Thom’s down with flu, so to avoid moving a lot of interesting news to pg.2, I am creating a combined item here covering a number of Microsoft related news items submitted to us.
Massive bug in Microsofts “NEW” Explorer [submitted by James Hoving]
I have found a major bug in the Explorer for server 2008 and Windows 7 (and probably Vista too). The problem is that the explorer is unclear of which directory entry that has focus and this can lead to MASSIVE data loss. I would say that the bug has made the explorer all but unusable. I have put up a video on YouTube demonstrating the problem.
Microsoft ‘Sudo’ Patent No Danger To Unix [Submitted by Dale Smoker]
A patent granted to Microsoft has stirred up worry that the world’s largest software company wants to claim Unix’s “sudo” as its own. This apparent similarity has led some in the open source community to ask whether the company plans to demand a patent licensing fee from open source vendors.
Microsoft Confirms First Windows 7 Zero-Day Bug [Submitted by Dale Smoker]
In a security advisory, Microsoft acknowledged that a bug in SMB could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines.
Microsoft Apologizes for Improperly Using Code [Submitted by Dale Smoker]
Microsoft has acknowledged that it incorporated open-source code into a Windows 7 download tool. As a result, it will make the download tool’s source code available to the community.
If someone lost their data because of that “massive bug”, perhaps they deserved it.
OK, so I got a bit drastic there… The thing is, only one component can be focused at a time. In this case either the list view or the tree view. Now, those components have items that are selectable. We are deleting selected items in the focused control.
I agree it might be confusing, but if you’re confused, you’ll probably not going to permanently delete data immediately – it will go to the Recycle Bin instead. All in all, I’m not even sure it’s a bug…
On a final note, everyone uses Total Commander anyway.
The problem is that it shows two things focused, and changes the focus on you automatically (it can be difficult to verify which has focus without doing a few more mouse clicks). It is definitely a UI bug. I noticed it working that way fairly soon after using Win 7, and adapted, so haven’t lost any data, and didn’t even think about the possibility of losing data because of it…but it is a stupid behavior of the file manager.
However, as you saw by the way he used it, the bug when doing actions based on that messed up focus behavior causes a genuinely dangerous result:
Explorer: “Do you want to delete “New Folder”?
You: yes
Explorer: cd .., delete *
Edited 2009-11-15 00:17 UTC
Yeah, OK.
I admit, I was really put off by all the drama in the video. I guess I just wanted him to be wrong because of the way he talks about the that.
I am weak. I’m just a human.
(It would be kind of funny if I was actually a bot.)
Explorer: “Do you want to delete “New Folder”?
You: yes
Explorer: cd .., delete
You: OMFG! ctrl-z
problem solved
Let’s remember that most important files in corporate networks are actually on network shares – not on your local disk. Good luck with that ctrl-z and getting yesterdays copy from the backup (that hopefully exists).
After testing it on Windows 7, with Aero enabled, I couldn’t reproduce the “bug”.
The closest I got, was if I clicked on something in the folder list on the left, it would leave the “old” selected folder highlighted, but in a different color (and would prompt to delete the folder I clicked on).
Tested also under “Windows 7 Classic” theme. Closer, but still, unless I clicked in the folder list, I couldn’t reproduce the bug.
Apparently, my normal UI usage isn’t subject to this problem.
Also, in both cases, it clearly displayed the *right* folder name on my system in the delete prompt– having two folders with the same name is asking for trouble, ESPECIALLY when dealing with your “very important data that only exists in one location”– and believe me, if you have “very important data that only exists in one location”, that location had better be your backups.
And if you’re deleting files from your backups by hand, you fail.
Sure – having a parent folder with the same will be a rare case.
But having a backup is cold comfort if it is from last night and you just lost 3 hours of work. The file(s) might just be new – created after the last backup – and you and your team spent all day on it. It’s late in the day and you just wanted to clean up some scratch files.
How many places make backups more than once a night?
And even under optimal circumstances (differential backups every hour) it would be a pain to get an admin to restore those files.
A bug is a bug is a bug. It’s great that it won’t affect all people all the time – but the few it affects will be rightfully pis*ed.
“has made the explorer all but unusable” is a bit overhyping it though.
Edited 2009-11-15 11:56 UTC
I just tested it with Aero on. The problem is still there but the color on the two “selected” items are different. It still report the wrong item (the out of focus one) at the bottom of the explorer windows so if you rely on that and not the color you are still fed. (BTW. Who runs Aero on a server?)
