Microsoft Plans Largest-Ever Patch Tuesday

OMG by Anonymous Coward · 2009-10-08 11:53 · Score: 0

It's PDAY!!!

It fixes EVERY bug? by DeadDecoy · 2009-10-08 11:53 · Score: 0, Troll

So it installs linux?

Re:It fixes EVERY bug? by Mr.+Roadkill · 2009-10-08 11:57 · Score: 2, Funny

So it installs linux?
Yes, and kills problem users.
Re:It fixes EVERY bug? by davester666 · 2009-10-08 12:18 · Score: 1

Does this include Windows 3.1?

--
Sleep your way to a whiter smile...date a dentist!
Re:It fixes EVERY bug? by CannonballHead · 2009-10-08 12:24 · Score: 4, Funny

Yes, those users, too. ;)
Re:It fixes EVERY bug? by von_rick · 2009-10-08 12:39 · Score: 1

So it installs linux?
Yes, and it not only provides support for your hardware, but also provides child support and psychiatric support.

--
Face your daemons!
Re:It fixes EVERY bug? by Anonymous Coward · 2009-10-08 13:22 · Score: 0

Because Linux has no bugs whatsoever? What a retarded comment.
Re:It fixes EVERY bug? by w0mprat · 2009-10-08 13:26 · Score: 1

So it installs linux?
Yes, and kills problem users.
Those users are not bugs they are a feature

--
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Re:It fixes EVERY bug? by genner · 2009-10-08 13:50 · Score: 1

So it installs linux?
Yes, and kills problem users.
Can't be it says it only fixes 13 flaws. I have more problem users than that.
Re:It fixes EVERY bug? by JohnBailey · 2009-10-08 15:04 · Score: 0

Because Linux has no bugs whatsoever? What a retarded comment.
Nobody said that.
What it does have is an update system that works when the user wants. Not when Microsoft demands. This is the difference.
Windows acts like a four year old with a weak bladder in the middle of a shopping trip. Linux just does it's thing after asking permission, and keeps out of the way until you are ready to pay some attention.

--
It is difficult to get a man to understand something when his job depends on not understanding it.
Re:It fixes EVERY bug? by DeadDecoy · 2009-10-08 15:04 · Score: 1

Geez, no one has a sense of humor here, especially regarding a Microsoft v Linux joke. I must be in the wrong place.
Re:It fixes EVERY bug? by JWSmythe · 2009-10-08 15:06 · Score: 1

The flaw is in the methodology, not in the the number of users.
For example, if there's an error in the filesystem driver with corrupt blocks, the fix is just in the drivers behavior, not in the number of blocks that it fixes.
Obviously, one of those fixes is in how you kill your users. While firearms work very efficiently, bullets are expensive. Go for rapid blunt force trauma. Training is mandatory. Too much force, and you get blood splatter. Too little force, and they're just annoyed. ("hey, stop hitting me").

--
Serious? Seriousness is well above my pay grade.
Re:It fixes EVERY bug? by Anonymous Coward · 2009-10-08 15:12 · Score: 0

teh Linux is srs bsns
Re:It fixes EVERY bug? by tunapez · 2009-10-08 15:23 · Score: 1

I notice you failed to include "useful" when you called them features. Does that mean they fit into the "inSecurity Center" and "User Accept Conditioner" category?
Just finished reinstalling 7 x64 and I gotta say, all said and done ~half of the "useful features" are now disabled. I wish they would maybe drop the proven less-than-useful services while they're adding more unuseful services.
***Lo and behold, the scary-useful "An unauthorized change was made to Windows. Windows must be reinstalled" feature just popped up. Gotta go...

--
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
Re:It fixes EVERY bug? by ozmanjusri · 2009-10-08 18:24 · Score: 1

I notice you failed to include "useful" when you called them features.
They have one main use.
They contribute about $12,000,000,000.00 per year towards making Windows the most stable, secure and innovative OS on the planet.

--
"I've got more toys than Teruhisa Kitahara."
Re:It fixes EVERY bug? by DocHoncho · 2009-10-08 18:48 · Score: 1

...an update system that works when the user wants.
This is truly the lynch-pin for the year of linux on the desktop. users will only get security updates when they want to. Just like when they got infected because they wanted a set of shiny new mouse cursors.
That's it! If we want users to be more secure we should distribute critical security patches in the form of new mouse cursors, smiley packs or screen savers.
Just think, tell the users "Click here to see the happy kittens" and bam, push the latest security updates on them.
I should patent that...

--
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
Re:It fixes EVERY bug? by JohnBailey · 2009-10-08 22:43 · Score: 1

This is truly the lynch-pin for the year of linux on the desktop. users will only get security updates when they want to. Just like when they got infected because they wanted a set of shiny new mouse cursors.
As opposed to when the updates arrive, and you are in the middle of doing something, yes. I apply all the updates regularly, Not a problem. A few clicks and the job is done. And are you going to somehow explain to me how waiting a few minutes or even hours, as opposed to up to a month for an update is so terrible? And how come only Windows users keep expecting to see the year of Linux?
Of the two methods, which do you think is more likely to get turned off completely?
Updates on Linux are not a chore like they are on Windows. The interruption is minimal at worst. You just keep doing whatever you were doing while the updates download and apply, and when you turn off the computer, the next time it is turned on, the updates that actually need a reboot are applied. Why would anybody even bother ignoring it?

That's it! If we want users to be more secure we should distribute critical security patches in the form of new mouse cursors, smiley packs or screen savers.
Just think, tell the users "Click here to see the happy kittens" and bam, push the latest security updates on them.
Not a bad idea at all. Make it even slightly interesting, and many will do the updates a lot more willingly.
Obviously not as good as the "Oh shit.. I forgot to save the document before I went to make a sandwich" surprise that happens now. when the computer automatically reboots. Or the always popular "Windows wants to update NOW!!!" message right in the middle of an important presentation.
Lets be honest here. Even the most illiterate user will be motivated enough to turn the automatic updates off after the first few times this happens. I've seen it happen. Just as they do with virus scanners and firewalls when they get in the way, and just as the UAC checks result in automatically clicking "yes" every time they appear. And once turned off, no more problems with updates. No more updates.. Brilliant plan eh?

--
It is difficult to get a man to understand something when his job depends on not understanding it.
Re:It fixes EVERY bug? by geeper · 2009-10-09 01:26 · Score: 0

Total BS. The default time for Windows automatic updates is 3am. If you're working then, it may be a problem, otherwise you'd never even know until you were asked to reboot. I have mine set to download updates but not apply. I do that only because I like to see what is getting updated. I can click to install them now and it runs in the background with minimal impact on my work. If a reboot is required, it will prompt me to do it now or I can chose to be reminded later.

--
Error reading device 'Signature'. (A)bort, (R)etry, (F)ail?
Re:It fixes EVERY bug? by V!NCENT · 2009-10-09 01:34 · Score: 0, Troll

Winblows 7, for a world with no balls. It allows for seemless connectivity with other virus infected Winblows PC's so you won't miss your daily spyware load. Winblows 7, doesn't work the way you want it. Winblows 7, Stupifies everyday tasks. Winblows 7, makes new thing impossible. Engineered by us, inspired by your wallet.

--
Here be signatures
Re:It fixes EVERY bug? by Sfing_ter · 2009-10-09 03:00 · Score: 1

and this too is a "lie", there are and have been updates that Microsoft has pushed that forced a reboot after installation - this was on all machines with windows update service running no matter the state chosen - ie. "Notify" "Automatic" or "Download but do not apply". what windows user has not come back to a computer only to have the little green icon in the lower rh-side telling you "Windows has been recently updated click here for more information"? And that is the problem, Microsoft has proven they can reboot your machine remotely - what else can they do??? I myself turn off the update service and use Heise's ctupdate, a magnificent tool.

--
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Re:It fixes EVERY bug? by mcgrew · 2009-10-09 04:04 · Score: 1

Never make fun of a man's wife, job, or religion. You may have touched all three nerves there.
Never go for funny unless you don't care about karma!

--
Free Martian Whores!
Re:It fixes EVERY bug? by TheRaven64 · 2009-10-09 06:01 · Score: 1

What it does have is an update system that works when the user wants. Not when Microsoft demands. This is the difference.
Windows update used to work like that. As soon as an update was tested, it went on the Windows update server. Then they discovered that, for undisclosed vulnerabilities, attackers were just running diff on the binaries to find out which functions had been changed, decompiling them, and producing attacks. By scheduling updates for the same time every month, they made it easy for everyone to update quickly, so most potential targets for malware have been patched before the vulnerability can be reverse engineered.
This doesn't really apply to a Linux distribution. The upstream sources will have been fixed first, and people can look at the public repository to see the vulnerability just from reading 'security fix' in the commit logs. It then takes a while for each distribution to update their packages.

--
I am TheRaven on Soylent News
Re:It fixes EVERY bug? by tunapez · 2009-10-09 06:02 · Score: 1

Like BITS and Shell Hardware Protection, you mean? Or was it the 3-5 services required to run Remote Access/Remote Desktop properly(IF it has been enabled through cmd/safe mode prior)? Maybe the firewall that only works one way? I know the 20-40 ways Win calls home is vastly important for MY privacy and security. How do I know these are all integral? b/c I have been disabling&replacing them in MS for years.

the most stable, secure and innovative OS in the universe.
Fixed that for ya, I will not report your lapse to the mothership... this time.

--
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...

But will it let me buy stuff using paypal? by randy+of+the+redwood · 2009-10-08 11:56 · Score: 4, Interesting

I am still worried about using Ebay to buy my star wars collectables from my Chrome Browser - http://it.slashdot.org/story/09/10/06/2118211/Null-Prefix-SSL-Certificate-For-PayPal-Released

--
The sun is the same in a relative way, but you are shorter of breath and one day closer to death

Re:But will it let me buy stuff using paypal? by L4t3r4lu5 · 2009-10-08 20:36 · Score: 1

Yeah, but please visit this website prior to your visit. An installation and a quick change of browser will be required to implement the enhanced security.

--
Finally had enough. Come see us over at https://soylentnews.org/
Re:But will it let me buy stuff using paypal? by Anonymous Coward · 2009-10-09 04:13 · Score: 0

No, I'm afriad not. Using PayPal will still be a really fucking bad idea.

The more crap you add... by iamhigh · 2009-10-08 12:00 · Score: 0

The more likely you are to have errors. I would love to see a chart of patches released over time... anyone put that together yet?

--
No comprende? Let me type that a little slower for you...

Re:The more crap you add... by CannonballHead · 2009-10-08 12:08 · Score: 3, Insightful

I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
Which do I think is a better OS in terms of security and stability? Linux. But I tend to get tired of the "Microsoft releases so many patches, their OS is obviously bad" argument when the it seems the whole development model of open source software (e.g., Linux distros) is that anyone can develop both features and patches, thus improving the software.
Re:The more crap you add... by Anonymous Coward · 2009-10-08 12:14 · Score: 0

There are plenty of such comparisons out there. Windows tends to win with less vulnerabilities, but linux is faster to patch. It is very hard to do an apples to apples comparison though due to linux and windows distributions both shipping vastly different software stacks and programs. A good independent source is secunia.com if you want to check some of the numbers.
Re:The more crap you add... by Penguinisto · 2009-10-08 12:16 · Score: 5, Insightful

I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
For just the kernel, or for a whole average distro? Which distro's kernel and which variant (e.g. SMP vs. uniprocessor) and which arch? (x86 vs. say, PPC or ARM)? Do we count all the optional modules, and what about the stuff that is out there which could be compiled-in, but usually isn't (e.g. Win4Lin extensions)? Are patches counted as individual diffs checked in to a CVS/SVN/BK repo source tree, or counted only if distributed .rpm/.apt packages by a vendor?
Otherwise, yeah, I can see your POV. :)

--
Quo usque tandem abutere, Nimbus, patientia nostra?
Re:The more crap you add... by Penguinisto · 2009-10-08 12:18 · Score: 1

...and yes, I meant to say git and not BK. Stupid brain farts...

--
Quo usque tandem abutere, Nimbus, patientia nostra?
Re:The more crap you add... by CannonballHead · 2009-10-08 12:22 · Score: 4, Insightful

Fair questions, but easily answered: for whatever is being compared to in a Windows OS. Windows, as I recall, has a kernel, has components that are necessary, has components that are unnecessary, etc. It seems Linux fans easily lapse into thinking that Windows is one complete mess all bound into one, whereas Linux has messy parts but the core is great... but who installs "Linux" and doesn't install a "Linux distro." To be fair to Windows. I'd have to say you'd have to compare an entire Linux distro default installation to an entire Windows default installation... all software included in the iso, not the latest-updated-version-of-Amarok or whatever comes with it by default. Getting the latest Amarok version is just like getting the latest patch for Windows Media Player...
As for CVS/SVN/BK diff's and whatnot, that's hard to come up with... I have no clue how much code differences there are in a given Windows patch. For all I know, it's one single typo, but since it's a binary, the entire thing is built and sent over in the patch, right? So who knows? I would think, from an end-user perspective, it only counts as a patch if it's distributed in an easily installed format; e.g., as an update or as an rpm or included in the distro, etc.
Thanks for seeing my POV. :) hehe. I'm in an unfortunate position for my life on slashdot; I actually enjoy Windows OS's. And Linux distros. Awful, I know.
I don't like AIX though...
Re:The more crap you add... by CannonballHead · 2009-10-08 12:23 · Score: 1

I blindly followed suit..
Re:The more crap you add... by powerspike · 2009-10-08 12:38 · Score: 2

Well.... ALL of them, as the 13 updates includes office etc as well. Reguardless if it's SMP or uniprocessor, it's apart of the kernel, if it's a kernel patch it has to be counted, otherwise it wouldn't be linux would it? At the end of the day 13 is for everything "in this batch", so if your going to be counting linux bugs, i would count everything you'd consider linux, just because one distro doesn't include one part of the kernel doesn't mean you don't count a patch for it...
Re:The more crap you add... by vxvxvxvx · 2009-10-08 12:46 · Score: 1

all software included in the iso,
You'd still be making an invalid comparison. The normal linux distribution includes multiple tools to do the same tasks. For example, most come packaged with both Gnome and KDE. It's pretty impossible to compare security by number of patches.
Re:The more crap you add... by some_guy_88 · 2009-10-08 13:02 · Score: 2, Insightful

Also, a lot of patches for linux software are adding new functionality. Not just fixing bugs.
Furthermore, what exactly is contained in one Windows "update"? As far as we know one windows update contains as many changes to the system as dozens of smaller patches in a linux distro.
But yeah, the idea that more released patches = less secure system isn't a very good one.
Re:The more crap you add... by Joce640k · 2009-10-08 13:04 · Score: 0, Flamebait

Maybe Linux is "faster" but at least with Windows I won't have to go in and manually recompile my webcam driver when it's finished updating.

--
No sig today...
Re:The more crap you add... by jrumney · 2009-10-08 13:17 · Score: 4, Insightful

The point the GP is trying to make is that they just aren't directly comparable. Limiting yourself to the Linux kernel is unfair to Windows, as Windows is much more than just a kernel. But comparing with a full distribution is unfair to Linux, as there is much more in a distribution than even Windows + Office + SQL Server + everything else that Microsoft Update covers.
Re:The more crap you add... by ROMRIX · 2009-10-08 13:29 · Score: 1

I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
A closer comparison would be between the number of patches to Linux vs. My bicycle tire.
Re:The more crap you add... by Anonymous Coward · 2009-10-08 13:30 · Score: 0

Another wintard wearing his ignorance on his sleeve like it's a fucking metal. Why don't you have the sense to STFU when the conversation turns to subjects about which you know nothing?
Re:The more crap you add... by dave562 · 2009-10-08 13:33 · Score: 2, Informative

The number of patches and whether or not Windows or *nix requires more is pretty much a moot point. Both systems need to be updated regularly and both are vulnerable to automated vulnerability scanners that are being run 24/7 on compromised boxes. I won't re-tell the tale here, but you can check my journal if you want to read about the most recent tale of an Ubuntu box that I setup getting owned in under a month. Any OS that falls behind on patches becomes an exploitable target.
Re:The more crap you add... by jonadab · 2009-10-08 13:45 · Score: 1

> > I'd like to see a comparison between the
> > number of patches to Linux vs. Windows. :)
> For just the kernel, or for a whole average distro?

