Hint to MS: It's Bad When Reporters Burst Into Laughter at Your FUD

by Pamela Jones
Groklaw

August 17 2004

Journalists are a cynical bunch. They've seen it all, heard execs and politicians spin baloney, and endured endless press conferences where they've been told what turn out to be lies, so they can be forgiven for ending up Being From Missouri. The thing about journalists is, they do usually know what is really happening. They may not print what they know, or all they know, or they may feel compelled to slant it to suit their editors/owners. But they know.

So when the announcement was made at a press conference in the UK that Newham, a borough of London, had just decided not to go open source after all and instead to sign on with Microsoft because their software was cheaper than open source and more secure, the room spontaneously burst out laughing.

You can maybe buy what journalists print sometimes, but there is no amount of money that can make a cynical heart naive again.

Of course, the entire room knew that was ridiculous. And, while it is unfortunate that the hustle paid off, it is also encouraging news that this laughter means MS is near the very end of that particular rope. When journalists laugh at your FUD in public, the End is Near.

The Register has the very funny story [ http://www.theregister.co.uk/2004/08/16/msoft_newham_10yr_deal/ ], and more details here [ http://www.computerweekly.com/articles/article.asp?liArticleID=132715&liArticleTypeID=1&liCategoryID=1&liChannelID=126&l ]. Here's the part that isn't so amusing. They made their decision to go with Microsoft because of an "independent" study by Capgemini. Guess who paid them to do the study? Yes, boys and girls, future cynics of the world: The Register reports it was Microsoft.

The Newham Council will be using IE as their browser, they said, "because Microsoft is very serious about addressing security concerns". Does it get any better than this? The question isn't if they are serious. The question is, are they competent? No doubt the Council will be very busy soon, because here is a list [ http://support.microsoft.com/default.aspx?kbid=842242 ] of all the things Microsoft knows their new SP2 security fix breaks, or in Microspeak, "After you install Microsoft Windows XP Service Pack 2 (SP2), some programs may seem not to work." Well, maybe not soon [ http://www.eweek.com/article2/0,1759,1636448,00.asp ]. Anyway, not Monday, as originally scheduled for automatic delivery. It seems corporate customers begged Microsoft for mercy. Here's information [ http://www.eweek.com/article2/0,1759,1634718,00.asp ] on blocking the automatic delivery, if you aren't so crazy about the idea of breaking some 50 applications at once on all your computers. What a dilemma. MS calls SP2 a "critical" must-have update [ http://www4.gartner.com/DisplayDocument?doc_cd=120948 ]. But it founders most everything else you like to use, unless you manually modify them. Gartner is advising to delay [ http://www.computerweekly.com/articles/article.asp?liArticleID=132717&liArticleTypeID=1&liCategoryID=1&liChannelID=126&liFlavourID=1&sSearch=&nPage=1 ] until you test all your applications:

"Analyst firm Gartner has estimated that a large company would have to test 1,000 IT systems as part of an upgrade to SP2.

"John Pescatore, vice-president of internet security at Gartner, estimated that a business with 100,000 staff would have 1,000 unique applications to test. 'This will require several man-months of testing,' he said."

But it's cheaper than switching to Linux. Right. Anyway, it's corporate customers that are getting the reprieve. Home customers still are scheduled for a Wednesday automatic rollout, unless they block it.

Of course, it's not a complete list [ http://news.bbc.co.uk/2/hi/technology/3570636.stm ], from all I hear:

"For some programs the list of instructions involves finding and opening ports used by programs to make sure they can communicate via the web.

"For average users, these instructions could prove formidably complicated."

I wonder if Capgemini figured in the costs of having to reconfigure all those computers? The costs of dealing with all the MS malware? Nah. Why ruin a rosy picture with reality? It only leads to cynicism.

Here's the funny part. The FUD is that GNU/Linux is too hard and so migration would prove expensive, due to a lack of appropriate computer skills and the need for training. But now, thanks to SP2, all those Microsoft users will have to figure out how to open/close ports and things you normally don't expect them to even notice, let alone fix. Maybe Microsoft has decided to go open source after all. Don't email me. It's a joke.

But I'm quite serious about the expense and the skill needed to deal with Microsoft's security update. Look at the instructions, or a small part of them, that Microsoft provides, then sit back, and laugh. These Microsoft customers will have to use a command line to fix their problems, and probably contact the vendor of any programs, like, um, Symantec, whose firewall now "may not seem to work" any more, natch, to find out what ports it needs. Then, if that doesn't work, and MS says it might not, they need to read the manual. Sounds like the old days of Linux to me. One thing I know for sure. When someone tells you to read the manual, it means you are faced with a measure of complexity. You can do it, but there is more than one step and you have to follow all the directions for it to work. Take a look, and I have emphasized the parts that made me laugh the hardest:

"To enable a program by using Windows Firewall, follow these steps:

"1. Click Start, click Run, type wscui.cpl in the Open box, and then click OK. . . . "Identifying and opening ports

"If your program still does not seem to work after you add the program to the list of exceptions, or if you cannot locate the program in step 4 of the previous section, you can open a port manually. Before you can add a port or ports manually, you have to identify the ports that are used by the program. A reliable method for identifying the ports that are used by the program is to contact the vendor. f you cannot do this, or if a list of ports that are used by the program is not available, you can use Netstat.exe to identify the ports that are used by the program.

"Identify ports by using Netstat.exe

"To use Netstate.exe to identify the ports that are used by a program, follow these steps:

"Start the program in question and try to use its network features. For a multimedia program, try to start an audio stream. For a Web server, start the service.

"Click Start, click Run, type cmd in the Open box, and then click OK.

"Obtain a list of all listening ports. To do this, type the following at a command prompt, and then press ENTER:

netstat -ano > netstat.txt

"Obtain the process identifiers for the processes that are running. Type the following command at the command prompt, and then press ENTER:

tasklist > tasklist.txt

"Note If the program in question is running as a service, add the /svc switch to list the services that are loaded in each process:

tasklist /svc > tasklist.txt
"Open Tasklist.txt and locate the program that you are troubleshooting. Note the process identifier for the process.

"Open Netstat.txt and note any entries that are associated with that process identifier. Also note the protocol that is used (TCP or UDP).

"The number of ports that the process uses may affect how this issue is resolved:

"If the process uses more than 1024 ports, the number of ports probably will not change.

"If the process uses less than 1024 ports, the program may be using a range of ports. Therefore, opening individual ports may not reliably resolve the issue.

Open ports manually by using Windows Firewall

If you cannot identify the ports that are used by the program, you can open a port manually. To identify the specific port number to open, contact the product vendor or see the product user documentation."

Read the manual? Isn't that hilarious? It goes on and on like this. Call me cynical, but I have the amusing picture in my mind of the Newham Council having to go down this list, thanks to the "independent" folks at Capgemini, who swore that it would be easier and hence cheaper to stay with Windows than to migrate to totally free software that does sometimes require you to use a command line.

How much does it take, I wonder, to get folks to produce a report like that? Evidently there is more than one form of cynicism. And where is it, this report? No trace of it on their website [ http://www.capgemini.com/ ]. Come on, Capgemini. We want to read it so we can laugh too.

03:39 AM EDT

Copyright 2004 http://www.groklaw.net/ - http://creativecommons.org/licenses/by-nc-nd/3.0/