Core Dump

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Labels: Microsoft, security

Labels: Another thing to worry about, Microsoft, security

Professors who use PowerPoint tend to present topics very quickly when they don’t have to do anything but talk. If every example and every diagram is on the screen, there isn’t much time for me to take notes on the subject of each slide. Lectures aided by chalkboard visuals are easier to take notes from because I can write what the professor writes on the board at the same time. Also, because there is usually more chalkboard space than screen space, if I am behind on note-taking, the visual will probably still be on the board for me to copy a few minutes later. A lot of professors try to solve this problem by handing out the lecture slides before class, or by posting them online. While this is great for a lot of students, it doesn’t work for me because I learn best and am most engaged if I have to take notes as if my grade depended on having a great record of the class and I would never see the material again. In classes with handouts, I tend to zone out and have to work harder to pay attention. Studies have shown[pdf] that taking high-quality notes improves organic memory: I rarely use my notes after the lecture because the act of physically writing information down helps me remember more of what goes on in class.

Labels: Microsoft, software, technical communication

# A new ribbon user interface that makes end users more productive and customization of SharePoint sites easy
# Deep Office integration through social tagging, backstage integration and document life-cycle management
# Built-in support for rich media such as video, audio and Silverlight, making it easy to build dynamic Web sites
# New Web content management features with built-in accessibility through Web Content Accessibility Guidelines 2.0, multilingual support and one-click page layout, enabling anyone to access SharePoint Server sites

Labels: Microsoft, Office 2010

Labels: Microsoft, technical communication

Labels: Microsoft, technical communication, video, Windows 7

Some experts worry that a settlement this large could rekindle debate over the legitimacy of lawsuits like this one. Lobbyists in the U.S. tech sector have been pressuring Congress to crack down on small companies suing bigger companies over patent issues.

A penalty such as the one levied against Microsoft could become a rallying cry to push even harder for those reforms, says Eugene Quinn, a U.S. patent attorney and founder of intellectual-property blog IPWatchdog.com.

“Many [small] companies are suing them just to try and get a settlement,” Mr. Quinn says. “But a lot of times it is this exact dynamic, where a small company has good technology that is being infringed. There are a lot of these types of suits out there.”

Mr. Vulpe defends their decision to protect their patent rights, while dismissing the notion that ideas should be free for use by everyone.

“Innovation without patents is like fishing without nets,” he says. “It's great for the seals upstream, but not so great for the fishermen.”

Translation? “We want to get paid,” Mr. Owen says. “They're not going to use it unless we give consent. It's the right thing.”

Labels: intellectual property, Microsoft, Microsoft Word

Labels: Microsoft, software, technical communication

Labels: Microsoft, Office 2007

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.

The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click “fix it” feature to enable the mitigations.

Labels: Microsoft, security

Labels: Microsoft, Microsoft Word

Attackers are using rigged PowerPoint files to exploit an unpatched vulnerability in Microsoft’s presentation software, according to warning late Thursday from the software maker.

In a pre-patch advisory, Microsoft described the attacks as “limited and targeted,” the kind of language that suggests it is being used to steal data from corporate or government networks. The malware associated with the attack is a Trojan dropper embedded within an exploit in .ppt or .pps data files.

According to the advisory, the vulnerability allows remote code execution if a user opens a booby-trapped PowerPoint file.

The newest Microsoft Office PowerPoint 2007 and Microsoft Office for Mac 2008 are not affected.

Labels: Microsoft, security

Labels: Microsoft, software

Microsoft Help 3 is a new client help system! This help system has been built from the ground up with simplicity, performance and relevance in mind. It was not a straightforward road in getting the project approved, and with a large legacy content base and complex content scenarios, it took a lot of long and heated design discussions with a will to favor simplicity. The end result is a greatly improved deployment model, a fast underlying architecture based on the Zip storage standard and a beautiful new Windows Presentation Foundation based help viewer featuring a web-browser feel. Initially shipping as the product help system for the next wave of Visual Studio products, this system will become available to all Windows developers in the near future. This will be the first wide release of a help system from Microsoft since Help 1.