Neither is at all fair.

Comparing security track records for all of Windows against just the Linux kernel is grossly unfair to Windows, because it's got a good deal more in it than just a kernel, and many of its bugs are in those other components.

But going the other way (an entire distro -- say, Debian) is even more unfair, in the opposite direction, because Windows includes only a *tiny* fraction of all the software in a typical Linux distro.

I suppose it would be possible to pick out a set of open-source packages that approximately corresponds, in functionality, to what comes with Windows out of the box, but it would exclude so much really *basic* stuff (from the perspective of a Linux user) that it would be extremely atypical and not terribly useful or meaningful. I mean, unless you're trying to fit on a floppy disk or something, what would be the point of a Linux distribution that doesn't even include a perl interpreter?

So all in all I'm not sure there's any really meaningful way to compare the number of bugs noted or patches issued.

You *could* compare the average amount of *time* it takes for a fix to be made available once any given (security-relevant) bug is discovered. I think we all have a fair idea which way *that* would turn out.

--
Cut that out, or I will ship you to Norilsk in a box.
Re:The more crap you add... by JakartaDean · 2009-10-08 14:04 · Score: 1

I don't know that anyone is saying "Microsoft is bad because nobody should have to release 13 patches on one day" or whatever the number is. I think there are a couple of valid concerns, around issuing a set of patches that require a reboot on the first day back from a long weekend, for example. I'm also a little pissed off and confused, now that I'm using a Windows machine again for work, that when I came in for work today (Friday morning, we're 1/2 day ahead of USA), my machine had been rebooted in the middle of the night. Windows had decided it needed to reboot after installing "updates." My overnight download of a couple of movies for the weekend was, of course, stopped and not restarted. My linux machines never do anything like that without asking my permission, and if they are rebooted they come back to the configuration they were in before. I can't seem to get this windows box to do that either. Just nits, but the more I use both OSes, the better linux gets. Once (if) KDE gets stable, I'll never want to look at a windows machine again.

--
The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
Re:The more crap you add... by Anonymous Coward · 2009-10-08 14:12 · Score: 0

PROTIP: When slagging someone for their ignorance don't make a spelling error because it makes you look like a dumbass.
Re:The more crap you add... by easyTree · 2009-10-08 14:23 · Score: 1

LoL.
Sorry, I know we're not supposed to feed 'em..

--
Requiem for the American Dream
Re:The more crap you add... by thatskinnyguy · 2009-10-08 14:57 · Score: 1

Here's what you do: set up a WSUS server, set it to check for critical or important updates, sync and then check back every patch Tuesday for an updated list. FYI... There are thousands.

--
The game.
Re:The more crap you add... by palegray.net · 2009-10-08 14:59 · Score: 2, Insightful

PROTIP: That's actually a usage error. He (or she) spelled "metal" correctly.

That said, I've had no issues with five different webcams functioning properly under Ubuntu, without having to compile anything. I believe this is commonly referred to as "It Just Works(TM)".

Additionally, I'll take "knowing about vulnerabilities quickly" over "having somewhat fewer vulnerabilities that are publicly disclosed, leaving out problems Microsoft doesn't feel like informing the admin community of until exploits are already being used in the wild" any day.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Re:The more crap you add... by mysidia · 2009-10-08 17:03 · Score: 1

Redhat Linux has more different patches in 6 months, than Microsoft has a in a few years. That doesn't make it less secure. In fact, most critical Redhat patches fix local privilege escalation issues. Redhat and most Linux distros, even with ample software installed: rarely have remote security issues that might possibly be exploitable by an unauthenticated user.
Usually, Linux is at risk, primarily due to weak choices of passwords, third party applications (web apps), and admin misconfiguration (e.g. making a directory under a web document root world-writable, or writable to the Apache user).
With Windows on the other hand... there are frequent remotely exploitable vulnerabilities in core system components and network services enabled by default (such as the kernel, RPC services).
Microsoft doesn't even generally treat local privilege escalation issues as critical, sometimes they even ignore them.. e.g. "not a security boundary we defend.". There are ample examples of security vulns MS has treated as important that later turned out to be major problems.
In fact... it's quite the opposite.. Windows is so insecure, not because there are many patches, but because the OS needs so many patches to be secure against remote exploits, and because it doesn't get all the patches it needs, because MS cannot seem to ever catch up with the reported security vulnerabilities.
Windows would be more secure if more patches were available to fix the bugs, and Windows users installed them reliably.
A fully patched Windows would be more secure if patches were released for a larger percentage of vulnerabilities.
If Microsoft only decided to acknowledge 1 report of a vulnerability per year, and release only allow 1 security bulletin per year to be released, it would not make Windows more secure.
In fact, Microsoft doesn't release enough patches for Windows frequently, and that's part of what makes Windows insecure, because a fully patched system almost always has unpatched flaws that are known to the public, but MS dismisses or delayed the patch for one reason or another (e.g. the NUL Prefix SSL Certificate bug reported by Kaminsky and Marlinspike in July, 2009).
Re:The more crap you add... by rdebath · 2009-10-08 17:18 · Score: 1

A Linux box being used to scan for stupidly weak SSH passwords, you don't say how they broke in.
So the obvious answer is that you used a stupidly weak password too.
Re:The more crap you add... by st0nes · 2009-10-08 17:53 · Score: 1

Windows is more patch than trousers.

--
Tempora mutantur, nos et mutamur in illis
Re:The more crap you add... by badran · 2009-10-08 20:16 · Score: 0

One word:
fail2ban
Re:The more crap you add... by Anonymous Coward · 2009-10-08 20:17 · Score: 0

A default Linux install comes with so much extra software compared to a default windows install. To make a fair comparison, you'd have to compare it to a windows with Office, Photoshop, Corel Draw, Visual C++, .net, Java, Oracle Express, IIS, MSN, Nero, and probably a bunch of other stuff... if you don't agree, try to think about FOSS counterparts to the above listed software packages, and check if they're included in your average distro (hint: I made the list by checking stuff in my Applications menu on my default Ubuntu install and trying to come up with the closest windows software).
Re:The more crap you add... by Gadget_Guy · 2009-10-08 20:23 · Score: 1

I think there are a couple of valid concerns, around issuing a set of patches that require a reboot on the first day back from a long weekend,
Just change your Windows Update settings to "Download updates for me, but let me choose when to install them". That way you have complete control over when the reboot happens.
Re:The more crap you add... by Anonymous Coward · 2009-10-08 21:06 · Score: 0

It isn't an apples to apples comparison though, and it never will be.
To make it an apples to apples comparison, don't use windows as benchmark and try and add stuff to linux to make it look like windows, tear down windows into linux chunks (so to speak).
Compare just the updates to the kernel between the 2, and btw.. good luck with that, no one else is going to do it for you, and no one here has any inclination to do the comparison, so it's best you do it yourself.
You can post it here afterwards if you like, or not. We don't really care.
Re:The more crap you add... by petermgreen · 2009-10-08 23:44 · Score: 1

To make it an apples to apples comparison, don't use windows as benchmark and try and add stuff to linux to make it look like windows
Why not?
Though IMO windows+office is quite comparable to a normal desktop install of most linux distros.

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Re:The more crap you add... by Anonymous Coward · 2009-10-09 00:12 · Score: 0

This isn't true, I've seen servers that have that very option set but still they perform the reboot.
Re:The more crap you add... by Overzeetop · 2009-10-09 00:21 · Score: 1

If the system hasn't been patched as of Monday night, there is no real danger to leaving it unpatched until Tuesday night. You're not required to implement a patch the second it's available. Code you're patch and reboot to occur at 2am local time. The only people who get bunched about "when" updates happen to require a reboot are Linux folks who don't understand how Windows works or do, and just want to M$ bash. I've only been inconvenienced by a windows update once, and it was on my personal workstation - I happen to have my cursor set to jump to the default value of dialog boxes, and windows popped up a dialog with the option to reboot just as I was clicking in another window. Oops. I lost almost 8 minutes of working time waiting for the system to come back up - well, 8 minutes if you count the time I spent getting a coffee refill.
As for your movies - damn. Not only do you not know how to manage your winbox for updates (how much simpler can it get?), but you don't know how to auto-restart a download in the middle after a failure. Now, you might have a dual redundant UPS and an autostart generator with 72 hours of fuel powering your PC. If you do, then good for you. Otherwise, you can hand in your geek card on your way out the door. ;-)

--
Is it just my observation, or are there way too many stupid people in the world?
Re:The more crap you add... by jonbryce · 2009-10-09 01:01 · Score: 1

Getting the latest patch for Microsoft Office is like getting the latest patch for OpenOffice.org. Microsoft Office isn't part of Windows, but OpenOffice.org is part of most Linux distros.
Re:The more crap you add... by sorak · 2009-10-09 01:16 · Score: 1

all software included in the iso, not the latest-updated-version-of-Amarok or whatever comes with it by default.

No. Just no. The typical Linux distro comes with how many media players? And two or more database applications, where SQL server bugs would not get counted, because Microsoft makes you pay extra for them.
The only fair way to do it would be to compare $default_Linux_app_which_does_x to %default_Windows_app_which_does_x%.
Re:The more crap you add... by mftb · 2009-10-09 01:24 · Score: 1

Define "average distro". Median? Mode? Mean? By installations or by simple existence? If mode installations, then yes, you're debatably right (although comparing dd, mount and umount with Nero is a bit of a stretch). The problem here is the vast difference in aims of Gentoo, Arch, etc. vs Ubuntu, Fedora, etc.
Re:The more crap you add... by Anonymous Coward · 2009-10-09 02:14 · Score: 0

You have servers pointed at Windows update?
Re:The more crap you add... by ais523 · 2009-10-09 02:27 · Score: 1

Maybe you could compare everything updated by Microsoft Update, to the equivalent programs in a typical Linux distro (take the most popular if more than one does the same thing?) Or Windows kernel patches to Linux kernel patches?

--
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
Re:The more crap you add... by CompMD · 2009-10-09 02:36 · Score: 2, Funny

Wow, yeah, when you said BK, I thought I would take the initiative and get off your lawn.
Re:The more crap you add... by dave562 · 2009-10-09 03:15 · Score: 1

I actually disabled passwords and had shared keys setup with OpenSSH. I remember reading something on here a couple of months ago about a vulnerability in OpenSSH. Since I just installed whatever was in the 8.04 repository and never updated it, I'm fairly certain that is what was exploited.
Re:The more crap you add... by Bai+jie · 2009-10-09 03:27 · Score: 1

Or maybe we should just realize that apples and oranges are just to dissimilar to compare effectively.
Re:The more crap you add... by CannonballHead · 2009-10-09 03:57 · Score: 1

Not too many media player, actually, unless you choose to a do an absolute complete full install. I should have rephrased, I didn't mean all software included in the iso as in installing all of it - I meant only getting it from the iso. Default installation is good for me.
I'm not saying it's perfect. I'm just saying the "M$ RELEASES SO MANY PATCHES!!!!1" response is, to me, disheartening and does the Linux community a disservice. It only raises the perception of a "dude, open source developers are so much better. we have so much better software. the only reason people don't use it is because M$ is an evil corporation trying to bring down the world" attitudes.
In reality, I'm not sure MS releases that many more - if not many fewer - patches than goes into a Linux distro after the Linux distro's release. All software included... as the "normal user" would use it/perceive it. Amarok "came with Linux" just like WMP "came with Windows" to a "normal" person :)
Re:The more crap you add... by david_thornley · 2009-10-09 05:18 · Score: 1

Who counts the vulnerabilities, and how? You can't really count them the same way, since Microsoft can just keep quiet about unexploited vulnerabilities, and you can't just count exploited vulnerabilities since a given vulnerability, once known, is much more likely to be exploited on Windows than on Linux. I'd call it impossible to do an apples-to-apples comparison.

--
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Re:The more crap you add... by david_thornley · 2009-10-09 05:25 · Score: 1

I didn't get an equivalent to Visual Studio with my Ubuntu install, but I'm pretty sure I got Apache, which would add IIS to the typical Windows install. It also wouldn't be surprising to get one or more equivalents to SqlServer, and some do provide multiple replacements for Visual Studio.
The standard Ubuntu distro provides patches for a large amount of software I've got, while Windows Update just updates Windows and IE and a few other things.

--
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Re:The more crap you add... by Khyber · 2009-10-09 05:38 · Score: 1

"That said, I've had no issues with five different webcams functioning properly under Ubuntu, without having to compile anything. I believe this is commonly referred to as "It Just Works(TM)"
Try that under 64-bit Ubuntu. Logitech Quickcam EMessenger, Lifecam VX-1000/3000/6000, none work in 64-bit Ubuntu. I try every day.
But they'll work just fine in 32-bit.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.

EVERY version of Windows? by CSMatt · 2009-10-08 12:01 · Score: 4, Funny

Does this mean that my Windows 3.1 box will finally get the DST update?

Re:EVERY version of Windows? by Kratisto · 2009-10-08 12:58 · Score: 2, Funny

No, you'll have to move to Arizona. Sorry.

--
Conscience is the inner voice which warns us that someone may be looking.
Re:EVERY version of Windows? by Anonymous Coward · 2009-10-08 14:35 · Score: 0

No, you'll have to move to Arizona. Sorry.
Or India (as an added advantage, that is also where your job is going ;) )
Re:EVERY version of Windows? by Anonymous Coward · 2009-10-08 14:48 · Score: 0

sorry it will only work with Windows 3.11
Re:EVERY version of Windows? by Tumbleweed · 2009-10-08 15:22 · Score: 4, Funny

No, you'll have to move to Arizona. Sorry.
I'd rather use Windows 3.1 than live in Arizona.
Re:EVERY version of Windows? by Anonymous Coward · 2009-10-08 17:29 · Score: 0

Coming from someone whose ID is Tumbleweed?
Re:EVERY version of Windows? by Tumbleweed · 2009-10-08 17:35 · Score: 5, Funny

Coming from someone whose ID is Tumbleweed?
You bet. Arizona's so bad the plants evolved to get outta there!
Re:EVERY version of Windows? by Baricom · 2009-10-08 17:40 · Score: 1

No problem. Hawaii is also civilized.
Re:EVERY version of Windows? by rts008 · 2009-10-08 20:21 · Score: 1

No problem, as I look Great in a grass skirt!!!

--
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Re:EVERY version of Windows? by craagz · 2009-10-08 21:26 · Score: 1

LOL!!

I bet he din't notice your veteran slashdotness!!1

--
My Blog | Badsh

...Patch Tuesday by steelscalp · 2009-10-08 12:03 · Score: 4, Insightful

Last week's "critical updates" were two copies of Windows Genuine Annoyance.

Re:...Patch Tuesday by Fluffeh · 2009-10-08 12:12 · Score: 4, Interesting

Well, they can be called critical. It's subjective you see. Critical to you as a user, or critical to Microsoft as a business?

