Microsoft Suspending "Patch Tuesday" Emails

← Back to Stories (view on slashdot.org)

Microsoft Suspending "Patch Tuesday" Emails

Posted by timothy on Friday June 27, 2014 @03:47PM from the just-visit-our-lair-for-updates dept.

New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.

145 comments

Min score:

Reason:

Sort:

Linux? by the_Bionic_lemming · 2014-06-27 15:50 · Score: -1, Flamebait

After windows 8 and the swing to a sandbox I keep wondering why Microsoft and its stupid decisions isn't being driven to the ground over a what should be a superior product.
Please obi Wan Linux, you are our only hope!

--
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
1. Re:Linux? by Anonymous Coward · 2014-06-27 15:59 · Score: -1, Flamebait
  
  Linux is worse off now than windows 8 between Unity, GNOME 3 and the cluster fuck that is systemd
2. Re:Linux? by the_Bionic_lemming · 2014-06-27 16:14 · Score: -1, Offtopic
  
  Awesome!
  I got modded down being an ex-microsoft schill posting against Microsoft!
  Please review my comments over the past many years :) I was pro - microsoft and now after Post XP I am against Microsoft due to the increasingly crappy OS's they release.
  Anyone who likes the stupidly long search times, and the complete pc lockups that occur because Microsoft has repeatedly released OS that were progressively ( i can't find a word to express more than abysmal) are really encouraged to keep modding me down.
  I hope that one day you are held up to a spotlight and identified for keeping a person hating what MS does down.
  
  --
  _ _ _ Go for the eyes Boo! GO FOR THE EYES!
3. Re:Linux? by Anonymous Coward · 2014-06-27 16:20 · Score: -1
  
  shut up faggot
4. Re:Linux? by Anonymous Coward · 2014-06-27 16:42 · Score: 0, Troll
  
  You obviously know nothing about Linux.
5. Re:Linux? by Noah+Haders · 2014-06-27 16:50 · Score: 0, Offtopic
  
  over the years I took it for granted that the newest version of an operating system would require more resources than the last version, so my computer would be slower. Then I switched to osx, and my computer would get faster with each upgrade, since the upgrades were actual structural improvements and not just frosting. so my 5yo notebook would be faster than when it was new.
6. Re:Linux? by chromaexcursion · 2014-06-27 17:12 · Score: 3, Insightful
  
  This is just a guess, but I believe your assessment why you were modded down is correct. Making comments that might offend people has consequences.
  Your post is off topic, and bashes Microsoft for things not relevant. As for your previous posts, having modded comments, previous posts are pretty much impossible to find. Modding is based on the current comment.
  I'm not a fan of Microsoft. I've been playing and working with computers since before Microsoft existed. I've posted on this thread. Canada is the party at fault, Microsoft is just responding to a stupid law.
  I love bashing Microsoft, but the pickings have been slim lately, they're failing. They won't go out of business, but their clout is gone.
7. Re:Linux? by dryeo · 2014-06-27 17:40 · Score: 2
  
  Canada is the party at fault, Microsoft is just responding to a stupid law.
  Whats stupid about requiring people to opt-in? Microsoft could always add an unsubscribe option and ask Canadians if they want to receive their spam.
  
  --
  https://en.wikipedia.org/wiki/Inverted_totalitarianism
8. Re:Linux? by Gadget_Guy · 2014-06-27 18:57 · Score: 1, Offtopic
  
  The same thing happened in the Windows world. Windows 7 was faster than Vista, and Windows 8 was faster than Windows 7. Each new version got better with their use of resources, although the system requirements remained the same for the three versions (1 GHz CPU, 1GB RAM for 32bit, 2GB for 64bit) except for hard drive use with went up by 1GB per release.
  When I first tried the beta of Windows 8, the only computer that I had spare was a 2GHZ Celeron with 1GB RAM and a slow hard drive (I think that it was from 2006). It was slow to boot, but once loaded I was astounded how well it worked. I wouldn't use it for day-to-day operations, but it wasn't too far out of the ball park for speed. It didn't stop me hating the user interface (and I still do), but the actual performance did surprise me having been used to the idea (like you were) that each version in the past had got slower and slower.
9. Re:Linux? by Anonymous Coward · 2014-06-27 20:48 · Score: 0
  
  Congratulations. You've just bought the Apple cool-aid.
  In reality, Apple is no worse than any other vendor. They do have the advantage of owning their own hardware, but that just means you own less of what you've just bought.
  Less freedom. Less diversity. Less flexibility. Costly add-ons. What's not to like?
  (I've purchased Macbook Pro, which turned out to be a heater. The screen got faulty within a year, and the battery finally melted. Piss poor customer experience on all gadgets bought from Apple.)
  If it works for you though, good for you, This is just MHO.
10. Re: Linux? by Anonymous Coward · 2014-06-27 23:25 · Score: 0
  
  KDE. 'Nough said.
11. Re:Linux? by westlake · 2014-06-28 00:11 · Score: 0
  
  I love bashing Microsoft, but the pickings have been slim lately, they're failing.
  Whenever I hear the geek talk about how rapidly Microsoft is failing, I am consoled by the thought of the record returns certain to be posted in its next quarterly report.
12. Re:Linux? by Anonymous Coward · 2014-06-28 00:24 · Score: 0
  
  hahahaha
  Yes, Mavericks runs on my late 2008 Macbook Pro *just* as quickly as Snow Leopard did!
  It's no different from any other OS. Some new versions run faster, others run the same, others run slower. Personal experience on OSX and Windows: Leopard slower than Tiger, Snow Leopard faster than Leopard, Lion slower than Snow Leopard, Mountain Lion faster than Lion, Mavericks the same or slower than Mountain Lion; 2000 slower than 98, XP same as 2000, Vista slower than XP, 7 same as Vista, 8 faster than 7. Your mileage may, and indeed will, vary.
13. Re:Linux? by Anonymous Coward · 2014-06-28 03:30 · Score: 0
  
  To the grandparent post, your downmod and the parent post to this message both reflect the 4channification of slashdot, a combination of low IQ as well as bravado of the anonymous, spit from their basements, excepting when their mom is downstairs right over there doing laundry. This doubly irritates them as it also interrupts their jerk sessions.
14. Re:Linux? by Arker · 2014-06-28 03:52 · Score: 3, Insightful
  
  Linux is worse off now than windows 8 between Unity, GNOME 3 and the cluster fuck that is systemd
  I think you must be confused, Linux requires none of the things you just mentioned, and neither does a linux-based OS.
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
15. Re:Linux? by nabsltd · 2014-06-28 04:29 · Score: 1
  
  Canada is the party at fault, Microsoft is just responding to a stupid law.
  Whats stupid about requiring people to opt-in?
  Because this law (and any anti-spam law) is just like DRM...it only really affects honest people.
  Large companies like Microsoft generally try not to "spam" you. Yes, you may technically receive an unwanted e-mail from them, but they do use some sort of opt-in right now. On the other had, true spammers don't care...they are just blasting e-mail to any e-mail address they can get their hands on. Then, when it comes time to enforce the law, only companies that are easy to find will actually be prosecuted...the fly-by-night spammers will never be bothered by this law, and if they are, it's likely they won't end up paying any penalties anyway, as their assets won't be as easy to find.
  What this law does is make any company that wants to send you e-mail have to have opt-in plus confirm for every change of preferences, plus they will have to keep a lot more information about you, and this law seems to prohibit them from giving you a choice to receive "non-related" e-mail. Every e-mail under this law must fit a narrow category for which you opt-in. So, if you signed up for e-mail about "Windows 8.1", if MS releases "Windows 8.2", they cannot send you an e-mail in the "Windows 8.1" category that says "hey, Win 8.2 is out, it's great". This means that their categories will end up being broader, and this will inevitably result in more spam complaints about them, as they would "annoy" people by sending Windows 8 info on the "Windows" list, when all some people want is Windows 7 info.
  A small business/website will be impacted even more. I recently got an update from a website that said they had partnered with a different company for their Android app, so the old app won't work anymore, and you'd have to download the new one separately. How in the world could I have opted-in to that e-mail before the fact, since blanket opt-in isn't permitted by this Canadian law. A few complaints from Canadian users, and this small site would have been bankrupted by the fines.
  And, again, real spammers won't have to care about any of these issues, and you will still get phishing e-mail from "Expedited Shipping" about "Delivery Notification".
16. Re:Linux? by Anonymous Coward · 2014-06-28 05:03 · Score: 0
  
  Your funny, between their license fess, patents, stocks, and MS having a corporate stock portfolio, from other extremely powerful companies, I can see how they wouldn't bullshit anyone into thinking they are failing. And at some point they will start forcing people who want to use any of their software suites to pay a ridiculous monthly fee, and oh yeah you can only access it on their Cloud, on top of whatever else they have planned, oh wait they decided to copycat an open source OS for there smartphones to make a quick profit.
  You make it sound as if their revenue comes from one source their OS, and other software. MS has shown themselves to run nothing but bullshit reports and other stories. Having said that reading the comments about the Canadian law that has caused this, there really is no reason to think MS is up to one of its dirty tricks again. (the last part is not sarcasm but a real law, that other smaller companies and sites will end paying for)
17. Re:Linux? by dryeo · 2014-06-28 07:27 · Score: 1
  
  OK, another case of a good idea and bad implementation. Probably would have been better just to require commercial mail to have a clear opt out, which it seems to me most legitimate commercial email all ready has.
  
