Normal tweet flow, without automatic location access.

The figure above shows a fresh tweet screen in Rowi. You can tap the add current location link to opt into Location API access and geo-tag a tweet. That part is okay. But after sending this tweet, Rowi “remembers” the decision and in new tweets automatically pulls your location data with no way to turn this off. So if you decide that Rowi is to no longer have access to your location data, you cannot opt-out. The only way to disable this behavior is to start a new tweet, tap the clear link after it pulls your location data, then send a tweet out to save your settings to disk.

Tweet flow after you send one geo-tagged tweet.
Note the location data was pre-populated.

This behavior is not aligned with Windows Phone Application policies, specifically 2.7.3 which clearly states:

Your application must provide in-application settings that allow the user to enable and disable your application’s access to and use of location from the Location Service API.

And when brought to Erik’s attention, he dismissed the issue claiming that tapping the clear link offers users the ability to send tweets without location data and that he “worked with marketplace team already on this exact issue” implying they OK’ed it. But what Erik fails to realize — or is choosing to ignore — is that I can’t hit the clear link until it runs its fingers through my location data. Against my will.

… but maybe he’s right. Things get a little muddied when you put this in the perspective of the app. The location data on the new tweet page isn’t being transmitted to Twitter at that time, therefore a case could be made around the fact that opt-in consent is not required per policy 2.7.4:

If your application publishes or makes available location data obtained from the Location Service API to any other service or other person (including advertising networks), your application must implement a method to obtain opt-in consent. [...]

Confused yet?

Now let’s be honest — there’s no real impact here. Rowi is a very trustworthy application and has a clear and succinct privacy policy. But I strongly believe something is wrong here. The user should have the final say in what privileges an application has and what rules they must follow. So I think Rowi needs a Location API master switch.

What do you think?

So, back in July of last year, Bing temporarily rolled out a version of their homepage featuring live tiles. Well, guess what — it’s back. The new style seems cleaner and features three distinct “live tiles” — Videos, Images, Trends — that update throughout the day. A fourth static tile, Search History, serves as a convenient area to view and repeat searches you’ve run in the past.

For those that prefer to stay with the simpler text-based bar, you can close the new Taskbar by clicking a simple arrow — just like minimizing, say, the Windows Explorer Ribbon in Windows 8.

So let’s start at the top. The WinX menu is a simple context menu that appears when you right-click the Start tip that appears when you squish the mouse into the lower-left corner of the screen. The purpose of the menu is not to act as a Start Menu replacement but rather as a springboard to perform advanced system functions that are slightly out of reach. For example, if you’re trying to kill a runaway system process, you will probably need quick access to Task Manager, an elevated Command Prompt, and perhaps Programs and Features to uninstall the culprit app. Launching those applications in succession via the Start Screen would be a pain in the rump.

The entries on the menu are driven by shortcut (.lnk) files present in each Group folder located at %LocalAppData%\Microsoft\Windows\WinX. But you can’t manipulate the shortcuts within or add new ones. That’s because at first invocation (e.g. a fresh boot), the menu scans for and only adds approved shortcuts. Why? Again, Microsoft doesn’t want this becoming another Start Menu or, worse, an icon landfill for installers a la Quick Launch back in Windows Vista.

But an argument could be made for that small sliver of folks who genuinely want to lightly extend the menu, perhaps with utilities such as Process Monitor and DebugView. So let’s talk about what makes an approved shortcut.

An approved shortcut – a moniker I made up – is a .lnk file that has the appropriate markings to indicate to Windows “Hey, I’m special.” The marking is a simple 4-byte hash of several pieces of information. From the .lnk itself, two points are collected:

• The link’s target application path/file (e.g. C:\Games\Minecraft.exe)
• The link’s target application arguments (e.g. –windowed)

The third ingredient is simply a hard-coded chunk of text, or a salt if you will, to keep things interesting. That string is, literally, “Do not prehash links.  This should only be done by the user.”

