Microsoft Stops New Work To Fix Bugs 689
An Anonymous Coward writes: "According to this article at Government Computer News, Microsoft has announced a month-long moratorium on new coding, as part of its Trustworthy Computing Initiative. Richard Purcell, director of the company's corporate computing office, said, 'We are not coding new code as of today' [Feb 1, 2002] 'for the next month.' The idea seems to be that Redmond will spend the 28 days of February patching bugs in existing code. Is this a hoax, or maybe just marketing hype? The web site looks to be legitimate."
February? (Score:3, Funny)
Re:February? (Score:2, Insightful)
But hey, at least Microsoft has become aware there's issues with their software. I'm just hoping they don't begin with the port 139 thingie in the tcpip stack in the old win95 releases... Which makes me wonder what winnuke is doing in my start menu... Oh never mind.
Re:February? (Score:2, Interesting)
Well, lookie here [slashdot.org].
Amazed they did it at all. (Score:3, Funny)
Re:February? (Score:4, Funny)
Yeah, such as April...
Re:February? (Score:4, Funny)
Re:February? (Score:3, Funny)
Obviously this security thing is just a cover for the real reason for the work stoppage -- they're packing up and moving to Canada.
oh Gods, I hope not. There goes the neighbourhood.
Reword the title maybe? (Score:5, Funny)
Ironic.. (Score:5, Funny)
lets see february is now Women's History Month, Black History Month, and also Microsoft Fixes Security Flaws Month.. wonder how many more things they can crame into february.
Re:Ironic.. (Score:3, Funny)
Re:Ironic.. (Score:3, Interesting)
Re:Ironic.. (Score:3, Funny)
I mean, c'mon, it's two days and every four years your penis gains an extra 1/8".
Perspective (Score:3, Insightful)
But what months are available? School's out in much of the country during June, July and August. The kids are back, but getting back into the groove in September.
November has Halloween recovery, Veterans Day and Thansksgiving. December has the large Christmas break. January, like September, is getting back into groove. March/April have a Easter and the usual disruptions spring, standardized tests, etc. May has preparation for final exams.
Out of the entire year, there are two, count 'em TWO, months suitable for X History month. October and February. And February is actually better since it has fewer distractions - there's no distraction as the kids see the first Christmas decorations go up or parents discuss Holiday travel plans.
Re:Ironic.. (Score:3, Interesting)
This is a really meaningful action.. (Score:2, Insightful)
Memo after February: (Score:2, Funny)
Great news Microsoft Engineers! After our month of hardwork, we estimate that we fixed over 1 million bugs! Of course, the downside is that we introduced upwards of 2 million NEW bugs, but hey, that's what upgrading is for! This is all possible thanks to you!
Thanks!
-- Bill
Good thing if it has some substance... (Score:3)
Besides, it doesn't matter how long microsoft stops work to fix bugs... real security comes naturally out of proper design and coding. Microsoft should take this month to redesign it's coding proceedures to be security conscious from start to finish.
Also, isn't it funny that Microsoft chooses to use the shortest month of the year for this initiative?
Doug
Vacation (Score:2, Funny)
Why is Bill Gates partying then? (Score:2)
Hard to see how they can be serious about this when the guy who designed all these bugs is busy partying with Bono at this Davos thing here in Manhattan.
FreeBSD is out, MS has to update their code now. (Score:3, Funny)
Of course they have to stop 'new' work. FreeBSD 4.5 came out a couple of days ago. They have have to go back and update all that borrowed code.
Is This Possible? (Score:5, Insightful)
Similarly, how disruptive is this? It seems that when you get on a roll, you want to keep going. Switching like this seems that it will break that streak, and get you all disjointed.
Again, to parrot others who know better, the best answer seems to be to do it right the first time.
Re:Is This Possible? (Score:5, Informative)
Simple answer: yes. Bill says "hop," we say "how high?"
Frankly, this will not disrupt the company much. *Most* divisions are already vigilant about tackling bugs. The smaller groups like DirectX, and the more technically competent groups like VC++ have extremely low bug counts. In fact, this isn't popularly known, but on the RTM date for WinXP there was a ship stopping bug related to upgrade isntallations. Upgrading 98SE would delete everything in the My Docs directory. One XP tester flew in on short notice from CA to help fix it, another missed the birth of his first child! That's devotion.
On the other hand, there are some larger groups that *cough*Off*cough*ice*cough* seem to be a vaccuum for the most lazy people in the company. Every time I walk through that building I see ~20 people playing CounterStrike or Everquest. And big surprise, most of the huge bugs are coming from them and the bloated IIS group.
Anyways I'm glad BG has decided to give us this new initiative b\c it will raise the bar, cleam up the bad press we've been getting, and maybe weed out some of the weaker links.
Re:Is This Possible? (Score:3, Interesting)
On the one hand you have Steve Maguire and his experiences described in _Writing Solid Code_. Microsoft has known how to write reliable code for years, it's known it knows this (this book was published by Microsoft Press), yet some managers still resisted. Ditto many other excellent books published by Microsoft Press.