  --
  https://en.wikipedia.org/wiki/Inverted_totalitarianism
18. Re:Linux? by johnwerneken · 2014-06-28 08:42 · Score: -1
  
  Entirely agree. ALL ,laws and regulations are THEFT, as they enforce existing privileged positions, save only for those relating to the tendency and desire to PROHIBIT physical harm, property theft or damage, or the threat of either. Of course 'property' itself is a sort of privileged position as is physical health and life, but one DOES seem to need SOME ground rules in order to be able to interact with others.
19. Re:Linux? by Anonymous Coward · 2014-06-28 22:20 · Score: 0
  
  Really? My linux 3.4 based Android tablet seems unaffected by any of that.
20. Re:Linux? by gmack · 2014-06-30 07:56 · Score: 1
  
  Have you actually read the law? This seems like a ton of FUD.
  At any rate some Canadian companies have behaved horribly when it comes to email. I have had problems with companies refusing to change a mistyped email address unless I was the confirmed (with security questions) account holder and some not even bother to check if the recipient mail server even accepted the message for over a year.
21. Re: Linux? by Anonymous Coward · 2014-06-30 11:41 · Score: 0
  
  As someone who own a mac book pro 2008 with 4gb of ram (max at that time) this machine is going slower and slower at each new osx update. It's take actually more than 1 minute switching user even after a fresh install of the latest is.
It looks like a response to anti spam laws by Karmashock · 2014-06-27 15:51 · Score: 4, Insightful

I don't know why subscribe and unsubscribe would not satisfy those laws but apparently MS is convinced they don't... so...

--
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
1. Re:It looks like a response to anti spam laws by sumdumass · 2014-06-27 16:24 · Score: 1
  
  Perhaps its not about opt in or out. Perhaps MS patched something the NSA was exploiting and they were told to knock it off.
  Of course I'm just guessing. I have no idea what the so called changes are but I can assume it was something that exposed MS to possible financial penalties.
2. Re:It looks like a response to anti spam laws by Karmashock · 2014-06-27 16:31 · Score: 4, Insightful
  
  contextually that doesn't make sense because they're not recalling patches or changing patches but merely informing people ABOUT patches differently.
  Previously you could put yourself on a mass email list for patches.
  MS is saying they're not doing that anymore.
  But they will retain an RSS feed for the same patches.
  Therefore, this appears to be a response to anti spam legislation/rules.
  
  --
  I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
3. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-27 16:40 · Score: 5, Insightful
  
  Microsoft doesn't have 'unsubscribe'. They link to a profile page that doesn't really have unsubscribe options. I've been trying for years to stop partner emails, but the only way is to stop being a Microsoft partner. Weak. I flag them all as spam on gmail.
4. Re:It looks like a response to anti spam laws by hankwang · 2014-06-27 16:54 · Score: 4, Interesting
  
  From TFA (2nd link): "Your CEO, and each officer, may be fined up to $1,000,000"
  Now that's refreshing! Corporate misbehavior resulting in personal fines for the management. I could think of a few more cases where that would be a good idea.
  
  --
  Avantslash: low-bandwidth mobile slashdot.
5. Re:It looks like a response to anti spam laws by AuMatar · 2014-06-27 17:18 · Score: 1
  
  I think just about all of them. If a corporation is fined, an officer should be paying one as well or serving jail time. And be barred from receiving a bonus that year as well (so the company can't just pay back their fine).
  
  --
  I still have more fans than freaks. WTF is wrong with you people?
6. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-27 17:27 · Score: -1
  
  Your username is fairly appropriate you fucking moron.
7. Re:It looks like a response to anti spam laws by crispytwo · 2014-06-27 17:32 · Score: 4, Informative
  
  Canada passed a new law regarding spam in electronic messages (in particular, email) starting July 1
  the law is here: http://laws-lois.justice.gc.ca...
  faq is here: http://www.crtc.gc.ca/eng/com5...
  the potential fine is $10 million
  The companies that are effected are legitimate ones who do business in Canada
  The onus on proving you have permission to send an email is on the company sending it.
  There has been a flurry of activity wanting permissions recently due to the legislation.
  It seems that nobody really knows what it means to be identified as a spammer.
  Microsoft is probably thinking - to hell with it; the risk is too high. The RSS is good enough.
8. Re:It looks like a response to anti spam laws by Karmashock · 2014-06-27 17:42 · Score: 1
  
  That's dumb on their part then because obviously the email should be individually configurable.
  
  --
  I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
9. Re:It looks like a response to anti spam laws by cdwiegand · 2014-06-27 18:11 · Score: 1
  
  Ugh, it's called D&O insurance - every company has them, even many startups. Big whoop-die-do. Mind, I applaud the law, and would love to see one here in America (and have it ACTUALLY ENFORCED - no one enforces CAN-SPAM, given how even Microsoft isn't compliant).
  
  --
  . Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
10. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-27 18:36 · Score: 0
  
  Most of the current changes in CAN-SPAM don't take effect until Canada Day 2014 (July 1)
11. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-27 19:41 · Score: 0
  
  Well no shit. Here's a list of exploits, most of which haven't been exploited yet but we'll give you a nice summary about how they might
  be used in a targeted attack. If you promise not to sue our assas off, we'll give you the straight dope every month. Christ on a fucking
  crutch. This is almost as bad as "signed off by".
12. Re:It looks like a response to anti spam laws by GNious · 2014-06-27 20:12 · Score: 1
  
  tinfoiling ....
  Perhaps the NSA got tired of everyone using Security Patches, and told Microsoft to stop being so diligent in informing people about the existence of these ? :)
13. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-27 20:50 · Score: 0
  
  A company that doesn't take risks is a dinosaur, good riddance!
14. Re:It looks like a response to anti spam laws by Karmashock · 2014-06-27 21:15 · Score: 1
  
  again, they haven't stopped informing people... they just won't do it by email anymore.
  
