Microsoft Finally To Patch 17-Year-Old Bug

eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."

oldest bug evar... and other leet speechisms

[perlchild]

Is this a record(for a bug that's "known about" anyways?

Re:oldest bug evar... and other leet speechisms

[Ralish]

Not even close: The 25-Year-Old BSD Bug [slashdot.org].

Re:oldest bug evar... and other leet speechisms

[Anonymous Coward]

No wonder BSD is dying.

Re:

[jabbathewocket]

Reading the summary, nevermind the article would have kept both of you and the poster above you from posting sillyness.. The bug exists in a bit of 17 year old code, but was discovered last month... so not even remotely "old"

Re:

[SpaceLifeForm]

The BSD bug referred to was latent for 25 years.

Last I checked, 25 is greater than 17.

Neither is good, but the latter is criminal.

Re:oldest bug evar... and other leet speechisms

[nicknamenotavailable]

Is this a record(for a bug that's "known about" anyways?

A while ago OpenBSD developer found a 33 year old bug [slashdot.org].
It depends on your definition of "known about" I guess.

Re:

[jabbathewocket]

since this bug was "discovered" in january its only chance at being a record would be the rapid turnaround in getting it patched..

By that I mean, rapid turnaround on Microsoft scale from disclosure in January, through to early Feb patching..

Re:

[eparker05]

I don't know if this counts... but the year 2038 problem is coming up in another 28 years. Something tells me that the public will be less riled up about this one. I don't foresee a rise in cult membership or survivalist magazine sales.

Re:

[Anonymous Coward]

Is this a record(for a bug that's "known about" anyways?

No; the oldest known bug is the ol' missing closing parenthesis.

Nothing quite like a "timely" response

[msobkow]

How in the world can a bug exist for 17 years when they've released so many versions of Windows in that time? Hasn't the kernel been revamped three times? (Win98/ME, WinNT/Win2K/WinXP, Vista/7)

Re:Nothing quite like a "timely" response

[chill]

Backwards compatibility FTW! The one thing that if Microsoft broke, they'd have a serious OS horserace on their hands. Then anyone would be free to simply choose OS X, Linux or anything else just on merits and not "it runs all my old software".

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Nothing quite like a "timely" response

[Nutria]

Imagine if you paid $400 for Photoshop for Linux, but next year it was worthless because the latest kernel wouldn't run it? Wouldn't be very happy then, would you?

You're right: I'd be sorely peeved.

However, Linux strives for userland consistency, so any problems with old programs (like WordPerfect 8) not running are to be blamed on incompatible (glibc, for example) or non-existent (GNOME 1.4, Gtk 1.3) libraries. Gtk2, GNOME2 and glibc6 (is that a Debianism?) have been out long enough, though, that there aren't too many issues like that anymore.

Not that any non-geek would care about the real reason, so "blame it on Linux" is good enough!

Re:

[dryeo]

Wordperfect 8 (the tar.gz commercial version) runs fine after installing libc5.deb and xlib5.deb or something close to that. Even Wordperfect8.deb will install though a lot of stuff will get uninstalled. This can probably be fixed by removing the xlibg5.deb dependency.

Re:Nothing quite like a "timely" response

[camcorder]

If a photo manipulation program has something broken with a new version of kernel, that means developers should be unhappy since they are doing something very wrong at the beginning.

Re:

[Pharmboy]

Linux doesn't have to worry about backwards compatibility because users are paying $0 for their software.

Not exactly true. I have paid for a great deal of software designed to specifically run on Linux. AVG's coroporate anti-virus server runs on Linux, tons of CRM and database applications run on Linux, even a lot of Perl based management suites for webhosting aren't free. And worth every penny from my experience. So far, compatibility hasn't been an issue when I upgrade for most, although many require

Re:Nothing quite like a "timely" response

[SEE]

Um, no. The bug was introduced in Windows NT 3.1, and has remained in the NT line ever since. Windows 7 is very much still built on the NT codebase.

Re:Nothing quite like a "timely" response

[Brain_Recall]

And just to clarify, this bug was only discovered (at least by someone willing to disclose it) in January 2010. At least Microsoft didn't brush it under the rug for 17 years, I hope...

