Slashdot Mirror
Microsoft Kills Off Security Bulletins (computerworld.com)
Microsoft has officially retired the security bulletins this week, which were issued to detail "each month's slate of vulnerabilities and accompanying patches for customers -- especially administrators responsible for companies' IT operations," writes Gregg Keizer via Computerworld. "The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them." From the report: Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday, and that the new process would debut Feb. 14. A searchable database of support documents would replace the bulletins. Accessed through the "Security Updates Guide" (SUG) portal, the database's content can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document. SUG's forerunners were the web-based bulletins that have been part of Microsoft's patch disclosure policies since at least 1998. Microsoft did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors.In February Microsoft canceled that month's Patch Tuesday just hours before the security updates were to reach customers, making the bulletins' planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG. Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.
Fuck Microsoft.
Burn the motherfucker down.
They're not really gone, they've just moved them into a searchable "security guidance" website. You can still find them and read through all the technical details.
RARE FACT. There is a secret parallel set of advisories still for various invited parties. Historically this is a small set of institutions, and large companies. All sworn to secrecy. But I will divulge one long time member.. the US Navy. I know other members.
The problem with the early info is that diffs could be made from a patch's results to reveal the actual exploit BEFORE a Patch Tuesday. Essentially a white hat zero day source. Thus the very limited nature of invitees to this pre patch security list program.
I bet the inner sanctum still will get advisories and not have to blindly hunt a database constantly. I'd bet and be correct!
This fact above will get left at 0 or buried at -1 because slashdot readers never scan and moderate correctly for anons as they ought to.
Nice try Satan Nutella
Looks like someone is demonstrating the security of Windows' copy-and-paste function!
Get some new lawyers. There's no reason your code developed or compiled with GPL tools is required to also be licensed under the GPL according to the GNU GPL FAQ
"Can I use GPL-covered editors such as GNU Emacs to develop nonfree programs? Can I use GPL-covered tools such as GCC to compile them?
Yes, because the copyright on the editors and tools does not cover the code you write. Using them does not place any restrictions, legally, on the license you use for your code."
You couldn't be more wrong. Acceptance of the Gnu Eula requires a vow of poverty. You must not make any money by use of Gnu software such as Emacs and gcc. In fact, use of Gnu in the financial sector is strictly forbidden for any reason. The vow of poverty has been proven enforceable by highly respected academic professors of law, and you risk total asset forfeiture if you violate it. Should you choose to use Gnu, you must follow the lifestyle of the project founder Stained Dick "Bathroom" Stall-Man. His way is the simple way of coding all night, sleeping all day, begging on the street, and eating his own shit. You too can be a successful follower of the luminary figure "Bathroom" Stall-Man, as soon as you renounce money.
We fix everything that's important. We log everything that's important. We come on every computer you own by default. Why do you not trust us and accept your fate?
Related link: "To Serve Man". There's also a book if your attention span is over 24 minutes.
You clearly need more competent lawyers.
Linux is licensed under GPLv2. Ergo, if you distribute a binary build to someone, you are obliged to provide them with the source as well. If you are making modifications for your own internal use, the only person you need distribute the source to is yourself.
The entire purpose of the GPL is to prevent the mindset of "we want to leech off this free and open thing, but keep our changes private", and from that point of view it is working exactly as intended. (There is also no chance of Linux being relicensed under something else, because a) organising that many copyright holders to agree to a change is infeasible and b) the management are happy with the status quo.)
Microsoft = Job Security
same thing with all the patch descriptions available on the windows update client. absolutely no details. even kb articles are often lacking.
then came "rollups" that don't say a damn thing about themselves or their contents, either, unless you go look for the info
and now we have monthly 'catch all' updates, again NO FUCKING INFO AVAILABLE.. and more often than not, even when you go looking for the details, still nothing.
combine that with now obscuring security announcements
and the force feeding of updates (even non security non bugfix varieties)
and windows ecosystem, as 'supported' by microsoft, is absolute and total shit. whereas before it was just trash. but at least it was trash you could pick through to find the bits and pieces you actually wanted.
Internal use doesn't require publication.
You need to see a better lawyer.
No it doesn't.
Your code is your code.
My code is my code.
I only require you to publish modifications to MY CODE.
Independent programs are not covered since they don't use MY CODE.
BtW, the "financial sector" is using Linux for the stock exchanges.
So obviously they are using linux without any problems.
"Security" Bulletins
there, fixed that there for you...
This is why windows SUGs O.o
RARE FACT
Do not spread!
Big customers get perks, go figure. Those big contracts allow M$ to hire people to publish and manage the security info.