  --
  I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
15. Re:It looks like a response to anti spam laws by Arith · 2014-06-27 22:55 · Score: 2
  
  This right here.
  It's actually kind of amusing to see these companies that you contacted ONCE and hence start giving newsletters - now they're all begging to continue spamming me. Ironically, some are spamming me to get permission too spam me... lolwhut
  
  It's been awhile since I've seen a law passed that HELPS the little guys, even if it's just an annoyance like spam.
16. Re:It looks like a response to anti spam laws by master_kaos · 2014-06-28 00:05 · Score: 1
  
  Now I don't know Microsoft patch emails contain, but from the sound of it, It doesn't seem like it would be effected by canadas new anti spam as it is only for emails that are advertising a product/service for money.
17. Re:It looks like a response to anti spam laws by drinkypoo · 2014-06-28 00:28 · Score: 1
  
  Microsoft is probably thinking - to hell with it; the risk is too high. The RSS is good enough.
  And I'm thinking who knew Microsoft was using RSS for that (luckily, I am out of touch on windows patches) when everyone else was taking down their RSS feeds
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
18. Re:It looks like a response to anti spam laws by ruir · 2014-06-28 01:20 · Score: 0
  
  Why would they need to worry about Patches when in the past their backdoor and their public key was exposed in NT4 SP 5?
19. Re:It looks like a response to anti spam laws by Predius · 2014-06-28 02:22 · Score: 1
  
  It's not just MS, OpenSRS (Based out of Canada) has just done away with their email notification for system outages as well. They're now providing an RSS feed or you can periodically check their blog. Their solution for those who liked email alerts, a third party service that watches the RSS feed and emails on updates...
20. Re:It looks like a response to anti spam laws by Predius · 2014-06-28 02:23 · Score: 1
  
  Come to think of it, I'm getting emails from VMWare asking for permission to get further emails from them as well...
21. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-28 02:28 · Score: 0
  
  This. I got over 50 emails from one organization that I bought one thing from over 5 years ago. For some reason, I had not gotten any emails from them until this happened. Odd.
22. Re:It looks like a response to anti spam laws by Impy+the+Impiuos+Imp · 2014-06-28 03:26 · Score: 1
  
  The only non-adaptive, risk-averse, useless, ancient dinosaur here is government-as-usual.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
23. Re: It looks like a response to anti spam laws by Anonymous Coward · 2014-06-28 04:13 · Score: 0
  
  Every website that sends me spam has been emailing asking for permission to continue to do so. This is just how the law works.
24. Re:It looks like a response to anti spam laws by bmo · 2014-06-28 05:34 · Score: 1
  
  "It seems that nobody really knows what it means to be identified as a spammer."
  The general definition is UCE - Unsolicited Commercial Email. The FAQ gives some pretty good ideas what a "commercial email" is (SMS is also under this definition). Basically, stuff sent blindly, ignoring any kind of consent on the part of the recipient.
  >blaming this law for not being able to send out security update emails
  It's one of the explicit exceptions to this law:
  http://laws-lois.justice.gc.ca...
  
  (c) provides warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased;
  Blaming this law is simply whining.
  Microsoft is throwing a temper tantrum. Fuck them.
  --
  BMO
25. Re:It looks like a response to anti spam laws by Teun · 2014-06-28 06:13 · Score: 1
  
  Similar to long existing EU law, maybe the consequences are a little stricter.
  So why didn't MS take the same decision when the EU countries installed these rules? MS just followed them and added a working opt out.
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
26. Re:It looks like a response to anti spam laws by rew · 2014-06-28 06:34 · Score: 1
  
  I'm guessing that of the hundreds of thousands of people who get that "mass mailing", some are reporting the mails as SPAM to the authorities. Even if there is an "unsubscribe link" somewhere.
  Those that do this, might have subscribed in the past and now no longer use Microsoft software. Or maybe Microsoft at one point decided to add a class-of-users to the list automatically (which I think they shouldn't have done if they did).
  In any case, with so many users, the chances of being reported as spammers are 100%. So I understand the pressure to stop.
27. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-28 07:37 · Score: 0
  
  I don't know why subscribe and unsubscribe would not satisfy those laws but apparently MS is convinced they don't... so...
  Explicit subscribe and unsubscribe is prescribed in the legislation which is now law. I have received an email from several commercial and non-commercial entities requesting permission to continue communicating with me via email. The process is easy; click to allow the sender to continue sending periodic email or ignore to avoid further contact. Each email received in the future must include an explicit and easy to locate unsubscribe option. Microsoft is simply too lazy to abide by the law.
28. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-28 07:43 · Score: 0
  
  This. I got over 50 emails from one organization that I bought one thing from over 5 years ago. For some reason, I had not gotten any emails from them until this happened. Odd.
  If they have your email address they are required to contact you for future permission or remove your email address from their databases or flag your address as not wanting to receive further electronic communications from the organisation.
29. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-28 10:59 · Score: 0
  
  Microsoft's lawyers aren't the brightest.
  They're the ones who think using a GPL program means anything made created that program is, in itself, GPL'd. The GPL doesn't work that way, but they continue to insist it does.
  The same species of lawyers Nintendo has who insist that emulation is, in itself (never mind piracy-or-no-piracy), illegal. This species of lawyer evolved a type of fogged cornea in their eyeballs that prevents them from acknowledging reality, instead substituting it with their own myopic whimsy.
30. Re:It looks like a response to anti spam laws by randm.ca · 2014-06-29 05:42 · Score: 0
  
  CASL covers much more than just that. It covers all types of commercial electronic messages, where CEMs are defined as:
  
  For the purposes of this Act, a commercial electronic message is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity.
  Then "commercial activity" is defined as:
  
  "commercial activity" means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct that is carried out for the purposes of law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defence of Canada.
  Then there is no definition of "commercial character" so you're at a dead end. If you call in and ask, they say they have no clue, it'll be up to the courts to sort it out if/when lawsuits are filed.
31. Re:It looks like a response to anti spam laws by randm.ca · 2014-06-29 05:47 · Score: 0
  
  The problem is the FAQ gives a non-exhaustive list of examples. It's pretty much impossible to tell what is covered and what is not because the definition of Commercial Electronic Message depends on the definition of Commercial Activity, which in turn depends on the definition of Commercial Character, which is not defined.
  
  (I just posted relevant quotes in a message above this one if someone wants quick reference for the two definitions).
32. Re:It looks like a response to anti spam laws by bmo · 2014-06-29 06:11 · Score: 1
  
  It doesn't matter if it's commercial or not.
  The law explicitly says that emails about product warranties, security updates, safety, etc, are exceptions to the consent part of the law.
  I posted the relevant parts. Tell me how emailing emails about security is not covered by the exception without stretching language to the breaking point.
  --
  BMO
33. Re:It looks like a response to anti spam laws by randm.ca · 2014-06-29 07:00 · Score: 0
  
  If they're 100% security related, then they likely are exempt. The problem for Microsoft is making sure that they currently are 100% security related, and continue to be 100% security related in the future. The second they introduce non-security related content of a "commercial character", the law applies.
34. Re:It looks like a response to anti spam laws by bmo · 2014-06-29 07:34 · Score: 1
  
  If they're 100% security related, then they likely are exempt.
  No, not "likely" - they are exempt.
  >Microsoft has a problem sending out security update emails without ads
  Well, if they're that incompetent, then they should just completely close up shop.
  One wonders how they got along on the Internet before the NSF was no longer the backbone.
  Your statements defy credulity and overstate the "problem" to such a degree as to be nonsensical.
  --
  BMO
35. Re:It looks like a response to anti spam laws by randm.ca · 2014-06-29 07:52 · Score: 0
  
  No, they are likely exempt. Being 100% security related is only an exception for one of the two conditions.
  
  And as stated before, ads are not the only thing that can cause a message to be deemed a commercial electronic message, so it's not as simple as "do we have ads? no? then it must be ok to send".
  
  If it's easier for you to blame Microsoft than to realize this legislation is a real problem for many organizations, then that's cool, you're entitled to your opinion and I'll stop trying to change it.
36. Re:It looks like a response to anti spam laws by bmo · 2014-06-29 11:47 · Score: 1
  
  >No, they are likely exempt.
  No, they *are* exempt as per the plain wording of the law. Go read it where it says "exceptions". It's astonishingly plain.
  >easy for me to blame Microsoft
  Microsoft has more lawyers than God (but possibly not IBM). They were able to use the internet back when the NSF's AUP was "No commercial activity at all" - to the extent that posting a "classified ad" to get rid of a file cabinet taking up space in your office would get your account suspended. Microsoft has competent individuals that can read. They have competent people who know what the difference is between a CERT-like security bulletin is, and an email that is selling something.
  To say that Microsoft is incapable of figuring out what is commercial activity and what isn't is a worse criticism of Microsoft than me saying that Microsoft is throwing a temper tantrum.
  Because you're calling them idiots.
  --
  BMO
37. Re:It looks like a response to anti spam laws by dakohli · 2014-06-30 02:45 · Score: 1
  