With these three strings in hand, Windows then glues them together, lowercases everything, and runs them through the HashData function. But you’re probably wondering at this point, what does it compare to?

Let’s shift our focus to .lnk files. We know them as shortcuts to things. But they’re officially called Shell Links and can store a lot of information on other data objects in Windows. More specifically, they support storing a structure of data called a PropertyStoreDataBlock that acts as a container for arbitrary string or numeric key/value pairs. Yep, the “WinX hash” is stored in here. If you’re curious, the key can be defined as such:

DEFINE_PROPERTYKEY(PKEY_WINX_HASH,
0xFB8D2D7B, 0x90D1, 0x4E34, 0xBF, 0×60, 0x6E, 0xAC, 0×09, 0×92, 0x2B, 0xBF, 0×02);

So to tie it all together, Windows – the Shell specifically – iterates through the .lnk files in each GroupN folder; opens them up; pulls out and concatenates the target path, args, and an arbitrary string; then finally hashes the result. This hash is then compared with the one stored in the .lnk to determine if it’s approved. Rinse and repeat.

If you’re interested in stuffing items into that menu, I wrote a tool to mark your shortcuts as approved. (The source code is on Github, if you’re interested.)

NOTE: The WinX menu doesn’t seem to handle architecture-dependent environment string expansion very well, so shortcuts to %ProgramFiles% may not work (e.g. Internet Explorer 64-bit). I suspect this is a WONTFIX given it’s not designed to work with your own shortcuts.

Update: I replaced the executable with a VS2010 compiled copy, sorry. The previous one would not execute on Windows 8 machines w/o Visual Studio 11 installed. (We don’t have a VC11 runtime redist. kit yet.)

So I was on Skype with Paul Paliath this evening and he was having a tough time with Adobe Photoshop on Windows 8. I inquired for details and he read off the error he was seeing. “Error: LoadLibrary failed with error 126: The specified module could not be found.”

Sound familiar? Yep. I had the same problem last week with Minecraft. The error isn’t specific to Minecraft or Photoshop. It’s simply a quirk with the latest AMD preview drivers and all OpenGL applications. If you, too, are having this issue download my simple .reg file and you’ll be error free.

For whatever reason, the AMD Catalyst Drivers for Windows 8 Consumer Preview are broken when it comes to 64-bit OpenGL; they’re missing a registry entry critical to its functionality. Specifically, whenever an application (like Minecraft using Java 64-bit) requests OpenGL access, AMD’s atig6pxx.dll kicks in. It then peeks inside HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 and loads the OpenGL component as specified by OpenGLVendorName (64-bit) or OpenGLVendorNameWow (32-bit).

While the bits are there, the 64-bit registry entry is missing completely. But wait, you can add it yourself, though! No reboot needed.

If you have any problems, email Long Zheng and he’ll route your complaint to me.

An Agave can appear in several forms: As a task pane (or sidebar), a block within your content, or as a popup that appears when its button is clicked.

A Task Pane Agave running in Microsoft Word “15”

Task Pane Agaves are available in Word, Excel, and Project. They live alongside your document or project and are analogous to the Metro snap feature present in Windows 8. They can default to a specific width and be floated, if desired.

Example: A thesaurus Agave that automatically suggested replacements for recently typed or highlighted words.

A Content Agave running in Microsoft Excel “15”

Content Agaves are available in both Word and Excel and integrate directly into your document or spreadsheet, similar to how OLE objects worked back in the ’90s. They can default to any width or height and be re-sized as needed.

Example: A third-party interactive charting Agave, tied to the data in the worksheet.

A Contextual Agave running in Microsoft Outlook “15″

Contextual Agaves show up in Outlook items, such as messages and appointments, and appear when the Agaves‘ conditions are met. They expand vertically as needed in the window where they’re activated.

Example: A Bing Maps Agave that displays driving directions to an upcoming meeting location.

