Patch Tuesday Sees Four Critical Patches
- By Peter Varhol
- 10/09/2007
For its October patch release, Microsoft released a total of
six
security patches, one less than originally planned. Four address issues
deemed "critical," and two address issues deemed "important."
The "critical" patches all involve issues that can allow remote code
execution, and target all supported versions of Windows, plus Microsoft Office,
Internet Explorer, Outlook Express and Windows Mail.
One of the "important" patches is for Windows and corrects an issue
surrounding denial-of-service (another Windows patch to correct a "spoofing"
flaw was dropped from today's lineup). The second "important" patch,
for Windows and Office, deals with an elevation-of-privilege issue.
Do you patch automatically, or test patches before deploying? Tell me your
patch strategy at [email protected].
IBM and Google Fund University Programs
IBM and Google announced that they're starting a university program designed
to promote programming
practices for cloud computing, the practice of throwing many computers at
a problem in parallel.
The companies are each contributing $20 to $25 million in systems, software
and services to six universities who will support research in this area. The
six universities are led by the University of Washington in Seattle (ironically,
in Microsoft's own backyard), where preliminary research has been done, and
include Carnegie Mellon, MIT, Stanford, Cal-Berkeley and the University of Maryland.
Programming tools and techniques do seem to lag behind advances in hardware.
In particular, few, if any, mainstream developers write code to take advantage
of multi-core systems. Do we need to expand programming skills to take advantage
of new processor technologies and architectures? Tell me at [email protected].
SAP To Acquire Business Objects
Over the weekend, SAP announced the acquisition
of Business Objects in a $6.7 billion deal. SAP expects that France-based
Business Objects will help grow its presence in the business analytics, business
intelligence and reporting fields.
Crystal Reports, a company that's had more owners than a holiday fruitcake,
finds itself in the hands of yet another parent company. Owned by Business Objects
for the last several years, it now gets to become a part of the SAP empire.
Crystal Reports has been an integral part of Visual Studio for a number of years,
with its reporting engine in addition to the development environment in the
Professional edition.
Do you use Crystal Reports in development or reporting? Let me know at [email protected].
2007 Ig Nobel Awards Presented
Last Thursday night saw the presentation of the 2007 Ig Nobel awards at Harvard
University's Sanders Theatre. The Ig Nobel prizes celebrate research that can't,
and probably shouldn't, be replicated. Among the winners this year was a research
group from Brazil which determined that mice taking V-pills were 60 percent
less likely to experience jet lag than untreated mice.
Browse the pages of the Annals of Improbable Research (http://www.improbable.com)
to look at past winners. My personal favorite provides a scientific investigation
of that age-old question: Which came first, the chicken or the egg? With the
cooperation of the U.S. Postal Service, whose regulations do in fact permit
the mailing of live fowl, researchers concluded that the chicken came first.
What's your favorite improbable research note? Do your own research and let
me know at [email protected].
Mailbag: Sounding Off on Microsoft's XP Crackdown, More
Doug reported yesterday
on Microsoft's "Get
Genuine Windows Agreement" program, the company's latest attempt to
crack down on unlicensed XP. Readers had a few things to say about that:
Certainly, MS has the right to protect itself. Investing millions and
acting as a charity is laudable but unlikely to sustain the products developed
for very long. The concern I have with the full install vs. upgrade crackdown
is when MS software falls apart so badly that the consumer is left with no
alternative but to salvage what data they can and reformat-and-install. This
has happened to me twice and MS itself cannot get my machine to accept anything
other than automatic updates. If MS wants to crack down, start with a crackdown
on garbage code it produces ad nauseum, then crack down on useless technical
reps, fix its cow-pat software, then think about Joe Public's "alleged"
abuses (remember, 99 percent of us are NOT criminally inclined!).
I can only hope that sane thought will somehow return to MS. After all,
XP has a limited life now, so why spend gobs on "worry measures"
when "reality measures" need to be addressed? Fix XP for your MILLIONS
of normal customers and put your worrywarts into the Vista maelstrom.
