Patch Tuesday Sees Four Critical Patches

For its October patch release, Microsoft released a total of six security patches, one less than originally planned. Four address issues deemed "critical," and two address issues deemed "important." The "critical" patches all involve issues that can allow remote code execution, and target all supported versions of Windows, plus Microsoft Office, Internet Explorer, Outlook Express and Windows Mail.

One of the "important" patches is for Windows and corrects an issue surrounding denial-of-service (another Windows patch to correct a "spoofing" flaw was dropped from today's lineup). The second "important" patch, for Windows and Office, deals with an elevation-of-privilege issue.

Do you patch automatically, or test patches before deploying? Tell me your patch strategy at [email protected].

IBM and Google Fund University Programs
IBM and Google announced that they're starting a university program designed to promote programming practices for cloud computing, the practice of throwing many computers at a problem in parallel.

The companies are each contributing $20 to $25 million in systems, software and services to six universities who will support research in this area. The six universities are led by the University of Washington in Seattle (ironically, in Microsoft's own backyard), where preliminary research has been done, and include Carnegie Mellon, MIT, Stanford, Cal-Berkeley and the University of Maryland.

Programming tools and techniques do seem to lag behind advances in hardware. In particular, few, if any, mainstream developers write code to take advantage of multi-core systems. Do we need to expand programming skills to take advantage of new processor technologies and architectures? Tell me at [email protected].

SAP To Acquire Business Objects
Over the weekend, SAP announced the acquisition of Business Objects in a $6.7 billion deal. SAP expects that France-based Business Objects will help grow its presence in the business analytics, business intelligence and reporting fields.

Crystal Reports, a company that's had more owners than a holiday fruitcake, finds itself in the hands of yet another parent company. Owned by Business Objects for the last several years, it now gets to become a part of the SAP empire. Crystal Reports has been an integral part of Visual Studio for a number of years, with its reporting engine in addition to the development environment in the Professional edition.

Do you use Crystal Reports in development or reporting? Let me know at [email protected].

2007 Ig Nobel Awards Presented
Last Thursday night saw the presentation of the 2007 Ig Nobel awards at Harvard University's Sanders Theatre. The Ig Nobel prizes celebrate research that can't, and probably shouldn't, be replicated. Among the winners this year was a research group from Brazil which determined that mice taking V-pills were 60 percent less likely to experience jet lag than untreated mice.

Browse the pages of the Annals of Improbable Research ( to look at past winners. My personal favorite provides a scientific investigation of that age-old question: Which came first, the chicken or the egg? With the cooperation of the U.S. Postal Service, whose regulations do in fact permit the mailing of live fowl, researchers concluded that the chicken came first.

What's your favorite improbable research note? Do your own research and let me know at [email protected].

Mailbag: Sounding Off on Microsoft's XP Crackdown, More
Doug reported yesterday on Microsoft's "Get Genuine Windows Agreement" program, the company's latest attempt to crack down on unlicensed XP. Readers had a few things to say about that:

Certainly, MS has the right to protect itself. Investing millions and acting as a charity is laudable but unlikely to sustain the products developed for very long. The concern I have with the full install vs. upgrade crackdown is when MS software falls apart so badly that the consumer is left with no alternative but to salvage what data they can and reformat-and-install. This has happened to me twice and MS itself cannot get my machine to accept anything other than automatic updates. If MS wants to crack down, start with a crackdown on garbage code it produces ad nauseum, then crack down on useless technical reps, fix its cow-pat software, then think about Joe Public's "alleged" abuses (remember, 99 percent of us are NOT criminally inclined!).

I can only hope that sane thought will somehow return to MS. After all, XP has a limited life now, so why spend gobs on "worry measures" when "reality measures" need to be addressed? Fix XP for your MILLIONS of normal customers and put your worrywarts into the Vista maelstrom.

I agree: Microsoft and everyone else does have the right to protect their property. But I think Microsoft is taking things a bit too far. If I have to reload a machine from scratch that has an upgrade license, the last thing I am going to do is load an old OS and upgrade it. And for Microsoft to expect us to do that is ridiculous. I use RIS to load workstations (a Microsoft-recommended practice for deployment). It saves a lot of time when starting from scratch. I also use RIS when we get a new machine with Windows pre-loaded. That way, I get rid of all the crap the OEM installs and I know I have a consistent load on all the machines.

When counting licensees, it should be as easy as: Licenses = (upgrade & old OS) + OEM + Volume. If the total of the licenses = the total of the machines, you're legal.

I've never understood why there is a difference in licensing/software for OEM, upgrade, full and don't forget volume licensing. We've got a mix of all of them here! How is an IT tech to know the complete history of a PC? When it crashes, you've got to throw a new hard drive in and load an image as quickly as possible to get the end user to stop asking you if it's fixed yet. Why should it make a difference as to which source disk you used to reload or even which CD key? You end up with the same OS, don't you? (As you probably know, some keys won't work with certain disk types.) Now on top of that is GA, GWA and now GGWA. Don't get me started on the problems experienced with these!

So, to make my point, I think Microsoft needs to get off the OEM/upgrade transfer limitation. I strongly believe every Windows OS version should be the same, and sold with full transfer rights to a new machine. From a marketing standpoint, they could offer somewhat reduced pricing for upgraders since significant money has already been spent, but the product itself should be the same across the board. Then they just have to keep up with the serial numbers and who holds them. Don't let Microsoft make my life miserable because they can't effectively control their product!

I believe that protecting intellectual property is fine...if it doesn't go too far. What do I mean by too far? As a network and IT support company, our worst nightmare is OEM licenses sold with the machine. Most of the customers lose their license. You call Microsoft, tell them the OEM key, and all they say is, "Call the supplier." Now, I don't really get it. Why should one not be able to get an OEM install CD that works with all OEM COA out there?

In the past year, we had to buy about 10 new licenses as the customer did not find the original CDs. Of course, we could have gone to the original supplier but usually, if we spend two hours on this, it's cheaper and faster to go and buy a new license. If we order the original CD from the supplier, it takes at least one hour to go through the whole process and two weeks to get the CD. Buying a new license, the customer can walk home with his notebook before night. Now, you tell me if that's fair.

So, you are telling me that Microsoft thinks that just because I bought an upgrade from 98SE to XP, I now can't just install XP? I have to start at 98 again and upgrade if I want to re-install? Oh, all those "upgrades" have gone so well in the past! That's just asinine. Why should they care what media I re-install with? I bought the license; I can now run XP. Who cares about how I install it now? "Pathetic, greedy bastards" is the only thought that comes to mind. No wonder it gets pirated.

One reader shares his thoughts on Microsoft's decision to release .NET 3.5 source code -- without letting developers modify it.

Microsoft, having written the OS, is taking the responsibility to support it. That is the best option for most users. Those who wish to tinker with it (open source) may think they have advantages, but when it goes wrong, is it Microsoft's responsibility to fix it? I think not.

And Ian objects to some of the language in yesterday's column:

To quote: "Microsoft is releasing a whole heap of .NET 3.5 source code. Does this mean you can create your own .NET distribution? Not ****** likely."

Is it really necessary to resort to vulgar language to make a point? Leave that to the gutter press and retain your professional stature.

Got something to add? Let us have it! Leave a comment below or send an e-mail to [email protected].

About the Author

Peter Varhol is the executive editor, reviews of Redmond magazine and has more than 20 years of experience as a software developer, software product manager and technology writer. He has graduate degrees in computer science and mathematics, and has taught both subjects at the university level.


comments powered by Disqus