The Story Behind a Windows Security Patch Recall 135
bheer writes "Raymond Chen's blog has always been popular with Win32 developers and those interested in the odd bits of history that contribute to Windows' quirks. In a recent post, he talks about how an error he committed led to the recall of a Windows security patch."
The Money Quote (Score:4, Interesting)
Seriously, it's good to get a glimpse of the interactions in the dev side of MS. It's astonishing that MS even allows this to happen at all. The March 07 Wired had a feature on Channel 9 [wired.com] that humanized the MS organization quite a bit, IMO. It's not just about chair-throwing, marketing hyperbole, and world domination after all... oh wait.
Re:Fascinating (Score:5, Interesting)
Revealing (Score:1, Interesting)
Re:Fascinating (Score:3, Interesting)
He also is there to give advice on things NOT to do in coding (and yes, he does indeed talk about bad things MS employees have done, although he never refers to exactly where he encountered a particular bad thing he discusses).
Re:An error he committed? (Score:2, Interesting)
> wants us to believe that the reason that we have to wait for patches
> is that they are getting some kind of exhaustive QA.
M$ doesn't have "QA". It has QC.
Quality Assurance is the fence at the top of the cliff that at each stage prevents faults from arising, and thus from impacting on later stages of development.
Quality Control is the ambulance at the bottom of the cliff that responds to the emergency call once the fault has been discovered.
Most places do not implement QA. They frequently have only the most rudimentary QC.
Given the phenomenal number of security flaws and other bug fixes that have to be applied every month (that's every month since WindowsXP was released six years ago), what type of quality management do you think M$ uses in it's development process?
Re:Fascinating (Score:3, Interesting)
I can feel Chen's pain -- it must have been awful trying to botch around the fallout from the first two stupidities, and then getting screwed by the third. I don't think that lets Microsoft off the hook at all, though. The responsibility for the hacked-together, poorly-planned, teetering heap of an OS that they now have to support (at tremendous cost) lies nowhere but at their own metaphorical feet.
Re:Backwards compatibility (Score:3, Interesting)
But they only have to maintain source-level compatibility. Microsoft has to maintain binary-level compatibility.
Also, when specific things are extremely and seriously broken, compatibility can be dropped altogether, and some buggy programs broken. Microsoft cannot afford to break buggy programs, even if those are few and far between - nobody can fix them.
Using a multi-threaded approach here, when SMP scalability is not an issue, suggests that either their API design is crap, and requires threading, or that their engineers are incompetent and use threads unnecessarily. Threads are never trivial - but what they were trying to do was quite trivial. Its their fault they involved threads in there.
Compare the complexity of APIs. fork/exec vs CreateProcess. open vs CreateFile. To use either of the Windows ones you have to call multiple APIs with multiple complicated structures documented upon pages and pages of explanations you must do more than skim through.
Windows may have similar complexity in some subsets of its APIs, but the Windows APIs I had the misfortune to use were insanely complicated unnecessarily.
Re:Backwards compatibility (Score:3, Interesting)
The far-simpler approach is to use asynchronous programming. Never use blocking API calls. All good API's always provide non-blocking interfaces.
If long computations are required, split them up into short computations and run the short computations asynchronously from the reactor (event loop).
Firstly, a process is not a thread. It is much safer and cannot cause another process's exit to hang or overwrite its memory/etc. Secondly, I would explicitly declare the interface the plugin must adhere to, and verify that it does, rather than just trying IUknown and watch it for "hanging" via a timeout heuristic.