Not the first time
This isn't the first time that a (security) patch from Microsoft (or anyone else) has caused serious problems.
Patch early and patch often is the advice of security professionals when it comes to software updates. After all, who needs to be left wide open to hackers and malware writers when the solution is delivered by the software's maker? Yet sysadmins will be increasingly leery of applying such an approach to Windows systems …
I would say that automated testing (including regression) is not working ok for them... and that makes you wonder what else is slipping...
It is very difficult AND expensive to corectly test everything.. and if it is for me (an we have limited interfaces and SW collisions) the OS is even more difficult...
>It is very difficult AND expensive to corectly test everything..
Never use the phrase test everything as its impossible to test all inputs as you would need to go to infinity. Say thorough test coverage or some such en vogue nonsense. Sorry to be pedantic but people seem to think truly complete regression is very possible and all security bugs are due to sloppiness testing when that is often but not always the case. Seems to be pretty clear in this case though Microsoft screwed the pooch.
It's a bit difficult to test an OS deployed on hundred of millions of machines with very different software configuration on them.
I updated my LAN machines - and but for an issue with Delphi (which tries to write a font from its resources to %temp%, and then try to add and remove it dinamically), I didn't find any issue.
But because those patches changed the way some font APIs work, I guess other software may be impacted. And if it happens in some drivers loaded at startup (it could be a video driver or printer driver, maybe), some really bad can happen.
Sometimes the large number of hardware devices and software Windows supports may become a double edged sword - it's impossible to test everything.
But it's silly to blame the support technician who asked for details - you really need a "sample" from an affected machine to understand what's wrong and fix it - until you have it, there's little you can do if on everything else you tested with it works...
For example on one of my machines I have a conflict between Asus USB 3.0 Boost software and the Epson Perfection 2400 Photo scanner driver, you really need them both to see the issue.
@wdmot
A bugbear of mine as well. I explain it as meaning "many", whereas it is often seen used as though it meant "lot" (a myriad of X).
Given 'myriad' can sound a a little pretentious, I usually reserve it for conveying the idea that something is many and various. Thus, I generally only use it with classes of things. For example, I might say 'myriad animals' to mean that not only where there lots of animal, there was a great diversity of them too. I would not say 'myriad badgers' - for that I feel the simpler 'many' (or other constructions) to be preferable.
I approve of 'myriad combinations' - gives the impression of a bewildering array; too many to feasibly address.
@LDS: Stop trying to put a sensible comment in reply to a news item which is a Rant Magnet.
So many hardware companies send out buggy "It runs, so ship it" drivers. Drivers clearly not fully following the correct rules in the MS manuals. Then add in the whole rafts of extra weird apps theses same hardware manufacturers throw into the Startup as services or sitting down by the clock in the Task Tray. Add in dozens of other "helper apps". No wonder this then becomes a minefield for OS updates.
Some of the crud I find running on client PCs is unbelievable!!
So many hardware companies send out buggy "It runs, so ship it" drivers. Drivers clearly not fully following the correct rules in the MS manuals. Then add in the whole rafts of extra weird apps theses same hardware manufacturers throw into the Startup as services or sitting down by the clock in the Task Tray.
Then the OEMs take this, and pour in some proprietary code of their own into the proverbial proprietary soup.
Then there's what we need to get a job done.
Naturally, companies don't test with their competitors' software, they'd rather you just used their own rather than their competitors' programs. So if there's a clash, there's no incentive to assist you with it. A good example of this is VPN clients. Too bad if you need both to get a job done; i.e. company A likes VPN solution X, company B likes VPN solution Y and company C likes VPN solution Z.
Being a systems integrator, we're stuck with having these potentially conflicting VPN clients, which also battle Kaspersky, VirtualBox and in some cases VMWare Player and Microsoft VirtualPC, for control of the host's networking stack.
I look at Windows and wonder how anything works … My work-supplied laptop, a Dell Vostro, dual-booting Windows and Ubuntu Linux, has seen the odd BSOD on Windows 7.
It's been fine in Linux however, has has my own personal Panasonic Toughbook which dual boots Gentoo Linux and Windows 7. I don't use my own machine in Windows often enough to see BSODs, so I can't comment much there.
