Amazon Gets Into the Gadget Business

I flipped over to at the end of last week and saw a lengthy letter from founder and CEO Jeff Bezos at the top of the homepage. This letter, which many of you likely also saw, extolled the virtues of Kindle, a new e-book reader developed by Amazon and offered exclusively in its pages.

Checking again today, I see that "due to heavy customer demand, Kindle is temporarily sold out." That may be marketing spin, or it may be that there's a segment of the population that just has to have every new gadget on the market.

The Kindle is large (almost the footprint of a hardcover book) and expensive ($399), making you wonder just what they had in mind.

Take a look at the Kindle and give me your read at [email protected].

Microsoft Acknowledges PRNG Bug in Windows XP
Microsoft has finally acknowledged that the vulnerabilities found by Israeli researchers in Windows 2000 also extend to Windows XP. The vulnerabilities involve Windows' pseudo-random number generator (PRNG), a piece of code that generates seemingly random numbers for various uses in the system. I say "seemingly" because you have to trick a deterministic computer to produce numbers that behave like they're random (a trick I studied while an MS student in math many years ago).

In an academic paper published recently (read the PDF here), the researchers described how they recreated the algorithm used by Windows 2000's PRNG, and used that to investigate how it's used in the system. Windows and its applications use the PRNG to create random encryption keys, which are in turn used to encrypt files and e-mail messages, and by the Secure Socket Layer protocol.

The researchers also noted vulnerabilities in the Windows CryptGenRandom function, which calls on the algorithm. This may cause any application using the Windows cryptologic functions to exhibit the vulnerability.

Do you need to use random numbers in your application? And with the Windows PRNG? Let me know if you trust it at [email protected].

Microsoft Loses $140 Million Patent Appeal
It may be pocket change for Microsoft, but the company and CAD software maker Autodesk have been ordered to pay privately held z4 Technologies over $140 million for technology they used to activate newly installed software and deter piracy. The appeals court agreed that the method used by Microsoft and Autodesk infringed on patents created and owned by David Colvin, the owner of z4.

According to the ruling, Microsoft's Windows XP and Office 2003 suite of productivity software used z4's patented method of asking buyers of the software to supply two passwords, or authorization codes, before they could use the software. Microsoft had claimed that the patents were invalid.

In case you're wondering where your license fees go to, Microsoft must have huge legal bills. Wish some of that could go into improving products or support? Let me know at [email protected].

Cyber Monday Scores a Touchdown
Rather like our hometown New England Patriots, holiday consumers dropped back and lofted a digital pass into the end zone for a big score. Early reports indicate that Cyber Monday was on track to set a record for online purchases.

Cyber Monday is so named because of its reputation as the biggest online shopping day of the year. In the days before widespread broadband access, workers would come back from the Thanksgiving holiday and use their employers' fast Internet access to begin online shopping for the holidays.

Did you make any purchases online yesterday? How was the experience? Send your take to [email protected].

Mailbag: Your Thoughts on Copy Protection, More
Doug asked readers yesterday where they stand in terms of copy protection: Do you use dongles, or are you OK with Microsoft's WGA program? Here are some of your responses:

Personally, I much prefer Genuine Advantage. Even though it could mess up or be used in nefarious ways, it beats a dongle hands down. My experiences with dongles have lead to many frustrations. Dongles take up a slot on the computer, can (and often do) fail, must be configured properly and look enough like a flash drive that they become prime targets by thieves (although, I kind of like the justice of a thief getting a completely useless piece of hardware).

When I was supporting a small research group, I never had any issues with Microsoft licensing but a dongle issue used to come up several times a year. I'm not sure it really saves you from the possibility of shady licensing practices, either. There's really no way of controlling what is on that dongle.

I'm fine with the protection scheme used by Microsoft. It has worked fine on our home computer, allowing continued updates of the patches and fixes. I'm sure the experience was not as smooth for everyone, but it was flawless from my viewpoint.

As for dongles, adding one for my spouse's networked sewing machine software was a pain that included the shipping of a new dongle and fixes so it would recognize the key. Also, I was forced to always keep one USB bay tied up with the security key dongle. I can only imagine the fun of having more than one dongle!

Microsoft's WGA process is fine by me. However, if dongles were easy to distribute and could not be counterfeited, then I suppose that would be even better.

I agree with you regarding the dongle. I'm personally sick and tired of "others" accessing my computer for ANY reason. It's mine, I paid for it, stay the h*ll out! No cookies, auto updates or copy protection!

I really have no objection to a periodic ping of a license server by an expensive desktop application. Something along the lines of once every three months would seem right to me. But the lengths to which Microsoft goes to validate the "genuine-ness" of installed copies of Windows just exasperate me. It seems like every time I go to Microsoft Updates, I have to verify that I'm using a genuine copy of Windows XP. Why can't the verification of that fact be done once, and then left alone? I may change some piece of hardware -- for instance, the video card -- but is it really necessary to get re-verified once every month or so?

In short, I have nothing against copy protection, so long as it is something reasonable. I understand protecting intellectual property, but treating your customers like criminals sets a bad precedent. And things aren't getting any better in the short-term; if anything, they're getting worse. I guess we're ALL guilty of something.

I have a legitimate version of Windows, but I still don't like the idea of Microsoft pinging my computer to see if it's legitimate. Whose interpretation of legitimate are we using? I have XP at home and refuse to go to Vista at this time. Will Microsoft disable some of my features until I buy Vista?

What is a hacker? Is it someone that goes into someone else's personal computer and changes something? Is this not against the law? How many people have had their computer checked out by a technician because something was changed without their knowledge or consent? If Microsoft created software that allows someone to go in and change features in your software, how do we know if we were hacked by Microsoft or someone else? Ethically, something is very wrong here. No wonder Microsoft gets so much bad press and our computers can get hacked. Microsoft allows it.
-Anonymous, USA

Here's my 2 cents: Genuine Advantage/Software Activation is a pain in the least for business networks. A dongle for every networked PC would be impossible to make work. Seems to me if you're a business purchasing from one of the OEMs, you ought to be able to buy a Windows license that doesn't require activation. Does Microsoft (and now Adobe) really believe their corporate customers are a significant source of pirated software? I find it hard to believe and think it's more about greed. If I could, I would switch all our PCs to Linux and open source software -- or even Mac OS. Problem solved.

And finally, Stephen chimes in on the myriad versions of Windows Server 2008:

Microsoft is, to a degree, hamstrung by having to appease the EU and other "bundle watchers," but its overly complex OS versioning strategy is really starting to grate. I never thought I'd say it, but compared to Linux or Unix, Windows is becoming too complex at the highest level to understand what it is you should be buying. No wonder a lot of people are investigating open source alternatives more seriously today than in the past; it's making increasing sense to look at it and see where it could add some value. While Microsoft probably isn't losing sleep over this at the moment, it needs to watch out that it doesn't wake up in a few years wondering what it missed.

Got something to add? Share it with us! Send an e-mail to [email protected] or leave a comment below.

About the Author

Peter Varhol is the executive editor, reviews of Redmond magazine and has more than 20 years of experience as a software developer, software product manager and technology writer. He has graduate degrees in computer science and mathematics, and has taught both subjects at the university level.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus