Slashdot Mirror
What's Really Broken with Windows Update - Trust
Be Cool writes "According to ZDNet, Microsoft has steered itself into a real trust tarpit with Windows Update: 'See, here's the problem. To feel comfortable with having an open channel that allows your OS to be updated at the whim of a third party (even/especially* Microsoft ... * delete as applicable) requires that the user trusts the third party not to screw around with the system in question. This means no fiddling on the sly, being clear about what the updates do and trying not to release updates that hose systems. While any and all updates have the potential to hose a system, there's no excuse for hiding the true nature of updates and absolutely no excuse for pushing sneaky updates down the tubes. Over the months vigilant Windows users have caught Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.'"
This may have been a bad move, but Microsoft knows that in actuality there's nothing the users (corporate and private alike) are really going to do about this. They may complain a bit; write some unpleasant articles in some online sites/blogs, but at the end of the day you're still going to be using their stuff. Effectively saying "just suck it down and shut up". And in reality, this is what 99.999999% of Windows users are going to do.
If you have an effective monopoly, trust really doesn't matter.
-USR1
In order to break trust, you must first have trust.
Anyone who trusts Microsoft after the past two decades of dirty behavior is a fool.
"I've got more toys than Teruhisa Kitahara."
I don't think 95% of Windows users care if Microsoft is untrustworthy or not as long as they feel it keeps their computer from getting hacked.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Even without TPM, even without CPU serial numbers, if the update software has to change my computer without telling me, it is operating out of bounds. I can't trust it in enterprise; I can't trust it at home; I can't trust it as an install or development environment.
kris_lang
as long as you've got powerpoint and can read the Word documents you're sent in the mail?
* Fast
* Cheap
* Good
So when is MS going to offer any of these?
How about full disclosure about what's changing on YOUR PC? There's no reason why MS can't provide that in a timely, good, cheap manner. The real problem is that MS is a monopoly, and they can do whatever they want, and there's no other product that users can easily switch to.
That's good, because I paid a hell of a lot of money for my copies of Office & Windows. They are not "cheap" by any regard, so that is eliminated from your (very accurate) list. We should be approaching "fast and good" at any release now...
manually, you can select what updates you want to apply and which you don't. As for hosing a system, MS has no monopoly on that. I updated my ATI drivers on Friday and I lost my 3D capability until I rolled my drivers back. Had similar things happen with Adobe stuff until I switched to Foxit. Frankly none of the software companies impress me with their auto updates. I trust none of them.
You can have it: * Fast * Cheap * Good. But, you can only choose 2 of the above.
But you get it: Slow (with more than one semantics), Expensive and Ill-Designed all at the same time.
CC.
TaijiQuan (Huang, 5 loosenings)
I don't see the update mechanisms for the major Linux distros having the same kind of problems and their users are much more vocal and much less forgiving than Windows users.
The fact is Microsoft has been caught a few times implementing stealth fixes or trying to force major updates (eg. IE7).
Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
I was working as as PC tech for a university at one point, and it was policy to install all critical Windows updates on the university-owned computers. On one computer, I accidentally checked the hardware updates as well as the critical updates. For some reason, Windows update decided that the video card (an Nvidia TNT2-based card) needed to be updated with the old, Microsoft-provided, French-language video drivers. This computer was using English Windows XP, and there were no language packs installed or anything. Anyway, Windows blue-screened when coming back up. I had to start it in safe-mode and remove the drivers to get it to work again. I remember thinking that if a "normal" user had installed that update, they would have been screwed into having to pay $100 for a "professional" to fix Windows. After that, I started paying attention to the hardware updates. And I noticed that on approximately 5/100 of their computers, Microsoft listed the French-language Nvidia driver as an appropriate hardware update.
I'm not suprised. When looking at what is being downloaded (either automatically or manually) you have little idea of what you're actually downloading. All you get is a strange ID number for the update and an extremely generalized discription of what is being fixed (or unfixed). As the updates pile up, the process takes longer and longer. When there is an update it insists on interrupting whatever you are in the middle of. When it downloads it sucks up CPU time. And when it's finished it will not leave you alone until you restart the computer.
"Ice? You want ice? There's never been any ice! Ice is just a myth!"
I totally agree with the tag that reads "editorsdontgetit". The problem with having this stealth update capability in the first place is that it's a clear and obvious vector for attack and p0wn4g3.
If somebody figures out how to hack these stealth updates (and now that people know the capability exists they will definitely try), then we can all look forward to the time when a rootkit or other exploit is pushed down to machines and installed with the blessing of the OS and the complete ignorance of the person whose machine just got screwed. And it'll look like a legitimate update as far as all parties are concerned after the fact.
The author claims that it's a "Bad Thing(tm)" when people eventually decide to pull the plug on Windows Update, and I agree given all the legitimate patches that have been made available this way. But on the other hand, what choice do we have? Do we leave a door open that has been proven to be used in an untrustworthy fashion by the very people that are telling us to trust them and that they're making our machines better/safer/++?
Will somebody please start writing games for Linux so I can be free of this nonsense?
C
The Sun is proof that we can't even do fire properly.
That has nothing to do with it... the problem with Windows Update recently is not that they aren't pushing out updates in a timely matter or that they are pushing out buggy updates too quickly, it's that they are being sneaky about updates. There's no reason that they couldn't be up front in disclosing everything about what components of your system will be changed with any given update. It's when they say an update fixes a specific problem, and then also install windows genuine advantage behind the scenes that we have a problem.
Blindly trusting a third party, especially one with a track record like Microsoft, with updating your production systems may be an unwise move.
