Microsoft Developer Network’s (MSDN) Licensing

The Microsoft Developer Network, better known as MSDN, now called Visual Studio Subscriptions, is one of Microsoft’s most misunderstood products.  The Visual Studio Subscription (formerly MSDN) is one of the largest community platforms for developers working on Microsoft technologies.

What You Get in Your Visual Studio Subscription

With an MSDN subscription, you get all the software and benefits you need to stay up on all things code, including monthly cloud credits, collaboration tools, training perks, support, and more—all the latest and greatest from Microsoft.

This also provides IT departments with a cost-effective way to license Microsoft software for individuals involved in the development and test process, but who do not require the full suite of Visual Studio development tools.

The subscription license gives a single user the ability to access/use any Microsoft Enterprise product for Dev/Test purposes (i.e. WinServer, SQL Server, BizTalk, SharePoint, Dynamics, etc, etc, etc). The list of software titles included depends on the level of your subscription.

Beyond giving a single developer user cool software… providing a Visual Studio Subscription for all of the Developer and QA team provides an efficient, per-user, license model for your entire Dev & Test environments. Adopting this model means you do not have to purchase any stand-alone Microsoft products for pre-production.

The Visual Studio Subscription licenses each user for unlimited installs and instances of the products on their local, shared and virtualized
environments.

ref: unlimited dev test environments with msdn subscriptions

How much is a Visual Studio Subscription

A standard Visual Studio Enterprise subscription with MSDN costs $5,999 for the first year and $2,569 annually for renewals. VL customers get a discount, of course. An annual cloud subscription (with non-perpetual license) is a flat $2,999 per year. This is as of 2016 and subject to change.

 

Who can use the Software

Individual developers

Any individual developer can use Visual Studio Community to create their own free or paid apps. In addition, any number of users may use the software to develop and test device drivers for the Windows operating system.

Organizations –

  • An unlimited number of users within an organization can use Visual Studio Community for the following scenarios: in a classroom learning environment, for academic research, or for contributing to open source projects.
  • Any number of users may use the software to develop and test device drivers for the Windows operating system.
  • For all other usage scenarios: In non-enterprise organizations, up to 5 users can use Visual Studio Community. In enterprise organizations (meaning those with >250 PCs or > $1M in annual revenue) no use is permitted for employees as well as contractors beyond the open source, academic research, and classroom learning environment scenarios described above.

 

Individual User Licensing

Licensed are for Design, Development, Testing, and Demonstrating Your Programs

All Visual Studio subscriptions and Visual Studio Professional are licensed on a per-user basis. Each licensed user may install and use the software on any number of devices to design, develop, test, and demonstrate their programs. Visual Studio subscriptions also allow the licensed user to evaluate the software and to simulate customer environments in order to diagnose issues related to your programs. Each additional person who uses the software in this way must also have a license assigned to them.

ref: Visual Studio 2017 Licensing Whitepaper

 

Can Different Licensed Users Run the Same Software?

Yes. Each member of the development team that will use (install, configure, or access) the software must have his or her own Visual Studio subscription. Two or more individuals may use the same software if each has a Visual Studio subscription.

Examples:

A development team consists of 6 software developers, 1 architect/developer, and 3 testers. The team is
building an in-house Web-based accounting system and wants to use the software to set up a test environment running Windows Server 2012 and Microsoft SQL Server 2014. If all 10 team members will be accessing the development or test environment, then each will require a Visual Studio subscription. The minimum subscription levels including both of these products are Visual Studio Professional – annual, Visual Studio Professional with MSDN Subscription and Visual Studio Test Professional Subscription.

An organization has two development teams—one based in Seattle and the other in Singapore. Because of the time difference, the two teams are never working at the same time. However, because Visual Studio subscription licenses cannot be shared, each team member in each location must have his or her own Visual Studio subscription

A systems engineer from the organization’s IT department is installing the software needed for a development team—each member of which is licensed with a Visual Studio subscription—on centrally-managed hardware. This systems engineer is not doing any software development or testing. Because a license is required for any use of Microsoft software (installing is a use of the software), they must either acquire production licenses for all software being used in this environment or they must acquire a Visual Studio subscription for the systems engineer that includes the software he or she is installing.

 

Where the Software can be Installed and Run

The licensed user can install and use the software on any number of devices. The software can be installed and used on your devices at work, at home, at school, and even on devices at a customer’s office or on dedicated hardware hosted by a third party. Most subscriber software can also be run in Microsoft Azure VMs. However, the software is otherwise not licensed for use in production environments.

A production environment is defined as an environment that is accessed by end users of an application (such as an Internet Website) and that is used for more than Acceptance Testing of that application or Feedback. Some scenarios that constitute production environments include:

  • Environments that connect to a production database.
  • Environments that support disaster-recovery or backup for a production environment.
  • Environments that are used for production at least some of the time, such a server that is rotated into production during peak periods of activity

 

For more info please review Visual Studio 2017 Licensing Whitepaper

Privacy & Google Search Alternatives

When it comes to privacy, using Google search is not the best of ideas. When you use their search engine, Google is recording your IP address, search terms, user agent, and often a unique identifier, which is stored in cookies.