Re:Nothing quite like a "timely" response

[symbolset]

I've known about this bug for many years - it's one of a few that date back to my college days when I had a scholarly interest in such things. Back then I used to haunt the dark corners of the Internet where these things were good for a laugh. Now they're good for a quarter million dollars because GO's haunt the dark corners now and they pay good money, and only now are ones like this coming out in common knowledge. You may be sure that if you're a high value target you've been exploited this whole time and that's why your competitors mysteriously beat you to market, or how knockoffs appeared more suddenly after your innovation than reverse engineering would allow.

What's absurd is that there are hundreds more just in the core OS. Go to apps and WMP doesn't have a streaming format that doesn't have pwnership, and let's not even talk about IE. Then there's all the forgotten formats and services, each with its vestigal exploits that still work. And then there's Office. Good Lord, as if providing multiple Turing machine capable development environments were not enough, every app includes embeds for hundreds of formats that can hose any machine that opens a document, and for each of those there's a Microsoft-only undocumented interface that's truly trusted to be exploited, because that's how they roll. And one of those apps is an email client - think about that for a bit.

Each fix only adds to the problem. Even if the patch doesn't add new exploits (most do) most people don't patch, and half of the few who do patch slowly to avoid incompatibilities. In the meantime the patch gives clues to the amateurs on which features to exploit. For 90% of systems you only need to pwn it once and leave some obvious malware and the idiot running it will clean it and think it's all good. So the smart black hat builds a database of servers running Windows he can get at from his previously Pwned boxes (yes, some of them are probably inside your firewall and most but not all of them are clients) and crafts a package to pwn the rest of your network and if necessary leave some cleanable traces. The truly nefarious black hats exploit the patching system itself - of course it has exploits and hidden hooks too.

Each rewrite leads to new problems. In 2008 how the hell do you write a server OS that hangs on a bad packet on the file sharing service [microsoft.com]? That's not what Bill promised us in 2002 [cnet.com]. In six years they couldn't even get that right? That's your clue that they're not even trying or at least they're not able. At the very least they're struggling just to copy a file [technet.com] as if that were a new requirement.

You would think with the billions they have to throw away on XBox and Pink, from Bing to Zune, Microsoft could afford to hire a few Pakistani code geeks to haunt the dark corners and report what they find written on the wall there. They're getting rid of their profits but they're not doing it well. You would think code security audits would extend to the historical catalog of code, but no... that group has enough to do just vetting this month's patches, let alone the output of the dev teams. I imagine the rest of them are building Bing interfaces into Yahoo's services as if they had a hope in hell of getting us to use Bing. For sure they're not throwing a ton of quality code geeks into saving their butt on WiMo 7. Fixing bugs widely known in the Underground that consumers like you don't know about? That's a 0 priority task.

Windows shops: not only are we laughing at you - we always have and we always will. You poor bastards.

Somebody doesn't want you to read the parent

[symbolset]

Can they mod it to oblivion before I burn up all my Karma? We shall see.

Re:Nothing quite like a "timely" response

[snowgirl]

You're missing the key difference here. Microsoft is making money hand over fist, like mad, and were doing so before security was as important as it is now. It's not so important that they ensure security in their products as ensure that clients believe that security is taken seriously.

Re:

[Kaboom13]

Exploit code or it didn't happen.

Re:

[glitch23]

The bug was found in a utility anyway, not the kernel, so even if XP hadn't carried the torch of the previous NT kernel and had been revamped instead, the bug would still be in XP and other recent version of Windows.

Re:Nothing quite like a "timely" response

[symbolset]

Windows 7 is very much still built on the NT codebase.

You lie! Longhorn (Vista, Server 2008) was built from the ground up [microsoft.com]. Microsoft told me so!

They wouldn't lie to me. <sniff>

Re:

[neovoxx]

If this bug was in NT 3.1, I wonder if it's also in OS/2?

Re:

[wizardforce]

This has to my knowledge, nothing to do with the kernel. It's a bug in a program used to run older applications. It was only found to be a problem very recently. Until now there was no real understanding that the bug existed and thus no reason to change that part of the OSes.

