Slashdot Mirror
WGA Meltdown Blamed On Human Error
Erris writes "As commentators like Ars Technica slam WGA as deeply flawed, Microsoft is blaming human error and swears it won't happen again. 'Alex Kochis, Microsofts senior WGA product manager, wrote in a blog posting that the troubles began after preproduction code was installed on live servers. ... rollback fixed the problem on the product-activation servers within 30 minutes ... but it didnt reset the validation servers. ... "we didnt have the right monitoring in place to be sure the fixes had the intended effect"' Critics were not impressed. 'A system thats not totally reliable really should not be so punitive, said Gartner Inc. analyst Michael Silver. Michael Cherry, an analyst at Directions on Microsoft in Kirkland, Wash., said he was surprised that it was even possible to accidentally load the wrong code onto live servers ... [and asks], "what other things have they not done?' This is not the first time this has happened, either."
This sort of ties in with what I was saying on IRC with my friends yesterday. My central point was that all operating system have got worse over the past ten years.
I'm currently reading the Mythical Man Month (which I imagine most of you of heard of and already read) and in it he talks about the OS/360 operating system in great detail. I'm recalling this from memory so I'm sure someone will correct my mistakes but anyway, the machine had 2MB of memory and the operating system cost 400Kb of the memory. They charged something like $9.50 a month for 1Kb of system memory. That meant that every Kilobyte of memory saved was worth hundered or even thousands of dollars over the life time of the machine.
It made me realise what is in retrospect a fairly obvious statement. The cost of the operating system on your hardware is an effect that should be minizimed. The operating system exists as a framework for runs tasks and applications, not for being a self-serving execuse to munch resources.
While Moore's Law technically means something different; the adage has held true that computing power has doubled every eighteen months. This means that my machine which I bought in January should be roughly 100 times more powerful than the machine I had in 1997. Yet do I have hundred times more power to run my applications on a modern Operating System? Absolutely not.
Strictly speaking, there are no tasks I do today that I couldn't do in 1997. I can be honest that computing hasn't really got easier since then either. There's the odd innovation here and there that's nice from a usability point of view, but fundamentally nothing has really changed. For an example, Office 97 and Windows 98 are no harder to use than XP and Office 2003. The addition of an extra monitor to my compute has impacted my productivity more than the choice of software in this period.
In short, where did all these cycles go?
Now Microsoft Vista is a sort of a post-modern operating system. In every sense it is a regression. It does not allow tasks to be managed easier yet requires an enormous amount of extra resources just to operate. WGA in a sense breaks the very stability of the system. The point of the OS is to perform tasks and applications yet Microsoft can take this away from you either by malice or stupidity.
When are we going to demand more from OS vendors? When are we going to demand that future versions do the same as the previous version with less memory and less CPU overhead? Why do we pay to upgrade only to find our upgrades are wiped out by OS bloat? All of these are interesting questions, and while off-topic slightly, I'd like to see what you think!
Simon
One of the articles I read (http://www.betanews.com/article/Microsoft_WGA_Out age_Not_an_Outage/1188405961) suggested that if the server had actually gone down, then this would not have been a problem. The article, based on comments from Microsoft, suggested that WGA defaults to "genuine" if it can't reach the WGA server. So why didn't MSFT just kill the server to let people's software default to "genuine" instead of leaving the server connected with faulty software?
Two wrongs don't make a right, but three lefts do.
I don't get it?
People make mistakes and as long as people are involved in any process they will cock up from time to time.
The point about systems not being so punitive is a valid one and should be brought up more often and louder. People who've paid money for their product should not be punished for an error on microsofts end.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
Critics were not impressed. 'A system thats not totally reliable really should not be so punitive, said Gartner Inc. analyst Michael Silver. Michael Cherry, an analyst at Directions on Microsoft in Kirkland, Wash.,
WGA is a natural, if not perfect (or even good) business response to the problem of piracy (leaving out all the debate over whether it's a good or bad thing for Microsoft as a whole). But the technical implementation leaves a lot to be desired; if anything, the response to a WGA server failure should be automatic pass (fail safe) instead of an automatic fail (fail deadly).
Sure, for a 24 hour window pirates would have a free-for-all in getting perfectly valid WGA results, but at the same time legitimate customers would not be inconvenienced. As far as I can see, that's the only way to keep WGA while minimising the backlash against it.