How long it will take to someone to figure how to make they own updates using the door open by Microsoft in they OS ?
If I was a hacker, I have begun to work on this door as soon has the "feature" has been released.
Imagine, using Microsoft Update to update your virii or you Troy, that a nice "feature".
Ceci n'est pas une Signature !
Yes but Linux also had a bunch of hobbiest around the world looking at the code not getting paid to fix the problem. Microsoft has to pay its employees to fix the code. So if Microsoft has 1000 employees and say 150 or so are working on patches. Half of those are for the OS and the other half are for office. You have 75 people working on OS patches. Linux on the other hand you have a few thousand looking at the code working on a fix.
I smoked pot once. But I DID NOT inhale. Will you hire me?
Linux sites have a far wider array of configuration differences than Windows systems do: Not the least of which being multiple cpus and generations of systems, Windows in the enterprise is kept solely single-use because Windows admins know maintainability is hard, but Linux in the enterprise tends to have a larger number of functions because the Linux admins know maintainability is a solved problem.
The reason both is true is a social effect of getting software from "third parties"- that is, a cloud of developers that do not communicate with eachother. Whenever one of them does something "tricky" or "wrong", generally speaking nobody else in the cloud knows that they are doing it (When they do, it's called a "known incompatibility").
Linux distributions don't have "third parties"- most Linux admins get all of their software from the distribution itself. That means there's no cloud where "that's a problem with your other vendor", or "that's a problem with running Microsoft Exchange on the same server as IIS", and so on. The buck stops immediately, it gets resolved and everyone benefits.
Historically, other unix suppliers have had the same problem, and a lot of people just assumed it was (practically) unsolvable until groups like Debian and Red Hat- looking to solve a particular technical problem (of managing the necessary modularity of a GNUish system) also built up the social framework necessary to solve this very social problem.
Microsoft simply cannot do this. It's not a matter of "just making better patches", they need to be the sole supplier of software in order to solve this problem, and their users need to be able to patch and redistribute that software. Not just legally, but actually encouraged to do so.
The other side is that a lot of people don't see it that way. I still trust Microsoft to not mess up my machine, even if they're pushing stealth updates to their software. I'm usually anti-stealth anything, I hate software DRM for that reason (don't go patching my CD rom driver to play your game) but in this case it's a good idea to have Microsoft able to stealth update the windows updater, it's one piece of software on your machine that doesn't really interact with the others all that much.
:P.
I know a lot of people are going to clammering slippery slope here, claiming that MS will use this to destroy everyone's life, but I just don't see it that way. Yes the computer's mine, and yes I should know everything that's installed on it, but if MS really wants to stealth patch their updater then yay for them, all that means is I won't have to go through the whole 'Windows Updater must update itself to receive Windows Updates from the Windows Update Site' nonsense again. So long as Microsoft stays within that box of only stealth updating the updater, and I have no doubt they will, I trust them.
Doesn't mean I don't still want to get Linux running though
There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
I call bullshit on this alarmist blog. 99% of the world's Windows users don't give a shit about the updates, and will click anything that pops up on their PC. Most of them likely have no clue what "Windows update" is. The 1% that know what their doing have likely never trusted Windows/Microsoft for anything in the first place. To say that "Trust in windows update is eroding" is just a bit fud-dish.
I guess I can see why they made this a 'stealth' update on Windows XP/Server 2003. I had to perform a fresh install of Windows Vista last week, and the first time I fired up Windows Update, it gave me a prompt which ran something along the lines of:
"Windows Update needs to download an update so that it can update to provide you with updates".
I felt so dizzy trying to comprehend that, I just clicked 'OK'.
Yes i have.
"What do you mean you don't use Apache as your webserver?!?!?! Doesn't everybody?!?!?! What else would you POSSIBLY USE?????"
The monopoly is part of it, but the other part of it is the whole notion of software licensing, which convinces companies like Microsoft that not only do they own the software you're running, but the computer it's running on.
The world's burning. Moped Jesus spotted on I50. Details at 11.
It may be obvious to us, but not to the general population. Remember that this is a ZDNet article. People reading ZDNet are in the majority, Windows users who don't know Microsoft's evil tricks as much as we do. I'm glad that columnists write these articles once in a while, to make people realize Microsoft is not the "quality assured" company they pretend to be.
If we want to evangelize about open source/gnu linux, articles from "relatively neutral" parties such as this one are a very good resource.
OS X has nearly every feature found in Vista Ultimate yet only costs $129.
So tell me again how much MSFT has to pay people? Features are easy to do once you implement a straight forward properly designed system.
Yes I know that MSFT makes all of it's own cool toys, but that's only because it's the MSFT way or nothing inside MSFT. If MSFT stopped duplicating everyone else's work poorly maybe they could release a good OS.
i thought once I was found, but it was only a dream.
You forgot about the firstborn
1) Didn't even think about rebooting my box by itself, regardless of configuration
2) Installed updates when I turned my computer on, not off - if I'm turning it off, then any second I'm going to be slinging the machine in my backpack, and jumping on my motorbike. Last I heard, Microsoft didn't possess the magical mystical powers required to ensure a hard drive works perfectly in these conditions.
3) Fucked off when I press the "I don't want to reboot now" button, instead of pestering me every 30 seconds like a bloody 4 year old.
None of these should require registry tweaks or policy hacks - they should all be *defaults*.
Two points...
/.
First, most people don't really trust their computers anyway, because they don't understand them. So the "trust degradation" of giving Microsoft free rein is minimal, maybe even negative, because "At least Microsoft understands my computer, and if anyone can keep it running, they can." Basically it's responsibility transferral for something they don't understand.