Re:Nothing quite like a "timely" response

[supersat]

Windows 7 is Windows NT 6.1 [wikipedia.org]. NT has been in development for over 20 years.

Re:

[Equuleus42]

I always hated how the Windows 2000 startup screen [winsupersite.com] said "Built on NT Technology", because "NT" itself stood for "New Technology". I guess it's just another case of RAS syndrome.

Re:Nothing quite like a "timely" response

[noisyinstrument]

If I had got a dollar for every time I had to correct someone for RAS syndrome style mistakes I'd never have to visit an ATM machine again.

Idiots!

Re:

[Pharmboy]

Then you wouldn't need to remember your PIN number

It's the price of a cheese pizza and a large soda...

Re:

[Anonymous Coward]

http://www.winsupersite.com/reviews/winserver2k3_gold1.asp [winsupersite.com]

You mean the N-Ten the Intel i860 emulator. Funny how people listen to marketing and treat the meaning of something can change :)

Re:Nothing quite like a "timely" response

[Equuleus42]

I never listened to their marketing. I was quoting Microsoft's own Windows history webpage [microsoft.com].

Re:

[gparent]

It's actually 7.0. The 6.1 was a technical decision to keep compatibility with broken applications.

Re:

[Anonymous Coward]

no.. that was just the excuse they gave. the real reason is that 7 isn't much of a code change from vista.

Re:

[Antique Geekmeister]

Oh, my. I did a bit of work, last year, on an ancient project shared project that turned out to still be in use. (Small project, very stable code, old client.) There was a bug in handling mixed case filenames, and another one for handling files with spaces or punctuation in them: I'd never noticed, because when I wrote it it was all UNIX and no one _did_ that. But now some of the files were being generated by Samba clients on Windows boxes, who wrote files like "March 3rd Data.txt". So I fixed the bug, whic

Re:

[ildon]

The article is a little misleading. The bug started in NT 3.1, not DOS or Windows 3.1.

Re:

[siride]

You have no idea what you are talking about. Read the other comments for the details. This is a bug in the ntvdm subsystem which was a newly (at the time) written system for running 16-bit apps on 32-bit Windows.

Re:Nothing quite like a "timely" response

[bheer]

> Windows 3.1 - 7 are often based on the same code set.

You, sir, do not have the vaguest idea of what you are talking about.

> to get into windows 3.1 you need to type in "win" at the DOS window.

I thought for a moment you meant Windows *NT* 3.1 - 7, but ... it's clear that you didn't mean that.

FWIW, this bug affects all NT OSes right back to NT 3.1 (the first released version) and is an obscure kernel bug (it was only found in January 2010!). The BBC article was light on details except to say it "involves a utility that allows newer versions of Windows to run very old programs", but there's more detail from the always-excellent full-disclosure mailing list [neohapsis.com].

Re:

[bheer]

Er, from a better read of full-disclosure, I see it was reported in June 2009, not Jan 2010 as I stated earlier. Still, that's a long time for a bug to have gone un-noticed.

Re:

[drinkypoo]

Are you sure there's no code remaining from Windows (not NT) 3.1? There's backwards compatiblity for things that ran on it. Why reinvent the wheel badly when you have a bad wheel on hand?

Patch Tuesday ahead.

[LostCluster]

This is a rather odd story to drop into the Slashdot cycle on a Friday Night (East Coast USA), it's basically just a warning that the typical Patch Tuesday (Second Tuesday of every month) is next week and the typical 0-day bugs that will be fixed which leads to the "bad guys" finding out what the bug was and deploying their attacks in the next few days.

This really is a notice to the IT guys and people who don't have automatic update downloads installed... nothing newsworthy or out of the normal cycle of thi

Re:

[__aaclcg7560]

The /. editors are making up for having too many Apple stories since the introduction of the iPad. Now resuming normal "[Microsoft] Evil Empire Bashing" programming. Enjoy!

Not discovered in January

[WD]

Tavis disclosed the ntvdm vulnerability in January, however it was reported to Microsoft on June 12, 2009.
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html [grok.org.uk]

Re:

[drinkypoo]

Which still doesnt make it 17 years, like most of these comments assume in their madman ravings...

