Forgot your password?
typodupeerror
Microsoft

Microsoft Stops New Work To Fix Bugs 689

Posted by timothy
from the why-pick-the-shortest-month dept.
An Anonymous Coward writes: "According to this article at Government Computer News, Microsoft has announced a month-long moratorium on new coding, as part of its Trustworthy Computing Initiative. Richard Purcell, director of the company's corporate computing office, said, 'We are not coding new code as of today' [Feb 1, 2002] 'for the next month.' The idea seems to be that Redmond will spend the 28 days of February patching bugs in existing code. Is this a hoax, or maybe just marketing hype? The web site looks to be legitimate."
This discussion has been archived. No new comments can be posted.

Microsoft Stops New Work To Fix Bugs

Comments Filter:
  • February? (Score:3, Funny)

    by bellers (254327) on Saturday February 02, 2002 @04:18PM (#2942938) Homepage
    Sheesh. They could have picked a month with more days. It's not even a leap year.
    • Re:February? (Score:2, Insightful)

      It would seem to me to be more lip service than anything else. For one thing, what is to say bug-fixing doesn't require what couild be classified as 'new code'? How about a definition of new code? Does new code mean new features? Which begs another question; where does 'bug fixed' end and 'new feature added' begin?

      But hey, at least Microsoft has become aware there's issues with their software. I'm just hoping they don't begin with the port 139 thingie in the tcpip stack in the old win95 releases... Which makes me wonder what winnuke is doing in my start menu... Oh never mind.
    • Re:February? (Score:2, Interesting)

      by gmhowell (26755)
      Now you sound like the people who complain that Black History Month is the shortest in the year.

      Well, lookie here [slashdot.org].
    • I mean, it's kind of like those little guys on that Escher endless stairway suddenly deciding to put down their loads and build a stairay that goes someplace, before they continue. Quite unexpected...
    • by BlueUnderwear (73957) on Saturday February 02, 2002 @04:54PM (#2943177)
      They could have picked a month with more days.

      Yeah, such as April...

    • by nizo (81281) on Saturday February 02, 2002 @07:55PM (#2943903) Homepage Journal
      Is March the month where they fix all the new bugs introduced by this month's fixes?
  • by Captain_Frisk (248297) <`captain_frisk' `at' `bootless.org'> on Saturday February 02, 2002 @04:19PM (#2942951) Homepage
    Maybe I just assume that slashdot is posting Anti - MS stuff, but when I read the title "Microsoft Stops New Work to Fix Bugs", I assumed that they had cancelled some kindof bug fixing project, as opposed to cancelling development to fix bugs.
  • Ironic.. (Score:5, Funny)

    by Suppafly (179830) <slashdot AT suppafly DOT net> on Saturday February 02, 2002 @04:23PM (#2942978)
    Isn't ironic how all the minorities have to share the shortest month of the year..

    lets see february is now Women's History Month, Black History Month, and also Microsoft Fixes Security Flaws Month.. wonder how many more things they can crame into february.
    • Re:Ironic.. (Score:3, Funny)

      by yesthatguy (69509)
      I think many slashdot readers would be quick to assert that Microsoft security flaws are not a minority by any stretch of the imagination.
      • Re:Ironic.. (Score:3, Interesting)

        by BlueUnderwear (73957)
        Yeah, but Microsoft security fixes may well be a minority. Especially if we restrict ourselves to only count those fixes that work as expected...
    • Re:Ironic.. (Score:3, Funny)

      by Anonymous Coward
      It striked me that complaining how February is such a short month is like complaining your penis is too short because it measures 8 3/4" instead of 9".

      I mean, c'mon, it's two days and every four years your penis gains an extra 1/8".
    • Perspective (Score:3, Insightful)

      by coyote-san (38515)
      February is getting a bum rap on this - the reason for X History Month is to provide tie-ins for the public schools. E.g., TV stations may air a 30-second segment on the evening news, or the newspaper may put in an extra column near the comics.

      But what months are available? School's out in much of the country during June, July and August. The kids are back, but getting back into the groove in September.

      November has Halloween recovery, Veterans Day and Thansksgiving. December has the large Christmas break. January, like September, is getting back into groove. March/April have a Easter and the usual disruptions spring, standardized tests, etc. May has preparation for final exams.

      Out of the entire year, there are two, count 'em TWO, months suitable for X History month. October and February. And February is actually better since it has fewer distractions - there's no distraction as the kids see the first Christmas decorations go up or parents discuss Holiday travel plans.
  • It's almost as good as this month being Black History month! Take the shortest month in the year to make up for years of abuse/neglect/discrimination/whatever.
  • Great news Microsoft Engineers! After our month of hardwork, we estimate that we fixed over 1 million bugs! Of course, the downside is that we introduced upwards of 2 million NEW bugs, but hey, that's what upgrading is for! This is all possible thanks to you!

    Thanks!

    -- Bill

  • by drudd (43032) on Saturday February 02, 2002 @04:24PM (#2942993)
    My guess is that projects which are behind schedule will continue to work in order to blame any further delays on the coding halt.

    Besides, it doesn't matter how long microsoft stops work to fix bugs... real security comes naturally out of proper design and coding. Microsoft should take this month to redesign it's coding proceedures to be security conscious from start to finish.

    Also, isn't it funny that Microsoft chooses to use the shortest month of the year for this initiative? :)

    Doug
  • Vacation (Score:2, Funny)

    by ruvreve (216004)
    So basically Microsoft employees had a bunch of unused vacation time and Bill is forcing them to take a leave of absence during February and go home and apply patches to their windows machines.
  • He's the Supreme Intergalactic Software Architect at Microsoft now, right?

    Hard to see how they can be serious about this when the guy who designed all these bugs is busy partying with Bono at this Davos thing here in Manhattan.
  • by Myrv (305480) on Saturday February 02, 2002 @04:27PM (#2943006)

    Of course they have to stop 'new' work. FreeBSD 4.5 came out a couple of days ago. They have have to go back and update all that borrowed code.
  • Is This Possible? (Score:5, Insightful)

    by gmhowell (26755) <gmhowell@gmail.com> on Saturday February 02, 2002 @04:27PM (#2943013) Homepage Journal
    I've never worked in a programming shop. But, from working on a few OSS projects, reading a few books, and working with some commercial providers, it seems that programmers do what they want, when they want. Is it possible to steer such a massive ship that quickly? Is BG a big enough rudder?

