
How to get people who installed a leaked build to stop using that build? - runesoerensen
https://blogs.msdn.microsoft.com/oldnewthing/20160906-00/?p=94255
======
yongjik
Heh, sounds much better than my previous employer's way of occasionally
sending company-wide emails along the line of "The employee who was
responsible for the XXX leak was found and terminated. We remind you that
leaks damage our culture and make it difficult to share ideas inside the
company."

For some reason such emails made me feel like I was inside a tech cult. Guess
my culture fit wasn't good enough...

Well, to be fair, I guess MS also utilizes these emails _in addition to_
reverse psychology...

~~~
hota_mazi
Sounds like standard business practice to me.

If you can't understand basic instructions such as not leaking internal,
confidential info, you deserve to be fired.

~~~
derefr
Oh, sure; I think the parent commenter's point was in thinking that _emailing
everyone_ about the termination of the leaker served as any sort of deterrence
mechanism for people's _use_ of the leaked build.

~~~
yongjik
Well, emails are not exactly deterrence against people using the leaked
"build": being an internet service company, that part is usually achieved by
shutting down the server.

Emails are supposed to be deterrence against further leaks by reinforcing the
"company culture". (Whether they work, I have no idea.)

------
nchelluri
Man, I hope whoever thought of that got rewarded accordingly. What a
surprising fix. Nice combination of low-tech/low-effort and creative.

I guess this sort of thing wouldn't happen today with the always-connected,
always-phoning-home world we live in.

------
ryukafalz
>And there are some legal issues that are tied to the date a feature first
becomes available to the public. Seeing a feature go public prematurely throws
a bunch of scheduling into disarray because you now have to finish those legal
documents in less time than you planned.

As someone who's never worked for a company that produces commercial software,
I'm curious about what he's referring to.

~~~
monochromatic
Might be considered a public disclosure for purposes of patenting the feature.

~~~
cududa
This is accurate. A leak still constitutes a public disclosure (I use to help
track down leaked builds of Windows)

~~~
abraae
I hope that's not true.

Surely if the "leak" is the result of an employee acting unlawfully, i.e.
maliciously leaking their employer's intellectual property in contravention of
their employment agreement, then the leak does not constitute a disclosure.

If it did, then IP-based organisations would have an absurd level of exposure
to the bad actions of any employee, and would have to impose equally absurd
security measures - cavity searches at the exits, anyone? - on every employee
with access to IP.

------
douche
I'm so glad that Raymond Chen is writing all of these stories down.

~~~
prplhaz4
Apparently there's a book of his anecdotes available for those who'd like to
read more...

[https://www.amazon.com/gp/product/0321440307](https://www.amazon.com/gp/product/0321440307)

~~~
voltagex_
>Addison-Wesley Professional; 1 edition (January 6, 2007)

Although most of the anecdotes are historical, I hope he releases an updated
version one day. There's so much computing history contained in his blog.

------
kazinator
How about: have a really cheesy wallpapers in the pre-release builds which
conveys the message (perhaps with explicit text right in the wallpaper image)
that this is not a released build. Also, how about making not-released builds
simply expire. The build should know that nobody ought to run it past a
certain date. (If such operation is needed internally, it can be rigged with
an extension mechanism built into the expiry.)

~~~
soylentcola
Isn't that the thought behind the watermarks they've had since Win7-ish? I
remember messing with beta builds and reading about people using them (again,
to avoid paying for it for a bit as mentioned in another comment) and jumping
through all sorts of hoops to disable or hide the watermark - aside from
buying a license of course.

There's probably a point at which any more effort put into carrots (new
features or wallpapers on official builds) and sticks (nag screens,
watermarks, expirations, etc on old builds) just becomes more trouble than
it's worth.

I like trying out leaked builds of programs or OSes as much as the next bored
nerd but I can't imagine ever running something as primary OS on any machine I
count on for anything. That stuff is for old computers that aren't being used
or VMs.

~~~
AstralStorm
Expiration has an additional positive effect in that it prevents use of the
buggy builds and is also relatively easy to implement, especially when the
prerelease build can phone home.

