Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Story Behind a Windows Security Patch Recall

CowboyNeal posted more than 7 years ago | from the trial-and-human-error dept.

Bug 135

bheer writes "Raymond Chen's blog has always been popular with Win32 developers and those interested in the odd bits of history that contribute to Windows' quirks. In a recent post, he talks about how an error he committed led to the recall of a Windows security patch."

cancel ×

135 comments

Sorry! There are no comments related to the filter you selected.

I just wanted to share (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18994421)

I just dropped a huge deuce!! Man it was awesome! It had lots of peanuts and corn in it too!

Re:I just wanted to share (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18995061)

Get a life...
Seriously... get a life.

SLASHDOT EXPERT WANTED (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18995375)

[MAJOR OFFTOPIC]
WTF is this [slashdot.org] ?

How do they get the story title to link directly to goatse? Where did this "story" come from? Certainly it was never on the front page... is it a journal entry? I don't get it!

Why doesn't the IP address that automatically posts to it every few minutes get banned? I found it erroneously while searching for something else on Slashdot. WTF???!!!

It has 3124 posts as of right now (will go up very soon). Will it make the hall of fame for most active story when it hits 3202 posts?

Very bizarre.
[/MAJOR OFFTOPIC]

Re:I just wanted to share (0)

Anonymous Coward | more than 7 years ago | (#18995357)

Next time make sure to do that in a urinal. That's always funny.

Re:I just wanted to share (0)

Anonymous Coward | more than 7 years ago | (#18998163)

He'd have to get out of bed first.

Aha! (-1, Troll)

pytheron (443963) | more than 7 years ago | (#18994463)

The verclsid.exe program created a watchdog thread


What ?? Windows ?? threads ?? How dare these two words be uttered in the same sentence !

Re:Aha! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18994621)

Aha? You must have been commenting at my huge deuce! I just dropped a huge deuce!! Man it was awesome! It had lots of peanuts and corn in it too!

Alrighty then... (0)

packetmon (977047) | more than 7 years ago | (#18994477)

The DLL that hosted the shell extension created a worker thread, so it did an extra LoadLibrary on itself so that it wouldn't get unloaded when COM freed it as part of CoUninitialize tear-down. ... and then waiting for the worker thread to respond with a "Okay, I'm all done" event." I usually am a brute and kill -9 things that won't listen. Lesson of the day? When in doubt kill -9 it all.

The Niggers Strike (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18994497)

Lock your assholes up or we gonna be all up in it 19" inches and counting. Wes gonna fuck you tonight doggie style.

Signed,
The Niggers

Re:The Niggers Strike (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18994629)

Protesting KFC?

Re:The Niggers Strike (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18995293)

How about we protest our poles in your ass. Prison style? Meet you in the shower.

Signed,
The Prison Niggers

Awwww, touching.... (0, Flamebait)

Richard McBeef (1092673) | more than 7 years ago | (#18994509)

I didn't realize microsoft developers were real people and might have real feelings. Maybe we should cut them some slack.

Re:Awwww, touching.... (2, Funny)

misleb (129952) | more than 7 years ago | (#18994649)

Heck why not just go all the way an cut them loose?

Re:Awwww, touching.... (0)

Anonymous Coward | more than 7 years ago | (#18995957)

Maybe just cut them, period.

Re:Awwww, touching.... (-1, Offtopic)

Lithdren (605362) | more than 7 years ago | (#18994795)

kill...Killl...KILL

KILL!

Ok I fell better. :)

Re:Awwww, touching.... (1, Offtopic)

Inner_Child (946194) | more than 7 years ago | (#18995943)

Did the sergeant come over, pin a medal on ya, send ya down the hall and say "You're our boy"?

Re:Awwww, touching.... (-1, Flamebait)

drinkypoo (153816) | more than 7 years ago | (#18995039)

I don't think that we should ever cut people slack for "just doing their job". But then, I also think that we should support people to a reasonable degree (financially if necessary) if they get fired for not doing their job. Regardless, helping Microsoft is helping dirty tricks, anticompetitive behavior, vendor lock-in, and a whole host of other undesirables. People who work for Microsoft deserve our ire. I don't think they deserve any violence or surrogate thereof, but they certainly are going to receive my contempt.

The Microsoft astroturfing is getting mighty old (-1, Offtopic)

drinkypoo (153816) | more than 7 years ago | (#18995309)

Troll does not mean "something with which I disagree". It means that someone is saying something they don't believe in order to elicit a desired response. But it is the honest truth that supporting Microsoft is supporting illegal, anticompetitive behavior. There is simply no way around that. And there is no way around the fact that modding the above comment as Troll is an abuse of the moderation system.

The CHP tried to recruit me to be a field officer and drive around issuing people tickets they don't really deserve. I straight up told the cop who was trying it that I don't believe in the system, with its criminalization of victimless crimes, and widespread use of selective enforcement. See, I just happen to be the kind of guy who will actually stick up for what I believe in. And I am honest to a fault.

So before you mod me troll, perhaps you should consider that maybe, just maybe I might have a point. But you should definitely consider that I never troll. I piss people off enough just sharing my honest opinion. But before you believe that makes my comments Flamebait, read the Moderation FAQ and provided you understand English, you will be enlightened.

Re:Awwww, touching.... (1)

Kingrames (858416) | more than 7 years ago | (#18995547)

We should cut them some slack only if they're dangling by a rope over a pit.

And, might I add, the spikes in said pit should be +1, evil-outsider bane.

Re:Awwww, touching.... (0)

Anonymous Coward | more than 7 years ago | (#18996517)

I won't cut them any slack after this gem:

Welcome Slashdot readers. Since you won't read the existing comments before posting your own, I'll float some of the more significant ones here.

Re:Awwww, touching.... (1)

Saikik (1018772) | more than 7 years ago | (#18997935)

Flamebait?

Oh wait I see it... Maybe we should cut them some slack.

Twofo GNAA (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18994573)

File sharing faggots. [twofo.co.uk]

                        GNU GENERAL PUBLIC LICENSE
                              Version 2, June 1991

  Copyright (C) 1989, 1991 Free Software Foundation, Inc.
          59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.