On the other hand I attended a MS job faire as a non-traditional CS grad student at the University of Colorado. I heard the recruiter tell the potential employees that Microsoft understands coders just want to code, not find and fix bugs. So they have other people do that stuff for them. I'm not the only one who heard it - Evi Nemeth et al mentioned it in the Red Book as well.
So I just don't get it. The public execution of an Outlook or IIS manager for inadequate supervision of the bug issue would do wonders for the motivation of the survivors to pay attention. (Not the literal execution, of course, but in the corporate world being escorted off campus after a meeting with the boss may be worse.)
Re:Is This Possible? (Score:4, Flamebait)
No, it's just stupid. I can only hope that his wife forgives him.
Re:Is This Possible? (Score:4, Funny)
Only if you put him in head first.
+1 Funny on the MQR standard (Score:4, Insightful)
Having spent many years as one of those guys called "bosses/managers" I got quite a laugh out of your theory about programmer obedience. The one time I actually recall seeing it work that way, the whole team got canned as soon as the manager flew them full speed down a box canyon. In the real world, there needs to be a lot of give and take, with the programmers giving technical insight and sweat while the manager gives political insight and stomach lining. If either side starts blindly obeying the other (which doesn't happen often), you're doomed.
-- MarkusQ (now happily back to coding)
Actually believe that? (Score:2, Insightful)
Why would this be a hoax? (Score:4, Insightful)
Considering that Gates has decided to (at least for PR reasons) declare security/robustness to be the priority of the moment (as opposed to previous claims that users bought sw for features not bug fixes) I don't see why they WOULDN'T do something like this...
The only thing that I might question at all is the scope--i.e. is ALL of development doing this or just one or more departments within MS.
Not so much a hoax as a "check in the box." (Score:5, Insightful)
Just PR (Score:2, Insightful)
Not good news at all... (Score:2, Flamebait)
A different organisation would just have allocated more resources (time, people, early design decisions) towards security than before, as part of the normal development cycle. that they have to do something like this implies they really don't care about these issues.
/Janne
spring cleaning (Score:2, Funny)
there won't be anything left
Impossible!! (Score:2, Interesting)
process.
Tester feeback is the best way to debug a system,
when QA is an issue. But for a ship-and-let-lusers-pay-for-beta
company like microsoft, they need to *listen* to
user feedback.
Here is the catch: Even if microsoft devotes all its
time, throughout the month for debugging, users will
not be doing that!
So, if they are not soliciting user feedback, how
are they doing it? heauristics?
My first guess is, they have heaps of bug reports
that they need to go over and fix.
But halting all development is not the way to do it,
they childishly jumped the gun this time, simply
because ALL developers don not debug.
Similarly, there is no "wipe your ass day",
wiping your ass should happen every time you take
a shit.
So, it is either an stupid decision, or YAPR move.
Re:Impossible!! (Score:5, Insightful)
They used these error reports in making fixes and adjustment for Office XP SP1, so yes, they do use user feedback. They also listen to you if you can write an intelligent letter reporting bugs to them.
This doesn't accomplish anything! (Score:2, Insightful)
They mean to say.. (Score:2)
No -wonder- they've got problems..
Bzzt! Thanks for playing... (Score:2)
That shoud be "Describing the state of Microsoft Windows computing today as unstable and unreliable,"
My linux stuff doesn't crash and hang (well, almost never).
Let's give them a bit of credit (Score:5, Insightful)
Those who use Windows should find this a major boon, as it does mean more stability. I am forced to use W2K at work (I run Linux at home) and I for one am quite pleased to see this happen--there are a couple of nasty bugs that cause almost inexplicable bluescreens when writing our video drivers.
So can we lay off for a little bit and recognize that this is really a good thing? Sure, we scoff and say, 'About time!', but they're actually doing it.
Re:Let's give them a bit of credit (Score:4, Insightful)
Too little, too late as far as I'm concerned
Riiiight.
Re:Let's give them a bit of credit (Score:3, Interesting)
It's Funny. Laugh. (Score:3, Insightful)
Is this a hoax?
Joke. The word you're looking for is joke. The plan is apparently to take 30 (excuse me, 28) days to fix the accumulated security-related bugs in umpty-million lines of software written over 15 years, and then start adding new security-related bugs to the morass again.
<mimic who="Steve Martin">Good plan!</mimic>
Re:It's Funny. Laugh. (Score:5, Funny)
1 month to fix 7 years of bugs? (Score:4, Informative)
So if they work every day of Feb, they need to fix roughly 2150 bugs per day. Assuming 3 rotating shifts (24 hour coverage), this comes down to 90 bugs per hour. Say they throw 90 programmers at this per shift, then each programmer needs to solve 1 bug every hour for their shift.
I'm not a programmer, so assuming this bizarre scheme was used, is it reasonable for someone to solve 8 bugs per shift for 28 straight days? I'd think not, due to inter-relationships of code, fixing 1 bug causing a new bug, coder's block, and maybe burnout.
Any thoughts?
PS- The 7 years is just an arbitrary start date of Win95.
Re:1 month to fix 7 years of bugs? (Score:2)
Re:1 month to fix 7 years of bugs? (Score:3, Insightful)
60K bug *reports*. Of which probably 35K got filed away as duplicates, 10K got filed as "works for me", 5K were rejected UI suggestions, 5K were quickly fixed errors in spelling/grammar, and another 4K were filed away as "cool feature suggestion -- let's put this into the next version".