Of cause you can work around it, of cause you can use filecommander or you can use a cli for all you file managing. But does that make this OK?
There IS a major focus bug in the new explorer, and ppl WILL lose data over it.
If you check the video.
On 0:47 he creates “New Folder” inside “New Folder”.
On 1:12 He selects the parent “New Folder” that has the “New Folder” child and the .txt files.
It is not a bug. He deleted the parent folder. It is a “I have the same folder name and subfolder name” User Error.
Watch the video again and you will see what the problem is.
(edit. The problem is that the explorer shows both entry’s as being in focus. It is true that you get the file that has the actual focus in the “do you want to delete” dialog. But I’m sure it does happen that ppl just press enter when it pops up. Any way, it doesn’t lessen the bug that the explorer is confused about what to report to the user. The real problem is that the explorer has turned into an ergonomical nightmare with more focus on looking cool than on being a good tool for file handling.)
It is odd that the some ppl think the problem is that ppl don’t take it for granted that Windows is a pile of crap and work accordingly. Microsoft have been around for some time now and its odd if you have to treat there bigger product as if it was an alfa release.
Edited 2009-11-15 14:41 UTC
James.Hoving. I share with you that Windows is a pile of Crap and that “the explorer has turned into an ergonomical nightmare with more focus on looking cool than on being a good tool for file handling….”
But this doesn’t fall in the category of a bug. Possible in the category of crappy design.. but what if you show the same “problem” in youtube but assiging different (more real) names to the folder and lets see the difference.
You get the same problem with different names, it is true that the dialog will give you a warning about what is about to happen but most ppl just click OK in the dialog without reading its content anyway…
And if its not a bug then it is by design, if it is by design that would mean that someone at Microsoft sat down and thought out a way to confuse the users to make them delete/copy/move the wrong files. I find that highly unlikely.
And for the record, I do not really think that Microsofts products are crap. There politics are and that messes things up for everybody. Microsoft is like a gourmet kitchen where you have master chefs working on the meals, but the guy how serves them _LOVES_ chocolate syrup and sprinkles and likes to “improve” on the dishes before they reach the customers. 🙂
You don’t sell the OS. The applications sell the OS, MS need to realize this.
Less tween toy and more application platform NOW! I would buy a “Windows 7 Core Edition” with an “old school” explorer and no Aero or extra crap any day!
No, in this case the problem occurred between the keyboard and the chair.
Hell, in order to make the “problem” irreparable, you had to explicitly invoke the “delete and bypass the recycle bin” command. If you had simply deleted the file as most people do, the solution would have been as simple as “Ctrl-Z”.
And beyond that: if you have a sub-folder with the same name as its parent folder and you delete one, then a) you make damn sure you’re deleting the folder you think you’re deleting (there are plenty of ways to do that), or b) you use the recycle bin instead of Shift-delete, or c) it’s your own damned fault.
Using Shift-delete and then complaining because you were careless and deleted the wrong folder? That’s on par with running rm -rf / and the complaining that the command did… well, exactly what you told it to do.
Edited 2009-11-15 20:54 UTC
So, the land-mines arn’t the problem? The problem is the idiots that keep stepping on them?
Edited 2009-11-15 20:58 UTC
Haha, nice analogy. I’m actually in agreement with you that this should be classed as a bug. It may have been by design, but that design promotes user confusion rather than making the selected file explicit. Of course, that doesn’t mitigate the problem of users who don’t read the dialog before pressing the ok button either. Still, program design should help rather than hinder its use. Sometimes I wish we’d never moved away from the command line, it could be a royal pita sometimes but at least you had to know what you wanted to do and how to do it.
If you make a habit of doing jumping jacks in a minefield, then you probably shouldn’t expect much sympathy when one blows up in your face.
I didn’t realize that Windows 7/Server 2008 was the equivalent of a mine-field, thank you for clearing that up for me.
Um, no… but cavalierly using Shift-Delete on critical data certainly is.
Who does irrevocable file operations on a server?
Unless focus is changing without you clicking on things, it’s not a bug, it’s how it’s designed. I couldn’t get focus to change on just a mouseover, and I would expect the behavior you got from clicking where you clicked.
It could be slightly more obvious what’s going on, but bottom line is, if you’re going to shift-delete files on a server, you had better know EXACTLY what you’re doing.
You are essentially complaining that Windows did what you told it to do, rather than what you wanted it to do.
