Microsoft Takes a 'Patch Tuesday' Break

Phill0 submitted a ZD story about Microsoft's week off which says "Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed. The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. "

Zero Day

[Random BedHead Ed]

Yeah, we're all tired this month. Zero-day, shmero day.

Re:

[morgan_greywolf]

Yeah, I mean, screw it. Who cares about security vulnerabilities, viruses and spyware? If we did, none of us would be using Windows, that's for sure... ;)

Re:

[timeOday]

Actually that caught my eye too: "at least five zero-day vulnerabilities are waiting to be fixed." It's the number of unpatched vulnerabilities that matters, not the number that were discovered by black hats before white hats. In any case, I'm not even sure it makes sense to say "this is a 0-day exploit" if it's something that was discovered a month ago (regardless of who discovered it first).

Re:Zero Day

[operagost]

"Zero-day vulnerability" is totally meaningless. Even the proper "zero-day exploit" makes no sense after zero-day. Totally useless garbage speak, just the marketroids and talking heads who make up words like "factoid" because somehow the word "fact" is not descriptive enough.

Re:Zero Day

[wordsnyc]

http://www.word-detective.com/101800.html#factoid [word-detective.com]

Blame it on CNN -- they started the whole ruckus by taking a perfectly good word and twisting it.

"Factoid" is one of those rare words that were undeniably invented by an identifiable individual, in this case Norman Mailer, in his book "Marilyn," published in 1973. The Oxford Dictionary of New Words defines "factoid" thus: "A spurious or questionable fact; especially something that is supposed to be true because it has been reported (and often repeated) in the media, but is actually based on speculation or even fabrication." Norman Mailer himself defined "factoids" as "facts which have no existence before appearing in a magazine or newspaper, creations which are not so much lies as a product to manipulate emotion in the Silent Majority."

Mailer invented the word by combining "fact" with "oid," a scientific suffix meaning "resembling or having the form of, but not identical to." Needless to say, "factoids" in Mailer's sense are the antithesis of serious reporting, and to accuse a journalist of trafficking in "factoids" was a grave insult, at least until CNN came along.

Re:

[jadenyk]

Windows-Securityoid?

Re:

[operagost]

Someone should have told Norman about these words: rumor and lie.

Re:

[DragonWriter]

Someone should have told Norman about these words: rumor and lie.

Norman Mailer was not exactly unskilled in the use of language; a "factoid" might be either a rumor or a lie, but is distinguished from either in the perception of authority and the mechanism by which that perceived authority is attained. The terms overlap, but are usefully distinct.

Re:

[ack154]

Ya... who needs to patch holes in Windows when people might run their own code on a 360! Oh the humanity!

Zero Time

[twitter]

Ah, the sad life of a Windoze admin. So busy testing endless and useless security patches that they never have time to look at anything else. It's almost like M$ planned it that way.

Re:

[DJCacophony]

That's the life of a very bad admin. A good admin doesn't need to do any of that because the patches worked without a hitch.

Yeah, right.

[twitter]

A good admin doesn't need to do any of that because the patches worked without a hitch.

Tell me what a good admin can do to make sure M$ does not break someone else's program. Even if M$ were not malicious, they can't know what other non free companies have done on any given computer and will break things with changes.

A good admin will also keep up with the ever changing tools M$ and others throw out, and this causes even more wasted time. I've seen ambitious young admins spending months of weekends r

Re:

[DJCacophony]

A good admin will also keep up with the ever changing tools M$ and others throw out, and this causes even more wasted time. I've seen ambitious young admins spending months of weekends reading four inch thick books on things like Visual Studio, knowing .NET is just around the two year away corner.

That's like saying that keeping up with the different releases of apache (first 1.x, then 2.x) is a waste of time, so we should all just lag behind in terms of technology. Apache 2 was just the natural evoluti

Re:

[Macthorpe]

This is opposed to the heart-stoppingly exciting life of posting anti-MS FUD on a Linux news site?

I think I'd rather take the 'endless' patching.

