Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Suspending "Patch Tuesday" Emails

timothy posted about three weeks ago | from the just-visit-our-lair-for-updates dept.

Security 145

New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.

cancel ×

145 comments

Linux? (-1, Flamebait)

the_Bionic_lemming (446569) | about three weeks ago | (#47338709)

After windows 8 and the swing to a sandbox I keep wondering why Microsoft and its stupid decisions isn't being driven to the ground over a what should be a superior product.

Please obi Wan Linux, you are our only hope!

Re:Linux? (-1, Flamebait)

Anonymous Coward | about three weeks ago | (#47338739)

Linux is worse off now than windows 8 between Unity, GNOME 3 and the cluster fuck that is systemd

Re:Linux? (0, Troll)

Anonymous Coward | about three weeks ago | (#47338849)

You obviously know nothing about Linux.

sudo apt-get install xubuntu-desktop #already (2)

tepples (727027) | about three weeks ago | (#47339425)

I don't see how. Just as Windows has Classic Shell, Linux has Xfce.

Re:sudo apt-get install xubuntu-desktop #already (1)

jones_supa (887896) | about three weeks ago | (#47339927)

As an extra tip for anyone using XFCE, it's a good idea to disable the integrated compositor and use Compton instead [ubuntuforums.org] . The default XFWM4 compositor uses XRender which often causes tearing.

Re: Linux? (0)

Anonymous Coward | about three weeks ago | (#47339705)

KDE. 'Nough said.

Re:Linux? (3, Insightful)

Arker (91948) | about three weeks ago | (#47340745)

Linux is worse off now than windows 8 between Unity, GNOME 3 and the cluster fuck that is systemd

I think you must be confused, Linux [kernel.org] requires none of the things you just mentioned, and neither does a linux-based OS [slackware.org] .

Re:Linux? (-1, Offtopic)

the_Bionic_lemming (446569) | about three weeks ago | (#47338777)

Awesome!

I got modded down being an ex-microsoft schill posting against Microsoft!

Please review my comments over the past many years :) I was pro - microsoft and now after Post XP I am against Microsoft due to the increasingly crappy OS's they release.

Anyone who likes the stupidly long search times, and the complete pc lockups that occur because Microsoft has repeatedly released OS that were progressively ( i can't find a word to express more than abysmal) are really encouraged to keep modding me down.

I hope that one day you are held up to a spotlight and identified for keeping a person hating what MS does down.

Re:Linux? (-1)

Anonymous Coward | about three weeks ago | (#47338789)

shut up faggot

Re:Linux? (0)

Anonymous Coward | about three weeks ago | (#47340631)

To the grandparent post, your downmod and the parent post to this message both reflect the 4channification of slashdot, a combination of low IQ as well as bravado of the anonymous, spit from their basements, excepting when their mom is downstairs right over there doing laundry. This doubly irritates them as it also interrupts their jerk sessions.

Re:Linux? (0, Offtopic)

Noah Haders (3621429) | about three weeks ago | (#47338875)

over the years I took it for granted that the newest version of an operating system would require more resources than the last version, so my computer would be slower. Then I switched to osx, and my computer would get faster with each upgrade, since the upgrades were actual structural improvements and not just frosting. so my 5yo notebook would be faster than when it was new.

Re:Linux? (1, Offtopic)

Gadget_Guy (627405) | about three weeks ago | (#47339193)

The same thing happened in the Windows world. Windows 7 was faster than Vista, and Windows 8 was faster than Windows 7. Each new version got better with their use of resources, although the system requirements remained the same for the three versions (1 GHz CPU, 1GB RAM for 32bit, 2GB for 64bit) except for hard drive use with went up by 1GB per release.

When I first tried the beta of Windows 8, the only computer that I had spare was a 2GHZ Celeron with 1GB RAM and a slow hard drive (I think that it was from 2006). It was slow to boot, but once loaded I was astounded how well it worked. I wouldn't use it for day-to-day operations, but it wasn't too far out of the ball park for speed. It didn't stop me hating the user interface (and I still do), but the actual performance did surprise me having been used to the idea (like you were) that each version in the past had got slower and slower.

NX and SSE2 (2)

tepples (727027) | about three weeks ago | (#47339433)

That system requirements increased very little since Windows Vista is mostly true. Windows 8.1 added the requirement for NX and SSE2 support in the CPU. Do all Atom CPUs support those?

Re:NX and SSE2 (1)

Blaskowicz (634489) | about three weeks ago | (#47339853)

They do. Intel never crippled away these feature ; most Pentium 4 don't have NX but it is commonly found on late Pentium 4 Celeron (which can be 64bit even)
Parent might have a Celeron 440 or 450 (core 2 solo) and that's another beast. Excellent CPU with low power use, still actually worth using.