Yes, I think there is something in that for all of us, don't you? *puffs pipe*

--
Moved to http://soylentnews.org/. You are invited to join us too!
Re:...Patch Tuesday by Entropius · 2009-10-08 12:14 · Score: 3, Insightful

It's a very good security strategy to piss off all your customers with WGA and Windows Media bullshit until they all turn off automatic updates.
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 12:27 · Score: 0

How exactly does WGA piss off MS customers? I seem to recall it only nags the 'non-customers'.
Re:...Patch Tuesday by Elwood+P+Dowd · 2009-10-08 12:50 · Score: 4, Insightful

MS requires customers to install the new WGA on a regular basis. That is also nagging.

--

There are no trails. There are no trees out here.
Re:...Patch Tuesday by sconeu · 2009-10-08 12:58 · Score: 1

You forgot Office Genuine Annoyance, too.
Why is it critical?

--
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 13:01 · Score: 5, Interesting

I built my system myself which means that I'm more than capable of grabbing a bootleg copy of Windows online. Instead I chose to pay for a copy of WinXP because the OS is a MAJOR part of my system and as such was worth the asking price. (And also because I'm not a thieving schmuck. If you don't want to pay use Linux.)
Ever since I've been hounded by WGA. I just want my system patched. Microsoft wants to verify "something", god knows what, every time I try to access patches. Their checker needs updating quite often. I don't know what it does. I don't know what info it sends them. I just know it's an annoyance, maybe a personal security risk. I can't patch without it. (Officially that is. I'm aware of "alternate" patch sources but how secure is that? Seriously now, come on...)
This is the thanks I get for dropping money on their product. I passed on Vista. I'll pass on Win7. Once this system has aged to the point of uselessness (translation: can't game any more) I'm going to Linux full time. Why? BECAUSE THEY ACT AS IF THEY OWN MY MACHINE, NOT ME. THAT pisses me off.
So f--- them. I'm done.
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 14:00 · Score: 0

Critical update means the patch is needed. Recommended means they advise you should get it, optional is entirely up to you. If you understand what they mean it makes more sense.
WGA is used to authenticate your copy of windows as genuine, and only valid legit copies of windows are allowed to download certain patches. See the connection?
Re:...Patch Tuesday by TheRealMindChild · 2009-10-08 14:24 · Score: 2

Firstly, I have never been "hounded" by WGA. Sure, sometimes it wants to install before other updates. So does Windows Media Player and Internet Explorer.

Aside from that, you CAN patch from MS themselves without WGA, using Offline Update. You can even burn the resulting files to disk and take it with you for patching friends/families machines.

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 14:28 · Score: 0

"It's a very good security strategy to piss off _a_tiny_minority_ your customers with WGA and Windows Media bullshit until they all turn off automatic updates."
There, fixed that for you.. the vast majority of people don't even notice. Get over yourself.
Jorgie
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 14:29 · Score: 0

Games... The only thing that holds me to windows is games.
I would gladly pay full price for games I use if they were linux native and available at the same time as the windows games.
I use linux for work and I dual boot at home, but I want my Fallout 3 and Oblivion
I had to re-install vista after trying to upgrade a hard drive. Then I got treated like a criminal when I reactivated. I had to talk to a woman from India. Did I just purchase the PC? id I buy the OS seperately? I just wish I could finally go to 100% linux.
Re:...Patch Tuesday by Totenglocke · 2009-10-08 15:17 · Score: 0, Troll

Sorry, but I don't understand the hate for WGA. Windows is pretty much THE most pirated software out there, and WGA is a very basic attempt to make it at least a little hard for pirates. It causes no problems to people with a legit copy of XP (or the pirates smart enough to use a WGA crack) and only hounds pirates (or again, the pirates not smart enough to use a WGA crack). Who gives a rats ass if you can't patch without having a small WGA check? It checks your system to see what patches you need, how is checking WGA any different?

Microsoft wants to verify "something", god knows what, every time I try to access patches.
They want to take literally 1 second to check that you have a legit copy of Windows (or in the case of using a crack, what WGA is told is a legit copy). 1 second. Even the President isn't so busy that he's going to foam at the mouth over waiting literally 1 second.
Complaining about WGA is as stupid as people complaining about having to put the cd / dvd in to play a game. It's a very minor form of copy protection that causes no inconvenience to users - well, users that don't like to bitch about the massive effort of having to put a disc in to play a game.......I can only imagine the moaning they do over having to put a dvd in to watch a movie or put a cd in the stereo to listen to music.
I'm pretty much the biggest anti-DRM person that there is. But as long as you own a legit copy, WGA in no way impedes your ability to use Windows, nor does it impede your ability to install without an internet connection.

--
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
Re:...Patch Tuesday by Mr.+Roadkill · 2009-10-08 15:41 · Score: 3, Informative

That's now at www.wsusoffline.net
Re:...Patch Tuesday by ajlisows · 2009-10-08 16:41 · Score: 1

I myself have not been hounded (I'm actually using the Windows 7 RC Dual Booting Kubuntu on my "Main Production" laptop) but I have noticed an inordinate amount of WGA on XP machines. At least 8 different friends/family members have asked me "Why is this WGA thing always coming up" in the last six months. These are reasonably competent users who are all running whatever OEM version of Windows came installed on their boxes. One friend of mine happened to have it come up 4 times in that span while I was at his house. He had me watch him click through it to make sure he did it right. It keeps coming back. I have no idea why.
None of them have anything to hide but they are starting to feel a little spooked by it. "Does Microsoft think I stole this software or what?" is a common question regarding it. Two of them have at least considered trying Linux out solely because of the feeling that they are being watched too closely. Two users are a drop in the bucket but I think my anecdote is a bit telling in regards to what type of effects their stupid WGA is having.
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 16:44 · Score: 0

You obviously don't live in an area where dial-up is the only option for getting online. Your "literally 1 second" can drag out for many minutes. Every fucking time it updates.
Fuck you for implying anyone with a gripe is "stupid".
Re:...Patch Tuesday by Solra+Bizna · 2009-10-08 17:10 · Score: 1

Complaining about WGA is as stupid as people complaining about having to put the cd / dvd in to play a game. It's a very minor form of copy protection that causes no inconvenience to users - well, users that don't like to bitch about the massive effort of having to put a disc in to play a game.
The only reason I have a working optical drive between the three computers that I A) use regularly and B) have a monitor for is that a replacement for my most recently deceased one arrived today.
All the effort in the world won't cram my Brood War CD into the empty space that used to hold my G5's DVD drive and make it work.

I'm pretty much the biggest anti-DRM person that there is.
I think the fallacy in this statement is so blatantly obvious that I don't even need to point it out. (Which I did anyway. Go figure.)
-:sigma.SB

--
WARN
THERE IS ANOTHER SYSTEM
Re:...Patch Tuesday by Anonymous Coward · 2009-10-08 18:35 · Score: 0

I might be wrong but this reads like a well constructed story rather then honest confessional. All these stories spend the first paragraph convincing of their objectivity. Usually it's statements how they don't care about the system or how they dislike linux.
Second paragraph is some sort of negative experience which is usually very...unconvincing, sometimes over exaggerated.
The third paragraph has that 'this hurts me more then you' feeling. It claims it's going to switch systems, and cease it's long term support for windows.
These posts are useless. They provide nothing interesting. No technical insight in a problem or a fresh perspective.
In short it's sort of like someone saying 'I am not wearing Nike's anymore the last model was very uncomfortable, my feet bled every time I wore them. f-- them, i'm done.' Then it turns out there was a stone in the shoe and the person never bothered to look.
Re:...Patch Tuesday by Serious+Callers+Only · 2009-10-08 19:34 · Score: 1

How exactly does WGA piss off MS customers? I seem to recall it only nags the 'non-customers'.
It does nag a lot about updates, and sometimes it gets it wrong anyway.
I installed a new version of Windows recently on a VM, and it accused me of having an unauthorised version and removed the desktop picture, just because I'd changed some hardware (in the VM). Had to go through the activation process to get back to normal, but it was somewhat irksome to be accused of stealing before I'd even been given a chance to correct the situation.
That and the stupid bubbles every 5 minutes from the task bar about how it has found new hardware, and anti-virus updates cannot be downloaded, and are now being downloaded, and it is keeping itself up to date for me, and Windows has detected a new network, etc etc, reminded me why I don't use Windows very much.
Re:...Patch Tuesday by wvmarle · 2009-10-08 19:36 · Score: 1

[WGA rant]
This is the thanks I get for dropping money on their product. I passed on Vista. I'll pass on Win7. Once this system has aged to the point of uselessness (translation: can't game any more) I'm going to Linux full time. Why? BECAUSE THEY ACT AS IF THEY OWN MY MACHINE, NOT ME. THAT pisses me off.
So f--- them. I'm done.
It may be redundant for me to point it out to you, I mean this is Slashdot after all, but maybe just maybe you should consider thinking about the fact that there could be other operating systems out there that are not made by MS and that do not employ WGA and related annoyances. Some of them may even be considered "modern" and "secure". Oh and quite some of them may even be downloadable from the Internet for you to try, without having to pay for it.
Ubuntu, Mandriva, FreeBSD, Fedora and Debian are a few names that come to mind.
We (well most of us) live in a free world and are allowed to make choices. If you don't like a product, move on and get something you do like and enjoy.
Re:...Patch Tuesday by thejynxed · 2009-10-08 19:47 · Score: 1

If it makes you feel any better, their OGA system is so fscked up, that it doesn't work properly on Office 2k7 from the Power Together program. The files install properly, but no matter how many times you attempt to get updates via the Office Update site, it fails.
You either have to download all of the patches manually or rely on Microsoft Update instead of Office Update.
(The Power Together version is in the form of an .exe installer that you downloaded from Microsoft. They mailed you the serial number.)

--
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
Re:...Patch Tuesday by myspace-cn · 2009-10-08 20:37 · Score: 0, Troll

I'll pass on win 7, and Vista
no pro tools 8 when ie8 is slipstreamed or installed - $200
no lexicon - $1500
no hp 3570c - $40
$1740 of hardware to be tossed out? For what?
$300 + 6 months of installing, testing, debugging, and serial number entering fun?!
Only to find various forms of box canyons, no u-turns, dead-ends and incompatibilities?
To spend months tracking down conflicts and debugging the system so there are no errors in the freaking CRAPPY ASS event viewer?
To spend months custom tweaking conflicting dll's, programs, and re-compiling custom code that might not work?
(And yeah if your wondering I use Linux, and FBSD, but not for Video/Audio workstations)
What Microsoft needs to do is cut it out with the once a month patch nonsense. Patch when the patch is available. DAILY.
The second thing is they need to provide a way to remove ie8 and roll it back to ie7 on any box.
Even if it was slipstreamed and has no god damned c:\windows\ie8\spuninstall.exe file existing.
(That ie8 breaks hell of shit besides pro tools, it breaks translation software also.)
If all you want to do is blog and buy shit off ebay I would push an ubuntu/debian on ya.
If you want to produce video and audio, you want an (32bit) XP SP3 with NO ie8!
And if that box has to face the web you want it hidden behind IPCop.
Still Microsoft is screwing up. I remember when they stopped updates on ftp.
They really suck, if you break IE8 you will not be able to update.
If you break IE8 you can not use system restore.
(Side note: turn system restore off your data drives!)
I now have a pair of drives, I clone the OS back and forth. And another for data drive, I don't back up.
I use Sun Virtual Box to create three ubuntu's which I use for
1. Blogs, dangerous web fun
2. eBay bidding, amazon shopping
3. Paypal/Banks
I am done with microsoft too, but in a different way. (I only wish I could figure out a way to download every potential driver for every known piece of hardware, so when they finally pull the plug, I will simply disconnect the XP workstation from internet access. (Why would you need access on a DAW/ Video worksta?) When you produce tv, you have to post times, and information about who's on the channel, you could technically just have two boxes, but when your not corporate media your limited by your financial ability, it's funny though cause I also found that security is ALSO limited by your financial ability.
As usual, I will lay low on the 14th and keep an ear up for problems before I patch.
Re:...Patch Tuesday by Blakey+Rat · 2009-10-08 20:40 · Score: 1

What are you talking about "hounded?"
I have an XP machine, I just do *nothing* and it patches itself every month. Are you going out of your way to make it annoying, or what? "Yeah, I do every single step of every single MSI file manually using a hex editor, and it's sooo annoying!"
Look, here's how do you it: go to Control Panels, set updates to "Automatic", set the time to 3:00 AM (the default), then do nothing else, ever. Congratulations, you have an updated Windows box. One morning a month you might have to re-login, but that hardly counts as "hounded."

--
Comment of the year
Re:...Patch Tuesday by Toreo+asesino · 2009-10-08 20:43 · Score: 1

It's not forced on users; you can say "no". But you won't get any Windows freebies if you say no (Security Essentials, IE8, etc, etc) - patches will come regardless of your answer.

--
throw new NoSignatureException();
Re:...Patch Tuesday by TERdON · 2009-10-08 21:56 · Score: 1

"BECAUSE THEY ACT AS IF THEY OWN MY MACHINE, NOT ME"
You should be glad that they don't act like they own you too? :P

--
I have a really elegant proof for Fermat's last theorem. If this sig was only a bit longer...
Re:...Patch Tuesday by Chris+Mattern · 2009-10-08 22:05 · Score: 2, Insightful

Lessee...domain is h-online.com, refers you to patch files hosted at heise.de--yep, that's direct from Microsoft, all right!
Re:...Patch Tuesday by gmack · 2009-10-08 23:11 · Score: 1

I am a legit user and I get burned burned by WGA all of the time. Ever try explaining to a customer why replacing the motherboard on their Acer means buying a new copy of windows?
Ever want to boot your windows partition from inside a Virtual machine? You can't WGA will detect the hardware changes and want to reauth.. boot back into windows directly? oops.
The problem with WGA is that it screws over legit users while doing very little to actually stop piracy.
Re:...Patch Tuesday by leapy · 2009-10-08 23:17 · Score: 1

They act as if they own the SOFTWARE, not you. I hate to break it to you - they DO own the software, not you. What you paid for was a license to USE their software on your hardware subject to THEIR terms and conditions. Now you don't like it, you know what to do.

--
--- Man hands on misery to man....until http://www.samsource.com/
Re:...Patch Tuesday by smoker2 · 2009-10-08 23:51 · Score: 1

I don't have WGA and I was offered IE8 over auto update.
Re:...Patch Tuesday by Toreo+asesino · 2009-10-09 00:16 · Score: 1

It won't install though unless you validate your copy of Windows (doesn't need WGA to be installed), which effectively does the same thing except then refuses installation rather than nags.

--
throw new NoSignatureException();
Re:...Patch Tuesday by hmar · 2009-10-09 00:40 · Score: 2, Insightful

I am a legit user and I get burned burned by WGA all of the time. Ever try explaining to a customer why replacing the motherboard on their Acer means buying a new copy of windows?
You don't need to. It may be a pain in the ass, but you can call microsoft and they will give you a new code. It even gives you the number when you try to activate it.
Re:...Patch Tuesday by csartanis · 2009-10-09 01:06 · Score: 1

Digital signatures, learn how to verify them.
Re:...Patch Tuesday by Anonymous Coward · 2009-10-09 01:06 · Score: 0

That sounds like a load of apologist crap to me. If it's so easy to bypass wga, what the hell is it there for? Seriously, do you work for M$?
Re:...Patch Tuesday by TheRealMindChild · 2009-10-09 01:10 · Score: 2, Insightful

If you bothered to even look, it is a set of scripts that download the patches directly from Microsoft servers, all which have a digital signature.