That is why I moved my main workstation from Windows to Linux back in 2001 ... never looked back. I do get these systems infested with apps and shit in systray and whatever that do nothing for repairs.
Also, the crud you get on unboxed Windows systems is impressive ... how do you guyz accept that ? You spend more time removing the crap than installing something coool like Linux instead ...
A kid came in this morning, his laptop was failing under the load, PC Booster et al was on there, including the whole saga of OEM apps left, right and center ... he went back home with Ubuntu 14 LTS.
Yes, updates fail on Ubuntu as well, happens, sometimes this or that library has vanished, but it is often just an "apt-get install" fix.
As for BSOD's, I have seen more on Windows 7 than on any other windows version, arguably, my HP Elitebook 8540W had a very flakey Wifi driver that BSOD'd on me when I shut the system down. Note that I re-installed Windows onto a partition some time ago, the BSOD has now gone, however, the wifi device sometimes just vanishes and I need to go into device manager and disable it, wait a few secs before I enable it again for everything to go back to normal ... sometimes, that does not even work... yes, I have the latest drivers, the only drivers installed are the ones from the HP site for the computer ... I have two games installed, for the kids and an anti virus ... that is all.
Needless to say, the computer runs Debian 7 flawlessly ...
>>Drivers clearly not fully following the correct rules in the MS manuals.
And how do you know that exactly, or that MS follow their own manuals in the first place? Is the source code available?
As for the OS flaw, once again, I said that earlier and got downvoted without any explanation: on a GNU/Linux system an old stable kernel is never discarded so that a user could boot back to it and get a functioning system again.
I think MS are well aware that something's amiss with their patching and testing and they're trying to cut down on platforms. As well as XP being knocked on the head, for later versions of Windows you also need the latest version of IE and with Windows 8.1 you need Update 1. Shame it doesn't seem to be catching everything.
that WE the users are the field testers for their patches as well as their new releases.
They (MS) don't care a jot if their crud borks our systems. They won't come and fix it so we are stuffed with living with their crap.
It is rather sad but at least with releases from the Fruity company they do have retail stores when you can take your Macbooks when their updates go wrong.
Like many posters on El-Reg today I never update with MS Patched until at least a week after they get released. So what if my systems are 'vunerable'. None of them are directly connected to the internet nor do they have an client connections from outside our firewall.
What about USB sticks, removable disks, mail attachments, browser vulnerabilities, 'unknown' software installs?
Most systems today are not often compromised by a direct attack to a system from outside the network perimeter (although exposed vulnerable services may be an issue).
Attack vectors are often an email attachment, visiting a web site, using an infected removable disk, or running software of 'unknown' origin... are all your USB ports disabled? All attachments blocked? Only whitelisted web sites accessible? All users running without admin privileges?
Attack vectors are often an email attachment, visiting a web site, using an infected removable disk, or running software of 'unknown' origin... are all your USB ports disabled? All attachments blocked? Only whitelisted web sites accessible? All users running without admin privileges?
Spoken like a seasoned Windows user, with the scars.
>> so we are stuffed with living with their crap.
You're really not. You and every other Windows user really don't have to keep taking this shit.
Its just that for whatever reason, most people choose to remain stubbornly ignorant of, or averse to, moving over to Linux, even though its MUCH more stable, secure, standards-compliant, powerful and logical in its operation than any Microsoft product.
It is, and yet equally it isn't.
I'm very fond of Linux for many purposes but no distro is really well suited for end user desktop use at present, at least on the scale that Windows is.
Sometimes, with the right hardware and the right distro, Linux as a desktop just works out of the box and that's fine.
Sometimes however you have to do endless fiddling, swapping distro provided video drivers for vendor ones or vice versa, or blacklisting driver modules to get other driver modules to load so that your audio works properly. That's not so fine, and presents some very real potential problems for many typical users.
As for updates, I've known package updates from a main repository break systems before, and sometimes with Linux this can be harder to fix as removing the package doesn't put it back as it was and stops the previous version working again.