The time the vulnerability was reported has zero bearing on how long the bug has existed.

What is a "BFF"?

[John Hasler]

Best F'ing Friend?

Re:

[biryokumaru]

IDK, my BFF Jill?

Re:

[CannonballHead]

"Best Friend[s] Forever"

Re:

[Haymaker]

I'm sorry but your butt chins are getting out of control.

Cicada bug?

[nicknamenotavailable]

Let's call it the Cicada [wikipedia.org] bug.

A Cicada has a life-cycle of 17 years.
Now Microsoft is about to squash it.

Re:

[biryokumaru]

If I squash the Cicada in my computer, will it finally stop making that clicking noise whenever it's working hard?

Re:

[Angst Badger]

Don't worry. Some of the bugs created by Microsoft this year will be around in 17 years, too.

"Finally"?

[holygoat]

Isn't it a little disingenuous to say "finally" when the bug was discovered last month?

That it was introduced 17 years ago doesn't mean that Microsoft has been tardy about fixing it...

Re:"Finally"?

[Nimey]

It was reported to MS in the middle of last year, and the bug's discoverer made it public last month after Microsoft still hadn't fixed it.

bff

[thehostiles]

Just pointing out that "Microsoft's BFF, Google" deserves a placement in internet culture

This is great news!

[martin-boundary]

This is excellent news for Digital Research! With these latest patches, DR-DOS can finally run the latest version of Windows without any spurious error messages. This is a great day!

Re:This is great news!

[Obstin8]

Sorry man, you're posting a comment that just proves you're way too old to be commenting on /.

First, most of the current batch of MCSEs (is that acronym still allowed?) will be replying to you asking for the 800 number for Dr. Dos. I suggest you send them to the Dr. Who site.

Second, your reference to an obscure company called Digital Research will confuse the weenies. DRI.COM now resolves to a site for Colburn's Travels. It appears Mr. Colburn has achieved more mileage from the site than DRI ever did. Check the stats.

Lastly, you're really confusing people with the whole concept of a 'spurious' error. Microsoft has - through the determined, repetitive, and consistent application of "innovation" - eliminated all spurious errors from the code-base. All errors are now completely intentional, rational and self-explanatory. Click here for more information. :)

Average Wait For Bug Fixes

[Greyfox]

That's really going to screw up their average response time numbers...

yummy

[Jesus IS the Devil]

BFF, how cute...

Old code coming to bite you in the ass.

[cyberzephyr]

That 16 bit shit will come and get you if you don't pay attention.

So then this means...

[RevWaldo]

that sci-fi yarn where the mad programmer unleashes a bit of code that squirrels around the net for fifty or a hundred years, unnoticed by anyone, and when the programmer dies it unleashes the programmer's hate and fury upon the world, and no one is able to stop it even though computer's are a million times more complex and powerful than when the program was originally written? That could work?

Awesome.

I Figured the16 Year Olds Would be More Important

[LifesABeach]

Windows Bugs get younger every year [darkreading.com]

Re:Windows NT

[supersat]

It's not a bug in DOS, but a bug in the NT virtual 8086 machine monitor [seclists.org]. Since hardly anyone still runs DOS applications, it's not surprising that it took so long for the bug to be discovered. It's a feature that's not often thought about.

Re:

[mysidia]

Yes... the only question is... Why didn't Microsoft disable running DOS apps by default?

Since hardly anyone does it, and the facility is only provided for backwards compatibility, it ought to require explicit manual admin action to enable.

Given the security risk exposure of having such a rarely-used feature exposed as part of the potential attack surface.

Re:

[Belial6]

Or MS could do what they should have done with XP and just included DOS as an OS image running inside of a PC emulator.

Re:

[slimjim8094]

That's what the NTVDM *is*. It's effectively a virtual machine, though it's closer to a virtualizer than a simulator (more like VirtualBox than Bochs)

Re:

[Nimey]

My understanding is that it emulates what passed for syscalls in DOS. Parent is probably thinking of something like VM program + complete copy of MS-DOS 6.22, which might have been better in some ways, but also slower, especially on the machines that were common back in late '01 when XP was released.

