Microsoft – Tales from the bits

3 New Free ebooks from Microsoft Press

George Bagropoulos — Tue, 22 Apr 2014 09:06:01 +0000

Microsoft Press offers some free ebooks! I found the ebooks at Microsoft Virtual Academy (MVA) which offers online Microsoft training to help developers learn the latest technology. MVA is free of charge, and the entire service is hosted on Windows Azure.

One of the ebooks (1311 pages) is Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition, by Kraig rockschmidt.

MVA has added 3 New Free ebooks. You can access them here.

Microsoft CEO Steve Ballmer to retire within 12 months

George Bagropoulos — Fri, 23 Aug 2013 15:14:49 +0000

Microsoft Corp. in an announcement today stated that CEO Steve Ballmer has decided to retire as CEO within the next 12 months, upon the completion of a process to choose his successor.

In a prepared statement Ballmer said that “There is never a perfect time for this type of transition, but now is the right time,”
Bill Gates said that “As a member of the succession planning committee, I’ll work closely with the other members of the board to identify a great new CEO,” he added that “We’re fortunate to have Steve in his role until the new CEO assumes these duties.”

Photo credit: Some rights reserved by ehavir

Microsoft will patch 9 vulnerabilities on Tuesday

George Bagropoulos — Fri, 06 Jul 2012 13:42:58 +0000

Microsoft announced that will release a security update that will include 3 critical and 6 important security vulnerabilities on Tuesday July 11th.

One of the critical vulnerabilities include Internet Explorer 9.

Microsoft customers will have the opportunity to ask questions on the security bulletins in a web-cast that will be held by Microsoft on July 11, 2012, at 11:00 AM Pacific Time (US & Canada).

As always, you should install the security updates as soon as they are available.

Microsoft acquires Yammer for $1.2 billion in cash

George Bagropoulos — Tue, 26 Jun 2012 10:15:09 +0000

Microsoft announced the acquisition of Yammer for $ 1.2 bilion is cash.

Launched in 2008, Yammer now has more than 5 million corporate users, including employees at 85 percent of the Fortune 500. The service allows employees to join a secure, private social network for free and then makes it easy for companies to convert a grassroots movement into companywide strategic initiative. The basic version of Yammer is free, and customers can pay to upgrade their network to receive advanced administrative and security controls, integrations with enterprise applications, priority customer service and a designated customer success manager.

Yammer will join the Microsoft Office Division, led by division President Kurt DelBene, and the team will continue to report to current CEO David Sacks.

Microsoft Surface

George Bagropoulos — Tue, 19 Jun 2012 14:01:01 +0000

Microsoft Surface is a tablet announced by Microsoft.

According to Microsoft there will be two versions of Microsoft Surface. One running Windows RT and another one running Windows 8 Pro.

An interesting feature is that the cover becomes an ultra thin keyboard.

The Windows RT version will have the following characteristics:

Light: 676 g
Thin: 9.3 mm
Clear: 10.6” ClearType HD Display
Energized: 31.5 W-h
Connected: microSD, USB 2.0, Micro HD Video, 2×2 MIMO antennae
Productive: Office Home & Student 2013 RT, Touch Cover, Type Cover
Practical: VaporMg Case & Stand
Configurable: 32 GB, 64 GB

The Windows 8 Pro version will have the following characteristics:

Light: 903 g
Thin: 13.5 mm
Clear: 10.6” ClearType Full HD Display
Energized: 42 W-h
Connected: microSDXC, USB 3.0, Mini DisplayPort Video, 2×2 MIMO antennae
Productive: Touch Cover, Type Cover, Pen with Palm Block
Practical: VaporMg Case & Stand
Configurable: 64 GB, 128 GB

Microsoft has no data on the mobile information related to Surface.

For a hands-on review click here.

It appears that Microsoft tries to create a tablet that will be comparable to iPad. To my opinion this is a tough task to succeed.

From what I saw, the only feature that is new is the touch cover. I am using a tablet (iPad) for long time now. I bought a keyboard / cover that I do not use. In my opinion this is not a great feature to decide for a purchase of a tablet. You can always buy an external keyboard if you need one.

In my opinion tablet software is still in its infancy. We are approaching the tablet from the wrong angle. Even companies have not decided yet on the features they want to offer for the tablet.

Let’s take for example the iPad. I have the iPad 3G. I do not want to jailbreak it. I cannot use it as a phone. I need to carry 2 devices. A mobile phone and a tablet. I have the simplest mobile phone on the planet (without camera) just to make phone calls and I do all my work using the iPad. Will Microsoft give 3G to Surface? Will Microsoft allow users to make phone calls from their tablets? Will Microsoft use the kinect knowledge to create a more intuitive interface for Surface?