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Re:...Patch Tuesday by ConceptJunkie · 2009-10-09 02:43 · Score: 1

It's not forced on users; you can say "no". But you won't get any Windows freebies if you say no (Security Essentials, IE8, etc, etc) - patches will come regardless of your answer.
So you're saying there's no down side...

--
You are in a maze of twisty little passages, all alike.
Re:...Patch Tuesday by Follier · 2009-10-09 02:44 · Score: 1

Microsoft wants to verify "something", god knows what ...

Beats me.. I have had the same pirated copy of XP running on multiple machines for years now, and WGA has not reported a problem. I don't know what that little tool is actually doing, but it sure as hell isn't looking for pirated software.

(Not successfully, at any rate).
Re:...Patch Tuesday by Anonymous Coward · 2009-10-09 02:46 · Score: 0

I use to pirate Windows, but then one day I grew up and decided with the launch of Vista I'd go legit. Wow did I get screwed.
So I paid $230-something for the retail version so I could legally transfer it to my next computer. I installed it, found out it was crap, and went back to my pirated XP. All was good.
Then a few months later I built a new machine, and decided I'd give it another try now that Vista was post SP1. I wanted the 64-bit version, so I fire up microsoft.com and order me a 64 bit disc for about 10 bucks. My license is already good for 32 or 64 bit, but I thought for $10 it'd be nice to have an official 64-bit disc.
Icing on the cake, when I received the 64-bit disc I had to pay another $4.00 for shipping. That will teach me to buy legal software.
Re:...Patch Tuesday by Anonymous Coward · 2009-10-09 13:49 · Score: 0

Dude, you even QUOTED him saying he was "going to Linux full time" which implies that he uses it part time!
Not being hateful, just kinda tickled by that. :D
Re:...Patch Tuesday by Anonymous Coward · 2009-10-10 05:58 · Score: 0

[...] Once this system has aged to the point of uselessness (translation: can't game any more) I'm going to Linux full time. Why? BECAUSE THEY ACT AS IF THEY OWN MY MACHINE, NOT ME. THAT pisses me off.
So f--- them. I'm done.

It may be redundant for me to point it out to you, I mean this is Slashdot after all, but maybe just maybe you should consider thinking about the fact that there could be other operating systems out there that are not made by MS and that do not employ WGA and related annoyances. Some of them may even be considered "modern" and "secure".
Yeah, it's redundant. He actually mentioned that very same free operating system in his own post.

Long Weekend by camperdave · 2009-10-08 12:04 · Score: 3, Insightful

Isn't Tuesday the first day back from a long weekend? Is that really the best time to do this? We'll be up to our eyeballs in password resets already. (How do people forget a password in three days?)

--
When our name is on the back of your car, we're behind you all the way!

Re:Long Weekend by CannonballHead · 2009-10-08 12:09 · Score: 1

only if you have Monday off! ;)
Re:Long Weekend by Fluffeh · 2009-10-08 12:14 · Score: 5, Insightful

How do people forget a password in three days?
Because people are stupid. A person is smart, but people are stupid.

One of the most strangely insightful comments in Men in Black from memory.

--
Moved to http://soylentnews.org/. You are invited to join us too!
Re:Long Weekend by Anonymous Coward · 2009-10-08 12:28 · Score: 0

(How do people forget a password in three days?)
When IT implements some policy that requires your password to be 10 characters long, have at least 2 digits, 2 symbols, no consecutive characters can be next to eachother on the keyboard or in alphabetical or reverse alphabetical order, nor can any 3 consecutive characters have ever occured in that order in your last 40 passwords.
Re:Long Weekend by Azureflare · 2009-10-08 12:29 · Score: 1

"It's hard to remember a password when it isn't written down!"

I'll bet you hear that a lot.
Re:Long Weekend by Anonymous Coward · 2009-10-08 12:30 · Score: 0

whoa, dude, Canada-centric much?
Re:Long Weekend by Anonymous Coward · 2009-10-08 12:32 · Score: 0

Password Safe
Re:Long Weekend by Anonymous Coward · 2009-10-08 12:43 · Score: 0

It's not a long weekend for the majority of people you nitwit. Especially not "Microsoft central" (that would be the US).
Re:Long Weekend by PrimaryConsult · 2009-10-08 13:02 · Score: 3, Insightful

How do people forget a password in three days?
Duh, the janitor who comes in on holidays keeps throwing out the post-its taped to the monitors!
Re:Long Weekend by jrumney · 2009-10-08 13:12 · Score: 1

Don't forget "no dictionary words to appear anywhere within the password".
Re:Long Weekend by Anonymous Coward · 2009-10-08 13:31 · Score: 0

But what about "I make this look good"?
Re:Long Weekend by flipper9 · 2009-10-08 13:55 · Score: 2, Insightful

Because people are required to memorize multiple passwords, between many different systems, that have different password construction requirements, require differing expiration dates on passwords. Not to mention each different system has a different login username and sequence. Then you wonder why people write their login information down on a post-it-note on their desk. Too many passwords and usernames lead to greater insecurity. Don't blame them for forgetting a password amongst so many.
Re:Long Weekend by Vellmont · 2009-10-08 14:23 · Score: 0

Columbus day? You mean the day I wonder why there was no mail delivery? Nobody gets Columbus day off except a few federal and state employees. Only in America do we celebrate a guy who got lost (and really was actually the 2nd European in the "New World").

--
AccountKiller
Re:Long Weekend by nbucking · 2009-10-08 16:05 · Score: 1

Easy just switch to a security access protocol that doesn't require a password. Like a common access card or fingerprints. You would still use pins (much easier then complex passwords) and it would be expensive (equipment wise) at first but think about the amount of time you would save. Plus it is much more secure since it also gives authentication as well as access. Passwords are extremely prone to social engineering.
Re:Long Weekend by WizzardX · 2009-10-08 16:11 · Score: 1

Obligatory demotivator
Re:Long Weekend by Anonymous Coward · 2009-10-08 16:19 · Score: 0

We'll be up to our eyeballs in password resets already.
Not everyone is a Help Desk Nigger, you know.
Re:Long Weekend by donaggie03 · 2009-10-08 16:50 · Score: 1

Except that when it comes to any sort of tech, persons are completely retarded as well.

--
Three days from now?? Thats tomorrow!! ~Peter Griffin
Re:Long Weekend by Anonymous Coward · 2009-10-08 17:39 · Score: 0

LOL who was the first then? Chuck Norris? The minister of agriculture of Japan? I bet you believe Star Wars movies were historic reenactments. Oh look! A t shirt with an American flag and a bald Eagle! OMG! If you wear it you can overwrite the past OMGOMGOMGOD!!!!111111ii
Re:Long Weekend by jnnnnn · 2009-10-08 19:49 · Score: 1

The kicking and punching stopped only when it became apparent that all the mob was attacking was itself. And, since the IQ of a mob is the IQ of its most stupid member divided by the number of mobsters, it was never very clear to anyone what had happened.
--Maskerade, Terry Pratchett

The intelligence of that creature known as a crowd is the square root of the number of people in it.
--Jingo, Terry Pratchett
Re:Long Weekend by thejynxed · 2009-10-08 19:59 · Score: 1

Vikings, you idiot.

--
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
Re:Long Weekend by Anonymous Coward · 2009-10-08 20:54 · Score: 0

13 fixes on the 13th. Should be fun! At least, they didn't pick a Friday.
Ivor Wingnut-Loose
CTO, RabbitFeet-R-Us
Room 13
Floor 13
13 Shitty Plaza
Palookaville MZ1313
Re:Long Weekend by rts008 · 2009-10-08 20:59 · Score: 1

Because people are stupid. A person is smart, but people are stupid.
Okay, n00b**, here's how it works:
1. one person can be intelligent
2. two persons can have an intelligent conversation
3. three persons introduce the 'unwashed masses' into the 'intelligent conversation', all reason and logic fail here
4. unwashed masses introduce 'herding bobcats in a burning barn' to the *alleged intelligent conversation*, and declare the change in topic okay by popular demand
5. ?????
6. Profit???
It does seem that the number of people involved in any given 'project' seems to produce more confusion and chaos....maybe the problem is people?
Any 'Perfect Plan/Ultimate Plan' will look great on paper, but as soon as you include humans into the mix, all bets are off. (sorry to mix metaphors here, but you get my point, I hope.-7 Deadly Sins, and alll...)
All meant in good fun;)

--
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Re:Long Weekend by mcgrew · 2009-10-09 02:00 · Score: 1

If it's your dog's name it's not easy to forget, but if your password is rW9/b@#47a I know I'd have a hard time remembering it. p4ss\/\/0rd just doesn't cut it any more.

--
Free Martian Whores!
Re:Long Weekend by camperdave · 2009-10-09 02:05 · Score: 1

I saw a show on the Discovery channel (or maybe the History channel) that discussed the practice of burying ceremonial spearheads - specifically how this one particular site in North America matched the practices of the prehistoric peoples of Europe (France specifically). The theory was that a seal hunting party got blown off course during a storm during the last ice age, back when the Bering Strait was the Bering Land Bridge. They figure that the hunting party followed the edge of the ice cap across the Atlantic.

--
When our name is on the back of your car, we're behind you all the way!
Re:Long Weekend by SuiteSisterMary · 2009-10-09 02:06 · Score: 1

The next time you choose to think less of Canadians, or cast aspersions upon them, remember this:
Several hundred years ago, Vikings came to Canada, and spent a winter here. After that winter, they said 'fuck this, it's way too cold and difficult to live here' and left.
Yes, Canadians live in a land too harsh for Vikings. Don't fuck with us, eh?

--
Vintage computer games and RPG books available. Email me if you're interested.
Re:Long Weekend by Prototerm · 2009-10-09 03:25 · Score: 1

How can someone forget a password in three days? Easy.They didn't stick the Post-It note with it on their monitor before going home Friday afternoon.
Sheesh! Think, people!

--
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Re:Long Weekend by Khyber · 2009-10-09 05:47 · Score: 1

"Yes, Canadians live in a land too harsh for Vikings. Don't fuck with us, eh?"
Why should we fuck with you when you fucked yourselves in choice of living area? ;)

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Re:Long Weekend by SuiteSisterMary · 2009-10-09 06:53 · Score: 2, Funny

You just remember that next time you come asking for clean water to drink, my friend.
Heard this one from a buddy of mine who lived in Minnesota for a few years: "How do you find a Canadian in a room full of Americans? A: Start stepping on toes. Whoever says 'sorry' is the Canadian." It's funny because it's true.

--
Vintage computer games and RPG books available. Email me if you're interested.
Re:Long Weekend by Khyber · 2009-10-11 04:08 · Score: 1

"You just remember that next time you come asking for clean water to drink, my friend."
I run hydroponics - my water is cleaner than most municipalities on the continent thanks to a RO filtration system.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.

Windows 2000? by Azureflare · 2009-10-08 12:05 · Score: 2, Interesting

I'm guessing windows 2000 isn't one of the operating systems that will be patched?

I couldn't find details in the article, but since extended support has ended... RIP win2k :(

P.S. unless it's not affected by this? but I think there are previous vulnerabilities which haven't been patched too so maybe win2k is already dead and I missed the boat.

Re:Windows 2000? by Fluffeh · 2009-10-08 12:15 · Score: 1

so maybe win2k is already dead and I missed the boat
so maybe win2k is already dead and I missed the decade
There, fixed that for you.

--
Moved to http://soylentnews.org/. You are invited to join us too!
Re:Windows 2000? by Opyros · 2009-10-08 12:44 · Score: 2, Informative

Extended support hasn't ended just yet.
Re:Windows 2000? by jeffasselin · 2009-10-08 14:01 · Score: 1

I remember them saying backporting some of the fixes from last month wasn't even doable to the W2K codebase. You're already obsolete.

--
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.

Autodestruct? by Mishotaki · 2009-10-08 12:05 · Score: 0, Offtopic

Will it make every PC that uses windows ME self-destruct?

Re:Autodestruct? by BenBoy · 2009-10-08 12:13 · Score: 3, Funny

Will it make every PC that uses windows ME self-destruct?
Nope, that doesn't require a patch; it was built into the original release ...
Re:Autodestruct? by Fluffeh · 2009-10-08 12:16 · Score: 3, Funny

Will it make every PC that uses windows ME self-destruct?
Not likely, PC's running Windows ME probably don't have the power to do more than to self fizzle at most. I would personally be impressed if they let out the smallest little puff of smoke. I think the reality would be that they just refuse to power up due to shame.

--
Moved to http://soylentnews.org/. You are invited to join us too!
Re:Autodestruct? by SilverHatHacker · 2009-10-08 12:24 · Score: 1

Obviously, you were lucky enough to never encounter the following error message:

Computer will now throw itself out window. Press F1 to continue.

--
Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
Re:Autodestruct? by siddesu · 2009-10-08 12:25 · Score: 1

No, it will only show the "Autodestruct" button. You still have to kill all monsters and hit it manually (with a fist) to have the PC assplode.
Re:Autodestruct? by von_rick · 2009-10-08 12:29 · Score: 5, Funny

Nope, that doesn't require a patch; it was built into the original release ...
Yup. The hard drive with ME installation will jump out from the chasis, climb the refrigerator and rub itself all over the magnets.

--
Face your daemons!
Re:Autodestruct? by dubbayu_d_40 · 2009-10-08 12:37 · Score: 1

I'll wager not just ME, but all versions that are not Windows 7.
Re:Autodestruct? by Anonymous Coward · 2009-10-08 12:53 · Score: 0

hard drive porn!
Re:Autodestruct? by Spewns · 2009-10-08 12:57 · Score: 1

I'll wager not just ME, but all versions.
Fixed.
Re:Autodestruct? by Lulfas · 2009-10-08 13:01 · Score: 1

You..... you win. There is nothing better to be found on the internets than the image that put in my mind. Good game sir, good game.
Re:Autodestruct? by Anonymous Coward · 2009-10-08 13:20 · Score: 0

LOL, funniest thing I read today.
Re:Autodestruct? by Anonymous Coward · 2009-10-08 14:31 · Score: 0

Holy shit! Yours did that too?
Re:Autodestruct? by Anonymous Coward · 2009-10-08 15:58 · Score: 0

Yup. The hard drive with ME installation will jump out from the chasis, climb the refrigerator and rub itself all over the magnets.
RTFM n00b. WinME manual clearly says, "check all screws holding your HDD in place to ensure firm and secure positioning. If you just followed the instructions, you'd be fine.
Re:Autodestruct? by s1lverl0rd · 2009-10-08 18:39 · Score: 1

I don't know what you are talking about. I have been running ME for more than five years and it is still chugging alo
Re:Autodestruct? by jihiggs · 2009-10-08 18:53 · Score: 1

nice strong bad reference
Re:Autodestruct? by AliasMarlowe · 2009-10-08 19:08 · Score: 1

Obviously, you were lucky enough to never encounter the following error message:

Computer will now throw itself out window. Press F1 to continue.
But I have encountered the almost zen-like error message:
"Error: the operation completed successfully."
It occurs in Windows 3.1, 95, 98, 2k, and XP (have not tried ME, NT, Vista, or 7).

--
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Re:Autodestruct? by sorak · 2009-10-09 01:17 · Score: 1

Nope, that doesn't require a patch; it was built into the original release ...
Yup. The hard drive with ME installation will jump out from the chasis, climb the refrigerator and rub itself all over the magnets.
But that may ruin my magnets!
Re:Autodestruct? by ais523 · 2009-10-09 03:30 · Score: 1

That isn't just common to Windows. Linux and other UNIX-alikes frequently have the rather paradoxical "Error: Success" (which I have also seen on Windows). I suspect there's something similar on the Mac. The reason behind this, incidentally, is when a command reports an error but doesn't give the reason (or it does give the reason, but it gets clobbered before being shown to the user because it's stored in a global variable: yay C design faults). This leaves the error code at "no error", which is translated into "Success" (or "the operation completed successfully") by the (standard library) code that translates error messages into strings.