                                Preamble

    The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.

    When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.

    To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.

    For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.

    We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.

    Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.

    Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.

    The precise terms and conditions for copying, distribution and
modification follow.

                        GNU GENERAL PUBLIC LICENSE
      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

    0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.

    1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.

You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.

    2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:

        a) You must cause the modified files to carry prominent notices
        stating that you changed the files and the date of any change.

        b) You must cause any work that you distribute or publish, that in
        whole or in part contains or is derived from the Program or any
        part thereof, to be licensed as a whole at no charge to all third
        parties under the terms of this License.

        c) If the modified program normally reads commands interactively
        when run, you must cause it, when started running for such
        interactive use in the most ordinary way, to print or display an
        announcement including an appropriate copyright notice and a
        notice that there is no warranty (or else, saying that you provide
        a warranty) and that users may redistribute the program under
        these conditions, and telling the user how to view a copy of this
        License. (Exception: if the Program itself is interactive but
        does not normally print such an announcement, your work based on
        the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

    3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

        a) Accompany it with the complete corresponding machine-readable
        source code, which must be distributed under the terms of Sections
        1 and 2 above on a medium customarily used for software interchange; or,

        b) Accompany it with a written offer, valid for at least three
        years, to give any third party, for a charge no more than your
        cost of physically performing source distribution, a complete
        machine-readable copy of the corresponding source code, to be
        distributed under the terms of Sections 1 and 2 above on a medium
        customarily used for software interchange; or,

        c) Accompany it with the information you received as to the offer
        to distribute corresponding source code. (This alternative is
        allowed only for noncommercial distribution and only if you
        received the program in object code or executable form with such
        an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.

    4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.

    5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

    6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.

    7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.

It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.

This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.

    8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.

    9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

    10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.

                                NO WARRANTY

    11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

    12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

                          END OF TERMS AND CONDITIONS

                How to Apply These Terms to Your New Programs

    If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

    To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

        Copyright (C)

        This program is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation; either version 2 of the License, or
        (at your option) any later version.

        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
        GNU General Public License for more details.

        You should have received a copy of the GNU General Public License
        along with this program; if not, write to the Free Software
        Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:

        Gnomovision version 69, Copyright (C) year name of author
        Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
        This is free software, and you are welcome to redistribute it
        under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:

    Yoyodyne, Inc., hereby disclaims all copyright interest in the program
    `Gnomovision' (which makes passes at compilers) written by James Hacker.

    , 1 April 1989
    Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

Recalling a security patch? (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18994627)

Wow. Microsoft made a security patch that was so bad it had to be recalled?!? It's even worse than I thought...

What the... (2, Insightful)

P2PDaemon (723609) | more than 7 years ago | (#18994667)

Why are the trolls out in force here? Oh, Microsoft... Nevermind...

Re:What the... (0)

Anonymous Coward | more than 7 years ago | (#18995171)

Your post might have been funny if it wasn't among like the first four. In other words, you are the troll.

If this happened at Apple... (5, Funny)

Jadware (1081293) | more than 7 years ago | (#18994781)

Raymond Chen would be iFired, or at least told to iRTFM.

Re:If this happened at Apple... (1, Funny)

mobby_6kl (668092) | more than 7 years ago | (#18995147)

That, or he would've been iGiven some iBackdated stock

Re:If this happened at Apple... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18995857)

He wouldn't be fired. Apple users are so thick headed that any bug in their system they embrace. Apple has a nice little thing going where they have so much goodwill towards their company...even if they over charge you and put out faulty hardware/software, the users still think it has been handed down from heaven.

For comparison... (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18997255)

It's a shame nobody at Apple is allowed to admit why their POS OS is constantly getting wtfpwned by remote exploits. But it's hard to have people admit their mistakes when your PR machine is 24/7 pumping out the falacy that OS X is "perfect".

Every month is a MOAB!

The Money Quote (4, Interesting)

SixFactor (1052912) | more than 7 years ago | (#18994821)

You're about to be Slashdotted.

Seriously, it's good to get a glimpse of the interactions in the dev side of MS. It's astonishing that MS even allows this to happen at all. The March 07 Wired had a feature on Channel 9 [wired.com] that humanized the MS organization quite a bit, IMO. It's not just about chair-throwing, marketing hyperbole, and world domination after all... oh wait.

Re:The Money Quote (2, Funny)

snowgirl (978879) | more than 7 years ago | (#18994963)

Your sig: Sheep, Sheepdog, or Wolf: Choose.

I choose moof [wikipedia.org] !

Re:The Money Quote (1, Offtopic)

SixFactor (1052912) | more than 7 years ago | (#18995193)

That's funny. The origin of my sig, if you didn't know already can be found here [blackwaterusa.com] . It presents an apt analogy of human reactions to danger (wolves).

Fascinating (4, Insightful)

wbean (222522) | more than 7 years ago | (#18994909)

This is fascinating. The system for exiting a process is so complicated that a lot of implementations fail. In fact, it's so complicated that even Microsoft can't get it right. Sounds like an unbounded loop to me.

Re:Fascinating (0)

Anonymous Coward | more than 7 years ago | (#18995311)

Sounds they tried to solve the Halting problem, and the code suffered from well, the Halting problem.

Re:Fascinating (2, Insightful)

Anonymous Coward | more than 7 years ago | (#18995471)

Sounds like an unbounded loop to me.
That's quite an appropriate analogy. If you RTFA, you would know that the loop in question is designed to be bounded by a guard variable/event, but they had already terminated the thread that sets the guard to the state that allows the loop to terminate.

The root cause of the hang is that most programmers are not really aware of the states involved at process termination, so they assume invalid things about the DLL process termination event -- namely that it's okay to wait for something that may have been locked/entered by a child thread.

p.s. To the sibling AC, I know you were going for funny, but they're not trying to solve the haling problem.

