Slashdot Mirror
Microsoft Suspending "Patch Tuesday" Emails
New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.
I don't know why subscribe and unsubscribe would not satisfy those laws but apparently MS is convinced they don't... so...
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
That's the way it should be. If you want to subscribe to something, use RSS. That's totally under the control of the recipient. If you unsubscrbe from an RSS feed, there's no way the sender can keep sending to you.
It's easy to follow an RSS feed if you're using Thunderbird; a bit harder if you're a Google slave.
Only emails of a commercial nature are banned without opt-in.
A security notice is not an email of a commercial nature, unless it also contains marketing offers etc.
Where are we going and why are we in a handbasket?
Seemed like a good idea. I don't think so, but someone did. .ca it wasn't a problem.
.ca should matter. Of course that opens a much bigger can of worms.
What an absolute fail of a law.
It might work if the sender could reasonably presume that if the email address didn't end in
The cost. of defense is too high. Canada just screwed the pooch.
There may be a bright side. It will force international law to cross the internet. As this is a Canadian law, only addresses ending in
Then again it could just result in an explicit opt in: I AM NOT A CANADIAN! If you check it an lie you are guilty of perjury. NO Canadians allowed.
Perhaps the future of an internet second class.
Of course I'm being melodramatic. But this law is melodramatic. Some idiot with no clue wrote it, and got it passed. It deserves derision.
In addition to email the CASL also affects social media, instant messaging, sms, voice messaging.
Read an article that if you just reply to a tweet to someone you could be fined under this law that is insane. So tweeting as person can land up to $1 million dollar a fine and a company $10 million that is crazy.
This really kills nearly all email applications. I have some double optin subscriber lists but now they are useless since I never asked what country the user was from. I can resend out a permission pass to ask for permission and hopefully get the country information as well. But that will affect the number of subscribers since some may not notice they have to reoptin againæ
I can block .ca domain from my lists but that does not solve the issue since there are Canadian users not using .ca domains.
\
Hopefully this law will be tweaked it needs a lot of work and will hurt consumers/businesses and in the end. And will not stop spam at all. since the botnets/virus writers do not care about the law.
This is just a guess, but I believe your assessment why you were modded down is correct. Making comments that might offend people has consequences.
Your post is off topic, and bashes Microsoft for things not relevant. As for your previous posts, having modded comments, previous posts are pretty much impossible to find. Modding is based on the current comment.
I'm not a fan of Microsoft. I've been playing and working with computers since before Microsoft existed. I've posted on this thread. Canada is the party at fault, Microsoft is just responding to a stupid law.
I love bashing Microsoft, but the pickings have been slim lately, they're failing. They won't go out of business, but their clout is gone.
They could use a grammar check though:
If you're not worried about this new law, you haven't been adequately information
Canada is the party at fault, Microsoft is just responding to a stupid law.
Whats stupid about requiring people to opt-in? Microsoft could always add an unsubscribe option and ask Canadians if they want to receive their spam.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
I read through the actual law and I don't see anywhere that specifies each CEO and officers of a violating company can be fined. The law specifies "individuals" can be fined up to $1million, and "any other person" (presumably corporations-as-people) can be fined up to $10million.
Anyone care to clue me in?
Actual FULL text of the law: http://laws-lois.justice.gc.ca...
Blame the spammers that fake the senders. Microsoft is a popular faked sender, and then the junk mail filters throws away the mails and nobody sees the patch info mail.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I never got E-mails from Micro$oft about updates, vulnerabilities, etc. Instead, I have an RSS feed from US-CERT (computer emergency response team), an agency of the U.S. Department of Homeland Security. (Yes, they do have a few useful functions.) US-CERT not only notifies me about Micro$oft's alerts and provides links to them, but that agency also notifies me of alerts from other companies.
The link to subscribe to the RSS feed is http://www.us-cert.gov/ncas/cu....
The same thing happened in the Windows world. Windows 7 was faster than Vista, and Windows 8 was faster than Windows 7. Each new version got better with their use of resources, although the system requirements remained the same for the three versions (1 GHz CPU, 1GB RAM for 32bit, 2GB for 64bit) except for hard drive use with went up by 1GB per release.
When I first tried the beta of Windows 8, the only computer that I had spare was a 2GHZ Celeron with 1GB RAM and a slow hard drive (I think that it was from 2006). It was slow to boot, but once loaded I was astounded how well it worked. I wouldn't use it for day-to-day operations, but it wasn't too far out of the ball park for speed. It didn't stop me hating the user interface (and I still do), but the actual performance did surprise me having been used to the idea (like you were) that each version in the past had got slower and slower.
I don't see how. Just as Windows has Classic Shell, Linux has Xfce.
That system requirements increased very little since Windows Vista is mostly true. Windows 8.1 added the requirement for NX and SSE2 support in the CPU. Do all Atom CPUs support those?