  I can confirm, my work e-mail has been bursting with requests to renew email that I don't read anyways!
  I work for the Canadian Government in IT, and hidden url's are stripped out of emails, so when these "partner" email request come in, asking for me to consent to receiving marketing, info and other types of email, I can't. Even if I wanted to. But it turns out that this is a great way to reset the emails I'm getting.
  I love it, and not really sure why there is so much hate out there for the legislation. There was certainly a lot of hate for the SPAM people were getting. There are websites that I had to register onto just to see what they were selling . And the sponsored link that took me there, just told me that the item I was looking for was no longer for sale there! But I digress. I'm tired of companies sending me crap emails just because I had a tenuous relationship with them. I understand that this law may stick in the craw of some legitimate businesses, but hey, they can always ask me to opt in.
  Now, if we can just get them to stop trying to get me to "like" them on Facebook.
38. Re:It looks like a response to anti spam laws by Anonymous Coward · 2014-06-30 06:44 · Score: 0
  
  The whole point of incorporation is limited liability. If we're going to take that away, then we also get to sacrifice the additional tax revenues we get from corporations as they all furiously restructure into a different legal entity with a different liability and taxation profile.
39. Re:It looks like a response to anti spam laws by crispytwo · 2014-06-30 17:07 · Score: 1
  
  From what I understand, that is not the case. Any email that is unsolicited would be considered spam.
  The SPCA, for example, was commenting that they don't have the resources to get permission to satisfy the law.
40. Re:It looks like a response to anti spam laws by crispytwo · 2014-06-30 17:08 · Score: 1
  
  interesting - didn't see that
Great! by Animats · 2014-06-27 16:01 · Score: 3, Informative

That's the way it should be. If you want to subscribe to something, use RSS. That's totally under the control of the recipient. If you unsubscrbe from an RSS feed, there's no way the sender can keep sending to you.
It's easy to follow an RSS feed if you're using Thunderbird; a bit harder if you're a Google slave.
1. Re:Great! by DigiShaman · 2014-06-27 16:36 · Score: 1
  
  Not that I disagree, but I'm cynical enough to believe this was a cost cutting measure from server/bandwith infrastructure, internal support, and litigation. They probably figure that you would get the news 3rd party via some other IT security e-mail whom will collect RSS feeds already.
  
  --
  Life is not for the lazy.
2. Re:Great! by Anonymous Coward · 2014-06-27 21:26 · Score: 0
  
  RSS feeds require continuous polling for updates, that's not going to save bandwidth compared to e-mail.
3. Re:Great! by Anonymous Coward · 2014-06-27 21:47 · Score: 0
  
  But have you actually seen anyone ever use that RSS crap? I've setup RSS feeds on a dozen web sites, and less than one out of a million hits on the last one was for the RSS feed. I'm sure that was a robot or a dev testing. There's a reason you always hear about unrealistic developers talk about providing an RSS feed, and not once have I ever heard an end-user mention consuming one.
4. Re:Great! by tepples · 2014-06-27 22:19 · Score: 1
  
  RSS feeds require continuous polling for updates
  How much bandwidth does it take to get a 206 Not Modified response once a day, compared to everything else a network admin does on her PC?
5. Re:Great! by Andreas+Mayer · 2014-06-27 23:26 · Score: 1
  
  RSS is how I get my news.
  You don't offer a RSS feed? I'm not going to regularly visit your site.
  Fortunately, every site I've ever been interested in offers at least one feed.
6. Re:Great! by master_kaos · 2014-06-28 00:06 · Score: 1
  
  Yup exact same thing here. Outside of "techies" I have never heard of a single person who actually uses RSS feeds.
7. Re: Great! by Anonymous Coward · 2014-06-28 01:27 · Score: 0
  
  If you are applying enterprise patches, I hope you are capable of understanding RSS feeds.
8. Re:Great! by Anonymous Coward · 2014-06-28 02:39 · Score: 0
  
  Why single out Google? There is quite few tech and software companies around.
The Canadian law doesn't apply to these by presidenteloco · 2014-06-27 16:02 · Score: 3, Interesting

Only emails of a commercial nature are banned without opt-in.
A security notice is not an email of a commercial nature, unless it also contains marketing offers etc.

--

Where are we going and why are we in a handbasket?
1. Re:The Canadian law doesn't apply to these by bhcompy · 2014-06-27 16:13 · Score: 2
  
  Doesn't stop frivolous lawsuits from costing them lawyer fees, though
2. Re:The Canadian law doesn't apply to these by msobkow · 2014-06-27 16:24 · Score: 3, Interesting
  
  That may be technically the case, but IBM, Oracle, and Sybase/SAP have all asked for permission to keep sending technical newsletters. No one wants to take a chance that some bozo is going to interpret a technical notice as being spam and laying charges accordingly.
  What were simple mailing lists now require an authorization database to comply. In many cases companies are just going to shut down the lists rather than go to the expense/hassle of authorization databases or risking non-compliance claims.
  On the bright side, it's nice to see US companies abiding by foreign laws for a change. For far too long they've gone with the attitude "we're on US soil, so we only have to follow US law", but now they're finally waking up to the fact that they have to follow the laws of every jurisdiction they do business in, or stop doing business there.
  
  --
  I do not fail; I succeed at finding out what does not work.
3. Re:The Canadian law doesn't apply to these by Anonymous Coward · 2014-06-27 16:30 · Score: 0
  
  Its an American corporation. Of course the emails are going to have marketing in them.
  I'm waiting for the GM recall notices to start containing coupons for funeral services.
4. Re:The Canadian law doesn't apply to these by Anonymous Coward · 2014-06-27 16:36 · Score: 0
  
  if you read the Act, it defines a "Commercial Electronic Message" very broadly. Yes, a security notice falls into this category (until it is struck down in court).
5. Re:The Canadian law doesn't apply to these by msobkow · 2014-06-27 16:38 · Score: 3, Insightful
  
  You do realize that if you're sending email about a commercial product it's a commercial email, right?
  It doesn't have to be advertising -- it just has to be commercial in nature, as in about a product that you charge for, not commercial as in advertising.
  
  --
  I do not fail; I succeed at finding out what does not work.
6. Re:The Canadian law doesn't apply to these by chromaexcursion · 2014-06-27 16:45 · Score: 1
  
  A security notice for a purchased product could be considered to be of a commercial nature.
  Are you willing to bet the farm on it?
  Your legal fees will be over $1,000,000 even if you win.
  OH! and the idiot that sued you is penniless, forget recovery.
7. Re:The Canadian law doesn't apply to these by hairyfeet · 2014-06-27 17:08 · Score: 1
  
  Its been years since I got patch emails from MSFT (I just use WSUS Ofline now, saves bandwidth) so maybe they have ads for their other products on them?
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
8. Re:The Canadian law doesn't apply to these by dryeo · 2014-06-27 17:50 · Score: 1
  
  Microsoft just moved a bunch of stuff to Vancouver so they are doing more then just doing business in Canada. Just shows that 30 years of tax cuts can bring some business. Of course they promise to leave as soon as they get a better offer and the province is like a junker car that hasn't had maintenance done in years, bald tires, no oil change in years, water instead of anti-freeze, brakes down to metal, and spark plugs that just barely create spark. And they wonder why the mileage is so bad, why the block cracked last winter and now they have to keep adding shit that stops the leak and overheats the car and the mechanic says not to drive the piece of shit until a $1000 brake job as everything is shot.
  
  --
  https://en.wikipedia.org/wiki/Inverted_totalitarianism
9. Re:The Canadian law doesn't apply to these by munch117 · 2014-06-27 21:51 · Score: 1
  
  On the bright side, it's nice to see US companies abiding by foreign laws for a change. For far too long they've gone with the attitude "we're on US soil, so we only have to follow US law", but now they're finally waking up to the fact that they have to follow the laws of every jurisdiction they do business in, or stop doing business there.
  Is that a good thing? Case in point: The beta-free site refusing to accept donations, because then they'd have to be separately licensed to receive donations in 50 states. (section Why We Haven't Discussed Pure Donations). I worry that small and even medium size companies will just drop overseas markets, because it's too much hassle.
  Like those obnoxious .com sites that only sell to North America. Usually they don't even mention the fact that they won't sell to you until you reach checkout, and they ask you to select your state, but not your country, that's implied. These last years my impression is that there are fewer of those sites, that the world has become more connected. I'd hate to see it go the other way.
10. Re:The Canadian law doesn't apply to these by msobkow · 2014-06-27 22:43 · Score: 1
  
  It's a good thing for everyone but the US, so fuck the US.
  