Re:Fascinating (4, Interesting)

Timesprout (579035) | more than 7 years ago | (#18995655)

Raymond has touched on the complexity of their software before and noted that oftentimes the complexity was not acually a product of the fuctionality but due to fixes, patches and additions to the code over time. To his credit he has in the past admitted that issues similar to this one were introduced because the core problem ie loading faulty shell extensions was not addressed directly for reasons of time/money/too scared to touch it/whatever and the hacks and workarounds only served to pointlessly bloat the complexity of the whole system. It's also worth noting that this complexity creep was not entirely due to MS. They had 10s of millions users with god knows how many applications which the MS dev teams struggled to support with backwards compatability etc. Raymond has admitted in the past that specific checks were put in the OS for certain applications to keep them functioning. Nice if you are a third party developer but just asking for trouble for your OS.

Revealing (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18998211)

And points out how their anti-competitive lockin approach has not only bitten them in the ass repeatedly, but only gotten worse as they incur additional scars on the scar tissue. The only reason they have to have their developers struggling to support third party apps is because they have never released proper APIs, and do not follow their own published interface methods when implementing features in Windows. With publicly available, stable APIs and consistent implementation the third party developers could deal with it themselves and everyone would benefit.

An error he committed? (5, Insightful)

drinkypoo (153816) | more than 7 years ago | (#18994935)

he talks about how an error he committed led to the recall of a Windows security patch.

Okay, he made an error. Why the HELL wasn't it caught in QA? Microsoft wants us to believe that the reason that we have to wait for patches is that they are getting some kind of exhaustive QA. This patch and executable were specifically created to avoid problems with invalid shell extensions. Don't you think that given that fact the thing to do would be to test it with some invalid shell extensions?

This is the reason that Windows admins have to be so much more paranoid about patches than the rest of us. A Windows patch is highly likely to be a big pile of crap that causes your system to not work properly. I think we can all remember certain service packs that broke various versions of Windows NT pretty much completely...

If you can't have confidence that security patches will fix more than they break, how can you have sufficient confidence to even install that vendor's products, let alone count on them for mission-critical applications?

Re:An error he committed? (0, Troll)

Joe U (443617) | more than 7 years ago | (#18995075)

I think we can all remember certain service packs that broke various versions of Windows NT pretty much completely...

Actually, I don't. Was it before Windows NT 3.1 beta? Because that's when I started using it.

I do remember service packs that broke verious versions of windows NT that had some software loaded on it that really shouln't have made it out of beta testing.

Re:An error he committed? (0, Redundant)

geekoid (135745) | more than 7 years ago | (#18995291)

NT 3.1?

Re:An error he committed? (1)

sconeu (64226) | more than 7 years ago | (#18995465)

NT4 SP6, I believe SP6a was the fix.

Re:An error he committed? (1)

drinkypoo (153816) | more than 7 years ago | (#18995843)

Note that both XP and Win2k have -a-designated service packs, and for much the same reason, although the NT4 one was the one (IIRC) that gave me such a headache. Reports of the destruction started coming in RIGHT after I installed the damned thing on my first system. And only NT system at the time, since I was working for a mostly-Unix shop.

Re:An error he committed? (1)

drinkypoo (153816) | more than 7 years ago | (#18995525)

I do remember service packs that broke verious versions of windows NT that had some software loaded on it that really shouln't have made it out of beta testing.

Yes, they were running Windows NT.

But seriously, Microsoft's claim to fame is backwards compatibility... significantly changing the way the system works without even making a minor revision update (let alone a major one) is very naughty.

XPSP2 broke a mad pile of software. Before that we had windows 2000 service pack... 2? I think that was the REALLY horrible one.

I recall there was a very bad service pack for NT4, as well. But nothing bad with 3.51. I miss 3.51 a lot, but it only supports filesystems up to 2GB and things like that, so no matter what it's pretty useless today.

And of course, no version of NT comes even close to the sexiness that is Linux. But I've been using NT since 3.51 (I did not have the misfortune to get involved earlier) and while I might not remember all the details of WHEN I was screwed over by service packs, who would want to? It's not like I'm going to start running old versions.

Re:An error he committed? (0)

Anonymous Coward | more than 7 years ago | (#18996025)

What I remember about NT is that you had to reboot to apply the change of cursor position caused by moving the mouse, and had to re-apply the latest servicepack when you dared to toggle a checkmark. But this remembrance may be colored over time.

Re:An error he committed? (1)

Duhavid (677874) | more than 7 years ago | (#18996449)

NT4.0 was a bit broken itself...

I was writing a component to track files in a system, and we
were not to use a DB for this. So, we stored them in the file
system. I wrote a stress tester for this component, which
caused it to write files like mad. Long story short, after
all the activity, the machine appeared to be OK. Next reboot,
however, it would die. Repeatable. Very repeatable.

Fixed in the next SP.

Course, recently, we just decommissioned a DB server, 2003
server, MSSQL 2000, if I ran a script against the DB
that was "too stressfull", the machine would power off,
no entry in the event log, no warning, no nothing.
OS was not hung, there was nothing, except a need to
power the machine back on.

Re:An error he committed? (0)

Anonymous Coward | more than 7 years ago | (#18997893)

Course, recently, we just decommissioned a DB server, 2003
server, MSSQL 2000, if I ran a script against the DB
that was "too stressfull", the machine would power off,
no entry in the event log, no warning, no nothing.
OS was not hung, there was nothing, except a need to
power the machine back on.


You had a bad capacitor on the motherboard/cards or a bad ram chip. Classic behavior.

Re:An error he committed? (1)

jddj (1085169) | more than 7 years ago | (#18995101)

No love for Apple on this one.

Tried to install 10.2.8, 10.3.9, 10.4.9, or virtually any Security Update?

C'mon, admit it: you held your breath, didn't you?

Re:An error he committed? (1)

drinkypoo (153816) | more than 7 years ago | (#18995213)

Well, I have no love for Apple either (I remember System 7, and frankly I'm not all that impressed by OSX in ANY way, including look-and-smell) but I've been using OSX off and on since 10.1 and have never had the kind of problems with any OSX update that I did with whatever Win2k update that was. SP1 maybe? I blocked it out it was so bad. I just went from the latest version of OSX 10.3 to 10.4.9 (we made the update late) and the system works WAY WAY WAY better than it did before the update.

