Slashdot Mirror
Microsoft's Emergency Internet Explorer Patch Renders Some Lenovo Laptops Unbootable (betanews.com)
Earlier this month, Microsoft issued an emergency patch for Internet Explorer to fix a zero-day vulnerability in the web browser. The problem affects versions of Internet Explorer from 9 to 11 across multiple versions of Windows, but it seems that the patch has been causing problems for many people. Specifically, people with some Lenovo laptop have found that after installing the KB4467691 patch they are unable to start Windows, reports BetaNews.
If an OS stops booting because of a web browser then you know it's built on shit coding practices.
Stating a device is not bootable is far different than stating that an operating system is not bootable. The headline alone implies that a Windows update bricked laptops, which isn't true at all.
Apple bricks yer phone, MS bricks yer PC... Happy Linux New Year!
Remove Windows, install real OS. Problem solved.
"Here! Here's a badly needed security patch for a we browser. Oh - your computer won't boot even to the OS level? Sucks to be you." I've been MS-free for about 15 years now, migrated a bunch of friends and family to Linux and we just couldn't be happier.
I could understand if a patch to MS-IE were to make IE not work with some hardware configuration ... but why should this stop a machine from booting ?
This was a security issue ... it appears that MS has code spanning user & kernel space and, what should be, a user space fix is partly in the kernel. Presumably this is to try to squeeze a bit of performance, but all that it does is to produce fragile systems.
Separation of different code modules that do different things is one of the really basic concepts in programming, it appears that this does not happen at MS. Why not ? What on earth are these guys smoking ? (Cue the MS apologists who will burble some sorts of excuse.)
Another demonstration of the fact, which Microsoft's execs testified to under oath, that IE hooks into the operating system in ways that other browsers do not. This makes security issues in IE more dangerous.
A bug in Chrome, or even randomly deleting Chrome files, doesn't make Windows unable to boot. No Firefox bug can ever make the system unbootable. Trying to fix IE makes the system unable to boot, because IE has its claws sunk into the operating system.
Therefore security issues in IE are more likely to affect the underlying operating system. Whenever I mention that on Slashdot, people agrue, saying I'm wrong. But here we see that trying to fix a security issue in IE makes the OS unbootable - IE security is tied into the OS. That's one more reason to avoid using Microsoft's browser.
so they could skirt around European anti-trust rules that said they couldn't bundle a competitive product with an unrelated product (since that would be an abuse of their defacto OS monopoly). This way they could go to the EU and say "See, it's not that we're bundling IE with Windows in order to leverage our monopoly and break open Internet standards, it's just every so crucial to our OS". Worked too. The downside is everytime IE breaks it takes everything with it.
Take a bad engineering decision by Microsoft and you'll almost always fine evil, and not incompetence, at the heart of it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
"IE has its claws sunk into the operating system.
Therefore security issues in IE are more likely to affect the underlying operating system."
That seems correct to me. It seems that everywhere we look, we find that Microsoft is managed poorly.
So according to https://support.microsoft.com/... it's:
1. Vendor-specific (Lenovo only)
2. Dependent on the amount of memory (systems with less than 8 GB of RAM are affected)
3. Somehow related to Secure Boot (disabling Secure Boot is listed as a workaround)
And all the trouble is caused by patching a web browser (however deeply integrated with the operating system)? What the hell?
Because when MS said that shit during their anti-trust trial, people didn't believe them.
People thought they just added some hooks that didn't do anything, so that they could say it. They didn't think they really believed it was a good idea, or that they were going to not only do it for real but still be doing it twenty years later.
" If you want to maximize profit based on customer lock-in to a complex integrated monolithic system, it is good practice."
That is long-term abuse. Eventually markets find ways to navigate around abuse. Maybe ReactOS?
Run Windows programs under Linux? How to run Windows software in Linux: Everything you need to know. (March 23, 2015)
A later story: How to Run Windows Programs on Linux? (August 10, 2018)
More than two decades after releasing IE they're still patching it and still not getting it right.
Your PC won't boot, leaving your basement pitch black.