The real problem is Linux grew from being aimed at and used by computer experts and sysadmins, and has had a large portion of it's development aimed towards servers and specific applications. This means it's not ideal for more general purposes or more general users, and developing it to be so is hard and slow.
Windows was developed right back from Windows 3.1 and it's predecessors to be a system for the average end user and to be easy to use and designed in such a way as to bread familiarity. This makes it a good general purpose OS usable and easily taken to by any user, but makes developing it as a reliable server or specific application platform harder.
@JustNiz
"Its just that for whatever reason, most people choose to remain stubbornly ignorant of, or averse to, moving over to Linux, even though its MUCH more stable, secure, standards-compliant, powerful and logical in its operation than any Microsoft product."
Any story about Windows or MS inevitably diverts into comments about Windows vs Linux.
Linux is very customisable and exists in several different flavours, which can make for a lot of confusion and not very much portability, in terms of a 'normal' user just being able to pick it up. You have the distro, which will contain specific bits and then they have the window manager/desktop environment built on top. You can change that, which is nice but there is a downside in that if you have used (e.g.) Fedora at a previous job, you can't necessarily be confident you can use Fedora at a new job as it could be running a different desktop.
Likewise the repository managers and the packages available through them. Again, take Fedora, which uses RPM with a front-end of yum. On top of that you might use a GUI like yumex or Appcenter. Of course that's not the only front-end you can use and indeed, while RPM is used in other distros, those may use a different front-end, such as apt-rpm in PCLOS or URPMI and Rpmdrake in Mageia. And, of course, other distros may use a different package manager such as pdkg/APT, which itself can be used with multiple front-ends such as synaptic and aptitude.
And, even then, the packages available for a given distro may vary, even if they use the same desktop and package manager. Again, take Fedora, which doesn't allow you to download any non-FOSS packages through the manager. That sounds very righteous until you realise that 'non-FOSS packages' includes vendor drivers.
Now, that's fine because you can get around that by adding in the RPM Fusion repositories (plural) but, if you're running CentOS, you'll have to enable the Extra Packages for Enterprise Linux (EPEL) first, of course. After that you'll be able to download the wireless adapter driver, however.
All this variation makes the relatively simple question of 'how do I install the latest video card driver' somewhat more complex than it might otherwise be.
And that's just the basics.
What about in a business environments? Active Directory is a suite of tools that are unparalleled for what they do. Linux supporters will argue that AD is there to make up for inherent problems and deficiencies in the Windows world and that Linux is better by design as it is 'built as a multi-user operating system' and has security and stability baked-in. Maybe so, but the change from a Windows environment to a Linux environment requires a complete paradigm change - from how you buy computers and server, to how you build PCs and install applications, how you manage user accounts and configuration settings - it all has to be reworked.
Let me be very clear - I am not pro-Windows and I am not anti-Linux. I run both - at work and at home. I have been through Mandrake and Mandriva and Fedora and Ubuntu and Kubuntu and Arch and Puppy and PCLOS and SUSE and CentOS and Slackware and Mint several other miscellaneous ones like OpenELEC, gOS and Mythbuntu.
What I am saying is that there is no real single operating system called 'Linux'. There are instead hundreds of distributions and, even narrowing it down to the more popular ones you'll still be presented with a dozen or more, depending on which ones are being forked-off or falling in and out of favour. Out of that dozen distros, no two will function the same. Each will have a different combination of configuration tools and desktop and package manager and installed applications and you can change some of these yourself, such as installing Enlightenment or XFCE on Fedora.
Likewise you can install Ubuntu but, if you decide you don't like Unity, you can install KDE. Unfortunately, while it may look similar, this will result in a different OS than if you just installed Kubuntu from the start as you will have all the other libs and programs. This may be advantageous to you or it may result in a slower system. Again, the point is just the huge amount of variation.
I love the ability to customise Linux and chose something that fits your needs like a glove. This is why so many Linux users swap distros so much! That strength, however, is also a downside.
In the end, whatever the benefits in stability or security, Linux and Windows are built on different paradigms and to say that one is flat better than the other is patently ridiculous. The OS that best fits the way you want to work is where you should start.
