portrait-photo

Tempus fugit

Clippy will return when the stars are right

Photosynth

Hefty Microsoft Security Update

This was announced a week ago, on 13 Nov 2012. However, it is encompasses an unusually wide range of products and services for a single Microsoft security announcement

All is well

No need to fear, as this fixes were incorporated in the most recent round of “patch Tuesday” Windows updates. But it might be interesting to have a look, at such a comprehesive security bulletin, if you haven’t done so already. The most accessible version, as a higher-level summary is posted on the Microsoft Security blog, Nov 2012 release. It included this bright and basic severity chart, and a few others.

Microsoft Security Advisory severity chart 13Nov2012

Full details are provided by the Microsoft Security Bulletin MS12-075 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226).

Behind the scenes at the origin

A software company, Documill and the not-so-scary, rather friendly Scary Beasty of Google found the initial, critical causes for concern. In fact they seem to have been working on it since early September. Good for them!

It was first reported to the Chromium project as Windows blue screen and arbitrary code execution with corrupted font file

"Windows crashes with blue screen when opening a web page with a corrupted font file embedded with CSS font-face rule. This unfixed bug in Windows font handling possibly allows execution of code at kernel level."

That does sound scary! The process of discovery, notification, resolution and disclosure involved in remedying a critical security vulnerability is laid out quite clearly in the Chromium security issue thread.

Prize

There was an award issued in the amount of $5000 for finding the bug, even though it wasn’t Google’s fault per se. Since it did affect Chrome, Google decided to offer the award. Note that the bug also affected other browsers, including FireFox and Opera, maybe others. The award process is documented too, which is worth having a look at. It’s relatively straightforward but as always, intriguing to follow the interactions in the thread.

This was included, regarding Google policy on reporting and documenting Chromium security vulnerabilities, insofar as being eligible for “bug discovery awards”:

Boilerplate text: Please do NOT publicly disclose details until a fix has been released to all our users. Early public disclosure may cancel the provisional reward.
Also, please be considerate about disclosure when the bug affects a core library that may be used by other products.
Please do NOT share this information with third parties who are not directly involved in fixing the bug. Doing so may cancel the provisional reward.
Please be honest if you have already disclosed anything publicly or to third parties.”

Microsoft Surface Parody

vis web-heads:

This is NOT the Surface that Microsoft announced yesterday. Yes, they are overloading the term.

CTO Vision: Microsoft Surface Parody via SarcasticGamer [video]

I really would like one of these for home use. After all, it isn’t intended to be portable, and tossed in my purse. A table-top sized tablet would be fun! Well, it would be, until the novelty wore off. Which might never happen. It doesn’t seem to happen for iPad users.

Unfortunately, Microsoft Surface costs $10,000, maybe more. I doubt I’ll be buying one any time soon.

isomorphismes:

by lembarrasduchoix:

Notepad.txt - (open it)

This is the raw data of notepad.exe opened in Notepad itself.  The text appears exactly as it did upon importing the exe. It is completely unedited, I just took pictures of my favorite bits.

…the process of breaking a system by using itself as input… a proof by contradiction, by paradox.

Saving the document as an application resulted in error upon running. Transcribing the code to text within itself effectively turns the program to mush.

The word “Microsoft” appears 10 times in the .txt file.

——————————————————————

… Recursive Birth and Death of Audacity …

P.S. Did I trick you into opening the doc on your own? Seeing the file run on your own machine totally enhances the viewing experience.

coltoneiselisnotawoman: Everybody loves Internet Explorer. Right? Am I not right? Click through to get a real eyeful.

coltoneiselisnotawoman:

Everybody loves Internet Explorer.

Right? Am I not right?

Click through to get a real eyeful.

(Source: freeze-dried-kittens, via suicidal-nation-deactivated2012)

We recently conducted a survey of open source developers to learn about their current preferences on hosting sites and source control systems… The survey was advertised via the Twitter MSDN twitter account [rather than] CodePlex to prevent bias towards a specific open source project hosting site. We had over 1,000 responses to the latest survey, so a good sample size although the statistical degree of certainty is unknown based on the Twitter audience.

We recently conducted a survey of open source developers to learn about their current preferences on hosting sites and source control systems… The survey was advertised via the Twitter MSDN twitter account [rather than] CodePlex to prevent bias towards a specific open source project hosting site.

We had over 1,000 responses to the latest survey, so a good sample size although the statistical degree of certainty is unknown based on the Twitter audience.

Web Standards Update for Visual Studio 2010 SP1

Microdata and schema.org

HTML 5 has an additional way of adding meaning to the markup called Microdata.

This allows web developers to mark different elements with meta data that is readable by search engines.

Bing, Google and Yahoo are all supporting Microdata and the schema.org vocabularies in particular.

This update will therefore add intellisense to the most popular vocabularies including schema.org and data-vocabulary.org.

schema.org and other HTML CSS updates via Microsoft

This part was rather cute too:

There is no way around this. It’s impossible to talk about CSS3 without giving The Rounded Corners™ example because it is the quintessential CSS3 feature. The CSS3 support brought by this update does of course contain full support for rounded corners a.k.a. border-radius.

An open invitation:

As the HTML5 and CSS3 specifications mature we will make updates available accordingly to ensure that ASP.NET web developers always have the latest standards to work with. This is at the same time an invitation to report any bugs or features you would like to see in future updates. Please write a comment with any bugs or suggestions.

Emphasis is mine.

For more details, see a slightly stiff but very thorough and detailed post from the Hanselman. My favorite part was here:

Remember that you can use HTML5 today along with JavaScript libraries like Modernizr that allow you to create pages that work across nearly all browsers, including old crappy ones

Of course, there are a zillion sarcastic comments that follow e.g. “Dear God! Does that mean Card Space is dead?”

(There was even a third, behind the scenes post suggested for the insatiably curious.)

Windows 7 Taskforce

I found this post about the Windows 7 Taskforce website on MicrosoftFTW’s Tumblr. Windows performance, or lack of functionality, that I would never consider buggy, was identified and fixed by the Windows 7 Taskforce.

It left me thinking about how readily I accept things without question. With Windows, I’ll believe a problem is merely MY personal User Experience, and my shortcoming, rather than a defect. In fact, there were many design flaws and bugs. MANY users and testers complained.

Is excessive tolerance as bad as finding fault?

Aristotle’s condensed philosophy (very short-form version) reduces to “everything in moderation”. Is it applicable to everything? Is this aspect of my personality, passivity and tolerance, actually a character flaw, rather than the virtue I thought? Maybe acceptance is good in moderation only? Passivity should be balanced with criticism!

Aristotelean Quality Assurance

The Windows 7 Taskforce format is similar to StackOverflow’s design*. I’m uncertain if the task force was an official Microsoft initiative. Unfortunately, the project is done. In addition to the items that WERE fixed, you’ll see many others that are unlikely to be corrected.

Via microsoftftw:

I just learned about this site, but now it is closed. I didn’t realize how much better Windows 7 could be… So for now all of these are dead ideas going no where:

*I love Stack Overflow, actually, the entire Stack Exchange family, more and more each time I drop by. What a great way to spend time on the Internet!

** I am sort of embarrassed about this post. It feels very personal. And possibly pretentious. I’m sorry, I can’t help it. No, NOT the pretentious part! I’m referring to the way I write. It just comes out like this. Well, maybe I am pretentious too. (I can’t seem to do much about that either….)

(Source: microsftw)