-- I have a private email server in my basement.
Facts are not allowed on slashdot! Get out of here you menace!
Why does Microsoft hate its user base so much?
Really, if this isn't one of the most anti-user things they've done (besides Windows 10) then I don't know what is.
It seems like every week they find a new way to say "Fuck you!" to their users.
Just cruising through this digital world at 33 1/3 rpm...
This fact above will get left at 0 or buried at -1 because slashdot readers never scan and moderate correctly for anons as they ought to.
Fucking racists.
Linux switches its license to something a little more fair
I don't know why I'm feeding a troll and and AC besides, but the licensing for Linux is about as fair as it comes. You can use it for free, you can do anything legal with it you wish, and you can profit internally all you want, and you can't take away someone else's rights to do the same.
I suppose you think Microsoft or Apple's proprietary licenses are fair.
I would mod you up - but then your a anon___coward, good post though.
Get up!
What's the point of this?
To hide vulnerabilities from hackers, so that people who simply refuse to update Windows can't be targets?
Is that it?
READY.
PRINT ""+-0
Hooray, yet another EULA I have to sign.
Lot of people complain about stuff they never used anyway. I hardly ready the bulletins even when Microsoft published them. Of course my complaint is not about what is in a security update but its the crap Microsoft is placing in Windows updates that is not security or function related of the operating system. Microsoft seems to take advantage of Windows update these days to push whatever it wants through that conduit. This is more concerning than not being able to read a security bulletin.
The reason is quite simple: these are no longer security patches.
Remember the IE11 vulnerability patch on Windows 7 that turned out to also nag you to update to Windows 10? Expect more of those . Or the recent case when Win7 and Win8.1 users were purposefully blocked out of updates on AMD Ryzen and Intel Kaby Lake (if I remember the right lake) computers with a "security" update? Expect more of these sabotages. I won't even detail the part where the QC is so disgustingly bad they also blocked out the legit and should-be-supported AMD Charrizo users with said patch. Expect more bugs and failures.
Been reading it for 10 years, but just recently the quality of comments has gone right down. I'd say 80% of the above comments were just trolling each other. And its like that for most stories I read recently. Wise up or this place is going the same way as Digg.
I have excellent Karma and I am not afraid to Troll it.
>> Acceptance of the Gnu Eula requires a vow of poverty. You must not make any money by use of Gnu software such as Emacs and gcc
B.S. FUD
There's no such thing as a "Gnu Eula"
You are encouraged to make money with GCC.
You can sell it.
aaaaaaa
Well that gets a little fuzzy to a competent lawyer when trying to determine "internal" use only. The way the GPL is written it does not specify what "distribution" actually means and uses the terms "convey" and "propagate" but do not clarify how those apply to a multiple facility organization.
At one time we considered using some GPL components for employee only accessible tools, but the attorney's reviewing the license could not get a clear determination if our "propagating" of the applications to multiple different locations, some that had non-company employee workers, triggered the requirement to release source code or not, so in the end we opted not to use those components.
The key point is when there is any ambiguity related to a license, attorney's will generally err on the side of caution.
Cue the brainless Microsoft apologists who will try to spin this into something other than yet another reason to stop using Microsoft software.
Pretty sure the "any products compiled with GPL'ed tools" part is pure hogwash.
So you poor sheep that *still* use Windows are getting further ass-raped.. No more information as to WHAT is actually *in* the updates they force on you... Kinda like MS saying "You'll take what we send you and you'll LIKE it.. You don't NEED to know whats *in* the package we send you..."
Soooooooooooooo damn glad I no longer deal with MS issues.. I did that for 20 years and when I retired, I decided my systems would be 100% Linux.. Couldn't be happier...
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
only leases for entry, not yet admissable in a court of law (or the modern tribunal of commerce).
In Other Related News, there are no trees on flat Earth.
A searchable database is much more useful than a collection of individual bulletins that, at best, cross-reference each other.
It looks like a some people are getting angry about the headline without realizing that it is being replaced with a modern, searchable interface.
On a related note, the headline sucks. I guarantee 99% of people associate "killing off" with complete elimination of the functionality, compared to words like updating, reworking, or revamping---which imply the functionality remains in a new form. I do expect editors to understand the nuances of the words they use.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Microsoft has offered pre-release patches and even Windows source code to enterprises for years. I assume these organizations will get patch notes as they always have.
It is not available to anyone, but I imagine the US government qualifies. You generally need to be large enough that the accompanying NDA will hurt a lot if you disclose their code or vulnerabilities.
Your comment confuses the issues and deserves to sit at 0 or -1.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.