Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS06-049 Causing Silent Data Corruption

Posted by ryuzaki0 on from the oh-who-wants-encryption-anyway dept.

Uncle Mike writes "It looks like there is a problem with the recently released MS06-049 / KB920958 patch. If you have compression activated on any folder, then the compressed data is at risk from corruption. New files that are close to a multiple of 4K in size will have their last 4,000 bytes or so overwritten with 0xDF. Although this problem has been reported to Microsoft, as yet there appears to have been no official announcement. "

19 of 205 comments (clear)

  1. interesting by Intangion · · Score: 5, Insightful

    its interesting how when they make a patch that corrupts your data you dont hear anything from them.. but when someone makes a program to allow fair use by opening DRM on their movies they come up with a CRITICAL patch within ours to prevent it. i think that speaks to their priorities, protecting their drm IMPORTANT protecting your data hmm.. not so important

    1. Re:interesting by erroneus · · Score: 2, Insightful

      Have you read the EULA? Well, neither have I actually, but you don't have to be a partiualrly educated guesser to know that there is a provision in the EULA regarding the loss or corruption of data. You agree to endemnify Microsoft against any such loss. Further, they make no guarantee of suitability of the OS for any particular purpose and make no claim that the product is reliable in any way.

      You know, if I were to create a series of advertisements, I would make it similar to the "Truth" campaign against smoking and cite the Microsoft EULAs to indicate what it is the public is buying. Comparing that to what would be acceptable in other products would quickly make Microsoft seem rather ridiculous. No one reads the EULA and in many instances has been ruled legally non-binding. People pay more attention to speed limit signs than to EULAs.

  2. How does something like this happen by guruevi · · Score: 1, Insightful

    What type of programmer puts such possibilities or leaks in a program? I have been programming for a long time and I never had stuff like this happening. Data integrity is one of the primary things you want to maintain and you should be extra careful when handling and altering files not your own.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:How does something like this happen by avalys · · Score: 5, Insightful

      If you really have been programming for a long time, you must only be writing very simple programs if you've never had something like this happen, and you think that being "extra careful" is all you need to do to avoid it. What type of programmer does this? Every type of programmer - it's unavoidable.

      The programmer is not to blame here. The real question you should be asking is "What type of QA department fails to catch a bug like this?"

      --
      This space intentionally left blank.
    2. Re:How does something like this happen by theshowmecanuck · · Score: 2, Insightful

      I agree and disagree with you. As long as the programmer properly unit tested his/her work, then you can shift blame to QA. I have seen developers not properly unit test their code too many times, relying on the QA department to do their work for them. But yes, unless it happens in very rare circumstances (is this the case?) someone should have caught this in testing somewhere... but not necessarily just QA.

      IANAQAT (I am not a QA tester).

      --
      -- I ignore anonymous replies to my comments and postings.
    3. Re:How does something like this happen by theshowmecanuck · · Score: 3, Insightful

      Made me think of Grannies Perls of Wisdom I read on Java Ranch (I first found it about 6 or 7 years ago...): "Testing can show the presence of bugs, but not their absence."

      --
      -- I ignore anonymous replies to my comments and postings.
    4. Re:How does something like this happen by Rashkae · · Score: 3, Insightful

      Maybe you should ask Linus... I seem to remember a released stable kernel that neglected to sync file systems before shutting down.....

      I love Linux, hate Windows, but point it, sh!t happens.

    5. Re:How does something like this happen by kalirion · · Score: 2, Insightful

      Some software bugs manifest in rare cases, and can only be found by code inspection or luck. Unless you work with languages that allow 100% guaranteed mathematical proofs of correctness.

    6. Re:How does something like this happen by IllForgetMyNickSoonA · · Score: 2, Insightful

      Why?

      File system is handled by a kernel. File system compresses files before writing them to the disk, respectively decompresses them during read operations. Therefore, the compression is handled in kernel. Where would you handle it?