You are likely to be eaten by agrue.
That's one more reason to avoid using Microsoft's browser.
I'm not disagreeing with you, but HOW does one "avoid using Microsoft's browser?"
TFS doesn't say that actually USING IE smoked the OS. The UPDATE did.
Before this incident, I would have been one of the jerks pointing out to you that MSFT was, by litigation, forced to decouple IE from the OS.
You're right and I was wrong.
Thanks.
It little behooves the best of us to comment on the rest of us.
The sick reason why this is so. They built elements of internet explorer into the OS so that firefox and chrome would appear to load and run slower than internet explorer because elements of internet explorer are already running in windows. This was like delayed start for service in windows, ohh, look windows loads faster but whoops, it won't run apps tied to those services that have not started yet but M$ can brag how fast the windows GUI boots even though you can not run apps, until delayed start services have started.
Chaos - everything, everywhere, everywhen
That's one bonus for Microsoft.
Historically, how it happened was in the early 1990s, before the web, Microsoft spent a ton of money building a really cool technology. The sudden rise of the web screwed up their plans and they had to scramble to try to salvage some of their investment.
They had something called OLE, Object Linking and Embedding. Basically it let you put one document inside another - a picture inside a spreadsheet, a song in a Word document. Microsoft spent lots of money and time building on this idea, it was their "big new thing", an OS (shell) and programming tools built around this concept. This next generation of OLE was called COM. Just before the release in Windows 95, something interesting happened.
As Microsoft was about to start the big PR blitz showing how not only could your Word documents contain pictures, but even your desktop could contain active programs, along came "IMG src". Even "TD IMG src" - you could have a table with an embedded picture with no proprietary Microsoft technology needed. Microsoft's "big new thing" was suddenly outdated as a overly complex, over-engineered mess just as it was released. Fuck! Literally their were a lot of Fun bombs at Microsoft when they saw the rise of HTML, with its simplicity.
So here's Microsoft with a billion dollars invested in a system for embedding pics in your documents and your desktop, suddenly not needed because HTML does documents with embedded pics and sounds so much simpler. What can Microsoft do to save their investment?
They route they chose was to rename COM to "ActiveX" and pitch it as a web technology. Internet Explorer became the most important ActiveX container. Instead of focusing on an Active Desktop, the sales pitch was to use this on the web, with ActiveX web pages. What was originally supposed to be done by the File Explorer shell now needed to be done by the browser, so the two projects merged to become Explorer. The desktop shell Explorer and the browser Explorer were the same code with a different wrapper.
Over time, the competitive issues you pointed out became more important.
Someone may point out "that was 20 years ago". Yes, it was. This post is a history lesson in how we got here.
Buy more RAM.
What the hell is an "agrue"? Is it similar to an alot?
That's one more reason to avoid using Microsoft's browser.
That's one more reason to avoid using Microsoft's operating system, too.
I know it's fun and exciting to blame a web browser hotfix for a booting problem..... especially when it's Internet Explorer, right? But..... ahhh, shit, hate to spoil the fun, but this is just another case of "journalists" not doing the bare minimum of reading before shitting out another article they'll get paid $10 for.
This booting problem with Lenovo laptops has existed for a month and a half -- it was introduced in the November 2018 cumulative security update. It even says so right there in the patch notes! But because these "journalists" don't know how to read anymore, we end up with Slashdot articles like this one that don't have the correct information in them.
All Windows patches are now cumulative, so sure, if you apply the IE hotfix to a machine that is three months behind in updates, then you can hit this problem. But it's not the IE part that's causing it.
Just before the release in Windows 95, something interesting happened.
Your timeline is skewed. Active Desktop took place in Windows 98 with IE4. Then you go with
So here's Microsoft with a billion dollars invested in a system for embedding pics in your documents and your desktop, suddenly not needed because HTML does documents with embedded pics and sounds so much simpler. What can Microsoft do to save their investment? They route they chose was to rename COM to "ActiveX" and pitch it as a web technology.