Re:

[cusco]

You'd be surprised. Until two years ago the agents' interface to one of the national insurance firms was a 16-bit app dating from the days of Win 3.11.

Re:

[Mashiki]

Why is that a surprise. Businesses here still use programs running under OS/2 1.1

Re:

[drinkypoo]

Backwards compatibility was Windows' great asset. Note that it is somewhat gone in Windows 7, unless they've fixed things such that Civ II Multiplayer Gold works, or the five or so other games I tried. It and Battlezone (another fail when I tried it) fail in VirtualBox OSE (haven't tried the real one) but work in VMware Workstation... under Windows XP. In the XP days it was still possible to just double-click most DOS games' executable to show off just how antiquated Windows could pretend to be. Dunno how t

Re:Windows NT

[Bungie]

Yes... the only question is... Why didn't Microsoft disable running DOS apps by default?

I think Microsoft wasn't concerned because DOS applications are all contained in a virtual machine. The hardware is emulated by the VDM or VXD's. If anything goes wrong NTVDM.EXE terminates like any other user process. Ideally it should be as safe to run and I'm sure Microsoft wanted to make running legacy DOS apps as seamless as possible to the end user.

Re:

[siride]

Remember that BSD bug that sat around for about the same length of time? Yeah, it happens everywhere.

Of course, this is only a bug that can be exploited by 16-bit programs and only on 32-bit Windows. Since I run neither of those, it's not even a problem for folks like me.

Re:

[siride]

And then you wait till whenever your distro updates the kernel, and that's if you are bleeding edge. Otherwise, you wait for backports. It's probably fast enough, but there's no guarantee you get it the day of.

Re:

[Ziekheid]

You seriously have no idea what you're talking about. But enjoy being ignorant and naieve about things like this, because problems alike do not exist for other OS's, only in Windows.. right?

Re:

[Ziekheid]

So now you realize your argument failed you try fixing it with a different approach?
Look up the list of unpatched vulnerabilities found in your own OS on securityfocus and realize how even this argument fails.
You clearly don't understand the thorough testing some patches go through before they go live. Besides, severe security issues are patches outside the patchcycle on a regular base.

Re:sigh...

[MobileTatsu-NJG]

Yet another reason I avoid Windows and run for the hills with my linux box, if Windows was patched in a timely matter instead of being vulnerable for weeks, months, 17 years or when the media s**ts their pants, then I just might look at using it.

A.) You don't understand what really happened here. You should read the +5's in this thread before reading the next part of my post.

B.) There is absolutely nothing preventing Linux or anything else from having a problem like this. In fact, this is quite the cautionary tale for anybody running a computer. Your computer has a number of exploitable bugs in it right this second. Your machine is not safe. You need to install updates. You need network protection, firewall, etc. You need to make backups. You need to not run every executable you find from un-trusted sources. You need to use good practices when dealing with sensitive data. Running Linux, BSD, OSX, whatever, doesn't alleviate any of these concerns.

C.) Summaries often contain more information than the headline does. They also usually have links you can click on to get even more info.

Re:

[MojoRilla]

There is absolutely nothing preventing Linux or anything else from having a problem like this.

Sure there is. Open source software has maybe thousands or tens of thousands of people looking at the source code for security issues. Microsoft has maybe hundreds?

Security by obscurity isn't secure.

Re:

[AikonMGB]

You mispronounced "so unused that it took 17 years to find."

Re:

[__aaclcg7560]

[putting on anti-grammar Nazis hat]

Isn't that supposed to be "miswrote" instead of "mispronounced" since 1) I didn't verbally say anything and 2) I very much doubt you could hear me without being in the same room.

[taking off anti-grammar Nazis hat]

Re:

[AikonMGB]

Possibly; I was going off a meme at our lab that originates from one person saying something negative, and the other responding "you mispronounced 'awesome'."

Aikon-

You joke, but I think he'd like to

[Adrian Lopez]

"We are not the streamlined, small, hyper-efficient kernel I envisioned 15 years ago. Our kernel is huge and bloated. Whenever we add a new feature, it only gets worse." -- Linus Torvalds [computerworlduk.com], September 2009.

