How to get people who installed a leaked build to stop using that build?


Back in the days before the Windows Insider Program, one of the problems that frustrated the product team was build leaks. These were builds not intended for public consumption, and their existence was pretty much all downside. The first impression the outside world got of a new feature was the buggy version, which was also probably quite ugly on top of being buggy. That is rarely a good first impression. The feature arrived without context; people often jumped to conclusions about what the intended purpose was. The team didn't get a chance to talk to partners in order to give them a chance to raise their concerns about the new feature. The premature disclosure meant that the team's big announcement event no longer had the impact the team wanted. And there are some legal issues that are tied to the date a feature first becomes available to the public. Seeing a feature go public prematurely throws a bunch of scheduling into disarray because you now have to finish those legal documents in less time than you planned.

A member of another team told me that there was a leaked build that had a really bad bug in it. I forget exactly what the problem was, but the details aren't important. The team fixed the bug as soon as it was discovered, and they notified all the self-hosters and partners to upgrade to a new build immediately, but that bug was also out there in the leaked builds, ready to destroy computers and networks and most of Western civilization.

So how do you get people who are running a leaked build to stop running that build, with urgency?

Change the wallpaper.

The feature team asked the shell team to change the default wallpaper for the build that has the fix.

This is sort of the converse of If you change the insides, nobody notices: Changing the outsides counts as a major change.

The theory was that when the new build comes out with the new wallpaper, whoever it was that was leaking builds will say, "Whoa, this is a big deal," and make a special effort to leak the new build, and then the underground sites who traffic in leaked builds will see that the new build has a new wallpaper and say, "Whoa, this is a big deal," and they will abandon their old and busted build with the horrible bug and install the new hotness.

Psychology.

Comments (37)
  1. Brian_EE says:

    I got a little confused reading the last paragraph. I initially read "and then the people who look for leaked builds..." as MS employees who are trying to track down who the leaker is so he/she can be punished. You have to get to the end of the long sentence to get the context and re-read for it to make sense.

    That then begs the question - did MS ever try to track down where leaked builds were coming from? Internal employees? Hardware/Software partners? I could imagine having some way to uniquely tagging images sent to each partner (invisible watermark on the wallpaper?) and seeing which tag the leaked image had.

    1. skSdnW says:

      The leaked Windows 8 releases had some type of hash appended to the build number displayed on the desktop.

    2. Thanks for the feedback. I reworded the last paragraph; hope it's clearer now. (Yes, leak investigations occur. I don't know how much about them I'm at liberty to discuss, though.)

      1. Brian_EE says:

        Raymond, I wouldn't expect details to be divulged. You answered my question, which was born of my own curiosity.

  2. Steven says:

    Reminds me of the crossword puzzle wallpapers in leaked Windows 8 builds, where later builds had more and more characters filled in. Was it ever revealed what those meant?

    1. Ray Koopa says:

      They probably meant to just make you think about them and keep watching for new builds to get more "hints".

  3. Max ed says:

    Maybe have all of the windows apps say "unsupported version please update" maybe with a warning about the "error" in the update......maybe sparked a few ideas

    1. You seem to be trying to come up with the most complicated possible solution to the problem. "Hey, let's set up a servicing stack for leaked builds, and create special versions of every app that tells people to stop running this build, and target those updates to just the leaked build." Easy solution: "Change the wallpaper."

      1. Joshua says:

        I guess I would have done it the stupider way. The servicing stack is active by default (exactly as in release builds) but normally finds nothing as it is at a higher version than released builds.

        Therefore, if you ever need to post an update for a leaked build, you do it the normal way.

  4. memory_leak says:

    :-) Haha, indeed. But Macrosoft could go open source too and put an end to leak build at all :-).

    1. Ray Koopa says:

      They put an end to leaked builds with the Insider Program already.

      1. Hardly. A casual news search shows that people still get all excited about leaked builds.

  5. Cesar says:

    Did it work? That is, did most of the users of that leaked build upgrade?

    1. The feared network catastrophe did not materialize, which means either that the psychology worked, or that the fear was unfounded. It's like putting a banana in your ear to keep the alligators away. Good job, the alligators didn't attack. Was it because of the banana?

  6. Paul Gunn says:

    I don't really understand the imperative to do anything. These folks are basically using an illegally obtained (pirated) version of pre-release software. If they get themselves into trouble in doing so.. so be it. If they were furthermore foolish enough to run mission-critical software on a pirated, pre-release builds, it seems to me like the law of natural consequences come into play and I see no reasonable way in which Microsoft could be criticized. Am I missing something here?

    1. The imperative is that these machines can screw up the network they are connected to, so they're affecting other machines. Generally, people don't look kindly when a Windows system starts screwing up a network.

    2. Phasma Felis says:

      If a bunch of people running pirate copies are easy meat for someone's botnet, or provide a back door into a secure network, then it's everyone's problem.

    3. Chris Crowther says:

      I can pretty much guarantee if Microsoft said "well they were using a unlicensed copy of a preview build of Windows" then the response would just be "Microsoft is trying to push the blame on to other people!" from everyone who likes to play the game of "blame Microsoft". The negative PR hurts Microsoft, regardless of whether it's warranted or not. Reason doesn't enter in to it.

