Dejan Jelovic has been compiling a list of known bugs against .NET. While its not too surprising to find bugs in a new product (which .NET is relatively speaking) some of the bugs he's run into are really quite sad. They range from simple crashed for certain otherwise legitimate parameters, to leaks (something a leak analysis tool could have helped them discover while developing it) to multithreading design flaws.
While not directed solely at Microsoft, the following is a case study of cost savings from using free open source solutions versus commercial solutions:
So just how bad is Microsoft's code anyway? If you've used their products in any serious way for any length of time you should know, but in case you have a selective memory, or are just in denial, let me point you to the following gem:
While its no surprise that Windows has bugs in it, simply sending too many backspaces to it appears to send the NT kernel (read: NT, 2K, XP) into a blue screen of death, followed by a spontaneous reboot.
The original program posted to comp.lang.c on USENET looks something like this:
The code is specifically detrimental only to the Win NT kernel (including Windows 2K, and Windows XP.) A more detailed description of the bug can be found here.
Update: After years of exposure, this bug has been addressed in a patch that was released roughly in September of 2002. Microsoft's knowledge base article ID Q311486 is alleging that they had fixed the bug in October of 2001. The most likely explanation of this discrepancy (like the Intel FDIV bug) is that internally they knew of the problem and fixed it, but it took them an entire year before they decided to release the patch. In any event, this is indicative of the penalty paid for having to wait for Microsoft's process (as opposed to Linux, for example, where kernel flaws of this degree are fixed in *hours*.)
I recently found a pretty good list of Microsoft's "innovations". In fact this list is so good, I'll present it here at face value:
Woah! Most of these I knew, but the business about Microsoft purchasing key technology from Dynamical Systems for Windows was something I was unaware of. Any further information on the subject would be appreciated.
On a message board someone recently asked what harm Microsoft's so called "monopolistic practices" have caused. Below is an excerpt from my response:
And to this I'll add:
(5) It is well known that Microsoft "steered its whole ship" to the production of Internet Explorer. A monumental amount of work inside of the company was performed; people were taken off their projects, and all other Microsoft developers were forced to waste time beta testing early versions of IE. The net result of all this is what we know of IE -- which is arguably nothing more than a knock off of Netscape with a few more security flaws. Why couldn't Microsoft instead have put those same people to work on the next version of their compiler (or go hunt down their OS bugs, or any number of other things they could have better spent those resources on)? At least then *all* products would see an improvement in quality, and instead of IE marginalizing all competitors, perhaps there would be thriving competition between SpyGlass, Netscape and Opera.
John C. Dvorak compiled a list of utilities that Microsoft has created
and which Microsoft has leveraged their monopoly power to promote:
Of these, Netscape survived only by selling out, Norton survives by abandoning any products that Microsoft is competing with them on, All text editors are now free, Stac has pursued a different line of business, Novell has abandoned their main netware product in favor of NDS, and Postscript has been marginalized to a printer technology.
Not surprisingly the supposed "innovations" that you would expect Microsoft to bring into subsequent versions of these utilities are nowhere to be found. So not only are these little service companies hurt, but the consumer is hurt, because they miss out on the inevitable innovation that would have happened had there still been competition for these utilities.
I recently tried to install MSVC++ 6.0. I gave it a reasonable go, but I failed. Now, I've had IE removed from my system, so of course, I had to reinstall it (MSVC++ needs IE, I have no fucking idea why, there is absolutely no cross functionality I want out of these two tools.)
So its a little bug. So why am I bothering to report this? Because this is really getting old. I recently became aware of two additional internal buffer overflow problems in something called the VDD under Windows 98 (a kernel level program that helps emulate console and DOS boxes in a Window.) Internet Explorer has been bitten by numerous buffer overflow problems.
Its like its a chronic problem over there. Now, here's a quick quiz for you programmer manager types. Lets imagine a programmer that works for you writes the following code:
Where does Microsoft find these losers? BUFFER OVERFLOW is an amateurish, beginners' bug. The next time you use a Microsoft product for something important just keep in mind the kind of moronic programming they do.
Update: 07/28/98 So they issued a patch for Outlook, basically a day or two after the problem was discovered. That's good right? Well, as proof of the deep rooted incompetence at Microsoft,C|Net reports that their patch fixed one buffer overflow problem, only to reveal another. In other words this kind of crappy code permeates throughout their products.
Stuff to make the program managers at Microsoft proud:This is what I wrote off the top of my head. Its not really hard.
Update: 12/15/03 In case Microsoft cares about buffer overflow safety solutions, here is one I created.
Update: 10/31/06 Here is the WikiPedia article on Buffer Overflows for anyone needing a more comprehensive explanation.
PC World online reports that Nader has sent a letter to the top 6 PC OEMs asking that they install alternative OS's such as linux, BeOS, and Caldera's DR-DOS/Web Spyder as a installation option for their PCs.