• Windows Symbol Packages
• Standalone Windows SDK for Windows 8 Consumer Preview

So, AMD made a boo-boo in the creation of the driver’s catalog (.cat) file for their Windows 8 Preview Drivers breaking support for Windows 8 Consumer Preview users. Specifically, they incorrectly hashed their driver INF file — or correctly hashed it but tampered with it later — causing Windows to choke.

No big deal. I went ahead and resigned their drivers with my certificate. For those who want to give these drivers a proper evaulation, feel free to grab a new .cat file for your platform (x86 untested / x64).

Some hand-holding steps below:

1. Open \AMD\AMD_Display_Driver_Win8_Preview\Packages\Drivers\Display
2. Open W7_INF (32-bit) or W76A_INF (64-bit)
3. Drop in new .cat file (see above links)
4. Install the driver as normal, via Device Manager

Maybe you’ll like this sooo much, you’ll consider reading this post too.

While I welcome the squared-off corners and identifying application icon in the upper-left corner, my brain revolts at the idea of having to parse a bunch of blue text links. It preferred it the old way, where it could easily discern between text-you-should-ignore and buttons-to-gtfo.

Buried within the about screen of the Internet Explorer 10 Consumer Preview is a small checkbox labeled “Install new versions automatically”. While there’s no official documentation (yet) on what this switch does, it appears to allow opt-out of non-critical IE updates that hit Windows Update. The switch is on by default in the Windows 8 Consumer Preview.

New and refreshed multimedia codecs

Media aficionados will be pleased with the inclusion of a new Dolby Digital (AC3) encoder, presumably to be bundled with premium SKUs of Windows 8 at ship time later this year. The MPEG2 video encoder/decoder and AC3 decoder weren’t ignored either, with both receiving some polish raising both version numbers to 3.

Expiration pushed into 2013

With the Windows 8 Developer Preview expiring soon (March 11, 2012 23:59:59), it comes as no surprise that the Windows 8 Consumer Preview pushes this target back a bit. But for if you want to set your calendar now, put a red sticker on 23:59:59 on January 15, 2013. (Or as readers point out, you can extend your Developer Preview date via an update. But you don’t really want to do that.)

New Office Web Extensions

Like extensions in your favorite web browser, you’ll be able to write and use add-ons that extend the Office UI. These extensions will be HTML and XML-based and be plugged into a Web Extension Framework. Office Web Extensions will have the ability to show custom UI in task panes and content areas; integrate into the dictionary; and have the ability to target specific form factors such as the PC, tablet, and phone.

Lync to embrace H.264 standard

Current versions of Lync require that you use Microsoft’s proprietary Real-Time Video (RTV) codec. Lync “15”, however, will support the sending and receipt of H.264 encoded video, with some nice server-side additions such as Simulcast support. (This, for example, lets organizations transmit higher quality video to local desktops while sending lower quality video to mobile devices.)

Word can “broadcast” too

Office 2010 introduced the ability to broadcast Powerpoint presentations quickly and easily over the Internet. Office “15” will now bring this functionality to Word – both on the web (Web App) and PC, confirming a previous report on The Verge.

Make nicer timelines with Excel

At some point, you’ve probably had the need to visualize data in timeline form using Excel, but gave up due to the amount of work involved. Excel “15” will now feature Timeline views that plug into PivotTables, charts, etc.

The Windows Server Application Certification Program has released the finalized requirements to validate your software’s compatibility with Windows Server "8" beta.

[…] The majority of applications that currently run on Windows Server 2008 and Windows Server 2008 R2 should work on Windows Server “8” Beta with no changes. Those applications which do not run on Windows Server “8” Beta may:

• Run with the help of a Compatibility Layer (a setting which provides some Windows Server 2003 and Windows Server 2008 functions to the application)
• Run with the help of an Elevation Layer (a setting which runs the application with Administrator privileges)
• Make code changes to enable it to run on Windows Server “8” Beta through a product update

In conjunction with the documentation release is a new Windows Server App Certification Kit, although it requires you to be running the Windows 8 Consumer Preview or Windows Server 8 Beta (i.e. useless at the moment).