      Data compression is not like black magic. As the matter of fact, the most data compression algorithms out there are mind boggingly simple and very well understood.

      Of course you could move the file system into the user space, but that would introduce some bad performance penalty.

  3. When you have a monopoly by Colin+Smith · · Score: 4, Insightful

    What're your customers going to do?

    --
    Deleted
    1. Re:When you have a monopoly by Tackhead · · Score: 5, Insightful
      > When you have a monopoly
      >
      > What're your customers going to do?

      The guy at the keyboard of a Windows Vista box, using Microsoft Office at work, and Windows Media Player at home is not the customer, he is the product. The customers are Dell, AOL, media licensing conglomerates, and so on.

    2. Re:When you have a monopoly by theCoder · · Score: 3, Insightful

      That may be accurate for televion broadcasts, but it isn't so for Microsoft. Customers are people who pay for services. AOL and the media companies aren't paying MS anything, other than licensing fees for the services they use from Microsoft (i.e., their Windows PCs). Microsoft is paid by the guy at the keyboard of the Windows box (or his employer).

      Microsoft may be able to leverage all those customers into a product for another customer (such as advertising or licensing DRM solutions), just like the movie theater leverages their movie watching customers into a product for advertising. Until Windows is free (as in beer), the guy using Windows is a still a customer.

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  4. Or if you put down the tinfoil hat by jbellis · · Score: 2, Insightful

    maybe one patch was just easier to write.

    --
    Carnage Blender : Meet interesting people. Kill them.

    1. Re:Or if you put down the tinfoil hat by Alien+Being · · Score: 2, Insightful

      Even if this is a tricky problem to fix, MS could at least warn their customers about the problem.

      After 25 years of dirty tricks from Redmond, you have the gall to call their critics paranoid?

  5. Possibly some weird M$-esque operator by gatkinso · · Score: 2, Insightful

    ...similar to their (in)famous debug version of the new operator (IIRC generates guard bytes set to 0xCDCDCDCD).

    While they are doubtlessly not releasing images with debug info, they might be using an overriden new operator that does something similar (for a variety of reasons).

    It is hard to say, but this type of error - while *not* acceptable, *is* understandable,

    --
    I am very small, utmostly microscopic.
  6. Re:If the RIAA et al subpoena you by godefroi · · Score: 3, Insightful

    Hopefully that's a joke. Pretty much nobody would put music on a compressed drive, as nearly ALL of the music formats in common use today are compressed. Rather heavily. Those music formats that aren't don't compress very well anyway.

    Additionally, the thought that MS would release a patch that intentionally corrupts data is unthinkable, for ANY corporation. The civil (and possibly criminal, who knows) liabilities would be ENORMOUS.

    --
    Karma: Poor (Mostly affected by lame karma-joke sigs)
  7. Re:RAID by isolationism · · Score: 2, Insightful

    I can't believe there were > 0 people who replied to Karma Farmer's comment thinking it was anything but an attempt at humour/troll, much less that any such poster would get their manties in a knot over it either.

  8. Re:Compressed files, are you kidding me?! by Anonymous Coward · · Score: 1, Insightful

    Actually with sufficient processing power, it can be a performance win, since you're reading less from the disk.

  9. Re:Why even bother with compression anymore? by Lagged2Death · · Score: 2, Insightful

    You don't just make /var/log a compressed filesystem...

    I'm no MS fanboy, but... suppose the OS in question had some sort of directory-compression scheme that had a seven-year track record of impressive stability and effectiveness? Why not use it?

    Disk compression earned a terrible rep back in the 90s, when DOS/Windows and Windows 95 themselves were so unstable there was no chance that it could work properly. But MS finally got it right when they swiped tech from Stacker and included directory compression in NTFS. I've never heard of anyone having a problem with it until now.

    Back when I up my home Windows 2000 box, disk space was less cheap and I was more poor, so I've got some compressed folders to un-compress. Curse you, Microsoft! Stop screwing up the few things you've done well!