Re:

[jb.hl.com]

Ah, the sad life of a Windoze admin. So busy testing endless and useless security patches

Frankly if any large corporation (or "big dumb company" in twitterspeak) didn't test patches before rolling them out onto production machines, patches to anything on any system, then they would be utterly moronic.

Helpful reminder: Linux software has patches and security updates too. Those patches and security updates need to be tested to make sure they don't break anything like any other. It really shows you've never do

Useless and intentional waste.

[twitter]

One of my biggest fans misses the point again:

It really shows you've never done any systems administration or anything, considering you seem to think testing is "useless". Do you seriously think F/OSS is completely perfect and magically heals itself if things go wrong?

The testing, of course, is required. It's the patch that's useless. It should be obvious by now that patching will never fix Windows security problems. The whole exercise is a waste of time and that may be intentional.

There's no magi

Re:

[jb.hl.com]

The testing, of course, is required. It's the patch that's useless. It should be obvious by now that patching will never fix Windows security problems. The whole exercise is a waste of time and that may be intentional.

Patching will never fix *any* security problems in *any* system on desktop use. Most, if not all software, has vulnerabilities of some kind. You can't just dismiss Windows because it has holes in it, when there are holes in open source software as well.

Re:Zero Day

[SilentChris]

You obviously don't work in an enterprise.

These last 2 weeks have been crazy. Monstrous. Patches for Windows, patches for Exchange, patches for Outlook, patches for Java, patches for Oracle, patches for Act, patches for Blackberries, patches for Treos, patches for that weird-ass cell the COO uses and no one else does. Patches to replace patches. Patches to undo the damage other patches have made. I firmly place blame on the software companies for waiting this long to sort things out, but this says it all: http://support.microsoft.com/kb/914387 [microsoft.com] NINETEEN REVISIONS. That's the most for an MS KB article ever.

Yes, there are zero-day vulnerabilities out there. However, considering the potential trainwreck that's going to happen Monday, no admin in their right mind would install new patches on Tuesday. No admin worth their salt would do so anyway: usually you wait a few days for the early adopters to fish out the bugs and MS to release any new versions. You let your security hardware and software (which has barely needed to be patched) deal with any potential problems. That's just smart business sense.

For those of you admining a handful of servers, serving basic stuff like webpages, laughing at the work some people have to do for this, that's great. Enjoy yourselves. For the rest of us with a real workload: hundreds of servers and tens of thousands of desktops, all with software on top of software that may or may not be compatible with each other patchwise, this last few weeks have been a living hell. A couple people getting their Word documents hosed is nothing compared to payroll systems not working, trade systems coughing up blood, etc. I'll hand that responsibility off to Symantec and friends -- I've got more important stuff to worry about.

Re:

[raddan]

No shit. I've put in about 70 hours this week. The Exchange DST tool is the most hacked together piece of shit software I've seen in a long time. I fear what other software is out there that I missed. What little things will break because timestamps are different on the endpoints-- like DNS's rndc and VPN traffic. Too many things to think about.

Congress can kiss my ass after this worthless piece of legislation, which further reinforces my impression that having people who write laws full time and ge

Re:

[SilentChris]

If you haven't been following the mayhem, the original DST patch for Windows XP/2003 came out very late last year. That was coupled with a call to edit the timezone files manually in 2000. Fine.

Then Microsoft released another update in January, replacing the existing. That had to be regression tested and rolled out. Then they released a cumulative update with that and a new fix for a specific timezone (think it was Nova Scotia - can't remember). Fine.

Then, Exchange team came out and said "Guess what, n

Re:

[blincoln]

On top of this, Blackberry and Treos didn't get their patches until late, and you need to do those AFTER the Exchange/Outlook patches.

If you could get the Blackberry patch to work at all, that is.

