If Microsoft buys Github, there are alternatives.

If you're plugged into the open source or business communities to any degree, you've probably heard buzz that Microsoft is considering buying Github, an online service with a history of having a toxic work environment due to pervasive sexual harassment but still remains the de facto core of collaboration of the open source community - source code hosting, ticket tracking, archival, release management, documentation, project webpage hosting, and generally learning how to use the Git version control system.  At this point it's unclear if they're considering merely investing in the company (currently valued in the neighborhood of $5bus) or buying it …

Read more...

Microsoft admits that Vista is bloatware.

If you've ever installed Microsoft Vista yourself (or looked around in the hard drive of your brand new box), chances are you'd be surprised to find that it's a hog for disk space. An install of Vista can take up anywhere from seven to fifteen (!) gigabytes of disk space, which most people can eat because hard drives these days are typically in the hundreds of gigabytes. Still, that's a hell of a lot of binary; maybe if you've installed a load of applications and patches over a year or so, I can see that, but when you factor in everything …

Read more...

Microsoft patents the end-all-be-all of spyware; open source community gears up in response.

A couple of days ago it came to light that Microsoft, everyone's favorite software powerhouse took out a patent on what very well could be the spyware to end all spyware - a system which scans information stored on a workstation and sends it Someplace Else for analysis... to generate advertising specifically geared for the person logged into the box. The patent describes a system integrated not only into the operating system and user interface, but all of the applications linked against this functionality that would look at every document on the machine, every e-mail sent or recieved, multimedia files' metadata …

Read more...

At last, system change tracking for Windows.

Windows XP, let me be clear. And they won't let you download it unless you're using IE on a known valid (by WGA) copy of Windows, but there are ways around that (thanks, cow-orker!).

Microsoft has released a utility for Windows XP that parses the System Restore data and shows you everything that's changed for a specified period of time to aid in debugging. It can show you what software has recently been installed, what hotfixes and Windows Components have been installed, what BHOs (browser helper objects - read 'call it spyware and be done with it') have infected IE, what …

Read more...

WGA Phone Home II: Electric Boogaloo

Yesterday I linked to an article at Heise Security about Windows Genuine Advantage phoning home to tell Microsoft that you refused to install it. When word of this got out, supposedly an insider at Microsoft leaked that Windows Update phones home every time it installs an update. Supposedly, it is only to confirm that an update took to control retransmission and reinstallation from the Windows Update servers; while this makes sense, I would personally feel better if packet captures of this would be posted to confirm or deny his statement.

Which, in fact, I think I'll do tonight while I …

Read more...

Sometimes you do more harm by helping than by not.

Windows OneCare is Microsoft's all-in-one personal security suite, encompassing everything from malware removal to virus scanning on your average personal workstation. The latest release has a particularly nasty glitch, though: When scanning your Outlook .pst files, if it happens to come across an infected e-mail it'll move the whole file into quarantine or delete it entirely depending upon how you've got it configured. It doesn't treat a file that is a legitimate part of a Microsoft app any differently from a trojan executable on the hard drive.

Oops.

Thankfully, there is a workaround for this problem outlined in the article …

Read more...

I think we should call this the Sam Beckett attack.

Just when you thought attacks couldn't get any more oblique, along come Sebastian Krahmer and George Ou, who figured out how to use Vista's audio playback and voice recognition systems to compromise a box. It started off with Krahmer musing on the Dailydave list about whether or not it would be possible to craft a recording of someone reciting voice commands that could be picked up by Vista Speech Command running on the same box through a plugged in microphone. George Ou took the idea and ran with it, and came up with a couple of .wav files that do …

Read more...

Archive: 20070109

Here's an article just in from the "In other news, fire is hot and water is wet" department: A study shows that studies funded by companies tend to frame the products of those companies in a better light. A three step study of 111 dietetic studies of soda milk, and water was performed in such a way that the groups of researchers were ignorant of the conclusions of the others (the protocol is outlined in the article, it's pretty neat) to determine if the findings of the studies would be helpful or harmful to the bottom line of the organisation …

Read more...