Linked by Thom Holwerda on Fri 11th Jun 2010 21:27 UTC
Microsoft "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does."
Thread beginning with comment 429976
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Gotta love it
by phreck on Mon 14th Jun 2010 13:18 UTC in reply to "RE[4]: Gotta love it"
phreck
Member since:
2009-08-13

Differences being, that .deb/.rpm/.tar.gz-packages are open. If I am in serious doubt, I can dissect the packages, see what's in /usr/share, /usr/bin, postrm and whatnot.

I can also explicitly cherry pick which parts of my operating system shall be updated, which should receive security updates, and which shall be strictly pinned.

Three more key-differences:

* Microsoft has a hypocritical past, most Linux/Bsd/etc.-Distros have not, so ppl just have a smaller treshold for Microsoft-Misdoings

* To my knowledge, never did any Distro install any package that is not uninstallable through package management anymore, whereas Microsoft keeps distributing things that are not trivially removable (read: via Firefox's add-on manager) and which promote their proprietary wannabe standards. I don't want a f+cking web-install for whatever bogo technology or whatever, and I don't want a f+cking unasked-for extension without the possiblity to trivially remove it again.

* To my knowledge, distro-provided packages never extended the installations of other packages, except when those are add-on-packages


edit:
And seriously, how low is the possibility of a bug which installs this piece of dung into a remote application, following the rules of that application, and following the usual pattern of not being uninstallable? As this never happened in the Open Source World that I know, it is probably so small that not even a million chimps will reproduce this bug within the lifespan of our sun (http://www.ohloh.net/languages).

So: Stop believing in Microsofts philantropist interests and that this was a bug. It was not. It was intent. We can discuss whether this was wise or stupid, but not about whether it's a bug.

Edited 2010-06-14 13:35 UTC

Reply Parent Score: 1

RE[6]: Gotta love it
by vaette on Mon 14th Jun 2010 14:02 in reply to "RE[5]: Gotta love it"
vaette Member since:
2008-08-09

This is just an endless cycle isn't it?

Differences being, that .deb/.rpm/.tar.gz-packages are open. If I am in serious doubt, I can dissect the packages, see what's in /usr/share, /usr/bin, postrm and whatnot.

But you don't. Which makes the point rather moot.

Note also that the community at large indeed noted what Microsofts install package did and followed up on it, exactly what I assume is what you want to point out to be the great advantage of the OSS community.

To my knowledge, never did any Distro install any package that is not uninstallable through package management anymore, whereas Microsoft keeps distributing things that are not trivially removable (read: via Firefox's add-on manager) and which promote their proprietary wannabe standards. I don't want a f+cking web-install for whatever bogo technology or whatever, and I don't want a f+cking unasked-for extension without the possiblity to trivially remove it again.

It is removable by uninstalling the update in question though, which works just as well as uninstalling the "package" would under a Linux distro.

To my knowledge, distro-provided packages never extended the installations of other packages, except when those are add-on-packages

On the other hand this update applied to the Bing bar, which is an add-on to both IE and Firefox, so updating extensions in Firefox makes sense. The behaviour of updating the extension in Firefox even when the Bing bar is not installed in Firefox is, as already noted, a bug.

And seriously, how low is the possibility of a bug which installs this piece of dung into a remote application, following the rules of that application, and following the usual pattern of not being uninstallable? As this never happened in the Open Source World that I know, it is probably so small that not even a million chimps will reproduce this bug within the lifespan of our sun (http://www.ohloh.net/languages).

The update package was supposed to install the extension in Firefox, and the extension was designed to behave in that way, since it was supposed to be removed when the Bing bar extension was uninstalled from Firefox, rather than being uninstallable by itself. The bug was that it was added when any Bing bar was on the system, even if it wasn't in Firefox.

So: Stop believing in Microsofts philantropist interests and that this was a bug. It was not. It was intent. We can discuss whether this was wise or stupid, but not about whether it's a bug.

This is such bullshit that it gets tiring to go over it again; why would it be intentional?? It does nothing, nothing to help Microsoft, nothing to harm Microsoft, nothing in any direction. These claims about malicious intent are just paranoid fantasy unless you can come up with some kind of motive.

Reply Parent Score: 1

RE[7]: Gotta love it
by phreck on Mon 14th Jun 2010 15:13 in reply to "RE[6]: Gotta love it"
phreck Member since:
2009-08-13

"This is just an endless cycle isn't it? "
Indeed.

Just this one:

It is removable by uninstalling the update in question though, which works just as well as uninstalling the "package" would under a Linux distro.

a) No need to quote "package". It is a common concept in the Linux world (which Windows lacks)
b) The update information found on my system is cryptic. I would have to look through e.g. 70 entries just for 2010-05-27. Not a single one includes a clear changelog, but only links to external resources. Really? This is slightly different from looking into local changelogs. And no, you don't have to quote changelog now. It is a common concept, once again. In plain text.
c) No, update management under windows is not equal to package management under linux, where dependencies are tracked recursively. So I don't really know whether removing some update breaks something else, or not. The probability might be low, but is not non-existent. And again, I may not choose beforehand what shall be updated, and what not.


Lifting up your quoted "package", my impression is you don't really have a grasp about how different updates are in the linux world. Personally, I live with both worlds. The one at work, the other at home. The one that is not proprietary works better for me. But that's of course unfounded.

Edited 2010-06-14 15:15 UTC

Reply Parent Score: 1