--
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
Re:Autodestruct? by Anonymous Coward · 2009-10-09 04:39 · Score: 0

I would personally be impressed if they let out the smallest little puff of smoke
that happened to me once when I accidentally grounded my motherboard to my chassis

in the last patch supertuesday by circletimessquare · 2009-10-08 12:06 · Score: 2, Interesting

i got this awesome bug fix such that Outlook now says "This copy of Office is not genuine. Click here to learn more online." in an unremoveable toolbar

can't wait to see what gets patched next!

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

Re:in the last patch supertuesday by Anonymous Coward · 2009-10-08 12:20 · Score: 0

Maybe they can patch that hole in your wallet so you can by a legit copy.
Re:in the last patch supertuesday by Grishnakh · 2009-10-08 12:25 · Score: 2

I wish they'd patch my work computer to do that, and in such a way that the IT department can't fix it. I hate Outlook, and I'd love a good excuse to not use it any more.
Re:in the last patch supertuesday by Entropius · 2009-10-08 12:28 · Score: 1

Thankfully Office is considered quaint where I work. Anybody who wants to be taken seriously uses vi/emacs/kwrite/textpad and LaTeX.
Re:in the last patch supertuesday by Darth_brooks · 2009-10-08 12:59 · Score: 2, Informative

I used to say that. Then we got forced onto Lotus Notes.
and when I get to Heaven To St. Peter I will tell: "One more Notes user reporting, Sir -- I've served my time in Hell."

--
There are some people that if they don't know, you can't tell 'em.
Re:in the last patch supertuesday by f8l_0e · 2009-10-08 12:59 · Score: 2

Is your employer hiring?
Re:in the last patch supertuesday by plague3106 · 2009-10-08 13:02 · Score: 3, Insightful

Well stop pirating office and you won't have those kinds of problems.
Re:in the last patch supertuesday by AmberBlackCat · 2009-10-08 13:40 · Score: 1

Was it "genuine"? Cause all I got was a message saying the system was being updated. I waited that out and everything worked as usual. The only annoyance was it didn't say what was updated, nor did it ask if I wanted the updates even though my settings are to notify me before updating.
Re:in the last patch supertuesday by Ritchie70 · 2009-10-08 15:34 · Score: 1

That's funny, because we're in the process of being switched from Notes to Outlook and I miss Notes terribly.
Come on, I can't even make the folder name font bigger without increasing the drop-down menu size for all of the programs?

--
The preferred solution is to not have a problem.
Re:in the last patch supertuesday by jihiggs · 2009-10-08 18:58 · Score: 1

The hair on the back of my neck still stands up when I hear the words "lotus notes". I supported it for 2 years, I still feel icky.
Re:in the last patch supertuesday by Anonymous Coward · 2009-10-09 00:46 · Score: 0

Seriously? That's your complaint? Nevermind that Notes' task manager is crap, they cant do very much in the way of email highlighting rules, tasks can't have highlight rules at all, when it fails over to the backup mailserver it marks hundreds of emails as unread, and it locks up during searches.
Notes is not an email system. It is a document retrieval system with email tacked on. And it does both poorly.
Re:in the last patch supertuesday by Ritchie70 · 2009-10-09 12:48 · Score: 1

Yes, that's my complaint. I was able to enlarge the entire Notes interface with one setting in a config file.
On a 1600x1040 (something like that) laptop screen, a 8-point font that I can't change without impacting the entire operating system is not acceptable.

--
The preferred solution is to not have a problem.

Microsoft plans largest ever patch tuesday by Anonymous Coward · 2009-10-08 12:10 · Score: 0

Microsoft plans largest ever patch Tuesday with a ton of awesome features. It will be ready in a few years. Make that 10 years. And actually, scrap the features. By the time it arrives, none of the features are anywhere to be seen, and all they accomplish is add eye candy, a 16 Gb memory footprint and 75% performance cut. Oh, and nobody will install the patch.

Bad luck by gmuslera · 2009-10-08 12:12 · Score: 4, Funny

13 patches released at 13:00 of Tuesday 13. Windows sysadmins that day will have to pass below ladders, see a black cats cross in front of them and then break a mirror. But that will be nothing. The worst part will be when they turn on the computer, and see that windows is still running.

Re:Bad luck by AlexWillisson · 2009-10-08 14:30 · Score: 1

Well, at least they aren't putting it off to November 13th (Friday)
Re:Bad luck by mpe · 2009-10-08 22:13 · Score: 1

13 patches released at 13:00 of Tuesday 13. Windows sysadmins that day will have to pass below ladders, see a black cats cross in front of them and then break a mirror. But that will be nothing.

It'll only be that time for people in a certain timezone. Indeed in a great many situations, quite possibly the majority, it's "Patch Wednesday" as usual.

Can't be right by Anonymous Coward · 2009-10-08 12:13 · Score: 1, Insightful

EVERY version of windows? Including windoze 95? I don't think so!!

WTF? by Anonymous Coward · 2009-10-08 12:15 · Score: 0

Why the fuck is there a story about this? Is Slashdot that lame?

Re:WTF? by Anonymous Coward · 2009-10-08 12:21 · Score: 0

You're lamer for reading it.

And also lamer for reading this comment.

And I'm even lamer for writing it.

Le sigh.
Re:WTF? by Anonymous Coward · 2009-10-08 15:03 · Score: 0

And I'm lamer because I wanted to tell you you were lamer for writing it.

among the fixes... by postmortem · 2009-10-08 12:15 · Score: 1

is there a fix for popular '12345' Windows Live passwords ?

Re:among the fixes... by Azureflare · 2009-10-08 12:23 · Score: 1

Sorry, there's no software fix possible for PEBKAC vulnerabilities.
Re:among the fixes... by Ant+P. · 2009-10-08 20:59 · Score: 1

They're being changed to "123456"

Wring. 13 advisories with 34 issues. RTFM by seifried · 2009-10-08 12:31 · Score: 4, Informative

http://blogs.technet.com/msrc/archive/2009/10/08/october-2009-bulletin-release.aspx

For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning.

Re:Wring. 13 advisories with 34 issues. RTFM by John+Hasler · 2009-10-08 13:29 · Score: 2, Funny

So you are going to have to reboot more than thirty times to install this?

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Wring. 13 advisories with 34 issues. RTFM by seifried · 2009-10-08 13:43 · Score: 1

Fortunately just the once. You can thank Windows insane file locking (easy to establish a lock, hard to make sure everyone let go, so the easiest way to overwrite a file is put it in the queue for overwriting at reboot time when you can be sure no-one is messing with it). Linux is so much saner in this aspect.
Re:Wring. 13 advisories with 34 issues. RTFM by shutdown+-p+now · 2009-10-08 16:03 · Score: 2, Informative

Fortunately just the once. You can thank Windows insane file locking (easy to establish a lock
To clarify what this means, Win32 API function CreateFile, which opens files, locks them for exclusive access if the argument in which lock flags are passed is set to 0. In other words, the default is "lock for everything", and you explicitly have to opt out of that by specifying things like (FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE).
This has a minor advantage in that stupid people often forget to lock their files properly, and then applications crash (or silently corrupt data) because they don't expect someone else to write at the file they've opened, and don't handle it properly. But it also has a major disadvantage in that every lazy bastard just passes 0 there and locks file for exclusive access, rather than for the minimum that he needs.
Re:Wring. 13 advisories with 34 issues. RTFM by mpe · 2009-10-08 22:20 · Score: 1

Fortunately just the once. You can thank Windows insane file locking (easy to establish a lock, hard to make sure everyone let go, so the easiest way to overwrite a file is put it in the queue for overwriting at reboot time when you can be sure no-one is messing with it). Linux is so much saner in this aspect.

Ths issue is rather deeper into the internals of WIndows. Since unix type systems will let you delete a file regardless of what might be using/locking it. Maybe Windows uses the filename as a key reference, which may have some other strange consequences since IIRC NTFS supports the equivalent of hard links.
Re:Wring. 13 advisories with 34 issues. RTFM by Abcd1234 · 2009-10-09 03:26 · Score: 2, Informative

To clarify what this means, Win32 API function CreateFile
Actually, the real issue is that OpenFile does the exact same fucking thing. The result is that you can't replace things like existing DLLs on a live system because you can neither delete them nor overwrite them so long as an application has the DLL open (and that includes Windows itself).
Linux, OTOH, thanks to it's Unix underpinnings, will happily let you delete an open file... the inode just goes away once all references to it have been closed. Meanwhile, any new applications which open the file will see the new version (which is attached to a new inode).
Re:Wring. 13 advisories with 34 issues. RTFM by shutdown+-p+now · 2009-10-09 04:10 · Score: 1

Actually, the real issue is that OpenFile does the exact same fucking thing.
No surprise there, given than OpenFile is a legacy function inherited from Win 3.1, and deprecated in favor of CreateFile in WinNT/9x timeframe. CreateFile is used both to create new files, and open existing files (the name says "create" because it always creates a new file handle).

Linux, OTOH, thanks to it's Unix underpinnings, will happily let you delete an open file... the inode just goes away once all references to it have been closed. Meanwhile, any new applications which open the file will see the new version (which is attached to a new inode).
Did you read the entirety of my previos post? Windows/NTFS works in exact same way, and you can open a file in such a way that you can work with it while another process successfully deletes it (FILE_SHARE_DELETE does just that). It doesn't really have to do anything with "Unix underpinnings", it's just the only sane design for a multi-user, multitasking OS.
It's all there in NT, the only problem is that the person opening the file must properly specify all permissions, and the default is restrictive rather than permissive.
Why you can't delete currently loaded DLLs (i.e. why they're opened with a write/delete lock by the OS) is a slightly different issue. So far as I know, it's not really some design limitation of modern versions of Windows, but rather a deliberate design decision (I wouldn't be surprised if it's yet another of those dark back-compat corner cases).
Re:Wring. 13 advisories with 34 issues. RTFM by Anonymous Coward · 2009-10-09 04:36 · Score: 0

The situation with FILE_SHARE_DELETE is a little different than in Unix/Linux. If a process deletes a FILE_SHARE_DELETE file, the file is marked for deletion once the last handle to it is closed. However, its entry still exists in the file system, unlike in Unix. Another process could open the FILE_SHARE_DELETE file after a different process had deleted it, and if any of the processes clear the "delete on closing" flag, the file will not be deleted. Note that in order for the file to be used in this way, all processes involved must open it with the FILE_SHARE_DELETE flag. Citation.
- T
Re:Wring. 13 advisories with 34 issues. RTFM by shutdown+-p+now · 2009-10-09 04:53 · Score: 1

If a process deletes a FILE_SHARE_DELETE file, the file is marked for deletion once the last handle to it is closed. However, its entry still exists in the file system, unlike in Unix. Another process could open the FILE_SHARE_DELETE file after a different process had deleted it, and if any of the processes clear the "delete on closing" flag, the file will not be deleted.

Are you sure? The article you've linked to (or rather one of the comments) describe it differently:
Instead the basic semantics are that you open a handle to a file and then you can mark the handle as "delete on close" (assuming the handle is open for delete access). Once you've done this, when the last handle to the file object (and file objects are single instanced under the hood - there's a kernel object backing the handle that understands things like current position in the file but I always get the names mixed up), the file is deleted.
Until that time, no new handles may be opened to the same file, but existing handles remain valid.
You're right about the directory entry remaining there, however. So the way it works is that you still see the file in the listing, but you can no longer open it.
Curiously enough, this is different for renaming: you can rename a file, and that doesn't leave a directory entry for the old name hanging around in a similar way.
Re:Wring. 13 advisories with 34 issues. RTFM by Abcd1234 · 2009-10-09 05:17 · Score: 1

CreateFile is used both to create new files, and open existing files (the name says "create" because it always creates a new file handle).
*boggle* Jebus. Thank god I never have to touch the lower-level Win32 APIs directly...
Given that, yeah, my post is obviously redundant. I'd always ran under the assumption that CreateFile really meant create a file... silly me. :)
Re:Wring. 13 advisories with 34 issues. RTFM by Anonymous Coward · 2009-10-09 15:04 · Score: 0

Are you sure? The article you've linked to (or rather one of the comments) describe it differently
Oops, I intended to link to the comment above that one, posted by Larry Osterman, the blog's author:

It's pretty simple - if someone attempts to open the file for delete access, the system checks to make sure that everyone who has he [sic] file opened has it opened for FILE_SHARE_DELETE access. If they do, then the open is granted, if they don't, it's denied.
But as you noted, Michael Grier's post states otherwise, and he's no slouch. This is going to bother me until I write a test case, but it's not interesting enough to overcome my natural laziness...

- T
Re:Wring. 13 advisories with 34 issues. RTFM by shutdown+-p+now · 2009-10-09 20:49 · Score: 1

It's pretty simple - if someone attempts to open the file for delete access, the system checks to make sure that everyone who has he [sic] file opened has it opened for FILE_SHARE_DELETE access. If they do, then the open is granted, if they don't, it's denied.
Right, but that doesn't speak about opening a deleted file. It merely says that if you're opening a file, and someone else had already opened it for FILE_SHARE_DELETE, then you have to open it for FILE_SHARE_DELETE as well. Presumably we're speaking about a file which is still there...
Re:Wring. 13 advisories with 34 issues. RTFM by Anonymous Coward · 2009-10-12 09:00 · Score: 0

This is what happens when I'm impatient while typing...

If a process deletes a FILE_SHARE_DELETE file...
That's clearly wrong. I tend to be wordy, and think I made a shortening edit that also corrupted the meaning. (In my defense, I'm using a new KVM which kills my keyboard repeat rate, and it's annoying.) Here's the part of your original post which looked amiss to me:

...and you can open a file in such a way that you can work with it while another process successfully deletes it (FILE_SHARE_DELETE does just that).
I believe I had meant to emphasize that FILE_SHARE_DELETE doesn't do just that, but that it merely marks the file for deletion. It seemed to me you were saying something different about the FILE_SHARE_DELETE flag. I'll try an example: If two processes both have a file open as FILE_SHARE_DELETE, when one of them closes all its handles to that file, the other isn't working with a deleted file, just a file which remains marked for deletion; the process which closed its handles has not successfully deleted the file, just closed one marked for deletion. Well, that's probably just as wordy as what I edited out originally - maybe I could have avoided this confusion by leaving my post as it was.

- T

What's the Canadian holiday? by XanC · 2009-10-08 12:58 · Score: 1

Here in the US it'll be Columbus Day. ...you nitwit.

Re:What's the Canadian holiday? by silvalen · 2009-10-08 14:17 · Score: 1

Except in Berkeley, where it will be Indigenous Peoples Day. Sad but true.
Re:What's the Canadian holiday? by Anonymous Coward · 2009-10-08 14:22 · Score: 0

Nobody except federal jackholes get time off for Columbus Day retard.
Re:What's the Canadian holiday? by camperdave · 2009-10-08 16:24 · Score: 2, Informative

"What's the Canadian holiday?"

That would be Thanksgiving.