Actually, I'm going through pains at the moment thanks to a certain distro and, more importantly, the video drivers they insist on. It has been about two days now since I last saw a full working desktop and I have had all sorts of suggestions on what has actually happened. Sounds familiar? Yes, that's what can happen in Linux, just as it can in any other operating environment including Windows. That's why I try not to take sides when this sort of thing happens.
Usually because I'm too busy cursing out the sods that caused the problem!
i'm getting annoyed at my fellow windows users on here, shouting at the world out of frustration whenever a smug linux user laughs at our misery
who are they trying to convince? we all know windows is shite - stop defending it, and stop slagging it off. your both wasting your time.
Since you're not being specific on what the problem, distro and the drivers are, let me give a general piece of advice: reboot to the previous desktop you had a full working desktop with. If that's bloody nvidia --> nouveau transgression or vice versa, you might need to do something additional as to edit the /etc/modprobe or /etc/modules/ entries and blame Nvidia for all this additional trouble .
@LDS
Exactly. This is, perhaps, an oversight in the way things were originally developed and this crash shows on of the reasons why it's so difficult to fix after the fact.
Developers use the code and libraries and so on as they are provided. Sometimes they use deliberately undocumented calls to enable functionality or improve speed or simply make their coding easier. Problem like this can occur - in part - when MS 'fix' something and it then breaks the way a third-party uses that feature/library/API.
It does seem as though - based on the widespread report of this issue - that MS really did mess this up. Using the excuse that you can't test for everything only really works if it's just a small number of people affected.
"Doesn't Microsoft catch errors in their code any more? It would be a lot better than coming up with STOP ?"
The 4k or so redundancies at Redmond (as opposed to the 12k or so at Microsoft owned Nokia) apparently fell mainly on testing and QA staff according to a softie blog whose comments those made redundant were using to let off a bit of steam.
Coincidence?
Patch early and patch often is the advice of security professionals when it comes to software updates.
I certainly hope not: a variant on the old "measure twice, cut once" should be applied: "backup and test twice, patch once". I regularly get random failures with Microsoft's patches – but I'm lucky enough to be using them in a virtual machine. Not had a blue screen from the most recent round.
my main windows 7 VM that I use on my laptop anymore. There is an outstanding patch for IE11(KB2964444 - was failing since 5/2) that if it gets installed the system will BSOD on reboot(not installing it seems to hold up other patches). I cannot uninstall IE11 due to some sort of internal corruption in the system. Tried a few basic things I found online to try to fix it nothing worked.
The system functions fine otherwise.
I suppose at some point I need to reinstall it (tried doing some basic recovery stuff to fix the issue everything failed), the system is pretty well protected as-is anyway, but hasn't seen a patch in several months. I've personally never had this kind of issue with windows before, though I haven't been a serious windows user in some time(still not).
LDS - I don't know. I don't tend to skip patches I just let the system patch whatever it wants. I looked and indeed I do not have KB2929437, I'll take a snapshot of my VM and see if I can get that one to install(faster to recover with vmware than with windows system restore for me)
This post has been deleted by its author
sitting here for 20minutes waiting for my win7 machine to update.
so why not brag about how wonderful updates are on chromebook. They install in the background and when done notify you that a restart is required. You can do it whenever you want, and when you do it's down and back up in 8 seconds. ok it's more like 6, but I forget to count.
Microsoft's problem is product quality, not if the surface is cheap enough.
Windows does install in the background as well and you're free to keep on working while updates gets installed and it will notify you when done and a reboot is necessary. If you like to look at the install progress bar it's just a choice of yours.
Any Windows system with an SSD disk will install updates quickly and will reboot quickly as well.
Funny how some people cannot stand that their favourite product is no more exceptional than everyone else's.
Chromebook has other advantages, crow about them and be different. Spouting nonsense about something everyone does and trying to make it unique to your favourite toy is just silly.
The folks who are staggering around in pseudo shock and horror over this have never once sat down and thought about how they would do the job. Stuff like this is going to happen because you can't test every possible combination of software driver and application that might be loaded (or uninstalled badly) in the Windows environment.
