Week 20 2017 - WannaCry; Microsoft Build

The first note after my holiday, and it’s a Microsoft one. I have a backlog of interesting news, but between WannaCry and Microsoft Build 2017 there was enough material.


It’s been in pretty much every news outlet and as far as last week’s news goes it’s therefore hard not to at least touch on this. In case you didn’t come across it, the short version is that a new ransomware was spread in the wild, using exploits that were taken from the NSA’s stockpile of such tools. The first instance was stopped relatively quickly when a security researcher discovered a built-in killswitch based on a domain that he then registered. Afterwards however, new versions of WannaCry1 were released without that killswitch.

While it’s generally easy to blame Microsoft for leaving these vulnerabilities, they actually patched it in the latest versions of Windows before the exploits were made public. In response to this they’ve now even made patches available for versions of Windows that are no longer supported. The main issue here in my2 opinion is that the NSA and other agencies have these exploits and don’t inform the software vendors about them.

Microsoft has called this out as well in a statement, and want to fight this behavior. I’m glad that they do so, as this only seems to be getting worse with hacks and leaks occurring everywhere. Which then also reminds me of last year, when the FBI demanded that Apple create a backdoor for iOS devices. Proponents of this believed that it would obviously be safe in the FBI’s hands, but that with the exploit leaks from both the CIA and NSA this was proven false.

I would usually say that I hope some sanity will prevail now concerning IT security, but considering the state of the government of the country where these exploits come from I have little hope of that.

Microsoft Build Databases

Keeping with Microsoft, but in a more positive light, let’s look at some of the things that came out of their Build conference which was also held last week. I’ll be ignoring the consumer focused announcements and just highlight some of the developer ones.

On the Azure side of things, there were several database related items. First of, they introduced both MySQL and Postgres within their managed database offering. To be honest here, I’m impressed they released both at the same time. On AWS Postgres always lagged behind a bit with introductions3 and earlier this year I wrote about Google adding the beta version to GCP. Of course, it was sorely missing as well and I’ll have to see it in practice before I can comment on the quality.

The second database feature however is more interesting from a technical perspective, though perhaps less likely to be used. Cosmos DB is a globally distributed NoSql database, meaning it can4 be available in all of Azure’s regions and keep in sync. Again, just based on the press releases you can never really tell how good something is5, but it sure sounds like something you could try out if it suits your requirements.

Microsoft Build Development

Aside from their focus on the cloud, Microsoft has done a lot recently with focusing on other platforms. This has resulted in several interesting announcements6.

Visual Studio for Mac is now available. Visual Studio Code has already been available for a while, but they’ve now brought the complete IDE over. While I generally prefer lighter weight development environments, I’ve heard many good things about Visual Studio so it’s probably worth giving a shot.

The other announcement that I really liked is that they’re going to be supporting other distro’s for their wonderfully named Windows Subsystem for Linux. WSL was announced at last year’s Build conference and released later. This system gives you access to an actual Linux system running locally, but you were limited to Ubuntu. Now you’ll be able to install several other distro’s as well and even have multiple running at the same time.

No doubt this can be useful to match your own preferences or needs. I do believe that if you want to replicate your production servers you’ll likely be better off with either a VM or Docker container, but for integration into the local machine this will work better.

  1. I’m confused about the exact name. I read WannaCry everywhere, except in some of Microsoft’s press releases. I’ll keep with WannaCry but if you prefer WannaCrypt just pretend I made a typo. [return]
  2. And many others’ [return]
  3. It’s been part of RDS for years, but it was only recently introduced for Aurora in beta. [return]
  4. Depending on how much you’re willing to pay of course. [return]
  5. Something I sometimes forget to point out when it sounds really exciting. [return]
  6. And no, I obviously don’t mean iTunes being available in the App Store. That piece of bloatware should be burned down and rebuilt into separate applications. [return]
Don't ignore new content! Get the latest by subscribing through RSS, Twitter, or email!
comments powered by Disqus