Unfortunately, the refreshing of these products will cost me $1400 and I’m looking for a little help to offset that. After some number crunching, I discovered that if just over half (56%) of my followers on Twitter pitched in a mere 50 cents – less than the cost of an app on your phone – I’d be completely covered this year!

If you’re interested in helping out, simply click the two quarters below.

(Update: Thanks for all the donations, this run is over. Super super appreciated.)

Thanks!

]]> http://www.withinwindows.com/2012/02/23/my-diamond-pickaxe-is-in-the-red/feed/ 22 http://www.withinwindows.com/2012/02/23/my-diamond-pickaxe-is-in-the-red/ http://feedproxy.google.com/~r/WithinWindows/~3/LE22XTac0Qk/ http://www.withinwindows.com/2012/02/12/daemon-tools-is-cataloging-all-your-disc-images-without-permission/#comments Sun, 12 Feb 2012 23:57:11 +0000 Rafael http://www.withinwindows.com/?p=2695 So after launching Daemon Tools Lite today, I noticed a new pane on the right labeled MountSpace. Turns out, it’s a cute little service that shows the top games and applications that folks are mounting and using in Daemon Tools. And to deliver that experience, Daemon Tools hashes every image you mount and sends it to MountSpace servers with or without permission. Combined with your IP address, and probably more, it doesn’t take a genius to realize this is a huge privacy issue.

Thinking I missed something, I went ahead and re-installed Daemon Tools. Sure enough, a MountSpace related dialog appears.

Several problems:

1. The Daemon Tools Lite EULA only mentions the word “privacy” twice, both in irrelevant contexts. In fact, the EULA appears truncated.
2. Selecting “Don’t allow MountSpace to use my mount statistics” here doesn’t actually turn off MountSpace.
3. MountSpace doesn’t have a real privacy policy.

While MountSpace could argue that selecting the latter option here would simply flag your data for deletion server-side, there’s no way to validate they’ll actually follow through. So as a workaround, I recommend everyone block 212.117.184.51 and 212.117.185.149 in their firewalls, until the matter is clarified. Windows 8’s native ISO mounting couldn’t come quicker.

You can find already sent/received cached data in %AppData%\DAEMON Tools Lite\ImageInfoCache.

–

Update: A Daemon Tools administrator claims my information is false in their forums. I tried explaining but my post on their forum was delayed, then edited down. I queued up a reply, just waiting to get through the moderation queue again.

Also, popular German magazine CHIP picked up on the post. Of course, they didn’t attribute me at all.

In response to some reader mail I received, I purchased a Bluetooth A2DP-capable wireless headset – the Motorola S10-HD – to test on a Windows Phone. Pairing with the device worked great. Crystal Method sounded okay. (PCMag slammed them in this area, though.) It transmitted my voice enough for Paul Paliath to hear me. And it sported a standard mini-USB port for charging.  I couldn’t be happier. But to my immediate disappointment, the headset just wasn’t compatible with glasses at all. The hard plastic on hard plastic on skin combination wasn’t a winning one and breaking out the contacts was not an acceptable workaround. So I rate this headset: “dead to me”.

What alternatives do you recommend?

I wasn’t successful in creating that dream backup application this time around, but as Buckminster Fuller once said: “There is no such thing as a failed experiment, only experiments with unexpected outcomes”.

So what happened? I made some assumptions that weren’t in fact true. This left me poking, prodding, and fighting Windows Phone’s OMA Client Provisioning layer all night. (I totally get why the XDA Developers folks keep playing with this stuff now.)

Here are some technical notes in no real order:

My ARM7i compiled DLLs worked nicely. Hurray for miracles.

Using Samsung’s LaunchExe function was pretty simple, for bouncing out of Least Privileged Chamber (LPC).

Rapiconfig.exe, the configuration tool that executes provisioning XML, blows. By blows, I mean it’s poorly written and requires certain stars and planets to be aligned in a particular manner to work correctly. For example, I wasted hours trying to feed it valid XML to later learn from XDA’s Heathcliff74 that provisioning XML must be in Unicode (UTF-16). Never mind the actual encoding specified in the XML header or using a proper damn XML parser. Also, the attribute and element values are all case-sensitive. God only knows what would happen if you introduce a single blank line.

