Slashdot Mirror
Microsoft Suspending "Patch Tuesday" Emails
New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.
I don't know why subscribe and unsubscribe would not satisfy those laws but apparently MS is convinced they don't... so...
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
That's the way it should be. If you want to subscribe to something, use RSS. That's totally under the control of the recipient. If you unsubscrbe from an RSS feed, there's no way the sender can keep sending to you.
It's easy to follow an RSS feed if you're using Thunderbird; a bit harder if you're a Google slave.
Only emails of a commercial nature are banned without opt-in.
A security notice is not an email of a commercial nature, unless it also contains marketing offers etc.
Where are we going and why are we in a handbasket?
So when did it become a magic word for this big scary thing with unquestioned regulations in which asking for a plain explanation gets the evil eye.
I hope Rod Trent didn't write the law as well.
"If you're not worried about this new law, you haven't been adequately information.[sic]"
Does this have anything to do with the new anti-spam act coming into force in Canada on July 1st http://fightspam.gc.ca/eic/site/030.nsf/eng/home ?
There have been a lot of business scrambling here in Canada to get in compliance, after all, the fine is $1,000,000 for a personal offense, $10,000,00 for a commercial offense. Maybe Just didn't want to bother with tracking subscribers, and instead went to a protocol that was subscription based?
Seemed like a good idea. I don't think so, but someone did. .ca it wasn't a problem.
.ca should matter. Of course that opens a much bigger can of worms.
What an absolute fail of a law.
It might work if the sender could reasonably presume that if the email address didn't end in
The cost. of defense is too high. Canada just screwed the pooch.
There may be a bright side. It will force international law to cross the internet. As this is a Canadian law, only addresses ending in
Then again it could just result in an explicit opt in: I AM NOT A CANADIAN! If you check it an lie you are guilty of perjury. NO Canadians allowed.
Perhaps the future of an internet second class.
Of course I'm being melodramatic. But this law is melodramatic. Some idiot with no clue wrote it, and got it passed. It deserves derision.
You obviously know nothing about Linux.
over the years I took it for granted that the newest version of an operating system would require more resources than the last version, so my computer would be slower. Then I switched to osx, and my computer would get faster with each upgrade, since the upgrades were actual structural improvements and not just frosting. so my 5yo notebook would be faster than when it was new.
In addition to email the CASL also affects social media, instant messaging, sms, voice messaging.
Read an article that if you just reply to a tweet to someone you could be fined under this law that is insane. So tweeting as person can land up to $1 million dollar a fine and a company $10 million that is crazy.
This really kills nearly all email applications. I have some double optin subscriber lists but now they are useless since I never asked what country the user was from. I can resend out a permission pass to ask for permission and hopefully get the country information as well. But that will affect the number of subscribers since some may not notice they have to reoptin againæ
I can block .ca domain from my lists but that does not solve the issue since there are Canadian users not using .ca domains.
\
Hopefully this law will be tweaked it needs a lot of work and will hurt consumers/businesses and in the end. And will not stop spam at all. since the botnets/virus writers do not care about the law.
It's much easier to incorporate into my workflow.
This is just a guess, but I believe your assessment why you were modded down is correct. Making comments that might offend people has consequences.
Your post is off topic, and bashes Microsoft for things not relevant. As for your previous posts, having modded comments, previous posts are pretty much impossible to find. Modding is based on the current comment.
I'm not a fan of Microsoft. I've been playing and working with computers since before Microsoft existed. I've posted on this thread. Canada is the party at fault, Microsoft is just responding to a stupid law.
I love bashing Microsoft, but the pickings have been slim lately, they're failing. They won't go out of business, but their clout is gone.
They could use a grammar check though:
If you're not worried about this new law, you haven't been adequately information
Canada is the party at fault, Microsoft is just responding to a stupid law.