    Similarly, how disruptive is this? It seems that when you get on a roll, you want to keep going. Switching like this seems that it will break that streak, and get you all disjointed.

    Again, to parrot others who know better, the best answer seems to be to do it right the first time.
    • Re:Is This Possible? (Score:5, Informative)

      by Anonymous Coward on Saturday February 02, 2002 @04:55PM (#2943183)
      From deep within the belly of the beast...

      Simple answer: yes. Bill says "hop," we say "how high?"

      Frankly, this will not disrupt the company much. *Most* divisions are already vigilant about tackling bugs. The smaller groups like DirectX, and the more technically competent groups like VC++ have extremely low bug counts. In fact, this isn't popularly known, but on the RTM date for WinXP there was a ship stopping bug related to upgrade isntallations. Upgrading 98SE would delete everything in the My Docs directory. One XP tester flew in on short notice from CA to help fix it, another missed the birth of his first child! That's devotion.

      On the other hand, there are some larger groups that *cough*Off*cough*ice*cough* seem to be a vaccuum for the most lazy people in the company. Every time I walk through that building I see ~20 people playing CounterStrike or Everquest. And big surprise, most of the huge bugs are coming from them and the bloated IIS group.

      Anyways I'm glad BG has decided to give us this new initiative b\c it will raise the bar, cleam up the bad press we've been getting, and maybe weed out some of the weaker links.
      • Re:Is This Possible? (Score:3, Interesting)

        by coyote-san (38515)
        I'm never been in the Beast, but I've always been struck by a weird dichotomy as an outsider.

        On the one hand you have Steve Maguire and his experiences described in _Writing Solid Code_. Microsoft has known how to write reliable code for years, it's known it knows this (this book was published by Microsoft Press), yet some managers still resisted. Ditto many other excellent books published by Microsoft Press.

        On the other hand I attended a MS job faire as a non-traditional CS grad student at the University of Colorado. I heard the recruiter tell the potential employees that Microsoft understands coders just want to code, not find and fix bugs. So they have other people do that stuff for them. I'm not the only one who heard it - Evi Nemeth et al mentioned it in the Red Book as well.

        So I just don't get it. The public execution of an Outlook or IIS manager for inadequate supervision of the bug issue would do wonders for the motivation of the survivors to pay attention. (Not the literal execution, of course, but in the corporate world being escorted off campus after a meeting with the boss may be worse.)
      • by nathanh (1214) on Sunday February 03, 2002 @02:38AM (#2945136) Homepage
        One XP tester flew in on short notice from CA to help fix it, another missed the birth of his first child! That's devotion.

        No, it's just stupid. I can only hope that his wife forgives him.

    • by tunah (530328) <sam@ k r a y up.com> on Saturday February 02, 2002 @09:55PM (#2944340) Homepage
      Is BG a big enough rudder?

      Only if you put him in head first.

  • If Microsoft really intended to focus on fixing the bugs in their existing software, they would be able to keep themselves busy for _at least_ a year. And even then, Windows would still suck. After all, it's not just the bugs, but the whole structure and security model of the operating system that sucks. Say what you will about Linux... It may have its problems, but overall it is a far better OS model. (And we can be sure the bugs in it will get fixed, eventually.... :) )
  • by KMitchell (223623) on Saturday February 02, 2002 @04:29PM (#2943023)
    Every company I've worked for have had massive cleanup projects like this. The only way to make them actually work is to freeze all other work by the developers involved, since cleanups (security or otherwise) are pretty much guaranteed to be less interesting than just about anything alse you might be doing.


    Considering that Gates has decided to (at least for PR reasons) declare security/robustness to be the priority of the moment (as opposed to previous claims that users bought sw for features not bug fixes) I don't see why they WOULDN'T do something like this...


    The only thing that I might question at all is the scope--i.e. is ALL of development doing this or just one or more departments within MS.

    • by djmcmath (99313) on Saturday February 02, 2002 @05:43PM (#2943401)
      We do this kind of thing all the time in the Navy. A problem is deemed to exist, so a solution must be made apparent. Someone receives an unexpected shock while working on surprisingly energized gear, so we stop work and take a saturday to have a Safety Stand-down. Does it fix anything? Does it identify and repair problems with how we operate? Not so much. Does it make an appearance of taking action? Can we tell our superiors, "We're doing something about this problem?" Can we claim an appropriate level of concern, and that we've done something to fix the problem? Yes, that's exactly the point. We're just putting a check in the box that says, "Do something about the problem." This is exactly what I see happening at MS -- they're demonstrating an appropriate level of concern, putting checks in the "Corrective Action Completed" boxes, and moving along with their normal lives. It sure would be nice if they'd fix a few bugs, but I'm not getting my hopes up until they're done.
  • Just PR (Score:2, Insightful)

    by mchasal (552057)
    Its clear to me that this is not about actually fixing any bugs, its about being able to say that fixing bugs is important to MS. A month is not enough time to make any real progress on the number of problems that they have to deal with. To the average MS user, this may look like a real shift in the mindset at MS, which is exactly what they want us to think. Evil...Pure Evil.
  • by JanneM (7445)
    Even the idea of suspending normal work in order to fix problems in their products show that their work culture ignores correctness and security, and is very poor at addressing those issues. Doing a stunt like that just shows that they really do not take this seriously, and can't take it seriously with the development organisation they have.

    A different organisation would just have allocated more resources (time, people, early design decisions) towards security than before, as part of the normal development cycle. that they have to do something like this implies they really don't care about these issues.

    /Janne
  • "It's time to get the garage cleaned out," he said.
    there won't be anything left ...
  • Impossible!! (Score:2, Interesting)

    by sinserve (455889)
    Debugging is part of testing, and is an iterative
    process.
    Tester feeback is the best way to debug a system,
    when QA is an issue. But for a ship-and-let-lusers-pay-for-beta
    company like microsoft, they need to *listen* to
    user feedback.

    Here is the catch: Even if microsoft devotes all its
    time, throughout the month for debugging, users will
    not be doing that!

    So, if they are not soliciting user feedback, how
    are they doing it? heauristics?

    My first guess is, they have heaps of bug reports
    that they need to go over and fix.
    But halting all development is not the way to do it,
    they childishly jumped the gun this time, simply
    because ALL developers don not debug.