Re:1 month to fix 7 years of bugs? (Score:5, Insightful)
1) It is a flase assumption that 65K+ records in their bug tracking database where all bugs. These are just reports and have not been independently verified or filtered for feature requests or duplicates. What "are" really bugs can also be a "specification bug", not a technical one. For example, you click the start button it's supposed to "fade in with speckles" but instead it displays with no effect. To the end user it still functions perfectly. To the product development team the feature wasn't implemented correctly.
2) You are assuming that over the past two years (when this ambiguous "65K" number got thrown around) that they have done nothing to resolve the bugs in Win2K. This obviously overlooks the fact that the NT5.0 codebase is much more mature thanks to ongoing development that has resulted in multiple service packs and WinXP.
3) The point of this month is to focus on bug fixing, not "let's fix all the bugs that we created 5 years ago". It's like me saying, "I'm going to take a week and do spring cleaning on my house" and assuming that means that I never cleaned my house on a regular basis.
4) If there really where 65K bugs, each programmer would be responsible for fixing 1.5bugs within the month (appx 40,000 programmers). Of course, this is severely trivializing the issue, but reminds us of the awesome resources MS has at it's disposal.
Also, Win95 is mainly relevant when discussing the GUI and DirectX. Most all of Win2K's technology is based on NT, which is an older codebase. (the first beta was in 1992 I believe)
Still, a month is better than nothing. (Score:2)
It would take a lot longer than a month to fix what's wrong with Microsoft and Microsoft products. Their entire attitude is adversarial toward the customer. A month won't fix a company with a history of years of abuse.
Still, a month is better than nothing.
Will this matter in the long run? (Score:2, Interesting)
Hmm, how much code was that they had to go over again?
Assume a programmer can read and perfectly debug 100 lines of code an hour. For every 2 million lines of code, it will take 125 programmers to finish within the one month period (4 40-hour work weeks). Hmm. They might do it, given overtime and plenty of workers, but it assumes they debugging process is perfect.
Of course there's another way this might work- if they have a huge backlog of known bugs. On second thought, that can't be- this is Microsoft, surprised with each new Outlook-enabled virus! </sarcasm>
waterfall model (Score:2, Insightful)
Ok, so the next time a prof asks me, "what is the most expensive point in the development process to fix bugs?" I guess the correct answer is "Bill Gates fixes them all after the product is released".
Or to put it another way:
"For 28 hours the Titanic Engineers switched from developing new ship features to patching existing holes. The ship sank anyway, due to a combination of bad design, arrogance, and bad luck."
Security is not primarily a coding issue. Security is primarily a DESIGN issue.
Microsoft just don't get it. (Score:4, Informative)
Re:Microsoft just don't get it. (Score:5, Funny)
Re:Microsoft just don't get it. (Score:3, Insightful)
The car analogy doesn't work. In the automotive world it often would be cheaper to engineer a new car than to retrofit an old one, but that's rarely true for software.
Assuming their source is reasonably modular then you should be able to plug security holes in any part without tearing the whole thing down. It would be nice if the bugs weren't there in the first place, but nothing says you can't succeed at finding and patching most of them.
You're right, it is about how you build things, and how software is built predisposes one to a method of incremental improvements.
Security can't be bolted on top of a broken model (Score:3, Interesting)
Sadly alternatives and improvements to the UNIX security model [google.com] have been proposed for years but it seems in this case Worse Is Better [mit.edu].
Re:Microsoft just don't get it. (Score:3, Insightful)
http://www.joelonsoftware.com/articles/fog0000000
Re:Microsoft just don't get it. (Score:3, Insightful)
Re:Microsoft just don't get it. (Score:3, Insightful)
IIS's add-ons are the only major applications that suffer from constant problems in Windows, and most of those problems could be avoided if only they had a better configuration.
They are improving in this too, withness the ASP.NET configuration.
Microsoft gets it, it was just lazy (Score:3, Informative)
Check out this interview with Miguel de Icaza (you know, the Gnome guy): http://www.theregister.co.uk/content/4/23919.html
He touches on NT &
Anyway, long story short, MS is pretty good at designing secure code. It's just that the programmers have been exceptionally lazy and left some really common possible exploits in the code. That's what they're going to try to fix up this month.
So if MS doesn't get it, should they follow your advice? Your advice would be for them to rewrite all of Windows... somehow I think you're the one that doesnt get it.
"feature" fixing february?? (Score:2, Funny)
The meaning of the message (Score:2, Insightful)
"We know our products has a lot of errors/problems, but we have always been focused on shipping new products rather than fixing errors in existing products. But for the next month we will try to make our products stable even if that means we don't make any money. We like quantity over quality"
It might just be my very subjective view, but I'm also a Microsoft hater so it fits very nicely into my mind...
What would happen if they always dedicated the resources to get to the bottom of the bug list? Sometimes it seems to me that new releases are really made because they discovered that the concept of the program didn't hold water and a completly new version was needed to make it fly.
This is how I always have viewed their approach:
1)Someone releases a cool product.
2)Microsoft says, don't buy it, we are coming with a better product soon.