Whats stupid about requiring people to opt-in? Microsoft could always add an unsubscribe option and ask Canadians if they want to receive their spam.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
I read through the actual law and I don't see anywhere that specifies each CEO and officers of a violating company can be fined. The law specifies "individuals" can be fined up to $1million, and "any other person" (presumably corporations-as-people) can be fined up to $10million.
Anyone care to clue me in?
Actual FULL text of the law: http://laws-lois.justice.gc.ca...
Blame the spammers that fake the senders. Microsoft is a popular faked sender, and then the junk mail filters throws away the mails and nobody sees the patch info mail.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
one of the few good things harper dictatorship has done. shame on other govts for not doing something similar.
RSS makes it easier to focus on relevant information. Speaking of which, when they fix the bug of /. beta not showing the titles completely, I'll be much happier person.
I never got E-mails from Micro$oft about updates, vulnerabilities, etc. Instead, I have an RSS feed from US-CERT (computer emergency response team), an agency of the U.S. Department of Homeland Security. (Yes, they do have a few useful functions.) US-CERT not only notifies me about Micro$oft's alerts and provides links to them, but that agency also notifies me of alerts from other companies.
The link to subscribe to the RSS feed is http://www.us-cert.gov/ncas/cu....
I have to look at this tomorrow so i'm stepping out. For many reasons.
I'm here for the experience, not the Hyperbole.
The same thing happened in the Windows world. Windows 7 was faster than Vista, and Windows 8 was faster than Windows 7. Each new version got better with their use of resources, although the system requirements remained the same for the three versions (1 GHz CPU, 1GB RAM for 32bit, 2GB for 64bit) except for hard drive use with went up by 1GB per release.
When I first tried the beta of Windows 8, the only computer that I had spare was a 2GHZ Celeron with 1GB RAM and a slow hard drive (I think that it was from 2006). It was slow to boot, but once loaded I was astounded how well it worked. I wouldn't use it for day-to-day operations, but it wasn't too far out of the ball park for speed. It didn't stop me hating the user interface (and I still do), but the actual performance did surprise me having been used to the idea (like you were) that each version in the past had got slower and slower.
This definitely looks like microsft is going underground.
Congratulations. You've just bought the Apple cool-aid.
In reality, Apple is no worse than any other vendor. They do have the advantage of owning their own hardware, but that just means you own less of what you've just bought.
Less freedom. Less diversity. Less flexibility. Costly add-ons. What's not to like?
(I've purchased Macbook Pro, which turned out to be a heater. The screen got faulty within a year, and the battery finally melted. Piss poor customer experience on all gadgets bought from Apple.)
If it works for you though, good for you, This is just MHO.
I don't see how. Just as Windows has Classic Shell, Linux has Xfce.
That system requirements increased very little since Windows Vista is mostly true. Windows 8.1 added the requirement for NX and SSE2 support in the CPU. Do all Atom CPUs support those?
Apple has never really addressed patches or pre notifications of updates or security fixes. So I personally do not need a email to inform me of any with Windows.
I am sure I could find a few web sites that would report the updates anyway or I could bookmark the Microsoft link to those updates.
I like the way Google does updates with Chrome OS, just put them out there and if you want to know what was installed go to the Chrome OS blog and look it up.
The average user does not really care about updates at a detailed level. Only geeks, IT pros, and the hackers who have been exploiting a hole.
KDE. 'Nough said.
There is no proof, the article makes no link except that the date is the same.
If you think that it's true that this is about the anti spam laws then you haven't been adequately information.
The definition of CEM is so broad, that just about anything from a vendor will be commercial. Even if there is no expectation of profit, simply inviting someone to do something is "commercial" and requires two stage opt-in.
It's overly broad to prevent weaseling around it, but it will take a few court cases to actually define it better.
Microsoft has no good, centralized, newsletter or list management system. So they are stuck with a blanket ban/switch to rss for now.