    4. James says:

      And as Raymond already said: "The first impression the outside world got of a new feature was the buggy version, which was also probably quite ugly on top of being buggy. That is rarely a good first impression." Even the pirate is at fault for using an unsupported version, a bad bug (especially one that causes data loss) likely would lead them to say "Microsoft writes terrible software!" to all of their friends and anyone who'll listen. That wouldn't be good for Microsoft either.

  7. Zoffix Znet says:

    So did this actually work or is this all just conjecture? And if yes, how did you figure out that it did?

  8. Jon W says:

    Love the psychology!

    Also, these days, every dev build really ought to have a call home feature. The feature must get an OK every so often, or it disables itself with a message.
    Not just windows, but all desktop prerelease software should do that...
    Given that it's prerelease, it should not be a privacy concern either.

    1. xcomcmdr says:

      Please, DRM is a complicated problem by itself already. Not a solution.

    2. French Guy says:

      Such a feature might be acceptable in pre-release builds, but definitely not (as in "hell, no!") in officially released software. Since it would promptly get removed by hackers, it would end up hurting only legitimate customers, much like unskippable piracy warnings on DVDs.

  9. Beeno Tung says:

    How about put a small program at every build (booting stage).
    It checks (over internet) whether this version is 'fatally broken', if so shutdown directly or somehow gain attention from the user.

    e.g. show text during booting, then hang there?
    show the wallpaper to high contract showing the text?
    even flash the above wallpaper?

    but if the machine is always offline, these trick cannot work :/

    1. And how does this solution not require a time machine? "Let's make a change to the operating system, retroactively deploy it to all the machines running the bad build, and..." Also, this is an awful lot of work compared to changing the wallpaper, especially since this sort of thing almost never happens. It's probably more likely that the code will trigger accidentally, seeing as it will be triggered intentionally um once ever.

  10. I believe this story is about the good old days when publicly released builds were rock solid. Man I miss those days.

    1. Darran Rowe says:

      Publicly released builds being rock solid?
      I think I have had every major version of Windows die on me very quickly to the point of getting bug checks within a day. Windows ME still holds the record, becoming unbootable after 20 minutes though.
      This is why I got into the habit of testing an install of Windows for a while, to figure out the quirks. Although this has actually gotten easier with newer versions of Windows, not harder.

      1. Yeah. Windows ME was awful, I give you that. More awful than Windows 10.

        But 2000, XP, Vista, and 7 were rock solid.

        1. xcomcmdr says:

          Windows ME is such a trainwreck, 16 years later it's still fascinating to read about.

          It had an incredibly short lifespan too, between 2000 and XP : barely 1 year !

          1. scott says:

            I'm confused, I thought 2000 was between ME and XP.

  11. Airportsfan says:

    I don't see how changing the wallpaper will encourage users to upgrade. I would understand if it's mainly about new features pop-up, or only for sake of running a build with newer number than current, which you guys can overcome by releasing a newer, proper build to public which everyone are going to move to it and even don't bother installing the leaked build again.

    Also, it's not a nobody notices insides fixes. There is a good amount of people who lookup deeply and do researches into stuff, but not quite talkative about them and/or don't get that popular compared to others who don't usually do such stuff.

    Maybe it's the time to put up somewhere a disclaimer that a build not intended to public is more likely to corrupt system, malfunctions or not even boot, and it's better to wait for a proper build from Microsoft to the public. Whether it's in the build itself or on insiders-related website.

    For sake of curiosity, was the bug you've mentioned in win32k? specifically related to fonts loading at boot?

    1. It encourages users to upgrade because (by and large) the people running leaked builds are people with a compulsive desire to run the "latest" code; if it's obvious that they're not on the very latest leaked build, they're going to hunt for an update option.

  12. Kaiserludi says:

    But what about all the people who have already downloaded he old leaked version from the underground sites? Those people may only re-download every couple of years if it they happen to download this one buggy version they won't abandon it just because a new version is available, but will use it for the next couple of years.

    I actually thought that you were talking about how to get those people to abandon the built and that you recommended to remotely change the wallpaper in the existing flawed build on the end-users machine. If his carefully self-chosen and loved more than anything else wallpaper would be replaced by the OS with just some big red letters on a white or black background, saying "you use a version with a bug that may destroy the world, if you continue using it, please update ASAP", the end-user surely would notice that.

    1. People who install leaked builds derive pleasure from knowing they're running the latest version of something. If they see that a newer build is out, they will quickly switch to it, because that's where they get their kicks. (How would the remote wallpaper change even work? Microsoft is not their domain administrator.)

    2. ErikF says:

      AFAICT all of the preview builds have timebombs built in, so the probability of someone still running any of the previews is about zero by now.

      1. ErikF says:

        (Except for current Insider Preview builds, of course!)

      2. Joshua says:

        The un-timebomb instructions got leaked years ago. [Some stupidity involving somebody finding how to activate it on release builds--turns out the code is (or was) in release builds but disabled. I don't feel like elaborating beyond that.]

Comments are closed.

Skip to main content