Linux Torvalds 2009 == Andrew S. Tanenbaum 1992

[Gary W. Longsine]

"We are not the streamlined, small, hyper-efficient kernel I envisioned 15 years ago. Our kernel is huge and bloated. Whenever we add a new feature, it only gets worse."
-- Linus Torvalds [computerworlduk.com], September 2009.

This round of the The Tanenbaum–Torvalds debate on kernel architecture [wikipedia.org] seems to be a self-administered blow from Linux to himself.

Jus' sayin'.

Re:

[binarylarry]

Yes, I know. *I* was joking.

Re:

[Timex]

....and YOUR Slash number has six digits. Mine has five. See? I can count backwards! :)

I've been using Linux since kernel version 0.99pl10, when Slackware ruled on a couple dozen floppies.... ...and get off my lawn!

Re:Maybe I'll have to take your word for it?

[redalien]

Yeah? Well my dick's smaller than yours!

Re:

[binarylarry]

Apparently your Slashdot ID doesn't make you any smarter.

But what I was getting at was perhaps if Linux chose a more modular design like a Microkernel, it would be less bloated.

Although it was in jest, as I think if they chose a Microkernel it would probably have ended up like Hurd and I'd be typing this from a Mac.

I need to track down John Titor so I can test my hypothesis.

Re:

[VertigoAce]

For what it's worth, the disk space requirements quoted for Windows are not for the OS, let alone the kernel. The disk space calculation is based on the OS, a set of applications (Office + other basic apps), room for documents, plus a couple service packs. The goal for Win7 was that it would be usable on a netbook with a 16GB SSD. I've heard of people getting a full install on an 8GB SSD, but it's not supported.

I'm guessing you know this

[symbolset]

No, That's Windows 7 by itself. Office is 3GB extra.

The cited DSL fits in 64MB, all things included.

Damn Small Linux is small enough and smart enough to do the following things:

• Boot from a business card CD as a live linux distribution (LiveCD)
• Boot from a USB pen drive
• Boot from within a host operating system (that's right, it can run *inside* Windows)
• Run very nicely from an IDE Compact Flash drive via a method we call "frugal install"
• Transform into a Debian OS with a traditional hard drive install * Run light enough to power a 486DX with 16MB of Ram * Run fully in RAM with as little as 128MB (you will be amazed at how fast your computer can be!) * Modularly grow -- DSL is highly extendable without the need to customize

It includes three browsers, document processing, email, spreadsheet, VOIP, and a lot more.

The smallest pendrive I've ever heard of is the 64MB USB 1.0 device I'm holding in my hand right now that I bought my wife more than a decade ago. I paid $79 for it at Fred Meyer, because tech stores wouldn't carry it. Actually, there were 16 and 32MB versions of this, but let's not go there because this was the Windows 95 era.

I am on the record as stating that we've had no productivity increases since the advent of Windows. Let me quote from a wise man [nationmultimedia.com]:

"Word processing was a solved problem in 1984. By 1987 spreadsheets had all the functions a normal person would ever use. Databases took a little longer, but by 1990 that was sorted. An infant could have been born that day and by now would be almost of age to vote and we've seen no real improvement in productivity since."

64MB is 0.32% of 20GB.

So let me ask you: If the Office team needs 3,000 MB to install their full application set, what can they do with 30MB - 1% of that? Splash? Can they even do that?

Re:

[Fizzl]

Bah, just couple of years back* I compiled myself a linux from scratch to test if I could get it running on an old discarded 486dx with 8M of mem and a 40M hard drive. I had to cheat a bit by throwing in a 120M hard drive while compiling stuff. Source and object code takes a lot of space.
I can't remember what I used as a bootstrap to start the process. I think I made a custom initrd disks from some old debian netboot images.

* Well, shit. -98 was over ten years ago. I feel like a git.

Re:

[diskofish]

Give me a break. We're comparing apples to oranges here. MS does small too. Windows CE - Microsofts OS for portable devices. Requires 1MB of ram. Fits on pendrives, etc etc. .NET Micro [microsoft.com] - Microsoft's embedded framework, for embedded application. Will fit in 64k of memory. The entire framework takes up about 10MB.

Re:

[daver00]

Dude, if you 'tune' it differently (read: recompile with completely different sets of code) is it *really* the same kernel anymore?