Re:An error he committed? (1)

dedazo (737510) | more than 7 years ago | (#18995731)

have never had the kind of problems with any OSX update that I did with whatever Win2k update that was.

Absolute control of the hardware on which your software runs can come in handy, I guess.

Re:An error he committed? (1)

mosch (204) | more than 7 years ago | (#18995257)

C'mon, admit it: you held your breath, didn't you?

No, I just watched them install. OS X isn't some bug-free panacea (I've had grey screens, etc.) but I've never had an update blow up my computer.

Re:An error he committed? (1)

bmajik (96670) | more than 7 years ago | (#18995815)

Oh.

http://blogs.msdn.com/mattev/archive/2004/06/21/16 1770.aspx [msdn.com]

You should read this, which I wrote a few years ago, and which upset many mac zealots (as seen from the comments)

Re:An error he committed? (2, Funny)

Lars T. (470328) | more than 7 years ago | (#18996311)

Yeah, trying to fix a broken registry is SOOO much easier.

Re:An error he committed? (1)

cheater512 (783349) | more than 7 years ago | (#18996573)

The fact you posted that on msdn.com AND things like that arent common at all on Mac OS means your just trolling.

Also keep in mind that if Windows had the same symptoms then the box would just get a reinstall.

Re:An error he committed? (5, Informative)

NickFitz (5849) | more than 7 years ago | (#18995169)

As he points out in his response to the second comment on his blog post, internal testing can't possible cover every single third party shell extension on the planet. (Nor does he try to use that as an excuse for his screw-up.)

Re:An error he committed? (3, Insightful)

geekoid (135745) | more than 7 years ago | (#18995323)

While Kudos to him for taking responsibility, the QA excuse doesn't seem to fit.

IT was an error hat happened all the time, under its most basic use.

While the global OS QA might be excused for some wierd bug that happens under unforseen circumstance, this wasn't even tested to see if it fixed what it wqas supposed to.

Sounds like sloppy(i.e. none) QA to me.

Re:An error he committed? (1)

geekoid (135745) | more than 7 years ago | (#18997747)

"Sounds like sloppy(i.e. none) QA to me."

Much like the QA that went into the spelling of my post.

Re:An error he committed? (1)

drinkypoo (153816) | more than 7 years ago | (#18995333)

internal testing can't possible cover every single third party shell extension on the planet.

Especially if they aren't actually trying to break it!

If they were trying to break it, then they almost certainly would have discovered this flaw.

Most likely they just have a small handful of shell extensions that they would install and test with.

What this says to me is that there was no intelligence behind the test plan.

Sure, the guy made a mistake. But it is the purpose of testing to make sure that the software works correctly. They obviously did not have a sufficiently complicated set of tests for the software.

Re:An error he committed? (1)

Quantam (870027) | more than 7 years ago | (#18995473)

Most likely they just have a small handful of shell extensions that they would install and test with.

I see even after people responded to you you STILL didn't RTFA. The particular shell extension was for a printer that was so old it wasn't produced at the time the patch was made. How many pieces of hardware does Windows support? Do you want them to test EVERY one of them with every single bug fix? You're batshit insane; even the entire OSS community combined couldn't pull that off.

Re:An error he committed? (-1, Troll)

drinkypoo (153816) | more than 7 years ago | (#18995681)

I see even after people responded to you you STILL didn't RTFA. The particular shell extension was for a printer that was so old it wasn't produced at the time the patch was made. How many pieces of hardware does Windows support? Do you want them to test EVERY one of them with every single bug fix?

You are incredibly fucking stupid. Welcome to my foes list.

I R'd TFA before you made your FIRST stupid fucking comment with your stupid fucking assumption.

Guess what? If one shell extension can cause the problem, then another shell extension can likely cause the same problem. He never explains why that would not be true, so there is no reason to assume that it would not be true. Generally speaking, there's more than one way to write a program that does the same thing, and there's more than one way to arrive at the same error condition.

Does that help you understand my objection, oh ye of little brain?

There is even a comment which raises a more detailed question [msdn.com] about the explanation, which has not yet been answered.

On one last personal note: Don't try to out-asshole me. You will fail. I'm not exactly proud of that, but you need to pull your head out of your ass before you come after me.

Re:An error he committed? (3, Funny)

Quantam (870027) | more than 7 years ago | (#18996099)

Guess what? If one shell extension can cause the problem, then another shell extension can likely cause the same problem. He never explains why that would not be true, so there is no reason to assume that it would not be true. Generally speaking, there's more than one way to write a program that does the same thing, and there's more than one way to arrive at the same error condition.

Thank you for making one of the most obvious (and thus pointless) statements of the century (did you know that things fall to the ground when you drop them? I'm completely serious) Yes, you are absolutely correct. In any relatively deterministic system, doing something bad in a predictable way will cause the same failure, predictably. Obviously, as this is deterministic, who is doing said bad thing in said predictable way is irrelevant; thus, multiple things may do the same bad thing with the same bad outcome. The blindingly obvious question this raises is exactly how many things do this. Whether 1 or 2 (or even 10) pieces of hardware do this makes little different if there's 5,000,000 pieces of hardware to test, and you only have the manpower to test 5,000 of them. Would you call testing a patch with merely 5,000 pieces of hardware horribly negligent? If so, I suggest you go work for them, and demonstrate that it's possible to test all 5,000,000 pieces in one month (several times, actually, as there are several patches to check).

There is even a comment which raises a more detailed question about the explanation, which has not yet been answered.

That poster is correct in his last paragraph (and the preceding paragraph, which indicated the problem): it was overlooked because, if it was going to break in this patch, it would have been breaking before this patch, as well; only the timing would have changed. Do you check every morning when you get up to make sure the sky is still blue and the grass is still green (I can smell the jokes coming already)? There are a million ways to do things that MSDN tells you specifically to never ever ever do; do you expect MS to check third-party code for every single one of them?

On one last personal note: Don't try to out-asshole me. You will fail. I'm not exactly proud of that, but you need to pull your head out of your ass before you come after me.

