part of any of Microsoft's existing marketing campaigns.
Again, the article leaves out information provided in the original Microsoft invitation. The 10-minute survey has nothing to do with what will be the finished product at least 6 months from now, it is more like an informal beta-application. The users testing this will also be filling out additional surveys as Micro$oft makes more tweaks and fixes in order to gather feedback on what works and what doesn't. The key here is that this is not intended as a public project at this point in time. The finished product will not require a survey. And the users that the finished product will target are the users that have no clue what other free tools are out there ... it is for users that want to have Flash on their system to watch youtube, but have no idea what "Flash" is, to help them keep up to date on security fixes, etc. Unfortunately TFA excludes information from the original invitation that makes the entire story completely out of context.
Exactly. And, the author does not mention that this tool is not ready for the general public (why else would it be invitation based to select individuals?), and has at least 6 months to go of information gathering and expansion of their tweak/settings/problem database before it will be ready for prime time. The article leaves out some important details about the status of this application and is completely misleading. In the end, it will still not be a useful tool for power users, but *if* Microsoft has the right team on this, it could be useful for non tech-savvy people.
The thing that seems to not be addressed is that this tool is specifically targeted for a small number of people. The software itself is not "beta", however the issues and problems that it searches for and repairs should be considered beta. The whole point of releasing this to a small, specifically invited group of people is to fine tune and make the detection and repair database much more useful before it is ready for the general population. The following is taken directly from the invitation email:
"As part of this study, you would download and install the Microsoft PC Advisor application and provide feedback on the impact on your Windows Vista PC through 3 brief surveys over the next 6 months"
For a product that is at least 6 months away from being released to the general public, this article is no more than a misrepresentation of the goals of the software at this point in time. And as the "invited" users use the tool, they will have the chance to provide feedback to help improve the capabilities of the utility.
That being said, this tool will never be a useful tool for power users that already know how to tweak their systems and update software, and the final release database may not be much better in the end anyway. But if that is the case, write an article at that point Will Smith, not when a product has barely begun building a database and is on an invitation only basis. I like to bash Micro$oft as much as anyone else, but this article is FUD. I'm guessing that Will had this passed along to him from a third party with some missing information, at least I hope, it is the worst piece of "journalism" I have seen from the man.
Well at least I'm not the only one confused about how many times I keep hearing about this "new" attack. A few weeks ago the same code was hitting a ton of coldfusion servers within a two day period. So maybe the reason this keeps showing up as "new" is it seems to put emphasis on different server side languages at different times. (All with common databases behind them.) But as usual, if the code is written properly and validating the data coming in, this won't do a thing.
I have to agree that it is a superior product. Of course, after installing it, the first thing you need to do is turned off the annoying audio help and sponsorship links (which IMHO the sponsorship links shouldn't exist in the first place for a product you paid money for.) But in my experience, Money has proven to be a convenient and reliable way to track and budget my finances. The toughest part of my original switch to MS Money was the fact that choosing to use a Microsoft product made me feel a bit dirty =/