Don’t Call the Police

M$ is asking anyone affected by the latest hot vulnerability in their amateur operating system to call the police. Don’t waste your time. M$ is part of the problem, not the solution. They want you to waste your time so that they can pretend to fix something in the meantime. Instead you should call your IT guys/gals (if you don’t have any, hire some or a consultant/system architect). Give them these instructions:
Get M$ out of my system STAT!

(STAT (statim – immediately))

Ideas that may be proposed include switching to Macs but that is the most expensive commonly used option and also is a system with a lot of top-down nonsense. GNU/Linux is a much better solution. It is a cooperative product of the world designed by people who do not want to invite malware into your PC, not salesmen.

The fastest way to go to GNU/Linux is to migrate files and databases to GNU/Linux servers and to convert the client machines to GNU/Linux via a network installation. Done right all that needs to be done is to set every machine to boot PXE as the first option and set up an LTSP terminal server in each department or office or set up an installation programme to boot with the machines. You are far better off to have a couple of days or a weekend of scheduled downtime than the devastation of the latest malware M$’s trojan invites in. Extremadura, Spain, converted 80K seats over a weekend. You can do it. To speed up network installations, I recommend using apt-cacher-ng to cache any packages downloaded from Debian’s repositories locally so that they can be served at LAN speed instead of web speed.

There is no limit to how bad malware can be. It can range all the way from sending spam e-mail from your machines to selling all customer lists and sabotaging data by rot over a long period of time so that by the time you catch it weeks of work could go down the drain. The worst case is killing your operation through lawsuits charging negligence in allowing disaster to happen when reasonable people know you do not allow malware to run on your systems.

If anyone objects that the migration is impossible or too much effort, retrain them or fire them. If your software is incompatible with GNU/Linux use other software or hire someone to create your own.

Come back to your senses. When the criminals tell you to call the police you know they fear the police less than your attention to your own business. Don’t let M$ tell you how to run your operation.

For ideas about how to migrate to GNU/Linux, check out these resources:

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

15 Responses to Don’t Call the Police

  1. oe says:

    I guess in the past I was a little more than a layman coding large numerical (number-crunching routines) and doing some very low level embedded controller coding, but OS and UI stuff I didn’t do. I did in the early-to-mid 90’s have to modify and compile some of the early LINUX c-code in Slackware, to get myself and a couple other labmates some “poor man’s” workstations, these UNIX workstation’s running a cool $10K at the time, for writing numerical code (mainly FORTRAN) on. That is where my great respect for GNU-FOSS coders was built, the C-code was so well commented and structured that a non-systems/OS/UI programmer could go in tweak code to get modems, video cards and the like running. Today, I use GNU/LINUX, for the 180-degree opposite reason, mainline LINUX distro’s out-Mac a Mac.
    Perhaps your informative execution module dependency charts explain why, a decade ago, while setting up an off-site project intra-net server I shoved aside a pupose-ordered “screamer” (something like a P3-600Mhz) system Win2000/IIS on some Dell kit, pulled down a “Redhat for Dummies” Book and CD and pulled out a scrap heap (a P1 – 90MHz) system. After two weeks of wasted effort on Win2K/IIS the site was barely working, no authentication, no encryption. The Red Hat/Apache plan B, complete with authentication, and encryption plus the sweetener of a cron-shell scripted backup of the current data took a single day….that how well the printed as well in electronic HOT-TO and configuration files where setup in the FOSS. The old hardware ran the whole ball of wax much faster than what the new kit could barely serve up.

  2. I am more than a layman at programming. I have worked on programmes that have been around for years with the addition over time of lots of “features”. If something is added that is not logically required the code becomes fluffy and tangled like spaghetti, thus making it much more likely that errors creep in. It is harder to find the errors, too.

