MS-DEFCON 3: Apply some updates, but hold off on others

I hate to do this.

Microsoft has made a mess of its giant April Black Tuesday set of patches.

Susan Bradley now has notes on 28 different patches, and it’s very hard wading through the good, the not-so-good, and the plainly disastrous.

Here’s what I recommend for most individuals. (Note that I DON’T recommend this for companies, where things like C++ redistributables can cause all sorts of headaches.)

Most people should download and install Internet Explorer 9, but DON’T USE IT. Use Firefox or Chrome or Safari or…. There’s one Security Bulletin regarding Internet Explorer version 6 to 8, and if you install IE 9 you won’t have to worry about it.

I suggest you go ahead and install all of the current Microsoft patches EXCEPT MS11-028, which you will see as KB 2446708, 2446709, 2446710, and/or 2446704 – Microsoft Update will probably recommend just one or two of them. These are all .NET patches, and once again they’re horrendously complicated. Avoid them for now. Don’t install them.

KB 2509470 is an Outlook 2007 patch that you won’t be offered because Microsoft pulled it. If you wait and Microsoft posts it again, and it’s offered to you, turn it down.

If you install the PowerPoint 2003 patch MS11-022 KB 2464588 and all of a sudden you can’t open PowerPoint files, you need to install the hotfix offered in KB 2543241.

I still don’t see any reason to install Windows 7 Service Pack 1.

So I’m moving us to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

Don’t pay for software you don’t need!

Part 1 is the lead story this week in Windows Secrets Newsletter.

After Microsoft’s latest re-org, who’s going to guide Silverlight?

ScottGu is changing divisions, leaving the Silverlight folks.

InfoWorld Tech Watch.

Why Microsoft was punished for a very profitable quarter

And an update on why I believe more than 40% of all new PCs ship without Windows 7. InfoWorld Tech Watch.

Microsoft fixes some of the April Black Tuesday problems

Gregg Keizer has the story, and some great comments, on Computerworld.

I’m sure glad you followed the MS-DEFCON rating and haven’t applied the April patches yet.

Google gains allies in the war over HTML5 video formats

It’s like Betamax vs VHS all over again, except this time it’s Microsoft and Apple (talk about strange bedfellows) vs Google and the open source community. InfoWorld Tech Watch.

The Making of a Fly: feedback loop gone wild

Anybody who’s heard a guitar screech at a rock concert knows about positive feedback loops.

Now you can watch one in real-time. Just don’t reach for your pocketbook.

UC Berkeley evolutionary biologist Michael Eisen has a fascinating blog post about Peter Lawrence’s The Making of a Fly, a paperback book published nearly 20 years ago, that discusses the molecular biology and genetics of Drosophila fly egg fertilization, differentiation, and ultimate emergence of a full-fledged fly. No, the feedback loop isn’t in the fly. It’s in the price of the book.

Eisen followed the listing for The Making of a Fly on Amazon, keeping track of its price. The book originally sold for $32.95, but it’s out of print. When Eisen found it on Amazon, the cheapest “New” copy he could find cost $ 1,730,045.91. Yes, you read that correctly.

At first I thought it was a joke – a graduate student with too much time on their hands. But there were TWO new copies for sale, each be[ing] offered for well over a million dollars. And the two sellers seemed not only legit, but fairly big time (over 8,000 and 125,000 ratings in the last year respectively). The prices looked random – suggesting they were set by a computer. But how did they get so out of whack?

When Eisen looked at the prices the next day, both of the prices had gone up. As the day marched on, so did the prices. First, one of the sellers would raise the price, then the other. Some very astute observation and a little bit of Excel revealed that two booksellers, bordeebook and profnath, were locked in an apparently-automated feedback loop.

Once a day profnath set their price to be 0.9983 times bordeebook’s price. The prices would remain close for several hours, until bordeebook “noticed” profnath’s change and elevated their price to 1.270589 times profnath’s higher price. The pattern continued perfectly for the next week.

Eisen goes on to speculate that bordeebook has a copy of the book, and they always want to undersell profnath by a small percentage. They thus peg their price, algorithmically, at 99.83% of profnath’s price. He further speculates that profnath doesn’t have the book, but they have a high sales ranking, and they can always buy the book and re-sell it, so they put their price at 27.059% more than bordeebook’s.

Eisen watched the price go up to $23,698,655.93.

The booksellers finally broke the feedback loop.

But, alas, somebody ultimately noticed. The price peaked on April 18th, but on April 19th profnath’s price dropped to $106.23, and bordeebook soon followed suit to the predictable $106.23 * 1.27059 = $134.97.