    Similarly, there is no "wipe your ass day",
    wiping your ass should happen every time you take
    a shit.

    So, it is either an stupid decision, or YAPR move.
    • Re:Impossible!! (Score:5, Insightful)

      by Peyna (14792) on Saturday February 02, 2002 @04:33PM (#2943059) Homepage
      They are soliciting user feedback, if you've used XP, you'll know that anytime any program crashes you are given the option to "send error report" to MS, (it doesn't send any personal information, only memory dumps, etc. of effected areas)

      They used these error reports in making fixes and adjustment for Office XP SP1, so yes, they do use user feedback. They also listen to you if you can write an intelligent letter reporting bugs to them.

  • All software engineers know that a bug caused when doing the architecture takes 10 times longer to fix when your designing, or 100 times longer to fix when coding - or 1000 times longer to fix if the product has reached testing/maintenance! Microsoft won't gain much by all of a sudden start doing code-inspections _NOW_ on existing code. Sure, they'll find a lot of bugs and fix them, but that's nothing compared to what they SHOULD (and are?) doing - change the way they're doing architectual and design work!

  • .. that the SAME programmers who are developing new programs are responsible for bug/security fixes in OLD code?!?!

    No -wonder- they've got problems..
  • Describing the state of computing today as unstable and unreliable, he said Microsoft chairman Bill Gates "is really annoyed by the incredible pain we put everyone through in computing."

    That shoud be "Describing the state of Microsoft Windows computing today as unstable and unreliable,"

    My linux stuff doesn't crash and hang (well, almost never).
  • by InterruptDescriptorT (531083) on Saturday February 02, 2002 @04:33PM (#2943058) Homepage
    This is something that all big corporations have difficulty doing: stopping all new work, which tends to be what interests the developers involved, and making them go back to old work to fix the bugs that they (maybe reluctantly) acknolwedge that exist in the codebase.

    Those who use Windows should find this a major boon, as it does mean more stability. I am forced to use W2K at work (I run Linux at home) and I for one am quite pleased to see this happen--there are a couple of nasty bugs that cause almost inexplicable bluescreens when writing our video drivers.

    So can we lay off for a little bit and recognize that this is really a good thing? Sure, we scoff and say, 'About time!', but they're actually doing it.
    • by dbarclay10 (70443) on Saturday February 02, 2002 @04:58PM (#2943204)
      So can we lay off for a little bit and recognize that this is really a good thing? Sure, we scoff and say, 'About time!', but they're actually doing it.

      Too little, too late as far as I'm concerned ... I mean, a *month*? To spend on a code base of how many millions of lines? Written over how many years?

      Riiiight. :)
  • It's Funny. Laugh. (Score:3, Insightful)

    by po8 (187055) on Saturday February 02, 2002 @04:34PM (#2943061)

    Is this a hoax?

    Joke. The word you're looking for is joke. The plan is apparently to take 30 (excuse me, 28) days to fix the accumulated security-related bugs in umpty-million lines of software written over 15 years, and then start adding new security-related bugs to the morass again.
    <mimic who="Steve Martin">Good plan!</mimic>

  • by bryan1945 (301828) on Saturday February 02, 2002 @04:34PM (#2943063) Journal
    Let's see, Win2K was said to have about 60k bugs, right?

    So if they work every day of Feb, they need to fix roughly 2150 bugs per day. Assuming 3 rotating shifts (24 hour coverage), this comes down to 90 bugs per hour. Say they throw 90 programmers at this per shift, then each programmer needs to solve 1 bug every hour for their shift.

    I'm not a programmer, so assuming this bizarre scheme was used, is it reasonable for someone to solve 8 bugs per shift for 28 straight days? I'd think not, due to inter-relationships of code, fixing 1 bug causing a new bug, coder's block, and maybe burnout.

    Any thoughts?

    PS- The 7 years is just an arbitrary start date of Win95.
    • I would assume the majority of the time would be spent fixing bugs in Office XP, Windows XP, etc. Also, a great number of those '60k bugs' could have been anything from a spelling error to something 99.999% of users would never see under any circumstances; so, if they can fix all of the major bugs that most people do experience, I'd say that would be the important part.
    • Let's see, Win2K was said to have about 60k bugs, right?

      60K bug *reports*. Of which probably 35K got filed away as duplicates, 10K got filed as "works for me", 5K were rejected UI suggestions, 5K were quickly fixed errors in spelling/grammar, and another 4K were filed away as "cool feature suggestion -- let's put this into the next version".
    • by tshak (173364) on Saturday February 02, 2002 @05:46PM (#2943419) Homepage
      Let's see, Win2K was said to have about 60k bugs, right? So if they work every day of Feb, they need to fix roughly 2150 bugs per day.

      1) It is a flase assumption that 65K+ records in their bug tracking database where all bugs. These are just reports and have not been independently verified or filtered for feature requests or duplicates. What "are" really bugs can also be a "specification bug", not a technical one. For example, you click the start button it's supposed to "fade in with speckles" but instead it displays with no effect. To the end user it still functions perfectly. To the product development team the feature wasn't implemented correctly.

      2) You are assuming that over the past two years (when this ambiguous "65K" number got thrown around) that they have done nothing to resolve the bugs in Win2K. This obviously overlooks the fact that the NT5.0 codebase is much more mature thanks to ongoing development that has resulted in multiple service packs and WinXP.

      3) The point of this month is to focus on bug fixing, not "let's fix all the bugs that we created 5 years ago". It's like me saying, "I'm going to take a week and do spring cleaning on my house" and assuming that means that I never cleaned my house on a regular basis.

      4) If there really where 65K bugs, each programmer would be responsible for fixing 1.5bugs within the month (appx 40,000 programmers). Of course, this is severely trivializing the issue, but reminds us of the awesome resources MS has at it's disposal.

      Also, Win95 is mainly relevant when discussing the GUI and DirectX. Most all of Win2K's technology is based on NT, which is an older codebase. (the first beta was in 1992 I believe)

  • It would take a lot longer than a month to fix what's wrong with Microsoft and Microsoft products. Their entire attitude is adversarial toward the customer. A month won't fix a company with a history of years of abuse.

    Still, a month is better than nothing.
  • Gee, a whole month of no new code to find bugs.
    Hmm, how much code was that they had to go over again?