    That other OS, requiring “backwards compatibility” to make the users think they don’t have to learn anything to use it, must have that kind of complexity. That’s why it takes them so long to fix a vulnerability. The fault is not just in one spot in the software but many. It is also hard to change anything without messing up what is going on in other places in the code.

    You can get an idea about this by examining these execution tracings of Apache and IIS displaying an image file. It should be just copying a file, right? No. M$ has more it wants to do…



    It looks like spaghetti doesn’t it? Note that the length of lines is irrelevant. That’s just moving from one instruction to another. The number of lines is the key. That is a measure of how many times the computer jumps around to different places in the code to do the job. A simple job like displaying an image should take fewer jumps than something more complex. M$ makes everything complex.

    Thanks for the inspiration to dig up these images that are execution traces of two web servers displaying an image.

  3. oe says:

    It would be interesting if Redmond (or Cupertino for its proprietary layers) ever open-sourced Windows and Office. My out of thin air guess is that they are a case study in how NOT to engineer a large complex software system. Most programmers used to coding tight, need structured code (e.g. the likes of R Stallman and the FOSS wizards, whose handiwork is out there in the public to inspect and where reputation capital is built on the elegance and structure of naked code) would probably be horrified by the mess that would be the windows source..given the problems with Macs and slow patching, my guess is Cupertino’s closed parts are probably in a better state than Redmond but nowhere near the quality of any mainline LINUX source repository…again purely an educated layman’s guess…..

  4. That is a bit far fetched. I would bet Hell freezes first…

    If it did happen I still think FLOSS would carry on as usual because no FLOSS project except maybe IBM or Oracle is big enough to deal with that much bloatware. Really, if M$ is all-in with the cloud, they could just as well use GNU/Linux on the client. They would not need the old cash cows to give milk. Just read a transcript of the cheerleader inspiring the partners. I hate to plug M$’s site but anyone who thinks M$ is an organization of sane/ordinary people should be frightened by the prospect of a million or so “partners” doing M$’s bidding in the cloud. They seem to be saying all the right things to push for the cloud but they still depend on the old cash cows. People are interested in the cloud to cut costs and improve efficiency but M$ is intent on milking it for all it’s worth. They could cut costs per client and increase the number of clients but there is no clear plan yet…

  5. Ray says:

    What if tomorrow, Microsoft went out of the OS and Office business, and made all of them open source, wouldn’t it be the day linux on the desktop dies?

  6. A-C stated as fact without proof:
    “At the end of the day, the people who get paid to provide things that work well choose Windows servers by more than a 4 to one ratio over Linux. On the desktop Windows has an almost two orders of magnitude lead over Linux.”

    Prove that. You do not know the number of servers running GNU/Linux even if you knew how many licences for that other OS were sold. We see on the web Apache is 55% of active websites and that other OS is what, 18%. Some IT pros disagree with A-C I guess.

    Same on the desktop. The web stats are a pretty poor sample so are unreliable. I doubt OEMs would be producing PCs with GNU/Linux for only 1%. IDC reported GNU/Linux was 3% many years ago and there has been a steady increase in activity so I expect the share must be larger. Now we have ARM on hundreds of millions of smartphones. That’s a lot of share M$ does not have. Quite clearly, people can reasonably choose GNU/Linux if they have the choice.

  7. You do not get to set the agenda here. I do not accept that a troll can tell me what is legitimate on my blog. You stated that pros don’t choose GNU/Linux and I provided evidence to the contrary. GNU/Linux is the perfect solution in a lot of cases, particularly where usage is not for lots of exotic applications and cost matters. Cost may not matter for a business that earns a megabuck per PC but it matters for lots of organizations and individuals who do not have a lot to spend. It should matter to every organization, otherwise they are wasteful. My Daddy taught me, “Waste not, want not.” That’s true in IT. All kinds of businesses that used to run PCs 3 years and upgrade are keeping them twice as long because it is wasteful to do that and quite unnecessary, yet lots of lazy IT people will tell you they are an M$ shop and they change PCs every three years because that is “best practice” with no facts to back that up. I analyze price/performance whenever I ask my employer to spend major bucks and my employers appreciate it.