Did they learn their lesson? Apparently not.

As I write this, on April 26, the Amazon site only lists one new copy of The Making of a Fly. Bordeebooks has it available at a whopping $976.98. Since there’s only one new copy listed, bordeebooks must have a feedback loop based on some other criteria, and it’s still grinding away, raising the price of the book 820% in two weeks.

In addition, Amazon lists eight used copies of the book. One of them, from bordeebooks, is shown as “Used – Good” condition. It sells for… wait for it… $976.98, the same price as the new copy. A second used copy, from seller quality7 (do any of these guys capitalize their names?) in “Used – Very Good” condition will set you back a paltry $999.

The moral of the story: if your company adjusts prices dynamically, based on competitor’s prices, now would be a good time to make sure there’s some sense built into the feedback loop.

Or maybe you should consider writing a book about fly molecular biology.

Saying “goodbye” to Karen Kenworthy

I’m very sad to relay this message from Bill Kenworthy, Karen’s brother:

Dear Friends,

I suspect that many of you have noticed that the last issue of Karen’s Power Tools Newsletter was dated March 17, 2010, and you may have been anxiously awaiting another.

It is with great sadness that I write to tell you of Karen’s death on April 12, 2011, after a long struggle with several debilitations, including diabetes.

I know that Karen touched many of you with her kindness, wit, creativity and encouragement. She was a loving daughter, sister, aunt and friend. And she was a pretty darned good programmer, too. We are deeply grieving her loss.

For now, Karen’s server is still running, the programs she has written can still be downloaded, and donations can still be made through the website. We are also working to fill all CD orders that have been submitted or mailed. It is difficult to make business decisions while grieving. So, at this point, I cannot say what will be the future of KarenWare.com, except to say that we will certainly continue Karen’s commitment to safeguard your privacy as shown at the Privacy link of KarenWare.com.

Many of you have already written many kinds words of condolence and comfort. Please know that we greatly appreciate you. If you care to make a contribution in her honor, she was a long-time supporter of The Dohnavur Fellowship, a special children’s ministry in southern India. You can learn more about them at www.DohnavurFellowship.org.

All we ask is that you remember her whenever you take the case off of your computer, contemplate removing entries from your Windows Registry, listen to Bob Wills or Riders in the Sky, or wave and say “Hi!” to anyone on the ‘net.

May God richly bless you, as He has all those who knew Karen.

– Bill Kenworthy, Karen’s brother

Microsoft’s own numbers suggest declining Windows market share

Do the math, and tell me what you think.

InfoWorld Tech Watch.

Why Microsoft will buy part (but not all) of Yahoo

Microsoft, working in its well-honed Black Widow Spider mode, has sucked the soft part out of Yahoo. At least publicly, the Yahoolies don’t seem to have noticed that they’ve been out-manuevered by the Redmond Horde. But they have. Rumors are flying that Microsoft may make yet another bid for Yahoo. I don’t believe it. Microsoft already has everything it wants out of Yahoo, with one exception. I figure MS will join with several other companies and make a bid for Yahoo, soon. I also suspect MS won’t pay much, and won’t want much out of the transaction. Here’s why.

Last Tuesday night, Yahoo announced truly abysmal financial results. Yes, Yahoo’s stock shot up on Wednesday, and it’s been holding strong. The MarketBeat blog at Wall Street Journal says that analysts reacted positively to the Yahoo Earnings announcement, even though earnings fell somewhere between 6 and 8% from 1Q 2010 to 1Q 2011, depending on how you count. Revenue was down a whopping 24%.

The universally-acknowledged bugaboo, per Yahoo’s press release: “the required change in revenue presentation related to the Search Agreement and the associated revenue share with Microsoft. For transitioned markets (U.S. and Canada), Yahoo! now reports revenue associated with the Search Agreement on a net (after TAC) basis rather than a gross basis.” TAC is the Traffic Acquisition Cost, or the amount that Yahoo pays other parties to generate search revenue.

But the numbers speak for themselves, and the numbers don’t do Yahoo any favors. Display revenue is up, but search revenue – the part that got Binged – is down 19%, between 1Q 2010 and 1Q 2011. More than that, Yahoo may blame revenue sharing with Microsoft for its losses, but that 19% drop is simply money – it has nothing to do with TAC. Microsoft gets 12% of Yahoo’s search revenue, and the MS cut doesn’t have anything to do with TAC. For the details, see Greg Sterling’s analysis in his SearchEngineLand blog.