A Lot of questions which only the future can answer.

Google Bypassing User Privacy Settings

George Bagropoulos — Wed, 22 Feb 2012 08:00:02 +0000

According to Julia Angwin and Jennifer Valentino-Devries, reporters of The Wall Street Journal, Google bypassed user privacy settings for the Safari web browser. In simple words, Google was able to drop tracking cookies even when the user has set Safari to block cookies. Microsoft confirmed that Google was using similar techniques to bypass privacy settings for IE. Google has released a statement for this issue stating that the cookies were not collecting private information. Google also stated that has stopped using the bypass.

Vulnerability in Internet Explorer

George Bagropoulos — Mon, 18 Jan 2010 09:32:20 +0000

The recent attack to Google, Adobe and other companies revealed a vulnerability that exists in many versions of Internet Explorer. According to Wired the attack was ultra sophisticated and targeted source code from Google, Adobe and dozens of other high-profile companies. The level of sophistication was equal to the attacks seen in defense industry. Microsoft has released a Security Advisory (979352). The products that are vulnerable are Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The Advisory explains the vulnerability:
“The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
George Stathakopoulos, of the Microsoft Security Response Center stated that “Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time……we have teams working around the clock worldwide to develop a security update of appropriate quality for broad distribution to address this vulnerability.”

This security vulnerability is serious for big corporations and governments that use Internet Explorer. The German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser.

Personally I doubt that home users will be affected from that vulnerability. Mainly the threat for the time being is for corporate and government users. In any case you should immediately upgrade to Internet Explorer 8. You may also choose to use another web browser until Microsoft releases a fix for this vulnerability.

Microsoft BizSpark

George Bagropoulos — Thu, 14 Jan 2010 09:58:05 +0000

Microsoft BizSparkis a global program designed to help accelerate the success of entrepreneurs and early stage startups. The requirements to join the program are:

The core business of the company is software development
Be privately held
In business for less than 3 years
Generate less than 1 million USD annually

The benefits are:

Software: You get all the latest tools and software from Microsoft to help you and your team create software. You can run your software-as-a-service business on the following server platforms: Windows Server, SQL Server, Office SharePoint Server, Systems Center, and BizTalk Server
Support:2 Technical support incidents per startup. MSDN premium access.
Visibility:Great opportunity to create a profile and attract investors and clients in the online Startup directory, BizSparkDB, on the Microsoft Startup Zone Website.

As a conclusion, I believe that this Microsoft move is a great help for the startups. They have the tools and the opportunity to create new and innovative software solutions without the initial cost of an MSDN subscription. If you qualify get that opportunity.

Open Standards and Open Software

George Bagropoulos — Wed, 13 Jan 2010 18:09:02 +0000

Open standards are standards that are available to the public and anyone either a developer or a corporation can add them into their software program. Open standards come to fill the need for interoperability. The problem that computer industry had before open standards was how to communicate two systems of different vendors. Each vendor was producing his proprietary solution and communication was almost impossible. Examples are those of Microsoft Windows and Macintosh OS. A good example of open standards is given from the Internet Engineering Task Force , their purpose to develop and maintain an open standard for network communication. (Coyle, Karen, 2002) Examples of platform specific technologies for distributed applications are DCOM and CORBA which although someone can create bridge software their use over the Internet is problematic.

There is a difference between open standards and open software. It is very important to note that open standards can be used by both open source and closed source software programs. There are cases that the reference implementation of an open standard can be available for non-commercial use. (Dave Welsh, 2004).

The open source initiative gives guidelines about what is open source. Open source does not mean only access to the source code of a software program but also includes guidelines for the distribution of the source code. The license must allow derivate works and modifications. The license must not restrict the use of the source for a specific field, such as only for non-commercial use or only for research.

The simplest way to make software public is to put it into public domain without any copyright. This method does not protect the source code and the creator of the source code from someone else (individual or corporation) to copy the code, and create proprietary software. Open source licenses come to solve many problems involving with open source. The license is needed for a simple reason to protect open source. There are many types of licenses including:

The GNU General Public License (GPL),
The Lesser GPL,
The Apache license 2.0
and many others.

There are also licenses of free software that are incompatible with the GPL licensing. Such licenses include:

The Apache license 1.1,
The IBM public license,
The Microsoft Public license
and many others.

There are many variations of licenses regarding free software. A company must invest a lot of time to read and comprehend the various licenses especially if you want to use some open source library in a commercial product. Some licenses may allow only the distribution of the source code along with the source code of the derivative work or that someone can use the source code and the derivative work can be a closed system. It is worthy to note that open source software does not necessarily means free software.