No, but Explorer saying it will remove one thing and then go ahead and remove something else, that is bug and not just a small one.
Did you watch the video? Explorer clearly prompted for removing “New Folder” and then just want ahead and removed everything in the folder that *contained* “New Folder”.
Edited 2009-11-16 06:20 UTC
What a crap. I tested in and it does that same thing even if subfolder is different named. I’m sure this is huge thing if you are goldfish or plain retard, normal people would actually know what they clicked last because this defines what folder is selected. I wouldn’t even call it bug because in situation where you have lots of subfolders and you want to go thru all of them clicking main folder in tree view will select last visited folder on file view. Not a bug just annoying feature.
Edited 2009-11-15 17:44 UTC
I have posted a new video that show the problem more clearly.
http://www.youtube.com/watch?v=-YGK_t5KLbQ
Ok, there’s one thing I do agree with. It’s a minor bug, though, not a major bug.
If you have a file selected in the right hand pane (file window) and then click on a folder in the left-hand pane (folder list), it briefly flips back to a Folder icon, and “N items”, before reverting to describing the highlighted file. Obviously “file selection” has priority over “Folder selection”, and it should probably instead be “last clicked” selection.
But all the “huge bug!” hoopla is still poor file management.
And I really don’t understand people who disable Aero thinking it changes much. It saves some memory (1% on my 2gb laptop), but as I understand, you’re still using a 3d composited desktop.
You’d gain more by uninstalling tablet services.
In fact the issue is very simple, and is a consequence of a very stupid UI behaviour.
I tested for you. Let us consider the following hierarchy (A is the root):
A -+- AA -+- AAA
+- AB
i) Let us select A in the tree pane (TP)
– A is highlighted in Blue in the DP
– the detail pane (DP) shows all items inside A (i.e.. AA and AB), none being highlighted.
ii) If you select an item (let’s say AB) in the DP:
– AB will be highlighted in Blue in the DP
– A will be highlighted in Grey in the DP
iii) Then, if you select AA in the TP
– AA is highlighted in Blue in the TP
– the DP shows AAA, not highlighted
iv) Finally, if you select A in the TP again, you will have
– A highlighted in Blue in the TP
– AA highlighted in … Blue in the TP. It should be Grey or (better) not highlighted at all.
The same problem happens if you
i) Select A in the TP
ii) Select AA in the DP
iii) Select A in the TP again
Both A (in the TP) and AA (in the DP) will be in Blue.
In the video, A and AA have the same name and it gets very tricky.
And by the way, I do not like the way the guy is speaking in the video either (and he tries to lie to us at 2:16)
I agree; sure, it is a UI bug, but the main problem here IMO is the guy’s habit of using Shift+Delete. Just use delete even if you know you don’t want it. Get into the habit of using Shift+Delete and you just might regret it some day.
Hmmh. Who are these people and what did they do with the real Microsoft? Apologises? … to make source code available to users? Respect for the liscense (GPL!!) What an odd dream I’m having, I could swear I was awake and reading OS News.
Has Microsoft ever violated copyright and then refused to comply before? Microsoft may not like open source, but I don’t think they would knowingly disrespect copyright.
1. I can’t repro this “massive bug” under Aero, which is what 99% of people will be running.
2. The MS patent isn’t about sudo. It’s about an improvement to sudo; namely, a UI. Patents can be completely novel technology or processes — OR, they can improve existing technology or processes. A lot of uninformed people don’t realize this, they don’t grasp what this patent is all about, and the result is a lot of needless speculation and misplaced outrage.
3. The SMB issue generally will not affect consumers at all who are running behind a firewall. The primary danger for this bug is on LANs/WANs – or a user downloading malicious software targets machines on the LAN/WAN. At worst, it’s a Denial of Service issue, not a Privilege Escalation or Remote Execution vulnerability. So, from my standpoint, it’s a fairly minor issue.
4. My guess is that, since Microsoft uses a lot of vendors/contractors to create Setup-ish kinds of utilities, whoever created the tool wasn’t aware of Microsoft policy against using GPL’d code.
A ui to sudo? OMG, that *is* __real__ improvement!
come on man, we had kdesudo and gksudo since years.
Actually, that’s what I don’t understand. Why are people afraid of this patent?
1. If it covered sudo, sudo would be considered a prior art. Since they are patenting the Vista solution, even gksudo and kdesudo is prior art.