According to MSDN/Technet documentation for both WM6 and Windows Embedded Compact 7 – of which Windows Phone is supposedly built upon – the provisioning magic on the phone supports a parameter name of "SelfRegister”. This was supposed to tell the OS that I want to (COM) register my library. This should have then triggered a call into DllRegisterServer, executing my code. I tried this with both TCB signed and unsigned code to no avail. Maybe I screwed something up here? I suspect this is broken for valid security reasons.

My phone is very unstable. At times, simple things like COM registration were failing with security errors. And at one time I was able to deploy XAPs with my phone locked. Scary. Reboots fixed all these issues temporarily.

This homebrew backup application should allow me to backup Marketplace-derived applications, allowing them to be transferred to another device. Given the little time I’m giving myself to get this done, I’ve simplified my requirements to the following:

• Must support backup of Marketplace-derived apps. (e.g. Plants vs. Zombies save state)
• Must use sockets for easy PC<->Phone communication. Fishing crap out of Isolated Storage manually is unacceptable.
• Must work on my Samsung Focus (v1.3) devices running Mango.
• Must succeed in using saved app. state on restore target.

If I succeed, I will release the XAP and any information needed to use it/further development. Future posts will cover progress milestones as I reach them, so stay tuned.

You can hang out with me on Freenode IRC, if you’d like.

Here’s some of the more interesting requirements.

5-point digitizers
Microsoft requires that Windows 8 touch PCs use digitizers supporting a minimum of 5 touch points. Yep, you no longer have to hunt down information to answer that question: “Hey, does this thing do multi-touch?”. This requirement ensures your Windows 8 certified PC supports at least a hand of fingers on the screen, for all those gestures and finger-painting activities.

“Hey Windows 8, this is HP TouchSmart… you win.” (Even the newest HP TouchSmart only works with two touch points.)

NFC “touch marks”
Microsoft requires that Windows 8 PCs featuring NFC technology have “touch marks”. This one is a no brainer – A PC, likely a tablet or slate, must have a sticker or similar signage indicating where another NFC capable device can mate with it. I bring this up because we’re not used to NFC being visible in this manner. Today, NFC is available in Google’s new Galaxy Nexus phone for the most part. To invoke it, you presumably start a supportive application and mash it onto a NFC reader, moving it around until it beeps. With a larger form factor, however, knowing where the sensor is physically located becomes crucial to avoid Neanderthal-like clashing of tablets.

Hardware buttons
Microsoft requires that Windows 8 tablet/convertible PCs have 5 hardware buttons. Not three; not six. Five. Those buttons are:

• Power
• Rotation lock
• Windows Key
• Volume up
• Volume down

The Windows Key will be at least 10.5 mm in diameter and be sported in any number of shapes (e.g. circular, rectangular, square).

New button combo for CTRL + ALT + DEL
Microsoft requires that Windows 8 PCs joined to a domain and without keyboards implement new Ctrl+Alt-Del sequence. While the on-screen keyboard remains an option for logging into a domain-joined PC, the quicker (and new) option is to press Windows Key + Power.

Minimum component set for tablets and convertible PCs
Microsoft requires that Windows 8 tablet/convertible PCs feature a minimum set of components. Requiring partners to install a baseline set of components isn’t new, but we can now begin to drool over what future Windows 8 tablets/convertible PCs will look like. Here’s what a bare minimum Windows 8 tablet would look like:

• Storage: At least 10gb free space after the out-of-box experience completes
• System firmware: UEFI
• Networking: WLAN and Bluetooth 4.0 + LE (low energy)
• Graphics: Direct3D 10 device w/ WDDM 1.2 driver
• Resolution: 1366×768
• Touch support: At least 5 touch points, must pass all tests
• Camera: 720p
• Ambient Light Sensor: 1-30k lux capable w/ dynamic range of 5-60K
• Magnetometer
• Accelerometer: 3 axes w/ data rates >= 50Hz
• Gyroscope
• USB 2.0: At least one controller and exposed port
• Speakers

