Slashdot Mirror
Microsoft Azure Failure: SSL Certificates Were Updated... Sort Of
judgecorp writes "Microsoft has published an explanation of the failure of Windows Azure earlier this month. Users of the Azure storage saw that an SSL certificate had expired. Microsoft's explanation says that the certificate had in fact been renewed, but an update with the new certificate details was not prioritized, and hadn't actually been implemented till after the old certificate expired. There are more interesting details, but Microsoft says better alerts and more automation will stop this particular fault happening again."
Look, I know nobody cares, but Microsoft Azure has nothing to do with Windows 8. I'm also not sure it's a failure. Microsoft tried something new after getting great positive reviews for Windows 7, which is the BEST time to try something risky. Worst case, people skip one generation of Windows, and stick with... Windows. Best case, you redefine the PC interface. It is innovative, no matter how poorly implemented. Besides, Microsoft has a history of creating a shitty first version and then fixing kinks as time goes by. Was anyone expecting a good first version of Metro? The slow adoption numbers can easily be credited to how good Windows 7 is. Why would you switch? It costs $0 for me to stay on 7, and > $0 to upgrade. We won't be seeing many Windows 8 devices for a while. The timely upgrades brought about by Windows Blue might even spur more adoption (too early to tell, I think). Windows Phones I won't attempt to defend since I know nothing of them.
Unless I'm horribly mistaken, they've let certificates expire before. Why would I think they won't let it happen again?
It definitely won't happen again, instead the team responsible for keeping the automation software running will fail. Or an automatic upgrade to Windows will break it, or the libraries needed to run it will have been deprecated.
So yeh, it won't happen again, the next time it will be something else to blame.
Never of course a management that chops up roles into such small increments, dis-empowering it's workforce so much that the simple job of updating a certificate becomes a major obstacle each and every time it happens. No, never a load of BS managers, no sir!
... managers saying "we need to get this up and running sooner ... automating it reliably is hard to do ... just get it working and update things manually for now and we will automate it later". When later comes, everyone is working on something else.
now we need to go OSS in diesel cars
re Pretty sure the last one was a bug that was something to do with the cert expiring on a leap-day though. [emphasis mine]
.
$gt begin{sarcasm} Well, if it was a leap-day event, well that's totally excuseable because there's no predictable way to know that a particular year might be a leap-year with a leap-day in it, and even if there were, my goodness, you'd need some sort of computational device to carry out the algorithm (that Al Gore, he invents everything!) that would let you figure it out, and who could afford a computational device??? end{sarcasm}
;>p
Come on, you can't let Microsoft off the hook for screwing up things like that. It's supposed to be a software company. Y2k was known about well before it occured; leap-year days are well known about and recur on an amazingly well-understood and defined schedule. This is not a much deeper problem. It's just another basic problem that shows that there are not any good processes going on behind the scenes at Microsoft. And Apple screwed up their alarm clock functionality that kept messing up on iOS at the beginning of the New Year, too. That was also just as inexcuseable.
uhuh. I think people, especially technology companies, forget that the easiest task to automate is one that a human can simply do.
"Executive assistant in charge of renewing certificates". Make it someone's job. It'll get done. You don't need a robot. You just need it to be in someone contract. That's it.
I always back up my cloud data to a local harddrive, just to be safe.
That sounds like vaporware.
You'd think after people made fun of the MS Zune for being out of action on a leap day that MS would take a bit more care before the next one.
I haven't tried Windows Azure, which is the subject matter here...
Yeah, all of the window phones silliness is so worth laughing at. I remember the crazy ad that came out for the windows phone last year that had QuestLove in the commercial. I believe that /. had a story about MS cancelling that phone the SAME DAY that the commercial had just aired.
.
And what the fVCk is it with the stomping and jumping and slapping around of hardware in the ms tablet ads? Is that all that the MS tablets are good for? Throwing them around and clunking them onto tables and benches? What's with the ugly mean-faced girl-scouty attired girls in that first MS tablet surface ad? I think MS just saw the Apple ipod and iPhone ads that had a single song playing in the background with cool activities and decided to copy the style without any substance. Hey, that kind of explains most of the things that they do!
When you charge an arm and a leg for an OS and your company basically has unlimited money, then there is no excuse for not delivering perfect software with no bugs. So yes I was expecting a perfect version of Metro.
the adoption rates for students who get windows 8 for free is non existant at least by the anecdotal evidence in my faculty (computer science).
even during exam season (when you suddenly get the urge to clean the room, re-check the fridge or format your laptop).
you can piss on my face but don't tell me it's raining.
It's incredible how they keep shuffling blame around, or hot-potato-ing it:
In this case, the Secret Store service notified the Windows Azure Storage service team that the SSL certificates mentioned above would expire on the given dates. On January 7th, 2013 the storage team updated the three certificates in the Secret Store and included them in a future release of the service. However, the team failed to flag the storage service release as a release that included certificate updates. Subsequently, the release of the storage service containing the time critical certificate updates was delayed behind updates flagged as higher priority, and was not deployed in time to meet the certificate expiration deadline. Additionally, because the certificate had already been updated in the Secret Store, no additional alerts were presented to the team, which was a gap in our alerting system. [source link] [bold emphasis mine]Laughable, if it were not so stupid.