For whatever reason, RIM thought it would be clever to distribute a "helper" rather than an actual patch. You can push it out from the BES, but all it does is install a little utility on the handhelds which then MUST use internet access to download the real version of the patch that's applicable to that handheld an

Re:

[SilentChris]

Again, to be honest, what is your setup? 5 RedHat systems? 100? 1000? What enterprise-level software were they running? Oracle? SAP? Did you have to deal with user-level issues regarding particular client software?

My responsibility extends to both sides of the fence (servers and desktops) for thousands of machines. The software they use is disparate and spread out across the globe.

I don't mean this as an offense (as we do have RedHat admins in our enterprise), but the majority of Linux machines out

Re:

[SilentChris]

That, I will admit, was the most totally braindead portion of this: Exchange. The multiple system patches I can kind of stomach because various government organizations were sorting this out to the last minute. But to have Exchange use its own time setup, in addition to Outlook modifying that setup for its own purposes, was especially stupid. I hope this got the Exchange team to wake up and realize how awful their design was.

Re:

[Master of Transhuman]

You gotta love this!

"For those customers still running products like Windows 2000, Exchange 2000 or the earlier Exchange 5.5, are no longer in Microsoft mainstream support and are thus not covered under standard support agreements, the situation is even more dire, as it will cost them $4,000 for all the DST updates."

Any time Bill can scratch some more money out his suckers^m^m^m^m^m^m^mcustomers, he'll do it - especially if it motivates them to UPGRADE to his EVEN MORE EXPENSIVE NEW POS...

Re:

[SilentChris]

Because this is the calm between storms. We've done all we can from a patch standpoint. Sunday is the change, Monday is the test. Considering MS's official recommendation in calls with them was "Have your users write down their appointment times in the subject line", no matter what we do things will be a crapshoot. We've thrown the shit. Now we need to see what sticks to the fan.

Re:

[Master of Transhuman]

Gee, I wonder if this will screw up all those Microsoft shills who like to quote "studies" (from guys like Rob Enderle) that "prove" Microsoft is "faster" than OSS in fixing security holes...

Nah. They'll just fall back on the idea that OSS has MORE security holes - because a Linux distro comes with 2,000 packages instead of nothing like Windows.

You notice they never add in the Symantec security holes to the Windows total when they're discussing how security holes are to be counted. But they'll add in the SS

"Patch Tuesday" Break?

[instantkamera]

So they were allowed an extension to their "Avoid Releasing Decent Software" Decade vacation?

Re:

[SmurfButcher Bob]

No! In fact they're using this time to work on a product that TRULY does NOT suck.

Unfortunately, I think it's a vacuum cleaner.

Re:

[Master of Transhuman]

They HAVE a vacuum cleaner.

It's called Bill Gates.

It vacuums money out of people's pockets.

A positive note!

[FredDC]

At least they can't break anything new this week!

Re:

[gEvil (beta)]

Don't be so positive yet. We've still got the DST thing coming up on Sunday morning... (if you're in the US)

Re:

[FredDC]

I'm not ;-)

DST

[Chicken04GTO]

Stupid congress and their DST. How much energy do they think we will save by moving up DST 3 weeks? How much economic loss will be caused by companies all over the place busting their ass trying to get all kinds of systems pathced and working right...?

Idiot congresspeople.

What about when they realize it was stupid?

[PornMaster]

Are we going to have to re-patch everything in a year or two when they change it back?

On the good side, we found out what doesn't come back up automatically after a reboot on the Sun systems that needed the libc patch, too.

Re:What about when they realize it was stupid?

[Ctrl-Z]

If people were smart about it, they would have implemented the change to be adjustable so we wouldn't have to re-patch everything. How likely is that though?

Re:

[jZnat]

Seems like everyone but Microsoft were on the ball in that regards. Ever heard of the timezone files?

Re:

[Anonymous Coward]

How much energy do they think we will save by moving up DST 3 weeks?

Simple answer: 100,000 barrels of oil daily. [foxnews.com]

How much economic loss will be caused by companies all over the place busting their ass trying to get all kinds of systems pathced (sic) and working right...?

It's already law. If you don't like it, too bad.

Idiot congresspeople.

