Archive for March, 2015:

70-461 Querying Microsoft SQL Server 2012

QUESTION 1
You use Microsoft SQL Server 2012 to develop a database application. You create a table by using
the following definition:
CREATE TABLE Prices (
PriceId int IDENTITY(1,1) PRIMARY KEY,
ActualPrice NUMERIC(16,9),
PredictedPrice NUMERIC(16,9)
)
You need to create a computed column based on a user-defined function named udf_price_index.
You also need to ensure that the column supports an index. Which three Transact-SQL statements
should you use? (To answer, move the appropriate SQL statements from the list of statements to
the answer area and arrange them in the correct order.)
Build List and Reorder:

Answer:


QUESTION 2
You use Microsoft SQL Server 2012 to develop a database that has two tables named Div1Cust and
Div2Cust. Each table has columns named DivisionID and CustomerId . None of the rows in Div1Cust
exist in Div2Cust. You need to write a query that meets the following requirements:
* The rows in Div1Cust must be combined with the rows in Div2Cust.
* The result set must have columns named Division and Customer.
* Duplicates must be retained.
Which three Transact-SQL statements should you use? (To answer, move the appropriate
statements from the list of statements to the answer area and arrange them in the correct order.)
Build List and Reorder:

Answer:


QUESTION 3
You administer a Microsoft SQL Server 2012 database that contains a table named OrderDetail. You
discover that the NCI_OrderDetail_CustomerID non-clustered index is fragmented. You need to
reduce fragmentation. You need to achieve this goal without taking the index offline. Which
Transact-SQL batch should you use?

A. CREATE INDEX NCI_OrderDetail_CustomerID ON OrderDetail.CustomerID WITH DROP
EXISTING
B. ALTER INDEX NCI_OrderDetail_CustomerID ON OrderDetail.CustomerID REORGANIZE
C. ALTER INDEX ALL ON OrderDetail REBUILD
D. ALTER INDEX NCI_OrderDetail_CustomerID ON OrderDetail.CustomerID REBUILD

Answer: B


QUESTION 4
You develop a Microsoft SQL Server 2012 database. The database is used by two web applications
that access a table named Products. You want to create an object that will prevent the applications
from accessing the table directly while still providing access to the required data. You need to
ensure that the following requirements are met:
* Future modifications to the table definition will not affect the applications’ ability to access
data.
* The new object can accommodate data retrieval and data modification.
* You need to achieve this goal by using the minimum amount of changes to the existing
applications.
What should you create for each application?

A. views
B. table partitions
C. table-valued functions
D. stored procedures

Answer: A


QUESTION 5
You develop a Microsoft SQL Server 2012 database. You need to create a batch process that meets
the following requirements:
* Returns a result set based on supplied parameters.
* Enables the returned result set to perform a join with a table.
Which object should you use?

A. Inline user-defined function
B. Stored procedure
C. Table-valued user-defined function
D. Scalar user-defined function

Answer: C

MCTS Training, MCITP Trainnig

Best Microsoft MCSE: Business Intelligence Certification, Microsoft 70-461 Training at certkingdom.com

Posted in: MCSE

Continue Reading

Google Inbox: A guided tour

This guide compares and contrasts Gmail with Inbox to help you get started with what could become Google’s next-generation email service.

Inbox
Inbox is Google’s new experimental email service that’s currently open to the public to try out, if you request an email invite. It’s meant to present your incoming emails in a way that’s more personally relevant, but it can be a tad confusing learning how to use it. The Inbox UI is not immediately intuitive, but once you get the hang of it, Inbox can be a powerful tool. If you are already familiar with Gmail, this guide compares and contrasts Gmail with Inbox to help you get started with what could become Google’s next-generation email service.

Say hello to Bundles
With Gmail, an algorithm analyzes the contents of your incoming emails to sort them into four label categories: Primary, Social, Promotions and Updates. (There’s a fifth, Forums, which is not activated by default.) 

Inbox categories are referred to as Bundles. There are several more labels/bundles that the Inbox sorting algorithm puts your incoming emails into: Travel, Purchases, Finance, Social, Updates, Forums and Promos.

Tabs out, Timeline in
In the web version of Gmail, the label categories are presented as tabs under which incoming emails are grouped. In the mobile version, you swipe in or tap the three-bar icon to access these categories. With both the web and mobile versions of Inbox, emails that the algorithm doesn’t drop into a pre-existing Bundle, email threads, and Bundles themselves are all shown in a vertically scrolling timeline. Bundles are ordered based on the most currently dated incoming email.