It's not surprising that this sort of thing happens - it's very surprising that it doesn't happen much more often.
This post has been deleted by its author
I have had several Linux versions that have crashed after installing a new driver or application - true they don't have a BSOD, but instead just lock up or fail to boot. I would expect Linux to have fewer issues because there are far fewer combinations of software and hardware for Linux to cope with - simply because a huge amount of hardware either cannot be used or can only be used with reduced functionality because Linux drivers do not exist.
Sorry but this has to be crap.I completely dont beleive that any modern distro of Linux would or could totally lock up or even fail to boot just because you installed an application.
Unlike Windows, Linux is fundamentally protective of the whole of its system area, and also has package managers that won't let you screw it up.
To experience what you are talking about, you are doing at least one of using a VERY old version of Linux, trying to do something very stupid like force a 32 bit driver into a 64 bit kernel, or are manually messing with the system files, (which made completely unnecessary by the package manager).
Tell me which distro/version and which app you installed on it, and I will verify.
"Tell me which distro/version and which app you installed on it, and I will verify."
Kernel panics resulting in a black screen with a hex dump and total lock up are very rare in my experience. The last one I had was a 2.6.x series kernel on a Samsung NC10 netbook. I think it was Ubuntu 10.10 or something. There was an issue with power saving being applied to the rt series wifi driver causing a panic. Resolved in a subsequent kernel update - this was during the pre-release testing period.
It is usually hardware driver based. Not fonts!
"You wanted a specific example of missing hardware support? I gave it to you. But I guess given the price of that hardware you've never seen one..."
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708673
https://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg444698.html
https://bugs.launchpad.net/ubuntu/+source/ledmon/+bug/1174386
Dell *server*. Would it be those? Looks like fixed upstream.
there are far fewer combinations of software and hardware for Linux to cope with
You're joking, right? Please tell me you don't work in IT.
You've got more distros than you can remember, servers & super computers, tablets & phones, nas drives, set top boxes, routers, and probably a lot more than I'm aware of (forgive me, I'm a Windows user)
And when you're considering desktop & laptops, there is hardly any support from hardware manufacturers.
Just not all of them are managed by a single "Linux Team". The kernel developers are responsible for the kernel only - everything else is maintained elsewhere, often by the very same people who really need it for their business - while Windows patches encompass much more than the kernel alone. .
Specific distributions for specific devices are under the responsibility of their manufacturers, you don't get Android kernel updates from the Linux kernel developers directly.
You have to consider the sheer number of patches that Microsoft releases over time. Just find one of the original Windows 7 disks and install from there. Then watch the updates roll in, there is about six hours worth of them: patches, service packs and whatnot, with a few reboots in the middle.
So it's actually quite a good track record that only a very few of them can bork a system. On the other hand, that's little consolation if you're affected by the BSOD, and this one looks like a big snafu on MS part given the number of impacted machines.
And no, I don't trust patches from anyone. That's why I prefer to wait a few days before applying them and let others test them.
That's because they always release a half-baked [beta] product that needs a ton of patches to work at all. Every new version of Windows is a bug fest and then they slowly get rid of the worst bugs, leave tons of bugs that aren't that serious untouched, and then release new version of Windows. Just look at XP: more than 10 years old and there are still many obvious bugs in it. To MS the solution seems to be "no problem, install W7 or W8". Fabulous business practice. However, they're far from being alone using this "technique".
Strange, every time I run one of those update tools they have something to install...
Yes, isn't it great? Almost everything on your system gets updated using the same centralised source.
Also, there's no checking Help->Check updates, or disabling them because of phone-home fears.
Failing to find any references to Linux in my comments, or to software development in general. I don't trust Windows patches, neither Linux ones by the way. As I said, I wait a few days to apply them. And yes, I write software and issue versions and revisions all the time. And it is a pain. And I can't even start to think what the pain has to be to do that on the scale of Microsoft user base. Hence the comment: given the number of patches they release, the failure rate is quite low.