I am hurt that you give me so little credit. I would never attempt to challenge you at something I am so totally and obviously outclassed in. I would be much more concerned if you put me on your friends list.

Re:An error he committed? (0)

rtb61 (674572) | more than 7 years ago | (#18997787)

Why bother getting upset either way. The whole thing has the smell of being nothing but a scripted marketing piece. Humanising the beast, M$ we do testing, honest (truly hard to believe after some of the most stupid possible bugs).

As for the sneaky, "was included with a printer driver for a printer that is no longer manufactured", typical microspeak, it doesn't say that it also wasn't included with a whole range of other drivers, just that it was specifically in that one (sounds better in marketing terms, last years model of this years rebadged identical printer).

M$ problem has always been the quick dirty fix to keep bad coding concepts alive, insufficient testing, releasing a beta as final and using customers as free testers, and always trying to rebadge support pack as a new product, but still stuffing up the concept by inserting news bugs and security holes.

Now M$ are getting their coders to publicly take blame as individuals for the failings of an incompetent management team, a new low is M$ marketing.

Re:An error he committed? (1)

mangu (126918) | more than 7 years ago | (#18995685)

How many pieces of hardware does Windows support? Do you want them to test EVERY one of them with every single bug fix?


The way I envision Microsot QA is a huge warehouse full of every hardware device they could get, with computers having every version of OS that they ever shipped and a switching system to let any of that hardware be tested with any of the computers. Total cost of that warehouse would be in the million$, which means about 0.1% of total Microsoft market capitalization.

Re:An error he committed? (1)

Quantam (870027) | more than 7 years ago | (#18996265)

The way I envision Microsot QA is a huge warehouse full of every hardware device they could get, with computers having every version of OS that they ever shipped and a switching system to let any of that hardware be tested with any of the computers. Total cost of that warehouse would be in the million$, which means about 0.1% of total Microsoft market capitalization.

A million monkeys on a million computers in a big warehouse, eh? Heh, now there's a mental image. I wonder how long it would take them to do Q/A on Windows...

Re:An error he committed? (4, Insightful)

Blakey Rat (99501) | more than 7 years ago | (#18997015)

And the manpower to run it all costs... how much?

Seriously, though, just putting all that equipment in one building would create a zeppelin-hangar-sized building. Finding any specific router or PCI modem would be near impossible. The logistical difficulties of your plan I think would be insurmountable, not even considering the manpower question.

The real point Raymond mentions is that if MS does tons of testing on all the hardware they have available, they get bad press for being slow to release patches. If not, they get bad press for having to recall buggy patches. It's a lose/lose situation for them.

Linux driver support (0)

Anonymous Coward | more than 7 years ago | (#18998109)

I see even after people responded to you you STILL didn't RTFA. The particular shell extension was for a printer that was so old it wasn't produced at the time the patch was made. How many pieces of hardware does Windows support? Do you want them to test EVERY one of them with every single bug fix? You're batshit insane; even the entire OSS community combined couldn't pull that off.
Ah, so the lack of Linux driver support for common peripherals is a feature not a bug!

Re:An error he committed? (1)

Nutria (679911) | more than 7 years ago | (#18996589)

As he points out in his response to the second comment on his blog post, internal testing can't possible cover every single third party shell extension on the planet.

But it shouldn't have such a fragile design in the first place.

Of course, a lot of things about MSFT operating systems should be different, but aren't.

Re:An error he committed? (0)

Anonymous Coward | more than 7 years ago | (#18995267)

I bet the ExitProcess() error happened in IE where the thread interface was used and the testing was done by involking the vlclsid.exe from a shell or the VC IDE where the process interface was used. They changed the front end of the program and forgot to change the back end.

Re:An error he committed? (1)

BAILOPAN (694545) | more than 7 years ago | (#18995341)

If you read the article, you'd see he addresses that sort of comment. There's two issues:

1) There's a lot of pressure to get a security patch out as soon as possible;
2) It's impossible to test every single case (the breaking case was a shell extension for a printer that wasn't even being manufactured anymore)

As Raymond likes to say, "you can't have everything."

Re:An error he committed? (0, Flamebait)

drinkypoo (153816) | more than 7 years ago | (#18995755)

If you read the article, you'd see he addresses that sort of comment.

Now look kid, I read the fucking article. Don't make stupid assumptions. It only makes YOU look like an ass. It doesn't do shit to me except piss me off and suggest to me that I'm dealing with an idiot.

1) There's a lot of pressure to get a security patch out as soon as possible;

Microsoft still typically makes us wait for them, days to weeks after they are reputed to be completed. One of two things is true in these situations. Either the patch is still under development and they are somehow lying to us about this, which I don't see any benefit in, or they are doing something to the patch, which might or might not be QA.

But Microsoft claims that the delay is for QA. So surely you can understand how I might be dismayed at the apparent lack thereof.

2) It's impossible to test every single case (the breaking case was a shell extension for a printer that wasn't even being manufactured anymore)

You don't need to test every case, only every case it's possible to achieve, and if Microsoft isn't running complex automated test suites, then what ARE they doing with all that time? Working harder instead of smarter, and having a bunch of interns run the test cases manually or something?

And since reports of that patch causing hanging were widespread, it seems foolish to assume that all of them were due to the printer driver, which was never explicitly stated.

More information is necessary to clear this up. A simple blog post with one little note for slashdot readers does not a complete clarification make. It's interesting but mostly, to me, it raises more questions.

You are welcome not to ask these questions, but personally I believe almost nothing I read or am told and only half of what I see.

Re:An error he committed? (1)

RobertM1968 (951074) | more than 7 years ago | (#18998197)

Ya know, you are right, you are an arrogant ass, or whatever you admitted to be - and pretty good at it, as you also admitted... but right as rain as well!!! :-)

Gotta add you to my friends list - for both reasons!!! ;-)

Oh - but here's something to add to your response... if MS knew which printer driver for which outdated printer (as they seem to be indicating they do), then why not use that driver for the test? Of course, I too agree with you and think especially with the number of responses about this fix causing issues, that printer driver was far from the only culprit - or may not even have been the culprit for the bug that surfaced in the fix...

