Slashdot Mirror
Complete List of Bugs Fixed in SP2
callipygian-showsyst writes "Microsoft has published the complete list of bugs fixed in Service Pack 2.
They range from the obscure like: 'File Appears to Be Deleted Although You Do Not Have Permissions on the OS/2 Warp4-Based Server' to the serious-sounding: ' Stop error message on a blue screen when you transfer data to a USB device in Windows XP'"
This is a giant list of all of the updates, and then links to the KB numbers on the left, so you can read what each one was.
... but after reading the KB, it's an ActiveX problem that can allow a webpage to access your media library. Then again, MS has always really vague and stupid titles.
Side note: one of my favorites:
MS03-021: A flaw in Windows Media Player may permit the Media Library to be accessed
At first, I was thinking that it was supposed to do that
Okay, tell meonce again how many months it took to root out those errors? Some where known for a long time. And I expected a longer list... waaaaay longer!
www.weberseite.at
Well, out of the many bugs listed as being fixed thirteen were repaired that could cause code execution...
;)
Were these bugs found internally by their team or were these found by outsiders and then patched months later because knowledge was never released?
Not Prompted to Obtain a Digital Rights Management License for Installations Created by Using Sysprep
This was one bug they could have left unfound
Like this one?
-- Sorry, I can't think of anything funny to say here.
* Microsoft Windows 2000 Advanced Server SP4
* Microsoft Windows 2000 Professional SP4
* Microsoft Windows 2000 Server SP4".
Are they intentionally driving up the number of bugs fixed?
-- "I'm not a religious man, but if you're up there, save me Superman..."
Have you heard of the term "slime"? Slime in the parlance is a "feature" introduced under the version control cover of a "defect".
Let's say I need to fix a simple little bug, a misspelling in a message, which happens to be in source code file "abcd.c". I've got sitting on my hard drive this awesome new feature (at least *I* as the developer think it's cool), but nobody wants to accept it into the product. Hey! It's in file "abcd.c" too! I check in the misspelling fix, along with 2000 lines of new code for my new feature. In version control though it shows up as nothing but "fix a misspelling". That's slime.
With open source you can't do slime... well you could try but it'd never stay undercover. Thus I'd argue this *is* an insightful comment for a non-open source release, but possibly Flamebait for a Linux release.
--Rob
Probably a problem discovered during 2003 testing, that, ultimately, was determined to be in XP. Happens a lot in testing that an incidental find sticks with the original summary even after finding it applies to other things.
XML is like violence. If it doesn't solve the problem, use more.
250MB+ of patches? Granted it includes WMP9, and a bunch of IE stuff, but previous service packs (2k/NT) covered multiple versions of the same OS (Win2k Pro, Server, Advanced, etc...) This is 250MB of patches for ONE version of ONE OS.
To be fair, I guess it would be similar to a point release for linux, updating the kernel, glibc, gnome/kde, mozilla, etc... It would probably be at least that big. It's still kind of freaky installing that many patches simultaneously.
I remember updating Netware 3.x using patches on floppies, one after another. It was a pain, but at least you knew exactly what's getting installed and when.
My Other Computer Is A Data General Nova III.
Your computer becomes a spam zombie within minutes of being connected to the Internet.
Yep, that's the firewall and security changes. Unless you open infected mail, which is harder but still possible, and always will be, unless you prevent the user from ever running a suspect program even if they choose to.
Outlook Express has no junk mail filtering.
Sadly, no.
Your screen becomes deluged with popup windows with no escape because closing one opens about ten others.
Yes, IE now has a pop-up blocker.
Many of the bugs describe stuff that's just broken full stop and should really have been removed before XP was released, ie: You cannot preview a fax in the Fax Console.. Others sound like simple program logic errors, which shold never have happenned in the first place. I particularly liked: Windows XP stops responding (hangs) when you log off the computer if more than one user is logged on. WTF?
Go read the knowledge base articles. These bugs don't mean these things always happen, only that they happen under certain conditions. Bugs, yes, but harldy "broken full stop".
Let's complain about legit problems with MS, eh?