That isn't what ActiveX is at all. It was an extension of COM to allow scriptability to the system. IDispatch. COM objects could now be usable in a type indifferent scripting language. They shoehorned this into the web, but it was and is a very large part of the Windows Explorer Shell. A common platform. Something Linux still struggles with.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Here's an article that Microsoft added to MSDN in 1995.
The second half of the article covers iDispatch, a style of COM interface.
https://web.archive.org/web/20...
Here's the 1996 Microsoft announcement officially announcing the ActiveX name and their strategy for presenting it as a web technology, in which they say "ActiveX controls (formerly COM components)". The Microsodt announcement says thousands of COM/ActiveX components were already available, but could now be used in the web browser (IE 3.0).
According to Microsoft's announcement, ActiveX controls" were formerly called "COM components". According to their announcement, many companies had already been making them, as "COM" for desktop software, prior to IE 3.0 supporting them and the change to the ActiveX branding.
One reason I remember this so clearly is that I was one of the people making COM components at the time it was rebranded ActiveX. I know I didn't have to change my software in order to make my existing COM components, including a styleable linear "slider" control I designed, into ActiveX components - the only change was the branding.
You are correct that Active Desktop was September 1997.
What is mind boggling is why they were so stubborn to change course and made themselves become increasingly more unpopular as they tried to force the ideas they wanted on everyone who did not want it. Really lost their customer focus and become unreliable suppliers. I liked all things M$ once, no longer, they seem not to be able to correct their mistakes and take on a greater customer focus. Instead, locked into forcing what they want on their customers but then they are not the only tech company to fall into exactly the same hole and just keep digging and digging as fast as they can, same crap warranties, same marketing lies, same dodging responsibility for major failures and same attitude to change, only when it is too late to work, only once they are forced.
Chaos - everything, everywhere, everywhen
He left out the greater context in which this was happening. Netscape was the dominant browser from 1993-1998. You had to pay to buy Netscape during this time, just like buying Photoshop or Office. IE wasn't included as part of Win95, and as a standalone product it wasn't very successful.
Gates didn't believe in the Internet. Microsoft had bet on the CompuServe/GEnie/AOL model of global networking - where people paid to dialup to portals set up and controlled by one company. MSNBC was originally Microsoft's (and NBC's joint) foray into this model. That's right, you initially had to subscribe to MSNBC in order to view its content. As a result, Windows was late getting a TCP/IP stack (necessary for Internet) built in (it was included with Win95). Microsoft was very much a follower on everything happening on the Internet, like the web (which became big in 1994). Microsoft couldn't stomach the idea of someone else controlling the web, so they went for the jugular. They included IE for free with Win98, thus choking off Netscape's revenue stream. What Microsoft had done to Stacker was still fresh in everyone's minds. (Stac came up with the idea of disk compression. When Microsoft was unable to come to a licensing agreement with Stac, they built their own version and included it for free with MS-DOS, thus killing off the sale-ability of Stac's product.)
Bundling IE with Win98 for free would of course would raise the same legal issues the Stacker case raised - whether Microsoft should be allowed to use profits from DOS/Windows to subsidize development of products which competed with existing products which ran on DOS/Windows. There was a possibility a court would order Microsoft to unbundle IE and sell it separately in competition with Netscape. So to stave off that possibility, they did everything they could to tie IE as deeply as they could within Windows. That way they could honestly argue in court that it was impossible to unbundle IE from Windows.
And that deep embedding to prevent a court from thwarting their ploy to kill off Netscape is why an IE patch today can make Windows unbootable.
The COM and ActiveX stuff is relevant because Microsoft realized that if the world moved from DOS/Windows apps to generic web-based apps which could run on any OS as long as it had a compliant browser, nobody would pay for DOS/Windows anymore. So they set out to take control of web-based apps with ActiveX. (As it turned out, the performance hit for running a web-based app was big enough that it didn't really become competitive with native OSes until the mid-2000s, about the time Flash and Java came into their own.)
Because it has worked for Microsoft.
The question is: why do people accept the shit that Microsoft shovels their way?
The real "Libtards" are the Libertarians!