3)Microsoft sells a product that is similar on the surface(+fancy blinking lights to dazzle the executive peabrains that makes the call on what to choose). But their solution is very poorly designed "inside".
4)The next version from Microsoft then has some impovements in the guts of the program. .
Rendering satire obsolete (Score:2)
Describing the state of computing today as unstable and unreliable, he said Microsoft chairman Bill Gates "is really annoyed by the incredible pain we put everyone through in computing."
Nothing I could say could possibly be more critical of microsoft than this article.
There is no way that this is an accident. I think we've clearly identified Mr. William Jackson as a seditious, anti-microsoft, commie terrorist
The thing I can't figure out is if Mr. Jackson had to quote Richard Purcell out of context to make him sound like that much of a fool, or if Richard Purcell really was stupid enough to say that. I'm sure the parts in quotations are accurate - but I'm not sure the subtext of "everything MS has done for the past 20 years is garbage, we're sorry" was present prior to Mr. Williams' editing.
I'd love to see the original transcript of the interview. The one thing I haven't been able to dig up in the last five minutes is Mr. Williams' e-mail. (If I look I find the "Gospel Communication Network" staff e-mails.) If it can be found, timothy or somebody should send him an e-mail asking for the transcript.
That's what I like to hear (Score:2, Funny)
I wonder what the result will be (Score:3, Funny)
makes no difference (Score:2)
how do we know that they aren't making it up?
it's not like they will release one patch for each issue; if they provide the patches for free, it will mose likely come as one big patch, which could just as easily contain an update to the NSAKEY subsystem rather than actual bugfixes. without source, there is no proof that they are doing what they say.
it sounds to me like "trusted computing" means "trust microsoft more". no thanks - i'll stick to operating systems with freely available source.
But the question is... (Score:2, Insightful)
...will this effort even make a difference?
Microsoft uses poor software engineering methods. Even if they devote every other month of the year to debugging existing software, will it help if they continue making buggy software?
If you patch a mess, you get a patched mess.
Conspiracy Theories Abound (Score:2)
Feb == Valentines Day (Massacre)
Feb == MS Bug Cleaning
Feb == Shortest Month of Calendar Year
Do I have to spell it out people?
Probably true (Score:2, Informative)
Bottom line, if Microsoft is lying, they're lying consistently.
Slashdot lameness kicking in (Score:3, Insightful)
I say Microsoft deserves all the encouragement they can get for not only acknowledging that their software isn't flawless (something I don't see Linux developers doing very often) and announcing that they're going to be spending time fixing those flaws during the coming months. More power to them, and let's hope other companies follow their example.
Taking it at face value (Score:5, Informative)
First week: turn on "guaranteed bugs!" compiler warnings - uninitialized variables, improperly initialized variables, etc. I'm still floored when some junior programmer thinks that they know more than the compiler on stuff like this. If the compiler says something is uninitialized, 99% of the time it is because you overlooked some obscure branch in your code. If the compiler says the data is too large for the storage specified, it is.
End of first week: a subset of the prior point: turn on the compiler warnings for printf(). Yes, it's a pain to change so much of your code from %ld to %d or vice versa, but I've also found plenty of cases where somebody wasn't paying attention and they tried to print a number with %s. Or a string with %d. Mindnumbing, but celebrate with pizza and go home early when everyone finishes.
Second week: require function prototypes. generate suitable include files, declaring functions and data which is never used outside of its source file 'static.' This can be a pain a times - it's an iterative process that sometimes feels like it will never end - but it has never failed to uncover multiple bugs. People forget parameters, or put them in the wrong order, etc.
At this point you'll also need to make sure that functions always return values.
Third week: turn on rest of compiler warnings, should go quickly.
Third week, con't: turn on profiling. Where are you spending your time? Does it make sense? Inefficient code probably has other flaws, and if you're spending an unexpected amount of time in a single procedure it deserves a careful look.
Then compare the number of open() and close(), the number of malloc() and free(). Again, code with memory leaks often have other flaws, and memory leaks have lead me to overly complex routines that could be replaced with much simplier code without either memory leaks (because I allocated a sufficiently large single buffer instead of a linked link - size determined by domain knowledge) or bugs. Besides, who ever heard of bubblesorting a linked list?! Moron.
Fourth week: this is the start of an open-ended process. Start going through the code (perhaps in an order suggested by the results of the profiling) and verify that the parameters are legal. If something shouldn't be null, test for it. Check return values from procedures that you call.
Simple steps that don't take that long - as I said it usually takes me about a week when starting on a new project, and even if the client is initially skeptical they can accept it's a good way to become familiar with the code. A lot can be done in a month, even if the staff spends a week bitching that it's a waste of time, they don't have that many bugs in their code (one of my particular pleasures is listing a large number of obvious bugs after a few days of effort
Re:Taking it at face value (Score:5, Insightful)
Maybe those are the kind of bugs you see in small shops where the previous maintainer was incompetent. But I would guess that bugs in a large-scale system like Windows or Office, written by a highly competent programming team, are usually due to obscure, complex conditions caused by the sheer size of the project. E.g. a bug that occurs only when components X, Y, and Z happen to be running together at the same time. Cleaning up that kind of problem is not, I think, as trivial as you make it out to be.