As opposed to micro kernel architectures. With monolithic kernels, one patch in one kernel driver going bad, whole kernel going down. Ironically, the first NT kernels had all most (not sure if all) drivers running in user space. When NT moved from 3.5 to 4 it added in kernel drivers for graphics for the sake of performance. So now we'll have all the modular kernel proponents saying "I told you so"
Note that Linux is not very different in this regard.
You had to choose if were better complaints because NT was slow, of because of BSOD. Back in those days it was more important a snappier GUI than kernel stability and security. Just remember that drivers need to access hardware directly, and for several good reasons only the kernel can access it.
So even if you have a good part of the drivers in user space, you still need a kernel counterpart to access the hardware. It was these transitions - back and forth from kernel and user space, that made that driver model slow, because transitions cost several CPU cycles. Moving most of the driver code to kernel space reduced the number of transitions.
Anyway, to properly code the architecture you like, an OS should use more than two security rings - the separation kernel/user is not enough. When Intel designed the 286, it made four ring exactly because in the innermost one should run the true "kernel", ring 1 for the I/O subsystem (aka drivers...), ring 2 for shared OS code (system DLLs...), and ring 3 for user applications. This way you could still have driver running at a more privileged level than other code (and able to access hardware, it's the I/O Privilege Level, IOPL, in x86 CPUs), but not so privileged to be able to crash the kernel.
But being almost unique to the x86, because of it complexity, and because of severe performance reduction due to the checks when switching rings, no OS I know ever used such a design. User would have complained a lot about "performances".
"Back in those days it was more important a snappier GUI than kernel stability and security."
No it wasn't, not where PCs were supposed to be "business productivity tools" anyway.
But it was much easier to measure performance than it was to measure productivity, so performance is what got measured, and what was optimised so it could look good when quoted in the usual reviews.
"Performance" numbers got better when more stuff was in kernel mode, but productivity got noticeably worse as a conseuqence of the same changes.
As noted on MS's site... boot off of install media. What? You don't happen to have a bootable DVD or thumb drive handy? How sad. Too bad. If you have a bootable install disc/thumb drive/whatever, you can boot from it and fix this problem in any of several ways (MS's site picks the most difficult and time-consuming method, of course) and be up and running in fairly short order.
You could also have done what I always do before installing patches: make a _complete_, bootable, backup clone. Reloading from the backup is a lot faster and much easier than running any of the fixes. And this way I have a complete backup of critical systems at least once a month, and don't have to use standard incremental/differential backups. Yes, I'm old-fashioned. My way works.
Please note:
1 not one of the assorted Win 7, Win 8.1, Server 2008R2, and Server 2012R2 systems around here have had a bluescreen
2 I do, indeed, have Win 7, Win 8, Server 2008R2, and Server 2012R2 discs parked in a filing cabinet. Plus Server 2008, Server 2003, WinXP, and W2K discs. I used to have Win98SE discs but tossed those out a long time ago. (I also have a complete set of bootable media for Apple systems from 10.4 on, despite Apple's attempts at making this difficult. Generating bootable media for OS X 10.9.4 is a major pain, and all because Apple has gone out of its way to make this hard. No, I don't trust the bloody recovery partition.)
3 I also have complete, bootable, backups of my major systems, plus bootable rescue media with which to clone 'em over onto the systems.
4 yes, this includes my own personal systems, not just the office systems. Frankly, if you don't have bootable rescue media and a bootable clone backup you're playing with fire.
But, hey, most people find out the hard way when a BSOD or a KP bites them in the behind and they didn't have a backup or rescue media...
What is even better is the paragraph in the Release Note for this patch which tells us what to do in case of things not working (MS avoid using the term 'BSOD') by telling us to restart the machine in safe mode and then perform steps X Y and then Z
Of course, MS forget to add that Safe Mode is borked too.
The downloaded Boot Disk is one's friend here.
Last weekend I installed the Mega patch to upgrade to win8.1 from win8 on my wifes machine (she's a bit lax about applying such things), bizarrely in addition to upgrading windows ms took the opportunity to mess with the boot order relegating grub2 beneath windows. Also since the update the partitions seem to have been renumbered sda8 swapping places with sda10, this caused a mild panic before I realised what had happened when the Linux install announced it was unable to find /home
All fixed now, but really was there any need for MS's updater to fiddle with things that don't concern it at all
But it DOES concern Microsoft. A PC with Windows belongs to Microsoft, and it wants you to know that.