Second, there are cases where trust is absolutely required. A few I can think of are medical/HIPPA, military, and media. In a way, the first 2 embody opposite requirements from the 3rd. The first 2 absolutely require data integrity and system control, and the machine owner is central, in control, and responsible. There seems to be quite a difference between medical and military usages, and IMHO it's because medical usage grew out of IT departments, where such things were understood. It appears that military usage grew out of command/control and procurement, where they weren't. As a result, there's no shortage of people waiting to see the fireworks between Microsoft an HIPPA for the former, and the Win-Yorktown and all of our current cyber-security fears for the latter.
As for the 3rd example of trust mentioned above, you can find DRM arguments all over on
The living have better things to do than to continue hating the dead.
...that developers from MS Gold partners are telling you to shut down automatic updates because they can/may/will ruin the $1 mill. .NET based project they are developing for you.
I have heard this from several different MS partners in the past years.
People can easily switch to Linux, right? Right?
Nope.
Hell, I've been coding for 7 years, and although I rely exclusively on my linux boxen for any large scale modeling or EA work, I wouldn't like to go without my windows machine. I like a lot of windows software. Winscp (http://winscp.net) alone is one of the greatest open source applications I have ever encountered, and it's windows only. I'm also a fan of putty, ssh session saving is great, and putty and winscp integrate nicely. I find it extremely easy to inspect progress of experiments on all machines using these two programs together, transferring files between machines is so easy its silly. This alone would encourage me to keep a copy of windows on one machine.
Anyway, in spite of my initial lack of interest in windows versions of my software, the mob has spoken, downloads of my software for windows (though still still tiny) outnumber those for Linux. So I couldn't drop windows if I wanted to
Not perhaps the most impressive list of reasons, but I suspect I'm not alone.
Not to forget there's also games, but everyone say that one.
For certain very small values of easily.
And before anyone starts telling me about how they gave [insert distro of choice] to their 84 yr old gran/4 yr old neice/dog (*delete as appropriate) and they could work it fine within minutes, we are talking about comparitive ease for Mr and Mrs J Public between switching to Linux and staying with Windows. Linux is improving, but I still would not say the switch is an easy one.
The difference isn't the time it takes. The difference is what the time is spent for.
At MS, engineers argue who has to do the fixing.
With Linux, geeks argue whose fix is more elegant and better.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think they were talking about how you do not have to pay for the patch.
I don't have to pay for my Linux patches. Where is that going on? I'd like to see that scam in action.
Microsoft has a company to run.
They offer the least possible features that the market allows for the highest possible price they can fetch. Indeed, Microsoft is a Marketing company that employs a legion of developers. The product, for the most part, is testament to that. No innovation to speak of and more license restrictions in the next product.
Let's unwind the propaganda a bit.
1. The average useful OSS project is not a headless zombie with a bunch of peace-loving anarchists running around it. There's somebody that has FULL control of the project. In fact they all have better organization than all of the big companies I've ever worked for.
I know that Microsoft in particular has quite a bit invested in spreading the headless-zombie-anarchy idea around but it's just not true.
You are paying too much for what Microsoft offers and have been for over a decade. Please take a step back and examine the situation with a little more rationality. You'll be much better off without Microsoft.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Or, to put it differently, there already is very little trust in Windows Update anyway (even though, from a technical perspective, their track record is nothing but spectacular).
Let's go with this a minute. To have a comparison, I will use Synaptic on Ubuntu. Both are consumer oriented. Both allow you to do unattended. Both allow you to get user aproval before patching. (Other then the WGA update, point to Ubuntu)
Ubuntu has had several spectacular failures that have resulted in a system that will not boot to the desktop. Microsoft has had a few good ones that call you a pirate and shut off functionality. The Ubuntu fix was within hours. The Microsoft fix was within days. On paper they are quite close, but in the real world MS is hated. Why this is should be the first priority at MS before more people realize just how viable Ubuntu is for many people.
An article on that subject by someone above the blithering blogger level would be useful. This subject needs coverage in the Wall Street Journal or Business Week. There are some real issues here. If you're a bank, what do bank examiners think of Microsoft having a backdoor into your systems? If you're a health care provider, is there a HIPPA compliance issue? If you're a law firm and some of your clients are adverse to Microsoft, is it a breach of your duty to your clients to let Microsoft control your systems? If you're a defense contractor, is that back door permissible?
Many such companies run background checks on anyone who potentially has access to their data, and audits of what's happening within their own business. Who's auditing Microsoft for security? Who actually has access to the master keys that allow pushing an update? How many people have access to those keys? Are they US citizens? Do they have security clearances? Are they bonded?
Now those are the questions to be asking.
> Funny I always thought OS X was based off of BSD
Except for all the graphics parts, all the objc APIs, all the system resource stuff, all the device drivers...
You probably think Windows is based off of BSD because it includes nslookup, traceroute, and ftp.
I have to use Windows for one single heavy duty application, so I have no choice. But I loaded a new hard drive with Win XP Pro XP2, the updates at that time (2 years ago or so) and the application.
The Dell has never been back on line since then, and has never sufferred a BSOD, nor any update issues, and has stayed up virtually 100% of the time, performing flawlessly.
All work on the web is done on my MacBook Pro, thank you, and it has never suffered any downtime, either. Well it didn't until I filled up its hard drive and needed a larger one.
I am seriously tempted to repeat Win XP SP2 install on a new Dell to take the next version of the application I must run. The last thing I want is crap from the web shutting me down for various crapo reasons.