This isn't a bug in the firewall.
Local applications running with administrator privilege are inside the security perimeter of the firewall and have the same rights as the firewall management GUI. Microsoft would need to be enforcing mandatory access control to actually prevent third-party applications with appropriate right from managing the firewall, so all they could do would be to leave the management API undocumented and create a false sense of security.
Don't complain, you should be applauding them for avoiding another "security through obscurity" dead-end.
But they used the Internet Explorer logo
812383 The Browserui.dll file does not update after you apply a Windows hotfix to restrict the toolbar location in Windows 2000 Internet Explorer
That might have been my one.
Bugcheck 0x8E_nt!MiGetProtoPteAddressExtended+12
This is the bug track response from Microsoft for this bug report.
Update on 4/28/2004 10:45:54 AM by Microsoft:
moving to developement database for investigation
Update on 4/29/2004 8:35:35 AM by Microsoft:
Thanks for the report. This issue is currently under investigation. Is there any way we would be able to obtain a full dump of this issue? The minidumps are helpful, but there just isn't enough information in them to determine cause. Let me know either way if this is a possibility, thank you.
Update on 4/29/2004 5:04:22 PM by Microsoft:
Thanks for the assistance. As it turns out there was a bug here that has shipped in every version of NT we've ever released. With your help we've been able to implement a change that will affect all versions of NT from w2k, xp, server 2003 and beyond. Pretty cool.
Sounds like it was a problem in the memory manager. It seems to be fixed now in SP2, I can't reproduce it as easily as before anyway.
I'd like to know a bit more about it. It's quite nice to know I've had some impact on the core kernel code for NT.
"Taligent is still pure vapor. Maybe they'll be the last who jumps up on Openstep... "
...is the 3D Web Cam of the guy who submitted this /. article!
The difference is that Linux people can make a logical arguement, Microsoft salesmen can only make up big lies and format them so stupid people who've been conditoned through schools accept it
Not necessarily true - you say this because you are pro-Linux and anti-Microsoft. But I bet if you went to someone who was the exact opposite, you'd hear the exact opposite.
Besides, I've taken part on meetings where Linux vendor X was telling us to switch from Windows to Linux, and in other companies it's been Microsoft telling us why we should switch from Linux. In both cases the arguments where strong - both for and against.
You might read some of the FUD MS puts on their site, or it's employees state 'off-the-record', but none of that goes on face to face, they are quite understanding of what their compeition is and know how to use that knowledge for their own good.
Looking for hardware (Currently need: Large Etch-a-Sketch) Have one? See my journal!
Is it already the updated version or do I have to go back and re-apply the Service Pack?
This is just a theoretical question because when I used to work on Windows a lot (during NT4 days), you were advised to re-install the Service Pack after making any major changes to a system.
Just curious.
Gentoo Linux - another day, another USE flag.
...even if they don't really understand it.
I agree that it is hard to explain a buffer overflow to non-technical people, but I've done it before to their satisfaction. A lot of people want to know more about how their computers (and other appliances) work. Furthermore, lack of detail can translate to lack of trust. There has to be a balance between technobabble and plain, simple english.
If all a user wants to know about a bug is something general like you suggest then the list of critical updates in Windows Update or on the SP2 page would look like this:
123456 - A flaw in Internet Explorer may allow an attacker to control your computer
123457 - A flaw in Outlook Express may allow an attacker to control your computer
123458 - A flaw in Windows XP may allow an attacker to control your computer
123459 - A flaw in Internet Explorer may allow an attacker to control your computer
123460 - A flaw in Internet Explorer may allow an attacker to control your computer
123461 - A flaw in Windows XP may allow an attacker to control your computer
123462 - A flaw in Internet Explorer may allow an attacker to control your computer
Honestly, how would this be ANY more useful to a user than something line "A buffer overflow in IE's URI parsing routines could allow an attacker to perform a cross-site scripting attack"? Sure, most users would not know what that means without reading the details, however, I think a lot of users would not be comforted by the above list. Is it the same flaw? How does the flaw manifest itself? Does it apply to my setup?