Labels: Microsoft, software, technical communication

Overall, SharePoint can be a good solution for help content, but it certainly has limitations. If creating a comprehensive printed manual isn’t necessary, it can be an attractive format because you can take advantage of the blog and wiki formats, which do function adequately. If you have multiple authors all contributing content, or a team that needs a dynamic way to exchange information, SharePoint is a good choice.

On the other hand, if you’re tasked with building several role-based guides, and you need both online help and printed manuals, SharePoint won’t work for you. But remember, the printed manual is dying. You could get away with some quick reference guides instead, referring the user to the SharePoint site for more advanced questions. (You’ll still always get the question, “Where can I print all this out?”)

Labels: Microsoft, software, technical communication

Labels: Microsoft, Windows 7

Labels: funny, Microsoft, Office 2007

Labels: Microsoft, software, Windows 7

The attack surface for password-stealing Trojans currently targeting an unpatched flaw in Microsoft’s Internet Explorer has expanded to include all versions of the browser, including the newest IE 8 Beta 2.

Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE 7 and to spread the word about additional workarounds that can help limit the damage from actual attacks.

Microsoft’s latest advisory also includes technical instructions on how to use ACL to disable OLEDB32.DLL, how to Unregister OLEDB32.DLL and how to Disable Data Binding support in Internet Explorer 8.

IE users should bear in mind that there’s a growing list of exploitive sites taking aim at this vulnerability and now that the exploit code is publicly available, the threat will certainly grow in the coming days and weeks.

Until Microsoft can issue a patch — out-of-cycle or otherwise — you should consider using an alternative browser like Mozilla Firefox or Opera. If you must use Internet Explorer, be sure to securely configure the browser with the mitigations described above.

Labels: Microsoft, security

Mainly, however, Office Web apps are meant to be an extension to the locally installed Microsoft Office (in its next edition), the same way Outlook Web Access provides access to mail without the fat Outlook client. Users could stop at a public kiosk, for example, and fire up a browser-based Office Web app to view or edit their data. In other words, the next version of Office will enable access to desktop files over the Web, although Kapner said the details of how that will work would be revealed at a later date.

Labels: Microsoft, software

Microsoft may have made a big push to settle many of the antitrust actions facing it around the globe, but those efforts have run up against a major stumbling block: the company's inability to document the protocols need to interoperate with its own software. Documentation problems got Microsoft in hot water with the EU, and they're now the only reason it continues to be under court supervision in the aftermath of its antitrust settlement. But, despite having interoperability become a corporate strategy, its documentation efforts came under fire in a court hearing earlier today.

Labels: Microsoft, technical communication

Disabling QoS to Free Up 20% of Bandwidth

This tip made the rounds with people believing that Microsoft always allocates 20% of your bandwidth for Windows Update. According to the instructions, you were supposed to disable QoS in order to free up bandwidth. Unfortunately this tip was not only wrong, but disabling QoS will cause problems with applications that rely on it, like some streaming media or VoIP applications.

Rather than taking my word for it, you can read the official Microsoft response: "There have been claims in various published technical articles and newsgroup postings that Windows XP always reserves 20 percent of the available bandwidth for QoS. These claims are incorrect... One hundred percent of the network bandwidth is available to be shared by all programs unless a program specifically requests priority bandwidth."

Labels: Microsoft, Windows XP

Labels: FrameMaker, Microsoft

With all these quirks, it’s hard to see why SharePoint is so popular. I suspect it’s popular because none of these serious flaws are apparent until you try to customize your site, and 99% of the time people leave the sites as is.

Even despite these quirks, if you’re company uses SharePoint, you may be stuck with it. Once you get these concepts down, however, SharePoint is a workable solution as a file repository, a website, and a corporate blog. SharePoint does provide a ton of collaborative features with almost no custom coding. Few other platforms can make the same claim.

Labels: content management, Microsoft

Labels: Linux, Microsoft

Finally, I like the idea of SharePoint as a documentation tool because it’s a medium that’s alive. Most other help authoring tools are static. The Internet might as well not have been invented — it makes no difference. To me, that is the saddest thing about the tech comm. authoring tools. You author in a program on your own computer, and then upload to a file directory somewhere, and then leave the content as is until you update it again. Sorry, but that misses out on everything cool and dynamic and web 2.0 that has happened in the last 10 years.