This is a problem that the western world has. I'm 45 these days and I believe society is changing, while I can't be 100% sure, as I am getting older and changing as well, but apathy and disregard for our rights and freedom is growing at such an alarming rate.
We have rights, we do, but we need to fight for them or people, politicians, and corporations will simply assume we will be lazy fucks and taunt "nah nah nah nah nah" and take them away.
We have the right to own our machine. We have the right to tell companies "I won't open a word document, send it to me in ISO ODF or PDF or text." We have the right to remove Windows from our system. We have the right to sell our OEM Windows licenses.
Without even getting into politics or the growing U.S. police state, corporate america needs a dope slap. We, ALL OF US! have to stand up to corporate shit. We do not stand against it in great numbers, then nothing will ever get done.
Call tech support when shit happens, keep them on the phone for a long time, it costs them money. Send products back, it costs them money. Tell people to avoid products that suck, it costs them money. When the shit that comes from China has lead in it, sue them, it costs them money. The government isn't going to do anything for you, the politicians represent the corporations. It is only when bad corporate policy costs them money, will they change and not one minute sooner.
Start RETURNING computers, WHOLE COMPUTERS, because vista sucks. If Windows is part (as OEM's claim) of the computer, the the WHOLE COMPUTER is defective. That will make the Dells and HPs start to offer new options. Seriously, if 10% of the slash dot readers went out and bought new computers at the big retails stores tomorrow and returned them the next day siting that Vista does not work and is not reliable. It would make a HUGE impact on the industry. No one could ignore it.
But, no, no one will do that because they ARE to fucking lazy.
Surprise, surprise.
As Bruce Schneier points out, the problem is not that Microsoft can install updates on your computer without asking, but as soon as it gets cracked, then soon every script kiddy on the planet will also be able to do so.
Then you're really going to be screwed.
-mike
-- "So, what's the deal with Auntie Gerschwitz et all?"
Wait - I don't understand... you have linux machines, you use linux machines, and you think PuTTY and WinSCP are great tools keeping you from using linux?
I assume you mean that there is a lack of graphical utilities under Linux for SCP/SSH? Konquerer has an scp agent built in (fish://user@host/path/to/dir), Gnome allows you to mount a server via ssh/scp, OSX has Fugu, and if you want a graphical SSH then kssh is pretty much identical to PuTTY (though personally, I like my shells to be simpler).
Now, the other arguments (number of sales/downloads etc) I can't argue. I have to admit in my own development I see far more OSX downloads than Windows, and more Linux than OSX. Of course, what I write is primarily server monitoring apps and dashboard/konfabulator stuff so that would be logical.
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
I don't think you understand the issue here. The issue is that MS users who chose not to get automatic updates got an automatic update anyway. This is a matter of trust. I don't know why you are talking about NDAs. Companies that didn't want automatic updates from MS had an automatic update installed. NDAs are neither here nor there. I also don't understand the relevance of Linux to this. It's not a matter of what was in the update. It's the fact that it was installed automatically despite the fact that users had expressed a preference not to install it automatically.
Reality is defined by the maddest person in the room
Last time I goofed around an OSX commandline, all of the commands did exactly what I expected, the kernel is where the BSD code comes into things. And it would be inane to suggest that if an OS used a Windows kernel that it wasn't based upon Windows. Same goes if a substantial part of the kernel were to come from an OS, the new OS would still be based upon the one providing kernel code.
They graphic bits and the drivers are going to be done by Apple. The graphics are going to have to be done by Apple unless they want everybody to have them, and the drivers are done by Apple because many hardware manufacturers still don't allow for drivers beyond windows and mac.
Ummm - OSX is not based on BSD the way KDE is based on linux. There is still a ton of custom Mach kernel code, browser code, app code, desktop code, etc that was added/updated/done by Apple.
This is like saying that CP/M and IBM did all the hard work for MS. Just because it was there in the past as a starting point, that does not mean that 100% of the foundation of OSX or Vista is from some other code base.
Windows update breaking healthy system? Virtually never, Linux on the other hand...
:( I've hand updates that just break gnomes "task bar" so bad I had to swtich to KDE to continue using that install till I could reinstall the entire thing. Functionality erodes at the rate that after 6-12 months any linux install I've ever had that I put updates too (some I do and some I don;t as required by my job pf maintaining some kernel and X drivers) THe install becomes so hosed it's useless and I have to reinstall from the latest didks for that distro. (Some merely cut off support completely after 12 months)
This happens with EVERY linux distro I have ever installed within 6-12 months of use. The only way to keep a linux install from breakign is to NEVER update after a clean install.
The updates come almost DAILY. Kernel updates come in "stable" kernel lines that break the ABI and cause perfectly installed and functioning hardware to stop working until you hand rebuild and hand re-install the drivers for them.
People complain about Windows version upgrades but Linux routinely breaks itself with point point releases in "stable" lines
I have ZERO trust in ANY update I do with Linux now, Microsoft has 100 times as much information about their updates than any Linux distro (even if it isn't 100% complete) and the non-breakage trust is about 100 times higher for Windows than Linux (pick any distro, I've installed moret of them).
An awful lot of these posts really seem more like freudian slips than anything informational. Unconsciously everyone KNOWS what a shabmbles the Linux update situation is so to try to stave off some kind of guilt about it they find ways of picking no their enemy for the same thing instead.
It's REALLY EMBARASSING GUYS!
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
And, you know, even some geeks like having things that just work. There was a time when I'd build my own computer and spend every waking hour monkeying with the thing to make it perform 0.5% better in a specific task. Maybe I'm just getting too old for that, or maybe my interests have just shifted, but this Macbook I have, which doesn't really require anything of me to perform properly every day, is a needed breath of fresh air.