    Assume a programmer can read and perfectly debug 100 lines of code an hour. For every 2 million lines of code, it will take 125 programmers to finish within the one month period (4 40-hour work weeks). Hmm. They might do it, given overtime and plenty of workers, but it assumes they debugging process is perfect.

    Of course there's another way this might work- if they have a huge backlog of known bugs. On second thought, that can't be- this is Microsoft, surprised with each new Outlook-enabled virus! </sarcasm>
  • waterfall model (Score:2, Insightful)

    by rakerman (409507)

    Ok, so the next time a prof asks me, "what is the most expensive point in the development process to fix bugs?" I guess the correct answer is "Bill Gates fixes them all after the product is released".

    Or to put it another way:

    "For 28 hours the Titanic Engineers switched from developing new ship features to patching existing holes. The ship sank anyway, due to a combination of bad design, arrogance, and bad luck."

    Security is not primarily a coding issue. Security is primarily a DESIGN issue.

  • by bluelarva (185170) on Saturday February 02, 2002 @04:37PM (#2943081)
    I really don't think Microsoft understands the issue. Security isn't something that can be just "added" later like some feature. It has to be built into the overall architecture. It's like trying to bolt on some metal bars on the side of your crappy car to make if safe. It must be engineered from within. It just doesn't work that way. It's really about _how_ you build things.
    • by mliggett (144093) on Saturday February 02, 2002 @05:23PM (#2943317) Homepage
      Yes, that explains why Unix is so secure. Thank goodness it was designed to use OpenSSH and shadow passwords so many years back. Can you imagine how hard it would be to "add" something like that later, like some feature?
    • Why?

      The car analogy doesn't work. In the automotive world it often would be cheaper to engineer a new car than to retrofit an old one, but that's rarely true for software.

      Assuming their source is reasonably modular then you should be able to plug security holes in any part without tearing the whole thing down. It would be nice if the bugs weren't there in the first place, but nothing says you can't succeed at finding and patching most of them.

      You're right, it is about how you build things, and how software is built predisposes one to a method of incremental improvements.
    • Actually, MS's security model is sound in principle. Windows is insecure because of faults in the implementation. If it was implemented properly, it would blow the security of most UNIXs out of the water.
      • Actually, it's usually not an implementation problem, but of a configuration problem.
        IIS's add-ons are the only major applications that suffer from constant problems in Windows, and most of those problems could be avoided if only they had a better configuration.
        They are improving in this too, withness the ASP.NET configuration.
  • Bugs? I thought they were "Features"
  • The way I read that message is as following:

    "We know our products has a lot of errors/problems, but we have always been focused on shipping new products rather than fixing errors in existing products. But for the next month we will try to make our products stable even if that means we don't make any money. We like quantity over quality"

    It might just be my very subjective view, but I'm also a Microsoft hater so it fits very nicely into my mind...

    What would happen if they always dedicated the resources to get to the bottom of the bug list? Sometimes it seems to me that new releases are really made because they discovered that the concept of the program didn't hold water and a completly new version was needed to make it fly.

    This is how I always have viewed their approach:
    1)Someone releases a cool product.
    2)Microsoft says, don't buy it, we are coming with a better product soon.
    3)Microsoft sells a product that is similar on the surface(+fancy blinking lights to dazzle the executive peabrains that makes the call on what to choose). But their solution is very poorly designed "inside".
    4)The next version from Microsoft then has some impovements in the guts of the program. .
  • Purcell likened it to a 20-year spring clean4ing. "It's time to get the garage cleaned out," he said.

    Describing the state of computing today as unstable and unreliable, he said Microsoft chairman Bill Gates "is really annoyed by the incredible pain we put everyone through in computing."

    Nothing I could say could possibly be more critical of microsoft than this article.

    There is no way that this is an accident. I think we've clearly identified Mr. William Jackson as a seditious, anti-microsoft, commie terrorist ;). Furthermore, if you call up his cv (really easy on google) you find that he's actually a defense industry journalist. We need congressional hearings to smoke these people out (YES I AM KIDDING.)

    The thing I can't figure out is if Mr. Jackson had to quote Richard Purcell out of context to make him sound like that much of a fool, or if Richard Purcell really was stupid enough to say that. I'm sure the parts in quotations are accurate - but I'm not sure the subtext of "everything MS has done for the past 20 years is garbage, we're sorry" was present prior to Mr. Williams' editing.

    I'd love to see the original transcript of the interview. The one thing I haven't been able to dig up in the last five minutes is Mr. Williams' e-mail. (If I look I find the "Gospel Communication Network" staff e-mails.) If it can be found, timothy or somebody should send him an e-mail asking for the transcript.
  • Whew. Looks like I won't have to upgrade from Windows 3.1 afterall! Thanks Microsoft!
  • by Niadh (468443) on Saturday February 02, 2002 @04:43PM (#2943109) Homepage
    In 28 days Microsoft will release a 400 Meg "patch file" for all windows versions. After you install this patch the first thing you'll notice is when booting up you get a "MsLILO" prompt. After the 10 second count down you get the message "Uncompressing the New(TM) Microsoft(R)(TM)(don't even think about it) Windows(ditto) Kernel(pending)" and some periods. Then some bad ascii-art MS Windows logo will popup hiding a fast scrolling device detect list by refreshing really fast. After the MS logo goes away Xwindows, err, "The New Windows GUI" pops up a splash screen that says "KDE 2.0" with the KDE part scratched out and a windows logo drawn over it in paint.
  • let's say, for the sake of an argument, that msft really is putting all this effort into fixing bugs for a month. let's say that at the end of the month, they say that it was a huge success, fixing X thousand bugs.

    how do we know that they aren't making it up?

    it's not like they will release one patch for each issue; if they provide the patches for free, it will mose likely come as one big patch, which could just as easily contain an update to the NSAKEY subsystem rather than actual bugfixes. without source, there is no proof that they are doing what they say.

    it sounds to me like "trusted computing" means "trust microsoft more". no thanks - i'll stick to operating systems with freely available source.
  • ...will this effort even make a difference?

    Microsoft uses poor software engineering methods. Even if they devote every other month of the year to debugging existing software, will it help if they continue making buggy software?

    If you patch a mess, you get a patched mess.