Harsh truth: you're no match for lobbyists.

Re:

[Chicken04GTO]

The question was rhetorical. Instead of mucking with the time zone and such, there are other far more sensible ways to save energy.

Too bad? So that means I am not allowed to complain about it? Do my complaint insults Prince Dubya?

No match for lobbyists? Really? Thanks for keeping me enlightened. Go back to bed Mr. cranky pants.

Re:

[DJCacophony]

I know you love to play the victim, but that was pretty weak. The question was rhetorical. Instead of mucking with the time zone and such, there are other far more sensible ways to save energy. To coin a phrase, two rights don't make a wrong. Just because there are alternatives doesn't mean that this isn't good. Too bad? So that means I am not allowed to complain about it? Do my complaint insults Prince Dubya?
Straw man argument. No match for lobbyists? Really? Thanks for keeping me enlightened. Go bac

Re:

[maxume]

It is a glorious tradition. I can't think of any other reason to do it. The change also allows congress to follow another glorious tradition, doing stuff that they can say they did.

Seems about par for the course when you throw in a bit of democracy though.

Re:

[Smurfeur]

On the other hand, not adaptable == badly designed system.

Re:

[Billosaur]

How much energy do they think we will save by moving up DST 3 weeks?

It has nothing to do with saving energy. It's about Congress and the Administration wanting to look like they're doing something about our dependence on foreign oil. There's very little energy savings to be had: these new weeks come in the heart of winter, where a few extra hours of daylight in the evening won't matter because who's going outside when it freezing, and more importantly, people will still have to be heating their homes and offices regardless. And since it will be darker in the morning, when

Re:DST

[The_Wilschon]

In a significant and large portion of the country, March is the heart of spring. I saw people studying out under trees yesterday because the weather was beautiful. It is 64F right now. I turned on my air conditioning briefly because my apartment got uncomfortably hot yesterday.

If you don't live in Maine, this makes a heck of a lot more of a difference than you apparently realize. (Yes, restricting to only Maine is an exaggeration, too. Deal with it. You know what I mean by it anyway.)

Re:

[The_Wilschon]

That was in Waco, TX. Niiiice and warm most of the year. The summer is a bit unbearable (to most people... not me), but I actually quite like it. And yet I'm moving to Ohio for grad school in June. I'm going to freeze my $BODY_PART off.

Re:

[Espectr0]

where a few extra hours of daylight in the evening won't matter

You don't get "few extra hours of daylight". It's the same day. You don't get an extra hour of sleep. You don't get anything. You simply do everything one hour earlier.

Re:

[will_die]

Bingo.
This originally came from the global warming crowd, and according to them would be one of the easiest to implement and would produce measurable results.
Just image what will happen if they are listened to for other things and we implement things like forbidding air travel for vacations .

Why not just fudge the timezones permanently?

[Kadin2048]

I've never really understood why they didn't just make DST permanent. In other words, get rid of the whole spring-forward/fall-back business, and just move the time zones in the U.S. up an hour, if that would give us more daylight in the evenings, when apparently we want it.

It's all just a psychological game, anyway; the actual amount of daylight obviously never changes, it's just that people really hate having to get up before their clock says they should, and thus it's necessary to fudge the clocks so tha

Re:

[gstoddart]

It's all just a psychological game, anyway; the actual amount of daylight obviously never changes

Ummm ..... no actually, the amount of daylight changes continuously throughout the year. From the winter solstice until the summer solstice, the days keep getting longer. From the summer solstice to the winter solstice, they get shorter. The vernal and autumnal equinoxes are the midpoints of that transition. The time of sunrise and sunset change throughout this whole cycle, by quite a range

DST is designed to

Re:

[Kadin2048]

I'm aware of that -- I should have been more clear. I was stating something more obvious: the day doesn't actually get magically "longer" as a result of Daylight Savings Time. There's still the same number of minutes of daylight on a particular day in the year, regardless of whether you bump the clocks backwards or forwards an hour. It's all just a mind game to get people up earlier, and thus let them make use of more daylight, so that the day seems longer. But the day is the same length whether you're awak

Re:

[gstoddart]

However, what I'm not clear on, is whether the daylight actually shifts earlier and later in the day, in addition to becoming longer and shorter (i.e., does the "median daylight time" or 'middle of the day' actually move, or does it grow shorter and longer at both ends equally?)

