Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Telemetry in "hello world" MS C++ 2015
50 views
Skip to first unread message
Melzzzzz
Jun 10, 2016, 6:43:16 PM6/10/16
to
Rick C. Hodgin
Jun 10, 2016, 8:40:25 PM6/10/16
to
Melzzzzz wrote:
> https://yro.slashdot.org/story/16/06/10/1350245/visual-studio-2015-c-compiler-secretly-inserts-telemetry-code-into-binaries
Why is it in there? What's it doing? Internet activity? Or just
local info for app analysis at runtime? One of VS2015's features
is an app analysis ability. Is that what this is?
Best regards,
Rick C. Hodgin
> https://yro.slashdot.org/story/16/06/10/1350245/visual-studio-2015-c-compiler-secretly-inserts-telemetry-code-into-binaries
Why is it in there? What's it doing? Internet activity? Or just
local info for app analysis at runtime? One of VS2015's features
is an app analysis ability. Is that what this is?
Best regards,
Rick C. Hodgin
Jerry Stuckle
Jun 10, 2016, 9:21:06 PM6/10/16
to
could be, for instance, trying to track the commercial use of a
educational or other non-commercial use of their compiler.
But this brings up a very important point (one which I saw back in the
90's but hasn't been followed up in much). We all trust our compilers
and libraries not to add extra code. But is this trust misplaced?
I have no answer to the question. It's just something that is worth
though. And it is true in any language - not just C++. So I guess it's
really more of a meta-question.
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstu...@attglobal.net
==================
Alf P. Steinbach
Jun 11, 2016, 5:32:40 AM6/11/16
to
But such nefarious opt-out obscure functionality is multi-purpose.
Microsoft has a long history of doing things like this. In the 16-bit
Windows days (early 1990s) there was the simple xor-encrypted and
self-modifying obscure code that checked which version of DOS Windows
was running in, known as the AARD code after it was discovered. It was
present but not enabled in the final release of Windows 3.1, much like
the code in question now seems to be present but not yet enabled. The
AARD code produced a cryptic and intentionally misleading error message
if Windows was running on DR DOS or some other vendor's DOS instead of
MS-DOS. The intention is known because of internal memos uncovered
during later anti-thrust litigation, where, quoting ¹the Wikipedia
article about it, “Microsoft Senior Vice President Brad Silverberg later
sent another memo, stating: "What the [user] is supposed to do is feel
uncomfortable, and when he has bugs, suspect that the problem is DR-DOS
and then go out to buy MS-DOS."”.
Cheers!,
- Alf
¹ https://en.wikipedia.org/wiki/AARD_code
Alain Ketterlin
Jun 12, 2016, 5:46:49 AM6/12/16
to
Jerry Stuckle <jstu...@attglobal.net> writes:
>>> https://yro.slashdot.org/story/16/06/10/1350245/visual-studio-2015-c-compiler-secretly-inserts-telemetry-code-into-binaries
[...]
attack", described at http://c2.com/cgi/wiki?TheKenThompsonHack
Ken Thompson notes ("Reflections on Trusting Trust" are available from
http://dl.acm.org/citation.cfm?id=358210 (or
http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)
-- Alain.
>>> https://yro.slashdot.org/story/16/06/10/1350245/visual-studio-2015-c-compiler-secretly-inserts-telemetry-code-into-binaries
[...]
> But this brings up a very important point (one which I saw back in the
> 90's but hasn't been followed up in much). We all trust our compilers
> and libraries not to add extra code. But is this trust misplaced?
One of the comments on the slashdot page refers to "the Ken Thompson
> 90's but hasn't been followed up in much). We all trust our compilers
> and libraries not to add extra code. But is this trust misplaced?
attack", described at http://c2.com/cgi/wiki?TheKenThompsonHack
Ken Thompson notes ("Reflections on Trusting Trust" are available from
http://dl.acm.org/citation.cfm?id=358210 (or
http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)
-- Alain.
0 new messages