  • Feb == Black History Month
    Feb == Valentines Day (Massacre)
    Feb == MS Bug Cleaning
    Feb == Shortest Month of Calendar Year

    Do I have to spell it out people?
  • Probably true (Score:2, Informative)

    by mmcshane (155414)
    A Microsoft guy came to sell .NET to my company on Wednesday. I mentioned to him that Microsoft's security history is one of the biggest reasons for us to delay adoption and he came back with the exact same story here - that February would be bug-fix month.

    Bottom line, if Microsoft is lying, they're lying consistently.
  • by W2k (540424) <`wilhelm.svenselius' `at' `gmail.com'> on Saturday February 02, 2002 @04:46PM (#2943132) Homepage Journal
    So Microsoft announces that they're spending a month to fix bugs in their software. And the /. crowd's reaction? Lame jokes and remarks that Feb is the shortest month of the year. Well, DUH - I think we all know that! Why does stuff like that get modded up, anyway?

    I say Microsoft deserves all the encouragement they can get for not only acknowledging that their software isn't flawless (something I don't see Linux developers doing very often) and announcing that they're going to be spending time fixing those flaws during the coming months. More power to them, and let's hope other companies follow their example.
  • by coyote-san (38515) on Saturday February 02, 2002 @04:52PM (#2943166)
    Taking it at face value, they can do a lot in a month if they're serious. I know, I've done a lot in the first week when brought in as a "contractor of last resort" on dying projects - this timeline is stretched mostly because they have so much code to deal with.

    First week: turn on "guaranteed bugs!" compiler warnings - uninitialized variables, improperly initialized variables, etc. I'm still floored when some junior programmer thinks that they know more than the compiler on stuff like this. If the compiler says something is uninitialized, 99% of the time it is because you overlooked some obscure branch in your code. If the compiler says the data is too large for the storage specified, it is.

    End of first week: a subset of the prior point: turn on the compiler warnings for printf(). Yes, it's a pain to change so much of your code from %ld to %d or vice versa, but I've also found plenty of cases where somebody wasn't paying attention and they tried to print a number with %s. Or a string with %d. Mindnumbing, but celebrate with pizza and go home early when everyone finishes.

    Second week: require function prototypes. generate suitable include files, declaring functions and data which is never used outside of its source file 'static.' This can be a pain a times - it's an iterative process that sometimes feels like it will never end - but it has never failed to uncover multiple bugs. People forget parameters, or put them in the wrong order, etc.
    At this point you'll also need to make sure that functions always return values.

    Third week: turn on rest of compiler warnings, should go quickly.

    Third week, con't: turn on profiling. Where are you spending your time? Does it make sense? Inefficient code probably has other flaws, and if you're spending an unexpected amount of time in a single procedure it deserves a careful look.

    Then compare the number of open() and close(), the number of malloc() and free(). Again, code with memory leaks often have other flaws, and memory leaks have lead me to overly complex routines that could be replaced with much simplier code without either memory leaks (because I allocated a sufficiently large single buffer instead of a linked link - size determined by domain knowledge) or bugs. Besides, who ever heard of bubblesorting a linked list?! Moron.

    Fourth week: this is the start of an open-ended process. Start going through the code (perhaps in an order suggested by the results of the profiling) and verify that the parameters are legal. If something shouldn't be null, test for it. Check return values from procedures that you call.

    Simple steps that don't take that long - as I said it usually takes me about a week when starting on a new project, and even if the client is initially skeptical they can accept it's a good way to become familiar with the code. A lot can be done in a month, even if the staff spends a week bitching that it's a waste of time, they don't have that many bugs in their code (one of my particular pleasures is listing a large number of obvious bugs after a few days of effort :-), etc.
    • by Broccolist (52333) on Saturday February 02, 2002 @09:30PM (#2944257)
      I think you underestimate the kind of work that goes on at Microsoft. Do you really think that the people who work there are stupid enough to ignore compiler warnings? That they don't use prototypes? That misuse of printf is a major problem in their graphical applications? Or that they make sophomoric mistakes like using bubble sort?

      Maybe those are the kind of bugs you see in small shops where the previous maintainer was incompetent. But I would guess that bugs in a large-scale system like Windows or Office, written by a highly competent programming team, are usually due to obscure, complex conditions caused by the sheer size of the project. E.g. a bug that occurs only when components X, Y, and Z happen to be running together at the same time. Cleaning up that kind of problem is not, I think, as trivial as you make it out to be.

      • by raoulortega (306691) on Sunday February 03, 2002 @12:53AM (#2944914)
        I think you underestimate the kind of work that goes on at Microsoft. Do you really think that the people who work there are stupid enough to ignore compiler warnings? That they don't use prototypes? That misuse of printf is a major problem in their graphical applications?

        Having done cross-platform conversions of some Evil Software Empire code, I can say that the answer is a definite YES. Why? You inherit code which generates a huge number of warnings, mostly for things like missing prototypes and pointer conversion, and you turn those warnings off because you just don't have the time to fix them because of time pressure.

        I for one would welcome such pauses-- It's sometimes embarassing to go back to look at my own code and realize that my error checking only worked correctly because it never got called.
      • by edp (171151)

        "I think you underestimate the kind of work that goes on at Microsoft. Do you really think that the people who work there are stupid enough to ignore compiler warnings? That they don't use prototypes? That misuse of printf is a major problem in their graphical applications? Or that they make sophomoric mistakes like using bubble sort?"

        Yes, absolutely. Comparing to another large company, I worked in several operating systems groups at Digital Equipment Corporation for many years, and I saw all of those things and more. Furthermore, I know Microsoft is not using data typing correctly because their Windows software interface requires not using typing in places. E.g., many arguments to Windows routines must be cast to integers even though they are pointers and vice-versa. And as I use their code, I often run across behaviors that strongly suggest to me how the engineering was done (and why it is wrong), and often it is a simple mistake.

        Many engineers are incompetent. You would think an engineer writing device drivers in an important operating system for a large company would know what they are doing. But I've seen code that initiated a DMA and then sat in an interrupt-priority loop (blocking all other system activity) polling for DMA completion for over three seconds! The whole point of Direct Memory Access is for the device to access the memory directly, bypassing the processor so it is free to do other work. The proper way is to set up data needed to handle DMA completion, initiate the DMA, and then leave interrupt mode and return to other work until the completion signal arrives. Stopping all work in a real-time operating system for three seconds is malpractice.