  --
  I do not fail; I succeed at finding out what does not work.
11. Re:The Canadian law doesn't apply to these by cascadingstylesheet · 2014-06-27 22:54 · Score: 1
  
  On the bright side, it's nice to see US companies abiding by foreign laws for a change. For far too long they've gone with the attitude "we're on US soil, so we only have to follow US law", but now they're finally waking up to the fact that they have to follow the laws of every jurisdiction they do business in, or stop doing business there.
  So, would that include various foreign Sharia-based laws too? Censorship laws? Anti-homosexuality laws?
  Or only foreign laws that American hipsters like?
12. Re:The Canadian law doesn't apply to these by Maxwell · 2014-06-28 00:03 · Score: 1
  
  If you want to do business in countries that have laws like that, yes, of course. Why is that so hard for Americans to understand?
13. Re:The Canadian law doesn't apply to these by Anonymous Coward · 2014-06-28 00:35 · Score: 0
  
  Because we're used to our military going in and changing the laws for us whenever needed.
  'Murica!
14. Re:The Canadian law doesn't apply to these by Anonymous Coward · 2014-06-28 01:56 · Score: 0
  
  That is not sufficient to fall under CASL. http://www.crtc.gc.ca/eng/com500/faq500.htm. A security bulletin about a product is not in and of itself a Commercial Electronic Message as long as it does not contain advertising or other content designed to encourage you to make further purchases -
  What is a commercial electronic message?
  A key question to ask yourself is the following: Is the message I am sending a CEM? Is one of the purposes to encourage the recipient to participate in commercial activity?
  When determining whether a purpose is to encourage participation in commercial activity, some parts of the message to look at are:
  the content of the message
  any hyperlinks in the message to website content or a database, and
  contact information in the message.
  These parts of the message are not determinative. For example, the simple inclusion of a logo, a hyperlink or contact information in an email signature does not necessarily make an email a CEM. Conversly, a tagline in a message that promotes a product or service that encourages the recipient to purchase that product or service would make the message a CEM.
  Some examples of CEMs include:
  offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
  offers to provide a business, investment or gaming opportunity;
  promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so.
15. Re:The Canadian law doesn't apply to these by enharmonix · 2014-06-28 05:31 · Score: 1
  
  Like those obnoxious .com sites that only sell to North America.
  I live in the US and can say this is never going to change. The internet was not always international, and when it opened up to the public, .com implicitly meant the US. There are still tons of Americans who don't know a .us ccTLD even exists, and no two registrants can share a 2nd level domain in .us. There is a .co.uk but .co.us belongs to the state of Colorodo, and only one person/entity can register something similar like .com.us, so sharing a 2nd-level TLD isn't an option without a middleman. In fact, 2nd level domain registration wasn't even allowed for the public at first, so sites like google.us couldn't exist. Google had to go with .com (Google could have made a case for .net, but back then, .net belonged to ISPs and the like and people didn't jump over to that TLD until we started running out of .com's). Once 2nd-level domain names in the .us TLD opened up to the public, a lot of sites that were already well established haven't bothered to register (or at least maintain) a .us domain because everybody already has their original .com address memorized (so for example, there is no amazon.us). Kind of circular problem, you see? Companies don't use .us because people don't know about it, and people don't know about it because nobody uses it. Not going to change anytime soon.
16. Re:The Canadian law doesn't apply to these by Anonymous Coward · 2014-06-28 11:00 · Score: 0
  
  What were simple mailing lists now require an authorization database to comply.
  Right. The law puts a recordkeeping onus on the company to prove that they didn't send spam, if anybody complains. It's a pretty nasty bill, despite it seeming so desirably on it's face.
  We're doing the changes and re-collecting consent, even though everybody on our list has opted in, Many meetings with lawyers to ensure we're meeting the requirements, and their advice often begins "as I interpret the law...".
  We're not a huge company, so we're hoping to fly under the radar of all the frivolous lawsuits. This will definitely cost some big corporations millions, even though they did their best to comply with the new law.
17. Re:The Canadian law doesn't apply to these by Anonymous Coward · 2014-06-28 11:06 · Score: 0
  
  Google and Microsoft censoring Chinese search results at the request of the Chinese government is a good thing?
Government OohhHhhh by Anonymous Coward · 2014-06-27 16:25 · Score: 0

So when did it become a magic word for this big scary thing with unquestioned regulations in which asking for a plain explanation gets the evil eye.
I Hope by Anonymous Coward · 2014-06-27 16:30 · Score: 0

I hope Rod Trent didn't write the law as well.
"If you're not worried about this new law, you haven't been adequately information.[sic]"
Canada's new anti-spam act? by Anonymous Coward · 2014-06-27 16:32 · Score: 0

Does this have anything to do with the new anti-spam act coming into force in Canada on July 1st http://fightspam.gc.ca/eic/site/030.nsf/eng/home ?
There have been a lot of business scrambling here in Canada to get in compliance, after all, the fine is $1,000,000 for a personal offense, $10,000,00 for a commercial offense. Maybe Just didn't want to bother with tracking subscribers, and instead went to a protocol that was subscription based?
1. Re:Canada's new anti-spam act? by master_kaos · 2014-06-28 00:10 · Score: 1
  
  What's funny is I still haven't got emails from Futureshop/Bestbuy yet. Considering the amount they spam I am not sure what they are going to do. If I even get one email from them on or after July 1, I will be reporting them.
2. Re:Canada's new anti-spam act? by Anonymous Coward · 2014-06-28 06:22 · Score: 0
  
  If they obtained your email address through a mechanism by which you were informed that the purpose of obtaining said information was to permit them to communicate with you in the future about their services and products, AND they retain the information of your provision of said information under those terms, then they will be adequately positioned to defend themselves against your complaint...
  -AC
3. Re:Canada's new anti-spam act? by Anonymous Coward · 2014-06-28 07:58 · Score: 0
  
  What's funny is I still haven't got emails from Futureshop/Bestbuy yet. Considering the amount they spam I am not sure what they are going to do. If I even get one email from them on or after July 1, I will be reporting them.
  I've been waiting to have them sued and July 1, 2014, might be their day in Waterloo. I receive at least 2 emails each week from them, often special sales invoke additional emails.
The Failure of good intentions. by chromaexcursion · 2014-06-27 16:40 · Score: 1

Seemed like a good idea. I don't think so, but someone did.
What an absolute fail of a law.
It might work if the sender could reasonably presume that if the email address didn't end in .ca it wasn't a problem.
The cost. of defense is too high. Canada just screwed the pooch.

There may be a bright side. It will force international law to cross the internet. As this is a Canadian law, only addresses ending in .ca should matter. Of course that opens a much bigger can of worms.

Then again it could just result in an explicit opt in: I AM NOT A CANADIAN! If you check it an lie you are guilty of perjury. NO Canadians allowed.
Perhaps the future of an internet second class.

Of course I'm being melodramatic. But this law is melodramatic. Some idiot with no clue wrote it, and got it passed. It deserves derision.
1. Re:The Failure of good intentions. by governorx · 2014-06-27 16:58 · Score: -1, Redundant
  
  The only idiot without a clue appears to be you.
  Microsoft is handling it poorly. Every other company has already sent spam mails asking individuals to subscribe to get continued spam. Only Microsoft is the only company that finds this automated message to difficult to incorporate. ..and since you love spam so much how about you post your email addresses on the forum so we can oblige.
  -gov
2. Re:The Failure of good intentions. by NatasRevol · 2014-06-28 00:39 · Score: 1
  
  So, .com emails don't get sent to Canada, and shouldn't be required to follow Canadian law because they're not .ca?
  I'm pretty sure you're the one who deserves derision. And rightfully so.
  