More robust presentation
With Gmail, your emails are simply listed by their subject headings. With Inbox, your emails are shown in a far more robust way. In the website version, uncategorized emails, email threads, and Bundles are shown as a series of horizontal bars. In a Bundle, the horizontal bar lists the sender names or email addresses of the emails that are grouped within it. Email attachments are depicted as large icons. Clicking/tapping the icons for Google Drive or Microsoft Office files, or PDFs, will load most of them into a viewer. Attached pictures or video files, and certain links embedded within the email are shown as thumbnails.

Customization options
In Gmail, you can create a customized label and designate which incoming emails get tagged with it, based on things like sender email addresses or names, subject headings, or keywords in their message bodies). But in the website version of Gmail, these labels cannot be set to appear as tabs alongside the label categories already included with Gmail. With Inbox, not only can you create your own Bundles into which your incoming emails can be grouped, your custom Bundles can also be set to appear on the timeline.

Highlighting or stowing away your emails
In Gmail, when you mark an email to “archive,” it’s removed from the inbox, but stored for later retrieval under the label “All Mail.” Gmail also lets you mark an email or email thread with a star, which then files it under the Starred label. The engineers of Inbox appear to have rearranged Gmail’s archiving and starring functionalities into two features: You can mark an incoming email or email thread as “done” by clicking/tapping the checkmark icon. You can also mark all the emails in a Bundle by clicking/tapping the Sweep icon, the checkmark with three lines. Either way, emails or Bundles marked done are removed from the timeline and filed under the “Done” label.

Snooze alarms
Two new features in Inbox have no equivalents in Gmail. When you “snooze” an email, it’s removed from the timeline and will reappear tomorrow, next week, “someday” (the Inbox algorithm will determine when it should show you the email again), or on another day and time of your choosing. Under the mobile app version of Inbox, you can also set a snoozed email to reappear when you arrive at a location, like your home or office. 
Reminders are simple message alerts you write to yourself, which will appear at the top of the timeline on a day and time that you pick.

What’s missing?
It would be nice to have a one-click button to select all emails and/or Bundles on the timeline, or a button on the timeline to send all emails and/or Bundles to the trash: This seems to be less of an oversight on the part of the Inbox engineers, and more of a way to slow you from throwing away your emails. Why? So that Google’s algorithms can continue to sort through your unread emails, we presume. 
Likewise, the Inbox mobile app won’t let you trash an email, email thread or Bundle by swiping its horizontal bar on the timeline off the screen. (Swiping will only let you either mark an email/email thread as done or to set it to be snoozed. Swiping a Bundle will mark all the emails within it as done.)


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Posted in: Google
Tags: , , ,

Continue Reading

The Big Question Rises How To Become Microsoft, Cisco, ComTIA Certified

The big question rises how to become the Microsoft certified , All Microsoft certifications are acquired by simply taking a series of exams. If you can self-study for said exams, and then pass them, then you can acquire the certification for the mere cost of the exam (and maybe whatever self-study materials you purchase).

You’ll also need, at minimum (in addition to the MCTS), the CompTIA A+, Network+ and Security+ certs; as well as the Cisco CCNA cert.

Microsoft Certified Technology Specialist (MCTS) – This is the basic entry point of Microsoft Certifications. You only need to pass a single certification test to be considered an MCTS and there are numerous different courses and certifications that would grant you this after passing one. If you are shooting for some of the higher certifications that will be discussed below, then you’ll get this on your way there.

Microsoft Certified Professional Developer (MCPD) – This certification was Microsoft’s previous “Developer Certification” meaning that this was the highest certification that was offered that consisted strictly of development-related material. Receiving it involved passing four exams within specific areas (based on the focus of your certification). You can find the complete list of courses and paths required for the MCPD here.

Microsoft Certified Solutions Developer (MCSD) – This is Microsoft’s most recent “Developer Certification” which will replace the MCPD Certification (which is being deprecated / retired in July of 2013). The MCSD focuses within three major areas of very recent Microsoft development technologies and would likely be the best to persue if you wanted to focus on current and emerging skills that will be relevant in the coming years. You can find the complete list of courses and paths required for the MCSD here.

The Microsoft Certifications that you listed are basically all of the major ones within the realm of development. I’ll cover each of the major ones and what they are :

Most people, however, take some kind of course. Some colleges — especially career and some community colleges — offer such courses (though usually they’re non-credit). Other providers of such courses are private… some of them Microsoft Certified vendors of one type or another, who offer the courses in such settings as sitting around a conference table in their offices. Still others specialize in Microsoft certification training, and so have nice classrooms set up in their offices.