The following isn't very definitive, it was the first thing I could find on a quick google search:
link [halesowenweather.co.uk].

AFAIK, it does vary quite a bit by the season. If you look here [stardate.org] you can do some of the calculations. At my location, there seems

Re:

[zippthorne]

Yes, but it's symmetric about noon. However minutes "late" sunrise is, sunset will be "early." OP was questioning whether there might actually be times/places where the whole windows was actually shifted.

Re:

[gstoddart]

Yes, but it's symmetric about noon. However minutes "late" sunrise is, sunset will be "early." OP was questioning whether there might actually be times/places where the whole windows was actually shifted.

Oh, I know what he's asking -- I'm just not qualified to answer it. =)

The stuff I provided makes me think that it's not symmetric about noon. I would think it would vary by lattitude to an extent -- that's why the North ends up all dark for winter, and then all light in the summer. But, I guess that too

Re:

[gstoddart]

Get up earlier.

You're doing it anyway, it's just masked by the fact that we swap time zones for half a year.

Yeah, but we're all doing it at the same time. So, I still show upfor work at 9am like always, it's just that less daylight has burned off before I start my day, and there's more left of it after I go home. I'll accept that as a trade-off.

It's a stupid, horrible solution to a minor problem.

*shrug* I guess I've never had a problem with DST, so I just don't see why the big hate on for it.

If you would

Re:Why not just fudge the timezones permanently?

[mandelbr0t]

I don't get why we don't just push all the U.S. time zones forward an hour and leave them there, and get rid of this fall/spring switching.

Because you share them with Canada, and we really need the spring-forward/fall-back. If we stuck with summer time, the sun would set at 3:30pm in mid-winter. If we stuck with winter time, the sun would rise at 4:30am in mid-summer. Either way, I'm glad the clock changes back and forth. That being said, I don't think there's anything to be gained by moving only 3 weeks, except to put some money in IT consultants' pockets.

Re:

[MarkRose]

No, it makes no sense in Canada, because the length of the day is so variable. In the middle winter, where I live, the sun rises approximately 9 am MST and falls about 4:30 pm (the offset is because I live on the western edge of Mountain time). In the middle of summer, the sun is up from about 2:30 am to 11:00 pm, MDT, with twilight adding another two hours of light to those figures. Dayling Saving Time makes sense for approximately two months of the year, if you're a late riser: April and September. Other

Re:

[Red Flayer]

It's all just a psychological game, anyway; the actual amount of daylight obviously never changes, it's just that people really hate having to get up before their clock says they should, and thus it's necessary to fudge the clocks so that people get up earlier, and don't waste daylight and end up having it dark in their (clock-proscribed) "evening."

So it's a psychological game... it's one that pays off both mental health and in energy consumption. Double plus good.

Here [webexhibits.org]'s a ton of info on DST, including r

Re:

[Joe5678]

It's not permanent because that would cause too much darkness through much of the year. The foxnews article somebody else linked to explained how they actually tried this in the 70's and fatalities among school children went up because they were waiting for the bus in the dark.

What they should do is eliminate DST, and instead implement a Daylight Hours portion of the year where Government agencies (including schools) are required to adjust their operating hours to start and finish an hour earlier. Then en

Re:

[drinkypoo]

DST is actually horribly harmful. One of the stated reasons for it was to provide more light for agricultural workers, but that's a bunch of bullshit. Neither crops nor livestock give a shit what time it is. They care when the dawn comes. So it screws up the farmer's dealings with the rest of the world. When we switch to/from DST, automobile accidents increase, IIRC by 16%, for about a two week period. But anyway, don't take my word for it [72.14.253.104]...