Well, I'm content with people here reading 1/4 of the article and posting dribble - especially since your responses point out their shortcomings far better than I could!

:-)

Re:An error he committed? (1)

Quantam (870027) | more than 7 years ago | (#18995405)

Okay, he made an error. Why the HELL wasn't it caught in QA? Microsoft wants us to believe that the reason that we have to wait for patches is that they are getting some kind of exhaustive QA. This patch and executable were specifically created to avoid problems with invalid shell extensions. Don't you think that given that fact the thing to do would be to test it with some invalid shell extensions?

How to tell if somebody has only read the summary: they ask a question that was explicitly answered in the link. How to tell that most mods haven't read the article either: said post gets modded insightful.

Re:An error he committed? (1)

Alon Tal (784059) | more than 7 years ago | (#18996035)

Raymond answered this question in his comments section -- see http://blogs.msdn.com/oldnewthing/archive/2007/05/ 04/2402028.aspx#2412469 [msdn.com] . The bug was in a shell extension provided with a printer that was not even manufactured anymore when this patch was developed. Even exhaustive QA cannot be reasonably expected to test all Windows shell extensions in existence.

Re:An error he committed? (1)

RobertM1968 (951074) | more than 7 years ago | (#18998227)

Raymond did not answer the question, he made a statement that may or may not be unrelated.

"Is it raining out?"

"Dont you see my umbrella?"

And what does that mean? Nothing other than I brought my umbrella with me to work for reasons I havent stated... nor have I stated it was raining.

Raymond's marketing doublespeak doesnt say much of anything other than he made a mistake (with some explanation of the mistake) and that he is upset that people complain that a patch takes too long and that people complain that not enough QA is done. Nothing more and nothing less.

Re:An error he committed? (5, Insightful)

bmajik (96670) | more than 7 years ago | (#18996087)

I'm a software tester at Microsoft, although I'm not involved with the Windows team or the security process.

Just so we're clear:

Microsoft is not selling you products that have gone through exhaustive QA, nor are we issuing patches that have gone through exhaustive QA.

The key word here is "exhaustive".

You can imagine that as much as it costs a business when they get a hotfix from us that breaks them, it costs us _at least_ that much in real employee hours (dollars), not to mention the direct and indirect, monetary and non-monetary costs of having to admit that we screwed up a patch.

Software testing cannot tell you how good your product is, only in what ways it doesn't appear to be bad. Every release decision is a _decision_, and its based on necessarily incomplete data put together by imperfect humans with non-infinite time.

A release decision is a culmination of many nested risk/reward tradeoffs. Sometimes, that decision gets made incorrectly, or at least gets made in a way with known or even unknown downsides.

You'll notice that the patch was an interaction problem with an antique 3rd party product. From my time doing admin work on Solaris, IRIX, and Linux machines, I can tell you the big difference between this situation and "those" situations. I never _ran_ 3rd party software on Solaris, IRIX, or Linux (well, I ran 3rd party software on linux all the time, but i just expected it to break anytime i patched anything.. it was a mandatory recompile of any dependant libraries and applications).

I also think your glasses are a little rosy. There were some IRIX patches back in the day that you couldn't back out. Or that wrecked your XFS volumes. I think in every operating system there has been at least one instance of a patch / upgrade / new version that some user opted to back out, because it hurt them and their scenarios more than it helped.

I run very little non-Microsoft software on my windows machines and thus I rarely worry about patches from MS. If you're doing something weird, you need to be more risk averse. IIRC, Microsoft's official recommendation for businesses with critical systems is to install patches in a pre-production environment to ensure compatability with the specific intricacies of your business. You can choose to play fast and loose, but you should be aware that you're making a risk/reward tradeoff decision, based on incomplete data.

Just like we have to do.

Re:An error he committed? (1)

Nutria (679911) | more than 7 years ago | (#18996543)

Microsoft is not selling you products that have gone through exhaustive QA, nor are we issuing patches that have gone through exhaustive QA.

Why not?

http://finance.yahoo.com/q/bs?s=MSFT&annual [yahoo.com]
Last year, your employer earned US$12,600,000,000 profit and has US$34,000,000,000 in cash. Certainly they could pony up for a comprehensive test suite.

But... "you" don't have to. Why should MSFT create a decent product when sheeple, people who are managed by short-sighted idiots, and people trapped by vendor lock-in are shoveling money hand-over-fist into your coffers?

Re:An error he committed? (1)

VertigoAce (257771) | more than 7 years ago | (#18997071)

Exhaustive QA means that you tried every possible case. Any state that the computer could possibly be in you must have tested. Any possible combination of hardware and drivers must be tested. In other words, Microsoft would have to test more combinations than will ever exist in the wild. If your system has more than 8 bytes of memory, good luck testing all possible combinations.

So your test plan can't be "exhaustive" (he was using the definition: "treating all parts or aspects without omission"). Instead you try to test as many aspects as you reasonably can. This is what Microsoft does for its tests.

Re:An error he committed? (0)

Anonymous Coward | more than 7 years ago | (#18997127)

Way to not read the post, buddy.

Re:An error he committed? (1)

rhk (8020) | more than 7 years ago | (#18998069)

Now there's conflicting information here. One poster says it was a common HP printer. You say it was an "antique 3rd party product". Now, unless microsoft makes printers now, I'm guessing you have a good chance of having 3rd party printer drivers on your machine.

Re:An error he committed? (0)

Anonymous Coward | more than 7 years ago | (#18996367)

Yeah... this kind of stuff *never* happens with OSS /rolleyes

Lesson (4, Insightful)

Jeffrey Baker (6191) | more than 7 years ago | (#18995041)

I think the lesson here is not that this guy should have been more careful about programming, it's that no amount of careful programming can overcome a stupid design. It's stupid that there are magical filenames in the form of UUIDs that cause Explorer to load and run arbitrary DLLs. You can't get around this stupidity with some kind of speculative watchdog thread that works with what sound to me like some seriously questionable heuristics.

They should have simply got rid of the magic naming system in favor of something explicit, such as a Shell Extension Interface that a shell extension must fully implement.

