Courtesy Gaston Hillar, DrDobbs.com
The new SDK enables you to stay in C++ when consuming REST services
Visual Studio 2013 includes the C++ REST SDK version 1.0, also known as Casablanca. This Microsoft open source project is evolving in CodePlex, and takes advantage of the new set of capabilities introduced in C++ 11 to simplify cloud-based coding with a modern, asynchronous, and multi-platform API design. In this first article in a two-part series on this C++ REST SDK, I explain how you can use this SDK to consume REST services. In the next article, I’ll show how to use the SDK to retrieve and send JSON documents.
Understanding C++ REST SDK Architecture
When you need the best performance, you usually evaluate going native, and C++ is one of the best options for doing so. Microsoft believes C++ is valuable in the cloud; and the company’s new C++ REST SDK enables developers to work with C++ to consume REST services and achieve both great performance and scalability. It allows you to stay in C++ when consuming REST services or developing other code closely related to the cloud.
If you use C++ to consume cloud services but you use a C-based and synchronous API with callbacks, you aren’t taking full advantage of the improvements included in the latest C++ versions. In addition, your code will be difficult to read and debug, and the synchronous API will make it difficult for you to create a responsive UI. Most modern Web APIs try to reduce unnecessary boilerplate and so offer asynchronous methods without the complexity of C-style callbacks.
For example, if you work with C++ 11 but you use it to make calls to a synchronous C-based API to make an HTTP
GET call, your productivity levels cannot even be compared to other programming languages such as C# or Python. Microsoft developed the C++ REST SDK on top of the Parallel Patterns Library (PPL), and leverages PPL’s task-based programming model. Whenever you perform an asynchronous operation with the C++ REST SDK, you are creating a new PPL task. To make the C++ REST SDK portable to Linux, Microsoft made the necessary portions of PPL run on Linux (and compile cleanly with GCC). Thus, the C++ REST SDK uses a concurrency runtime for C++ that relies heavily on C++ 11 features. Instead of working with callbacks, you can write elegant C++ 11 code that creates tasks and schedules other tasks to be executed when certain other tasks finish execution. If you have previous experience with PPL, you will find it easier to work with the C++ REST SDK.
The C++ REST SDK relies on the following four low-level stacks or APIs that ride on top of the services provided by the different operating system (see Figure 1):
- WinHTTP: also known as Microsoft Windows HTTP Services. It is a C-based HTTP client API.
- PPL (short for Parallel Patterns Library): the programming model for composing asynchronous operations. The C++ REST SDK uses WinHTTP on different Windows versions.
- Boost.Asio: a cross-platform C++ library for network and low-level I/O programming that provides a consistent asynchronous model. The library uses a modern C++ approach. The C++ REST SDK uses Boost.Asio to manage communications on Linux.
- HTTP.sys: the Windows server-side API for HTTP. The C++ REST SDK uses HTTP.sys on different Windows versions.
Figure 1: The four low-level stacks used by the C++ REST SDK uses.
Courtesy Gregg Keizer, Computerworld
The security researcher who yesterday was awarded $100,000 by Microsoft spent about two weeks pondering, then demonstrating a new way to circumvent Windows’ defensive technologies.
In an interview today, James Forshaw, the head of vulnerability research at U.K.-based Context Information Security, described in the most general terms the work that resulted in the big bounty.
"When Microsoft announced the initial bounties, I first thought about the mitigations I wanted to go over." said Forshaw. "Windows has a lot of mitigating in place, so I started to brainstorm. I asked myself, ‘How would I do it [if I was a cyber criminal]?’"
From start to finish — from those brainstorming sessions to an exploit that proved his mitigation bypass approach worked — Forshaw said he spent about half a month on the project. "From my initial thought to a full working proof of concept was about two weeks," he said.
Forshaw stressed that the two weeks of solid work were atop the years he’s spent in information security, hammering home the point that winning submissions, whether for a bonus program like Microsoft’s or those that browser makers and other vendors run to collect details on specific vulnerabilities, almost always goes to very experienced, long-time researchers.
"This is not something that anyone’s done before, but then again, nothing is completely revolutionary," said Forshaw.
Microsoft echoed that yesterday. In a Tuesday blog post, Katie Moussouris, a senior security strategist with the Microsoft Security Response Center (MSRC), and the manager of the bounty programs, said that a Microsoft engineer had independently found a variant of the attack technique class that Forshaw reported.
"But James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty," wrote Moussouris.
Courtesy Adrian Bridgwater, Dr Dobbs
Open source route to automate tests across devices and browsers
NOTE: BrowserSwarm is a partnership between Microsoft, Sauce Labs, and appendTo — cloud-driven in its nature, BrowserSwarm is designed to help save time (and precious server resources) when setting-up multiple browser or device testing environments.
But, asks Microsoft, what if you’re a startup building a new framework?
"Testing is probably the last (but necessary) thing you want to do," writes Justin Garrett of Microsoft. "So — just like the free testing tools and resources on modern.IE that help developers of public-facing sites or line-of-business web apps — we are partnering on BrowserSwarm to help the developers that build stuff for developers — the framework authors. We want to help reduce the time spent testing frameworks (and the sites they service) so that developers have more time to innovate on the Web."
