Microsoft has published a new Windows Phone update, build 8107, to resolve a problem where the soft keyboard sometimes disappears, leaving users no way to type anything on the phone. The bug can affect any handset on any carrier, so it should be rolled out to everyone as quickly as possible. Unfortunately, Microsoft isn't willing to say who will actually receive the update, or when.

During the troubled rollout of the NoDo update, the company published a useful guide to tell users how far through the approval and deployment process their particular combination of handset and carrier were, allowing them to have a good idea when each upgrade would be available.

When Microsoft killed Windows Home Server's "Drive Extender" technology, we mourned its loss but held up hope that the company would persevere with the concept. The company has done just that with a new Windows 8 feature called Storage Spaces, described in a lengthy post to its Building Windows 8 blog.

With Storage Spaces, physical disks to be grouped together into pools, and pools are then carved up into spaces, which are formatted with a regular filesystem and are used day-to-day just like regular disks.

Microsoft today filed a legal complaint against Comet, a UK retailer which the company alleges sold 94,000 sets of Windows Vista and Windows XP recovery CDs without Microsoft's blessing. While Microsoft called the CDs counterfeits, Comet says it was acting in good faith, supplying customers with recovery discs when Microsoft would not.

Microsoft noted that the recovery CDs were sold to customers who had purchased Windows-loaded PCs and laptops. Comet operates 248 stores as well as an online shopping site.

“As detailed in the complaint filed today, Comet produced and sold thousands of counterfeit Windows CDs to unsuspecting customers in the United Kingdom,” Microsoft associate general counsel David Finn said in a statement posted on Microsoft's website. “Comet’s actions were unfair to customers. We expect better from retailers of Microsoft products—and our customers deserve better, too.”

Comet responded with a statement of its own, saying it believes what it did was legal. "Comet has sought and received legal advice from leading counsel to support its view that the production of recovery discs did not infringe Microsoft’s intellectual property," the company said. "Comet firmly believes that it acted in the very best interests of its customers. It believes its customers had been adversely affected by the decision to stop supplying recovery discs with each new Microsoft Operating System based computer. Accordingly Comet is satisfied that it has a good defence to the claim and will defend its position vigorously."

Read the comments on this post

The browser story in December mirrored the broader 2011 trends. After a surprising result in November, in which it held steady, Internet Explorer resumed normal service in December, with its market share continuing to fall. Chrome once more made gains, closing the gap with rival Firefox.

Microsoft is preparing an expansion of the Windows Azure virtual machine hosting technology that will let customers run either Windows or Linux virtual machines, as well as applications like SQL Server and SharePoint, according to Mary-Jo Foley at ZDNet.

Azure already has a "VM role" service in beta, letting customers deploy a Windows Server 2008 R2 image. This is similar to the type of VM hosting offered by Amazon's Elastic Compute Cloud, but much more limited—Azure hides much of the complexity of the operating system layer so developers can just focus on building applications.

Foley and her sources say Azure's current VM role is not persistent, meaning data is frequently lost. But a Community Technology Preview set to launch in spring of 2012 will fix this problem and add several other capabilities, including Linux hosting, according to Microsoft partners who spoke with Foley.

"What does this mean? Customers who want to run Windows or Linux 'durably' (i.e., without losing state) in VMs on Microsoft’s Azure platform-as-a-service platform will be able to do so," Foley wrote yesterday. "The new persistent VM support also will allow customers to run SQL Server or SharePoint Server in VMs, as well. And it will enable customers to more easily move existing apps to the Azure platform."

The Register noted last June that Microsoft was already testing Linux on Azure in its internal labs. Although Microsoft has often been at odds with the Linux community, it's a logical next step for the company, given that it has already worked on supporting Linux distributions on its Hyper-V virtualization software.

Read the comments on this post

2011 was in many ways a quiet (albeit thoroughly profitable) year for Microsoft. The company made big, important announcements—the Nokia partnership, the Windows 8 reveal—but neither had much impact in 2011. Nokia has released only a couple of handset models in a few countries this year, and Windows 8 is not yet in beta.

2011 for Microsoft was all about telling us what to look forward to.

2012 will be when that talk becomes real. 2012 will be when lots of Microsoft's talk becomes real.

Researchers have shown how a flaw that is common to most popular Web programming languages can be used to launch denial-of-service attacks by exploiting hash tables. Announced publicly on Wednesday at the Chaos Communication Congress event in Germany, the flaw affects a long list of technologies, including PHP, ASP.NET, Java, Python, Ruby, Apache Tomcat, Apache Geronimo, Jetty, and Glassfish, as well as Google's open source JavaScript engine V8. The vendors and developers behind these technologies are working to close the vulnerability, with Microsoft warning of "imminent public release of exploit code" for what is known as a hash collision attack.

Researchers Alexander Klink and Julian Wälde explained that the theory behind such attacks has been known since at least 2003, when it was described in a paper for the Usenix security conference, and influenced the developers of Perl and CRuby to "change their hash functions to include randomization."

For Windows 8, Microsoft is a preparing a new way to log in to tablet PCs by letting users perform gestures on the screen instead of typing in letters and numbers. A user will choose a photo with some personal meaning to them, and create a sequence of taps, lines, and circles which must be performed in the right order to unlock the computer.

The obvious question is whether such a system is as secure as typing a password on a keyboard. Given the kinds of simple passwords many users rely upon, the gesture-based system could well be more secure for numerous people. Microsoft acknowledges that smudges on the screen or recording devices could theoretically allow the gesture password to be compromised, but says the risk is very low.