I think the big shift for me was during college, when my Frankenstein computer failed during the one particularly hectic spring essay rush. I bought a Dell laptop because it was cheap and could be at my door in three days. Since then, I've never built a "main" computer again. I still have my HTPC project and a few other things, but it's really, really nice to know that I have one computer that will always work when I need to actually, you know, DO something that matters. No driver headaches, no dodgy hardware, no constant configuration. I open the lid, do my thing, then close the lid. Although I have become a real Mac fan, this isn't a pro-Mac post at all... it's a post in strong favour of things that don't require me to screw around. If I WANT to screw around, I will, but at least the choice is mine now. I've put that same principle into play in what I drive, too. I have a 2000 Mazda Protege, which never fails, as my daily driver. Then, I have a 1988 Nissan Pathfinder with 31" tires, a lift, etc for those days where I feel like tinkering. That truck sits apart for weeks if I don't feel like getting my hands dirty, and you know why? Because it can -- I don't need it to get me to work. It's beautiful. If you can afford it, life really is better when you don't have to drive the project (both literally and as a metaphor for computers).
Frankly, even if it costs me my Geek Card, I'm never going back to the "old way."
-
Inventor of the term 'pardon my French'.
ssh://user@host/path/to/dir works great in gnome for me without having to mount anything
as does
smb://windowsuser@windowshost/sharename/path/to/dir for windows hosts
One thing I'd really like but haven't been able to figure out is how to get it to translate windows links my colleagues send me (s:\path\to\shared\file.doc) to something nautilus understands (smb://usernameforSdrive@HostForSDrive/ShareForSDrive/path/to/shared/file.doc) - seems non trivial but would be a real timesaver.
I'll admit this may be a little tinfoil-hattish but it makes me wonder if MSFT is the only player in this saga. Just supposed in the wake of 9-11 hysteria that someone in the administration had the brainy idea to slip a traceable...something...in PC's to track terror suspects. Not something that reported to a third party...too easy to spot the traffic. Something that relayed the data through MSFT so the destination would remain hidden. Now the forced updates are wiping out whatever it was.
Probably out there but a few years ago suspecting the phone companies of listening in on the phone calls of millions of Americans without a warrant would have been really out there.
And before that was the revelation that printers were spitting out identifiable information in the background.
It's a sad testimony that wholesale spying on PC users is not out of the realm of the plausible for the current administration to attempt or Microsoft to cooperate.
It may be years from now before we find out the whole truth. What we know today should send a shudder through every freedom loving person in this country. I'm mildly surprised so many hard-core right wingers are okay with the government spying on them.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Synaptic downloads a list of all updates to the user and the user's computer determines what updates are applicable.
Microsoft uploads a list of 'everything' on the user's PC to Microsoft and Microsoft determines what updates are applicable and then stores that uploaded list, associated with your registration information, for an undisclosed period of time.
When information is power, privacy is freedom.
I've long thought the same. Looking at the US situation, that method of government (american style democracy (i'm usian, btw)) (oh and I like scheme;) works really well in small groups with common interests. And it *still* works well in the right scale: small towns, social groups (neighborhood associations, PTG's etc) but rapidly loses effectiveness as you move up in scale. In fact I think the number, at least for governed populations, is much smaller than 1e7. You really need to know at least a sizable portion of your fellow citizens to develop a situation where you give a damn about the rest of the population. Once you get to a "them" mentality, its all over because who cares if it hurts "them" so long as "we" get what we need/want. I think that if the local level is working well, then it will carry up the government ladder to regional and even national levels because the local effectiveness keeps people involved. If you, as a citizen, have access (I mean *real* access) to your elected representatives, and those representatives have some clue who you are, then government will work for you. If not, then apathy sets in.
Probably the same for capitalism as well. Capitalism works great when everyone knows everyone else, or at least most everyone else. I, as a retailer, know my customers and my customers know me. I'm happy to sell to them for a reasonable price that supports me in a reasonable manner and they are happy to buy from me knowing that they're not being screwed. They know this because they know me and know my lifestyle, at least somewhat. Once you no longer know your customers, then you begin to view them as objects with money that you want to get. It's sort of inevitable (I know, I own retail businesses). Likewise, if you as a customer don't know the producers/retailers of goods and services you purchase then you objectivize(?) those people and no longer care about their living and working conditions, you begin to just want the stuff as cheap as you can get it.
It is my opinion, based purely on anecdotal experience, that the system breaks irrevocably once the scale of the local population gets above some number of thousands (maybe 10-50, at a guess) and the population at large is also sufficiently large (a few million?).
man, I feel like mold.
Not only that, but the grandparent post deliberately, I suppose, obscured the issue. The issue is trust, not honest mistakes.
Microsoft's recent sneaky update has caused severe problems: Microsoft Stealth Update and Windows XP repair don't mix. If Microsoft weren't sneaky, at least customers could deal with the mistakes more easily.
Quote from the ZDNet article: "The overall impression that I get as someone who deals directly with the company is that Microsoft believes that it is right and anyone making a fuss is ultimately wrong". It's not surprising to me that billionaire virtual monopolists would have developed arrogance.
However, that's not the REAL problem, in my opinion. The real problem is that people think that Microsoft is a software company that is routinely abusive. But it isn't. Actually, Microsoft is an abuse company that uses software as a means of delivering abuse. I think a lot of people agree that, if you look at it that way, Microsoft is excellent at what it does.