  --
  There are two types of people in the world: Those who crave closure
3. Re:The Failure of good intentions. by KitFox · 2014-06-28 01:25 · Score: 1
  
  It's a matter of reasonable effort. How can a company determine that a given email destination is Canadian? It really can't. So Canada's laws are affecting the whole world as companies have to either give up on things that people likely actually want (security bulletins) or scramble to form opt-in databases on worldwide recipients just because of Canada.
  Just like many of the laws in the US that people scorn, this Canadian law will only hurt the legitimate people who are trying to be respectful and operate as a good company with records and such. The spammers sending pharma spam and malware spam and such are operating from locations that don't support easy tracking for applying penalties. Thus millions of people worldwide are suddenly getting flooded with requests to keep sending mail (I opted in three years ago!) just in case they might be Canadian.
  Therefore the obvious (but depressing) solution is to create borders on the internet and say "To prove you are a Canadian and protected by this Canadian law, you must have a .ca email address. Anybody who does not have a .ca email address cannot bring charges against a company sending email in violation of a Canadian law because they did not identify themselves as Canadian to be protected by the law." This is obviously not-good, but the alternative is a minefield of international laws that strangle the internet and any companies that operate on it.
  Fictional but getting less farfetched example: Some Canadian posts a picture of their dog spinning in circles on a video site. The dog is not neutered and there is a flash of anatomy at 1:33 into the video (it's a long video of dog-spinning). Person gets in legal trouble in some country that: 1: Holds content posters liable for their posts. 2: Enacts a law that prohibits the depiction of any sexual anatomy online for the protection of the children/morality/whatever. Suddenly Canadian is subject to fines/imprisonment/death-for-insults-against-the-god because of this?
  It seems like a ridiculous example now, but with the slippery slope we are heading down, it's becoming more and more possible.
  
  --
  @Whee
4. Re:The Failure of good intentions. by NatasRevol · 2014-06-28 02:28 · Score: 1
  
  Therefore the obvious (but depressing) solution is to create borders on the internet
  Just unplug your computer.
  
  --
  There are two types of people in the world: Those who crave closure
5. Re:The Failure of good intentions. by Arker · 2014-06-28 04:01 · Score: 1
  
  From what I have read (and please provide a correction link if you have one) the law only says commercial bulk email has to be requested. My comments presume this is true. Now, that's the same rule you should have been following from day one anyway, and if you were not, then shame on you, you dirty spammer! If their controls are so poor they are afraid of this law, then they should really just quit using email at all. Block it at the border router and spare the rest of us your spam.
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
6. Re:The Failure of good intentions. by nabsltd · 2014-06-28 04:40 · Score: 1
  
  It's a matter of reasonable effort. How can a company determine that a given email destination is Canadian?
  It's impossible without also collecting the user's physical address. A Canadian citizen living in Canada using a gmail.com should be covered by this law, while a US citizen living in the US who happens to have an e-mail provider with servers located in Canada should not be covered by the law.
7. Re:The Failure of good intentions. by KitFox · 2014-06-28 04:54 · Score: 1
  
  It's a matter of reasonable effort. How can a company determine that a given email destination is Canadian?
  It's impossible without also collecting the user's physical address. A Canadian citizen living in Canada using a gmail.com should be covered by this law, while a US citizen living in the US who happens to have an e-mail provider with servers located in Canada should not be covered by the law.
  Which brings the whole can of worms into things. Give your address and how do you verify it's accurate? Puts a major burden on companies and other legitimate places and doesn't discourage the actual abusers at all.
  
  --
  @Whee
8. Re:The Failure of good intentions. by Teun · 2014-06-28 06:32 · Score: 1
  
  It's a matter of reasonable effort. How can a company determine that a given email destination is Canadian? It really can't. So Canada's laws are affecting the whole world as companies have to either give up on things that people likely actually want (security bulletins) or scramble to form opt-in databases on worldwide recipients just because of Canada.
  No, it's a matter of being a decent business partner, regardless of the country you do business in, as a company with moral standing you give the options of opt-in and opt-out.
  In the EU it's been that way for several years and it caused no grief to any company that does value it's customers.
  
  --
  "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
9. Re:The Failure of good intentions. by KitFox · 2014-06-28 08:25 · Score: 1
  
  It's a matter of reasonable effort. How can a company determine that a given email destination is Canadian? It really can't. So Canada's laws are affecting the whole world as companies have to either give up on things that people likely actually want (security bulletins) or scramble to form opt-in databases on worldwide recipients just because of Canada.
  No, it's a matter of being a decent business partner, regardless of the country you do business in, as a company with moral standing you give the options of opt-in and opt-out.
  In the EU it's been that way for several years and it caused no grief to any company that does value it's customers.
  Many of the companies scrambling already have double-opt-in to get in and very thorough opt-out options (Reply, click in any one of three places, idle detection auto-culling, etc.). So why are they scrambling? Because being a decent business partner is not good enough for the law. And again, the people it won't affect are the Canadian Pharma spammers (as an excellent example, since I'm staring at one's email in my spam box right now) who operate outside the law and know it and don't care. Decent business partners screwed. Actual spam still there. Can of worms with people affected by one country. Part of the reason there are so many US-Only sellers. They won't sell anything to the rest of the world because there are so many countries that would suddenly try to extradite the owners of the site for eyeball removal or something*.
  (*Eyeball removal is not common, but a rat's nest of laws, many of which contradict each other, is out there, making the cost of allowing people from other countries much more expensive than the margin allows for.)
  
  --
  @Whee
10. Re:The Failure of good intentions. by Anonymous Coward · 2014-06-28 11:13 · Score: 0
  
  You're posting second-hand aphorisms without actually thinking about what you are being told here.
CASL bad law and affects more than email by Anonymous Coward · 2014-06-27 16:55 · Score: 1

In addition to email the CASL also affects social media, instant messaging, sms, voice messaging.
Read an article that if you just reply to a tweet to someone you could be fined under this law that is insane. So tweeting as person can land up to $1 million dollar a fine and a company $10 million that is crazy.
This really kills nearly all email applications. I have some double optin subscriber lists but now they are useless since I never asked what country the user was from. I can resend out a permission pass to ask for permission and hopefully get the country information as well. But that will affect the number of subscribers since some may not notice they have to reoptin againÃÂ¦
I can block .ca domain from my lists but that does not solve the issue since there are Canadian users not using .ca domains.
\
Hopefully this law will be tweaked it needs a lot of work and will hurt consumers/businesses and in the end. And will not stop spam at all. since the botnets/virus writers do not care about the law.
1. Re:CASL bad law and affects more than email by Arker · 2014-06-28 04:07 · Score: 1
  
  "I have some double optin subscriber lists" You sound like a spammer. The nonsensical phrase 'double optin' points strongly in that direction. That is a phrase invented by spammers to describe 'opt-in' while implying that it is an unreasonable burden. If your lists really are opt-in then the list should not affect you. It does not to the best of my knowledge require you to know or care what country your recipients are in, as long as you are not spamming to any country, then you will also not be spamming to Canada in the process.
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
2. Re:CASL bad law and affects more than email by Anonymous Coward · 2014-06-28 04:27 · Score: 0
  
  What are you talking about? You sound clueless.
  Double optin is the standard for email marketing. A person signs up via a form/product then they confirm their subscription with a link sent to their email there is nothing spammy about that at all.
  Single optin is just filling out a form without confirming the email.
  Did you read the law at all?
  There are many rules such as you can only contact existing people for 2 years. So now we have to keep track of subscribers in Canada. God forbid if I send them an email 2 years and a day later.
  Leads/prospective clients for only 6 months.
3. Re:CASL bad law and affects more than email by nabsltd · 2014-06-28 04:53 · Score: 1
  
  The nonsensical phrase 'double optin' points strongly in that direction.
  That phrase is just a shorter way of saying "opt-in plus confirm". If a website gets a request for adding an e-mail address to their list, sends a "confirm that you really wanted this" e-mail to the address, and doesn't send any more e-mail unless you click the link and confirm, they definitely aren't a spammer. Honestly, anybody who has a true opt-out that really stops e-mail isn't a spammer...they just aren't as nice as the ones who require opt-in for everything.
  I use a separate e-mail address for every website I deal with, and I can tell you that with over 500 e-mail addresses, only one or two has ever had a problem where I couldn't opt-out of marketing e-mail. OTOH, my real e-mail address (that only friends have) gets lots of true spam attempts. When you run your own e-mail server, you get to see what really happens, and the reality is that legitimate companies already try to do the right thing as far as opt-in/opt-out.
  And, e-mail isn't really a big deal...I'm much more annoyed by companies that auto-check the "remember my payment information" box, and then require you to jump through hoops to change to a different payment method on the next purchase.
4. Re:CASL bad law and affects more than email by Arker · 2014-06-28 14:40 · Score: 0
  