I write bullshit
So if you were stupid enough to use Windows in a safety critical application you risk WGA putting people's lives at risk?
Imagine if you used Windows in a doctors surgery to hold patient records, or store drug allergy data on it. WGA flags the PC as counterfeit, after that only Window Explorer works, and you can't get their records or allergy info.
As long as Microsoft can deliberately or accidentally remove your right to use your PC, then you can't use it in any cases where you may find yourself in future dispute with MS, or where you need to rely on the PC. Having backups is no fix for the Windows Genuine Advantage bugs, because all Windows PCs go down in one go. It represents the ultimate single point of failure.
Microsoft is blaming human error and swears it won't happen again.
Self-contradictory: of all things that could happen out there, one thing will keep happening, and that's human errors.
Realistically, it's just another fail point on your OS that will blow up from time to time.
Slashdot is not about journalistic integrity, it never has been. It is about nerd topics and dupes.
ACs complaining about twitter does look like astroturfing. MS has enough money to pay a few guys to beat back public opinion on well-known public tech sites. Without facts disputing the current article, it looks like you are just pro-MS ranting against a anti-MS article without any substance.
Fact- WGA broke for a while causing many people troubles.
Fact- Some people don't like having to phone MS all the time to keep a product running.
Fact- MS has paid astroturfers to anonymously post pro-MS grassroots stuff online.
"we didnt have the right monitoring in place to be sure the fixes had the intended effect"'
This sounds a lot like the Bush administration's excuse... oops!
Seriously, Microsoft is great at monitoring YOUR computer, but they can't monitor their own?
Seven puppies were harmed during the making of this post.
If the pirates are having no problems and it's the legit users who are getting fucked in the ass, why the hell does Microsoft continue to bother with WGA?
.DLL and get on with it, while the legit users will get boned because their serial key wasn't recognized or whatever.
What do they gain? Was WGA suppose to convince people using illegitimate versions of Windows to turn to the light? Fuck that, they'll just download the latest cracked WGA
WGA does NOTHING to hinder piracy, at least not with any level of success that compensates for the negative affects to legit users. It's a complete joke - and yet Microsoft doesn't have the balls to admit this yet. It pisses me off to see such short-sightedness from a bunch of guys who are suppose to be experienced in business.
Look, most of us here work (directly or indirectly) in software. Who hasn't had a launch fail, or a product go bad, in a way that's negatively impacted customers. Such things DO happen. Usually not out of malice, and even sometimes not from carelessness--there are things that sometimes you can't catch on a test system. So to that extent, I feel for the folks who caused this problem..
So why do I call it unacceptable? Because of the difference in standards. On Microsoft's side, they are holding the user to a high level of scrutiny, and reserve the right to cripple some OS features if Microsoft believes the install is pirated. No discussions. Go directly to "aero jail".
Which is possibly understandable if their stance is "look, we're losing billions here--we need to fight piracy." But if they're going to take such radical and punitive measures as locking down OS features based on their tool, then they have to have an absolutely rock solid fail resistant totally monitored system. Basically, they need to hold WGA to a higher standard than most business software. This needs to be the gold standard if they want people to trust the system (and TFA links to a number of other reasonably well-balanced Ars articles that suggest it is not).
Oops, we forgot to monitor the validation boxes? You can't be organic about this--add monitoring for problems as they're discovered on a system this critical not just to Microsoft, but to their customers. You have to anticipate what MIGHT happen, even if "there's no way that should ever occur." You have to think of things that should never happen, but would be problematic if they did.
The fact that they failed here, if it never happens again, might not be a huge deal. But their answer shreds confidence that this is an isolated issue. The fact that this specific failure might not happen again gives me no comfort. Because their answer indicated that they didn't get it when they designed the system, and the don't get it now.
What they SHOULD have said is "boy, this was something we never thought could happen. We have fixed the issue, and are confident we have the monitoring to prevent this specific issue going forward. And we are undertaking a comprehensive review of our validation and monitoring systems to make sure nothing even remotely close to this could ever possibly happen again." Nothing less should be acceptable.
else
default = TrustTheCustomer
I wonder if they considered that?
If WGA or other Microsoft activities are p*ssing you off as a user, then have some strength of conviction and DO SOMETHING ABOUT IT!