There are also some online (and other forms of distance learning) courses to help prepare for the exams.

The cost of taking classes to prepare can vary wildly. Some are actually free (or very nearly so), while others can cost hundreds of dollars. It all just depends on the provider.

And here’s a Google search of MCTS training resources (which can be mind-numbing in their sheer numbers and types, so be careful what you choose):

There are some pretty good, yet relatively inexpensive, ways to get vendor certificate training. Be careful not to sign-up for something expensive and involved when something cheaper — like subscribing to an “all the certificates you care to study for one flat rate” web site — would, in addition to purchasing a study guide or two at a bookstore, likely be better.

If you want a career in IT, then you need to have both an accredited degree in same (preferably a bachelors over an associates), and also a variety of IT certifications. The MCTS is but one that you will need.

You should probably also get the Microsoft MCSE and/or MCSA. The ICS CISSP. And the ITIL.

There are others, but if you have those, you’ll be evidencing a broad range of IT expertise that will be useful, generally. Then, in addition, if the particular IT job in which you end-up requires additional specialist certification, then you can get that, too (hopefully at the expense of your employer who requires it of you).

Then, whenever (if ever) you’re interested in a masters in IT, here’s something really cool of which you should be aware…

There’s a big (and fully-accredited, fully-legitimate) university in Australia which has partnered with Microsoft and several other vendors to structure distance learning degrees which include various certifications; and in which degrees, considerable amounts of credit may be earned simply by acquiring said certifications. It’s WAY cool.

One can, for example, get up to half of the credit toward a Masters degree in information technology by simply getting an MCSE (though the exams which make it up must be certain ones which correspond with the university’s courses). I’ve always said that if one were going to get an MCSE, first consult the web site of this university and make sure that one takes the specific MCSE exams that this school requires so that if ever one later decided to enter said school’s masters program, one will have already earned up to half its degree’s credits by simply having the MCSE under his/her belt. Is that cool, or what?

I wouldn’t rely on them over experience (which is far and away the most valuable asset out there) but they are worth pursuing especially if you don’t feel like you have enough experience and need to demonstrate that you have the necessary skills to land a position as a developer.

If you are going to pursue a certification, I would recommend going after the MCSD (Web Applications Track) as it is a very recent certification that focuses on several emerging technologies that will still be very relevant (if not more-so) in the coming years. You’ll pick up the MCTS along the way and then you’ll have both of those under your belt. MCPD would be very difficult to achieve based on the short time constraints (passing four quite difficult tests within just a few months is feasible, but I don’t believe that it is worth it since it will be “retired” soon after).

No job experience at all is necessary for any of the Microsoft Certifications, you can take them at any time as long as you feel confident enough with the materials of the specific exam you should be fine. The tests are quite difficult by most standards and typically cover large amounts of material, but with what it sounds like a good bit of time to study and prepare you should be fine.

Certifications, in addition to degrees, are so important in the IT field, now, that one may almost no longer get a job in that field without both. The certifications, though, are so important that one who has a little IT experience can get a pretty good job even without a degree as long as he has all the right certs. But don’t do that. Definitely get the degree… and not merely an associates. Get the bachelors in IT; and make sure it’s from a “regionally” accredited school.

Then get the certs I mentioned (being mindful, if you think you’ll ever get an IT masters, to take the specific exams that that Strut masters program requires so that you’ll have already earned up to half the credit just from the certs).

If you already have two years of experience in working in the .NET environment, a certification isn’t going to guarantee that you will get employed, a salary increase or any other bonuses for achieving the honor. However, it can help supplement your resume by indicating that you are familiar with specific technologies enough to apply them in real-world applications to solve problems.

If your ready for career change and looking for Microsoft MCTS Training, Microsoft MCITP Training or any other Microsoft Certification preparation get the best online training from Certkingdom.com they offer all Microsoft, Cisco, Comptia certification exams training in just one Unlimited Life Time Access Pack, included self study training kits including, Q&A, Study Guides, Testing Engines, Videos, Audio, Preparation Labs for over 2000+ exams, save your money on boot camps, training institutes, It’s also save your traveling and time. All training materials are “Guaranteed” to pass your exams and get you certified on the fist attempt, due to best training they become no1 site 2012.

