Linked by Eugenia Loli on Fri 30th Apr 2004 18:12 UTC
Bugs & Viruses Microsoft has released details about a number of problems which could be dogging those who install one of its patches issued on April 13 - the patch that fixes 14 vulnerabilities, among them two which are now being actively exploited.
Order by: Score:
Testing?
by Han Solo on Fri 30th Apr 2004 19:26 UTC

HMmm... I seem to remember a bunch of people around here bragging about how good Microsoft's testing is, how superior their software development methos are etc..in a recent thread from yesterday, and how Linux is so inferiour an OS because of this. http://www.osnews.com/story.php?news_id=6894
.
.
.
Bah.. stuff it.


RE: Testing?
by Jon on Fri 30th Apr 2004 19:33 UTC

There are infinite possibilities of PCI cards and motherboards and infinite amount of crappy third party software for Windows that people use and many third party drivers that haven't being certified. Microsoft can't do anything about this, it's just is. It is normal to produce some unwanted behavior that is difficult to reproduce at labs because of the above reality. As much bigger/popular is the OS, more difficult it becomes to debug it 100%.

There is no such thing as "100% bug free" normal-size application, because even the compilers have bugs. ;)

So, please be a bit more objective on your comment. You are obviously not a system developer.

Getting it right first time
by dumbkiwi on Fri 30th Apr 2004 19:45 UTC

I'm a lawyer. In my job, if I get it wrong first time, I get sued. Simple as that - no second chances. Why does the same standard not apply in the IT industry?

Matt

RE: Getting it right first time
by Jon on Fri 30th Apr 2004 19:54 UTC

Because it can't. It is above the strength of any software house to be able to test the infinite amount of software/hardware combinations.

they made a stupid mistake
by Anonymous on Fri 30th Apr 2004 20:32 UTC



"Because it can't. It is above the strength of any software house to be able to test the infinite amount of software/hardware combinations."

why do you need to defend those people after they made this stupid mistake of selecting a multiprocesser kernel for a single processer system.?

RE: they made a stupid mistake
by Jon on Fri 30th Apr 2004 20:54 UTC

I do not defend them "just for defending them". I just know how the thing works, I am a developer. If Apple or Red Hat or Sun was at MS' place, they would have the exact same problems, so why not just be objective?

yes i am being objective
by Anonymous on Fri 30th Apr 2004 21:06 UTC

"why not just be objective?"

yes. thats why i dont defend them ;-)

RE: yes i am being objective
by Jon on Fri 30th Apr 2004 21:14 UTC

No, you are not. The subject here is about some bugs on a big patch, not about MS' monopoly or business tactics. Be objective to the subject itself, don't let your hatred about unrelated things get in your way of evaluating the current situation. This is a development issue, not a business one. Be objective to that.

just a thought
by hmmm on Fri 30th Apr 2004 21:17 UTC

"Because it can't. It is above the strength of any software house to be able to test the infinite amount of software/hardware combinations."

Well, if they can't produce a quality product perhaps they should consider dropping their extremely overinflated monopolistic prices.

a buggy release
by Anonymous on Fri 30th Apr 2004 21:20 UTC

"No, you are not. The subject here is about some bugs on a big patch, not about MS' monopoly or business tactics"

yes. that made mistakes and i am critising it. whats non objective about that. care to explain?

RE: a buggy release
by Jon on Fri 30th Apr 2004 21:28 UTC

What 'mistakes' are you talking about? Bugs? I explained above that bad architecture decisions and bugs DO happen everywhere (not just by MS), so I don't get what you mean. It happens to everyone. Even to NASA's 400mil robots.

so what?
by Anonymous on Fri 30th Apr 2004 21:33 UTC


"What 'mistakes' are you talking about? Bugs? I explained above that bad architecture decisions and bugs DO happen everywhere (not just by MS), so I don't get what you mean. It happens to everyone"

i will criticise them when they happen to release buggy products no matter whether NASA does it or Microsoft

its equally objective. dont tell me your interpretation of being objective is NOT critisiing MS

RE: so what?
by Jon on Fri 30th Apr 2004 21:39 UTC

You REALLY don't get it, doya?

It is not about "not critising" MS, it is about being objective on the problem they have to deal with. PUT yourself in THEIR position momentarily and recognize that releasing a 100% bug-free massive product is _impossible_. Anything about 200-300 lines of code --usually-- has bugs, no matter the platform. As I said, even the compilers themselves have bugs, so even if your code IS bug-free, the output produced by the compiler might end up problematic.

WHY is it so difficult to understand that, and recognize that no matter what, bugs will always happen?

I really don't get some people on this board. They seem so full of themselves and so anti-MS that they just don't think for themselves, but instead follow the general flow like lemmings.

well what your point
by Anonymous on Fri 30th Apr 2004 21:42 UTC



"I really don't get some people on this board. They seem so full of themselves and so anti-MS that they just don't think for themselves, but instead follow the general flow like lemmings.
"

are you saying that i can critise them or i shouldnt.

if you say i cant i dont agree with you
if i can then you can shut up

what lemmings?. why are so pro-MS are following them like sheep. My production servers got affected by these problems and I will critise their failures

@ Jon
by Silver City on Fri 30th Apr 2004 21:48 UTC

Okay, I got a question (or two) for you. And these are honest ones. Isn't there a way Microsoft could provide patches without alerting worm writers to newly found security holes? Why is it always a race to get the patch before the worm people do?