In my opinion, if Nader et al, really want to make this work, they have to put some of the burden onto BeOS, RedHat, Caldera etc. What if they visited these OEMs, got a run down of their Windows testing, and construct equivalent testing for their own OS's. I'm sure a forward looking company like Compaq would definitely give it a shot, if only they could do it realistically. (Update: Dell, HP and IBM are shipping Linux to customers that ask for it, but do not support it themselves.)
As told to me by a coworker:
Given the recent exploitation of the back door in Word docs that people have discovered for viruses, it seems next logical step is to combine the two. The resulting would be a a lethal non-recoverable Word doc virus. This does not bode well for the future of Windows and/or Microsoft Word.
Windows NT passwords are not very secure things at all. There are tools available on the following web pages for getting around NT's password security.
In short, Microsoft's security mechanism is based on IBM's Lanman protocols. Not just their legacy stuff, but even their home grown security mechanism are based on this. Apparently L0phtCrack is a trivial keyspace search attackto break this silly 7 character encryption scheme.
This is what CIAC thinks of Windows NT:
Bruce Schneier's comments on Windows NT's Point to Point Tunneling Protocol.
Infoworld's Nicholas Petreley reports on some "funny business" going on with respect to NT's so called "C2 certification".
Here's the result of a recent scandisk that was run by the system agent in my Windows 95 set up:
While many programs may crash or otherwise exhibit unstable behavior, the entire point of scandisk is to clean your hard drive to reduce the occurrences of such instability due to bad disk sectors, or erroneous writes to the disk. This message in this tool, which is playing games with my hard drive at the lowest possible level (not unlike a malicious virus) is not exactly confidence inspiring.
I use Microsoft Word, because, lets face it, its the one product the Microsoft sort of got right, they own the market and its actually good for something. I upgraded to Word 95, and it has run with little problems for me (besides being very slow to start up.) But now there is a new version included with Office 97 that people are starting to use. As I have been happy with word 95, I have not upgraded, and how am I punished? I cannot read the new format of Word documents of course! Those *$&%#! Microsoft bastards! And when I ask the people what's so special about the new Word, they can't point to a single feature. In other words MS did this for the sole purpose of seeing if they can get people like me to upgrade, just because everyone else is! That is to say, there is no benefit in the content of the new Word itself, I have to move to it literally because everyone else is. Its a crock, that's what it is.
Apparently the latest Visual Studio, VC++ 5.0 contains serious flaws in its code generator. Here's a short list of things that don't work according to Jonathan Blow:
Glen Corpes gave an example of a broken do/while loop:
Pretty pathetic considering they've made 13 C compilers before this but they cannot even do elementary compiles. Here's a story from Matt Pritchard:
It turns out installing 4.2 back on top of 5.0 stomped on some system drivers on his machine. This from a company that periodically blames third party software and hardware manufacturers for not being able to maintain driver functionality.
Here are some recently complaints from Paul Miller:
And here's some more discussion from rec.games.programmer:
Now, Microsoft could easily take the high ground by simply implementing Java in the OS and making it run with high performance, minimal resources, be robust and fully compliant with good functional extensions. They could in effect use Java to their advantage by basically demonstrating that Windows is an effective and compelling environment for it. It just takes some engineering resources. (Outdoing the folks at Sun really shouldn't be that hard.) With their reputation in the gutter, and with their over abundance of engineers, it would have been a real shot in the arm.
Instead, Microsoft is doing, well, what you expect from Microsoft. They have an implementation of Java, and they have added extensions. However, they are not being compliant, by simply not implementing the complete set of Java class libraries. In effect they are creating Windows Javabased around proprietary extensions.
There is no excuse for what Microsoft has done. I have looked into the technical details and it turns out there are two JDK 1.1 classes that they are simply omitting. Not because they are hard to do, or because it precludes extensions or other Microsoft technologies. Microsoft contends that they have a better way to do the same things and have chosen a divergent path. This is totally inexcusable. If they had any morals they would simply support their method as well as Sun's method, and make everyone's lives a whole lot easier.
A group of people who call themselves the Java Lobby have authored an open letter (unfortunately, the link is dead) to Microsoft, and specifically, Bill Gates. It outlines their complaints, and gives more details than it makes sense for me to give here.