Re:Taking it at face value (Score:4, Interesting)
Having done cross-platform conversions of some Evil Software Empire code, I can say that the answer is a definite YES. Why? You inherit code which generates a huge number of warnings, mostly for things like missing prototypes and pointer conversion, and you turn those warnings off because you just don't have the time to fix them because of time pressure.
I for one would welcome such pauses-- It's sometimes embarassing to go back to look at my own code and realize that my error checking only worked correctly because it never got called.
Re:Taking it at face value (Score:3, Interesting)
"I think you underestimate the kind of work that goes on at Microsoft. Do you really think that the people who work there are stupid enough to ignore compiler warnings? That they don't use prototypes? That misuse of printf is a major problem in their graphical applications? Or that they make sophomoric mistakes like using bubble sort?"
Yes, absolutely. Comparing to another large company, I worked in several operating systems groups at Digital Equipment Corporation for many years, and I saw all of those things and more. Furthermore, I know Microsoft is not using data typing correctly because their Windows software interface requires not using typing in places. E.g., many arguments to Windows routines must be cast to integers even though they are pointers and vice-versa. And as I use their code, I often run across behaviors that strongly suggest to me how the engineering was done (and why it is wrong), and often it is a simple mistake.
Many engineers are incompetent. You would think an engineer writing device drivers in an important operating system for a large company would know what they are doing. But I've seen code that initiated a DMA and then sat in an interrupt-priority loop (blocking all other system activity) polling for DMA completion for over three seconds! The whole point of Direct Memory Access is for the device to access the memory directly, bypassing the processor so it is free to do other work. The proper way is to set up data needed to handle DMA completion, initiate the DMA, and then leave interrupt mode and return to other work until the completion signal arrives. Stopping all work in a real-time operating system for three seconds is malpractice.
Aside from incompetence, many engineers don't care. When you are driven by learning or pleasure or a project you are interested in, you write good code. You think about it and take pride in it. When you are writing code you don't like year after year for money, it becomes mindless. You don't have the energy to review compiler warnings. Your boss wants the program done so it can shop and doesn't give you time to review compiler warnings. Your boss gets reviewed based on how late the product shipped, not how few compiler warnings there are, so that's what gets attention.
Yes, it's most likely jut more PR, but ... (Score:5, Insightful)
Granted, coding new features is usually much more interesting than fixing bugs and cleaning up code, but sometimes it feels good to "clean out the garage". The benefits can be startling. If they refactor while bug fixing, they could really get alot of cleanup done, at a local scope.
Additionally, if I were steering the ship, I'd have all my archetects at work planning staged efforts at rearchetecting at a more global scope. The issues that come up during the bug scrub would be fed back through the design process so the organization could learn from its mistakes and know what the next realistic steps might be.
Through stepwise refinement and refactoring, it is possible to turn a crock into pretty respectable code. Granted, if the basic archetecture is severey flawed, some of the steps may be large and scary. But it can be done. With the amount of legacy code that Microsoft has, I don't see any other way for them to get from here to there, assuming that the "there" that Bill wants them to get to is really more reliable, stable, secure, trustable code.
I don't really think there's very much of a chance that it'll work, even if they really mean it. And I'm not very convinced that this is anything more than a publicity stunt. OTOH, they do have a history of turning the U.S.S. Microsoft on a dime, so who knows.
In other news.... (Score:3, Funny)
Microsoft's 28 Days (Score:5, Funny)
February 01, 2002
Redmond, WA - In a ruling yesterday delivered by Judge Colleen Kollar-Kotelly in the U.S. vs. Microsoft antitrust trial, the software giant was sentenced to spend 28 days in the Sunnybrook Corporate Rehabilitation Facility.
Convicted of abusing its status as a monopoly, Microsoft will spend the next month in a bug-free zone and will be required to examine the unlawful and destructive activities of its past in group therapy.
"It's really for the best. Now Microsoft will finally be able to get the help it truly needs," said U.S. Department of Justice spokesman Mark Evans.
Although Microsoft continually disclaims any wrongdoing, the scene turned ugly when U.S. Marshals showed up at Microsoft Corporation's home Friday afternoon. The Marshals had come to take the multi-billion dollar software company to the rehabilitation facility after it failed to show up at the bus station that morning.
After not responding to law enforcement officials' pleas to open the door, the Marshals bust in, only to find Microsoft actively engaged in excluding users of the unpopular and barely used Opera web browser from the Microsoft Network (MSN).
Marshals were able to subdue the giant and dragged it from its home in Redmond. Microsoft could be heard to scream "WE MAKE THE STANDARDS! Tim Berners-Lee can go [expletive] himself!" as it was shoved into a Redmond police car.
"You can't place the blame entirely on Microsoft," said Dr. Jessica Fowler of Harvard Business School. "Microsoft is very sick, and it needs professional care. It's obvious to anyone that the ranting of Craig Mundie [about the Linux OS] was really just a cry for help."
Judge Kollar-Kotelly told Microsoft that the 28 day sentence to Sunnybrook was a minimum. "I'll evaluate your progress after this month. If I see a blue screen in March you are going right back."