2. If not, well…?
Someone please enlighten me
The Mac OS X ‘privilege escalation’ dialog would also be prior art.
I would say the Mac OS X example is even closer to Vista’s UAC in that you can enter the username and password of any administrator (gksudo asks for the current user’s password (at least it did the last time I used it)).
Yep, and policykit’s default privilege escolation UI works this way as well. There’s plenty of prior art on this one. Of course, whether the patent office will see it that way is a completely different issue and, well, everyone has their price…
Tomcat, do you really believe this is how Microsoft works? Do you seriously swallow their lame excuses?
How can you patent improvements to existing solutions like SUDO without blocking further improvements. Visually I imagine another innovator needs to find a way around your innovation first before starting to innovate again. Software patents block innovation rather than encouraging it. I agree with the basic core concept of patents; I think innovation should be supported; but software is different from -old fasioned- hardware innovation. Maybe we should reward ideas rather than protect ideas.
Edited 2009-11-15 13:28 UTC
Well, that sounds great, as long as somebody else doesn’t steal your idea. Do you really want a world where the Microsofts and Googles and Apples can simply take the work of small inventors — and then reimplement it without giving any kind of compensation to the little guy? Because that’s the reality: Most plaintiffs in patent infringement suits aren’t big companies. They’re little guys. The primary reason that most big companies patent ideas is because they want to defend against potential infringement cases, and to give them leverage for technology cross-licensing. They rarely go after people for patent infringement.
Edited 2009-11-17 01:45 UTC
I am amazed that so many people are OK with this. I find a major bug in the way explorer handles focus and the reply from a lot of ppl are: “Well, you should do this.” or “You are working in the wrong way”.
The video is made to show you in a clear way how the bug works and to help you find it yourselves. When you know the problem of cause you can avoid it. That is NOT the issue, average Joe WILL run into this issue and he/she will lose data. There are so many ppl using Windows in the world that I can state this as a FACT.
Oh and for the record, “Its not a bug, its a feature” is an old programmer joke, that’s all it is, a joke. If it shitty design or shitty implementation of the design is moot. There is a problem, if it should be called a bug of a feature is of no importance.
Edited 2009-11-15 18:18 UTC
Its odd that there are so many trolls here that want to bitch about what I did wrong in a DEMO video.
Its not me working its me trying to explain to you ppl what COULD happen with this bug. Im sure that all the Trolls are really smart and that they know all the bugs in Vista+ and have adapted to work around them, that is NOT the issue. If you know about this bug and have adapted your way of working to it, why havnt you let the rest of the world know?
Im at home with svineflue and Im too sick to bitch about stuff that have no purpose but inflating egos. If you have anything usefull to say please post it to my YouTube page so I can delete the Trolls.
(edit. Oh, I forgot. Microsoft were happy to hear about the bug, but what do they know.)
Edited 2009-11-16 09:17 UTC
No troll here. Just difficulty with 1) understanding your complaint and 2) duplicating it.
Even though I now understand the behavior, I don’t use the folder list. I had to find it to try to duplicate your bug.
I’ve never liked it, because it’s too easy to make a mistake. I like having source and destination windows open at the same time, preferably in a split-window… but that’s only available on KDE.
But, if Microsoft acknowledges it as a bug, then that’s a good thing.
Now, the “zero-day” SMB exploit in Windows 7 and Server 2008 R2 that can shut down a server? THAT is a major bug. Losing your primary profile because someone logged into the guest account? Again, that’s a major bug.
Yours is minor, but I understand the annoyance to you. I do seriously suggest you review your procedures for file management, however.
I’ve spent the last few days dealing with a user who insists on making unscheduled, untested changes to a “mission critical” server, then yells when it stops working. It’s left me a bit irritable.
Doesn’t it seem like Microsoft is being more and more Open Source friendly as time goes on?
G
Indeed, it seems so. I suggest that we send in Heron, aka “G”, as our emmisary, and see if he comes back OK. If he does not return, or comes back with his head on a platter, gutted, mutilated, or otherwise damaged, then then we can take that as a sign of ill will. But as long as Microsoft is making meaningless and relatively cost-free gestures of good faith toward their avowed enemy, I think we should give them the benefit of the doubt.
Edited 2009-11-17 22:04 UTC
I agree its a bug, but if you have already lost data over this then I am more afraid of the damage you as an individual would do on a server share than this bug.
I do not agree that it is a ‘show stopper’ but def something that they should address.