--
When our name is on the back of your car, we're behind you all the way!
Re:What's the Canadian holiday? by ajlisows · 2009-10-08 16:50 · Score: 1

Who gets off on Columbus Day, anyway? My wife and a friend of mine are both (public) teachers. They don't have off on Monday. My mother in law works at a bank (Not a teller...in fact...I'm not quite sure what she does but it is some normal operations thing) and she doesn't have off. If at least some Banks and Public Schools are in session, who has off? Postal Workers?
It is easily the least advertised of the Federal Holiday's. Memorial and Labor Day? I Always hear about them as a large number of businesses are closed. Martin Luther King Day? There are ads for TV Specials on MLK and other civil rights leaders. Veterans Day? I at least hear people mention it and Radio Hosts will mention taking time to "Remember our Veterans of all wars". Columbus Day? I'd be shocked if I hear anyone even mention that it is Columbus Day.

Kudos by Linker3000 · 2009-10-08 12:59 · Score: 4, Interesting

Look, I know it's fashionable to make negative remarks about MS round here, but it's only fair to say 'well done' to them for bettering their previous high count. Hopefully they haven't run out of bugs to fix and they'll work hard to find and fix even more next time. Who knows, this time next year they could be fixing hundreds of bugs every month - and if we're lucky, some of them could be quite serious or critical - wouldn't that be just awesome!

Go MS!

--
AT&ROFLMAO

Re:Kudos by Anonymous Coward · 2009-10-08 20:51 · Score: 0

Who knows, this time next year they could be fixing hundreds of bugs every month
What, is Windows 7 shipping next year?
Re:Kudos by Anonymous Coward · 2009-10-09 02:06 · Score: 0

Well....these are not just regular 'bug fixes.' These are critical security holes where your machine can get compromised, yada yada. You read the reports and think - holy crap that OS is full of holes....
Re:Kudos by Anonymous Coward · 2009-10-09 05:52 · Score: 0

Hopefully they haven't run out of bugs to fix and they'll work hard to find and fix even more next time.
I know your now bashing MS here and that it's the truth... But it's basically the most important reason to switch away from M$ for anything critical, just like the enlightened people at the London Stock Exchange just did.
It is not normal to consider a "patch tuesday" where 14 bulletins are issued and 34 vulnerability fixed a "good thing" because it's more than usual nor is it normal to hope that they'll fix hundreds next time.
Recently the number of security issues concerning Windows have been frightening to read and who, in his own mind, can consider that Windows is anything but a swiss cheese? And it's really crazy to see the kneejerk welcoming this and touting: "look, see how great MS is at distributing security patches worldwide!". Seriously guys, what is wrong with all of you? 99% of those security issues should never have been there in the first place. Remember that there are today languages that are immune to buffer overrun/overflow, for a start. What about the whole priviledge escalation Windows SNAFU? Most exploit on Windows can be turned into admin-exploit, etc.
Yet, like the wife being beaten, people keep hoping that things are going to get better. What you don't get is that when they fix 34 issues like this the drones are creating, in secret, without knowing it, twice that many security issues due to fundamental misconception in the next MS products. Yet MS-fanbois keep asking for it.
That OS is leaking from so many place it's not even funny to bash it anymore.
Saying "great, they fixed more security issues than usual" and "see how great MS are, *they* do know how to distribute security fixes". They do know how to distribute security fixes and we should bow, gives up our OpenBSD servers and switch to "Windows 2010.12 booster-secure [TM]"?

13 Patches != 13 Flaws by Ralish · 2009-10-08 13:00 · Score: 5, Informative

I was about to bitch about the submitter/moderator not RTFA, but it turns out, the article doesn't mention it either, so I'll clarify instead: thirteen updates are being released which together address thirty-four security vulnerabilities of varying severity across varying products (ten of which are targetted at Windows). So, that's NOT thirteen flaws (plenty more actually), just thirteen updates, some of which (all?) address multiple flaws in the particular system they are targetted at. Of course, this is just the advance notification, so full details about how many vulnerabilities each update addresses and the general information on them won't be released until the patches are next Tuesday. I think it's also worth nothing (although the summary of course neglects to mention it) that the good aspect of these updates are both major zero-day exploits (targetting IIS & SMB 2.0) are patched with these updates.

And while I'm posting, why does Slashdot insist on linking to shitty tech magazine articles (poorly) summarising the raw and accurate data straight from Microsoft? Seriously, I'm not sure if it's some sort of aversion to linking to MS, but they're the ones doing the patching, so it follows that they have the best, newest, most accurate data on them, and they'll likely be the first to provide updates on their content. These articles are just summarising what Microsoft has published on their various web-sites, and being a summary, they provide a lot more information and raw data:

Microsoft Security Bulletin Advance Notification for October 2009
October 2009 Bulletin Release Advance Notification

Re:13 Patches != 13 Flaws by dave562 · 2009-10-08 13:49 · Score: 1

On some level Slashdot bills itself as a news aggregator. Information taken straight from software vendors aren't necessarily news articles. They often times contains the most accurate information. If the editors start posting microsoft.com articles, then they have to post apple.com articles, and adobe.com articles and pretty soon this isn't News for Nerds, it's Corporate PR Central.
I'm of the opinion (how ever little that is truly worth) that articles about patch counts are completely worthless. Anything short of discussing actual vulnerabilities is pretty much a waste of time. We all know that Microsoft releases batches of patches from time to time. We all know that any article about Microsoft patches will involve comments about how much MS sucks because their software needs to be patched. There will be a bunch of pro-Linux comments, a couple of Apple fanbois and that will be that.
Re:13 Patches != 13 Flaws by seifried · 2009-10-08 17:18 · Score: 1

If someone like Red Hat or Oracle posts a PR release stating they are going bankrupt (or buying all the chewing gum in the world) I think linking direct to the release on their site is appropriate. In this case it's a matter of: do we link to a "PR" type web page (actually a tech page but whatever) and get it right from the source (which is more likely to be factually correct) or do we link to a "news" site (I use the term loosely since they can't even read and reprint MS releases it seems) which is more likely to be incorrect? Assuming the "news" site has no insight or useful additional info I'd rather see a direct link to MS since the link to the "news" site is not much better than linking straight to a PR document.
Re:13 Patches != 13 Flaws by RocketRabbit · 2009-10-09 10:32 · Score: 1

It's Payola for the computer publications.

yes by circletimessquare · 2009-10-08 13:03 · Score: 1

because as well all know, the concept of exchanging cash for digital content is solid unquestionable morality. meanwhile, if i were to assert that perhaps digital content reaches maximum economic value for its creators when it is valued at $0, that true economic influence is felt in the ancillary benefits surrounding the distribution of digital content, i'm just some sort of a kook

you could say i might even have something valid to say there, but microsoft plainly states it wishes to have cash in exchange for its digital content, and i have no right to abrogate that agreement. right, just like i have no right to question that the great grandchildren of the writer of "happy birthday" still deserve cash for someone playing that song somewhere. just like i have no right to question why a picture of a stupid mouse is still private property. etc.

you know what? i have every right to abrogate an "agreement" i was never consenting party to and see no logical, philosophical, moral, or economic coherence in

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

Re:yes by DAldredge · 2009-10-08 13:16 · Score: 1

Then why are you begging from money to film a movie?
Re:yes by dave562 · 2009-10-08 13:42 · Score: 1

The extent of your vocabulary cannot conceal the fact that you're a cheapskate and a probably pirate. Microsoft software isn't digital content. It is content creation software. Tools are not free unless you want to write your own, or use tools that others provide you for free. There are plenty of them out there and you can feel free to use them. If you find a feature that your free tools don't have, pay for a tool that has the feature you want.
Re:yes by DAldredge · 2009-10-08 17:23 · Score: 1

You expect to be able to use programs for free yet expect others to pay you to make a movie. Doesn't that sound just a little crazy? It looks the me like you like getting paid for your work yet do not wish to do others the same courtesy.
Re:yes by RocketRabbit · 2009-10-08 19:23 · Score: 1

Ah yes, take the moral high road and pirate software. That'll help everybody out.
I can't imagine how you think it's better to pirate software than it is to use something like OpenOffice, which is both free and largely compatible with Word and the other MS office applications. I don't really have a problem with it, but you an quit pretending that you are asserting a morally superior position by pirating half-assed software.
I am with you on the Happy Birthday song, though, and rather than singing it at all, I would suggest you to just stop using it at all.
PS - Mickey Mouse will probably be copyrighted in 1000 years.

Does it fix Windows 7's problems? by MBCook · 2009-10-08 13:17 · Score: 5, Funny

Does it fix the problems with Windows 7? After reading this review of a pre-release download, I'm a bit hesitant to use it.

--
Comment forecast: Bits of genius surrounded by a sea of mediocrity.

Re:Does it fix Windows 7's problems? by T.E.D. · 2009-10-09 09:44 · Score: 1

Well, I'm a bit hesitant to click on a link to a website named "cracked.com". So I guess we have something in common.

Fire and forget by westlake · 2009-10-08 13:24 · Score: 0, Flamebait

It's a very good security strategy to piss off all your customers with WGA and Windows Media bullshit until they all turn off automatic updates.

The geek is pissed off by what to anyone else is over and done with one or two clicks of the mouse.

Re:Fire and forget by Anonymous Coward · 2009-10-08 14:15 · Score: 0

Until it returns a false positive at Redmond and the non-geek, for a second, remembers the anger but is too ignorant to express it more than a short bit, and to understand it doesn't have to be that way.
Re:Fire and forget by JohnBailey · 2009-10-08 15:33 · Score: 1

The geek is pissed off by what to anyone else is over and done with one or two clicks of the mouse.
Or quite often turned off and never used again.

--
It is difficult to get a man to understand something when his job depends on not understanding it.
Re:Fire and forget by westlake · 2009-10-08 19:15 · Score: 1

Or quite often turned off and never used again.
How many users do you - really - think care enough to turn it off?
Re:Fire and forget by JohnBailey · 2009-10-08 22:46 · Score: 1

How many users do you - really - think care enough to turn it off?
Given the number of people I've come across who do, I'd say quite a few. Or are you trying to claim that these same users obediently apply all updates all the time?

--
It is difficult to get a man to understand something when his job depends on not understanding it.

That curious hidden patch by laanak · 2009-10-08 13:31 · Score: 0

hmmm....I wonder where's the patch that wipes windows from the hard drive and installs *nix.....

Re:That curious hidden patch by John+Hasler · 2009-10-08 14:02 · Score: 0

Link

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.

QUESTION about "critical" software by yeehaomgyay · 2009-10-08 13:33 · Score: 2, Interesting

I am using special exam software to take a grad school exam Wednesday morning. The version of the software which I'll be using was released TODAY. Would I be smart to turn off Automatic Updates on Monday, or is this just paranoia?

Re:QUESTION about "critical" software by yeehaomgyay · 2009-10-08 13:40 · Score: 1

oh, forgot to mention that if anything goes wrong with the software, i.e. crash, there is no guarantee that you will be allowed to reboot your computer, no guarantee that whatever you've written already can be recovered, and no extra time allowed for any time lost fiddling with the computer, answers lost, etc... So I'm thinking there is a non-trivial chance a big OS patch could introduce an unwelcome issue and so I should avoid applying the patch till after the exam. Does this make sense?
Re:QUESTION about "critical" software by John+Hasler · 2009-10-08 14:05 · Score: 1

> Does this make sense?
No. You are mad to agree to take an important exam under such conditions.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:QUESTION about "critical" software by Edmund+Blackadder · 2009-10-08 19:43 · Score: 1

Yes, turn it off. And to be safe, also do not connect your laptop to the Internet on Tuesday.
Re:QUESTION about "critical" software by maxume · 2009-10-08 23:48 · Score: 1

The laws of hilarity demand that the test software requires internet access.

--
Nerd rage is the funniest rage.

Security & Stability by omb · 2009-10-08 13:35 · Score: 1

There is just NO comparison, Linux especially and all UNIX like systems are hugely more correct and stable than Windoze(TM) will ever be. Two reasons:

Bad and sloppy code gets found, fixed qickly, and is met with hoots of derision from other developers.

Certain FEATURES touted as a + for Windoze eg OLE never made it into Unix since their design required the OS to be broken by design and the developers declined to do it.

A couple of days reading LKML will show you how much chance a really bad idea, eg filetype based on extension, has of making its way in.

I run Internet facing machines with no firewall and get to send about 5 days a year fixing problems eg defend the slow ssh attack.

Re:Security & Stability by smash · 2009-10-08 14:36 · Score: 2, Insightful

I hate to break it to you, but there's plenty of bad and sloppy code in the open source world as well. Build a system from scratch from source, and you'll see plenty of compiler warnings for a start, not to mention buggy application behavior.
Don't get me wrong, I'd not put a Windows machine directly facing the internet - but I wouldn't do that with an un-firewalled desktop Linux box either.
Linux doesn't have OLE, but they're still messing with implementing Bonobo, kpart, etc to re-create basically the same idea.
As for reading LKML, it also shows you how good ideas are often ridiculed and rejected on the basis of "not invented here" or differing from Linus' personal choice. Schedulers, for example...
I'm not saying open source is bad or worse - simply that its not immune from shitty code. There's far more shitty code out there than good code, whether its commercial or not.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Security & Stability by ericlondaits · 2009-10-08 16:58 · Score: 2, Interesting

Linux doesn't have OLE, but they're still messing with implementing Bonobo, kpart, etc to re-create basically the same idea.

Plus, OpenOffice.org has it's own component system (UNO) which is very similar to OLE/COM, Mozilla has XUL which is also the same thing and you also have CORBA which is akin to DCOM (which is distributed OLE/COM). Components are not inherently less secure than normal applications... and even better, you have more granular control over their use (separate permissions for use, activation, instantiation, etc.)
It was ActiveX that gave a bad name to COM, but not because it's bad in itself, but rather because it was a poor idea to integrate it to web pages in the way it was done.

--
As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
Re:Security & Stability by DrXym · 2009-10-08 18:43 · Score: 2, Informative

Certain FEATURES touted as a + for Windoze eg OLE never made it into Unix since their design required the OS to be broken by design and the developers declined to do it.
Erk, there is nothing inherently wrong with OLE, ActiveX or anything else in COM. At the end of the day they're just a means to embed or utilise one program from another. And yes GNOME/KDE have their equivalents. The problem has nothing to do with the OS but in the way IE promoted ActiveX, including automatic installation and the broken assumptions underlying its trust model such as the safe for scripting flag. Basically IE let you instantiate any control installed in your system so long as it was tagged safe for scripting. Even inadvertant bugs in the automation interface of a control could be exploited in drive by attacks.
Other browsers such as Mozilla, Opera etc have their own plugin solutions which are conceptually little different from ActiveX controls. Netscape/Mozilla has various used NPAPI combined with LiveConnect/XPConnect for scripting. The big difference historically was it was more of a pain in the ass to install a plugin than a control so the consequence of an exploit was minimized. It still doesn't prevent exploits happening though as the recent vulnerabilities in Flash Player 10 demonstrate.
Re:Security & Stability by Ren+Hoak · 2009-10-08 23:35 · Score: 1

No doubt, many open source projects compile with many warnings. Not that this is an excuse, but open source projects do have a bit of an uphill battle on this front, as there are many compilers out there, and unless they have a build farm to check against them all with, they're not likely to fix everything. [Again, not to make an excuse or minimize your statement -- most warnings I've seen in open source code are easy to fix and not compiler dependent.]