Re:

[drinkypoo]

Because I don't like to provide PDF links, opting for the HTML version instead, and my feeling is that people on slashdot are smart enough to extract the original URL from the link, or they can go take a flying leap, because anyone not that smart on slashdot is beneath my notice anyway. This is, after all, supposed to be news for nerds.

Re:

[YoungHack]

Money is neither lost nor created. It only changes form and location.

Re:DST (it's about the money)

[wasabikev]

It's not about energy, regrdless of the name of the bill it was in, it's about money- more specfically, commerce. Not as many people go shopping when it's dark out. That downtown just isn't as much fun to walk around when it's dark out. Conversely, when it's still light out (after work) people are more likely to go out and... that's right, spend money shopping. Bean counters figured out that the economy will generate [x] more dollars a year with an extra hour of daylight. That's tax revenue folks.... th

Re:

[tres]

Daylight Savings Time change is direct result of tourist lobbies on the 101st (Republican controlled) congress.

Just another short-sighted, profit-driven change made without taking into account the costs.

There is no loss...

[chill]

What Company A spends in costs to upgrade systems for DST, Company B receives. It isn't a loss, it is an economic stimulant.

As a contractor, I've been working extra hours upgrading telecom switching systems and while it is a pain-in-the-ass, I'm happy to have the extra work. Extra work is extra money.

So far, every upgrade I've done includes more than just DST patches. Like the whole Y2K bit, companies are using this as an opportunity to squeeze out more funding for upgrades.

Sorry buddy, it is a loss

[alexhmit01]

You're illustrating the broken window fallacy [wikipedia.org], which assumes that since money for repairs is spent somewhere, it isn't lost and is entirely stimulative.

The problem with that is that the opportunity cost of not having that money elsewhere. Of course money never vanishes, it recirculates. If the $1 spent on Y2K7 compliance isn't spent there, it is spent elsewere to earn a return, or as profits to be retained and reinvested or given to shareholders as dividends. All involved would no doubt prefer to spent t

Re:

[chill]

Correct, for the most part.

You neglected the last sentence I wrote where I said that so far, the DST "repairs" were more than just repairs. Like Y2K, people were using this as an opportunity to upgrade as well.

Sort of like taking that broken window and replacing it with a two-pane, double-glazed, double-hung window. Besides fixing the break, you've improved efficiency, insulation and increased longevity.

No, it isn't a 100% recovery, but it is better than just the fix.

Still, a nice link. Thanks. I need t

Re:

[Anonymous Coward]

http://support.microsoft.com/kb/914387 [microsoft.com]

Doesn't look very hard coded to me...

Doesn't do a damn thing for TZ env var usage.

[Anonymous Coward]

This still doesn't help out the problems with the TZ environment variable usage under countless apps written in MS Visual C, Visual C++, .NET Studio, etc, where timezone logic has been hard-coded into all those MSVCRT.DLL and MSVC*.DLL files. Microsoft's usage of the TZ environment variable, depending on who you ask, might or might not obey the POSIX standard syntax for modifying the start and stop dates for DST encoded into the TZ variable's string (e.g. TZ=EST6EDT,M3.2.0,M11.1.0). I cannot find any offici

Re:

[Macthorpe]

(wierd capcha today, is there supposed to be a space between "frag" and "rant"?)

No, there isn't. [reference.com]

Re:DST

[sconeu]

The economic loss is grossly exagerated like the w2k bug that NEVER hAPENNED

Which Windows 2000 bug was that?

Oh, you meant Y2K? Yeah, it "never happened" because thousands of dedicated professionals worked for years to fix and upgrade old systems.

I tried to read it...

[TheThiefMaster]

I clicked on the no new security updates planned [com.com] link and I got this, which doesn't actually say anything at all:

Microsoft Security Bulletin Advance Notification
Updated: February 13, 2007
Security Bulletin Advance Notification

The next security bulletin advance notification is scheduled for March 8, 2007, and will outline information for the March 13, 2007 security bulletin release.

