My point is that we're just the little people getting trampled underfoot while Godzilla and King Kong fight it out.
Agreed, but fortunately we often have the choice to avoid the Godzillas and King Kongs of this age and choose an OS which has real security support
I do not claim that MS does not need to test their patches thoroughly. I only told that at least in the cases I have observed, Windows updates produced at least one order of magnitude more problems that all Linux updates I have seen. It is a sign that whatever testing MS does, it is not effective.
As of legal trouble: If there were any real legal liability for MS's software defects, MS would be already bankrupt a dozen times and you can choose whether for their bugs in general, the failures of products to meet their specs (remember the Windows Vista hardware requirements fiasco?), or negligence to fix security bugs.
Which distributions?
Debian, Suse, Gentoo,
Just last week Ubuntu released two kernel updates (at least for x86-64) for 10.4. I can't help but think the reason is that there was a flaw in the first release that forced a second.
Sure, such cases happen, but you still have the choice: either you prefer security even if it might cost stability in rare cases (which can be worked around by reverting to the previous version almost always), or you prefer stability, so you can wait a couple of days with applying the patch and check if an updated version is issued.
Sorry, but it seems that you are a little bit confused about the real cause. First of all, the blame lies on MS for creating the bug. Secondly, a responsible vendor should fix a security hole as quickly as possible, because security bugs are rarely discovered by a single person only. It is highly probable that the same bug is already being expoited by the black hat hackers in the wild. Five days is more than enough for the vast majority of security problems and delaying the fix is completely irresponsible. IMHO, MS should stop complaining and fix their processes instead.
In addition to that, it seems that MS has never replied to the researcher. Responsible vendors do that and they even cooperate with the researchers on the possible fixes. Most researchers treat such vendors very respectfully, but they hardly have any understanding for vendors who expect that they can delay security fixes for months and ignore the input from the security community.
Evolution doesn't explain the beginning of time, doesn't explain order or complexity, nothing cannot come nothing, chaos does not create order, etc.
Contrary to popular belief, chaos can very well create order. In fact, you can rigorously prove that any system which is large enough must contain regular parts, however chaotic it may seem at the global scale. See the Ramsey Theorem for a classical example.
Is your job running? You'd better go catch it!
