@CCDMan Check the posts on the DC-3 Dreams Comm Center, specifically this one.
@Chris There are multiple issues here and things to consider before making changes to the development tools. I will be talking to Peter, then we I will make a post for developers on the ASCOM Talk forum topic for this issue, as well as needed info on the ASCOM web site Developer’s section.
BTW if I understand this correctly it will only affect some drivers but not all. In particular it won’t affect DLL based drivers because they run as part of the application process so no additional security is involved.
Correct.
It should also not affect .NET based local server drivers for the same reason. COM is not involved in any inter-process communication with these drivers.
This isn’t right on two accounts.
-
The DCOM info is almost certainly present in the .NET local servers. It is added in the boiler plate code that virtually everyone uses to make local server ASCOM drivers. It is also present in all of the simulators that come with the ASCOM Platform.
-
COM is indeed used for inter-process communication between a .NET local server driver and any client, whether it is .NET, VB6, Script. C++ or whatever else. The only other IPC mechanism in .NET is the ancient and awful “.NET Remoting” and we definitely do not use that for IPC. COM rules because it is language independent.
OK, so in our specific case, first Bob would need to modify the ASCOM driver installer and then the author of the “ASCOM Driver for TheSky Controlled Telescopes” would need to reissue the driver?
Not necessarily me, as ASCOM is open source. But I will probably make the changes into the tree and coordinate when this gets pushed out to a new Platform. Keep in mind this will affect only drivers written in the future. All current drivers with DCOM info need to be changed and re-released. This will be the responsibility of the driver developers not the ASCOM Initiative (or me!). The ASCOM 2X Mount Adaptor for TheSky X comes from Software Bisque.
Please note, though, that any driver developer will shortly be able to see what needs to be changed in existing drivers and their existing driver installers. They will need to go to the ASCOM Talk forum not here.
Why do we need DCOM info?
Again this was needed (and may still be needed!!) for TheSky 6. It is possible that someone has used DCOM to distribute drivers and clients for ASCOM, and we cannot remove this without the risk of breaking these applications (TheSky 6 included). So we need to fix the Authentication Level to be the newly required value for Windows 10 (=3).
Also, my imaging partner on that remote system did try Bob’s fix for our issue yesterday and it did not work.
If this is an ACP or ACP Expert customer of course I will help. Post on our Comm Center.
@chasmiller46
Some further info – a good friend and fellow astronomer is also an experienced COM developer and he says the problem lies in the coding used in many ASCOM drivers. Microsoft closed a known security flaw in COM and that caused improperly written ASCOM drivers to fail. He does not think Microsoft will make any changes or roll backs and it will be up to the ASCOM driver developers to fix the problem and release new versions.
I need to defend the honor of the ASCOM driver authors out there, to include (alphabetically) Astro-Physics, Optec, PlaneWave, Software Bisque, and others. The drivers are not “improperly written”. Neither the driver authors who used the ASCOM templates and installer generator, nor the author of the templates and installer generator (me) could have foreseen ten years ago (yes! 2007!) that Microsoft would change the DCOM security requirements on components *that are not even using DCOM. Let’s give these guys a break. Your friend is on the rifght track, but I can’t imagine that he knew this was a “known flaw”. Furthermore, in the release notes for KB4075892, Microsoft states that the change is a “known issue” and that “Microsoft is working on a resolution and will provide an update in an upcoming release.” So its unclear that this is a “known security flaw in COM”.
I hope this will give everyone here enough info to keep new “Uncle Festus” speculation, finger pointing, blame, frustration, etc. from getting even worse. I’ve done my best to bring objective engineering analysis and reporting on this.
For more info please see the ASCOM-Talk topic and our ongoing thread on the DC-3 Dreams Comm Center.