To be fair, there have been objections to Sun's application to be the standards conduit for Java (they invented it; its hard to think of a better candidate.) Anyhow, Intel(unlike most, my objections to Microsoft do not translate to an objection to Intel, which for the most part is a pure technology company; I dont know about those bunny people though ...) has some fair objections to Sun being basically the controller of the Java standard:
Though these are legitimate concerns, there are two things that should be considered: (1) How different is Sun's position on Java from SGI's position on OpenGL? Does Intel really believe Java will be hurt from Sun's being in control of the standard? I think Sun has a vested interest in making Java all it can be. (2) Intel itself may need to worry a little about Java since its intention is to remove the backward compatibility issue on OSes as well CPUs. This means Dec Alpha's, PowerPCs and UltraSparcs will be able to run Java apps just as well as Intel x86's or Merced based CPUs. Even if Intel is able to eventually match the performance of competitive CPUs, they will have no built in non-portable legacy Apps advantage. With Java, the option to switch processors will always be there.
What does this have to do with Microsoft? These are probably the most legitimate objections to Suns controlling of the Java standard (a by gone conclusion by the way; the ISO members voted them in.) Yet Microsoft has never brought them up. All they have to say is "We don't like your standard, we've changed it in our implementation and we think our implementation should supersede your specification".
Rather than wait for the courts to decide this issue (Sun Microsoft are suing and countersuing each other) Sun has decided to work around Microsoft's non-compliance with a work around called Java Activator.
Grzegorz Mazur has written a program to monitor Win 95 memory usage. Just booting my machine in 1280x1028x8 with a small tiled background (40K or so) my memory usage was 18.9Mb out of a possible 32Mb. (Loading the Netscape Browser added an additional 20Mb.) This in a system Microsoft claimed you only needed 4MB to use.
I highly recommend that people use the above mentioned tool. It will help warn you when a program is too big for its own good and when a system crash is imminent (when you start running out of virtual memory.)
Every year, Microsoft comes out with a PC specification list for describing what component capabilities for PCs much be to be considered "up to spec" for that year. Its a list that is meant to set the standard for what end users can expect from hardware, and gives Microsoft an expected lowest common denominator that they can guarantee their software should run on.
Anyhow, in the PC 97 spec, they state that for drivers written for Windows 95 to be considered part of the PC '97 specification should run on Windows 95 as well as Memphis by MeltDown(middle of July.) Of course, they have also just announced that Memphis will not ship until 1998, which kind of makes it difficult to pass the PC 97 spec.
(Update: my sources tell me then Memphis is likely to slip into mid to late 1998. Further update: It shipped in Q2 '98)
These companies have made depositions in the latest DOJ inquiry into Microsoft's business practices. The substance being that these companies attempted to make modifications to their Windows' installation that disabled or modified the MSNand Internet Explorerconfiguration and Microsoft threatened to take away their "Win95 logo" compatibility label unless they backtracked and left these things the way they were to begin with. (This is called extortion boys and girls. Can you say that?)
$1 million a day, does not begin to compensate for the amount of damage Microsoft is doing to the industry. Their strong arm tactics against tier one PC manufacturers limits differentiation, which hurts both these companies and in turn the end users that buy their PCs.
So you think Direct Draw is the end-all, be-all of graphics programming interfaces? The horror stories of driver compatibility problems makes DOS compatibility seem like a picnic. The following example is a conversion that took place on rec.games.programmer:
Microsoft has been heavily promoting Win32 programming as a method of programming that unifies Windows NT and Windows application executables. But as is known to real world developers this ideal is a little too ideal. Brian Hook is a programmer at id software who encountered the following problem:
Is there a simple solution? Maybe, (I don't know it that's for sure) but that is not the point. The point is that the simplest solution ought to work for both Windows NT and Windows 95 if Microsoft wants to have any realistic pretensions of unifying the two platforms.
When I recently tried to access a specific article I bookmarked at www.microsoft.com I got a message to the effect of:
In other words, (1) They want to you to get rid of Netscape or whatever other browser you use in favor of Microsoft Internet Explorer (from a line of reasoning that simply is not logical; Netscape and most other browsers allow cookies.) (2) They want you to activate cookies (a well known mechanism for invasion of privacy).
In their explanation of why they are giving you a cookie, they neglect to tell you that (1) it contributes to an ever growing arbitrarily sized cookie file on your hard drive, (2) cookies can be used to track demographic information about you whether you've signed up for it or not; its like an new social security number.
On the off chance that you don't realize how devastatingly bad ActiveX is, it should be known that people can send you email, and if you activate it through Internet Explorer, by default, it will simply execute the embedded active X controls of said email if it contains them. According to a report read on the radio show Off the Hook spammers have been sending bulk emails to people at random with such ActiveX controls that bring up Internet Explorer and the URL to their web sites.
Even if you don't mind the extra activity started by such spam, what about the cookies and other invasions of privacy that can easily result from such an action? What modifications to your browser, registry, mailer or other software might such a piece of mail enact? It makes you wonder.
From the Microsoft Website, when someone tried to register for some freebies without giving away too much about them:
Anyone who knows about about spam, junkmail or abusive (is there any other kind?) telemarketing knows what this means. It means they are making a list of phone numbers to avoid. When would they need this? You guessed it: when they intend to start spamming people. While I have no direct evidence of this yet, it would not surprise me one bit to see Microsoft enter the SPAM war on the wrong side.