Re:I'm guessing you know this

[chrysrobyn]

I am on the record as stating that we've had no productivity increases since the advent of Windows.

Are you even old enough to remember word processors in 1984? Spreadsheets in 1987? I realize you're being funny and quoting someone else who said those things, but seriously stop to think about them.

I remember Word Perfect 5.1 in my 80x24 16 color display running on my 286 with 640KB of RAM. Let me tell you, Word from 1994 was worlds better. WYSIWYG is an amazing accomplishment that wasn't easy to get right. Even in 1994 there were small places where it wasn't perfect -- but being able to see bold or italic text instead of a different font color indicating "imagine this text is italic". Compare Word from a few years later -- on the fly typo correction, spelling and grammar highlights, with suggestions? That's progress.

A spreadsheet in 1987 wasn't usable by a vast majority of people who were sophisticated enough to understand basic table structure. Excel from 1997 had enough of a GUI to help even less sophisticated people use functions instead of just using it as a pretty interface to store numbers.

I'm not a fan of how much bloat has happened, but let's pause and understand what we've gained in the last 20 years. I don't see anybody volunteering to go back to their 286 with vintage software, and there's a reason for that.

Modern computers are able to solve problems only dreamed of 20 years ago. What I can accomplish in terms of text processing with Perl might be an incredibly inefficient use of memory and horsepower, but I can hack something together in an hour that will slog through gigabytes of data and the problem will be solved before a programmer 20 years ago would have been done optimizing the runtime to fit in the available memory. I'd even point to the travesty that is the chip designer's automated place and route toolset -- what's done routinely today wasn't even possible 10 years ago.

Re:

[chrysrobyn]

CPT word processor, 1984 - a dedicated word processing station with 8" floppy disks, a portrait orientation widescreen crisp white CRT measuring 8.5"x11", WYSIWYG and daisy wheel printer. 80WPM. Next question.

Notably without on the fly spelling or grammar highlighting, and zero ability to transparently turn "teh" into "the". "Next question" indeed. You remember the 1984 single purpose word processor without integration into a general purpose computer, without the ability to paste images, screenshots or gr

Re:

[Liquidrage]

Fuck you mods and your troll bullshit. /. is owned by a company that has a stake in FOSS. It would be like ars being owned by a company with a stake in HD-DVD and posting any story about blu-ray in a negative light (back when there was a format war).

Every fucking headline or story about MS is painted in a bad way, and I'd say about half the stories deserve a retraction as can be seen in the threads. Other stories like this aren't even fucking news. And the headline is sensational. It's not news for nerds

Re:

[Sir_Lewk]

Don't like it? Go back to digg. Slashdot has never tried to hide or deny it's FOSS bias, nor is it ashamed of it.

Re:

[selven]

There were probably crackers who knew about it and were keeping quiet to maximize long term exploitation potential. Also, you may recall that Slashdot did report on an 8-year-old Linux bug too.

Re:

[Xeleema]

Outlook is the best mail server there is.

If you're going to shill with a sub-million UID account, you should get your facts straight. "Outlook" is a client, and no, it's not the best one out there, that's a matter of opinion, with the only alternative choice typically being Lotus Notes. If you really meant "the best mail server", you probably ment to say "Microsoft Exchange", although I would have said "sendmail" or "Whatever Sun/Oracle calls their mail server now", or "anything except Domino".

Re:

[siride]

Homework on a Friday night?

Re:

[blackraven14250]

It was reported to M$ in June 2009.

Re:

[gmuslera]

"Just reported in a public way" != "Just discovered"

Bugs reported in a private way to microsoft could take months to be fixed or disclosed (i.e. the recent IE6+ bug that enabled intruders get into google and other companies recently were reported 4-5 months ago).

And of course, the bad guys dont report bugs, they exploit them. And people could find (or not) that something weird is happening when is already too late.

Re:

[rodgster]

If I remember correctly, as far back as NT 4.0 NSA Security Guidelines recommended removing the 16 bit MS DOS subsystem. I believe it is also absent in 64 bit Windows 7. I wonder about 64 bit XP & 64 bit Vista.