The Verge story was corrected for the most part, thanks for emailing me Tom.
The Next Web published a follow up post re: the situation. It isn’t corrective in any way, but I got the gist of what Alex was trying to say: “I fucked up, sorry man.”
I hope I don’t get removed from the holiday card mailing list.
“Thank you note for every language”
© woodleywonderworks
I see my friends Alex Wilhelm and Tom Warren covered some comments I made on the ChevronWP7 stream, bless them for that. Specifically, I made two comments on the stream, after successfully selling 10,000 unlocks close to the start of the New Year:
[1] ChevronWP7 Labs enters the New Year with 10,000 token sales under our belt. Hooah! ^RR
[2] Our agreement with Microsoft was to sell no more than 10,000 tokens, hence "sold out". We’re discussing if we want to up that number. ^RR
The use of our and we were references to “the ChevronWP7 team”, i.e. Chris Walsh, Long Zheng, and myself. I mean, the tweet did come from the ChevronWP7 account after all. Here’s how I designed it to be read:
We [the team] are still discussing if we [the team] want to up this number.
Here’s how it was interpreted:
MICROSOFT HATES THE WORLD; MICROSOFT IS SHUTTING DOWN CHEVRONWP7; THEY DENIED THEM TOKENS!!!!11111
Microsoft isn’t involved in our discussion yet. And they can’t provide us with more unlocks because we haven’t asked yet. If we do request more, we’re sure Microsoft will respond positively – as they have in the past.
What frustrates me is that I know and like these guys personally, but corners were cut and no fact checking was performed. Despite being only a Skype call/KiK/email/IM away, no one bothered to contact me or anyone on the team.
Now I’m stuck with cleaning up the mess.
It’s 5am, I haven’t slept. A critical ASP.NET security update is being issued out-of-band today. Immediately, I sprung into “what the hell, Microsoft?” mode, given our government (US-CERT) indicated Microsoft was contacted about this back on November 1. (And the fact I have to worry about ChevronWP7 Labs on Azure and our product at work.) I went as far as to complain on Twitter, my channel of choice. But a few Microsoft folks pinged me, forcing me to do some fact checking.
Yep. I should’ve known not to blindly trust what was on US-CERT, sigh.
Upon inspection of the actual disclosure one area jumped out at me:
Vendor communication:
2011/11/01 Coordinated notification to PHP, Oracle, Python, Ruby, Google
via oCERT2011/11/29 Coordinated notification to Microsoft via CERT
Yep. These guys waited an arbitrary 30 days (in reality, less) before publishing it to the world. Never mind that this issue affected Microsoft .NET Framework 1.0 and up. Never mind that this framework has been built into Windows since Windows XP. Never mind patches for all these platforms have to be engineered and tested. Never mind it’s the fucking holidays and people have families they’re spending time with. Never mind this doesn’t just affect ASP.NET but also web frameworks written in Java, Python, Ruby, PHP, and JavaScript (think node).
I couldn’t find a shred of evidence to suggest this flaw was being exploited by malicious actors or that the information was discovered by other folks – possible reasons that would have explained such a disclosure. This appears to just be a classic case of dirtbagery.
Here’s how the adults handle this, take notes guys:
Today, Lead Program Manager over in the Messenger camp, Dare Obasanjo, wrote about enabling public access to the Messenger network via… yep, XMPP. (The Windows client’s days are numbered.)
Today we’re taking another step, with the public availability of access to the Messenger network via XMPP, an open standard. This means that anyone can build innovative messaging clients—either stand-alone or built into their devices—that include access to Messenger’s 300 million active users. […]
Developers interested in learning more about our XMPP interface can check out our code samples on GitHub []along with the overview documentation on the Live Connect developer center. These should give you enough information to get started building integration with the Messenger network into your mobile apps, devices and web sites.
There are still some missing basics though, like the ability to add/remove folks from your buddy list. Maybe in a future release.
Tom Warren wrote up a piece yesterday regarding a glitch affecting the way Windows Phone handles text. (Sadly, he ran with a misleading and sensational title you’d expect from the pro-Apple All Things Digital camp.) The condensed version of his write up is that Windows Phone user Khaled Salameh had a buddy on Facebook post a message “in a weird font” that then trickled down to his phone causing OS issues. He isolated the string causing the issue and ran to the media with it.
Unfortunately, because of the actors involved, we’re missing a bunch of specifics. For example, we don’t have information on the affected OS versions or information on the string itself, aside from some hints. Nor if this is limited to a specific mobile operator, device type, transmission channel – we know of SMS, Facebook, Windows Live Messenger –, or position of my bear claws.
Shortly after Warren’s post went up, Salameh tweeted this issue isn’t limited to just Windows Phone. Dang, too late.