With SharePoint, your documentation is a living entity, an organism that is constantly growing and breathing online. Like my blog — I receive comments. I look at hits. I can watch visitors in real-time. I publish comments back to it. Readership subscription grows and shrinks (but mostly grows). I see incoming links come back to it, and I link to other sites and people. As insights come to me, I add them to the blog, and other readers come and see and leave comments, and I respond. It is a living, growing, breathing body of information. Help should be the same way, not a static file that gets a push update once every 6 months.

Labels: Microsoft

Microsoft has already made changes in its timetables. Last year, the company extended the sales life cycle -- the time during which PC manufacturers and system builders could sell computers with XP installed -- to June 30, 2008. It will stop selling XP altogether on Jan. 31, 2009. And it extended the mainstream support period for XP to April 14, 2009, in an effort to reassure customers made nervous by the long delays in shipping Vista.

The result of all this tweaking is that Microsoft will stop selling XP long before it stops supporting it. You may be able to run XP for as long as you want, but before too long you may not be able to buy a legitimate copy of XP to run.

Labels: Microsoft

Labels: Microsoft

If you started reading these documents with the hope of spending a weekend writing some spiffy code that imports Word documents into your blog system, or creates Excel-formatted spreadsheets with your personal finance data, the complexity and length of the spec probably cured you of that desire pretty darn quickly. A normal programmer would conclude that Office’s binary file formats:

* are deliberately obfuscated
* are the product of a demented Borg mind
* were created by insanely bad programmers
* and are impossible to read or create correctly.

You’d be wrong on all four counts. With a little bit of digging, I’ll show you how those file formats got so unbelievably complicated, why it doesn’t reflect bad programming on Microsoft’s part, and what you can do to work around it.

The first thing to understand is that the binary file formats were designed with very different design goals than, say, HTML.

Labels: Microsoft

The one cool part of the whole process is that my endodontist was using a Windows-based digital X-ray system. Instead of placing a small piece of film in my mouth, he positioned a plastic paddle about the size of a small spatula so that the sensor on its end was in the right place, had me hold it steady, and pressed the X-ray button (”Bzzzztttt!”). Almost instantly (literally under a second), there was a response from the Dell notebook on the countertop behind him (”Ding!”) and the image was displayed in a window on the screen.

As a result he was able to snap images repeatedly throughout the procedure (”Bzzzztttt!” “Ding!”), see the results of his work nearly in real time, and make any necessary course corrections. (”Oh, look. There’s a fourth nerve in there. Hmmm, we’ll need to get to that.”)

Labels: health, Microsoft, technology

In closing, I want to emphasize that we're not removing support – we're making the default safer. If you're among the users who do need to be opening these formats, we will continue to support you. We also recognize that we have not made any of this as usable as we'd like, and we apologize that this hasn't been as well documented or as easy as you need it to be. We're also going to take a hard look at how we can do better in the future.

Labels: Microsoft, Microsoft Word

In a posting to his own blog, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in attributing security problems to certain file formats, including the one used by CorelDraw.

"We stated that it was the file formats that were insecure, but this is actually not correct," LeBlanc said, referring to a description in a now-changed support document. "A file format isn't insecure -- it's the code that reads the format that's more or less secure. The parsers we use for these older formats aren't as robust as the code we've written more recently, which is part of our decision to disable them by default.

"Some of the formats blocked are from products built by companies other than Microsoft, and we apologize for implying that there were any problems in those companies' file formats," said LeBlanc. He did not specifically name Corel.

Labels: Microsoft

Labels: Microsoft

Labels: Microsoft, XML

It's a hard plastic case, sealed in two different places by plastic stickies. It represents a complete failure of industrial design; an utter F in the school of Donald Norman's Design of Everyday Things. To be technical about it, it has no true affordances and actually has some false affordances: visual clues as to how to open it that turn out to be wrong.

This is the same box that Vista comes in. Nick White over at Microsoft seems proud of the novel design, but from the comments on the web it seems I'm not the only one who couldn't figure out how to open it. It seems like even rudimentary usability testing would have revealed the problem. A box that many people can't figure out how to open without a Google search is an unusually pathetic failure of design. As the line goes from Billy Madison: "I award you no points, and may God have mercy on your soul."