        Aside from incompetence, many engineers don't care. When you are driven by learning or pleasure or a project you are interested in, you write good code. You think about it and take pride in it. When you are writing code you don't like year after year for money, it becomes mindless. You don't have the energy to review compiler warnings. Your boss wants the program done so it can shop and doesn't give you time to review compiler warnings. Your boss gets reviewed based on how late the product shipped, not how few compiler warnings there are, so that's what gets attention.

  • by gaj (1933) on Saturday February 02, 2002 @04:56PM (#2943196) Homepage Journal
    In principle there's nothing wrong with this. I could end up being a good thing for those who use Microsoft products. Having the luxury of 19 working days to spend on cleaning up bugs and refactoring w/o having new features piled on your plate sounds great to me.

    Granted, coding new features is usually much more interesting than fixing bugs and cleaning up code, but sometimes it feels good to "clean out the garage". The benefits can be startling. If they refactor while bug fixing, they could really get alot of cleanup done, at a local scope.

    Additionally, if I were steering the ship, I'd have all my archetects at work planning staged efforts at rearchetecting at a more global scope. The issues that come up during the bug scrub would be fed back through the design process so the organization could learn from its mistakes and know what the next realistic steps might be.

    Through stepwise refinement and refactoring, it is possible to turn a crock into pretty respectable code. Granted, if the basic archetecture is severey flawed, some of the steps may be large and scary. But it can be done. With the amount of legacy code that Microsoft has, I don't see any other way for them to get from here to there, assuming that the "there" that Bill wants them to get to is really more reliable, stable, secure, trustable code.

    I don't really think there's very much of a chance that it'll work, even if they really mean it. And I'm not very convinced that this is anything more than a publicity stunt. OTOH, they do have a history of turning the U.S.S. Microsoft on a dime, so who knows.

  • by kruczkowski (160872) on Saturday February 02, 2002 @04:58PM (#2943209) Homepage
    Software giant Microsoft's top software developers all took a 4 week "brain storming" trip to the Bahamas. Details to the confrence are unknown but are rummored to included swiming, tanning and looking for secutity bugs.
  • by jonwiley (79981) on Saturday February 02, 2002 @05:14PM (#2943270) Homepage
    Software Giant Sentenced to Rehab

    February 01, 2002

    Redmond, WA - In a ruling yesterday delivered by Judge Colleen Kollar-Kotelly in the U.S. vs. Microsoft antitrust trial, the software giant was sentenced to spend 28 days in the Sunnybrook Corporate Rehabilitation Facility.

    Convicted of abusing its status as a monopoly, Microsoft will spend the next month in a bug-free zone and will be required to examine the unlawful and destructive activities of its past in group therapy.

    "It's really for the best. Now Microsoft will finally be able to get the help it truly needs," said U.S. Department of Justice spokesman Mark Evans.

    Although Microsoft continually disclaims any wrongdoing, the scene turned ugly when U.S. Marshals showed up at Microsoft Corporation's home Friday afternoon. The Marshals had come to take the multi-billion dollar software company to the rehabilitation facility after it failed to show up at the bus station that morning.

    After not responding to law enforcement officials' pleas to open the door, the Marshals bust in, only to find Microsoft actively engaged in excluding users of the unpopular and barely used Opera web browser from the Microsoft Network (MSN).

    Marshals were able to subdue the giant and dragged it from its home in Redmond. Microsoft could be heard to scream "WE MAKE THE STANDARDS! Tim Berners-Lee can go [expletive] himself!" as it was shoved into a Redmond police car.

    "You can't place the blame entirely on Microsoft," said Dr. Jessica Fowler of Harvard Business School. "Microsoft is very sick, and it needs professional care. It's obvious to anyone that the ranting of Craig Mundie [about the Linux OS] was really just a cry for help."

    Judge Kollar-Kotelly told Microsoft that the 28 day sentence to Sunnybrook was a minimum. "I'll evaluate your progress after this month. If I see a blue screen in March you are going right back."

    An important part of corporate rehabilitation, say the experts, is to be exposed to peers who have similar histories of abuse. Microsoft will be joined in group therapy by Monsanto, Ford, CSFB, and Arthur Anderson.

  • Windows NB (Score:5, Funny)

    by Nindalf (526257) on Saturday February 02, 2002 @05:18PM (#2943290)
    Redmond March 1, 2002 -- MS Releases Windows NB

    Bill Gates himself returned to his role as MS spokesman by holding a surprise press conference announcing their latest product, Windows NB.

    "It stands for Windows (with) No Bugs." Mr. Gates began his speech with, "After an intensive month of effort, we have corrected every implementation flaw of Windows XP, as demonstrated by our foolproof testing process."

    "As we move into the new millennium, the reliability and security of our computers could not be more important," he continued with evident pleasure and pride, "and to that end we are offering all Microsoft customers, who have a legally-purchased copy of any version of Windows, a free upgrade to the new system."

    He concluded the main announcement with the rueful comment, "I don't know why we didn't think of this earlier, of course we knew all along that we were just a month away from perfecting the features already implemented, but really thought you all wanted animated menus and custom audio formats more than a system that doesn't let teen vandals take control of your computer whenever it's connected to the internet, or lock up and need to be restarted twice per day. If only people had let us know earlier, we really didn't know it was a problem. Still, we are terribly sorry."

    Discussing future designs, he announced the release of, "Windows PI: Perfect Innovation. Scheduled to be released in six months, maintaining the bug-free status of Windows NB, yet adding exciting Microsoft-invented features such as human-equivalent natural-language processing, full archival state preservation, and semi-sentience. It will turn your PC into the perfect secretary, net gofer, and perhaps even a close personal friend."

    He was given a standing ovation by every reporter present. Overwhelmed by the gratitude and respect, was seen wiping away tears of joy, and was not the only one. One sports commentator who was filling in for a tech columnist due to the short notice even went so far as to triumphantly spike his laptop, performing a small victory dance, before being informed that MS is primarily a software company, and the free upgrades would not include replacing any hardware.
  • by RelliK (4466) on Saturday February 02, 2002 @05:20PM (#2943302)
    First Amazon makes profit, then Microsoft decides to fix bugs. Anyone want to guess what will be next?

    (It is an interesting coninsidence that 2002 is a palindrome. Hmmm....)
  • On Feb. 1, Microsoft also posted links to this WinInformant story [wininformant.com] on their press page [microsoft.com] with the title "Windows more secure than Linux? Yup."