------
zoffix222
The article mentions none of the evidence this strategy actually worked at
all. Is it all just conjecture or are there more articles/evidence supporting
this technique?

~~~
andrewbarba
Oh c'mon not everything on this site has to be riddled with statistics,
trials, and evidence of something working. The article gave me a chuckle, and
plays on our instinct to gravitate to shiny new things. I think all we need to
take from this is not every technical problem needs a technical solution.
Understanding your audience, in any product, is crucial; use it to your
advantage however you can.

~~~
patmcguire
Where is the empirical evidence of a mother's love? Have you sent a PR for the
joy of playing with a puppy in sunshine?

~~~
sinxoveretothex
> Where is the empirical evidence of a mother's love?

Everywhere? When they care for you when you're sick, drive you to sports
practice, clean up after you and what not?

~~~
bigiain
But how do you know they're not just doing all that for the old age care and
retirement benefits?</snark>

~~~
sinxoveretothex
Because there are absurdly rich parents who still show love for their
children?

------
AdmiralAsshat
Seems like you could've achieved the end-goal by just warning of the danger
and coming across like their safety is your primary concern rather than
finding the leaks, i.e.:

"Build 97241 contains a potentially fatal bug that could wipe your computer.
If you are using Build 97241, please upgrade it to a more recent build or
otherwise cease using this build immediately. We do not care how you acquired
this build. We simply do not want you bricking your computer."

~~~
devopsproject
Have you ever taken a support phone call? Many people won't read a simple
error message, let alone a message that includes numbers and other "technical
mumbo jumbo"

customer: I'm trying print and it just says "error"

me: It just says error?

customer: yes

me: Are there any other words or error numbers?

customer: yeah, it says "No printers are installed. Add a printer and try
again"

me: _facepalm_

Their solution works because it communicates a lot while saying very little

~~~
cmdrfred
How many of those types of users stay abreast of the latest preview builds
from Microsoft?

~~~
Klathmon
Those with friends, family, or an IT worker that's a bit too clever with
saving money.

------
jedberg
In this thread: A bunch of people who clearly never installed an operating
system in the Time Before Automatic Internet Connections.

------
cmdrfred
I don't understand the logic here.

1\. Download a preview build because you want "the latest and greatest".

2\. Build is full of horrible bugs.

3\. Microsoft needs to employ psychological tricks to get you to download the
next preview build, as you cling to the previous one with both hands.

~~~
runesoerensen
There might be more reasons, but here is the author's answer to a similar
question:

 _The imperative is that these machines can screw up the network they are
connected to, so they’re affecting other machines. Generally, people don’t
look kindly when a Windows system starts screwing up a network._

[https://blogs.msdn.microsoft.com/oldnewthing/20160906-00/?p=...](https://blogs.msdn.microsoft.com/oldnewthing/20160906-00/?p=94255#comment-1263975)

------
aftbit
The modern version of this is to add a new emoji. Apple used that to push out
a major point fix in Yosemite.

------
AstralStorm
The other approach is to use time limited builds, like Google does with many
alpha and beta versions in their Android toolchain. After the timeout, force
the users to update or fully lock it down. With a nice message why it is
happening, of course.

Crackers will bypass any kind of protection or change anyway.

------
B1FF_PSUVM
Ah, psychology. Must be what the "OneDrive team" is using.

So you have all these people who bought Lumia phones, enjoying 30 GB of cloud
storage, 15 of them acquired with the phone purchase.

Cut it down to 5 GB with an announcement in a blog post, and watch the
customers leaving in droves.

Problem solved.

------
voltagex_
Seems like the "real" fix was the Windows Insider program. I'm still not sure
why (myself included) people do testing for Microsoft for free, though.

~~~
AstralStorm
Some people like to be the first to try out and talk about upcoming new
features and messups.

------
yandie
I work with big catalog data, and with lots of human input. We have these
internal classifications but people mis-assign items all the time.

I was horrified when I learned about the state of our datasets. The only
reliable features are the ones that are exposed to the customers on the
website, because when they're broken people can actually see them.

------
kelukelugames
What if MS made the wallpaper of the internal builds super ugly?

------
dudeitssunny
haha hats off to you MS.....except now I know your tricks.