You sound like a case study in why the law was needed. You have no idea who is on your marketing list, no idea where they are in the world, or whether they even want your emails, or how they got on your lists in the first place. Bad law for you, great law for anyone you happen to be spamming. Be prepared for a flood of unsubscribe requests!
I love bashing Microsoft, but the pickings have been slim lately, they're failing.
Whenever I hear the geek talk about how rapidly Microsoft is failing, I am consoled by the thought of the record returns certain to be posted in its next quarterly report.
hahahaha
Yes, Mavericks runs on my late 2008 Macbook Pro *just* as quickly as Snow Leopard did!
It's no different from any other OS. Some new versions run faster, others run the same, others run slower. Personal experience on OSX and Windows: Leopard slower than Tiger, Snow Leopard faster than Leopard, Lion slower than Snow Leopard, Mountain Lion faster than Lion, Mavericks the same or slower than Mountain Lion; 2000 slower than 98, XP same as 2000, Vista slower than XP, 7 same as Vista, 8 faster than 7. Your mileage may, and indeed will, vary.
I've been getting emails all day that say "we cant send to you after the first! hit yes to confirm! Please!
Fuck. That. I didn't sign up in the first place for most of them.
I know how they are added from our newsletter signup page/customer purchases but we never had/asked for the country they are from on our newsletter signup page.
Very few newsletter signup places ask for the country on a signup form.
The default form builder on constantcontact does not include country.
I can look at most major sites and they do not ask for country on newsletter signup either...
The law will be overturned one way or another once the lawmakers realize it unenforceable and the true backlash is heard. This is just the tip of the iceberg with no more security updates from Microsoft how many other vendors will follow next.
And using it as an excuse is pretty lame. IANL but I am familiar with CASL. All you need to do is --
1) After July 1, begin requiring opt-in confirmation (express consent) for all new signups
2) For members of your list that signed up prior to July 1, you have 3 years to send them an email asking for express consent. You can continue e-mailing them within this window as long as they don't opt-out.
3) For people who do business with you after July 1 that give you their email address through some means other than express consent (signing up for your service, make a purchase, etc), you have 2 years to obtain express consent during which you can continue emailing them as long as they don't opt out. Though, its easier to just go ahead and get express consent at this point if it's feasible. Business card exchanges at conferences, trade shows, etc might make this difficult.
Note also that CASL isn't limited to email. It's _any_ electronic communication of a commercial nature. Twitter DM, Facebook, ...
Having recently been working for a Fortune X company, I know there are legal concerns with 'knowing' about vulnerabilities. Where my mind went reading this wasn't to SPAM type laws but to companies' current direction (especially after Target) of opting to 'not know' about security vulnerabilities versus 'knowing but not fixing' vulnerabilities.
I believe the direction is that you can prove you are being 'due diligent' by patching your systems...but if you scan for missing patches, or in this case subscribe to a newsletter telling you about security vulnerabilities and know about them...by not patching "them all" you are "negligent". Since our legal and governance bodies typically don't understand the complexity around currency and the fact that past business decisions have left companies in a difficult patch/break cycle, we're being directed to a 'don't know, don't tell' mentality.
Perhaps, by subscribing to RSS feeds rather than email notifications (more discoverable on corporate servers) versus a reaching out and pulling down of RSS feeds on an individual basis is (a) reason that Microsoft is driving in this direction. Seems strange they would restrict distributing information for the sake of other organizations, but nonetheless could be (a) determining consideration.
Being a security professional I disagree with this mindset and hope our legal systems recognizes that ignorance is not defensible and attempting to keep technology current and identifying risks where that cannot be accomplished is a must better security posture than 'not knowing'.
To the grandparent post, your downmod and the parent post to this message both reflect the 4channification of slashdot, a combination of low IQ as well as bravado of the anonymous, spit from their basements, excepting when their mom is downstairs right over there doing laundry. This doubly irritates them as it also interrupts their jerk sessions.
I think you must be confused, Linux requires none of the things you just mentioned, and neither does a linux-based OS.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Canada is the party at fault, Microsoft is just responding to a stupid law.