-Stephen
I agree: Microsoft and everyone else does have the right to protect their
property. But I think Microsoft is taking things a bit too far. If I have
to reload a machine from scratch that has an upgrade license, the last thing
I am going to do is load an old OS and upgrade it. And for Microsoft to expect
us to do that is ridiculous. I use RIS to load workstations (a Microsoft-recommended
practice for deployment). It saves a lot of time when starting from scratch.
I also use RIS when we get a new machine with Windows pre-loaded. That way,
I get rid of all the crap the OEM installs and I know I have a consistent
load on all the machines.
When counting licensees, it should be as easy as: Licenses = (upgrade
& old OS) + OEM + Volume. If the total of the licenses = the total of
the machines, you're legal.
-John
I've never understood why there is a difference in licensing/software
for OEM, upgrade, full and don't forget volume licensing. We've got a mix
of all of them here! How is an IT tech to know the complete history of a PC?
When it crashes, you've got to throw a new hard drive in and load an image
as quickly as possible to get the end user to stop asking you if it's fixed
yet. Why should it make a difference as to which source disk you used to reload
or even which CD key? You end up with the same OS, don't you? (As you probably
know, some keys won't work with certain disk types.) Now on top of that is
GA, GWA and now GGWA. Don't get me started on the problems experienced with
these!
So, to make my point, I think Microsoft needs to get off the OEM/upgrade
transfer limitation. I strongly believe every Windows OS version should be
the same, and sold with full transfer rights to a new machine. From a marketing
standpoint, they could offer somewhat reduced pricing for upgraders since
significant money has already been spent, but the product itself should be
the same across the board. Then they just have to keep up with the serial
numbers and who holds them. Don't let Microsoft make my life miserable because
they can't effectively control their product!
-Kirk
I believe that protecting intellectual property is fine...if it doesn't
go too far. What do I mean by too far? As a network and IT support company,
our worst nightmare is OEM licenses sold with the machine. Most of the customers
lose their license. You call Microsoft, tell them the OEM key, and all they
say is, "Call the supplier." Now, I don't really get it. Why should
one not be able to get an OEM install CD that works with all OEM COA out there?
In the past year, we had to buy about 10 new licenses as the customer
did not find the original CDs. Of course, we could have gone to the original
supplier but usually, if we spend two hours on this, it's cheaper and faster
to go and buy a new license. If we order the original CD from the supplier,
it takes at least one hour to go through the whole process and two weeks to
get the CD. Buying a new license, the customer can walk home with his notebook
before night. Now, you tell me if that's fair.
-Dave
So, you are telling me that Microsoft thinks that just because I bought
an upgrade from 98SE to XP, I now can't just install XP? I have to start at
98 again and upgrade if I want to re-install? Oh, all those "upgrades"
have gone so well in the past! That's just asinine. Why should they care what
media I re-install with? I bought the license; I can now run XP. Who cares
about how I install it now? "Pathetic, greedy bastards" is the only
thought that comes to mind. No wonder it gets pirated.
-Anonymous
One reader shares his thoughts on Microsoft's decision to release
.NET 3.5 source code -- without letting developers modify it.
Microsoft, having written the OS, is taking the responsibility to support
it. That is the best option for most users. Those who wish to tinker with
it (open source) may think they have advantages, but when it goes wrong, is
it Microsoft's responsibility to fix it? I think not.
-Basil
And Ian objects to some of the language in yesterday's column:
To quote: "Microsoft is releasing a whole heap of .NET 3.5 source
code. Does this mean you can create your own .NET distribution? Not ******
likely."
Is it really necessary to resort to vulgar language to make a point?
Leave that to the gutter press and retain your professional stature.
-Ian
Got something to add? Let us have it! Leave a comment below or send an e-mail
to [email protected].
About the Author
Peter Varhol is the executive editor,
reviews of Redmond magazine and has more than 20 years of experience as a software
developer, software product manager and technology writer. He has graduate degrees
in computer science and mathematics, and has taught both subjects at the university
level.