    My experience is a reference for my opinions, not the value of GNU/Linux. I defy any IT pro to defend the choice of that other OS over GNU/Linux on price/performance any day.

    You belittle my experience. You belittle me. Good bye.

  8. amicus_curious says:

    BTW, when you are using your claimed experience as sole proof of the validity of your claims, attacking that experience as insufficient is not ad hominem at all.

  9. amicus_curious says:

    On the other hand a huge number of IT pros choose Windows, many moreso than the handful you name who may have picked Linux. You want to disparage all the professionals who fail to choose your ways as “taking the easy way out”. This can easily be turned around to say that you are “doing it the hard way” and wasting time and energy to save pennies in the long run. At the end of the day, the people who get paid to provide things that work well choose Windows servers by more than a 4 to one ratio over Linux. On the desktop Windows has an almost two orders of magnitude lead over Linux. Dream all day about why they make that decision, but the obvious answer is that Windows is better for their needs than any alternative that they might have considered.

  10. IBM System 360 – mainframe so large it used separate computers for I/O channels, one of which serviced a high-speed link to our Digital Equipment machines. One of my first paid jobs was upgrading the software on the DEC machines in assembler. I also wrote lots of software for analysis of data on the ‘360.

    I designed and built almost single-handedly a system of 96 thin clients and 13 multi-seat clients with up to six seats on each machine and six servers and a mess of printers for a school.

    I replaced all the software in the control system of a cyclotron radioisotope production lab.

    I coded the control system, data-collection system and analysis software for mapping the magnetic field of a cyclotron.

    I have installed GNU/Linux on many hundreds of PCs.

    There is no need for me to have this kind of experience in order to decry the incompetence and perfidy of M$. There is ample record on the web and in court documents to do that.

    I was working on another machine via RDP. M$ did not give me any button to click, only the message intruding on the desktop/screen from my terminal server. I would have had to interrupt my presentation to deal with it. I do not appreciate having my lesson interrupted. M$ has no right to waste my time or my students.

    IT pros who select M$ are taking the easy way out because their employers will not be surprised by it. Lots of IT pros do recommend GNU/Linux on the desktop because it costs less and performs better. Why would they not?

    e.g. John Cuzzola brought SD73 in British Columbia, Canada to GNU/Linux because they just could not afford to keep that other OS going. It works for them. He has 20 years of experience in IT and is a pro.

    e.g. Dave Richards brought Largo, FL to GNU/Linux. He could have migrated from UNIX to NT but did not. He is no fool and he is a pro:

    A lot of IT pros are cogs in the wheel who don’t want to be noticed by the boss because a change disrupts the boss or the boss’ business. Here is a case where the boss demanded the IT guys get rid of that other OS:

    So, cut out the ad hominem attacks. I know a thing or two about IT and I can keep a system running smoothly indefinitely with GNU/Linux of a size that would have daily problems with that other OS. I have met many individuals who hate M$’s crapware and they do not have to be IT pros to form that opinion.

  11. amicus_curious says:

    “I have 40+ years of experience with IT.”

    But, from your descriptions, none of that experience is with systems of any significant complexity. You administer to a small number of PCs used by students on occasion and there is no real pressure on performance here. Microsoft, on the other hand, is successful in selling IT managers at major corporations on the superiority of Windows servers and client networks. These IT managers certainly know all about mainframes, Linux, Unix, Netware, and Windows and they choose Windows more often than the others. That is a more ringing endorsement than your complaints can ever overcome.

    “This spring, one of the last XP machines in my lab announced that it was going to re-re-reboot in x minutes in the middle of a presentation…”

    Well, I have seen that message, too, but it is a simple matter to click on the button that defers the restart to another time. Didn’t you read the whole message?