In fact I think most users would feel a bit insulted by overly vague information on updates--as if MS feels they are not smart enough to handle any sort of detail. "Okay boys and girls, Windows has a booboo. Run this program and it'll but a bandaid on the booboo and everything will be alright again".
I think I'd personally prefer technobabble, at least it sounds more credible (like someone knows something about software).
Before you checkin code, it must be code reviewed -- this is manditory. Someone checking in a fix described as "fixed a spelling error", while adding 2000 lines of code, will be told to remove it (or get a bug opened for the new stuff that they added, and deal with it in a different change).
/will/ result in immediate termination.
Depending on the group you work in and the phase of the dev cycle you're in, you also have to get triage approval -- this means you have to justify your change to a group of people trying to keep code churn to a minimum.
When code is checked in, the change is mailed to one or more mailing lists. Among the things in the mail are the changelist description and the file in the changelist. Again, red flags will be rased when someone looks at the diff (and believe me, some anal retentive fucker like me will catch it).
If, somehow an employee managed to get through all of those layers and snuck in those 2000 lines of easter egg code under the radar, and the "easter egg" is discovered (and it will be), they lose their job. It's one of the few things you can do at Microsoft which
I installed SP2 and then it made me re-activate both Windows and Office 2003. During the reactivation, my original Product keys were no longer valid. I had to call Micrsoft support, spoke to numerous tech support and activation department employees before they gave me a new product key which could be re-activated. I felt like I was getting interrogated as to why I was re-activating the software even though I had valid and legal copies. The other interesting part, every person I spoke to was from India, the the only person not from India was Canadian. It appears as if Microsoft has almost completely off-shored major portions of their company to India. The way I fixed the computer was to completely reinstall everything on the computer. I have not seen a Micrsoft release that has had more problems and instability than this release of Windows XP and Office 2003.
Yes, I called the US activation number that pops up on the screen. I live in the United States. I only talked to and was transferred to people from India. The same went for support also, but the higher levels of support in India transferred me to someone in Canada after a few people could not help me then transferred me back to India.
...but I took it away because I kept getting marked down for no reason. It read: "Slashdot is the Ain't-It-Cool-News of the tech sector."
Anyone who has been to AICN knows exactly what I'm talking about.
if there were three changes....
1) That the reg tool existed as early in NT as when the registry was first introduced.
2) That the reg tool would allow you to dump and restore hives and keys to flat/text files
3) That the registry would be broken up into many hives that applications could load and unload dynamically and keep independantly.
In this fashion, for example, all the settings for a particular app for a particular user might end up as %USERDIR%/Application Data/foobar/foobar.dat and would be dynamically added under HKCU or whereever until it the relevant app was closed (and the hive removed).
You could always go back and manually mount that hive and make changes...
In this fashion, complete rebuilds would become unnecessary because you could spread out your critical config, and backup/restore parts independantly, prevent corruption or slow access from large hives, etc.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
People take these things all too seriously. I have a friend who makes his living as a Linux kernel developer, and he has deliberately used the word "Lelux" in his emails when referring to Linux -- "lelu" is Finnish and means "a toy".
Though you're right in that sense that it is not a good thing when company marketing departments start to use this sort of FUD-style terminology, like that Linux is "anti-american" or Microsoft is "evil empire", or the like. They should generally focus in telling why their product is better and not just throw dirt on their competitors.
“Wait for Hurd if you want something real” –Linus
Linux HALTs the CPU when it's not actively doing anything, and has done so for a lot longer than any MS-Windows derivative. I had one guy complain that his dual-boot machine wasn't working in MS-Windows but went fine in Linux (well, hey... but read on), and it turned out to be a failed CPU fan. Linux spent so much time idle (and so HALTed) that the CPU temp was reasonable even without a fan, MS-Windows constantly hammered it so it overheated and went catatonic. And who hasn't woken up at 4AM to hear the MS-Windows Disk Squirrels scampering around on their drive for no reason that you've ever been able to discover?
Win2k and XP do HALT the CPU as well, but by their very nature they don't do it as consistently.
Got time? Spend some of it coding or testing