When trying to download and register for "NetShow" (just so that I could listen to John Dvorak's online radio show; why could he not just use realplayer like everyone else?) from Microsoft's web site I was presented with a form (form290.asp to be precise) that contained the following:
We may have put an end to Spamford Wallace only to see him replaced by Bill Gates.
Update: Bill Gates has come out publicly against spam. Will this just be a case of Bill saying one thing, while his company does another? The evidence do seem to suggest this. We will have to see.
Here's a conversation between Alan Krueger and Ken Weaverling on the anti-email abuse USENET news group:
Microsoft has decided to hide behind their "opt-in" policy, without confronting the fact that the root of the spam problem is the annoyance of it, not the method of its distribution, or who you suckered into receiving it.
Anyhow, for those who use procmail, I would recommend you do what was referred to in the above. Retaliating in an equally annoying way is a good way to send a message to Microsoft (and other spammers too.)
As is well known, Microsoft did not comply with the DOJ's original request to remove Internet Explorer from Win 95 OSR2 as an option for computer manufacturers wishing to ship Windows 95. Now before I present my rebuttal, consider the following program:
This is the source to a Windows console application that only functions on Windows 95 OSR2, because that is the first version of Windows where the RunDLL.exe utility has appeared. Now if you have a reasonable VGA card, what this program does is it will cause the display desktop resolution to switch to its 800x600, 256 color graphics mode.
Now, this program does not spawn Internet Explorer. It will run correctly whether or not you have Internet Explorer running. It does not access any HTML, SGML, CGI, ActiveX, WinSock or any other (pseudo) internet/intranet standard protocol. It is an extremely straight forward DLL activator. (DLL's have been around since Windows 3.0; and probably long before that.) And the fact is, at 4912 bytes in size (tiny by MS's standards), I guarantee you, RunDLL.exe really has no other purpose.
Now if you ask my opinion, or anyone else who understands what I have said above, the function of RunDLL has nothing to do with Internet Explorer. Microsoft claims otherwise. Among the files they deleted in their non-option that they gave to computer manufacturers, was in fact RunDLL.exe(and RunDLL32.exe which serves the same purpose for 32 bit DLLs.)
It is clear that Microsoft simply labeled all sorts of new files added to Win 95 OSR2 as really being part of Internet Explorer without any basis in the truth of what those files are.
If this does not convince you, see this techweb article on the issue.
I can only wonder about the engineers that they convinced to put this scam together. Do they sleep at night? What's wrong with them? Are they just so useless and without skills that they are willing to do anything the lawyers and marketing people tell them? Listen guys, there are plenty of jobs here in Silicon Valley, and plenty more in other locations. There's no reason to stay at a place where they ask you to do things like that.
According to a recent PC World Online report, the Software Information Industry Association (which is known for supporting and receiving support from Microsoft in past especially in the area of software piracy; formerly known as the Software Publisher's Association) will release a set of guidelines for software practices on 02/03/98. The guidelines include 8 principles that were drawn up due to repeated requests from the government during the initial stages of the DOJ anti-trust case against Microsoft.
The guidelines included things like "don't announce vaporware", "don't use OS dominance to leverage other markets or favor internet content", "don't dictate design of target software in API specifications."
Microsoft blasted the guidelines in press reports saying that the SPA was against innovation by Microsoft, then reiterated their need to be able to squash competitors by including half hearted product clones ... yadda, yadda, yadda.
Anyway, the officials at SIIA were quite taken aback by this. They apparently were not directing their comments directly at Microsoft at all, but were rather taking more of a global tone. The guidelines are not law or an industry code of conduct but rather, just a reality check. Microsoft themselves were asked for input to ensure that the guidelines were balanced.
Anyone who reads these guidelines should realize that they apply to Apple, Sun, Digital, and IBM just as much as they do to Microsoft. Why does Microsoft feel that it is only meant to target them? Do you think perhaps because (1) They think/know that basically the entire industry is starting to move in a position against Microsoft (2) The can't comply with the guidelines because their entire business model revolves around breaking them.
Or is Gates simply paranoid?
In the DataBook for the WinChip processor (an x86 clone from Centaur, a subsiduary of IDT) they document the CMPXCHG8B instruction in a very unusual way:
In other words, Microsoft's code works correctly for Intel, but not for other processors (Intel's CPU work as expected without this totally bizarre inverted logic.) As such these other processors are forced to complicate matters in this way.
CMPXCHG8B is a useful OS management function (its good for implementing 64bit counting semaphores.) What this means is that in writing defective code for NT, they have caused CPU vendors to implement things in totally unexpected ways that will impede other OS developers.
My employer does not endorse anything on this page.