lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: sascha.mettler at (Mettler Sascha)
Subject: AW: YAWN (Was Microsoft math)

>Von: Andrew Aris [] 
>For God's sake people GET OVER IT!
>For whatever reason MS have patched these Vulns in condensed patches, yes
>suits some people (myself included I'll admit) and doesn't suit others. It
>does suit the majority of home users for example (which hang on happens to
>be MS's bread-and-butter market). 
>Lets be honest here that for whatever exact reason they did it this way, be
>it to ease the logistics at their end of developing/releasing the patches:

You're generally right when it comes to the integration of several fixes
into one patch. And you're certainly correct with the conlusion that there 
are a lot of people being either pro or contra MS without having decent or 
professional arguments for their narrow mindedness.

but (you guessed it)...
it's another thing when the propaganda and pr machinery from Redmond 
perverts facts and abuses numbers resulting from those cumulative patches.
and they will and already do...see end of 4th paragraph in

that's simply asking for negative reactions...and imho the outcry from 
decent thinking people is not about the technical question, if it makes 
sense to have less patches at once to apply and test. it's about what ms 
pr people make of it. as an outsider, i see two sides of microsoft. One 
is the great usability, mostly nice working software eg. the technicians 
and coders at ms. The other being embrace and extend or buying
and pretending ms invented 'em (new ie popup features), using proprietary 
formats and extensions while still calling it standard (office xml,
integrating software parts for no technical reason but to enforce the
(ie, mediaplayer), buying studies, omitting facts etc. that's what they are
blame for. and the number of patches in 2004 will be and is part of their
unregarded the techical questions.

Sascha Mettler
Berne, Switzerland

Powered by blists - more mailing lists