I would imagine its fair to guess that Microsoft builds their OS using the same compiler that Visual Studio uses. Ever work in that environment? Perhaps there are ways to elicit better warning output, but the default (at least when using the UI) is that many warnings that GCC (and other similar class compilers) output, Visual Studio lets go without a peep. That can make code compile warning-free, but in no way is the number of warnings a promise of comparability to quality of what gets produced, eh?
Re:Security & Stability by petermgreen · 2009-10-08 23:53 · Score: 1

It was ActiveX that gave a bad name to COM, but not because it's bad in itself, but rather because it was a poor idea to integrate it to web pages in the way it was done.
Poor idea is a huge understatement. It was one of the worst moves ever from a security standpoint and one that MS has been struggling to backtrack from for ages (unfortunately they can't kill activex in browser altogether because too much stuff relies on it).
OLE (in the sense of embedding different types of document within each other in a flexible way) was not such a terrible idea but still it does have the potential to increase the ammount of code exposed to bad data. In this regard installing an application that allows it's documents to be embedded in this way can be considered slightly lower in risk to installing a browser plugin based on the same code.

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Re:Security & Stability by Anonymous Coward · 2009-10-09 01:14 · Score: 0

Pure FUD. Go back to your reeducation camp.
Re:Security & Stability by smash · 2009-10-09 02:38 · Score: 1

Haven't worked in visual studio before, so can't comment on it.
As you say, many/most warnings in open source software packages are easily fixed, but that's my point - sloppy/lazy code.
As to there being many compilers out there... well, 99% of the open source compilers out there are either based on, or revisions of GCC.
Sure, warning free code can be buggy as well, but at least if the code is warning free, the more obscure "this is an easy way to shoot yourself in the foot" cases are taken care of.
I've never seen the microsoft code compile so for all i know it's just as bad or worse. That wasn't my point though - the point was the just because its open source with peer review available, there's still shit code out there in the open.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Security & Stability by petrus4 · 2009-10-09 03:45 · Score: 1

Bad and sloppy code gets found, fixed qickly, and is met with hoots of derision from other developers.
If it's in kernel space, and especially if it's considered a threat to security, then yes. If it's in user space, however, it's just as likely to get ignored as in a commercial scenario.
If bugs always got fixed in userspace for Linux, ALSA in particular wouldn't be the steaming pile that it is.
I'm really getting fed up with the regurgitation of brainless mind control and groupthink on Slashdot. Don't just parrot rhetoric that you see someone else write, and start learning to use your own fucking brain. It's getting seriously infuriating.
Re:Security & Stability by TheRaven64 · 2009-10-09 06:07 · Score: 2, Informative

ActiveX wasn't such a horrendous idea. It is basically a fast way of deploying (and keeping updated) native Windows components that you can tie together with HTML and scripts. For a corporate Intranet, that kind of functionality is useful if you're willing to standardise on a single vendor's stack.
The only mistake they made was the dialog box when a non-Intranet site tried to send you an ActiveX control. This shouldn't have caused a dialog box, it should have just been blocked.

--
I am TheRaven on Soylent News

a Linux Live CD by Anonymous Coward · 2009-10-08 13:37 · Score: 0

which distribution will they choose, it would be hard to satisfy the typical slashdot user

Oooh! 13 flaws! by Anonymous Coward · 2009-10-08 13:37 · Score: 0

We can probably assume that the 34 vulnerabilities are just different OS and browser variations of the same 13 flaws.

Funny thing about Slashdot, though. People complain nonstop about all of the bugs in Windows, but then when Microsoft makes an effort to patch as many of them as possible in one go, they complain about "the biggest patch Tuesday ever!!!!" It shouldn't be a surprise, folks. If you believe that Windows has all these bugs, then you should probably also believe that they will be patched at some point too. Seems like they should be bragging about how many of the bugs their patching.

And by the way, when the previous record holder was 12 flaws, it's not really saying much that the latest is 13 flaws. That's like saying I'm richer than someone with $1,000,000 because I have $1,083,000. In the grand scheme of things, that $83k doesn't really matter.

Windows 7.1 by Kr4u53 · 2009-10-08 13:38 · Score: 0

So does this mean that users who buy windows 7 retail won't need to wait for the service pack as they already have it?

have you ever filmed a movie? by circletimessquare · 2009-10-08 13:41 · Score: 1

you think strong ip laws makes the begging less necessary? man, i wish

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

Re:have you ever filmed a movie? by DAldredge · 2009-10-08 14:46 · Score: 1

I want it for free so you should make it for free. That is after all what you just said a few post up.

Why is there never a link to a primary source? by westlake · 2009-10-08 14:00 · Score: 1

I'm guessing windows 2000 isn't one of the operating systems that will be patched?

You're guessing wrong.

For details and a full listing of the affected software:
Microsoft Security Bulletin Advance Notification for October 2009 [Oct 8]

Re:M$ by TheVelvetFlamebait · 2009-10-08 14:01 · Score: 1

Yep. Nothing maximises profits like paying people to develop a huge patch, and then providing the bandwidth to distribute that patch free.

Unless, of course, your comment was a subtle parody of anti-MS crowd. ;)

--
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.

Re: turning off automatic updates by Anonymous Coward · 2009-10-08 14:05 · Score: 0

You answered your own question. The answer is yes, always turn off automatic updates when you need to guarantee that nothing changes. (Hint: This rule includes production servers; always test first before putting a patch into production.)

Typical Bullshit by Anonymous Coward · 2009-10-08 14:08 · Score: 1, Interesting

Most of these updates require a restart so please factor that into your deployment planning.

As usual. You breathed on the PC, or you installed a mundane office app, time to restart the computer! I wish all Windows users would familiarize themselves with a good Linux distribution or other Unix/Unix-like system. Even if they decided they didn't like Linux and preferred Windows, at least this would disabuse them of the idea that any non-kernel update has a good reason to require a reboot to complete the installation. Then they would have some education as to what to reasonably expect, and the pressure placed on Microsoft might even advance the average users' experience a bit. The whole problem with Windows is that the average person thinks its quirks, shortcomings, and examples of plain stupidity are normal, as though they were the inescapable reality of operating a computer. They are not.

Also, maybe someone can help me out here. Why the hell does Windows Update often aggressively use 100% CPU when running in the background? By "aggressively" I mean it will tremendously slow down anything else you are doing (not at all the same thing as a low-priority task that can use 100% CPU when nothing else wants the CPU). I can boot Linux on the same PC and update not only the core OS (which would be similar in function to Windows Update) but also every last installed application without that kind of system load, without any noticable slowdown in any regular applications (browser, office software, e-mail client) I use. Frankly, I know this will make some of the more narrow-minded folks automatically assume I am trolling, but here's the reality: I see too much shit like this to take Windows seriously or to consider it an equally viable option compared to Unix. The technies and others I know who really like Windows and think it's great couldn't perform the most basic system administration tasks in any other OS, which tells me that they have no real basis for comparison, that their opinion is not an informed one. If someone with a wide variety of experience with alternatives wants to speak up and tell me why they really like Windows, why it's not substandard compared to any other modern system, please do, but good luck to ya.

Re:Typical Bullshit by smash · 2009-10-08 14:27 · Score: 5, Insightful

I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.
I run both Linux and FreeBSD in the server room, and have for about 15 years - but in terms of managing, reporting on, and distributing updates to hundreds of desktops, there's nothing off the shelf for *nix that comes close.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by overbaud · 2009-10-08 15:45 · Score: 1

"but also every last installed application" ... yeah all .01% of them (comparative to every last installed windows application).

--
Users... the only thing keeping 1st level support from being the bottom feeders.
Re:Typical Bullshit by ozmanjusri · 2009-10-08 16:25 · Score: 1

I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
What about apt and in-house repositories?
Reprepro in particular seems to be up to the task
http://www.debian-administration.org/articles/286

--
"I've got more toys than Teruhisa Kitahara."
Re:Typical Bullshit by santax · 2009-10-08 16:49 · Score: 1

Just to inform you about patching your kernel without reboot: http://tech.slashdot.org/article.pl?sid=08/04/24/1334234
Re:Typical Bullshit by Anonymous Coward · 2009-10-08 17:47 · Score: 0

I'm betting a typical linux install has more software installed than a typical windows install... and like GP said, all of it is automatically updated.
Re:Typical Bullshit by Culture20 · 2009-10-08 17:53 · Score: 1

I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
You've never run your own rpm/apt repo or RHEL Satellite server? Copy files from source repo; done.

Kernel issues still require a reboot.

Yes. In just about every OS including Windows. Not necessarily Linux though (although realistically, yes). http://en.wikipedia.org/wiki/Ksplice
Re:Typical Bullshit by TooMuchToDo · 2009-10-08 19:16 · Score: 4, Informative

http://www.redhat.com/spacewalk/
We use it to manage several thousand linux servers that store and process the data that's about to come from one of the LHC detectors. Handles provisioning, RPM updates, etc. And yeah, it'll work with Linux desktops.
Re:Typical Bullshit by Teun · 2009-10-08 20:29 · Score: 1

Admittedly the downside is you may have to redeploy some of your existing support staff, and this will tend to reduce IT's budget...
Moderate +1 Cynical
;)

--
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Re:Typical Bullshit by wiz_80 · 2009-10-08 23:43 · Score: 1

Have you looked at BladeLogic? (full disclosure: I worked for BladeLogic and stayed on after BMC Software bought BladeLogic) Official product page here.
BMC BladeLogic Operations Manager, to give the thing its full name, does multi-platform policy-driven patch management (Windows, RH, SuSE, Solaris, HP-UX and AIX) and makes it pretty seamless. No *BSD support, though, which may be an issue for you.

--
" There is a rational explanation for everything. There is also an irrational one. "
Re:Typical Bullshit by Anonymous Coward · 2009-10-08 23:45 · Score: 0

I have to agree with this. I haven't used wsus, but apt-get update/upgrading more than a few debian boxes at a time becomes tedious quickly.
Yes, there are ways to multiplex your ssh sessions or use puppet etc, but an easy solution that dosen't require to much care/testing would be great.
Re:Typical Bullshit by Nerdfest · 2009-10-09 00:02 · Score: 2, Interesting

Kernel issues still require a reboot.
Have a look at KSplice. It allows the kernel to be patched dynamically, with no reboot. It's also free to users of Ubuntu 9.04 and 9.10 but I'm not sure about others. It works nicely from what I've seen so far, and the company was nice enough to answer a few of the questions I had about it. It's great if you really want to avoid reboots.
Re:Typical Bullshit by Krneki · 2009-10-09 00:11 · Score: 1

cron is your friend and scheduled reboot.

Define server importance and setup those machine to update and reboot earlier, after the first updates went through without a problem let the rest follow. Of course having a full backup done before an update is a nice thing to have.

You can fully automate the whole thing and be ready to stop it if anything goes wrong, hopefully shit will happen on less important devices.

--
Love many, trust a few, do harm to none.
Re:Typical Bullshit by jonbryce · 2009-10-09 00:57 · Score: 1

You have your own private mirror of your distro's update repository, and point yum or apt-get or whatever at it. That is very easy for even a moderately competent unix administrator. Joe User might struggle, but he doesn't need to do that, and he would probably struggle with WSUS anyway.
Re:Typical Bullshit by tenco · 2009-10-09 01:06 · Score: 1

Also, maybe someone can help me out here. Why the hell does Windows Update often aggressively use 100% CPU when running in the background? By "aggressively" I mean it will tremendously slow down anything else you are doing (not at all the same thing as a low-priority task that can use 100% CPU when nothing else wants the CPU).
Maybe Windows Update is just running high-priority then? Sounds stupid, but maybe using your computer during an upgrade can be stupid, too. Depends on what you're updating.

I can boot Linux on the same PC and update not only the core OS (which would be similar in function to Windows Update) but also every last installed application without that kind of system load, without any noticable slowdown in any regular applications (browser, office software, e-mail client) I use.
Sounds like you're updates never rebuilt any indexes (documentation in XML format, LaTeX and X11 fonts come to mind).

If someone with a wide variety of experience with alternatives wants to speak up and tell me why they really like Windows, why it's not substandard compared to any other modern system, please do, but good luck to ya.
As a long time (> 10 a) Linux user (sprinkled with Net- and FreeBSD use) and Windows user since a few month (again), I conclude that it's hardware support, multimedia support and (better) support for specialized apps like Origin, LabView, SolidWorks or Autodesk Inventor (though the last one is a PITA, IMO). I still use Linux for things like xmgrace, octave, TeXLive, maxima and gnuplot but only because i can't afford Origin, Maple/Mathematica and Matlab. I also haven't found a good replacement for Kile yet. I wouldn't be surprised if Maple/Mathematica, Matlab and other programs like Pro/E and Catia would run better on Windows, too.
Re:Typical Bullshit by sorak · 2009-10-09 01:18 · Score: 1

cfengine? <shudders>
Re:Typical Bullshit by V!NCENT · 2009-10-09 01:20 · Score: 1

It is possible to patch the Linux kernel without having to do a reboot for the changes to take effect. Can't remember the name of the software though...

--
Here be signatures
Re:Typical Bullshit by Anonymous Coward · 2009-10-09 01:25 · Score: 0

Would that be Canonical's Landscape service you are after?
Re:Typical Bullshit by Anonymous Coward · 2009-10-09 01:25 · Score: 0

I guess you have never heard of Bcfg2, Puppet, cfengine, or any of the other tools mentioned at http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software ? Just because you haven't heard of/used it doesn't mean it doesn't exist.
Re:Typical Bullshit by Anonymous Coward · 2009-10-09 01:36 · Score: 0

Red Hat Network and Satellite do this.
http://www.redhat.com/red_hat_network/
Re:Typical Bullshit by smash · 2009-10-09 02:09 · Score: 1

WAY more work than WSUS. No reporting, unless you roll your own, either.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by smash · 2009-10-09 02:11 · Score: 1

Have heard of them. They're a lot more complex than 15 minutes work to set up a patching server though, and 5 minutes to set up group policy to push the change to all machines on the domain...

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by smash · 2009-10-09 02:23 · Score: 2, Informative

Just to elaborate... WSUS, which is free and easy to set up, enables me to push patches to hundreds or thousands of boxes, and report on the status of each box or what machines are missing any or all patches at the click of a button. Downloads will run whenever the machine is online and start/stop as required, using BITS.
Can you do this on Linux? Maybe. Its certainly not standard, and a lot more work. Can you automatically updates unix boxes? Sure - but to set up the monitoring of the process, its a lot more work, and more likely will require an admin to read/interpret logs.
Sure, linux/unix machines are generally a bit less patch dependent to stay secure, but the Windows patching process is relatively painless if you set up a wsus server. All you need is a spare machine (even running XP, from memory) with plenty of disc, and a method of pointing machine's windows update server registry entry at it - eg with group policy or a login script.
If redhat, suse or whoever can offer something similar that is as easy to set up and monitor, they'll certainly help get *nix easier to support as an end user OS.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by smash · 2009-10-09 02:25 · Score: 1

You've never run your own rpm/apt repo or RHEL Satellite server? Copy files from source repo; done.
This doesn't achieve the same thing. How do you report on the state of all your workstations, what patch level they're at, which ones failed, what hasn't updated yet, etc?
For all the stuff microsoft has fucked up, WSUS is a good product.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by smash · 2009-10-09 02:27 · Score: 1

Cheers, will look into it. Unfortunately only one of my nix boxes is redhat, but if this product works as advertised, it's a big plus for redhat.

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by smash · 2009-10-09 02:29 · Score: 1

WSUS installation is as simple as download file, install. Point reg-key on windows boxes at server via group policy - then its all pointy-clicky selecting updates. It really is that simple - and it just works.
Maintaining your own distro mirror is not the same thing - that gets you no reporting, staging update roll-outs, etc...