Re:Linux? (0)

Anonymous Coward | about three weeks ago | (#47339363)

Congratulations. You've just bought the Apple cool-aid.

In reality, Apple is no worse than any other vendor. They do have the advantage of owning their own hardware, but that just means you own less of what you've just bought.

Less freedom. Less diversity. Less flexibility. Costly add-ons. What's not to like?

(I've purchased Macbook Pro, which turned out to be a heater. The screen got faulty within a year, and the battery finally melted. Piss poor customer experience on all gadgets bought from Apple.)

If it works for you though, good for you, This is just MHO.

Re:Linux? (0)

Anonymous Coward | about three weeks ago | (#47339861)

hahahaha

Yes, Mavericks runs on my late 2008 Macbook Pro *just* as quickly as Snow Leopard did!

It's no different from any other OS. Some new versions run faster, others run the same, others run slower. Personal experience on OSX and Windows: Leopard slower than Tiger, Snow Leopard faster than Leopard, Lion slower than Snow Leopard, Mountain Lion faster than Lion, Mavericks the same or slower than Mountain Lion; 2000 slower than 98, XP same as 2000, Vista slower than XP, 7 same as Vista, 8 faster than 7. Your mileage may, and indeed will, vary.

Re:Linux? (3, Insightful)

chromaexcursion (2047080) | about three weeks ago | (#47338947)

This is just a guess, but I believe your assessment why you were modded down is correct. Making comments that might offend people has consequences.
Your post is off topic, and bashes Microsoft for things not relevant. As for your previous posts, having modded comments, previous posts are pretty much impossible to find. Modding is based on the current comment.
I'm not a fan of Microsoft. I've been playing and working with computers since before Microsoft existed. I've posted on this thread. Canada is the party at fault, Microsoft is just responding to a stupid law.
I love bashing Microsoft, but the pickings have been slim lately, they're failing. They won't go out of business, but their clout is gone.

Re:Linux? (2)

dryeo (100693) | about three weeks ago | (#47339023)

Canada is the party at fault, Microsoft is just responding to a stupid law.

Whats stupid about requiring people to opt-in? Microsoft could always add an unsubscribe option and ask Canadians if they want to receive their spam.

Re:Linux? (0)

westlake (615356) | about three weeks ago | (#47339831)

I love bashing Microsoft, but the pickings have been slim lately, they're failing.

Whenever I hear the geek talk about how rapidly Microsoft is failing, I am consoled by the thought of the record returns certain to be posted in its next quarterly report.

It looks like a response to anti spam laws (4, Insightful)

Karmashock (2415832) | about three weeks ago | (#47338711)

I don't know why subscribe and unsubscribe would not satisfy those laws but apparently MS is convinced they don't... so...

Re:It looks like a response to anti spam laws (1)

sumdumass (711423) | about three weeks ago | (#47338803)

Perhaps its not about opt in or out. Perhaps MS patched something the NSA was exploiting and they were told to knock it off.

Of course I'm just guessing. I have no idea what the so called changes are but I can assume it was something that exposed MS to possible financial penalties.

Re:It looks like a response to anti spam laws (4, Insightful)

Karmashock (2415832) | about three weeks ago | (#47338817)

contextually that doesn't make sense because they're not recalling patches or changing patches but merely informing people ABOUT patches differently.

Previously you could put yourself on a mass email list for patches.

MS is saying they're not doing that anymore.

But they will retain an RSS feed for the same patches.

Therefore, this appears to be a response to anti spam legislation/rules.

Re:It looks like a response to anti spam laws (1)

GNious (953874) | about three weeks ago | (#47339317)

tinfoiling ....

Perhaps the NSA got tired of everyone using Security Patches, and told Microsoft to stop being so diligent in informing people about the existence of these ? :)

Re:It looks like a response to anti spam laws (1)

Karmashock (2415832) | about three weeks ago | (#47339395)

again, they haven't stopped informing people... they just won't do it by email anymore.

Re:It looks like a response to anti spam laws (0)

ruir (2709173) | about three weeks ago | (#47340085)

Why would they need to worry about Patches when in the past their backdoor and their public key was exposed in NT4 SP 5?

Re:It looks like a response to anti spam laws (-1)

Anonymous Coward | about three weeks ago | (#47338993)

Your username is fairly appropriate you fucking moron.

Re:It looks like a response to anti spam laws (0)

Anonymous Coward | about three weeks ago | (#47339253)

Well no shit. Here's a list of exploits, most of which haven't been exploited yet but we'll give you a nice summary about how they might
be used in a targeted attack. If you promise not to sue our assas off, we'll give you the straight dope every month. Christ on a fucking
crutch. This is almost as bad as "signed off by".