I can spare MS the work... When Ubuntu fails, that is due to an error, and it doesn't call the user a pirate. When Windows fails to validate, that is dues to MS thinking the user is a pirate (and being quite verbal about it).
Rethinking email
I've often wondered with the slow Vista uptake whether MS would torpedo XP via updates that actually degrade performance or break things deliberately. It's weird, I have a number of XP boxes with very good reliablity, but in the last 3 months I have had a number of software related failures on nearly all of them - most requiring re-installs. The drivers haven't changed, usage hasn't changed, the only thing that has changed is the MS updates. No hard evidence, but many fellow admins I know have seen similar oddities occur (esp after the stealth update)...
It could just be coincidence as it would be a very dangerous move by MS, yet I wouldn't put it past them. Users who are having to fuck around are surely more likely to consider switching OS. For the bulk of desktop users that would be Vista.
The best fastest way to get people out a building is to set it on fire...
Always put up with it? To a point, but soon that hurdle of switching to something else seems worth it when time and time again MS does something to make computing more difficult for the end user. And that hurdle is getting smaller all the time. And I am not talking theoretical nonsense. I work for a library at a large university and it is become unbelievably hard to maintain a large fleet of public computers. Genuine Advantage has broken our update scripts causes massive manual updates to be needed, and they continue to change this, with no guarantee that the next patch Tuesday will or will not require a different process. On top of that, to build an image using MS's own sysprep, has about a 80% failure rate! It can take up to two months to fulling update an image that we know will always boot up correctly on all the computers we use (and we only have three different models). Then there is vista. Right now, hardware requirements aside, it is not ready for mass use. It isn't stable enough for 4 guys to keep 150 public machines running. We would probably need about 15 people. And if SP1 fixes these issues, there is still the hardware side. Maybe we have been spoiled with the fact that 5 year old computers could use the newest software, but that is the way it is set up now. We use computers that are 5 years old, and older for specialized systems, and we can't go back to the university and say, "oh, well MS needs more hardware, so we need to double the computer funding." So as Vista stands now, it would be about 3-4 years before the entire group of computers will run it well enough that busy college students can use it. MS has stated quite clearly that XP will not be supported that long. So soon we may not have any choice but to leave windows. And it may not be that long. I have already been handed a project to evaluate the ability for linux to be used on public computers. The requirements are IE7 and Office 2007 working as well as "All media in books in the library are readable." The last requirement isn't going to be hard. But even if the only way to do that is to set them up with VMware that runs a downloaded workstation of windows, it will probably be much easier to send out a new workstation file than do the updates required from MS. And when linux is running for free on all the public desktops, albeit in the background, how long it is going to be before wine can get IE7 and O2007 working along side the free variants and the university says "Why are we paying a Windows site license?"
While most end-users get their software from their distro, where do you think the distros get it from?
The vast majority of packages are maintained separate from any distro, and they're pulled into each distro by the distro maintainers. The real reason why the the linux updates are more reliable is that the developers can _talk to each other_. Most packages have mailing lists, newsgroups, forums, etc. and solutions can be developed in cooperation with the other developers.
As for the buck-passing thing...it happens with linux too. The application team blames the platform team which blames the distro which blames glibc, and they in turn say that the distro needs to upgrade to the latest version, which isn't compatible with the distro's compiler....and so it goes.
Yeah, I'm scared to run that update - if Windows Malicious Software Removal Tool works as good as it sounds, it'll probably remove half my Windows installation for me.
Once I was a four stone apology. Now I am two separate gorillas.
My experience for several years has been that Linux is light years beyond Windows in terms of detecting hardware and installing appropriate drivers (the big exception bing wifi drivers, of course). They used to tell you to make sure you copied all of the info out of Device Manager before attempting a Linux install so you could hunt down the drivers you would need to get your hardware working. Now, it's more like pop in a Ubuntu CD to identify all of your hardware before doing an XP install. And I'm not talking about weird, esoteric stuff that you could understand. This is basic things like NICs and sound cards. Even the various HP Laserjets we have scattered around the office stump Windows' hardware detection tool, while simply plugging the printer in to a Linux box often results in a working printer with no further user intervention.
I don't care why you're posting AC
and if you want a graphical SSH then kssh is pretty much identical to PuTTY
Or they could just run the Unix version of PuTTY itself.
http://www.tecchannel.de/ueberblick/archiv/402064/index15.html
When information is power, privacy is freedom.
I originally trusted MS with Windows updates, but as usual with matters concerning Microsoft, it was a huge mistake.
The updater got greedy and decided to update my MS Office. I don't have outlook installed, since I never use it. The updater however somehow failed to detect that and started downloading a "critical update" for Outlook without permission. It then started asking me if it's ok to install, but naturally the install always fails, as the files are not where it thinks they are, so it cancels and later again asks me whether it's ok to try. I've been seeing that wizard ever since for a few months now. The solution? I can think of two actually:
1) Reinstall the OS (preferably to something Open Source)
or
2) Get used to the thing.
That's how it always is with Microsoft - the bug is there for so long that everyone knows about it, and then it's not a bug anymore. It's a "feature"...
There are two kinds of people - those who are radioactive and those who have already decayed..
I am a cave man you insensitive clod!
vi +
Nope, that's not the problem. The problem is with transparency.
I can accept that not all code is perfect and that in a beast of an OS like Windows it is entirely possible that an update will break something. That's fine. That's OK. And when I decide to install an update I am aware that I may need to fix something after the fact. I don't have a problem with this.