  12. I have 40+ years of experience with IT. I have seen a lot of decent and indecent software over the years. Stuff that executes code from an icon that might have come from anywhere is not decent. The shocking thing is that this feature which M$ knew inside and out was not seen as a vulnerability until a tester on the outside found it by trial and error. M$ copied this feature from one release to the next for a decade. What quality control system allows such a thing? The problem is not with the layers of paint that M$ applies to hide the cracks but the cracks themselves which M$ will not fix having used them as selling points.

    It is a fact that FLOSS gets better security in a much less formal way because the underlying design is better. GNU/Linux keeps getting more eyes looking at it as its usage expands whereas that other OS keeps getting more exploits.

    This spring, one of the last XP machines in my lab announced that it was going to re-re-reboot in x minutes in the middle of a presentation. I rushed my presentation thinking I had the time. I did not make it. I immediately installed GNU/Linux on it. I don’t want that kind of crap in my lab. I will decide when my PC reboots, not M$. I was using the XP machine to connect to a local terminal server. That was XP SP 3, the best that M$ has to offer. Wouldn’t you fire a worker who decided to knock off whenever he wanted? I would. They’re not dependable. Neither is M$ or that other OS.

  13. amicus_curious says:

    “It is sad that one of the most powerful corporations in the world is unable to deliver a decent product…”

    That is a curious conclusion, Robert. I wonder where you acquired the right to say it. I have been making my living for the past 35 years doing system development involving computer program design and I have known a lot of people along the way who were in the same sort of situation. No one that I know of, including myself, would be so bold as you in making such a statement.

    For one thing, whatever it is in terms of “decency”, it has withstood competition starting with Apple, Radio Shack, and S-100 bus software providers, established companies such as DRI and even IBM later with OS/2. When it comes to paying for something, the buyers of this software have selected Microsoft products by a wide margin. Obviously these buyers do not have your fine taste or ability to tell decent from indecent. Or else you are sadly mistaken. Which is more probable?

    Certainly Windows can be improved and people are eager to receive an improved Windows product. Product improvement over time is a natural thing, though, where the new versions are built upon the lessons learned from the previous versions. You cannot say that Microsoft has ignored that. When there has been a real problem affecting beneficial use, they have made substantive changes in response.

    I use Windows and other Microsoft products, particularly Visual Studio, for hours daily and I don’t have the kind of problems that you allude to. My systems run continuously and occasionally reboot when an autoupdate is received, but that is in the middle of the night and everything is back awaiting login in the morning.

    As to testing, development, quality control, Microsoft has extensive facilities for such, much of which is fully automated. I might ask the same of FLOSS, which appears to have nothing of that sort. Rather they rely on the “many eyes” of the users who risk installing a new version of a program. When it crashes, they complain to the author, which is somehow deemed superior to having the author spend a few million bucks prior to release so that crashes are much less frequent.

  14. Good points. It is sad that one of the most powerful corporations in the world is unable to deliver a decent product. An ounce of prevention is worth a pound of cure.

    This vulnerability has been around ten years or more. It’s like looking back in time through the Hubble Space Telescope watching the evolving chaos in the Universe. We know the immensity of the Universe from such investigations. I think this means there are a lot of vulnerabilities still hidden in that other OS. I don’t ever want to be struck by one. I think this means M$ has copied its own mistakes from one version to the next. Where is the code development? Where is the quality control? Where is the testing?

  15. Richard Chapman says:

    It seems people are extremely reluctant to abandon the only operating system they’ve ever known. It looks like we’ll get to see just how much they are willing to lose to remain faithful to Microsoft.

    On a related note, The Mozilla Foundation is offering up to $3,000 for bug reports. The Microsoft philosophy is to offer a reward for the identity of malware writers. They seem to believe that there are a finite number of cyber criminals. Although software bugs may be many, they are finite. Microsoft must know that even they don’t have enough money to offer rewards for bugs in their software.

Leave a Reply