Re:It looks like a response to anti spam laws (5, Insightful)

Anonymous Coward | about three weeks ago | (#47338845)

Microsoft doesn't have 'unsubscribe'. They link to a profile page that doesn't really have unsubscribe options. I've been trying for years to stop partner emails, but the only way is to stop being a Microsoft partner. Weak. I flag them all as spam on gmail.

Re:It looks like a response to anti spam laws (1)

Karmashock (2415832) | about three weeks ago | (#47339031)

That's dumb on their part then because obviously the email should be individually configurable.

Re:It looks like a response to anti spam laws (4, Interesting)

hankwang (413283) | about three weeks ago | (#47338883)

From TFA (2nd link): "Your CEO, and each officer, may be fined up to $1,000,000"

Now that's refreshing! Corporate misbehavior resulting in personal fines for the management. I could think of a few more cases where that would be a good idea.

Re:It looks like a response to anti spam laws (1)

AuMatar (183847) | about three weeks ago | (#47338967)

I think just about all of them. If a corporation is fined, an officer should be paying one as well or serving jail time. And be barred from receiving a bonus that year as well (so the company can't just pay back their fine).

Re:It looks like a response to anti spam laws (1)

cdwiegand (2267) | about three weeks ago | (#47339079)

Ugh, it's called D&O insurance - every company has them, even many startups. Big whoop-die-do. Mind, I applaud the law, and would love to see one here in America (and have it ACTUALLY ENFORCED - no one enforces CAN-SPAM, given how even Microsoft isn't compliant).

Re:It looks like a response to anti spam laws (0)

Anonymous Coward | about three weeks ago | (#47339137)

Most of the current changes in CAN-SPAM don't take effect until Canada Day 2014 (July 1)

Re:It looks like a response to anti spam laws (4, Informative)

crispytwo (1144275) | about three weeks ago | (#47339007)

Canada passed a new law regarding spam in electronic messages (in particular, email) starting July 1

the law is here: http://laws-lois.justice.gc.ca... [justice.gc.ca]
faq is here: http://www.crtc.gc.ca/eng/com5... [crtc.gc.ca]
the potential fine is $10 million

The companies that are effected are legitimate ones who do business in Canada
The onus on proving you have permission to send an email is on the company sending it.
There has been a flurry of activity wanting permissions recently due to the legislation.
It seems that nobody really knows what it means to be identified as a spammer.

Microsoft is probably thinking - to hell with it; the risk is too high. The RSS is good enough.

Re:It looks like a response to anti spam laws (0)

Anonymous Coward | about three weeks ago | (#47339371)

A company that doesn't take risks is a dinosaur, good riddance!

Re:It looks like a response to anti spam laws (1)

Impy the Impiuos Imp (442658) | about three weeks ago | (#47340613)

The only non-adaptive, risk-averse, useless, ancient dinosaur here is government-as-usual.

Re:It looks like a response to anti spam laws (2)

Arith (708986) | about three weeks ago | (#47339621)

This right here.
It's actually kind of amusing to see these companies that you contacted ONCE and hence start giving newsletters - now they're all begging to continue spamming me. Ironically, some are spamming me to get permission too spam me... lolwhut

It's been awhile since I've seen a law passed that HELPS the little guys, even if it's just an annoyance like spam.

Re:It looks like a response to anti spam laws (0)

Anonymous Coward | about three weeks ago | (#47340347)

This. I got over 50 emails from one organization that I bought one thing from over 5 years ago. For some reason, I had not gotten any emails from them until this happened. Odd.

Re:It looks like a response to anti spam laws (1)

master_kaos (1027308) | about three weeks ago | (#47339803)

Now I don't know Microsoft patch emails contain, but from the sound of it, It doesn't seem like it would be effected by canadas new anti spam as it is only for emails that are advertising a product/service for money.

Re:It looks like a response to anti spam laws (1)

drinkypoo (153816) | about three weeks ago | (#47339877)

Microsoft is probably thinking - to hell with it; the risk is too high. The RSS is good enough.

And I'm thinking who knew Microsoft was using RSS for that (luckily, I am out of touch on windows patches) when everyone else was taking down their RSS feeds

Re:It looks like a response to anti spam laws (1)

Predius (560344) | about three weeks ago | (#47340313)

It's not just MS, OpenSRS (Based out of Canada) has just done away with their email notification for system outages as well. They're now providing an RSS feed or you can periodically check their blog. Their solution for those who liked email alerts, a third party service that watches the RSS feed and emails on updates...

Re:It looks like a response to anti spam laws (1)

Predius (560344) | about three weeks ago | (#47340321)

Come to think of it, I'm getting emails from VMWare asking for permission to get further emails from them as well...