An important part of corporate rehabilitation, say the experts, is to be exposed to peers who have similar histories of abuse. Microsoft will be joined in group therapy by Monsanto, Ford, CSFB, and Arthur Anderson.
Windows NB (Score:5, Funny)
Bill Gates himself returned to his role as MS spokesman by holding a surprise press conference announcing their latest product, Windows NB.
"It stands for Windows (with) No Bugs." Mr. Gates began his speech with, "After an intensive month of effort, we have corrected every implementation flaw of Windows XP, as demonstrated by our foolproof testing process."
"As we move into the new millennium, the reliability and security of our computers could not be more important," he continued with evident pleasure and pride, "and to that end we are offering all Microsoft customers, who have a legally-purchased copy of any version of Windows, a free upgrade to the new system."
He concluded the main announcement with the rueful comment, "I don't know why we didn't think of this earlier, of course we knew all along that we were just a month away from perfecting the features already implemented, but really thought you all wanted animated menus and custom audio formats more than a system that doesn't let teen vandals take control of your computer whenever it's connected to the internet, or lock up and need to be restarted twice per day. If only people had let us know earlier, we really didn't know it was a problem. Still, we are terribly sorry."
Discussing future designs, he announced the release of, "Windows PI: Perfect Innovation. Scheduled to be released in six months, maintaining the bug-free status of Windows NB, yet adding exciting Microsoft-invented features such as human-equivalent natural-language processing, full archival state preservation, and semi-sentience. It will turn your PC into the perfect secretary, net gofer, and perhaps even a close personal friend."
He was given a standing ovation by every reporter present. Overwhelmed by the gratitude and respect, was seen wiping away tears of joy, and was not the only one. One sports commentator who was filling in for a tech columnist due to the short notice even went so far as to triumphantly spike his laptop, performing a small victory dance, before being informed that MS is primarily a software company, and the free upgrades would not include replacing any hardware.
2002: The Year of Flying Pigs (Score:4, Funny)
(It is an interesting coninsidence that 2002 is a palindrome. Hmmm....)
Not just coding...PR in February, too. (Score:5, Insightful)
(The story says that there are more BugTraq entries for Linux than Windows 2000. QED.)
Re:Not just coding...PR in February, too. (Score:4, Insightful)
Yeah, and likewise, according to the full stats [securityfocus.com], there were three times as many NT/2000 bugs as Win98/95/3.1 bugs. Thus, Windows 3.1 is three times more secure than Windows 2000!
The reality, of course, is that we don't know what they mean by "Linux (aggr)". They have separate lists for SUSE, RedHat, Debian, etc. Ony RedHat had more vulnerabilities than Windows 2000. Even then, "RedHat" means the entire distro. That means that they're counting far more software (i.e. three different ftp servers) than for Windows 2000.
So in summary, if you don't tell the whole truth, you can support just about any claim...
"Of course it looks legitimate" + a suggestion. (Score:3, Interesting)
If it is a hoax, what would be the point if it looked suspicious?
Personally, I kind of like it, even if it just to earn cheap points. If they actually concentrate hard on swatting bugs, it will benefit not only MS users, but everyone out there that some way or the other relies on something Microsoft to work. No matter what you run yourself. I bet that is most of you...
Now, if they only would do this on a regular basis. How about officially declare February "bug swatting month" every year? I think that would be good for others than MS too.
Coding errors aren't the real problem (Score:5, Insightful)
Re:Coding errors aren't the real problem (Score:5, Informative)
FYI, part of the
A month is not long enough (Score:5, Interesting)
They need to address the following points at the email client
1. Make it more difficult for users to execute file attachments by default
2. Perform checking of file attachments to ensure that a
3. Where executable attachments must be run, execute them in a sandbox so they can't modify the registry, create files, send emails etc.
4. disable or cripple Windows Scripting.
For the Desktop OS
1. Separate the Update process from the web browser, so that the web browser does need full access to all O/S files on the system.
2. Run the web browser in a restricted shell to limit the damage from breaches.
3. Split the registry into more files and make it text so that a text editor can be used to fix it.
4. Make it more dificult for users to run as administrator, e.g. limit what apps can run
5. Starty moving as much as possible out of kernel mode and into user mode, so a program crash or dodgy video driver is less likely to bring down the O/S
For the server OS
1. Stop running all services as administrator and introduce separate users for separate functions like Unix now does for Apache, Sendmail, BIND, etc. That way when IIS gets compromised the hacker does not get an Administrator shell
2. Default off (i.e not installed) all but the most essential services, so that users must install new features and then enable them. That way a bug in the index server (CodeRed) only affects a few servers.
3. Default off any automatic services, such as network plug and play.
Office.
1. Default off macros in Office, it's only virus writers that use the advanced features.
2. disable the ability of macros to rewrite other macros, run in a sandbox.
All products.
1. Stop trying to get a new O/S out every year and fix the ones people have already (over)paid for.
2. Stop talking about security and actually get on and do it.
If Microsoft do all of these things then we in the Linux community have got real problems.
A more likely scenario (Score:5, Funny)
Feb 4: distribute memo describing moratorium on new code, effective Feb. 1
Feb 5: distribute memo granting amnesty to coding done on Feb 1-3, but stating that they really mean it this time.