What I do have a problem with is Microsoft not telling me what their updates are doing. Yes, generally speaking, there is some indication of what the update is supposed to address. The patch notes will reference a hotfix or KB number or something like that. A lot of the time you can tell what is likely to be affected. But not always. Microsoft has repeatedly released updates with incredibly vague or downright misleading patch notes. And then there was the recent stealth update.
I've got Automatic Updates disabled on just about all of our production systems. I can't have some update showing up in the middle of the night and hosing a server or a couple dozen workstations. I always read through the patch notes before applying updates and, to the best of my ability, check with software support to make sure nothing is going to break.
But if an update claims the only thing it does is fix a bug in IE when in fact it messes around half a dozen low-level network components then I have little if any ability to predict what is going to be broken by that update.
"Work is the curse of the drinking classes." -Oscar Wilde
I am an insensitive clod you insensitive clod!
With Linux, you get all three
What's really broken with Windows - trust. Not even Windows Update, but Windows in itself. Windows Update is just another add-on that tries to install crap onto your machine, like that "Malicious Software Removal Tool".
And of course the whole crappy spyware and trojan ecosystem, but that's not directly caused by MS.
I finally gave in and bought a Mac - I want Photoshop, and I can't have that on Linux (and no, forget The Gimp for what I'm doing).
I knew Windows Update was dodgy, but this is far beyond the so-called red hand of guilt -- MS would have to be some kind of anti-Pict with its whole body dyed red for this expression to apply in this instance. Got me thinking more and more about simply sucking up the hit in productivity from missing *nix software and making the jump, regardless of required apps that I can't get to run under Wine. Part of smart business is reducing your exposure to risks, and MS is looming ever larger...
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Well, I did read the linked article. They claim that Windows Update (WU) uploads a complete list of installed hardware to the MS server; and the server then sends WU a list of applicable updates for that hardware. They also claim (with less certainty) that the product identification key and a signed hash of that key are sent to Microsoft as a way of potentially denying updates to pirated copies of Windows.
These are possibly reasons for concern, but just to be clear they are a far cry from the upload everything!!!oneoneone!!! approach claimed by the grandparent post. Keep in mind that at the end of the day, any automatic update server (Windows, Ubuntu, insert your OS) can learn a lot about what's installed in the system being updated, if only by analyzing what gets downloaded. Or would we all be better served by an automatic update system which always downloaded every available update whether it was needed or not?
Of course, there are folks that say, "If they would have designed it properly the first time..." But, you know what, a project the size of an OS, kernal, Office app is very hard to weed out all the problems.
No, if you had designed it properly the first time, it would have been easier in the long run to weed out all of the problems. The fact that MS has such a difficult time producing secure and stable software is itself evidence of a design failure. It's not that the programmers make mistakes - it's that the designers and architects didn't account for this fact in their original design.
At this point, Microsoft does not have the option of producing secure software. They either go with a new, secure design which breaks backward compatibility (and cedes much of their marketshare to Linux), or they patch the old one at a rate just fast enough to keep users from switching to a Mac or Linux.
Microsoft Windows is, I suppose, an example of a classic computer science axiom: design your software as if it will be used forever, because it just might. The things which computer programmers underestimate the most is the frequency with which quickly, poorly-written code becomes the baseline for a company's new product, promises of a rewrite notwithstanding. Suddenly, some shoddy code becomes a standard, and the rest of the world has to suffer billions of dollars in lost productivity and endless hours of frustration attempting to get their computers to work as they should.
The society for a thought-free internet welcomes you.
I think he just explained that.
.NET. Now they just need to do it with something that matters to the average user. It's not a matter of "if", but of "when".
Mac OS X "just works" out of the box.
Linux, not so much. Even Ubuntu requires that I fiddle around with some stuff before it's properly usable. Here's a sample of the idiotic config crap necessary:
- twiddle the X config file to get certain mouse buttons working - I have a 5-button mouse. Only 3 buttons are supported by default, so I have to go add a couple more buttons to the mouse in the config file. How hard is it to just have a nice HID manager that polls the device for its button/axis count and binds everything to a set of commands? Really, it shouldn't be that tough. Mac OS X calls them Button1..ButtonN. Windows does the same but calls them Joy1..JoyN. Motion axes are handled similarly.
- get "special" video drivers to do anything that requires hardware acceleration - To be fair, this one is slowly going away as the Damned Hippies (you know the type) lose control of the community. Ubuntu at least gives you an easy interface to get this if you want it. But to be completely fair, there's not even an issue with this if you use Mac OS X or Windows.
Oh, and before you say "but you can compile your own stuff under Linux and customize it however you want", 1) you can do that on Mac OS X too, and with mostly the same tools, 2) with several distros (Ubuntu, I'm looking at you) the tools aren't included and you have to track them down along with their dependent libs/tools/etc. (again, no different from Mac OS X), and 3) that doesn't meet the definition of "just works out of the box" in even a small way.
You're right in that there's no reason why Linux couldn't work the same way as Mac OS X. But it doesn't. And it won't until the Damned Hippies are removed from the equation. They are now the fly in the ointment. They've contributed a lot, and they deserve the credit for that. But they need to stop dicking around and get things to the point where it "just works" (and the word "completely" really should be added to that) or Linux will never catch on with the masses. And the longer Linux takes to catch on with the masses, the longer Microsoft & Friends have to keep trying until they get something right. They've already done it in the dev community with
cmon, I trust Microsoft just fine. Vista certified drivers? I trust those. I trust everything MS does, actually. I'm not a tool, I promise, but I have no reason to distrust them.
