Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

evildictaitor evildictait​or Devil's advocate
  • Microsoft axes TwC

    What. The. Hell. Microsoft?

    http://www.geekwire.com/2014/microsoft-closing-standalone-trustworthy-computing-group-folding-work-units/

    Seriously. You can afford $2.5bn for Minecraft, but not to keep your SV research lab or team responsible for security and privacy open?

  • MS want to ship a new version of Windows like ... every week ?

    , CaRDiaK wrote

    Hasn't this happened for a while already. Isn't it called patch Tuesday or something.

    No. Infrequently pushing patches to several billion customers all at once in response to only the most serious security vulnerabilities after an exhaustive and horrendously expensive testing process is literally the opposite of what this job is.

  • MS want to ship a new version of Windows like ... every week ?

    The Google Chrome-ification of Windows :)

  • Paul Allen bought a * Panzer tank?

    Pretty sure $2.5m couldn't eliminate HIV or Ebola or poverty.

  • Windows 9 Leaks

    , elmer wrote

    Paul Thurrott tweeted: "So it's obvious to everyone now that Windows 9 is really Windows 8.2, right?"

    Technically 6.4, but yeah.

  • Netbook vs. Chromebook (part deux)

    , fanbaby wrote

    I may be way wrong on this, but I think that you as a security manager << Google as security managers. Or GitHub or even Microsoft. You are assuming that your laptop is virus free. You are highly optimistic.

    This brings the issue of laptops at Google/Microsoft/GitHub though :)

    Even if that is true for many people (it's laughably false for me - Google and MS really aren't as great at infosec as they pretend they are), it doesn't frankly make much difference. it's about trust, and the third-party doctrine.

    If I put source-code in a Microsoft server, the United States no longer needs to serve me with a warrant to obtain it. They merely need to serve Microsoft with a warrant to obtain it. And the FSB who almost certainly hacked Microsoft and Google a decade ago can just siphon it off. And any malicious insider at Google can just log in and take it.

    Those are risks I have to trust Microsoft and Google not to screw up. They can promise 'til they're blue in the face, but both of them were in the PRISM program, both of them have ex-employees sitting in federal jails for spying for foreign companies, and both of them have been hacked large numbers of times in the past, and they've all axed products with little warning, had outages that have affected hundreds of millions of customers and done anti-competitive shenanigans that make it hard for a business to leave once they've got a stranglehold on your data.

    The cloud is snake-oil. If host my files, I can keep them on an airgapped network. I can control their distribution. I can ask someone to check my employees' backgrounds to make sure they aren't spying for China, and hire lawyers to fight subpoenas of my data.

    That's what this is about. It's about who owns my data. If I keep it on my laptop, the answer is me. If I put it in the cloud, the answer is somebody else. And as it happens, I'm a full 100% confident that if they store it rather than me, my data will be less safe, and I'll have less control over it than if I kept it local.

  • Netbook vs. Chromebook (part deux)

    , Bass wrote

    ...but Firefox is always the first thing I open, and the last thing I close.

    For me it's Visual Studio and WinDbg.

    The bit that worries me about this whole "everything through the web-browser" model, is over-my-dead-body will I upload all of my source-code live to a big online source-depot owned by someone else. It's not OK for the risk of the source leaking, being stolen, being maliciously altered or being destroyed being owned by someone else. It just isn't.

    If my laptop burns out and my source-depot is fried - well, at least that's my fault for not having better backups. But if Microsoft screws up and someone deletes all of our company's source code - well, we're out of business through someone else's *-up.

    The web is great. But it is absolutely critical we don't ever move to an "everything is cloud, local-apps are dumb" model.

    Hell - if the NSA saga taught us anything, it's that stuff you shove in the cloud isn't yours - legally, technically or actually. And what hacked-celeb-nude-photos-gate has told us is that stuff in the cloud can and will be leaked if it's important enough.

    The web is great. But local apps are better. And that's something Google just fundamentally doesn't "get".

  • Windows 9 Leaks

    , cbae wrote

    Under the hood, Metro apps currently seem to be just chromeless windows that can only be snapped. Windows 9 will just add the chrome back and allow the windows to float.

    Not quite. In Windows8, they run on a separate desktop (the "Immersive desktop") as chromeless full-screen apps, but running as a separate isolated user with an AppContainer isolation token. Later Windows8.1 they made them run on technically the same desktop in order to support side-by-side view.

    What this means is that the app is aggressively isolated from the rest of the system, and all of the "permissions" are brokered via RuntimeBroker.exe running as medium integrity on the user's desktop.

    There's a lot more to Metro than just the UI. The isolation permission model is a big deal, and allows users to install apps "just for fun" without the Windows7-era risk of "everything you download from the Internet could very well be malware and totally pwn your system and steal your data and credit cards".

    There's also the "suspend when backgrounded" Metro thing that doesn't affect desktop apps. The purpose of that ultimately to support low-power devices. I suspect they'll kill that for metro-only SKUs in vNext.

    In Windows.vNext that isolation remains (almost) the same, even if the apps now live on the same desktop. You ought to be able to download Angry Birds and be confident it's not bundled with malware that installs BHOs into Internet Explorer, and install some crappy-third party app, confident that someone who pwns it won't be able to take "top-secret-finances.xls" from your desktop and send it up to the Russian hacker-overlords who built it.

  • Windows 9 Leaks

    , MasterPi wrote

    I wonder if you can "snap" virtual desktops. Probably not as it'd be too confusing for a normal user.

    No. Desktops are a logical separation in the kernel (and for the user), not a windows separation in the DWM. It would screw up apps to pretend that full-screen size has the aspect ratio of a half-screen. It'd be a huge amount of work to re-engineer all of that (plus a huge app-compat risk) for that edge-case.

    On the other hand, just adding new full-screen desktops is much more simple. Windows has technically supported that since about Win2k for terminal services (and sysinternals has exposed it so individual users can have multiple desktops since WinXP era).

  • Windows 9 Leaks

    , bondsbw wrote

    Meaning they are taking away my beautiful TWM-like snap view environment.

    No. You can still snap metro windows side-by-side.