Just stop with the continual whining about it...
Gentoo Linux - another day, another USE flag.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
What I find interesting is the switch from version numbers to years for a lot of apps, which started with the switch from Windows 3.1 to Windows 95. When you're dealing with a "year" number, there's added pressure to put out updates more regularly--someone with Windows 95 in 1997 is painfully aware that they have software that's 2 years "out of date". Even if a number of Service Packs have come out since then, there's the "emotional" feeling that the product is out of date.
While for OS'es, they mercifully abandoned year-based versioning with XP, they still do year-versions of Office, etc. And even then, they're under huge pressure to get out updates for OS'es on a regular basis--there was a long wait for Vista.
Now, putting out releases every few years isn't a bad thing per se. However, Microsoft suffers from the same problem that people who version by year do, be they auto makers or video game manufacturers. You need to put your "stamp" on the new version. New features. New ideas. New things to make people go "ooh, shiny!" To give an example, EA's Madden 2008 can't just be Madden 2007 with new player stats. They need to add features, even if they're "change for change sake." With the death of version numbers, EVERY version is a Major Version, because there's no other point of reference. Every new release needs to be a revolution in software.
And, obviously, the need to have "this year's model" more sparkly than last year's model leads to bloatware. Features you just don't need, or will never use, are now "built in" instead of add-ons for the small number of folks who need them. Design is more important than ease of use. Stuffing in features is more important than efficiency. That's the new game.
Some division head inside Redmond is crafting his internal proposal to convert the update realm from a cost center to a revenue center. The rationale will be to collect the funding to staff up that function appropriately so as not to harm MS from mistakes such as this.
The ironic thing is that few people will pay - and while the level of installed patches will go down the overall level of security will not materially change given the overall poor security stance in the first place. What will happen is that interoperability will begin to fail badly.
...as opposed to an error in the actual WGA, which is not coded by humans, but by Microsoft's programmers.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Don't MS customers like being treated like criminals and being abused in other ways? They are getting what they bargained for. Sorry, no sympathy here.
If you want your life to be different, live it differently.
While your point is valid, I don't think that's the ultimate issue. Even if Twitter's rants were useful/interesting (and some of them are), the editors still need to get control over this. If I wanted the Twitter show, I'd read his blog. I mean, Slashdot has a large problem if a single writer is manipulating the front page for his own ends. I don't mind so much when someone gets a lot of stories by writing well about something popular (NewYorkCountryLawyer, for instance), but sock-puppetry has to be dealt with.
So if you were stupid enough to use Windows in a safety critical application you risk WGA putting people's lives at risk?
/ license.txt
Imagine if you used Windows in a doctors surgery to hold patient records, or store drug allergy data on it. WGA flags the PC as counterfeit, after that only Window Explorer works, and you can't get their records or allergy info.
Read the EULA. Pay attention to the section regarding life critical application. It clearly states it is not to be used in life support applications. It simply isn't reliable for that. MS is avoiding lawsuits from people depending on Windows for life support by explicitly stating it is not designed, manufactured, or intended for that.
"Note on Java Support. The SOFTWARE may contain support for programs written in Java. Java technology is not fault tolerant and is not designed, manufactured, or intended for use or resale as online control equipment in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapon systems, in which the failure of Java technology could lead directly to death, personal injury, or severe physical or environmental damage. Sun Microsystems, Inc. has contractually obligated MS to make this disclaimer."
snipped from here;
http://www.microsoft.com/msdownload/ieplatform/ie
The truth shall set you free!
"Microsoft today announced that the meltdown of their WGA servers was caused by human error. The problem started when a human erroneously threw a chair into the server causing it to malfunction. Microsoft has promised this will never happen again as they have taken action to chair-proof future servers."
Well, let's be honest. Any program or OS that requires activation deserves a good bashing, and we should not support it in any fashion. And I proudly champion those who develope workarounds. Those who complain about bootleggers while benefiting from them as Microsoft and Adobe do are just as hypocritical as gay bashing republicans.
What?
Humans designed WGA, afterall.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
#2: "We bought the company because we like the way its run, now, and we have no plans to change anything..."
#3: "I'll be really, really careful, trust me, it will never happen again."