No reboot driver upgrades
Microsoft requires that Windows 8 PCs support no-reboot upgrade of graphic card drivers. Finally. While Windows Vista has supported reboot-less upgrades of WDDM drivers, enforcing that requirement was hard with unified driver sets containing both XDDM and WDDM drivers mixed in. With XDDM drivers gone in Windows 8, however, enforcement is easy and should be welcomed by users and gaming enthusiasts with wide open arms.

2 second resume … but not for ARM
Microsoft doesn’t require that Windows 8 ARM PCs resume in two seconds or less … only Intel-compatible Windows 8 PCs have this requirement. And yes, the two seconds max for Standby (S3) to “resume complete” requirement was in place since Windows 7. But I suspect ARM doesn’t come with this requirement because of architecture implementation volatility or, more likely, that Microsoft simply doesn’t yet have enough data in this space. As ARM improves and matures as a Windows host, I suspect we’ll see this requirement pop up in a future release.

Windows 8 Build 8175 – Start screen Personalization applet (© The Verge)

Back in September, I dissected the new Start UI in Windows 8 and wrote that readers should expect a new personalization UI. Well, it’s official! The Verge, today, uploaded some photos of a newer Windows 8 build running at CES, with a shot of the new Personalize applet amongst them. As suspected, Microsoft is offering users the option of customizing the background color and image, with limited options. Before you balk at the idea of only having 9 colors and 8 parallax background images to choose from, think about usability.

I’m not a UI designer or usability guru but you don’t need to be one to picture the hell that would ensue if a user set their background color to a bright orange. (If you can’t, I provided an example above.) The tile, as you can see, immediately loses its depth (due to the background image being impossible to see) and becomes difficult to retrieve information from.

Limitations have been imposed on the background image as well, for similar reasons. While my example isn’t great, you can kinda picture the problem. The left image has a square-based motif that slowly pans left or right, depending on swipe direction. This creates the illusion of depth. The image on the right, however, uses a custom horizontal gradient that creates infinitely reaching bars. As the user swipes left or right, the bars would remain unchanged in appearance. The effect would be lost.

While the customization community would lead you to believe they know what they’re doing and prefer unfettered customization access, the reality is Microsoft knows what’s better for all of us. If you insist on having that access, however, I’m sure desktop customization king Stardock will have something to play with soon enough.

The Next Web published a follow up post re: the situation. It isn’t corrective in any way, but I got the gist of what Alex was trying to say: “I fucked up, sorry man.”

I hope I don’t get removed from the holiday card mailing list.

“Thank you note for every language” 
© woodleywonderworks

[1] ChevronWP7 Labs enters the New Year with 10,000 token sales under our belt. Hooah! ^RR

[2] Our agreement with Microsoft was to sell no more than 10,000 tokens, hence "sold out". We’re discussing if we want to up that number. ^RR

The use of our and we were references to “the ChevronWP7 team”, i.e. Chris Walsh, Long Zheng, and myself. I mean, the tweet did come from the ChevronWP7 account after all. Here’s how I designed it to be read:

We [the team] are still discussing if we [the team] want to up this number.

Here’s how it was interpreted:

MICROSOFT HATES THE WORLD; MICROSOFT IS SHUTTING DOWN CHEVRONWP7; THEY DENIED THEM TOKENS!!!!11111

Microsoft isn’t involved in our discussion yet. And they can’t provide us with more unlocks because we haven’t asked yet. If we do request more, we’re sure Microsoft will respond positively – as they have in the past.

What frustrates me is that I know and like these guys personally, but corners were cut and no fact checking was performed. Despite being only a Skype call/KiK/email/IM away, no one bothered to contact me or anyone on the team.

Now I’m stuck with cleaning up the mess.