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft MCTS Training at certkingdom.com

Posted in: MCITP, MCSA, MCSE, MCTS, Microsoft, Mozilla, MTA
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Continue Reading

Smartphones are about to become network hubs

Broadcom’s latest chipset will run 2.4 and 5 GHz Wi-Fi simultaneously. That changes everything in terms of media bandwidth and multiple IoT connections.

Here’s the quandary with smartphones: despite featuring copious radios within, such as Bluetooth, Wi-Fi over both the 2.4 and 5 GHz bands, 4G LTE, Near Field Communication (NFC), and so on, the radios with the most propensity for delivering media don’t work together.

The two Wi-Fi bands found in today’s smartphones generally aren’t used at the same time. The issue has been related to needing two antennas connected at the same time for the different bands. It’s because the frequencies used have very different characteristics.

This dual-band limitation is about to change, for a couple of reasons.

Firstly, the newest routers, or wireless access points, that are being sold are already kitted with the two radios and antennas configured to work together at the same time. I wrote about a few of these monsters recently in a post titled “Is it time to move to beamforming 802.11ac?”

And secondly, new modem chipsets are now coming along that will, pretty much for the first time, do the same thing at the smartphone end.

Broadcom has just announced a Wi-Fi Multiple Input Multiple Output (MIMO) combination modem chip with what it calls Real Simultaneous Dual Band (RSDB) for mobile devices. The BCM4359 lets phones transmit and receive over two Wi-Fi bands simultaneously.

Smartphone as hub
Why? Well, there are considerable advantages to using both Wi-Fi bands at the same time. The obvious one is that by combining the bandwidth available you can increase speeds and throughput.

However, there are some secondary benefits that promise to play out too.

The smartphone could become a “network controlling hub,” David Recker, a Broadcom executive told Kevin Fitchard at Gigaom.

Recker thinks that by letting phones connect to Wi-Fi along two paths, in other words the 2.4 and 5 GHz bands, the phone could become the hub of the two connections. You could use the phone to download a video over Wi-Fi from the internet while simultaneously streaming it to a living room television.

Or, he says, you could connect a smartwatch to a phone in order to check email and listen to streaming music at the same time—all via nice bandwidth-friendly Wi-Fi.

Bluetooth
This prophecy clearly has implications for Bluetooth, which has been a viable way to keep multiple connections going on a smartphone.

Listening to music on a smartphone via Bluetooth while browsing the internet with Wi-Fi has been a solution used by media consumers since before the iPhone. That’s how I did it on a 2006 Palm Treo.

However, Wi-Fi is faster and can have longer range. Having two of those fatter Wi-Fi pipes going at once has advantages for video and gaming at home.

Before you utter a word, I’m not saying Bluetooth doesn’t have a valuable role to play in IoT.

Internet of Things
Which leads us to IoT. If the IoT in our future is going to be using Wi-Fi—and the jury’s still out on that one—then it’s going to need a bunch of pipes. One probably won’t be enough for two-way, latency-prone media multi-tasking, along with home automation and everything else we’re expecting.

Based on convenience, too, the smartphone thus becomes an IoT hub. Who’s going to break the news to the fridge?


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


Continue Reading

What happens inside Amazon when there’s a Xen vulnerability

Twice in the past six months AWS has had to reboot some of its cloud servers because of a Xen vulnerability.

Amazon Web Services last year was estimated by Gartner to be five times bigger than its next 14 competitors combined. That’s a lot of virtual machines. And they all run on a customized version of the open source Xen hypervisor, so when the Xen code has a security vulnerability, that’s a big deal for AWS.

In the past six months AWS has twice had to reboot some of its Elastic Compute Cloud (EC2) servers because of a Xen vulnerability. In September, 2014 about 10% of EC2 instances were rebooted and just this week AWS announced that about 0.1% of instances had to be rebooted to install a security patch. That may not sound like a lot, but at the scale AWS operates, it’s still a large number.

Verify the vulnerability
AWS is a big user of Xen code, so company officials are some of the first to hear about Xen vulnerabilities that are identified in the open source community. When that occurs the first job for Schmidt’s team is to determine if it will impact AWS. The company is notified of all the Xen vulnerabilities on a regular basis before they’re made public. This allows the company to determine if the vulnerability is applicable to AWS and if so develop and install a patch.

“Xen is a huge software package and there are many aspects that AWS does not use,” Schmidt said.

Most of the Xen vulnerabilities do not apply to AWS because the company has developed its own custom version of Xen. AWS has stripped out all the features of Xen that it doesn’t need, both in order to customize the performance of the open source code to the company’s unique use case, and to limit its exposure to vulnerabilities.