    (The story says that there are more BugTraq entries for Linux than Windows 2000. QED.)
    • by Some Dumbass... (192298) on Saturday February 02, 2002 @07:22PM (#2943786)
      The story says that there are more BugTraq entries for Linux than Windows 2000. QED.

      Yeah, and likewise, according to the full stats [securityfocus.com], there were three times as many NT/2000 bugs as Win98/95/3.1 bugs. Thus, Windows 3.1 is three times more secure than Windows 2000!

      The reality, of course, is that we don't know what they mean by "Linux (aggr)". They have separate lists for SUSE, RedHat, Debian, etc. Ony RedHat had more vulnerabilities than Windows 2000. Even then, "RedHat" means the entire distro. That means that they're counting far more software (i.e. three different ftp servers) than for Windows 2000.

      So in summary, if you don't tell the whole truth, you can support just about any claim... :)

  • by Dog and Pony (521538) on Saturday February 02, 2002 @06:00PM (#2943484)
    Is this a hoax, or maybe just marketing hype? The web site looks to be legitimate.

    If it is a hoax, what would be the point if it looked suspicious? :)

    Personally, I kind of like it, even if it just to earn cheap points. If they actually concentrate hard on swatting bugs, it will benefit not only MS users, but everyone out there that some way or the other relies on something Microsoft to work. No matter what you run yourself. I bet that is most of you...

    Now, if they only would do this on a regular basis. How about officially declare February "bug swatting month" every year? I think that would be good for others than MS too.

  • by DunbarTheInept (764) on Saturday February 02, 2002 @06:05PM (#2943501) Homepage
    Will they be fixing their design flaws as well? Those are the real problem, and can't be fixed in a month. They can't be fixed without just starting over from scratch. I'm talking about things like making it standard practice to encourage users to integrate everything automatically without user intervention (which is where all those e-mail viruses come from.) Also, there's the decisions to put too much functionality in the high level shell (explorer.exe) and not enough into the low level bits that other programs can use. (For example choosing to implement shortcuts instead of filesystem links.) Then there's the DLL hell of not being able to have both a new and an old version of a DLL accessable to programs at the same time when the interface changes. These are not "bugs", and they are the main cause of headaches for me when I'm using Windows.
  • by Netlink (514225) on Saturday February 02, 2002 @06:06PM (#2943509)
    For Microsoft to turn Windows/Office/Outlook/IE into secure environment they need much more than one month, especially if they want to make WindowsME secure as well.

    They need to address the following points at the email client
    1. Make it more difficult for users to execute file attachments by default
    2. Perform checking of file attachments to ensure that a .lnk, .pif etc files are links or pifs not executables etc (the unix file command can do this)
    3. Where executable attachments must be run, execute them in a sandbox so they can't modify the registry, create files, send emails etc.
    4. disable or cripple Windows Scripting.

    For the Desktop OS
    1. Separate the Update process from the web browser, so that the web browser does need full access to all O/S files on the system.
    2. Run the web browser in a restricted shell to limit the damage from breaches.
    3. Split the registry into more files and make it text so that a text editor can be used to fix it.
    4. Make it more dificult for users to run as administrator, e.g. limit what apps can run
    5. Starty moving as much as possible out of kernel mode and into user mode, so a program crash or dodgy video driver is less likely to bring down the O/S

    For the server OS
    1. Stop running all services as administrator and introduce separate users for separate functions like Unix now does for Apache, Sendmail, BIND, etc. That way when IIS gets compromised the hacker does not get an Administrator shell
    2. Default off (i.e not installed) all but the most essential services, so that users must install new features and then enable them. That way a bug in the index server (CodeRed) only affects a few servers.
    3. Default off any automatic services, such as network plug and play.

    Office.
    1. Default off macros in Office, it's only virus writers that use the advanced features.
    2. disable the ability of macros to rewrite other macros, run in a sandbox.

    All products.
    1. Stop trying to get a new O/S out every year and fix the ones people have already (over)paid for.
    2. Stop talking about security and actually get on and do it.

    If Microsoft do all of these things then we in the Linux community have got real problems.
  • by shimmin (469139) on Saturday February 02, 2002 @06:14PM (#2943539) Journal
    Feb 1-3: wrap up current coding projects to "a good stopping point." Little does Redmond realize a "good stopping point" was Windows 3.1.

    Feb 4: distribute memo describing moratorium on new code, effective Feb. 1

    Feb 5: distribute memo granting amnesty to coding done on Feb 1-3, but stating that they really mean it this time.

    Feb 6: sack those who wrote new code on Feb 4-5.

    Feb 7-10: hold committee meeting identifying "Top 10 bugs most in need of fixing in Windows XP."

    Feb 11: hold press conference announcing the top 10 bugs they intend to fix by the end of the month. Prominent on the list will be the placement of "close window" right next to minimize, and the oversight that allows users to open web pages using non-IE programs, thereby confusing consumers with additional choice.

    Feb 12: distribute memo to technical managers containing the real top 10 bugs, such as buffer overflows in IIS.

    Feb 13: un-confuse all personnel who were accidentally exposed to both top 10 lists

    Feb 14: all work stops as employees realize they have no personal lives

    Feb 15-17: resume de-confusion efforts.

    Feb 18-21: programmers research months-old code in preparation to fix the top 10 bugs

    Feb 22: easter egg discovered in Access wherein a certain malformed SQL query begins MPEG2 feed of RMS and Melinda "otherwise engaged."

    Feb 23: responsible parties for the incident of Feb 22 located, sacked for not using WMA formatting on feed.

    Feb 24: some bug repair begins

    Feb 25-28: programmers re-acquaint themselves with code written prior to Feb 3, so as to be able to appear competent on Mar 1.
  • by Axe (11122) on Saturday February 02, 2002 @07:59PM (#2943920)
    Satan is shutting down the furnaces of Hell for a first clean-up since the Dante's inspection. He promises that now it will be an annual Hell freeze-over.
  • by Platinum Dragon (34829) on Saturday February 02, 2002 @08:05PM (#2943947) Journal
    I would probably have given MS more credit for this initiative if they didn't have a burning need to broadcast it to the entire world, as if to say "See? We're doing a good thing! LOVE US!"

    Good deeds don't need advertising. The way MS is trumpeting how security- and bug-conscious they are now makes me wonder how much of it is legitimate and how much is fluff.