Courtesy Alex Wilhelm, TechCrunch
Microsoft wants to take your Apple product off your hands, today expanding its trade-in programs to allow owners of dated iPhone hardware to cash in their now-passé electronics.
If you own an iPhone 4S or 5 that is “gently used” and not much worse, Microsoft will offer you no less than $200 for it. The kicker? The funds come in the form of Microsoft Store credit, so you are trading in your Apple hardware for the chance to buy Microsoft goods.
What does Microsoft want? That you drop that iPhone off with them and wander out with a Surface 2 pre-order or a Lumia Windows Phone handset. Microsoft has cash and wants market share; this is a natural outgrowth of those two facts.
Microsoft also has in place a deal that will grant store credit for iPads. In short, if you have an Apple device that Microsoft competes with – recall that Microsoft doesn’t build PCs that are not tablet-based, through its Surface line – it wants to buy it from you and get you onto its own hardware.
In a way the move is ballsy: Microsoft is betting its own money that you will be content with its wares after a long stint on Apple silicon. And it is paying to make the wager. Precisely what Microsoft intends to do with all its accumulated Apple hardware remains opaque.
Microsoft is in the process of purchasing Nokia’s handset business, and recently announced new Surface hardware that replaces its first-generation attempts at OEM supremacy. Expect more moves like this to support Microsoft’s yet-nascent devices business.
Courtesy Adrian Bridgwater, DrDobbs.com
Bing’s Entity API key is "developer item of interest" in the newly opened Bing
What was always a search engine is now a developer platform. That’s how Microsoft wants us to now regard Bing after the company announced that it was opening up Bing’s Entity API along with programmer access to its speech capabilities.
Microsoft has also opened up developer channels to optical character recognition, and translation technologies The Maps API will now also move under the purview of the Bing Services.
NOTE: Bing developer services are restricted to Microsoft Windows environments including Windows 8 and the currently technical preview status Windows 8.1 release, with the Xbox platform also included.
The Entity API is probably the most interesting element of the new Bing services announced here.
Microsoft says the Bing Entity API previewed at Build 2013 allows developers to create applications that are aware of the things that surround us every day and build scenarios that augment users’ abilities to discover and interact with their world faster and more easily than they can do today.
According to the Microsoft developer blog, "The new services will focus on three broad categories of capabilities your applications can take advantage: services to bring entities and the world’s knowledge to your applications, services to enable your applications to deliver more natural and intuitive user experiences, and services which bring an awareness of the physical world into your applications."
Microsoft says that the new streamlined Bing Developer Center puts all the content programmers will need in one single location, with links to documentation, downloads, sample code, how-to’s, as well as links to partner blogs where you can find even more technical content.
"Being able to naturally converse with a device has long been a science fiction dream. The Bing Speech Control for Windows 8.1 showcases how users can interact with apps using their voice. While that control will be available in a few months, Bing’s Text-to-Speech (TTS) API for Windows 8.1 is available today. The API gives devices and applications a voice by allowing them to speak out loud to make user interactions more natural and intuitive," said the company.
Courtesy Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman andDominic Rushe,
Skype worked with intelligence agencies last year to allow Prism to collect video and audio conversations. Photograph: Patrick Sinkel/AP
Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI’s Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSAboasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI andCIA, with one NSA document describing the program as a "team sport".
The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.
In a statement, Microsoft said: "When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".
In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many majorinternet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSAoperative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communicationswithout a warrant if the target is a foreign national located overseas.
Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.
Microsoft’s latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."
But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.
The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.
The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.
Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats
A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."
Two months later, in February this year, Microsoft officially launched the Outlook.com portal.
Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.
The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".
The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."
The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’," it says.
Eight months before being bought by Microsoft, Skype joined the Prismprogram in February 2011.
According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.
The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."
ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."
The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.
The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".
The document continues: "The FBI and CIA then can request a copy ofPrism collection of any selector…" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"
In its statement to the Guardian, Microsoft said:
We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.
Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.
Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.
In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:
The articles describe court-ordered surveillance – and a US company’s efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.
They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."
• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prismcollection on or around July 2012.
Courtesy Peter Bright, ArsTechnica
Microsoft is set to end its TechNet subscription scheme. Started in 1998, TechNet subscriptions gave IT professionals perpetual licenses to Windows client and server operating systems. Though these licenses were technically only authorized for evaluation purposes, many used them as cheap Windows licenses for personal machines.
First reported by Ed Bott, Microsoft today e-mailed TechNet subscribers to inform them of the changes. Both new subscriptions and renewals will remain on sale until August 31, 2013, with activation of subscriptions supported until September 30, 2013. With most subscriptions lasting one year, TechNet subscriber downloads will cease to work on September 30, 2014.
For volume license customers, TechNet subscription benefits will be available for the duration of the volume license agreement.
In addition to illicit production use, there have been reports of TechNet license keys being sold without disclosing their evaluation nature, leaving their buyers unwittingly exposed in the case of a software audit.
To justify the change, Microsoft said that users wanting evaluation copies of its software had shifted to freely available time-limited trial copies. That caused a decline in usage of these paid evaluation licenses.