Microsoft News Tracker

Last week Microsoft announced a technology preview of Live Mesh, their platform for future Software plus Services applications, and as usual, they seemed to have a hard time explaining it:

As has become the norm with so many of its Software + Services products and strategies, Microsoft isn’t the best at coming up with a succinct Live Mesh definition. The closest I found (in a Live Mesh reviewer’s guide) was this: “Live Mesh is a ’software-plus-services’ platform and experience from Microsoft that enables PCs and other devices to ‘come alive’ by making them aware of each other through the Internet, enabling individuals and organizations to manage, access, and share their files and applications seamlessly on the Web and across their world of devices.” If I were in charge of defining Live Mesh, I think I’d go with “a Software + Services platform for synchronization and collaboration.”

That was Mary Jo Foley and sounds about right to me. If you want a detailed but crisp explanation of what was announced, I recommend Nate Mook’s rundown at BetaNews. If you would like the big picture, the tech pundits have been busy, but I’d offering the following.

Live Mesh is about creating a fixed point on the Web for a user to store, synchronize, and optionally share all his important information from all of his various intelligent devices including PC’s, smartphones, and whatever else comes down the pike. It’s very early days since the developer tooling isn’t ready and the synchronization isn’t even functional yet, but Microsoft hopes to get developers started looking at their platform.

If the vision is appealing, you can sign up to kick Live Mesh’s tires. If you want to be critical, there’s room for that too starting with the usage of the Web as a data "hub" and not a real application platform plus the perennial worry about just how open this supposedly open offering will truly be. In other words, it’s a typical Microsoft technology gambit and duly reflects their corporate perspectives and prejudices.

Over the last week there have been a number of reports of automated SQL injection attacks on Web sites running Microsoft’s flagship IIS Web server. The Washington Post’s Brian Krebs summarizes them nicely in Hundreds of Thousands of Microsoft Web Servers Hacked.

If there is any good news in this, it is that the server modifications so far only amount to the addition of a Javascript malware loader on site Web pages.  While this loader will infect unpatched browsers (and apparently RealPlayer and Yahoo Instant Messenger), the browser holes that it exploits are not new and patches have previously been made available. The status on RealPlayer and Yahoo IM is currently unclear.

It isn’t entirely clear whether there is actually a vulnerability in IIS or it’s just the usual problem of Web programmers not sanitizing user input, but Microsoft has issued a security advisory (951306) with workarounds.

Update: Microsoft’s Bill Sisk says that the problem is due to poor Web programming practices and not any IIS vulnerability and also that security advisory 951306 is for a different problem.

Steve Ballmer’s three week ultimatum to Yahoo’s board of directors to accept the Microsoft acquisition offer passed yesterday with no comment from Yahoo or specific action from Microsoft to carry out the threatened reduction of the offer amount and proxy fight. The next episode in this soap opera is expected early next week and predictions range from Microsoft withdrawing their offer to a full out hammer and tongs proxy battle. The most telling commentary however is likely the desire of Yahoo employees to take the money and Microsoft employees to forget about the whole thing.