Fjodor’s thoughts

Now, where did that file go?

By Fjodor on Jul. 20, 2007.

Hal Licino did an interesting experiment, suggesting that Hotmail loses an indecently high number of mails containing attachments. Worth noting, he did the experiment with paid for accounts, not the free ones, even though the numbers would be outrageous even if that was the case.

Lost any mails in transfer lately? Using Hotmail? Go sue someone!

Testing vista for 30 days -> data loss and instability

By Fjodor on Apr. 5, 2007.

HardOCP.com writer Brian Boyko took Vista for a spin, using it exclusively on his home machine for 30 days, resulting in 30 Days with Windows Vista.

It is a lengthy piece, seems unbiased, and he even puts in a nice little disclaimer, stating that he is by no means an MS-basher. It could be hard to tell, though, from what he has to say about Vista.

The only mildly interested readers should at least read the conclusion (reachable from the article front page).

When the Blue Screen of Death may be just that

By Fjodor on Feb. 26, 2007.

I will probably never be heard touting the security and reliability of Windows. Never have, can’t see it happening anytime soon. It would seem however, that the UK’s Royal Navy is more easily impressed.

Cue Windows 2000 for Warships… Am I the only one who remember the case of Windows 2000 and LAX not mixing well?

UAC (still) not a security boundary

By Fjodor on Feb. 26, 2007.

Once again, a UAC vulnerability has been found. And once again, MS fails to see it as a problem…

Speak up or shut up

By Fjodor on Feb. 26, 2007.

Known to most, Mr. Steve Ballmer has repeated ad nauseam his claims that Linux infringes on MS intellectual property. And contrasting his claims has been the utter reluctance to name even one case in which it is true.

Sometimes someone has to call “enough”, and thus has come forward this open letter, urging MS to either identify problem areas or stop spreading unfounded FUD.

I call it most welcome, however the outcome may be.

Microsoft “lost” evidence in Burst vs. Microsoft

By Fjodor on Feb. 17, 2007.

Remember the “Burst vs. Microsoft” case?

At some point in time, Microsoft were ordered to deliver copies of email correspondence relating to Burst, but told the court it would be infeasible. The order was none the less repeated, but before said emails were delivered, the case was settled. Robert X. Cringely covered the case, and he recently received an email from a contractor involved in backup procedures within Microsoft.

The following timeline seems to cover the problem of the email correspondence:

• Microsoft is ordered to hand over the emails.
• Microsoft informs the court that this would be infeasible
• None the less, Microsoft instructs their contractors to gather backups from the specified period, and store them at a given location
• The court repeats it’s orders
• The backup contractors discover that the previously gathered tapes are “mysteriously missing”, and are held responsible by Microsoft
• The case is settled out of court without Microsoft producing the emails

How very convenient, and how very sad.

Microsoft fighting for open standards?

By Fjodor on Feb. 16, 2007.

As may be known to you, proposals for open, XML-based document formats have been submitted to the ISO/IEC. Open Document Format (wikipedia article), ODF, meets the usual requirements for being an open standard, and on the outside, MS’ competing format Office Open XML (wikipedia article), OOXML, appears to do so as well.

ISO adoption of the OOXML format has been blocked by IBM, backing ODF, which has sparked this open letter from MS, stating among other things that

When ODF was under consideration, Microsoft made no effort to slow down the process because we recognized customers’ interest in the standardization of document formats.

While it is true that MS did not hinder the standardisation process, it certainly did not forgo chances to hinder the adoption of it by interested parties: Inside story: How Microsoft & Massachusetts played hardball over open standards, Computerworld.com.

Furthermore, while a proposed standard may be openly presented, that certainly does not mean that it is openly implementable, as this article shows.

I will let it suffice to ask, if a standard containing the tags “lineWrapLikeWord6″, “useWord2002TableStyleRules” or “useWord97LineBreakRules” conveys a sense of openness or interoperabilty, considering that the formats for Word 6, Word 97 and Word2002 are strictly closed.

MS’ answer to Rutkowska: UAC is not about security afterall

By Fjodor on Feb. 14, 2007.

Seems MS has an answer for Joanna Rutkowska (her blog entry), with regards to the situation described in my last post.

Contrary to all statements leading up to the Vista relase, she quotes Mark Russinovich of MS as writing that UAC is not “a security boundary”, and thus that:

Because elevations and ILs don’t define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs.

So, not only is the much hyped security measures not reagarded as security measures by MS, and thus their failing to provide security is a non-bug.

Now isn’t that lovely?

Joanna Rutkowska on Vista security

By Fjodor on Feb. 14, 2007.

Rutkowska is trying out Vista. And as always, it seems to be a different world than what MS marketing would have us believe…

Quote from her blog:

One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges.
[...]
That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers!

Now how about that. She describes the XP option of customised privileges, enabling the user to assign only the strictly required privileges for installing software, and still disallowing e.g. loading kernel drivers. Seems neat, but, alas, a thing of the past.

Next, she finds that while Vista still does go through some work to protect itself, it seems a little more careless with actual user data. In other words, even processes running at the lowest “Integrety Level” might still read data from more privileged processes. As she puts it:

So, the statistics look better and everybody is generally happier. Including the competition, who now has access to stolen data

She goes on to describe her ability for an “IL” process to send keyboard and mouse events to a shell running as Administrator. How very reassuring.

Go Vista!

Vista and HD content? Not likely…

By Fjodor on Feb. 13, 2007.

This almost speaks for itself: A Cost Analysis of Windows Vista Content Protection. Therefore I shall restrain myself to this little nugget of totalitarian gold from MS’ specs and a comparison:

“It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content”

…which seems unscrupulously close to Sir Ian Kershaw’s concept of “working towards the Führer”, as explained by this http://goodreports.net book report on his “Hitler: Nemesis 1936-1945″:

“‘Working towards the Fuhrer.’ What this refers to is the way in which radical actions were often instigated from below, not as the result of express directives, but because they were felt to be in line with Hitler’s broadly defined aims.”

Now, I am not saying that the software business is comparable to the holocaust. Not by a long shot. However, it would seem that MS is trying, in the first, to reap the benefits of a mechanism, that was an instrumental factor in the radicalisation of the second.