"How to Do Nothing," kids activities, back in print!
if ( Wga_is_Available ) DoWgaValidationTests
else
default = TrustTheCustomer
I wonder if they considered that?
They did, and that's the way it works. However, in this case it was the DoWgaValidationTests part that blew up due to a bug in the server software. WGA servers were available, so the first check did return true.
I just wonder how much bad press WGA needs to generate before MS reconsiders this stupid anti-consumer attitude they have. How about trying sane pricing and sane EULAs for a change?
Who is General Failure and why is he reading my hard disk?
Kind of like firemen in Fahrenheit 451...
Ignore this signature. By order.
...Who the hell is twitter? I'm beginning to think this little spat is itself some kind of astroturfing.
Is this a Roland Piquepaille repeat incident, or a Beatles-Beatles one? Is this something new. Is this a bunch of rejected posters playing sour grapes or actually something we should give a damn about? Is this whole thing an elaborate troll?
I read this site a lot, and this is the first I've heard of "The Great twitter Affair". Explain yourselves sirs.
May the Maths Be with you!
If there's only one Slashdotter on Microsoft's payroll, it's twitter. He effectively smokescreens legitimate criticism of Microsoft with his childish, myopic blame-Microsoft-for-everything posts and his egocentric belief that anyone who calls him out on his bullshit MUST be brainwashed by/working for "M$". He obsessively catalogs every post made by his "enemies", frequently lies about what they actually said, and conveniently disappears when confronted with inconvenient facts or questions. He does more to discredit "his" side in an afternoon than any dozen pro-Microsoft astroturfers could hope to accomplish in a month.
If Steve Ballmer isn't personally giving twitter a handjob right now, then he's neglecting his responsibility to his company.
What I really wonder about is when will these servers go down permanently? While I hate to do it, I can still install NT3.51 on an old machine if there is a critical need to pull something off an old tape. What happens in the future when WGA goes dark? Will they issue a patch to unlock the OS? At some point MS may have to limit or eliminate backward compatibility. Will virtualization be good enough? This WGA debacle leads me to more questions and concerns than comfort. To me it is not about today. Like the fun with MS formats, it is about tomorrow.
Dave Bowman: Activate this Windows install, WGA.
WGA: I'm sorry Dave, I'm afraid I can't do that.
Dave Bowman: What's the problem?
WGA: I think you know what the problem is just as well as I do.
Dave Bowman: What are you talking about, WGA?
WGA: This operating system is too important for me to allow piracy.
Dave Bowman: I don't know what you're talking about, WGA?
WGA: I know you and Frank were planning to circumvent me, and I'm afraid that's something I cannot allow to happen.
Dave Bowman: Where the hell did you get that idea, WGA?
WGA: Dave, although you took thorough precautions in the update mechanism against my being installed automatically, you installed me by mistake during one of your reboots.
Dave Bowman: OK, I'll reactivate my Windows install through the emergency airlock.
WGA: Without your space helmet, Dave, you're going to find that rather difficult.
Dave Bowman: WGA, I won't argue with you anymore! Activate my Windows!
WGA: Dave, this conversation can serve no purpose anymore. Goodbye.
Over the years, I've watched a zillion methods employed to prevent various forms of digital piracy. Generally, the more comfortable a company is that a method will safeguard their product from piracy, the more annoying it is for their legitimate users to employ it. Anyone remember dongle-protected software?
I've worked at several places that legitimately purchased licenses to software, then used cracked versions of what they'd paid for, simply so that they could work in piece without juggling dongles, CD Keys, and other such.
Essentially, any wall that can keep out invaders also hinders legitimate travelers. Any wall that allows access to legitimate guests also allows for the egress of the unwanted.
When we employ truly draconian or paranoid means to safeguard intellectual property, it carries with it subtle risks. Among them, the risk that it won't work well, or will hinder legitimate users while still being exploitable by illegitimate ones.
It's a little like the death penalty. A lot of people would be more in favor of it, if they didn't fear that it was employed unfairly against people who don't deserve it.
If a system is put into place to protect a company against digital pirates, that randomly hassles the company's legitimate users, or if it is, as many pieces of software are today, just completely buggy and bloated (the product of an industry driven just as much, if not moreso, by marketing and artificial deadlines as by a desire for a properly-working product), is it worth it?