Microsoft has tossed its hat into the increasingly crowded ring of code-anywhere developer tools with a private preview of Visual Studio Code Server.
The product follows the Remote Development extensions for Visual Studio Code, which permitted apps to be developed using a local copy of the IDE and a "remote" Windows Subsystem for Linux.
Running on machines managed over SSH followed a year later and most recently GitHub Codespaces and Visual Studio Code for the Web turned up.
While the latter two require surrender to the tender mercies of Microsoft or its code-shack GitHub, the release of Visual Studio Code Server (the backend service that makes the magic happen) means that you can pop the server on your developer workstation (or Virtual Machine in the cloud) and run it through the browser using Visual Studio Code for the Web without faffing around with SSH or HTTPS, "although you can do that if you want as well," Microsoft added.
It opens up the possibility of using a browser on a machine that does not enjoy native Visual Studio Code support, connected to a machine running Visual Studio Code Server.
But there are limitations. The private preview is fired up using code-server. Need something more (like installing extensions) and you'll need to fall back to the code CLI. You'll also be asked to accept the terms of a license agreement which permits Microsoft to receive telemetry data, but those using tools from Redmond likely know what they are signing up for.
There are also plenty of alternatives out there. Gitpod's OpenVSCode Server springs to mind, as does Coder's code-server (now up to version 4.5).
Overall, the private preview of Visual Studio Code Server is welcome, if a long time coming. It's also a little symptomatic of Microsoft's scatter-gun approach to developers as it seeks to leverage the esteem in which Visual Studio Code is held.
We now await the inevitable rebrand. Visual Studio Team Foundation Server (a quite different product) was renamed to Azure DevOps Server after all. It can only be a matter of time before something is plucked out of the ether for what looks like a very handy developer tool. ®
Microsoft has added the ability to edit code while in Visual Studio's All-In-One Search user interface.
The feature is included in Visual Studio 2022 17.3 Preview 2 and follows changes to search functionality in the development suite. At the start of the year, Microsoft introduced indexed Find in Files to speed up the already rapid searching (compared to Visual Studio 2019 at any rate).
The indexed Find in Files fired up a ServiceHub.IndexingService.exe process on solution load or folder open which scraped through the files to construct an index. Worries that the indexer would slug performance like certain other Microsoft indexing services were alleviated somewhat by the use of Below Normal operating system priority.
The stage is set for a courtroom showdown between Brit reseller ValueLicensing and Microsoft after a judge dismissed the Windows giant's latest appeal to toss the case about allegations of unfair licensing.
This follows an attempt by Microsoft to get its UK tentacle removed from the claim brought by ValueLicensing and shift the hearing to Ireland. In April, Mr Justice Picken disagreed and dismissed Microsoft's challenges. The company filed an appeal, which was refused by Lord Justice Males this week.
The reasons for the refusal were blunt. "This is not a case where Microsoft UK was merely a subsidiary, playing no role in the conduct alleged to be abusive," the order reads. "Rather, it is contended that it was itself active in implementing that conduct by marketing the licences containing the 'Impugned Terms'."
Microsoft cloud lieutenant Tom Keane is departing the megacorp where he has spent the past 21 years in various senior roles. He is heading for the exit a month after featuring in a report about the toxic culture among company execs.
Keane, a corporate Vice President at Microsoft, started out in the Consulting Services division in 2001 before becoming group engineering manager for the System Center and then taking on the same role for Office 365.
From late 2012 until November last year, Keane was Azure corporate veep and head of global infrastructure, industry clouds, and data sovereignty. He oversaw thousands of engineers, product managers, and data scientists overseeing Microsoft's datacenter estate internationally.
Microsoft has indefinitely postponed the date on which its Cloud Solution Providers (CSPs) will be required to sell software and services licences on new terms.
Those new terms are delivered under the banner of the New Commerce Experience (NCE). NCE is intended to make perpetual licences a thing of the past and prioritizes fixed-term subscriptions to cloudy products. Paying month-to-month is more expensive than signing up for longer-term deals under NCE, which also packs substantial price rises for many Microsoft products.
Channel-centric analyst firm Canalys unsurprisingly rates NCE as better for Microsoft than for customers or partners.
Microsoft's Azure cloud is having difficulty providing enough capacity to meet demand, according to some customers, with certain regions said to refusing new subscriptions for services.
Azure comprises over 200 datacenters globally spread across 60 regions, but reports suggest that over two dozen of these are operating with limited capacity, and that the cloud and IT giant is being forced to prioritize resources in order to serve existing customers.
According to technology news site The Information, capacity issues are affecting Azure datacenters in Washington State in the US as well as across Europe and Asia, and it claims that server capacity is expected to remain limited until early next year, citing a Microsoft insider.
The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.
In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.
"Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."
Microsoft appears set to roll back its decision to adopt a default stance of preventing macros sourced from the internet from running in Office unless given explicit permission.
The software giant announced the change in February 2022 with a post that explained how macros written with Visual Basic for Applications are powerful, but offer a way for criminals to drop malicious payloads onto the desktop.
The potential for such attacks is hardly new. The infamous Melissa virus rampaged across the world's mail servers in 1999 thanks to malicious macros embedded in a Word document. Things got worse over the years, so in 2016 Microsoft upped the ante with a tool that allowed admins to define when and where macros were allowed to run. Microsoft also stopped running macros without first asking users if they really wanted to do so.
Microsoft has created a window of time in which its partners can – without permission – create new roles for themselves in customers' Active Directory implementations.
Which sounds bonkers, so let's explain why Microsoft has even entertained the prospect.
To begin, remember that criminals have figured out that attacking IT service providers offers a great way to find many other targets. Evidence of that approach can be found in attacks on ConnectWise, SolarWinds, Kaseya and other vendors that provide software to IT service providers.
Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day.
The Windows giant uses the Chromium engine in its latest browser. As such, when something needs urgent fixing in Chrome, one can expect Edge to follow not far behind. For CVE-2022-2294 and CVE-2022-2295, a new version of Edge has been pushed out, taking the version number in the stable channel to 103.0.1264.49.
Most serious of the duo is CVE-2022-2294, a heap buffer overflow in the open-source real-time comms platform WebRTC, which, according to Google, is being actively exploited.
Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.
The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.
Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022