Slashdot Mirror
Critical Security Updates Coming To Windows XP, 8, RT & Server
SmartAboutThings writes "On the upcoming Patch Tuesday on July 9, Microsoft is going to bring some notable security updates, that will mostly deal with fixing issues in remote code execution vulnerabilities, which allow attackers to breach in. The security updates will be applied to all Windows versions Microsoft is still supporting (from XP to Windows 8.1)"
OSS groups release security fixes, they are applauded for caring about people's safety and security.
Microsoft releases security fixes, they are appaled that they would let such a problem exist.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
...it's a normal Patch Tuesday? How the hell is this news?
My sig can beat up your sig.
Yes, because OSS groups are entirely volunteer effort, basically by the users for the users.
Microsoft is a paid product, if you buy it, you expect it to work as advertised, any flaw you stumble upon is money you got cheated of.
I'm still waiting to see a Linux distro that works and is advertised as "Android for Desktop".
While I know it wont make me invisible, I voted with my OS and have taken the Linux plunge. I am quite happy and comfortable in Mint. I have found all the tools I need and if nothing else, maybe it will take a few more cycles to keep me under the NSA thumb.
In case you ain't figured it out so far Windows has always run on the "Star Trek Rule" with the first in a transition being shit followed by the next being decent, at least on the home front (personally I found both NT 4 and Win2K to be pretty solid) such as Win95 crap, Win98 great, WinME crap, WinXP great, Vista crap,Win 7 great, and so on.
But the advantage you get with Windows, that really makes a difference if you are using the PC for work and which you just don't get with Linux, is the ability to completely skip one or more releases WITHOUT suddenly being stuck on an OS without updates that can't run the latest software. Heck other than the testbed at the shop I skipped TWO releases, I skipped WinXP for the most part (Finally ended up with an XP netbox at the shop late in the game) and I skipped Vista, going from Win2K to WinXP X64 (which was just 2K3 Workstation with a different skin) and I stayed patched and able to run the latest software the entire time, in fact most software runs on XP and X64 right now without hassle.
So to me THAT right there is one of the big differences that takes Linux out of the running (well that and the piss poor driver model, but that is another rant) because if you don't stay pretty God damned close to the bleeding edge with most mainstream Linux? You are FUCKED with a capital F. You try skipping releases and suddenly the latest software won't run because it requires kernel X+3 and you have kernel X, it makes it a royal PITA and means that even if the devs go some way you don't want to go, like the mess that was Pulse Audio or the shit that was early KDE 4 and Gnome 3? Too bad, fuck you, you update or its shit time for you.
Meanwhile I've avoided Windows "LOL I Iz a Cellphone, Buy my appstorez LOL" 8 and if the fat bastard doesn't change course I'll avoid Win 8.1 just as easily and I will STILL be able to run all the latest software and games without issue, it'll "just work". Oh and in all my years I have NEVER seen Windows shit all over one of my drivers with an update, Linux has shit on the wireless and sound more times than I care to count, if its volunteers doing the QA and QC somebody needs to fire their stoner asses because they royally suck. Anybody who shits all over Realtek sound? Ought to be fucking ashamed of themselves, no excuse on screwing up the most popular sound chip on the planet, no excuses.
ACs don't waste your time replying, your posts are never seen by me.
"All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?"
All joking aside. Excellent idea.
How many of you folks are squirming right now, wondering if any of your code managed to end up inadvertently being used in the Prism program? How many of you are wondering how this will impact your job? How many of you are wondering what you might have said in the past, things that you are afraid might be exposed by this? How many Microsoft employees are now worrying about their social life, now that everyone knows Microsoft is neck-deep in NSA spying? Will they be ostracized? What about Google employees? Might they become targets for recriminations? Have you been hiding your affiliations with implicated companies? Will that one friend you confided in turn on you, out you to others that they know will shun you as a result? How much more do we NOT know about? What will the next leaked document reveal? How many of you even care (or dare to care openly)?
See where I am going with this?
Fear. I see it between the lines in forum posts (not just here on Slashdot), I see it in the public pronouncements from public officials around the world, I see it amongst the world's journalists (some fear not the personal costs, but the costs to the entire idea of journalism). I see it coming from the NSA themselves.
This is East Germany, all over again--the NSA literally has us spying on each other, inadvertently or not. Secrecy=Fear=the need for secrecy. Both sides of the equation are feeling it. Did you just hesitate before you sent that email? Have you resigned yourself to the fact that privacy is now dead? Do you fear the repercussions of standing up for your rights?
Do you fear doing nothing?
All joking aside, can any of us trust their patches now that it has been comfirmed that Microsoft is effectively a branch of the NSA?
No you cannot; HOWEVER, you can trust not patching even less. Because Microsoft have been known to share vulnerabilities with the NSA, before they even share the fact of their existence to the public.
The NSA has loads of cash available, and all the research and engineering resources required to work on developing reported vulnerabilities into exploits, to add to "surveillance malware deployment packages".
.How long your computer hasn't rebooted isn't the important bit. What is important, that it will be available when you need it to be and that it won't reboot or crash without your explicit permission. Even though I have set my permissions such that MicroSoft should never ever update without my consent, let alone reboot my machines, it has happened on several occasions that they pushed an update without prior warning and rebooted XP computers.
On any critical infrastructure I'd want to have total control over when something happens and what happens then. Some vendor autonomously deciding to reboot my heart/lung controller during a heart transplant will not do. The same applies to (air) traffic control (ILS in San Francisco anyone?), hight voltage control, nuclear power plants and whatnot. Hell, I don't even want them to reboot my music player if I'm listening to it.
I don't mind having to do regular scheduled maintenance in maintenance windows if I know in advance, during the design phase of the platform. That way, I can decide which exact OS will be the most useful and beneficial for the exact purpose I intend it to have. Any rogue OS that decides to reboot "on it's own" will never ever get a place in any important infrastructure I have, no matter how long uptime some dude on a forum achieves on it.
Any down time outside of service windows is a major issue, regular windows are not only a minor nuisance compared to an incident during production hours, they are also "job security" if you look at it. I don't care how long uptime you get. I just don't want any downtime for myself.
I was promised a flying car. Where is my flying car?