Re:

[Aqua_boy17]

Go to the source. Microsoft has a link here [microsoft.com]Bottom line is there are some SUS and WSUS updates, but no critical IE or OS component updates this month.

Re:

[TheThiefMaster]

It's ok, the original link works now. Oddly it seems Microsoft hadn't updated that page for the public yet (it now says "Updated: March 8, 2007").

maybe

[mastershake_phd]

Maybe nothing needs patching!? Ya, that must be it.

Occam's Razor

[Necrotica]

"Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed. The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. "

Maybe it's because they don't have any patches to release?

Re:

[thetroll123]

Don't be absurd. The simple explanation is that it's another evil Microsoft conspiracy to take over the world. How can you not see that?

DST fiasco

[Vexler]

They had since August 2005 to address this, but the software patch only came out in early February of 2007. Then, they had the gall to change the instructions no less than four times while I was preparing to upgrade (KB930879 was updated three times while I was reading it two Thursdays ago), along with a new version of the upgrade tool that were substantially different from what the instructions said. Even the consulting firm we hired only got it to work this past Sunday night.

Microsoft blew it, folks. This is not to say that OSS does it much better, although Red Hat and FreeBSD (two other OSs we use) nailed the patch months ago. But when you are a $50B company and could only produce the detritus that is the DST patch, there is no excuse for it.

Re:

[sharkey]

And had the gall to charge US $4000 per product for it as well.

Re:

[Robber Baron]

No shit they blew it! $4000 for a patch?!? Oh I will be upgrading my Exchange 2000 boxen soon, just not to anything Micro$oft! When Leopard comes out, XServers [apple.com] are going to be pretty high on the list of candidates!

Putting the screws to us with client licensing? Strike one...
Windows Vista? Strike two...
$4 grand for a patch?!? Strike three...you're outta there.

Re:

[sharkey]

So, Microsoft charged you a different price than they have listed? [microsoft.com]

Re:

[UnknowingFool]

I think the DST change shows one of the problems of MS. Microsoft these days has spread itself very thin. They are too busy focusing on Vista. And Office. And competing with Google. And Apple. And the problems with the EU. And lawsuits.

Re:

[Vexler]

Yes, I would agree that they are spreading themselves too thin. But two of the things you mentioned can only be blamed on Microsoft itself: The EU situation and the lawsuits. Those are not "market forces" like Apple or Google that Microsoft can say, "Well, they are our direct competitors and we have no choice but to deal with them and protect our market share." Getting sued because they are an aggressive and ruthless monopoly is solely their fault.

Re:

[UnknowingFool]

Well, competing with Apple and Google is really their fault because in they way the chose to compete. They chose to enter into new markets that Apple and Google have. Apple has always competed with MS on OS. Apple on their own decided to get into the MP3 player industry. Now MS wants a piece of that and thus MSN Music and now the Zune were born. Google and MSN have always sort of competed on search. But MS looks like they are trying to do everything that Google is doing on the internet.

These moves ar

Re:

[LordPixie]

This is not to say that OSS does it much better, although Red Hat and FreeBSD (two other OSs we use) nailed the patch months ago.

Actually, the Java that RedHat uses is based on gnu libraries that have their own tracking of DST. And the patch for that came out....Monday. Yes, this last Monday. Six days before the changeover.

Watchguard released a patch for their firewall product *yesterday*. And I see Sun just posted a big red warning on their Java Update page *today* warning about how it breaks back

Re:

[kiwimate]

No, really not, actually. I agree 100%, and I work with Microsoft products for a living and will often defend them against the more egregious slurs posted on Slashdot.

But in this case they've blown it. We called them a year ago to ask them about their plans for the change to DST and they asked "what change?". They only really started to come out with patches a couple of months ago.

CRM? Don't get me started...they kept on finding new components to be patched, server and client, said they'd release the patche

MS will be busy applying DST to their own servers

[Anonymous Coward]

which is probably the real reason for no patches this Tuesday..........