Because Microsoft is there to help you (you poor user, you) and, in case you have a problem with your PC, it will gladly aid you in reformatting the entire disk and installing Windows 9.
As soon as that is out.
I think much of Microsoft's woes come from a legacy of the past. If they could make a Windows that wasn't such a bird's nest where everything depends upon everything else, things would be much cleaner. The failing of Windows is that it isn't layered and made in a snap-together way.
While I believe in a horses-for-courses approach to choice of operating system, I'm inclined to point towards distributions of Linux such as OpenSuse or any of the others. In such cases, you have things in distinct blocks and layers where the interactions of one or more components doesn't blow-up the entire system. Although a program crash is an occasional occurrence in the Linux distro I use, I honestly cannot remember when such a thing took down the entire system.
The secondary problem might well be that Microsoft has never hired really good (and possibly expensive) programmers, preferring to use ambitious graduates instead. A job at Microsoft looks good on a CV, but the work from un-seasoned and transient programmers isn't likely to be exemplary, however good their degree is.
"Microsoft's woes come from a legacy of the past"
That's one of the issues with Windows. It's riddled with obsolete APIs and hacks, knowing that if they remove them in the next version, there would be nothing to keep the punters locked into it.
Instead of doing it right the first time, or following standards and tried/tested methods, MS do their own thing then scrap it then move onto something new when the cracks start to appear. (Like "new and improved" washing powder - but I thought it was already the best last year?)
I'm not bashing Windows for the sake of it, I've been developing for Windows since DOS - it's what I've seen over the years.
It's that a lot of "business critical" applications still relies on those APIs, and the day they remove it, there will be an uproar because "the upgrade broke compatibility!". Why so many complained when XP was EOLed? Why actual operating system needs to redirect things that should not been written to some directories and registry keys since Windows 2000?
I often enough see developers still relying on old APIs, and when I tell them to stop using them because they're deprecated and to switch to the new ones, they complain "hey, I always used it, it works, the new one is more complex to use, why should I switch?" When the mindset is this, you will have more and more applications relying on old APIs.
If you spend some time reading Raymond Chen's "The Old New Thing" you discover how much creepy some developers could be in trying to ensure their applications use Windows the worst way they could.
And the effort MS has to put to ensure those applications still work update after update, upgrade after upgrade, maybe because they're a Fortune 500 company one, and MS can't disappoint some customers....
If you run a company would you lose customers just because they're so silly to buy or develop bad apps?
Let us not forget that Microsoft itself helped foster this mentality by withholding API documentation for the functions it considered critical to its own performance.
So some vendors had to go and guess things, or call "less efficient" API functions, and tried routing around that, all because Microsoft wanted to make their software work less well than Microsoft's own.
Then, when application lock-in installed, Microsoft was stuck with trying to make its own APIs account for all the variations that had happened, because it simply couldn't break with the past given the amount of uproar that would cause.
Some time ago, and its hard looking in from outside because you end up thinking up soppositions and ideas rather than really knowing - but some time ago, MS cut and gutted the OS groups, and previously they took a fire axe to the trusted compute group.
I think these kinds of breakages are a reflection of what happens when you break up teams and people who know what they were doing, because you know better.
Windows at present is a mess. Windows 7 *really needs a SP2 roll up. And I mean really - cos patching the bit now is turning your hair grey. Windows 8 isn't far behind in needing work. Both have heaving massive patch cycles now. They dwarf previous gen OS's size in single patch cycles. Tesing that lot must be a very drawn out task.
While Windows 8 runs ok on lower end gear, and Microsoft do love to make that point - the patch cycles on older/slower gear are agonising, painful, slow affairs.
Behind the scenes, in the OS groups, and in the support/trust worthy computing teams - I think its chaos. They not only changed the management, but the teams, the methods, the plans. Threshold is going to be the 4th major change. (Vista, 7, 8, 9/Threshhold ) and they have been talking for a while that they thing they'll move to a yearly release cycle.