Whats stupid about requiring people to opt-in?
Because this law (and any anti-spam law) is just like DRM...it only really affects honest people.
Large companies like Microsoft generally try not to "spam" you. Yes, you may technically receive an unwanted e-mail from them, but they do use some sort of opt-in right now. On the other had, true spammers don't care...they are just blasting e-mail to any e-mail address they can get their hands on. Then, when it comes time to enforce the law, only companies that are easy to find will actually be prosecuted...the fly-by-night spammers will never be bothered by this law, and if they are, it's likely they won't end up paying any penalties anyway, as their assets won't be as easy to find.
What this law does is make any company that wants to send you e-mail have to have opt-in plus confirm for every change of preferences, plus they will have to keep a lot more information about you, and this law seems to prohibit them from giving you a choice to receive "non-related" e-mail. Every e-mail under this law must fit a narrow category for which you opt-in. So, if you signed up for e-mail about "Windows 8.1", if MS releases "Windows 8.2", they cannot send you an e-mail in the "Windows 8.1" category that says "hey, Win 8.2 is out, it's great". This means that their categories will end up being broader, and this will inevitably result in more spam complaints about them, as they would "annoy" people by sending Windows 8 info on the "Windows" list, when all some people want is Windows 7 info.
A small business/website will be impacted even more. I recently got an update from a website that said they had partnered with a different company for their Android app, so the old app won't work anymore, and you'd have to download the new one separately. How in the world could I have opted-in to that e-mail before the fact, since blanket opt-in isn't permitted by this Canadian law. A few complaints from Canadian users, and this small site would have been bankrupted by the fines.
And, again, real spammers won't have to care about any of these issues, and you will still get phishing e-mail from "Expedited Shipping" about "Delivery Notification".
Your funny, between their license fess, patents, stocks, and MS having a corporate stock portfolio, from other extremely powerful companies, I can see how they wouldn't bullshit anyone into thinking they are failing. And at some point they will start forcing people who want to use any of their software suites to pay a ridiculous monthly fee, and oh yeah you can only access it on their Cloud, on top of whatever else they have planned, oh wait they decided to copycat an open source OS for there smartphones to make a quick profit.
You make it sound as if their revenue comes from one source their OS, and other software. MS has shown themselves to run nothing but bullshit reports and other stories. Having said that reading the comments about the Canadian law that has caused this, there really is no reason to think MS is up to one of its dirty tricks again. (the last part is not sarcasm but a real law, that other smaller companies and sites will end paying for)
WindowsIT Pro blames Canada's new anti-spam law.
Really now? Fucking really?
Here is the exception that applies directly.
So what is (1)(a)?
Sending warranty, security, recall, update information is legal whether consented to or not.
Blaming this law "oh god, we don't know if it's legal to send security alerts!" means that they are either incompetent and can't read, or they're lying and throwing a temper tantrum.
Fuck Microsoft and Windows IT Pro.
--
BMO
Microsoft will still issue security updates, they're just not going to email anyone details of what's in them anymore. That information is still available however, via RSS or website, so Microsoft isn't stopping ANY provisioned services, they're just dropping one particular medium of delivery...
-AC
OK, another case of a good idea and bad implementation. Probably would have been better just to require commercial mail to have a clear opt out, which it seems to me most legitimate commercial email all ready has.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
Really? My linux 3.4 based Android tablet seems unaffected by any of that.
Have you actually read the law? This seems like a ton of FUD.
At any rate some Canadian companies have behaved horribly when it comes to email. I have had problems with companies refusing to change a mistyped email address unless I was the confirmed (with security questions) account holder and some not even bother to check if the recipient mail server even accepted the message for over a year.
As someone who own a mac book pro 2008 with 4gb of ram (max at that time) this machine is going slower and slower at each new osx update. It's take actually more than 1 minute switching user even after a fresh install of the latest is.