Re: It looks like a response to anti spam laws (0)

Anonymous Coward | about three weeks ago | (#47340837)

Every website that sends me spam has been emailing asking for permission to continue to do so. This is just how the law works.

Great! (3, Informative)

Animats (122034) | about three weeks ago | (#47338745)

That's the way it should be. If you want to subscribe to something, use RSS. That's totally under the control of the recipient. If you unsubscrbe from an RSS feed, there's no way the sender can keep sending to you.

It's easy to follow an RSS feed if you're using Thunderbird; a bit harder if you're a Google slave.

Re:Great! (1)

DigiShaman (671371) | about three weeks ago | (#47338835)

Not that I disagree, but I'm cynical enough to believe this was a cost cutting measure from server/bandwith infrastructure, internal support, and litigation. They probably figure that you would get the news 3rd party via some other IT security e-mail whom will collect RSS feeds already.

Re:Great! (0)

Anonymous Coward | about three weeks ago | (#47339413)

RSS feeds require continuous polling for updates, that's not going to save bandwidth compared to e-mail.

Re:Great! (1)

tepples (727027) | about three weeks ago | (#47339509)

RSS feeds require continuous polling for updates

How much bandwidth does it take to get a 206 Not Modified response once a day, compared to everything else a network admin does on her PC?

Re:Great! (0)

Anonymous Coward | about three weeks ago | (#47339449)

But have you actually seen anyone ever use that RSS crap? I've setup RSS feeds on a dozen web sites, and less than one out of a million hits on the last one was for the RSS feed. I'm sure that was a robot or a dev testing. There's a reason you always hear about unrealistic developers talk about providing an RSS feed, and not once have I ever heard an end-user mention consuming one.

Re:Great! (1)

Andreas Mayer (1486091) | about three weeks ago | (#47339707)

RSS is how I get my news.
You don't offer a RSS feed? I'm not going to regularly visit your site.

Fortunately, every site I've ever been interested in offers at least one feed.

Re:Great! (1)

master_kaos (1027308) | about three weeks ago | (#47339809)

Yup exact same thing here. Outside of "techies" I have never heard of a single person who actually uses RSS feeds.

Re: Great! (0)

Anonymous Coward | about three weeks ago | (#47340111)

If you are applying enterprise patches, I hope you are capable of understanding RSS feeds.

Re:Great! (0)

Anonymous Coward | about three weeks ago | (#47340375)

Why single out Google? There is quite few tech and software companies around.

The Canadian law doesn't apply to these (3, Interesting)

presidenteloco (659168) | about three weeks ago | (#47338751)

Only emails of a commercial nature are banned without opt-in.

A security notice is not an email of a commercial nature, unless it also contains marketing offers etc.

Re:The Canadian law doesn't apply to these (2)

bhcompy (1877290) | about three weeks ago | (#47338771)

Doesn't stop frivolous lawsuits from costing them lawyer fees, though

Re:The Canadian law doesn't apply to these (3, Interesting)

msobkow (48369) | about three weeks ago | (#47338801)

That may be technically the case, but IBM, Oracle, and Sybase/SAP have all asked for permission to keep sending technical newsletters. No one wants to take a chance that some bozo is going to interpret a technical notice as being spam and laying charges accordingly.

What were simple mailing lists now require an authorization database to comply. In many cases companies are just going to shut down the lists rather than go to the expense/hassle of authorization databases or risking non-compliance claims.

On the bright side, it's nice to see US companies abiding by foreign laws for a change. For far too long they've gone with the attitude "we're on US soil, so we only have to follow US law", but now they're finally waking up to the fact that they have to follow the laws of every jurisdiction they do business in, or stop doing business there.

Re:The Canadian law doesn't apply to these (1)

dryeo (100693) | about three weeks ago | (#47339051)

Microsoft just moved a bunch of stuff to Vancouver so they are doing more then just doing business in Canada. Just shows that 30 years of tax cuts can bring some business. Of course they promise to leave as soon as they get a better offer and the province is like a junker car that hasn't had maintenance done in years, bald tires, no oil change in years, water instead of anti-freeze, brakes down to metal, and spark plugs that just barely create spark. And they wonder why the mileage is so bad, why the block cracked last winter and now they have to keep adding shit that stops the leak and overheats the car and the mechanic says not to drive the piece of shit until a $1000 brake job as everything is shot.

Re:The Canadian law doesn't apply to these (1)

munch117 (214551) | about three weeks ago | (#47339451)

On the bright side, it's nice to see US companies abiding by foreign laws for a change. For far too long they've gone with the attitude "we're on US soil, so we only have to follow US law", but now they're finally waking up to the fact that they have to follow the laws of every jurisdiction they do business in, or stop doing business there.