It's more of a "nothing to hide, nothing to fear" situation. I don't see any of you losing millions (yes, millions) of dollars arbitrarily because some snotnosed middle schooler doesn't think he wants to pay for the product you developed. So how does microsoft get those millions back? They have to impliment security measures, just like the RIAA, Game companies, and every other industry who is suffering from rampant thievary. So no. I have not been "betrayed."
Actually I've had similar issues as yours, but none in the past few years. I run Fedora at home (Fedora 7 if you're curious) and haven't had an issue with breakage in the past three Fedora versions. I administer a *lot* of RHEL5 boxes at work and haven't had a single issue with updates or breakages.
Now, some distributions (like Fedora) are considered to be "fast-moving" distributions and therefore there are a *lot* of updates that become available very regularly. Doesn't mean they're untested, just that there is likely to be a lot of them. On the other hand there are more "stable" distributions like Debian stable, Slackware, or CentOS that focus mainly on necessary security updates and not much else.
There's also the issue of 3rd party repositories. Some are better than others, but if you enable non-supported repositories or just randomly install a lot of junk that isn't made available in the official repositories then you must accept the inherent risk of running unsupported software. The updates that come from upstream (Fedora, in this example) are designed to work with and are tested on Fedora systems. Not Fedora+atrpms+livna+freshrpms, and not Fedora+"some 30 odd programs I compiled and installed using `make install`". I'm not saying you're guilty of this, but a lot of broken installations are broken because of people doing exactly these things.
Each distribution is a little different as well, and if you use Debian you should learn to use Debian-specific tools. If you learn Fedora you should learn to use Fedora-specific tools. Hacking about things on a Fedora box using some guide on the Gentoo wiki isn't the proper way to go about things.
I highly doubt that if you take any modern well-supported distribution (Fedora, Debian, Slackware, CentOS, etc), install the latest version, and keep up on updates that you're going to have any breakages. At least I haven't seen it happen.
*I didn't mention *buntu in this post because I *have* had issues that distribution in the several versions that I've tried, and therefore (contrary to the vast majority) when I discuss linux or GNU/Linux I'm referring to just about any distribution other than *buntu or its many derivatives.
I may have to share this planet with animals, but I'm doing my damn best to eat every last one of them.
.....Also, OS X cannot play Blu-ray movies.....
But on OSX10.4 you can MAKE HD movies, such as you get on Blu-ray. All you add is one of the new HD camcorders to take the original footage. Then you get can edit and produce your great creative work in DRM free HD video. It all comes for free with your Mac. As soon as HD burner prices come within reason, burning HD disks, of whichever format finally wins, will be part of the iDVD program that comes with every Mac.
If all you want to do is PLAY commercial HD movies, just get a new player. It doesn't cost much more than just the VISTA software alone.
OSX can run Windows under Parallels along with all Windows programs, including VISTA and Office 2007. In something they call "coherence" mode, the Windows desktop disappears and all you see is the Windows program running in your OSX. Windows and all its apps is just like any other program running in OSX.
Some Mac vendors sell Parallels for $10 when you buy a new Mac. I bought an OEM copy of Windows VISTA Home Premium which had no problem installing on my Macbook.
All theory is gray
True, but that assumes a great number of things about the integrity of the computer. In order to verify the download, the correct certificate authority keys must exist, and the computer must already have the correct microsoft keys. It would be much more technically feasible to have an attack vector that lacks the ability to run arbitrary code, but has access to modify non-executable memory, and thus can change the microsoft public key in memory to the microshaft public key immediately prior to issuing the update command. It's still not easy, but digital signatures are only as secure as the memory they're stored in.
Actually, I was referring to situations where a person wanted to install Linux on a box that was currently running Windows (and I was talking about more than a few years ago). It may be hard to believe if you are relatively new to Linux, but there was a time when installing it was complicated enough that LUGs would hold "Install-fests" for the uninitiated. If the box you were about to help the newbie put Red Hat (or Slackware) on had a working installation of Windows, you could save yourself a lot of headaches by booting it up and carefully noting the items listed in Device Manager, before formating the hard drive and selecting packages.
Of course, things have changed a lot with the advent of better hardware detection (and Google, which also didn't exist back then), to the point now where the best way to find out what is "under the hood" of that beige box you found in the corner of you closet is to pop a Ubuntu CD in it and boot it up. It may not identify everything, but it will certainly be a lot more successful than an XP SP2 disc, which was kinda the point I tried (but apparently failed) to make in my first post.
I don't care why you're posting AC
Mirror servers download the debs and you can pick a server location from a list to get your automatic updates from. So you're most likely getting your debs from a server not even owned by canonical. For example I was in Thailand last year and picked to download my automatic updates off a Thai mirror site. Now I'm back in England I picked a UK mirror.
You're trying to make it sound like it's no greener on the other side but it just comes off as a FUD attack. You're wrong on this matter and Microsoft is in the bad for stealing Windows Users data.
Microsoft betraying user trust on several separate occasions and this behavior is eroding customer confidence in the entire update mechanism.'
I think there are probably a lot of people on Slashdot that got burned early by WindowsUpdate, and never trusted it again. I've been burned a few times, and now I leave automatic updates off unless I have a good reason to leave it on. Nevertheless, I really believe that Microsoft is making a mistaking screwing around with this particular sacred cow, although I'm sure the temptation to abuse it was just irresistible. As Wally from Dilbert put it, "What would be the other reasons for having power?"
Still, if our good friends Joe Average and Joe Sixpack get it into their heads that WindowsUpdate has a significant chance of blowing away their systems, they're going to just turn it off and to Hell with patches and fixes. And you know what? They'd be right to do so. This is a stupid, dangerous game that Microsoft is playing.
The higher the technology, the sharper that two-edged sword.