Re:Lesson (1)

slamb (119285) | more than 7 years ago | (#18995861)

It's stupid that there are magical filenames in the form of UUIDs that cause Explorer to load and run arbitrary DLLs. ... They should have simply got rid of the magic naming system in favor of something explicit, such as a Shell Extension Interface that a shell extension must fully implement.

It sounds like they tried to do that, but he said: "As we saw earlier, lots of people mess up IUnknown::QueryInterface". I'm not familiar with Windows or COM, but I take that to mean that the way they find out what interfaces an object implements is to...well, load and run arbitrary DLLs, as you say, then ask the class what interfaces it supports. They must have some central registry of class IDs to their locations on the filesystem, not one specific to shell extensions.

They could include in that registry the supported interfaces of each class and only load as shell extensions classes which explicitly list that interface, but...they'd lose backward compatibility. That's a show-stopper to Microsoft. So no matter how stupid we might think the interface is, they're stuck with it and have to hack to make it work as best as they can. (From what I understand, that happens a lot in the Windows world.)

To me, the lesson is this: either be willing to undo all your previous decisions (screw backward compatibility - not a popular decision with third parties using your interfaces!) or always get it right from the beginning, perfectly anticipating all changes over the lifetime of your decision (not an easy thing to do). Linux seems to basically choose the first path, and Windows...well...I guess they're trying to take the second path, but it seems like they've screwed up many times before and still are paying for it.

Re:Lesson (1)

mac.man25 (988406) | more than 7 years ago | (#18995971)

They should have simply got rid of the magic naming system in favor of something explicit, such as a Shell Extension Interface that a shell extension must fully implement.

So you mean they should have rewritten a core OS API after it had already been gold mastered? Yes, it was a stupid design to begin with, but that doesn't mean that it's possible to rewrite something like that. This is exactly the reason that Vista is having problems with compatibility. Because core API's were rewritten.

Mod parent down (0)

Anonymous Coward | more than 7 years ago | (#18996727)

"Shell Extension Interface that a shell extension must fully implement" - actually, shell extenstions must fully implement their shell extension interface. If you had RTFA (save the "you must be new here" jokes for later please) you would have known that that wasn't the problem.

Rather, they were trying to fix Explorer crashing on trying to see if an object implemented the interface, when this object was itself buggy enough to crash when you try to see if the interface is implemented by the object. Totally different issue.

Re:Lesson (2, Informative)

biscon (942763) | more than 7 years ago | (#18997155)

"They should have simply got rid of the magic naming system in favor of something explicit, such as a Shell Extension Interface that a shell extension must fully implement."
Seems to me like they had, how would you implement plugins otherwise?. The problem is that if explorer loads these plugins (which do adhere to an interface) and they do something stupid, explorer will hang, since it is the host process. This is bad since explorer.exe on windows is responsible for running the shell.
Therefore they choose to make a separate process (that vert something exe) try and load the plugin and run some tests. Questionable heuristics I agree, but giving those circumstances, I can't come up with any other way of doing it.
The magic names are used for creating instances of COM objects which as far as I know both KDE and Gnome also use in the form of DCOP and DBUS.

Re:Lesson (3, Informative)

I'm Don Giovanni (598558) | more than 7 years ago | (#18997369)

You clearly have no clue how COM CLSIDs work, do you?
There is no "magic naming system". Each plugin implements the shell extention interface and registers its CLSID; when explorer needs to load the plugin for a particular CLSID, it looks it up in the registry, finds the corresponding dll, loads it, and accesses the shell extension's COM interface.

And to think that your post was modded "Insighful" rather than "Arrogantly Ignorant".

Re:Lesson (2, Informative)

Jeffrey Baker (6191) | more than 7 years ago | (#18997989)

Thanks for your feedback ... The magic filenames are of the form {1768bcfe-9acf-4af5-b857-32eb9c640c4e} and if you name a file that way on the Desktop in Windows, Explorer looks up that UUID and loads the DLL, then QI's it into existence. The "magic" part here is that I can use _any_ DLL and Explorer will still try to QI it into a shell extension, which is obviously grossly unsafe, which is why they had to work around it.

Testing, testing, then releasing to the world... (0)

Anonymous Coward | more than 7 years ago | (#18995229)

The people at Norman Virus Control development will enjoy reading this... when they are not still at work or vast asleep.

Honesty (5, Insightful)

florescent_beige (608235) | more than 7 years ago | (#18995771)

This illustrates the kind of employee I like to have. One who can talk about his mistakes the same way he talks about anything else work-related.

Some years ago I myself made a rather expensive mistake which involved the design of an aircraft structure. The fellow I was working for at the time had one of those razor-blade intellects and I got called into his office for a chat. When he asked me what happened I had two choices, weasel or turkey. In engineering it's always possible to talk the complicated talk and hope to obfusticate your way out of a situation, but fortunately I said "I make a mistake." And you know what? That was exactly the answer he was looking for.

You see, the most important thing is not to be perfect, it's to be honest. That's what a boss, of which I am one now, wants.

If you have a boss that doesn't want that, better watch out for yourself.

Re:Honesty (0)

Anonymous Coward | more than 7 years ago | (#18996227)

Yeah good point, but what happens when your bosses are basically dishonest?

Like deceitful marketing, throwing tantrums, throwing chairs and creating McSoftware that makes McFood look gourmet?

education (2, Insightful)

Anonymous Coward | more than 7 years ago | (#18996495)

Reminds me of a famous story about Jack Welch, former GE CEO. One of the company's division managers made a mistake costing the company $10 million in one quarter. When the quarterly reports came out, he got a call from headquarters telling him to be in Welch's office in NY the next morning. Welch grilled the man for some time, asking him what he was thinking and how he could possibly lose so much money. When it seemed Welch had finished, the manager said he understood that Welch had to fire him now. To which Welch replied, "Why would I fire you when I just invested $10 million in your education?"

Re:Honesty (3, Insightful)

labnet (457441) | more than 7 years ago | (#18997483)

Being a Boss as well, thats exactly what our culture looks for.
Honesty, but without emotional baggage.
A stuffup is a stuffup, learn and move on.