Feb 6: sack those who wrote new code on Feb 4-5.
Feb 7-10: hold committee meeting identifying "Top 10 bugs most in need of fixing in Windows XP."
Feb 11: hold press conference announcing the top 10 bugs they intend to fix by the end of the month. Prominent on the list will be the placement of "close window" right next to minimize, and the oversight that allows users to open web pages using non-IE programs, thereby confusing consumers with additional choice.
Feb 12: distribute memo to technical managers containing the real top 10 bugs, such as buffer overflows in IIS.
Feb 13: un-confuse all personnel who were accidentally exposed to both top 10 lists
Feb 14: all work stops as employees realize they have no personal lives
Feb 15-17: resume de-confusion efforts.
Feb 18-21: programmers research months-old code in preparation to fix the top 10 bugs
Feb 22: easter egg discovered in Access wherein a certain malformed SQL query begins MPEG2 feed of RMS and Melinda "otherwise engaged."
Feb 23: responsible parties for the incident of Feb 22 located, sacked for not using WMA formatting on feed.
Feb 24: some bug repair begins
Feb 25-28: programmers re-acquaint themselves with code written prior to Feb 3, so as to be able to appear competent on Mar 1.
Breaking News!! (Score:4, Funny)
Less PR, more action (Score:3, Insightful)
Good deeds don't need advertising. The way MS is trumpeting how security- and bug-conscious they are now makes me wonder how much of it is legitimate and how much is fluff.
We shall see, I suppose.
So much Complacency =( (Score:5, Insightful)
God, it is kind of sad the kinds of posts I am seeing on this story. Everybody laughing at Microsoft, ha ha, they have so many bugs, etc. I don't see anyone saying, let's do the same for linux.* I think that's really cocky of us, and pretty disappointing.
In fact, MS has built a really good product with Windows XP. I am using it right now. It has never crashed on me! It's true that I wouldn't use it for a server, because it is a pretty complicated beast, but it is pretty damn good on the desktop.
I am not trying to say that we should give up because microsoft has us beat. I am saying that we need to keep working, because I actually think that MS will be providing an OS that is very very stable in the next few years, and this will take away one of Linux's chief selling points to the average person. Linux will always have freedom, and that's great (enough for many people), and it will have better C programming support, but what else? Complacency is a terrible thing, folks!
* Don't tell me linux doesn't need it. Some of the important code I've seen is pretty damn amateurish. Check out the MD5_crypt code for PAM, for instance.
Linux Arrogance (Score:4, Insightful)
You guys are now ranting about MS taking a month to clean house? The bitter reality is, at least they have something to clean.
While the Linux crowd is still fighting over Gnome vs. KDE, or who should do the patches for the latest and greatest Linux Kernel.....MS is moving forward. For example, MS has looked way beyond the desktop (they have built a common Windowing library into the
Whether you guys will admit to it or not, there are some smart folks at Microsoft. They have a plan, they have a map to get from A to B, and they execute that plan. Microsoft has real history of coming from behind. They came late to desktop aopplication software (Wordperfect/Lotus 123) and they now own it (Office). They came late to Internet browsing and they now own that as well. Nothing, and I mean nothing, approaches the stability and conformance to standards of IE on Windows in the Linux mix.
So if Microsoft says they are going to make security and software reliability an issue, this is likely to cause alot of angst among the Linux crowd. Why? My gosh, what if they actually do it?! Then they have usability AND more reliability than you will ever give them credit for.
Re:Linux Arrogance (Score:4, Insightful)
Actually that's pure baloney. IE is the most non-conformant browser out there. It's very simple to see, too. Just code a table without a closing tag, and watch IE render the thing anyway.
they have built a common Windowing library into the
Sounds like a giant security hole to me. Go to a web site, and have files moved to the Trash Can via
So if Microsoft says they are going to make security and software reliability an issue, this is likely to cause alot of angst among the Linux crowd. Why? My gosh, what if they actually do it?!
Not possible. Microsoft's business model is based on a 1-2 year software life cycle. You cannot make a large software package either secure or reliable in that kind of time period.
Do you naive enough to believe this crap? (Score:3, Insightful)
"Describing the state of computing today as unstable and unreliable, he said Microsoft chairman Bill Gates 'is really annoyed by the incredible pain we put everyone through in computing.' "
Puhleeze! Has Bill EVER personally apologized for releasing buggy software in the past? Why do think that he would NOW?!? Come on, Slashdot editors, stop being so gullible.
Make Money the MS Way (Score:3, Insightful)
2. Pick the shortest month of the year
3. Give half your workforce the month off (saving lots in salaries).
4. Announce an ambitious month long project that has no chance in hell of succeeding.
5. Watch your stocks go up.
A new microsoft? (Score:3, Interesting)
Gates quit as every day head of MS to devote himself to special projects and areas of interest.
MS manages to release a stable and fully functional os in XP (look past the crap on activation which i can assure you is a non issue)
They start talking for the first time about fixing security flaws and exploits in software instead of simply denying it.
Now this announcment - fix the major issues.
Its smart and shows a company becoming increasingly smarter.