Here are a few Google search alternatives

 

DuckDuckGo is a US-based search engine that was started by Gabriel Weinberg in 2008. It generates search results from over 400 sources including Wikipedia, Bing, Yandex, and Yahoo. DuckDuckGo has a close partnership with Yahoo, which helps it to better filter search results. This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads.

Searx is a very privacy-friendly and versatile open source metasearch engine that gathers results from other search engines while also respecting user privacy. One unique aspect with Searx is that you can run your own instance

Qwant – is a private search engine that is based in France and was started in 2013. Being based in Europe, the data privacy protections are much stricter, as compared to the United States.

Metager – is a private search engine based in Germany, implementation of free access to knowledge and digital democracy. Ref: https://metager.de/en/about

StartPage – StartPage gives you Google search results, but without the tracking.
Ref: https://classic.startpage.com/eng/protect-privacy.html#hmb

 

Patch Tuesday, June 2018 | Pushing 11 Critical Security Updates

Are you ready for the latest in security patch updates?  I’m not, but it’s that time again.

Ref: https://www.catalog.update.microsoft.com/Search.aspx?q=windows+security+update+2018

 

Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity.

Only one of these vulnerabilities: CVE-2018-8267 | Scripting Engine Memory Corruption Vulnerability is a remote code execution flaw (CVE-2018-8267) in the scripting engine, is listed as being publicly known at the time of release. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user.

There are a few others included are:

CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability

The most critical bug Microsoft patched this month is a remote code execution vulnerability (CVE-2018-8225) exists in Windows Domain Name System (DNS) DNSAPI.dll, affecting all versions of Windows starting from 7 to 10, as well as Windows Server editions.

The vulnerability resides in the way Windows parses DNS responses, which could be exploited by sending corrupted DNS responses to a targeted system from an attacker-controlled malicious DNS server.

CVE-2018-8231 | HTTP Protocol Stack Remote Code Execution Vulnerability

The critical bug is a remote code execution flaw (CVE-2018-8231) in the HTTP protocol stack (HTTP.sys) of Windows 10 and Windows Server 2016, which could allow remote attackers to execute arbitrary code and take control of the affected systems.

CVE-2018-8213 | Windows Remote Code Execution Vulnerability

Critical remote code execution vulnerability (CVE-2018-8213) affecting Windows 10 and Windows Server exist in the way the operating system handles objects in memory. Successful exploitation could allow an attacker to take control of an affected Windows PC.

Microsoft is reportedly acquiring #GitHub

#Microsoft is reportedly acquiring #GitHub – and we are now expecting the announcement sometime this week.

New reports out of Redmond this weekend have Microsoft set to purchase the popular coding site GitHub. Bloomberg is citing “people familiar with the matter,” stating that the deal could be announced as early as tomorrow.

The new story follows similar reports late last week of discussions between the two parties. The deal certainly makes sense for Microsoft, as the software giant continues to actively court developers. As for GitHub, the company is said to have been “impressed” by Satya Nadella, who has actively courted coders and coding initiatives since taking the reins at the company, back in 2014.

“The opportunity for developers to have broad impact on all parts of society has never been greater,” Nadella told the crowd at his address during last year’s Build. “But with this opportunity comes enormous responsibility.”

Dramatic, perhaps, but acquiring GitHub would give the company access to some 27 million software developers — though not all of them are thrilled by the idea of GitHub being taken over by Microsoft.

More to come.

Kaspersky lawsuits over government ban, dismissed

Last year, the US government made moves to ban the use of Kaspersky security software in federal agencies, claiming the company’s ties to the Russian government represented a security risk. In September, the Department of Homeland Security issued an order that required federal departments and agencies to remove the company’s software from their systems. Then, Congress passed and President Trump approved a bill — the National Defense Authorization Act (NDAA) — that also banned Kaspersky software from federal government use. Kaspersky subsequently filed two lawsuits combatting both bans, but a judge has now dismissed them.

CyberScoop reports that Colleen Kollar-Kotelly, US District Judge for the District of Columbia, rejected Kaspersky’s claims that the bans were unconstitutional. Kaspersky argued that the NDAA inflicted an unconstitutional “punishment,” but Judge Kollar-Kotelly disagreed. She said the act wasn’t a punishment but instead, “eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.”

Further, because she dismissed the lawsuit against the NDAA, the suit against the Department of Homeland Security’s order was rendered moot since the act would supersede any change to the order. “These defensive actions may very well have adverse consequences for some third-parties,” she said in her opinion. “But that does not make them unconstitutional.”

The NDAA’s Kaspersky ban goes into effect on October 1st.

This article originally appeared on Engadget.