RE: well what your point
by Jon on Fri 30th Apr 2004 21:49 UTC

I am not saying that you should not critisize them for their failures, PLEASE do.
But at the same time, *also* do understand how things work and that's not possible to get a bug-free system by anyone out there.

its too high
by Anonymous on Fri 30th Apr 2004 21:57 UTC



"But at the same time, *also* do understand how things work and that's not possible to get a bug-free system by anyone out there."

compared to any product these people are doing are a bad job when you have to release a patch for a patch.

Its the Windows design at fault
by Damien on Fri 30th Apr 2004 22:09 UTC

The problem is how everything in Windows is so tightly integrated, how everything is so inter-dependent, a flaw in one service opens the way for ones in others. Compare that to the UNIX world where everything is build on individual services that do not depend upon each other, and you have a system where one vulnerability won't bring down the house.

At work we were hit by this vulnerability, and typically the day _before_ the patch was released. I'm working on convincing management to move to FreeBSD, but two key pieces of our puzzle (ColdFusion and JDBC drivers for an old version of AcuCOBOL) won't work on it, so it looks like we're kinda stuck.

Damien

Finite.
by Chris on Fri 30th Apr 2004 22:17 UTC

"There are infinite possibilities of PCI cards"
There are actually a finite number of possibilities. What you mean is that the number is large enough to prohibit thorough testing.

check again
by Anonymous on Fri 30th Apr 2004 22:25 UTC



"ColdFusion and JDBC drivers for an old version of AcuCOBOL) won't work on it, so it looks like we're kinda stuck. "

check again with Linux

@Jon
by A nun, he moos on Fri 30th Apr 2004 23:18 UTC

The subject here is about some bugs on a big patch, not about MS' monopoly or business tactics.

Actually, it is MS's policy to release fewer big patches instead of multiple little ones because it looks better from a Marketing point of view (they don't look as if they had as much vulnerabilities that way). So in fact, one can say that this is partly the result of their business tactics, and that criticism of those tactics is on-topic.

Personally, I think it's another black eye for Microsoft. Now, people have to choose between risking being vulnerable to remote exploits and risking that this will happen:

A third problem detailed by Microsoft was that those who applied the patch could find that their computers appeared to stop responding at start-up, were unable to log on to Windows or find CPU usage for the system process approaching 100 percent.

If I was a Windows user at home right now, I'd be royally pissed. Microsoft's own worst enemy is itself.

@ Bascule
by dpi on Sat 1st May 2004 02:04 UTC

I guess this proofs even Holy Corporations make mistakes in their long-time test efforts, doesn't it?

Re: @ Bascule
by Anonymous on Sat 1st May 2004 04:24 UTC

I guess this proofs even Holy Corporations make mistakes in their long-time test efforts, doesn't it?

Huh?

AdobeSoftwareOnline
by Thomas on Sat 1st May 2004 04:48 UTC

Looks like AdobeSoftwareOnline is a clever semi-legal scam. Read their "Terms of Software Use" and you'll find out they don't sell Adobe software but rather they offer a software backup service.

9.1 You understand that in order for AdobeSoftwareOnline.com to make you a copy of any software, you acknowledge that you are the legal owner of this same software, and are looking to just make a new copy for archival (backup) purposes only.

RE: By Han Solo
by Russian Guy on Sat 1st May 2004 20:04 UTC

>I'm a lawyer. In my job, if I get it wrong first time, I get sued.

Yes, lawyers do it right first time. Always. They are super humans. A lawyer never made a mistake. An innocent person was never executed due to mistakes in legal system, and nobody spent years in prison just because of inept lawyer assigned by the court.

Then, a lawyer turns around and bashes software developers whose mistake, at most, is "slow" computer- which can be undone by logging in safe mode and uninstalling patch.

How can bad justice be undone?

"You are obviously not a system developer."
by Anonymous on Sun 2nd May 2004 16:03 UTC

Or perhaps he is just a better one than you are.

@Russian Microsoft Cheerleader
by A nun, he moos on Sun 2nd May 2004 16:47 UTC

Then, a lawyer turns around and bashes software developers whose mistake, at most, is "slow" computer- which can be undone by logging in safe mode and uninstalling patch.

Excuse me but your blind support of Microsoft should cause you to acknowledge that, at most, the problems can be quite severe. Allow me to cite Microsoft again:

"those who applied the patch could find that their computers appeared to stop responding at start-up, were unable to log on to Windows or find CPU usage for the system process approaching 100 percent."

And if you simply "uninstall the patch" by going into safe mode, then your computer is once again vulnerable to what the patch was supposed to protect against. Since these include dangerous remote exploits, then I'd say that Microsoft has indeed royally screwed up on this one.

Of course, no matter what the facts are, you'll find a way to defend Microsoft and its abysmal security and stability records.