Perhaps they need a good lawyer like the ones at http://www.bozolawyers.com/ [bozolawyers.com]

Jedi Mind Trick

[RancidMilk]

Microsoft: "These are not the flaws you are looking for"
Customer: "These are not the flaws I was looking for"
Microsoft: "Go home and rethink your life"
Customer: "I will go home and rethink my operating system decision"
Microsoft: "What??? No! Your Life! Rethink your Life!"
Customer: "Rethink my li.... nux. I need Linux."

patch slaves' machines must be locked up

[swschrad]

yeah, that's it, they all switched to vista and their computers won't access the MS codebase any more.

thank you, glad to have cleared that up.

DST

[pe1chl]

Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year.

As a European, what mostly occupies me is deleting all those "field notices" that Cisco mails me about the DST issue. It looks like they send a separate mail for every product they sell and have ever sold, telling me that it needs to be patched. Not all on a single day or all in a single mail, but spread over a month time.
And the profiles that you can defi

Re:

[will_die]

Living in Europe or anywhere else in the world it does effect you; if your users do business with Americans(Canada also switched). If you do business with US or Canada then it is likely they have meetings or phone calls scheduled with them in which case if you don't update the systems and then update the scheduler then they will be off.

I don't understand this

[lbschenkel]

I really don't understand this. All software should support arbitrary dates for DST start and end.

I am from Brazil and here we don't have fixed dates for DST. The stupid government change them every year. But at least every single piece of software produced here supports changing the DST period. You shouldn't have to patch anything but just change some configuration file (ok, changing the configuration file is still patching, but you got my point). How hard is this?

And probably most of those new patches *st

So let me understand...

[TBone]

Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year.

Windows admins can't install patches next tuesday, because they're too busy installing patches which have to be done by this Saturday to be of any use.

What, are they going to go on a 4-day bender after the DST upgrades?

Re:

[petermgreen]

What, are they going to go on a 4-day bender after the DST upgrades?
no they will be cleaning up after all the breakage and fixing things that are still using the old rules and therefore causing problems.

Re:

[lostwars]

Linux has to to be patched as well for DST.

Re:

[Tony Hoyle]

For linux it's one file and that can be automated.

For Windows it seems that half the software needs to be patched, plus the OS (reboot required of course).

I mean... Exchange? Oracle? You'd think the authors of software like that would have a frikkin clue. Harcoding DST routines into user applications? WTF??

Re:

[bberens]

That will only updated your system clock. It will not fix any date calculations in software (now - 1500). The time will be wrong. That's what all the patches are about. Updating your system clock is easy, it's making sure the time calculations show the appropriate time is what everyone is worried about.

Re:

[KiloByte]

Enable ntpd. I don't know if ms windows has a similar capability, but I'm bet there are at least utilities.

And how exactly is this going to help? NTP tells your machine the current GMT time, not your local one -- in fact, it has no real way of knowing where you are. It's up to your local machine to know the time-zone offset, and the DST change changed exactly this.

Re:

[operagost]

You don't know how ntpd works. It uses differentials from UTC. How is it going to know to adjust your clock if your time zone is still standard time? FYI: Windows has had integrated NTP since Windows 2000.

Re:

[cortana]

Only SNTP I'm afraid, which is much less accurate. Accoring to wikipedia, Windows 2003 SP1 finally implements NTP, eleven years after the NTPv3 RFC was published.

Re:

[jacksonj04]

Testing, testing, testing, testing and more testing.

Re:

[99BottlesOfBeerInMyF]

How can they be zero day if they are publicly known?

Zero day vulnerabilities not only can be known, they have to known. The term refers to a vulnerability that is known by blackhats and/or the public before a patch is available. A 3-day vulnerability would be a vulnerability that became common knowledge three days after a patch that fixed that vulnerability was released (probably discovered by reverse engineering that patch). The term, however, is more commonly applied to exploits, instead of vulnerabilities. A zero day exploit is an exploit that was "in t