Labels: Microsoft

Labels: Microsoft, security, technical communication

Labels: Microsoft, software, technical communication

Labels: Microsoft, Office 2007, technical communication

Labels: Microsoft, software, technical communication

After living with the Mac for three months and comparing it to my Vista experiences, the choice is crystal clear. I've struggled to sort out my gut feeling about Windows Vista (see "The Trouble with Vista"), but the value and advantage of the Mac and OS X are difficult to miss. While I continue to work with Windows XP and Vista on a number of other machines, I am now recommending the Macintosh for business and home users.

Labels: Macintosh, Microsoft, Vista

The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. For more information, see http://www.microsoft.com/licensing/userights. You may not
* work around any technical limitations in the software;
* reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
* use components of the software to run applications not running on the software;

Labels: Microsoft, technical communication

Many millions of words have been written and said on this topic. I have a couple of pictures. The basic argument goes like this. In its long evolution, Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications.

Labels: Linux, Microsoft, security

Labels: Microsoft, software, technical communication

Labels: Microsoft, Vista

Alongside the all-or-nothing approach of disabling output, Vista requires that any interface that provides high-quality output degrade the signal quality that passes through it. This is done through a "constrictor" that downgrades the signal to a much lower-quality one, then up-scales it again back to the original spec, but with a significant loss in quality. So if you're using an expensive new LCD display fed from a high-quality DVI signal on your video card and there's protected content present, the picture you're going to see will be, as the spec puts it, "slightly fuzzy", a bit like a 10-year-old CRT monitor that you picked up for $2 at a yard sale. In fact the spec specifically still allows for old VGA analog outputs, but even that's only because disallowing them would upset too many existing owners of analog monitors. In the future even analog VGA output will probably have to be disabled. The only thing that seems to be explicitly allowed is the extremely low-quality TV-out, provided that Macrovision is applied to it.

Labels: Microsoft, Vista

Microsoft and IBM ratcheted up their criticism and rhetoric this week in the long-standing battle to win the hearts and minds of developers and users for the document format they support.

The volley was started by IBM, which was the lone dissenter in the vote on Dec. 7 that approved Microsoft's Open XML document format as an Ecma standard.

In a public comment about its decision to vote against approving the standard, Bob Sutor, vice president of open source and standards at IBM, says on his blog that the Open XML format is nothing more than a vendor-dictated specfication that documents proprietary products via XML.

Labels: Microsoft, Office 2007, software

Labels: Microsoft

So in addition to the above problems with decision-making, each team had no idea what the other team was actually doing until it had been done for weeks.

The end result of all this is what finally shipped: the lowest common denominator, the simplest and least controversial option.

Labels: Microsoft, Vista

The other shoe has dropped on a weird little deal between Microsoft and Novell over SUSE Linux last week. Microsoft gave Novell $440 million for SUSE support, and then Novell gave back $40 million to license Microsoft's bogus patent claims against Linux.

Now Microsoft's Chief Rageaholic Steve Ballmer has explained the deal: Novell's $40 million "payment" is an admission of guilt. Every Linux user who doesn't use SUSE (the only "licensed" Linux) is a patent infringer. All Linuxes except the ones that Microsoft blesses are illegal

Labels: Microsoft

Labels: Microsoft, technical communication, Vista

Also, you'll notice that unlike a typical table format (like HTML, CALS, etc.) the XML above is representing a spreadsheet. It's a subtle difference when working with simple examples like this, but becomes more obvious as you move into more complex spreadsheets. One noticeable difference right away though is that we don't write any elements down for the empty cells B2:C4. If there isn't any data in a cell, then you just don't write anything. This is a bit of a different model from table formats that are more presentation based.

Labels: Microsoft, XML

What does all this mean to a typical Windows Vista user who just wants to sit back, relax and watch a movie on his brand-new, state-of-the-art multimedia dream machine? That depends, of course, to a great extent on what he wants to watch; the latest Hollywood blockbuster is far more likely to require a PVP-compliant system than less mainstream fare. But sooner or later, most Vista users will probably encounter PVP-protected content -- and more often than not, they will walk away from the encounter at least a little frustrated, disappointed or even angry.

Labels: Microsoft, Vista