  "That phrase is just a shorter way of saying "opt-in plus confirm". If a website gets a request for adding an e-mail address to their list, sends a "confirm that you really wanted this" e-mail to the address, and doesn't send any more e-mail unless you click the link and confirm, they definitely aren't a spammer." That is opt in. There is no plus, this is the minimum required for an opt in list. If you just put up a form that says 'add me' and add them that is NOT an effective opt-in, that is simply blind spamming. This is because anyone that knows (or can guess) your email can sign you up for anything without you actually opting for this in any sense of the word. So the 'confirm' is not some sort of extra requirement, above and beyond opt-in, it's *an integral part of the opt-in process*. "Honestly, anybody who has a true opt-out that really stops e-mail isn't a spammer" Wrong. Anyone that sends spam is a spammer. Spam is unsolicited bulk email. If you are sending bulk email to people that you do not know for a fact actually signed up to receive it then you are a spammer. An opt-out link after the fact, even if it would hypothetically work should anyone be stupid enough to click it does nothing whatsoever to change that fact. You know you should never click those, right? that just confirms the address is read. EVEN IF they take you off that one list, they turn around and sell it to the other spammers as a premium address at that point and you get on a dozen other lists instead. Really, use your brain and think about the consequences if what you said was true. I would be able to sign you up for mailing lists all day, every day, and you couldnt do anything to stop it other than change your address. And as soon as I found your new address it would be in the same shape. Even if every remove link worked, and even if using it didnt just get you more spam, it would STILL be unreasonable to expect you to spend all day unsubscribing to all the crap I spend all day signing you up for. And it's still absolute nonsense to claim YOU opted in to anything when I put your email in and you were never asked whether or not you actually wanted it in.
  
  --
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Friends don't let friends enable ecmascript.
RSS makes a LOT more sense. by Anonymous Coward · 2014-06-27 16:58 · Score: 0

It's much easier to incorporate into my workflow.
Nice article by phorm · 2014-06-27 17:23 · Score: 1

They could use a grammar check though:
If you're not worried about this new law, you haven't been adequately information
Someone invented some extra penalties by Cabriel · 2014-06-27 17:42 · Score: 1

I read through the actual law and I don't see anywhere that specifies each CEO and officers of a violating company can be fined. The law specifies "individuals" can be fined up to $1million, and "any other person" (presumably corporations-as-people) can be fined up to $10million.
Anyone care to clue me in?
Actual FULL text of the law: http://laws-lois.justice.gc.ca...
1. Re:Someone invented some extra penalties by Anonymous Coward · 2014-06-27 18:21 · Score: 1
  
  Sections 31-33 (under "Rules About Violations") determine who it is that can be found in violation (including "An officer, director, agent or mandatary of a corporation...", etc.). Basically, they say that directors and officers can be found in violation if they were involved in the contravention, if anyone working under them was involved in the contravention, or if they knew of the contravention and failed to act against it.
  Section 24 specifies that those found in violation, as above, can be assessed financial penalties.
  Section 20, the part you seem to have been looking at, specifies upper limits to what those penalties can be ($1,000,000 in the case of a penalty levied against an individual and $10,000,000 in the case of penalties levied against a company as a whole), and the factors to be taken into account when determining what the penalties should be in any particular case.
Blame the spammers by Z00L00K · 2014-06-27 17:47 · Score: 1

Blame the spammers that fake the senders. Microsoft is a popular faked sender, and then the junk mail filters throws away the mails and nobody sees the patch info mail.

--
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
it's a good law by Anonymous Coward · 2014-06-27 17:50 · Score: 0

one of the few good things harper dictatorship has done. shame on other govts for not doing something similar.
1. Re:it's a good law by Anonymous Coward · 2014-06-28 06:43 · Score: 0
  
  You're clearly not involved in the operation of a small or medium business. This law is stupid-beyond-measure and DRAMATICALLY affects NORMAL DAY-TO-DAY business operations and imposes a MASSIVE burden on these companies, and the impact on ACTUAL SPAM will be virtually NOTHING as most of it originates (WAY) offshore from shadowy organisations that will NEVER be held to account for their actions. \
  This is NOT a good law for Canadians, nor especially Canadian BUSINESSES, especially SMALL BUSINESSES who have to try and understand the law, and find ways to stay in compliance with it, which will usually amount to substantial new, confusing and costly overheads for them.
  -AC
2. Re:it's a good law by Anonymous Coward · 2014-06-28 08:06 · Score: 0
  
  You're clearly not involved in the operation of a small or medium business. This law is stupid-beyond-measure and DRAMATICALLY affects NORMAL DAY-TO-DAY business operations and imposes a MASSIVE burden on these companies, and the impact on ACTUAL SPAM will be virtually NOTHING as most of it originates (WAY) offshore from shadowy organisations that will NEVER be held to account for their actions. \
  This is NOT a good law for Canadians, nor especially Canadian BUSINESSES, especially SMALL BUSINESSES who have to try and understand the law, and find ways to stay in compliance with it, which will usually amount to substantial new, confusing and costly overheads for them.
  -AC
  All your company requires is a database to track the status of email permission. Once a year you can run a script to purge all non-subscribers or simply filter them whenever doing a mass email campaign. JC Penny has been using this approach for at least a decade and a half.
3. Re:it's a good law by Anonymous Coward · 2014-06-28 09:26 · Score: 0
  
  All your company requires is a database to track the status of email permission
  Oh, thank goodness that's ALL I need! ... and for the LEGIONS of mom-and-pop shops that are still using cash registers, and have a pc that they use for Excel and sending out emails to their customers, I'm SURE that simply creating a database and managing it effectively is like, NO PROBLEM AT ALL... I bet they'll just whip that shit up in seconds and have it running flawlessly without hardly any expenditure of effort! Not like they'll have to figure out WTF a database even IS, or how to define an efficient Schema, or management interface... It's not like understanding how to implement, permit, manage and perform subscription and un-subscription will represent a significant change to the way they conduct their daily business right? After all, this stuff is child's play, anyone can do it right? I bet that they'll be able to whip it all together without even breaking a sweat right?
  You sir, are an idiot... I support DOZENS of small businesses and complying with this legislation is a MAJOR headache for EVERY ONE of them...
  -AC
RSS makes a LOT more sense. by Anonymous Coward · 2014-06-27 17:58 · Score: 0

RSS makes it easier to focus on relevant information. Speaking of which, when they fix the bug of /. beta not showing the titles completely, I'll be much happier person.
Never Got MS E-mails by DERoss · 2014-06-27 18:00 · Score: 4, Informative

I never got E-mails from Micro$oft about updates, vulnerabilities, etc. Instead, I have an RSS feed from US-CERT (computer emergency response team), an agency of the U.S. Department of Homeland Security. (Yes, they do have a few useful functions.) US-CERT not only notifies me about Micro$oft's alerts and provides links to them, but that agency also notifies me of alerts from other companies.
The link to subscribe to the RSS feed is http://www.us-cert.gov/ncas/cu....
1. Re:Never Got MS E-mails by Anonymous Coward · 2014-06-28 05:54 · Score: 0
  
  I never got E-mails from Micro$oft about updates, vulnerabilities, etc. Instead, I have an RSS feed from US-CERT (computer emergency response team), an agency of the U.S. Department of Homeland Security. (Yes, they do have a few useful functions.) US-CERT not only notifies me about Micro$oft's alerts and provides links to them, but that agency also notifies me of alerts from other companies.
  The link to subscribe to the RSS feed is http://www.us-cert.gov/ncas/cu....
  I think it is funny that you put a $ sign in Microsoft with annual income of about 100 billion while you give the US government a pass with annual income of over 3 trillion.
IDK or is it care? by cyberzephyr · 2014-06-27 18:29 · Score: 0

I have to look at this tomorrow so i'm stepping out. For many reasons.

--
I'm here for the experience, not the Hyperbole.
1. Re:IDK or is it care? by cyberzephyr · 2014-06-28 16:24 · Score: 1
  
  All i was saying is that i was tired. I really don't care what you thought.
  
