Slashdot Mirror
The Story of a Microsoft Patch
buckethead writes "eWeek is running a story about a security patch from Microsoft that failed to adequately address a denial-of-service flaw on CSRSS (Client/Server Runtime Server Subsystem), the user-mode part of the Win32 subsystem. It stems from a research paper from Argeniss that discusses how Microsoft only patched one path to the vulnerable function, but they forgot to do proper research to identify all the paths." From the article: "The problem was that Microsoft didn't patch the vulnerable function; they just added some validation code before the call to the vulnerable function, but what Microsoft missed was that the vulnerable function can be reached from different paths and the validation code was added on just one of them"
A Microsoft Microsoft patch? That's the worst kind!
Stuttering in the summaries? "It stems from a research paper from Argeniss that discusses how Microsoft Microsoft only patched one path to the vulnerable function, but they forgot to do proper research to identify all the paths." From the article: "The problem was that Microsoft didn't patch the vulnerable function; ...... but what Microsoft missed was that the vulnerable function can be reached from different paths and the validation code was added on just one of them"
Freedom is fragile and must be protected. To sacrifice it, even as a temporary measure, is to betray it.
From TFA:
It's being called the "story of a dumb patch."
Soon to be a 200-part epic, starring John Goodman as Steve Balmer.
Coming to a Windows Vista box near you!
At least they tried! And mommy says thats what counts.
The Story of a Microsoft Patch
A Tragedy in Three Acts
But when it's found "Hey, calling this function with these arguments causes a crash", why *isn't* fixing the function the first thing that comes to mind?
[...] just like pizza: do you use to pay for pizza after or before you ate it?
Usually the delivery boy won't let go of the damn box until I hand him the money.
"Live free or don't."
It's a glitch in the Matrix. It usually means they've changed something...
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Is a microsoft patch anything like one of those Nicotine patches that help you stop smoking? If so I wonder if my health care will cover it. I'd like to slap one of those on asses of my co-workers and help get them off their addiction to microsoft.
I guess one might consider Linux to be sort of a methadone. Something that hels you with your cravings for the bad stuff, but ultimately leaves you without that satsifying high.
Personally I useto OSX, but I'm not addicted. I could stop anytime I want to. I just don't want to that's all. Now excuse me while I watch the Genie effect a few times before I send this.
Some drink at the fountain of knowledge. Others just gargle.
And I guess that SUN users are sort of like grumpy reformed addicts who get religion, act smug, and scowl at everyone who indulges in sugar coated operating systems.
Then there's thoughs Atari and Xbox weirdos who are like 14 year olds who huff gasoline and destroy so many brain cells they never move on, trapped the vegitative of their pathetic twitching existence.
The best way is to take your time estimate (1 week), strip the units from it (1), double it (2), and finally add the unit back in, using one larger a unit (2 months).
;-)
Some more examples:
3 hours -> 3 -> 6 -> 6 days
10 weeks -> 10 -> 20 -> 20 months
"Your effort to remain what you are is what limits you."