Reading /. for so many years now, you would think 90% of posters are uber humans that never make a mistake, and be dammed if you do. Not sure if I would want to work for most of the /. crowd.
 

This one bit a client of mine... (5, Informative)

ktakki (64573) | more than 7 years ago | (#18996013)

On the day after Patch Tuesday, January 2006, I got a somewhat frantic call from a client. She's a lawyer, had a filing deadline, but could not save a document in MS Word. That's not all that this patch broke: you couldn't open My Computer or My Documents on the desktop (though you could navigate to them by typing the path in the Start -> Run box), and IE wouldn't let you type just "www.[website].com" in IE's address bar. You had to prepend the "http://".

I verified that "Save" and "Save As..." were not working in Word. Word would just hang and only Task Mangler could shut it down. I carry the Sysinternals utilities on CD and USB key, so I rebooted and ran FILEMON, REGMON, and PROCEXP to see what was happening when I tried to save a doc in Word. Sure enough, Word would spawn verclsid.exe as a child process and then hang.

I googled "verclsid" and "Explorer", got nothing on the web and about a dozen Usenet posts from people having the same problem. I played a hunch and renamed verclsid.exe to verclsid.exX. I do that when I'm manually hunting malware that leaves .exe and .dll files that are named just like Windows system files. Keeps my foot bullet-free.

Problem solved. When the patch for the patch came out, a working verclsid.exe was dropped in %system% and I deleted the .exX.

Oh, and the buggy third party shell extension came with a very common HP DeskJet printer. As for Google, the next day I googled "verclsid": there were hundreds of web results and Usenet hits. The day after, tens of thousands. This one bit a lot of people in the ass.

k.

Re:This one bit a client of mine... (0)

Anonymous Coward | more than 7 years ago | (#18996199)

Oh, and the buggy third party shell extension came with a very common HP DeskJet printer.

It is unbelievable how much crap HP has distributed with printers and scanners in the past couple of years!

Of course with some experience you can know that something must be wrong when the driver for your printer is a 200MB download, but apparently nobody at HP understands that.

Re:This one bit a client of mine... (1)

ktakki (64573) | more than 7 years ago | (#18996409)

I completely agree. HP really should make a lightweight drivers-only install available. I always end up whacking HP crapware that loads on startup with msconfig.

On the other hand, installing a business-class HP LaserJet printer is a breeze. Just the drivers, no crapware, no hidden updaters, no Imaging Center, no Share-to-Web bullshit.

k.

Re:This one bit a client of mine... (1)

Quantam (870027) | more than 7 years ago | (#18996441)

As it's always been Raymond's policy not to name names in incidents like this, and you seem to know, could you say what printer model this was?

Re:This one bit a client of mine... (1)

ktakki (64573) | more than 7 years ago | (#18997499)

That particular printer was a DeskJet 5600 series. Don't remember the specific model number, but HP drivers and software tends to be common across models in a series (e.g., 5650 and 5652 would use identical drivers). I believe that one of the 5600 series printers has a flash card reader for printing digital photos directly. This one didn't, but the HP software install loaded all that Imaging Center and Share-to-Web cruft anyway.

The Microsoft KB article [microsoft.com] that came out later that week mentioned that systems with HP scanners, digital cameras, and printers were affected. I think that this particular buggy shell extension added a "Share-to-Web" or "Open with HP Imaging Center" entry to a context menu.

k.

A bit more background info (4, Informative)

Marton (24416) | more than 7 years ago | (#18996823)

This pretty much rendered Windows useless (explorer, file open / save dialogs and the IE7 addressbar were not working) if you had software installed for HP cameras, HP scanners, or any HP DeskJet printer that included a card reader.

Courtesy of JSI FAQ:

You experience one or more of the following strange behaviors:

- You are unable to open special folders, like My Documents or My Pictures.

- Some 3rd party applications hang when accessing My Documents.

- Office files won't open in Microsoft Office if they are stored in My Documents.

- Entering an address into Internet Explorer's address bar does nothing.

- The Send TO context menu has no effect.

- The plus (+) sign on a folder in Windows Explorer does nothing.

- Opening a file via an applications File / Open menu causes the application to hang.

This behavior is caused by a new VERCLSID.EXE binary, which validates shell extensions before Explorer.exe, the Windows Shell, can use them. VERCLSID.EXE is installed by the MS06-015 (908531) security update.

The following 3rd party applications cause VERCLSID.EXE to hang:

Hewlett-Packard's Share-to-Web Namespace Daemon ("%ProgramFiles%\hewlett-packard\hp share-to-web\Hpgs2wnd.exe), auto-started from the Registry Run key and the Startup menu, which ships with:

                HP PhotoSmart software
                Any HP DeskJet printer that includes a card reader
                HP Scanners
                Some HP CD-DVD RWs
                HP Cameras

Sunbelt Kerio Personal Firewall which has a feature that prompts when Explorer launches VERCLSID.EXE, but you can configure it not to prompt.

To workaround this behavior, add the HP shell extension to the VERCLSID.EXE white list:

1. Open a CMD.EXE window.

2. Type the following command and press Enter:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sh ell Extensions\Cached" /V "{A4DF5659-0801-4A60-9607-1C48695EFDA9} {000214E6-0000-0000-C000-000000000046} 0x401" /T REG_DWORD /F /D 1

3. Shutdown and restart your computer.

NOTE: If you find other COM controls or shell extensions that cause this behavior, you can add them to the white list.

Re:A bit more background info (0)

Anonymous Coward | more than 7 years ago | (#18997565)

thats why i like windows, its not cryptic to administer like unix ;)

It was an HP printer driver... (1)

Kaenneth (82978) | more than 7 years ago | (#18998307)

I recently helped someone install a home printer from HP, the SMALLEST "driver" installation option was 400 MEGABYTES, it defaulted to over 800 megs!

That's just insane.

Now multiply that by all the different revisions and patches of the HP drivers, and consider testing each Windows/Application patch against it (on every language, for every version).

You could deforest the planet with test pages before you hit every code path.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?