Richard Stallman initiated the GNU project and the free software movement. The main idea was that users should have the freedom to change the programs in whatever ways they wanted and not to be locked in to a specific product. IBM and Oracle used Linux which is open source and free to weaken Microsoft. Companies started using Linux to and a lot of other open source free software to save money. Companies like Red Hat and Novell are making money by distributing Linux for free and charging for support. The model for free software is not to charge for the software but for the support or the training about the software. Venture Capitalists have invested more than US$ 3 billion in 163 open-source firms between 1997 and 2008. (Economist, 391, no. 8633 p. 69)

Having a free open source product can help a company to have a pull driven marketing approach in contrast to a push marketing approach that closed system companies have. (McInnis, G., 2009, p.81).

As a conclusion, it is evident that open standards with open source is totally different. Open standards promote interoperability of systems. Open source promotes knowledge because the source code is exposed to everybody to see, learn and correct it. Giving open source software for free has many benefits both to the user and to the producer. The benefits for the producer are:

Income from services
Income from training
Potential large user base (pull marketing)

The benefits for the users are:

freedom,
Security because the company has the source code and if the publisher of the software disappears they have the source to correct problems,
Increased reliability, more eyes inspect the lines of code for errors.

References

Karen Coyle (2002). “Open source, open standards. ” Information Technology and Libraries 21.1 (2002): 33-36. ProQuest Nursing & Allied Health Source, ProQuest.

McInnis, G.. Competitive actions of companies whose revenue relies on open source software. Diss. Carleton University (Canada), 2009. Dissertations & Theses: Full Text, ProQuest.

Dave Welsh (2004). Distinguishing between Open Standards and Open Source — Part III of III Available from: http://blogs.msdn.com/dave_welsh/archive/2004/08/28/222206.aspx

BitLocker or TrueCrypt?

George Bagropoulos — Sun, 10 Jan 2010 14:40:25 +0000

(Last updated May 31 ,2014)

Latest update: Truecrypt Shut Down. The sourceforge page informs Truecrypt users to migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

BitLocker and TrueCrypt are data encryption software packages. The question is which one to use and why? BitLocker comes with Windows 7 Ultimate edition. It is also available in Windows 8.1 Pro, Windows 8.1 Enterprise editions and Windows Server 2012 R2. TrueCrypt is free open source software. As of this last update, TrueCrypt does not support Windows 8. You can find the supported operating systems here.

Michael Pietroforte at 4SYSOPS has two very interesting articles. In the first article he comparesTrueCrypt 5 vs. Bitlocker. There are no significant speed differences between the two programs. The second article is a discussion about Windows 7 BitLocker. Good news is that with Windows 7 using BitLocker is much easier comparing with Windows Vista.

With BitLocker if your computer does not have a Trusted Platform Module chip the start up key in a USB stick. On the other hand TrueCrypt wants to only to memorize a pass phrase.

Which one to use?

BitLocker:

Can be used in a whole Windows environment
Allows storage of startup key in USB stick
Allows IT Administrators to enforce Group policy

TrueCrypt:

Can be used with many operating systems including Microsoft and Linux
It is free and open source.
It does not require to store a start up key to any device. You must remember the pass phrase. Of course you can store your pass phrase in any storage media at your own risk.

From the above discussion, I believe that for large corporations the preferred solution would be BitLocker. For smaller businesses or for your personal computer or laptop TrueCrypt offers a really great solution.

For the security perspective there is the ‘Evil Maid’ attack that can be used to TrueCrypt to acquire the pass phrase. BitLocker uses trusted boot that can be attacked too. So, what is the ‘Evil Maid’ attack? In a nutshell the attack is as follows:

You leave your laptop into your hotel room and you go for breakfast.
An evil maid (enemy) enters your room and changes the boot-loader.
Next time you will operate your computer and enter your key it will be transmitted to the eavesdropper.

The attack, along with the software is explained by Joanna Rutkowska. There is also a very interesting discussion about “Evil Maid’ in Bruce Schneier’s blog.

As a conclusion, both BitLocker and TrueCrypt are excellent programs that can encrypt data. Now that you know the pros and cons of the programs and also the attack methods I hope it is easier to select the appropriate one for your needs.

My personal preference is TrueCrypt for the simple reason that is open source. Being open source makes it very difficult to add a backdoor. The code is visible, anyone can spot it. This might not be the same with commercial products.

(Update April 2014) US consultancy iSEC has completed on April 2014 a detailed two – person code audit of the software seeking security holes. The audit has turned up a dozen bugs in the code that is TrueCrypt, but not signs of backdoors or other critical security holes. You can access the full report in pdf fprmat here.