Is that a good thing? Case in point: The beta-free site [soylentnews.org] refusing to accept donations, because then they'd have to be separately licensed to receive donations in 50 states. [soylentnews.org] (section Why We Haven't Discussed Pure Donations). I worry that small and even medium size companies will just drop overseas markets, because it's too much hassle.

Like those obnoxious .com sites that only sell to North America. Usually they don't even mention the fact that they won't sell to you until you reach checkout, and they ask you to select your state, but not your country, that's implied. These last years my impression is that there are fewer of those sites, that the world has become more connected. I'd hate to see it go the other way.

Re:The Canadian law doesn't apply to these (1)

msobkow (48369) | about three weeks ago | (#47339589)

It's a good thing for everyone but the US, so fuck the US.

Re:The Canadian law doesn't apply to these (1)

cascadingstylesheet (140919) | about three weeks ago | (#47339617)

On the bright side, it's nice to see US companies abiding by foreign laws for a change. For far too long they've gone with the attitude "we're on US soil, so we only have to follow US law", but now they're finally waking up to the fact that they have to follow the laws of every jurisdiction they do business in, or stop doing business there.

So, would that include various foreign Sharia-based laws too? Censorship laws? Anti-homosexuality laws?

Or only foreign laws that American hipsters like?

Re:The Canadian law doesn't apply to these (1)

Maxwell (13985) | about three weeks ago | (#47339801)

If you want to do business in countries that have laws like that, yes, of course. Why is that so hard for Americans to understand?

Re:The Canadian law doesn't apply to these (0)

Anonymous Coward | about three weeks ago | (#47339899)

Because we're used to our military going in and changing the laws for us whenever needed.

'Murica!

Re:The Canadian law doesn't apply to these (0)

Anonymous Coward | about three weeks ago | (#47338815)

Its an American corporation. Of course the emails are going to have marketing in them.

I'm waiting for the GM recall notices to start containing coupons for funeral services.

Re:The Canadian law doesn't apply to these (0)

Anonymous Coward | about three weeks ago | (#47338833)

if you read the Act, it defines a "Commercial Electronic Message" very broadly. Yes, a security notice falls into this category (until it is struck down in court).

Re:The Canadian law doesn't apply to these (3, Insightful)

msobkow (48369) | about three weeks ago | (#47338839)

You do realize that if you're sending email about a commercial product it's a commercial email, right?

It doesn't have to be advertising -- it just has to be commercial in nature, as in about a product that you charge for, not commercial as in advertising.

Re:The Canadian law doesn't apply to these (0)

Anonymous Coward | about three weeks ago | (#47340205)

That is not sufficient to fall under CASL. http://www.crtc.gc.ca/eng/com500/faq500.htm. A security bulletin about a product is not in and of itself a Commercial Electronic Message as long as it does not contain advertising or other content designed to encourage you to make further purchases -

What is a commercial electronic message?
A key question to ask yourself is the following: Is the message I am sending a CEM? Is one of the purposes to encourage the recipient to participate in commercial activity?

When determining whether a purpose is to encourage participation in commercial activity, some parts of the message to look at are:

the content of the message
any hyperlinks in the message to website content or a database, and
contact information in the message.
These parts of the message are not determinative. For example, the simple inclusion of a logo, a hyperlink or contact information in an email signature does not necessarily make an email a CEM. Conversly, a tagline in a message that promotes a product or service that encourages the recipient to purchase that product or service would make the message a CEM.

Some examples of CEMs include:

offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
offers to provide a business, investment or gaming opportunity;
promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so.

Re:The Canadian law doesn't apply to these (1)

chromaexcursion (2047080) | about three weeks ago | (#47338855)

A security notice for a purchased product could be considered to be of a commercial nature.
Are you willing to bet the farm on it?
Your legal fees will be over $1,000,000 even if you win.
OH! and the idiot that sued you is penniless, forget recovery.

Re:The Canadian law doesn't apply to these (1)

hairyfeet (841228) | about three weeks ago | (#47338937)

Its been years since I got patch emails from MSFT (I just use WSUS Ofline now, saves bandwidth) so maybe they have ads for their other products on them?

Re:everything is commercial (1)

Maxwell (13985) | about three weeks ago | (#47339795)

The definition of CEM is so broad, that just about anything from a vendor will be commercial. Even if there is no expectation of profit, simply inviting someone to do something is "commercial" and requires two stage opt-in.

It's overly broad to prevent weaseling around it, but it will take a few court cases to actually define it better.

Microsoft has no good, centralized, newsletter or list management system. So they are stuck with a blanket ban/switch to rss for now.

Government OohhHhhh (0)

Anonymous Coward | about three weeks ago | (#47338805)

So when did it become a magic word for this big scary thing with unquestioned regulations in which asking for a plain explanation gets the evil eye.