Taking the analysis one step further, Sterling shows that Yahoo’s search revenue has taken a long, sustained, steep drop since mid-2008. The Microsoft search deal only exacerbated an already-bad problem. As Sterling puts it, “In the end, I come away with — and sorry to say it — not a whole lot of faith in what Yahoo’s been saying, much less the grand master plan that outsourcing to Microsoft was going to save its search business. Yahoo still has substantial search traffic, but it remains dwarfed by Google while Bing has been closing the gap… there’s no doubt that Yahoo’s not in the driver’s seat on search.” This, in spite of the fact that Yahoo has a considerably larger share of the US search market than Bing. “[Yahoo]’s having to pray that its partner (which is also a chief competitor) will fix things to boost its revenue. If that doesn’t happen, what Microsoft has to pay out seems like pocket change.”

Look at it from the Microsoft side. Ballmer tried to buy Yahoo for $44.6 billion in February 2008, met fierce resistance – including a threat to sell Yahoo to News Corp and mingle with MySpace – then Microsoft gave up in May. In November 2008 the shotgun came out again, and it looked like MS and Yahoo were headed to the alter. Ballmer reportedly offered $20 billion for Yahoo’s search business – at the time Yahoo’s total market value was about $16 billion – but Yahoo, it’s said, wanted more. Yahoo co-founder and CEO Jerry Yang stepped down, replaced by Carol Bartz, and the deal fell through.

In July 2009, Microsoft and Yahoo reached a 10-year deal that moved Yahoo search to the Bing engine, in the US and Canada. Yahoo would pay Microsoft 12% of the gross revenue from all of the ads that run next to search results. Based on Yahoo’s results just announced, Microsoft got the better end of the deal: Bing more than doubled its market share, overnight – and Yahoo pays Microsoft for the privelege.

Yahoo still has the most-visited site on the Internet; according to Comscore, Yahoo just edged out Google and Microsoft as the most-visited site, from the US, in March 2011. Yahoo’s advertising revenue is doing well. Yahoo has $3.5 billion in cash, and owns big parts of Yahoo Japan and Alibaba.com. But the value of its search capability is seen almost universally as turning an enormous belly flop.

All of this has led to speculation that the sharks are circling, and Yahoo’s days as an independent company are numbered. Kara Swisher at All Things Digital has developed several possible scenarios.

Microsoft already has the most important piece of Yahoo, from their perspective – search market share. The other pieces of Yahoo aren’t nearly as compelling. But there are two missing parts, which lead me to believe that MS will be interested in participating in the dismembering of Yahoo.

First, MS hasn’t nailed down international search rights. The current search agreement only includes the US and Canada. International search is a key future sticking point for Bing, and owning part of Yahoo will help put yet another foot in the door.

Second, Microsoft doesn’t want to give Google even a tiny slice of the pie. Any pie. The best way to ensure that – to make sure that a Google-leaning exec doesn’t head up the reconstituted Yahoo, for example – is to have a stake in the company.

Softbank is chomping at the bit to consolidate its part of Yahoo Japan. Alibaba wants its shares back. No matter how you look at it, Yahoo is worth more in well-defined pieces than a jumbled hole. Microsoft didn’t start Yahoo’s downward spiral – I would argue that was inevitable, given Yahoo’s traditional businesses and the march of technology. But the Softies certainly sent a big piece of Yahoo into the trash bin. And the remainder is ripe for picking.

Black Tuesday server patches causing problems

Just in from reader GM:

Microsoft updated their articles and I updated our team with the following:

 

Security Bulletin MS11-028 – Critical – “Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)”

This is the actual update, but includes different individual patches depending on the OS (so not just limited to 2008 R1), such as:

• 2449742 à (Win Vista / 2008 R1)
• 2446709 à(Win 7 / 2008 R2)

 

kb2540222 – “Exchange Server, SQL Server, or PowerShell crashes after you install security update 2449742 or 2446709”

Microsoft has acknowledge the problem and has noted root cause, and resolution.

• Root Cause: This problem occurs when the broken version of Hotfix 979744 is installed on your computer, and when security update 2449742 or 2446709 (part of security bulletin MS11-028) is installed
• Resolution: (1) Confirm that the broken version of Hotfix 979744 is installed in your environment, and (2) Install the latest version of Hotfix 979744.  See KB article for details

Apple vs Samsung vs Apple

What if you sued your key supplier?

What if you were sued by – and decided to counter-sue – your second largest customer?

What if all of the legal fireworks exploded but you were still buying things from, and supplying products to, your major customer?

See my InfoWorld Tech Watch post.