Now posit this - MS does not make major money of OS products, never has - the money is in applications - larger unit cost and better profit, longer lifecyle etc. MS are fixing bugs and issues and the question has to be asked why ?
Its not the open source movement pressuring them - the general man in the street uses MS products and so does their employers.
The bad press from code red, i love you etc has meant little more to MS that so more public relations work.
but look at it in another light - if MS decided to release their OS software for minimal cost or free to non corporates and the home user (Public Domain not GPL) then this would be a smart move ahead of such a move and i would point out would fuck up the anti trust case in a huge way - the clamour to split the company into OS and APPS divisons would be muted as the OS one would not make any money.
Say for a minute they set up (already have it actually) seperate business units for consumer and corporate/business. They public domain windows 95, 98 and millenium and maybe XP home thus giving them away free (they can afford it trust me)
Where does that leave linux ? how many home users chose SUSE and MANDRAKE because of the price?
Even better - give away the Desktop OS for free and licence the server os, and GPL IIS.
Its worth a long hard thought, and dont forget that MR Gates started out as a pogrammer and hacker himself (do some history reading) and is well aware of the lessons of freely available OSes and their ability to grow a market (it can be argued that the piracy of DOS led to the first boom in PC software and development - and it was his MS dos that was the most pirated)
Perhaps instead of rubbishing MS for this we should start thinking why ?
Re:Past History (Score:2)
I need to improve my spell checking quality!
Re:Past History (Score:3, Insightful)
To anyone upgrading from a dll-rotted Win 95 I'm sure Windows 2000 or XP seem really stable. To anyone who hasnt had their expectations quite so lowered, it still isnt near good enough.
Re:Past History (Score:4, Interesting)
Having run windows, linux, and solaris servers and desktops in large enterprise environments over many years has proven Solaris to be the most stable, and Windows the least. Crashes on Solaris are the most recoverable and windows are the least. Amount of administration required is the most on windows and the least on solaris. Linux always seems to be in the middle in all things but cost where it is the lowest and Windows is the highest. I don't expect any of this to change much in the upcomming years, except Linux may replace Solaris in some of those categories as it is advancing quickly while solaris remains fairly static. (Note that ANY unix like system beats windows in these areas, such as BSD, AIX, HPUX, QNX, etc.)
So comparing win2k with win95, sure - ms products have gotten better, but they are a LONG way from being rock solid. It will DEFINATELY take MUCH longer than a month to make a dent in overall product quality.
So while I applaud the effort, I have serious doubts about how much this will affect overall product quality.
Bottom line: Quality is not something you add later - it's an integral part of the entire product development process.
"But boss, it can't crash! I installed the optional Quality module!"
Re:Be Afraid. Be Very Afraid. (Score:2)
Re:Marketing hype obviously (Score:3, Informative)
Re:todo list (Score:2, Interesting)
Re:sure,,, (Score:5, Insightful)
Believe it. Be afraid.
We have seen microsoft do this before - complete turn arounds. I think we are seeing one right now.
I still remember (in fact own) a copy of IE version 1.0. Which you had to pay money for. Before they realised that to dominate the internet (which they do, at least as far as browsing goes) they had to give away browsers because they had left it too late.
It only took them 3 years to pretty much turn around the market, and now its pretty much locked down. (Yes I know - I'm using Opera to write this too, but really, IE owns the market in market share).
I don't believe that they will be able to fix their software overnight. Bill never plans for tomorrow, he plans for where they will be in 5 years.
If that means that he has to buy a *nix and get someone to write a compatibility layer and it takes 5 years, do you think that will stop him?
Because, if he does get security under control, its a whole new market for him.
Be afraid. The result will be closed source (unless he really cant find a closed source way to do it - in which case he will go open), and it will be secure, and it won't happen in 2002. But it will happen. (It may even be a better thing for the average user - but if you were that you wouldn't be reading this now?)
MIchael
It's Feb. 2nd (Score:3, Funny)
Re:Hoax (Score:5, Insightful)
How can you be sure of that? How do you know that Bill Gates himself doesn't pace, pop rolaids, and drink tons of coffee thinking about what kinds of screaming rants and angry yelling he can do to the coders to get them to write things that don't crash?
Communication is only possible between equals. There are a WHOLE LOT of people who develope for Microsoft, and it's a fairly safe assumption that they're not all on equal levels (in rank, in skill, in intellect, in etchics, etc.)
I think the sentiment is real. Microsoft DOES want to make the most stable, most secure platform. They want to because it's good business to make the best product and they know (how can they not know?) that they simply don't have the best product. Not by far. It's just that simple. But how do they fix that? What would YOU do if you had to manage thousands of people, all working on different things, each coder with their own egos and unique quirks.
You can't flip a switch, write a memo, make a speech, and wave your hands to fix the problems. I don't envy Microsoft management, or Microsoft coders, for that matter.
Do I think Microsoft can do it? Who knows. Probably not. It won't be easy, not at all. I don't think it would be easy for anyone to do in an environment as big and chaotic as Microsoft's. But then, after looking at how Open Source software works in the complete opposite way, small and chaotic largely without funding and easily derailed by personality conflicts and a lack of formal structure, I don't think the Free Software world could do it either.
So in short, I think Microsoft means it. I don't think it'll do any good, though.