------
shiggerino
Since those things are already so riddled with DRM, why not simply make the
internal builds phone home to an activation server that only allows IPs
assigned to Microsoft?

~~~
anyfoo
The story, like a lot of stories on the Old New Thing, appears to be from a
now faraway time (in Information Technology terms). Think Windows 95
timeframe.

They are practically always worth a read, by the way. I'm a huge fan of the
blog.

~~~
slipstream-
So, default wallpapers in early Windows 95 builds.

The first Preliminary Development Kit had an "Under Construction" wallpaper.
The second one had the same wallpaper but tiled. Beta 1 had a different "Under
Construction" wallpaper.

Of course, after PDK1 leaked far and wide, MS implemented some serial
protection in PDK2 up to beta 2 (different from the one in the RTM; however
the RTM's setup has remnants of it). Given that the leakers were involved with
the warez scene, however, the skilled reversers that the builds were passed to
easily found the backdoor that had been put in so that those on MS' internal
network didn't have to enter the serial, and just patched a few bytes in the
setup to abuse that.

The interesting part of this serial was that it was in two parts. One part was
the "beta site ID" and half of the "password"; if this was valid, but the
second half of the password wasn't, setup would appear to continue... until
the point it would copy files, upon which it errored out with a message
"General error 57, please contact your beta administrator".

This misdirection was discussed at the time, with some people believing the
error at face value. This continued with the foundation of communities to
preserve and discuss such builds several years onwards. The last half of the
password was the hex form of the first 16 bits of an MD4 hash (this code was
written in around autumn 1993!) of the beta site ID, the first half of the
password, and... a string inside the setup that was used as the titlebar text
for the error message, which would be something like "Microsoft Chicago
Preliminary Development Kit 2, November 1993".

This part of the serial algorithm was finally reverse engineered, and a key
generator made....in 2014.

Afterwards, some early Internet Explorer 4.0 builds were discovered. They used
the exact same serial algorithm as the early Windows 95 builds. And had the
exact same "MS internal" backdoor.

(Um, I think I may have just ruined one of Raymond Chen's future blog posts.)

------
awqrre
Microsoft forced millions to upgrade to Windows 10... it would be trivial to
force an upgrade to a different build...

~~~
rtkwe
Snark is easy but a lot of these stories are from long before the whole Win 10
upgrade and is explicitly from before Windows Insider which puts it at least
before 2014.

~~~
awqrre
But Windows Update is from way before all those stories... and if they needed
help figuring out how to upgrade an OS, they could have looked at Linux (which
I'm sure they did)...

~~~
rtkwe
Automatic updates started in about 2000ish and hard forced updates are even
newer iirc. Before that the best they could do is a notification which people
running a leaked build would probably ignore or not get at all, who knows what
the Windows Update infrastructure is like for internal builds that get leaked.

------
gwbas1c
Include a remotely-activated kill switch; and kill with plenty of warning.

What do I mean? I no longer use iPhone because I installed a beta iOS. When
the official build came out, I kept "checking for updates" but I never got an
update. One day, Apple remotely killed my phone.

Manually updating to the production iOS would be fine; but remotely disabling
my phone without warning was not acceptable. This is why I refuse to buy an
iPhone.

~~~
ihuman
Couldn't you just put it in restore mode and install the latest version from
iTunes, or manually download the IPSW from the internet and install it?

~~~
gol706
Once an iOS build expires, you can't take a backup, so you can do that to get
the phone working again, but you lose any un-backed up data on the device like
photos and app data. In the days before iCloud it was a huge pain.

~~~
cududa
Why didn't you just upgrade to the production build when it was released?

~~~
gol706
Can't speak for the OP, but in my case, I had it happen twice between beta 1
and beta 3 when I tried to skip beta 2 because I didn't care that much. It was
also an iPad that left upstairs and was too lazy to carry it downstairs to
update. Not a primary device, so all I lost was some progress in a few games,
but I can see how someone could have suffered the same fate with their main
phone and have lost a lot more.

------
fit2rule
This is such a Windows-person kind of solution. Come to think of it, I bet
that this is why its so easy to change the wallpaper in Windows.

~~~
monochromatic
What would the Mac-person or Linux-person solution look like?

~~~
tedunangst
The linux solution would provide a new mechanism to configure sound.

~~~
serge2k
Apple would issue a release saying "Don't do X. If you do X and it wipes your
computer then obviously you are using your computer wrong".