I Hope (0)

Anonymous Coward | about three weeks ago | (#47338813)

I hope Rod Trent didn't write the law as well.

"If you're not worried about this new law, you haven't been adequately information.[sic]"

Canada's new anti-spam act? (0)

Anonymous Coward | about three weeks ago | (#47338823)

Does this have anything to do with the new anti-spam act coming into force in Canada on July 1st http://fightspam.gc.ca/eic/site/030.nsf/eng/home ?

There have been a lot of business scrambling here in Canada to get in compliance, after all, the fine is $1,000,000 for a personal offense, $10,000,00 for a commercial offense. Maybe Just didn't want to bother with tracking subscribers, and instead went to a protocol that was subscription based?

Re:Canada's new anti-spam act? (1)

master_kaos (1027308) | about three weeks ago | (#47339829)

What's funny is I still haven't got emails from Futureshop/Bestbuy yet. Considering the amount they spam I am not sure what they are going to do. If I even get one email from them on or after July 1, I will be reporting them.

The Failure of good intentions. (1)

chromaexcursion (2047080) | about three weeks ago | (#47338847)

Seemed like a good idea. I don't think so, but someone did.
What an absolute fail of a law.
It might work if the sender could reasonably presume that if the email address didn't end in .ca it wasn't a problem.
The cost. of defense is too high. Canada just screwed the pooch.

There may be a bright side. It will force international law to cross the internet. As this is a Canadian law, only addresses ending in .ca should matter. Of course that opens a much bigger can of worms.

Then again it could just result in an explicit opt in: I AM NOT A CANADIAN! If you check it an lie you are guilty of perjury. NO Canadians allowed.
Perhaps the future of an internet second class.

Of course I'm being melodramatic. But this law is melodramatic. Some idiot with no clue wrote it, and got it passed. It deserves derision.

Re:The Failure of good intentions. (-1, Redundant)

governorx (524152) | about three weeks ago | (#47338901)

The only idiot without a clue appears to be you.

Microsoft is handling it poorly. Every other company has already sent spam mails asking individuals to subscribe to get continued spam. Only Microsoft is the only company that finds this automated message to difficult to incorporate. ..and since you love spam so much how about you post your email addresses on the forum so we can oblige.

-gov

Re:The Failure of good intentions. (1)

NatasRevol (731260) | about three weeks ago | (#47339911)

So, .com emails don't get sent to Canada, and shouldn't be required to follow Canadian law because they're not .ca?

I'm pretty sure you're the one who deserves derision. And rightfully so.

Re:The Failure of good intentions. (1)

KitFox (712780) | about three weeks ago | (#47340101)

It's a matter of reasonable effort. How can a company determine that a given email destination is Canadian? It really can't. So Canada's laws are affecting the whole world as companies have to either give up on things that people likely actually want (security bulletins) or scramble to form opt-in databases on worldwide recipients just because of Canada.

Just like many of the laws in the US that people scorn, this Canadian law will only hurt the legitimate people who are trying to be respectful and operate as a good company with records and such. The spammers sending pharma spam and malware spam and such are operating from locations that don't support easy tracking for applying penalties. Thus millions of people worldwide are suddenly getting flooded with requests to keep sending mail (I opted in three years ago!) just in case they might be Canadian.

Therefore the obvious (but depressing) solution is to create borders on the internet and say "To prove you are a Canadian and protected by this Canadian law, you must have a .ca email address. Anybody who does not have a .ca email address cannot bring charges against a company sending email in violation of a Canadian law because they did not identify themselves as Canadian to be protected by the law." This is obviously not-good, but the alternative is a minefield of international laws that strangle the internet and any companies that operate on it.

Fictional but getting less farfetched example: Some Canadian posts a picture of their dog spinning in circles on a video site. The dog is not neutered and there is a flash of anatomy at 1:33 into the video (it's a long video of dog-spinning). Person gets in legal trouble in some country that: 1: Holds content posters liable for their posts. 2: Enacts a law that prohibits the depiction of any sexual anatomy online for the protection of the children/morality/whatever. Suddenly Canadian is subject to fines/imprisonment/death-for-insults-against-the-god because of this?

It seems like a ridiculous example now, but with the slippery slope we are heading down, it's becoming more and more possible.

Re:The Failure of good intentions. (1)

NatasRevol (731260) | about three weeks ago | (#47340341)

Therefore the obvious (but depressing) solution is to create borders on the internet

Just unplug your computer.

Re:The Failure of good intentions. (1)

Arker (91948) | about three weeks ago | (#47340781)

From what I have read (and please provide a correction link if you have one) the law only says commercial bulk email has to be requested. My comments presume this is true.