    We shall see, I suppose.
  • by Tom7 (102298) on Saturday February 02, 2002 @08:57PM (#2944166) Homepage Journal

    God, it is kind of sad the kinds of posts I am seeing on this story. Everybody laughing at Microsoft, ha ha, they have so many bugs, etc. I don't see anyone saying, let's do the same for linux.* I think that's really cocky of us, and pretty disappointing.

    In fact, MS has built a really good product with Windows XP. I am using it right now. It has never crashed on me! It's true that I wouldn't use it for a server, because it is a pretty complicated beast, but it is pretty damn good on the desktop.

    I am not trying to say that we should give up because microsoft has us beat. I am saying that we need to keep working, because I actually think that MS will be providing an OS that is very very stable in the next few years, and this will take away one of Linux's chief selling points to the average person. Linux will always have freedom, and that's great (enough for many people), and it will have better C programming support, but what else? Complacency is a terrible thing, folks!

    * Don't tell me linux doesn't need it. Some of the important code I've seen is pretty damn amateurish. Check out the MD5_crypt code for PAM, for instance.
  • Linux Arrogance (Score:4, Insightful)

    by quakeaddict (94195) on Saturday February 02, 2002 @09:02PM (#2944179)
    Man I really feel sorry for you guys.

    You guys are now ranting about MS taking a month to clean house? The bitter reality is, at least they have something to clean.

    While the Linux crowd is still fighting over Gnome vs. KDE, or who should do the patches for the latest and greatest Linux Kernel.....MS is moving forward. For example, MS has looked way beyond the desktop (they have built a common Windowing library into the .NET Framework callable from any .NET enabled language) to providing tools that allow for the easy creation of web services, which is where the action will be for the forseeable future. Now they are suring up their code base as well.

    Whether you guys will admit to it or not, there are some smart folks at Microsoft. They have a plan, they have a map to get from A to B, and they execute that plan. Microsoft has real history of coming from behind. They came late to desktop aopplication software (Wordperfect/Lotus 123) and they now own it (Office). They came late to Internet browsing and they now own that as well. Nothing, and I mean nothing, approaches the stability and conformance to standards of IE on Windows in the Linux mix.

    So if Microsoft says they are going to make security and software reliability an issue, this is likely to cause alot of angst among the Linux crowd. Why? My gosh, what if they actually do it?! Then they have usability AND more reliability than you will ever give them credit for.
    • Re:Linux Arrogance (Score:4, Insightful)

      by the eric conspiracy (20178) on Saturday February 02, 2002 @09:38PM (#2944285)
      Nothing, and I mean nothing, approaches the stability and conformance to standards of IE on Windows in the Linux mix.

      Actually that's pure baloney. IE is the most non-conformant browser out there. It's very simple to see, too. Just code a table without a closing tag, and watch IE render the thing anyway.

      they have built a common Windowing library into the .NET Framework callable from any .NET enabled language

      Sounds like a giant security hole to me. Go to a web site, and have files moved to the Trash Can via .NET. Perfect!

      So if Microsoft says they are going to make security and software reliability an issue, this is likely to cause alot of angst among the Linux crowd. Why? My gosh, what if they actually do it?!

      Not possible. Microsoft's business model is based on a 1-2 year software life cycle. You cannot make a large software package either secure or reliable in that kind of time period.
  • by leonbev (111395) on Saturday February 02, 2002 @09:41PM (#2944300) Journal
    Come on. Please READ this stupid joke of a press release, and tell me that you think that it sounds real. The last line of the story itself should be a dead giveaway:

    "Describing the state of computing today as unstable and unreliable, he said Microsoft chairman Bill Gates 'is really annoyed by the incredible pain we put everyone through in computing.' "

    Puhleeze! Has Bill EVER personally apologized for releasing buggy software in the past? Why do think that he would NOW?!? Come on, Slashdot editors, stop being so gullible.
  • by Jebediah21 (145272) on Saturday February 02, 2002 @11:50PM (#2944707) Homepage Journal
    1. Find a feature your competitors have that you don't.
    2. Pick the shortest month of the year
    3. Give half your workforce the month off (saving lots in salaries).
    4. Announce an ambitious month long project that has no chance in hell of succeeding.
    5. Watch your stocks go up.
  • A new microsoft? (Score:3, Interesting)

    by q-soe (466472) on Sunday February 03, 2002 @01:14AM (#2944965) Homepage
    Perhaps this is an umpopular opinion but just for a minute stop thinking the party line and have a look at the events of the last 12 months (leaving aside the anti trust crap)

    Gates quit as every day head of MS to devote himself to special projects and areas of interest.

    MS manages to release a stable and fully functional os in XP (look past the crap on activation which i can assure you is a non issue)

    They start talking for the first time about fixing security flaws and exploits in software instead of simply denying it.

    Now this announcment - fix the major issues.

    Its smart and shows a company becoming increasingly smarter.

    Now posit this - MS does not make major money of OS products, never has - the money is in applications - larger unit cost and better profit, longer lifecyle etc. MS are fixing bugs and issues and the question has to be asked why ?

    Its not the open source movement pressuring them - the general man in the street uses MS products and so does their employers.

    The bad press from code red, i love you etc has meant little more to MS that so more public relations work.

    but look at it in another light - if MS decided to release their OS software for minimal cost or free to non corporates and the home user (Public Domain not GPL) then this would be a smart move ahead of such a move and i would point out would fuck up the anti trust case in a huge way - the clamour to split the company into OS and APPS divisons would be muted as the OS one would not make any money.

    Say for a minute they set up (already have it actually) seperate business units for consumer and corporate/business. They public domain windows 95, 98 and millenium and maybe XP home thus giving them away free (they can afford it trust me)

    Where does that leave linux ? how many home users chose SUSE and MANDRAKE because of the price?

    Even better - give away the Desktop OS for free and licence the server os, and GPL IIS.

    Its worth a long hard thought, and dont forget that MR Gates started out as a pogrammer and hacker himself (do some history reading) and is well aware of the lessons of freely available OSes and their ability to grow a market (it can be argued that the piracy of DOS led to the first boom in PC software and development - and it was his MS dos that was the most pirated)

    Perhaps instead of rubbishing MS for this we should start thinking why ?

Competence, like truth, beauty, and contact lenses, is in the eye of the beholder. -- Dr. Laurence J. Peter

Working...