Simon Willison’s Weblog

Subscribe

97 items tagged “microsoft”

2024

How Microsoft names threat actors (via) I’m finding Microsoft’s “naming taxonomy for threat actors” deeply amusing this morning. Charcoal Typhoon are associated with China, Crimson Sandstorm with Iran, Emerald Sleet with North Korea and Forest Blizzard with Russia. The weather pattern corresponds with the chosen country, then the adjective distinguishes different groups (I guess “Forest” is an adjective color). # 14th February 2024, 5:53 pm

Does GPT-2 Know Your Phone Number? (via) This report from Berkeley Artificial Intelligence Research in December 2020 showed GPT-3 outputting a full page of chapter 3 of Harry Potter and the Philosopher’s Stone—similar to how the recent suit from the New York Times against OpenAI and Microsoft demonstrates memorized news articles from that publication as outputs from GPT-4. # 8th January 2024, 5:26 am

Microsoft Research relicense Phi-2 as MIT (via) Phi-2 was already an interesting model—really strong results for its size—made available under a non-commercial research license. It just got significantly more interesting: Microsoft relicensed it as MIT open source. # 6th January 2024, 6:06 am

2023

Microsoft announces new Copilot Copyright Commitment for customers. Part of an interesting trend where some AI vendors are reassuring their paying customers by promising legal support in the face of future legal threats:

“As customers ask whether they can use Microsoft’s Copilot services and the output they generate without worrying about copyright claims, we are providing a straightforward answer: yes, you can, and if you are challenged on copyright grounds, we will assume responsibility for the potential legal risks involved.” # 31st October 2023, 3:35 pm

Bing: “I will not harm you unless you harm me first”

Last week, Microsoft announced the new AI-powered Bing: a search interface that incorporates a language model powered chatbot that can run searches for you and summarize the results, plus do all of the other fun things that engines like GPT-3 and ChatGPT have been demonstrating over the past few months: the ability to generate poetry, and jokes, and do creative writing, and so much more.

[... 4922 words]

2022

Microsoft Flight Simulator: WebAssembly (via) This is such a smart application of WebAssembly: it can now be used to write extensions for Microsoft Flight Simulator, which means you can run code from untrusted sources safely in a sandbox. I’m really looking forward to more of this kind of usage—I love the idea of finally having a robust sandbox for running things like plugins. # 24th November 2022, 2:08 am

Does Company ‘X’ have an Azure Active Directory Tenant? (via) Neat write-up from Shawn Tabrizi about looking up if a company has Active Directory single-sign-on configured (which is based on OpenID) by checking for an OpenID configuration endpoint. I particularly enjoyed this new-to-me trick: Google’s “I’m Feeling Lucky” search button redirects to the first result, which means it can double as an unofficial API endpoint for returning the URL of the first matching search result. # 1st October 2022, 8:15 pm

Microsoft® Open Source Software (OSS) Secure Supply Chain (SSC) Framework Simplified Requirements. This is really good: don’t get distracted by the acronyms, skip past the intro and head straight to the framework practices section, which talks about things like keeping copies of the packages you depend on, running scanners, tracking package updates and most importantly keeping an inventory of the open source packages you work so you can quickly respond to things like log4j.

I feel like I say this a lot these days, but if you had told teenage-me that Microsoft would be publishing genuinely useful non-FUD guides to open source supply chain security by 2022 I don’t think I would have believed you. # 6th August 2022, 4:49 pm

Visual Studio Code: Development Process (via) A detailed description of the development process used by VS Code: a 6-12 month high level roadmap, then month long iterations that each result in a new version that is shipped to users. Includes details of how the four weeks of each iteration are spent too. # 20th July 2022, 4:34 pm

2020

The open secret Jennings filled me in on is that OpenStreetMap (OSM) is now at the center of an unholy alliance of the world’s largest and wealthiest technology companies. The most valuable companies in the world are treating OSM as critical infrastructure for some of the most-used software ever written. The four companies in the inner circle— Facebook, Apple, Amazon, and Microsoft— have a combined market capitalization of over six trillion dollars.

Joe Morrison # 20th November 2020, 9:11 pm

2019

Monaco Editor. VS Code is MIT licensed and built on top of Electron. I thought “huh, I wonder if I could run the editor component embedded in a web app”—and it turns out Microsoft have already extracted out the code editor component into an open source JavaScript package called Monaco. Looks very slick, though sadly it’s not supported in mobile browsers. # 21st May 2019, 8:47 pm

2013

What is the real risk of pirating Microsoft software as a startup business vs an individual user?

I agree with David S. Rose—integrity matters. Look in to BizSpark.