--
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Re:Typical Bullshit by dissy · 2009-10-09 02:43 · Score: 1

I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.

apt is far far superior to any tool that claims to be package management for windows, including WSUS which btw is for Microsoft updates ONLY.
Yes you can install .MSI installers using group policy and a shared folder, but sadly not much software outside of Microsoft products (and even then occasionally) use that format. (Setup.exe needs to die, or gain full support for domain pushes)
Ksplice lets you upgrade the running linux kernel with no reboots needed as well. In fact if you install Ksplice in Ubuntu, it integrates the live kernel patching in with apt!
One of my colo servers has an 826 day uptime, yet is running the latest kernel and user-land as of Wednesday night.
Now, if you know of any tools for windows domains to do the same thing as apt and ksplice (and isn't a php+perl mess) to push out packages (preferably more than just .MSI), and to install MS patches without needing to reboot, I will _gladly_ eat my words and thank you profusely.
(Please please have such tools to suggest!)
Re:Typical Bullshit by Mr.+Firewall · 2009-10-09 02:51 · Score: 1

Typical bullshit, indeed:

years - but in terms of managing, reporting on, and distributing updates to hundreds of desktops, there's nothing off the shelf for *nix that comes close
<cough> RHN </cough>

--
In times of universal deceit, telling the truth gets you modded -1 Troll
Re:Typical Bullshit by dremspider · 2009-10-09 02:52 · Score: 1

you have obviously never used Red Hat's Sattellite server.... It is one of their best products in my opinion.
Re:Typical Bullshit by Jared555 · 2009-10-09 03:12 · Score: 1

Ubuntu has something similar but it isn't free (it is more like redhat's commercial option)
Re:Typical Bullshit by Anonymous Coward · 2009-10-09 03:19 · Score: 0

Check out Open-AudIT and see if that's a start. It pulls a heckuva lot of WMI info and stores it nicely. Haven't tried it on Linux yet, hence posting AC.

I also want to check out Mandriva's Pulse.
Re:Typical Bullshit by Anonymous Coward · 2009-10-09 03:20 · Score: 0

RHN Satellite / Spacewalk.
Re:Typical Bullshit by compro01 · 2009-10-09 04:32 · Score: 1

It's called Ksplice.

--
upon the advice of my lawyer, i have no sig at this time
Re:Typical Bullshit by StuartHankins · 2009-10-09 05:04 · Score: 1

Have you ever used RHN (Red Hat Network) / Red Hat Satellite -- you know, the one where you can schedule a patch to hundreds or even thousands of machines by clicking a couple of times in a web interface? Its ease of use and machine grouping abilities, together with the fact that most *nix upgrades don't require reboots (and are usually quite small) make the Microsoft patching procedure look fairly lame in comparison. Don't even get me started on shell scripting, for instance we use a custom script combined with SSH on our Windows machines so they automatically rsync the latest version of a particularly important homegrown Windows app at logon. The same tools work on *nix of course.

As far as reporting goes, have you ever used RPM? It tracks sooooo much more info than Windows does, for instance it can tell you if a file has changed since the original install, what files were part of the original install, and list any dependencies the package has. It can also solve dependency issues. To my knowledge these aren't things WSUS does.

Monitoring? I created a simple webpage which shows the status of all of our data replication tasks. It took me maybe 30 minutes to write the scripts, create the tables and sp's, install and configure UNIXODBC, create the webpage and test it.

Maybe I'm missing something in your post.
Re:Typical Bullshit by Anonymous Coward · 2009-10-09 05:12 · Score: 0

RHN Satellite / Spacewalk.
this
Re:Typical Bullshit by tobiasly · 2009-10-09 11:04 · Score: 1

If redhat, suse or whoever can offer something similar that is as easy to set up and monitor, they'll certainly help get *nix easier to support as an end user OS.
Not sure about the others but Red Hat does indeed offer this service as the Red Hat Network.
Re:Typical Bullshit by tobiasly · 2009-10-09 11:08 · Score: 1

WOW! I used Red Hat Network back when they had a free option (and before Fedora or CentOS existed). Great to see something like that exists now (again), I had no idea. This will make me and my CentOS boxen very happy!
Re:Typical Bullshit by jaavaaguru · 2009-10-09 11:09 · Score: 2, Informative

Landscape

--
Follow me

Nice! by rrohbeck · 2009-10-08 14:43 · Score: 4, Funny

So where are the instructions for the patch party?

--
thegodmovie.com - watch it

Biggest patch ever? by CAIMLAS · 2009-10-08 15:03 · Score: 1

Does this mean they're releasing Windows 7 a full 10 days early, then?

--
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers

Re:The unholy shit by elfprince13 · 2009-10-08 15:12 · Score: 1

I'm not sure if this was an attempt at trolling, or just random wtf-age, but I was legitimately amused by it.

that's not remotely close to what i said moron by circletimessquare · 2009-10-08 15:35 · Score: 1

you can make a movie for $100 million, and make a nice profit in THEATRES. where you sell TICKETS

television was supposed to destroy theatres, then the vcr, then the dvd, then the internet... and there's always more money in it, even with all the cell phones and crying kids. people love the cinema

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

Re:that's not remotely close to what i said moron by DAldredge · 2009-10-08 16:19 · Score: 1

You can buy outlook for less than 200.00

Stunning... by okmijnuhb · 2009-10-08 15:49 · Score: 0, Troll

Amazing that a software company would dip into it's infinite cash reserves and pay programmers to do some work, and repair their broken products.

Re:Stunning... by okmijnuhb · 2009-10-10 05:59 · Score: 1

Obviously modded by a Microsoft shill.

"About which I know nothing..." by Joce640k · 2009-10-08 15:52 · Score: 1

Believe me ... I've sat and recompiled Spca5xx for a roomful of PCs after the monthly Linux updates. Last time I did it was less than a year ago.

Is it in the kernel now? Maybe ... I don't use Linux much these days.

--
No sig today...

Re:"About which I know nothing..." by palegray.net · 2009-10-08 16:29 · Score: 1

Out of curiosity, what was the hardware platform and distribution in use? Did you have to compile the driver in the first place, or was it a distro-supplied driver that suddenly stopped working after you installed distro updates?

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Re:"About which I know nothing..." by Joce640k · 2009-10-08 17:09 · Score: 1

It was mostly SUSE 10 machines, there was no webcam driver in the distro AFAIK.

--
No sig today...
Re:"About which I know nothing..." by palegray.net · 2009-10-08 17:18 · Score: 1

That makes sense; I've been using Ubuntu for Linux desktops over the past couple of years due to lack of built-in functionality in other distros. I used to use SUSE myself, but gave up after dealing with one too many headaches. These days, I mostly use MacOS X, but my wife uses Ubuntu on her laptop.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.

Largest ever... by bennomatic · 2009-10-08 15:56 · Score: 1

...so far!

--
The CB App. What's your 20?

Restarts by FrankieBaby1986 · 2009-10-08 16:04 · Score: 1, Funny

addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."

Great... 34 restarts... :P

--
ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:

Re:Restarts by Anonymous Coward · 2009-10-08 20:59 · Score: 0

Only 34 restarts? That would be a great day with Windows!

Comment removed by account_deleted · 2009-10-08 16:15 · Score: 1

Comment removed based on user account deletion

yes by circletimessquare · 2009-10-08 16:45 · Score: 1

and your point?

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

Why Not Spread Them Out? by ajlisows · 2009-10-08 16:57 · Score: 1

Seriously, I hate when they release that many patches at once. I'd rather have all Windows one day, all Office a few days later or something. Two of the more recent big patch days, I had Windows problems (Made some computers slow to a crawl) and Office (Your software is illegal..what? They are all legit copies) problems on different computers strewn throughout the office. 16 people all demanding of me that they need to get their work done RIGHT NOW is rough to deal with. Of course, I could stagger the computers which get updated...but that isn't the point. ;)

Re:Why Not Spread Them Out? by scorpivs · 2009-10-08 19:39 · Score: 1

Maybe, what you're thinking of is quilts, not patches.

--
There is nothing to FEAR but NOTHING itself; and I fear there is a whole lot of nothing going on. --scorpivs
Re:Why Not Spread Them Out? by KillerBob · 2009-10-09 02:05 · Score: 1

You could also test the patches and read the bulletins to see whether they actually apply to your situation before you let them anywhere near the systems you administer...

--
If you believe everything you read, you'd better not read. - Japanese proverb

Please patch ALL versions of Windows! by OrangeTide · 2009-10-08 17:17 · Score: 3, Funny

Or at least patches to Win2K would be nice, maybe some working timezone data.

I also would highly recommend Microsoft release patches for Windows 3.11 to fix flaws in Win32s, and perhaps add IPv6 to Wolverine (winsock 1.1 for Windows for Workgroups)

--
“Common sense is not so common.” — Voltaire

So? by Anonymous Coward · 2009-10-08 17:30 · Score: 3, Interesting

So what?

My Ubunutu Jaunty desktop downloaded 130mb of updates last night. And this isnt the first time either.

I didnt see the /. community getting their nickers in a knot about it

Re:So? by Teun · 2009-10-08 21:10 · Score: 3, Insightful

You said it: Updates.
And you didn't have to wait for the magical Patch Day for Ubuntu to share them with you.

--
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Re:So? by asdf7890 · 2009-10-08 22:29 · Score: 1

Yes, but your Ubuntu updates potentially cover a much wider range of software than Microsoft's updates. Ignoring the equivalent parts (kernel+drivers and related, OS level libraries, IIS/Apache if you run a web server, Office/OpenOffice, ...) there are still all the other apps and utilities you have installed that get updates by the same mechanism.
130Mb is a bit large - my netbook picked up the same set this morning (actually, only ~120Mb in that case). The large size it due to the patching method: the same package is brought down for updates as new installs even if the change only affects, say, a few hundred Kb worth of a 10Mb package. This is something I'll like to see improved - most of OO.o was downloaded in these recent updates. Downloading package patches rather then whole packages would be a bonus at times when stuck on a slow heavily contended wireless connection for days. Though I can see it wouldn't be an easy improvement to properly design+implement+test+roll-out-to-all-repos, and might not be considered worth the effort compared to other work the man-time could be spent on - maybe I'll have a go when I win the lottery, I'll need something to occupy some time!
Re:So? by Taibhsear · 2009-10-09 01:18 · Score: 1

Porn doesn't count as an update to your OS just to your collection.
Re:So? by Ksevio · 2009-10-09 02:46 · Score: 1

...and how many times did you need to restart during that update?
Re:So? by ShOOf · 2009-10-09 04:04 · Score: 1

And you didn't have to reboot.
Re:So? by theurge14 · 2009-10-09 07:07 · Score: 1

"Ubuntu" "desktop" and "/. community" just described about 20 people. Perhaps that's why.

Re:M$ by rdebath · 2009-10-08 17:42 · Score: 1

Exactly, it's such a tiny cost and to paints your company as caring about the stability and security of the consumers machines.

It means your salesmen can point to these stats, just like you have, and say "we spend our hard earned money to fix your problems".

Of course you must never even hint that every patch is actually a failure in the system that supposed to exist to prevent broken software from ever being released.

Re:The unholy shit by DocHoncho · 2009-10-08 18:50 · Score: 1

weird

--
Celebrity worship is a poor substitute for Deity worship and costs more to boot.

i don't get it by Anonymous Coward · 2009-10-08 19:38 · Score: 0

did slashdot turn into an advanced advance notification service of microsoft.
seriously, when was the last time you read "today [insert distro name here] has released the largest number of critical security updates yet"

boooooooooooooooooo

Largest-Ever Patch Tuesday by HNS-I · 2009-10-08 21:22 · Score: 1, Interesting

So we get a patch of 10gb right? largest-ever-patch-tuesday or largest ever patchtuesday seems better to me. .

Re:The unholy shit by Ginger+Unicorn · 2009-10-08 22:28 · Score: 1

i've seen that exact troll several times - it's copy/pasted probably from some alt.coprophagia newsgroup or something

--
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons

bad math by sorak · 2009-10-09 01:00 · Score: 1

13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning

13 and 34 ...
So does that mean 47 restarts?

Friday the 13 by youn · 2009-10-09 01:19 · Score: 1

install them on friday, that'll make it friday the 13 ;)

--
Never antropomorphize computers, they do not like that :p

Re:Your official guide to the Jigaboo presidency by V!NCENT · 2009-10-09 01:24 · Score: 1

Disgusting...

--
Here be signatures

Look at it this way... by Anonymous Coward · 2009-10-09 01:32 · Score: 0

Why does a Windows system require so few patches?

Good in Microsoft by sco_robinso · 2009-10-09 02:47 · Score: 2, Interesting

I know Microsoft is often poked at, especially around these parts, for having so many vulnerabilities to patch, but at least there on the ball doing it. Not to mention, automatic updating has been the defacto standard now since XPSP2, so nowadays it's pretty hard not to be somewhat up to date. So my OS pulls down a batch of updates once or twice a month, big deal... I think Microsoft has done a good job with the hand of cards they've been dealt.

Not to mention, WSUS in the enterprise is an excellent, free tool for centrally managing patch deployment.

Number of patches and vulnerabilities aside, I think MS is a standout leader in this category.

Are you a CS major? by Dareth · 2009-10-09 03:08 · Score: 1

Are you a CS major? If so, please focus on calculus for a while, and leave the arithmetic for the mathematicians!

--

I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling

Re:Typical Bullshit- Linux Kernel Runtime Patching by zukinux · 2009-10-09 03:18 · Score: 1

I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.

Kernel issues do not always require a reboot.
Most of the time you can have a run-time patching within a separate LKM (Loadable Kernel Module).

Check this out for some more info about run-time patching

--
Read and Comment at my BLOG
!!!

Tumbleweed by Anonymous Coward · 2009-10-09 03:46 · Score: 0

Actually it is conjectured in several histories that the tumbleweed is from Russia and only came to the Western US when Russian wheat farmers brought the seeds in with their wheat.
Early explorers did not report them.

AG

meatspace versus cyberspace by circletimessquare · 2009-10-09 05:42 · Score: 1

if i build a fence, i deserve to get paid

if i make a movie, i deserve to sell tickets in a CINEMA

if I PUT IT ON THE WEB, i deserve to have free advertising for my supposed skills as a moviemaker, and entice some to go to the cinema to buy a ticket

if i put a program on the web, i deserve to get a job to customize that program for a corporation's specific needs, make my resume look awesome, and become influential in my field. all of which translates into dollars in my pocket far better than setting up arbitrary, easily broken tollbooths between digital content and internet users, who expect, and deserve, unfettered access

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it

Hell I gave Up Linux for Stability Reasons by fast+turtle · 2009-10-09 07:56 · Score: 1

Yep. I'm a Linux (Gentoo preferred) user who switched back to Windows simply due to stability issues and I have well supported hardware (Intel Board and C2D). Simply put, I got tired of a damn update fragging K3b or Kmail or something else that was a critical app and no unlike many Gentoo users, I didn't believe in pushing 11 on the system, going for very conservative optimizations, using Os as my default (Optimze for Size). It was recently after a Crash Log Review that I determined that both Linux and Windows in 64bit flavors simply aint ready for the desktop, even though both work great on servers due to the limited functionality. Face it folks, update one core component on a 64bit desktop and likely you'll break at least two apps, which happened all to damn often for my peace of mind.

Because of this, I pulled 3 sticks of memory from my dekstop and dropped back to a meager 2GB and installed Win7-32, which seems to be pretty stable. Even XP/Vista/Linux are all pretty stable for 32bits, it's just that the 64bit versions still have quite a few speed bumps and I got tired of having to fix either of them on a regular basis.

--
Mod me up/Mod me down: I wont frown as I've no crown

Slashdot Mirror

Microsoft Plans Largest-Ever Patch Tuesday

341 comments