This is what happens when you have bean counters and MBA running the IT department.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Very few like it and use it. (Linux|Mac) desktop? less than 5% of the market share. Now that I have shown the fallacy of your statements, how about you just shut the fuck up.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Guess what. Almost nobody cares that it comes with a secure bootloader. The only people who do care are a small number of geeks.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
When you charge an arm and a leg for an OS and your company basically has unlimited money, then there is no excuse for not delivering perfect software with no bugs. So yes I was expecting a perfect version of Metro.
The cost of certifying a modern OS totally bug-free would exceed the GDP of the entire world, hundreds of times over.
No colour or religion ever stopped the bullet from a gun
A true coward: Nothing of worth to say and that without any grace...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Troll = Fed.
In the future, mod him down and move on.
Good lord, last year it was a 12 hour outage on leap day, this year it was a 12 hour (as far as I can tell) outage due to expired certificates. They won't be able to claim six 9's uptime for ~274 years!
At the rate of a half day of failure every year, so far, I'm not even sure I'd trust Azure for storage no matter what the discount they offer.
They pushed the update out on Jan 7. By Feb 22, it hadn't been completed. Something is not right with this explanation. Doesn't matter how low a priority it was, it should have been pushed out within in what? Two weeks?, a month?
Almost nobody cares about a lot of things that matter a great deal.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
As usual, we see the failure of using the closed source model for an operating system. They have to get the users to fund development somehow, so they sell them a shitty version every other time to pay for the real versions, and get the new ideas into the hands of the customers where they can tell them which ones are good and which ones are bad. It can work fine for applications where they can bring out a new version when they're ready, with incremental updates for features or fixes which must and can be hacked on to remain relevant and keep customers from jumping ship, but it's just not a good model for operating systems while the state of the art continues to change so rapidly.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
That's because most programmers suck.
OS X is actually quite compatible. Provided you stick to the public APIs. Do anything funny and yes, things will break. The presence of private headers though makes it way too easy to use a private API to do so something (as part of "get-it-working") that leads to OS version dependency.
Oh yeah, it happens on Windows too. Next time you run Process Explorer, look at the window title for explorer.exe. You'll see it's called "Program Manager". Because despite it being 2013, there are applications that STILL hard code it. Or apparently some apps hardcode resource IDs or DLL export IDs (you normally export by name, but you can export by ID) in their apps, forcing what was one auto-assigned IDs to be hardcoded IDs. (And let's not forget the apps that instead of calling an API to get the user's home directory, program files, or windows directories, they hardcode "C:\Document and Settings", "C:\Program Files" and "C:\Windows", breaking installs on computers that didn't install Windows on C drive, use localized (non-English) Windows, or... use Windows Vista and above. It's why Vista+ have symlinks to C:\Users and various directories within. Or why UAC broke everything in Vista. Or why 64-bit Windows is complex because it has to rename/virtualize C:\Program Files to C:\Program Files (x86) at runtime.
Yes, Windows is great because it's backwards compatible. However, it also makes it extremely crufty with a lot of hacks having to stay in purely because some app needed it. (And I think WinSxS was a partial solution to that) Vista is proof - Microsoft tried a "new start" with it, and broke so many apps that it was Vista being blamed because they got rid of a lot of compatibility cruft.
You are wrong. There is nothing compiled for OSX before 2005 that still works on their most recent OS. The shift to 64 bit is further causing Apple to remove public APIs. Apple has demonstrated again and again they have no commitment to backwards compatibility, and there is nothing you can do as a programmer to avoid it.
"First they came for the slanderers and i said nothing."
That's because most programmers suck.
So what we need to do is make it illegal for the majority of people to become programmers. It should remain a tiny elite class, a bit like being a Catholic Cardinal, but with less sex.
To have a right to do a thing is not at all the same as to be right in doing it
[ "Azure" is a shade of blue, for those that don't know,
and why MS would go with this kind of name, given their history with things "blue" is beyond me. ]
It must have been something you assimilated. . . .
I don't think so. NASA makes almost bug free code with very stringent testing at a cost of $1000 per line of code I believe, so for example Windows 7 which has about 50 million lines of code, would only cost 50 billions, and given the profits of Microsoft that would only take two or three years of their profit.
The main difference being NASA software runs on fixed hardware, but Windows has to support a near infinite variety. So you'd have to certify on an unbelievable number of systems to be sure. Also, even NASA software occasionally has bugs ;-)
No colour or religion ever stopped the bullet from a gun
I don't think think the numbers are that skewed, actually, probably about a 70/30 split, maybe even 60/40. Unfortunately the morons typically hold substantially more power due to their title or caste. Speak the right dialect of Hindi? You can get away with anything, even if you're an idiot. In fact, you'll probably get promoted into management. Speak English as your native language? Your best work will be attributed to the guy who speaks the correct dialect, and everything else will be declared "average" if you're lucky.
Point it out and suddenly you're a 5 in the stack rank (and that's bad news).
So, the great engineers over time quit trying to fix things, and dumb down their work so they don't get stabbed in the back by their politicking H-1B coworkers, because at the end of the day we're here because we need a paycheck.
My certificate authority sends me nagging emails like 6 weeks before my certificate's about to expire. Microsoft's certificate authority group needs to create a database and automated emails when certificates get near expiration. Start emailing a bunch of folks. It's very simple. Probably most CA's have such a setup.