[... 108 words]

2010

Google and Microsoft Cheat on Slow-Start. Should You? Fascinating optimisation tricks by some of the big websites, which violate the RFC governing the TCP slow-start algorithm in order to perform better in the common case. # 3rd December 2010, 7:03 pm

S.Korea ends Microsoft’s online shopping monopoly. The crazy rules mandating Active X based encryption for government and e-commerce sites have finally been dropped, after the Korea Communications Commission found them “unfit for a new Internet environment involving smartphones”. # 5th July 2010, 8:21 am

We all think of Java as a boring server-side language now, but the initial idea behind Java was that software developers could write applications in Java rather than writing them for Windows, and that those applications would work everywhere, thus defanging Microsoft’s desktop OS monopoly. Microsoft took various steps to prevent that from happening, but they lacked a tool like App Store that would enable them to just ban Java. Apple has that card to play, so they’re playing it.

Rafe Colburn # 10th April 2010, 6:42 pm

Internet Explorer Platform Preview Guide for Developers (via) Lots of SVG and CSS3 stuff, no mention of canvas here either though. # 16th March 2010, 6:36 pm

An Early Look At IE9 for Developers (via) Surprisingly, no mention of SVG or canvas and only a note in passing about HTML 5. # 16th March 2010, 6:11 pm

2009

Negative Cashback from Bing Cashback (via) Some online stores show you a higher price if you click through from Bing—and set a cookie that continues to show you the higher price for the next three months. It’s unclear if this is Bing’s fault—comments on Hacker News report that Google Shopping sometimes suffers from the same problem (POST UPDATED: I originally blamed Bing for this). # 23rd November 2009, 9:24 pm

IE 6 and 7 hit by hack attack code. IE6 and 7 have what looks like a buffer overflow vulnerability caused by a strange intersection of CSS, innerHTML and large JavaScript arrays. No exploits in the wild yet but it’s only a matter of time. # 22nd November 2009, 3:38 pm

Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea. # 22nd November 2009, 3:34 pm

Look at Sony, or Microsoft, or Google, or anyone. They still don’t get it. They’re still out there talking about chips, or features, or whatever. Or now they’re all hot for design. But they think design means making pretty objects. It doesn’t. It means making a system of pieces that all work together seamlessly. It’s not about calling attention to the technology. It’s about making the technology invisible.

Fake Steve Jobs # 28th September 2009, 10:40 pm

Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.

Microsoft spokesperson # 24th September 2009, 4:49 pm

Microsoft backs long life for IE6. Oh FFS... “The software giant said it would support IE6 until 2014—four years beyond the original deadline.” # 14th August 2009, 2:53 pm

Farewell to Mashup Editor. It’s not just Microsoft Popfly that’s shutting down—Google Mashup Editor will be gone in four weeks time (this was announced in January). You get to keep your code, but I don’t know enough about Mashup Editor to know if the code is usable once the system has shut down. # 17th July 2009, 1:05 pm

Popfly Shutting Down. Yet another reminder that building stuff on a closed-source platform (especially a hosted service) is risky business, even from a vendor as large as Microsoft. This certainly won’t help them make the case for Azure. # 17th July 2009, 9:32 am

Microsoft was slowing development of new versions of Internet Explorer in the hope that Web-based applications would not be able to compete with Windows applications, and Windows applications would keep people locked in to the Windows operating system. Thus XHTML2 was developed with no expectation that the leading Web browser would ever implement it.

David Baron # 8th July 2009, 8:30 pm

From Microsoft: C# and CLI under the Community Promise. Microsoft’s assurance that it won’t “assert its Necessary Claims” against alternative (including open source) implementations of the ECMA C# and CLR specifications. The promise doesn’t cover implementations of .NET, WinForms etc- so the Mono team have announced they will be splitting their project in to two packages—a safe, ECMA based package and a package containing everything else. # 7th July 2009, 11:15 am

And that is why, in 2009, when developing in Microsoft .NET 3.5 for ASP.NET MVC 1.0 on a Windows 7 system, you cannot include /com\d(\..*)?, /lpt\d(\..*)?, /con(\..*)?, /aux(\..*)?, /prn(\..*)?, or /nul(\..*)? in any of your routes.

Benjamin Pollack # 12th June 2009, 11:48 pm

Let’s try to imagine what a Google Silverlight would have been. It would have been a fully open source product from Google, with a very liberal open source license (BSD or Apache). It would have all the technical specifications published openly. They would pledge to have the Silverlight VM interoperate with Javascript and HTML5. And a company like Zoho would have a ton of developers working on Google Silverlight based applications by now—as opposed to having exactly ZERO developers working on Microsoft Silverlight.

Sridhar Vembu # 7th June 2009, 11:32 am

Imminent Death of the Net Predicted. Well, maybe not, but the way Windows Vista deals with round-robin DNS A records (using a new IPv6 algorithm from RFC3484 backported to IPv4) means that domains that serve up multiple A records to load balance between data centres will find that the IP nearest to the 192.168.* range will get the vast majority of Vista traffic. # 5th March 2009, 9:50 am