I think the reason for advance notifications of updates is that they 1. require interrupting the user's work flow to restart the computer and 2. can break programs that were inadvertently relying on underspecified behavior.
Apple has never really addressed patches or pre notifications of updates or security fixes.
https://lists.apple.com/mailma...
The definition of CEM is so broad, that just about anything from a vendor will be commercial. Even if there is no expectation of profit, simply inviting someone to do something is "commercial" and requires two stage opt-in.
It's overly broad to prevent weaseling around it, but it will take a few court cases to actually define it better.
Microsoft has no good, centralized, newsletter or list management system. So they are stuck with a blanket ban/switch to rss for now.
You sound like a case study in why the law was needed. You have no idea who is on your marketing list, no idea where they are in the world, or whether they even want your emails, or how they got on your lists in the first place. Bad law for you, great law for anyone you happen to be spamming. Be prepared for a flood of unsubscribe requests!
What's funny is I still haven't got emails from Futureshop/Bestbuy yet. Considering the amount they spam I am not sure what they are going to do. If I even get one email from them on or after July 1, I will be reporting them.
And you have to opt-in. So they're already in compliance with the law.
There are two types of people in the world: Those who crave closure
I think you must be confused, Linux requires none of the things you just mentioned, and neither does a linux-based OS.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Canada is the party at fault, Microsoft is just responding to a stupid law.
Whats stupid about requiring people to opt-in?
Because this law (and any anti-spam law) is just like DRM...it only really affects honest people.
Large companies like Microsoft generally try not to "spam" you. Yes, you may technically receive an unwanted e-mail from them, but they do use some sort of opt-in right now. On the other had, true spammers don't care...they are just blasting e-mail to any e-mail address they can get their hands on. Then, when it comes time to enforce the law, only companies that are easy to find will actually be prosecuted...the fly-by-night spammers will never be bothered by this law, and if they are, it's likely they won't end up paying any penalties anyway, as their assets won't be as easy to find.
What this law does is make any company that wants to send you e-mail have to have opt-in plus confirm for every change of preferences, plus they will have to keep a lot more information about you, and this law seems to prohibit them from giving you a choice to receive "non-related" e-mail. Every e-mail under this law must fit a narrow category for which you opt-in. So, if you signed up for e-mail about "Windows 8.1", if MS releases "Windows 8.2", they cannot send you an e-mail in the "Windows 8.1" category that says "hey, Win 8.2 is out, it's great". This means that their categories will end up being broader, and this will inevitably result in more spam complaints about them, as they would "annoy" people by sending Windows 8 info on the "Windows" list, when all some people want is Windows 7 info.
A small business/website will be impacted even more. I recently got an update from a website that said they had partnered with a different company for their Android app, so the old app won't work anymore, and you'd have to download the new one separately. How in the world could I have opted-in to that e-mail before the fact, since blanket opt-in isn't permitted by this Canadian law. A few complaints from Canadian users, and this small site would have been bankrupted by the fines.
And, again, real spammers won't have to care about any of these issues, and you will still get phishing e-mail from "Expedited Shipping" about "Delivery Notification".
WindowsIT Pro blames Canada's new anti-spam law.
Really now? Fucking really?
Here is the exception that applies directly.
So what is (1)(a)?
Sending warranty, security, recall, update information is legal whether consented to or not.
Blaming this law "oh god, we don't know if it's legal to send security alerts!" means that they are either incompetent and can't read, or they're lying and throwing a temper tantrum.
Fuck Microsoft and Windows IT Pro.
--
BMO
OK, another case of a good idea and bad implementation. Probably would have been better just to require commercial mail to have a clear opt out, which it seems to me most legitimate commercial email all ready has.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
All i was saying is that i was tired. I really don't care what you thought.
I'm here for the experience, not the Hyperbole.
Nope! Just because they're "opt-in" doesn't mean they're in compliance. You have to TRACK that optin, exactly which list, and you can only use that list for the SPECIFIC activity - not even a footer mentioning a new product you've come out with if that list's description on the optin page doesn't say ", and new products as released!" So if you sign up for a security patches/updates list, they can ONLY send you that information - absolutely nothing else commercial. Not even a single line. Want to mention that Windows 8.2 isn't affected? Could be seen by a judge as commercial - you're trying to upsell the customer. Also you can't email someone more than 2 years after getting their permission, so now you'll see annual "review your subscriptions or we'll cut you" emails to ensure the lists stay clean.
. Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
Have you actually read the law? This seems like a ton of FUD.
At any rate some Canadian companies have behaved horribly when it comes to email. I have had problems with companies refusing to change a mistyped email address unless I was the confirmed (with security questions) account holder and some not even bother to check if the recipient mail server even accepted the message for over a year.