Now, that's the same rule you should have been following from day one anyway, and if you were not, then shame on you, you dirty spammer!

If their controls are so poor they are afraid of this law, then they should really just quit using email at all. Block it at the border router and spare the rest of us your spam.

CASL bad law and affects more than email (1)

Anonymous Coward | about three weeks ago | (#47338893)

In addition to email the CASL also affects social media, instant messaging, sms, voice messaging.
Read an article that if you just reply to a tweet to someone you could be fined under this law that is insane. So tweeting as person can land up to $1 million dollar a fine and a company $10 million that is crazy.

This really kills nearly all email applications. I have some double optin subscriber lists but now they are useless since I never asked what country the user was from. I can resend out a permission pass to ask for permission and hopefully get the country information as well. But that will affect the number of subscribers since some may not notice they have to reoptin againæ

I can block .ca domain from my lists but that does not solve the issue since there are Canadian users not using .ca domains.
\
Hopefully this law will be tweaked it needs a lot of work and will hurt consumers/businesses and in the end. And will not stop spam at all. since the botnets/virus writers do not care about the law.

Re:CASL case study right here... (1)

Maxwell (13985) | about three weeks ago | (#47339815)

You sound like a case study in why the law was needed. You have no idea who is on your marketing list, no idea where they are in the world, or whether they even want your emails, or how they got on your lists in the first place. Bad law for you, great law for anyone you happen to be spamming. Be prepared for a flood of unsubscribe requests!

Re:CASL case study right here... (0)

Anonymous Coward | about three weeks ago | (#47340159)

I know how they are added from our newsletter signup page/customer purchases but we never had/asked for the country they are from on our newsletter signup page.
Very few newsletter signup places ask for the country on a signup form.
The default form builder on constantcontact does not include country.
I can look at most major sites and they do not ask for country on newsletter signup either...

The law will be overturned one way or another once the lawmakers realize it unenforceable and the true backlash is heard. This is just the tip of the iceberg with no more security updates from Microsoft how many other vendors will follow next.

Re:CASL bad law and affects more than email (1)

Arker (91948) | about three weeks ago | (#47340811)

"I have some double optin subscriber lists"

You sound like a spammer. The nonsensical phrase 'double optin' points strongly in that direction. That is a phrase invented by spammers to describe 'opt-in' while implying that it is an unreasonable burden.

If your lists really are opt-in then the list should not affect you. It does not to the best of my knowledge require you to know or care what country your recipients are in, as long as you are not spamming to any country, then you will also not be spamming to Canada in the process.

RSS makes a LOT more sense. (0)

Anonymous Coward | about three weeks ago | (#47338903)

It's much easier to incorporate into my workflow.

RSS makes a LOT more sense. (0)

Anonymous Coward | about three weeks ago | (#47339063)

RSS makes it easier to focus on relevant information. Speaking of which, when they fix the bug of /. beta not showing the titles completely, I'll be much happier person.

Nice article (1)

phorm (591458) | about three weeks ago | (#47338985)

They could use a grammar check though:

If you're not worried about this new law, you haven't been adequately information

Someone invented some extra penalties (1)

Cabriel (803429) | about three weeks ago | (#47339027)

I read through the actual law and I don't see anywhere that specifies each CEO and officers of a violating company can be fined. The law specifies "individuals" can be fined up to $1million, and "any other person" (presumably corporations-as-people) can be fined up to $10million.

Anyone care to clue me in?

Actual FULL text of the law: http://laws-lois.justice.gc.ca... [justice.gc.ca]

Re:Someone invented some extra penalties (1)

Anonymous Coward | about three weeks ago | (#47339103)

Sections 31-33 (under "Rules About Violations") determine who it is that can be found in violation (including "An officer, director, agent or mandatary of a corporation...", etc.). Basically, they say that directors and officers can be found in violation if they were involved in the contravention, if anyone working under them was involved in the contravention, or if they knew of the contravention and failed to act against it.

Section 24 specifies that those found in violation, as above, can be assessed financial penalties.

Section 20, the part you seem to have been looking at, specifies upper limits to what those penalties can be ($1,000,000 in the case of a penalty levied against an individual and $10,000,000 in the case of penalties levied against a company as a whole), and the factors to be taken into account when determining what the penalties should be in any particular case.

Blame the spammers (1)

Z00L00K (682162) | about three weeks ago | (#47339045)

Blame the spammers that fake the senders. Microsoft is a popular faked sender, and then the junk mail filters throws away the mails and nobody sees the patch info mail.

it's a good law (0)

Anonymous Coward | about three weeks ago | (#47339053)

one of the few good things harper dictatorship has done. shame on other govts for not doing something similar.