  --
  I'm here for the experience, not the Hyperbole.
Another suspicious notification? by Anonymous Coward · 2014-06-27 19:44 · Score: 0

This definitely looks like microsft is going underground.
sudo apt-get install xubuntu-desktop #already by tepples · 2014-06-27 21:32 · Score: 2

I don't see how. Just as Windows has Classic Shell, Linux has Xfce.
1. Re:sudo apt-get install xubuntu-desktop #already by jones_supa · 2014-06-28 00:45 · Score: 1
  
  As an extra tip for anyone using XFCE, it's a good idea to disable the integrated compositor and use Compton instead. The default XFWM4 compositor uses XRender which often causes tearing.
NX and SSE2 by tepples · 2014-06-27 21:37 · Score: 2

That system requirements increased very little since Windows Vista is mostly true. Windows 8.1 added the requirement for NX and SSE2 support in the CPU. Do all Atom CPUs support those?
1. Re:NX and SSE2 by Blaskowicz · 2014-06-28 00:22 · Score: 1
  
  They do. Intel never crippled away these feature ; most Pentium 4 don't have NX but it is commonly found on late Pentium 4 Celeron (which can be 64bit even)
  Parent might have a Celeron 440 or 450 (core 2 solo) and that's another beast. Excellent CPU with low power use, still actually worth using.
Don't care either way by Anonymous Coward · 2014-06-27 22:00 · Score: 0

Apple has never really addressed patches or pre notifications of updates or security fixes. So I personally do not need a email to inform me of any with Windows.
I am sure I could find a few web sites that would report the updates anyway or I could bookmark the Microsoft link to those updates.
I like the way Google does updates with Chrome OS, just put them out there and if you want to know what was installed go to the Chrome OS blog and look it up.
The average user does not really care about updates at a detailed level. Only geeks, IT pros, and the hackers who have been exploiting a hole.
1. Re:Don't care either way by tepples · 2014-06-27 22:41 · Score: 1
  
  I think the reason for advance notifications of updates is that they 1. require interrupting the user's work flow to restart the computer and 2. can break programs that were inadvertently relying on underspecified behavior.
2. Re:Don't care either way by Andreas+Mayer · 2014-06-27 23:29 · Score: 1
  
  Apple has never really addressed patches or pre notifications of updates or security fixes.
  https://lists.apple.com/mailma...
3. Re:Don't care either way by NatasRevol · 2014-06-28 00:43 · Score: 1
  
  And you have to opt-in. So they're already in compliance with the law.
  
  --
  There are two types of people in the world: Those who crave closure
4. Re:Don't care either way by cdwiegand · 2014-06-29 06:02 · Score: 1
  
  Nope! Just because they're "opt-in" doesn't mean they're in compliance. You have to TRACK that optin, exactly which list, and you can only use that list for the SPECIFIC activity - not even a footer mentioning a new product you've come out with if that list's description on the optin page doesn't say ", and new products as released!" So if you sign up for a security patches/updates list, they can ONLY send you that information - absolutely nothing else commercial. Not even a single line. Want to mention that Windows 8.2 isn't affected? Could be seen by a judge as commercial - you're trying to upsell the customer. Also you can't email someone more than 2 years after getting their permission, so now you'll see annual "review your subscriptions or we'll cut you" emails to ensure the lists stay clean.
  
  --
  . Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
Saying that this is about the anti-spam laws is ju by Anonymous Coward · 2014-06-27 23:50 · Score: 0

There is no proof, the article makes no link except that the date is the same.
If you think that it's true that this is about the anti spam laws then you haven't been adequately information.
Re:everything is commercial by Maxwell · 2014-06-28 00:00 · Score: 1

The definition of CEM is so broad, that just about anything from a vendor will be commercial. Even if there is no expectation of profit, simply inviting someone to do something is "commercial" and requires two stage opt-in.
It's overly broad to prevent weaseling around it, but it will take a few court cases to actually define it better.
Microsoft has no good, centralized, newsletter or list management system. So they are stuck with a blanket ban/switch to rss for now.
Re:CASL case study right here... by Maxwell · 2014-06-28 00:08 · Score: 1

You sound like a case study in why the law was needed. You have no idea who is on your marketing list, no idea where they are in the world, or whether they even want your emails, or how they got on your lists in the first place. Bad law for you, great law for anyone you happen to be spamming. Be prepared for a flood of unsubscribe requests!
CAN-SPAM by Anonymous Coward · 2014-06-28 00:59 · Score: 0

I've been getting emails all day that say "we cant send to you after the first! hit yes to confirm! Please!
Fuck. That. I didn't sign up in the first place for most of them.
Re:CASL case study right here... by Anonymous Coward · 2014-06-28 01:40 · Score: 0

I know how they are added from our newsletter signup page/customer purchases but we never had/asked for the country they are from on our newsletter signup page.
Very few newsletter signup places ask for the country on a signup form.
The default form builder on constantcontact does not include country.
I can look at most major sites and they do not ask for country on newsletter signup either...
The law will be overturned one way or another once the lawmakers realize it unenforceable and the true backlash is heard. This is just the tip of the iceberg with no more security updates from Microsoft how many other vendors will follow next.
It's really not that difficult to comply with CASL by Anonymous Coward · 2014-06-28 01:47 · Score: 0

And using it as an excuse is pretty lame. IANL but I am familiar with CASL. All you need to do is --
1) After July 1, begin requiring opt-in confirmation (express consent) for all new signups
2) For members of your list that signed up prior to July 1, you have 3 years to send them an email asking for express consent. You can continue e-mailing them within this window as long as they don't opt-out.
3) For people who do business with you after July 1 that give you their email address through some means other than express consent (signing up for your service, make a purchase, etc), you have 2 years to obtain express consent during which you can continue emailing them as long as they don't opt out. Though, its easier to just go ahead and get express consent at this point if it's feasible. Business card exchanges at conferences, trade shows, etc might make this difficult.
Note also that CASL isn't limited to email. It's _any_ electronic communication of a commercial nature. Twitter DM, Facebook, ...
Diligence vs. Negligence maybe? by RudySolis · 2014-06-28 01:48 · Score: 0

Having recently been working for a Fortune X company, I know there are legal concerns with 'knowing' about vulnerabilities. Where my mind went reading this wasn't to SPAM type laws but to companies' current direction (especially after Target) of opting to 'not know' about security vulnerabilities versus 'knowing but not fixing' vulnerabilities.

I believe the direction is that you can prove you are being 'due diligent' by patching your systems...but if you scan for missing patches, or in this case subscribe to a newsletter telling you about security vulnerabilities and know about them...by not patching "them all" you are "negligent". Since our legal and governance bodies typically don't understand the complexity around currency and the fact that past business decisions have left companies in a difficult patch/break cycle, we're being directed to a 'don't know, don't tell' mentality.

Perhaps, by subscribing to RSS feeds rather than email notifications (more discoverable on corporate servers) versus a reaching out and pulling down of RSS feeds on an individual basis is (a) reason that Microsoft is driving in this direction. Seems strange they would restrict distributing information for the sake of other organizations, but nonetheless could be (a) determining consideration.

Being a security professional I disagree with this mindset and hope our legal systems recognizes that ignorance is not defensible and attempting to keep technology current and identifying risks where that cannot be accomplished is a must better security posture than 'not knowing'.
Microsoft throwing a temper tantrum by bmo · 2014-06-28 05:51 · Score: 1

"Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website."
WindowsIT Pro blames Canada's new anti-spam law.
Really now? Fucking really?
Here is the exception that applies directly.

Exception
(6) Paragraph (1)(a) does not apply to a commercial electronic message that solely
(c) provides warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased; ...
(f) delivers a product, goods or a service, including product updates or upgrades, that the person to whom the message is sent is entitled to receive under the terms of a transaction that they have previously entered into with the person who sent the message or the person â" if different â" on whose behalf it is sent;

So what is (1)(a)?

(1) It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless
(a) the person to whom the message is sent has consented to receiving it, whether the consent is express or implied
Sending warranty, security, recall, update information is legal whether consented to or not.
Blaming this law "oh god, we don't know if it's legal to send security alerts!" means that they are either incompetent and can't read, or they're lying and throwing a temper tantrum.
Fuck Microsoft and Windows IT Pro.
--
BMO
Re:CASL case study right here... by Anonymous Coward · 2014-06-28 06:37 · Score: 0

Microsoft will still issue security updates, they're just not going to email anyone details of what's in them anymore. That information is still available however, via RSS or website, so Microsoft isn't stopping ANY provisioned services, they're just dropping one particular medium of delivery...
-AC