They are thrashing around like a dying beast trying to fix their end client so it can win/dominate again, and nothing they do has worked, apart from devasting in house teams, structures, and planning. The cloud and server side may be bouncing along, but client side is rocky as hell.
If you are an IT manager, put your tin hat on, because the world of XP, 7,8,9, IOS, Android and ChromeOS isn't getting any easier.
If I were at the top in MS, I'd be laying down the law of getting a settled end client thats stable, and that develops sanely off a good core. Maybe they just thing its fun to keep changing all the structures, exams, support, UI, tooling, utility bases every release. Aside from giving the finger every week to their audience IT pro's and telling everyone to learn powershell and go compete for the 1 in 50 chance of joining an azure level megacorp with guru level mitigation skills - what have they done lately.
Patch early and often, AFTER you have tested the patches on a representative sample of your deployed machines. Any change to a working system risks causing problems whatever the OS & configuration.
For Windows, WSUS deploys patches to our set of test machines automatically. Once we are happy nothing bad has occurred and after checking sites such as this one for any reported issues, they get approved for staged deployment to production machines. (Clue, don't patch ALL your domain controllers at the same time!)
Even then we don't assume we can catch all test cases and keep an eye on the production machines in case we need to roll them back.
I understand this won't be an option for most home users, but at least back up your machine regularly and preferably before any change.
Patch and pray in a business environment is just negligence.
>> Patch and pray in a business environment is just negligence
In my experience, "Patch and pray" is common practice, however.
It's easier for the average ICS team to trust Microsoft, and just blaim MS when things go wrong. And that's why they're using Windows in the first place - a throat to choke.
Yet amid the horror there was humour:
"I thought that only Windows 98 systems got blue-screen errors?," wrote Joe Blough. "(I am laughing at you all, because I haven't seen a blue-screen error on my win-98se system for years. I'm typing this reply on one such win-98 system right now - it has 2 gb of installed ram and win-98 can see and use all of it thanks to a few patches. And no, I'm not running 98 in a VM.)"
I would says AMID THE HORROR THERE WAS EVEN DEEPER HORROR.
Easier said than done.
On Debian Linux it's as simple as ensuring you've got SSH public keys installed in /root/.ssh/authorized_keys then doing:
for host in host1 host2 host3 … hostN; do
ssh root@${host} apt-get install offendingpackage=version
done
Red Hat isn't much different. And of course, there are tools like puppet, chef or Ansible that will automate a lot of that.
Windows has an equivalent, but I think it needs the higher end versions of Windows Server to manage it all. If you're a small business with a Windows NT domain controller (or Samba equivalent), you're stuffed.
"Susan Bradley, a Microsoft “valued professional community moderator”, shot back:"
no offense to Ms Bradley (or indeed any other 'community moderator'), but I find the "advice" and "solutions" from "valued professional community moderators" to be about as useful as "turn it off and turn it back on again".
I haven't had to reinstall Windows 7 since I first installed it in 2009. After this last bundle of updates my PC was stuck in constant reboot. Nothing I tried worked. After realizing it was hopeless to fix it, I whipped out my Linux live CD and recovered all the data I hadn't backed up for several weeks, then I reinstalled Windows 7. This was an inconvenience, but it was manageable. This also was a wake up call to back up more regularly.
Microsoft is crumbling. They’ve apparently lost or destroyed their core competency. This is the umpteenth time they’ve had to pull a major patch that blue-screened Microsoft systems during the last 12 months. And Microsoft is truly doomed when it reaches this point of complexity in trying to get customers to manually perform excruciatingly difficult back-fixes to update problems of its own creation.
Microsoft must truly be collapsing internally at a rapid pace, given their recent horrific software and device missteps, management turmoil, repeated destruction of customer systems by multiple mortal updates, etc. It really makes you wonder why the company is so hollowed out: excruciatingly bad management, dysfunctional legacy corporate culture, affirmative action, employee graduated from government schools that have stealthily promoted Fabian socialism, offshore labor, all of the above, etc.???
This post has been deleted by its author