Never Got MS E-mails (4, Informative)

DERoss (1919496) | about three weeks ago | (#47339065)

I never got E-mails from Micro$oft about updates, vulnerabilities, etc. Instead, I have an RSS feed from US-CERT (computer emergency response team), an agency of the U.S. Department of Homeland Security. (Yes, they do have a few useful functions.) US-CERT not only notifies me about Micro$oft's alerts and provides links to them, but that agency also notifies me of alerts from other companies.

The link to subscribe to the RSS feed is http://www.us-cert.gov/ncas/cu... [us-cert.gov] .

IDK or is it care? (0)

cyberzephyr (705742) | about three weeks ago | (#47339123)

I have to look at this tomorrow so i'm stepping out. For many reasons.

Another suspicious notification? (0)

Anonymous Coward | about three weeks ago | (#47339259)

This definitely looks like microsft is going underground.

Don't care either way (0)

Anonymous Coward | about three weeks ago | (#47339471)

Apple has never really addressed patches or pre notifications of updates or security fixes. So I personally do not need a email to inform me of any with Windows.
I am sure I could find a few web sites that would report the updates anyway or I could bookmark the Microsoft link to those updates.
I like the way Google does updates with Chrome OS, just put them out there and if you want to know what was installed go to the Chrome OS blog and look it up.
The average user does not really care about updates at a detailed level. Only geeks, IT pros, and the hackers who have been exploiting a hole.

Re:Don't care either way (1)

tepples (727027) | about three weeks ago | (#47339583)

I think the reason for advance notifications of updates is that they 1. require interrupting the user's work flow to restart the computer and 2. can break programs that were inadvertently relying on underspecified behavior.

Re:Don't care either way (1)

Andreas Mayer (1486091) | about three weeks ago | (#47339715)

Apple has never really addressed patches or pre notifications of updates or security fixes.

https://lists.apple.com/mailma... [apple.com]

Re:Don't care either way (1)

NatasRevol (731260) | about three weeks ago | (#47339923)

And you have to opt-in. So they're already in compliance with the law.

Saying that this is about the anti-spam laws is ju (0)

Anonymous Coward | about three weeks ago | (#47339771)

There is no proof, the article makes no link except that the date is the same.

If you think that it's true that this is about the anti spam laws then you haven't been adequately information.

CAN-SPAM (0)

Anonymous Coward | about three weeks ago | (#47340005)

I've been getting emails all day that say "we cant send to you after the first! hit yes to confirm! Please!

Fuck. That. I didn't sign up in the first place for most of them.

It's really not that difficult to comply with CASL (0)

Anonymous Coward | about three weeks ago | (#47340181)

And using it as an excuse is pretty lame. IANL but I am familiar with CASL. All you need to do is --

1) After July 1, begin requiring opt-in confirmation (express consent) for all new signups
2) For members of your list that signed up prior to July 1, you have 3 years to send them an email asking for express consent. You can continue e-mailing them within this window as long as they don't opt-out.
3) For people who do business with you after July 1 that give you their email address through some means other than express consent (signing up for your service, make a purchase, etc), you have 2 years to obtain express consent during which you can continue emailing them as long as they don't opt out. Though, its easier to just go ahead and get express consent at this point if it's feasible. Business card exchanges at conferences, trade shows, etc might make this difficult.

Note also that CASL isn't limited to email. It's _any_ electronic communication of a commercial nature. Twitter DM, Facebook, ...

Diligence vs. Negligence maybe? (1)

RudySolis (1438319) | about three weeks ago | (#47340187)

Having recently been working for a Fortune X company, I know there are legal concerns with 'knowing' about vulnerabilities. Where my mind went reading this wasn't to SPAM type laws but to companies' current direction (especially after Target) of opting to 'not know' about security vulnerabilities versus 'knowing but not fixing' vulnerabilities.

I believe the direction is that you can prove you are being 'due diligent' by patching your systems...but if you scan for missing patches, or in this case subscribe to a newsletter telling you about security vulnerabilities and know about them...by not patching "them all" you are "negligent". Since our legal and governance bodies typically don't understand the complexity around currency and the fact that past business decisions have left companies in a difficult patch/break cycle, we're being directed to a 'don't know, don't tell' mentality.

Perhaps, by subscribing to RSS feeds rather than email notifications (more discoverable on corporate servers) versus a reaching out and pulling down of RSS feeds on an individual basis is (a) reason that Microsoft is driving in this direction. Seems strange they would restrict distributing information for the sake of other organizations, but nonetheless could be (a) determining consideration.

Being a security professional I disagree with this mindset and hope our legal systems recognizes that ignorance is not defensible and attempting to keep technology current and identifying risks where that cannot be accomplished is a must better security posture than 'not knowing'.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...