But AWS does something else, too: It doesn’t just use one flavor of Xen, it uses many.

“We intentionally build our fleet differently across (the service),” he said. “You don’t want everything to be homogeneous because if it is then if a problem effects the fleet, it effects everything.” AWS has different custom versions of Xen deployed across different services and regions, and none of them are the vanilla open source code.

If the AWS cloud is impacted then the company tries to hack itself.

“We generate a test scenario to determine if we can trigger the vulnerability,” Schmidt said. Then, extensive testing is done to determine if the vulnerability has been used against AWS.

Meanwhile, other teams of security engineers are already building a patch and testing it across all the variants of Xen that AWS runs to ensure it meets security and performance requirements.

Sometimes the process of installing the patch requires a reboot, as it has twice in the past half-year. Just like on a common PC, some updates and patches require a reboot and others don’t. The majority of patches AWS implements do not require a reboot; AWS has architected its system to minimize the reboots necessary to patch its services.

“We try very hard not to reboot,” Schmidt said. If Schmidt’s team finds it “technically infeasible” to install the patch without a reboot, then it notifies customers which services will be restarted.

The dreaded reboot

“It was very straightforward,” Schmidt said, referring to the September issue. “We couldn’t find a way to patch the service without rebooting, so we had to do it.”

Complicating efforts in situations like this is the fact that AWS has to inform customers that some of their EC2 instances need to be rebooted, but they can’t say why. AWS can’t announce the vulnerability to the world and expose itself or other Xen users.

Customers should be ready for a reboot at any time though and there are steps users should take to ensure their systems can withstand a reboot or VM failure. One is to design their systems to be stateless so that if there is a reboot or a VM failure that the application fails over to healthy VMs without skipping a beat.

Back in September Network World spoke with a handful of AWS users and most survived the reboot without a major issue. Born-in-the-cloud apps tend to be resilient to failure; legacy apps that have been migrated tend to have more trouble.

Schmidt said AWS is always looking to improve its services: both technically to ensure it doesn’t have to reboot VMs, and it is working to keep customers better informed. Part of that process includes sponsoring academic research, including some leading studies into how Xen servers can be hot-patched without requiring a reboot.


 

MCTS Training, MCITP Trainnig

Best Microsoft MTA Certification, Microsoft 98-375 Training at certkingdom.com


Continue Reading

20 epic Microsoft Windows Automatic Update meltdowns

20 Windows Automatic Updates from hell

Fifteen years ago, Microsoft introduced automatic updating to the unwashed Windows masses. Fifteen years later, it’s hard to find a Windows user who hasn’t bumped into at least one problem with a Windows update or knows someone who has. That’s a billion and a half people.

From inscrutable driver problems to bricked machines and everywhere in between, Automatic Update is a poster child in “what’s wrong with Windows” circles — rightfully so.

Hope springs eternal that Windows 10 will finally bring relief, but much depends on the determination and deep pockets of Those in Charge. One thing’s for sure: In the land of Win10 milk and honey, customers don’t want to be treated like cannon fodder.

Here’s my take on the 20 worst Microsoft Automatic Update patches of all time. Based on either the amount of pain inflicted or the number of people afflicted — or both — they deserve their notoriety.

Those who cannot remember the past are condemned to repeat it.

November 2001: The UPnP patch debacle
Microsoft introduced Windows automatic updating as one of the great new benefits in Windows Me, around September 2000. A year later, we were treated to a Keystone Kops episode in the guise of MS01-059 — ostensibly, a patch to the Windows Universal Plug ‘n Play subsystem that prevented a buffer overrun. In fact, I think it was the first (though hardly the last) security bulletin conceived and scripted by Comedy Central.

Microsoft patched, repatched, and re-repatched the patch. The FBI’s National Infrastructure Protection Center followed along like a kid cleaning up after his dog: NIPC issued a warning about the security hole, an update, another update, and ultimately an advisory that Microsoft had finally solved the problem.

April 2004: Windows 2000 bricked
In April 2004, Microsoft sent a slew of patches down the automatic update chute, one of which (MS04-014) locked up a sizable percentage of all Windows 2000 machines. That patch was supposed to fix a hole in the Jet Database Engine.

Knowledge Base article 841382 tells the tale:

[Y]ou may experience any one of the following symptoms:

• Your computer appears to stop responding at startup.
• You cannot log on to Windows.
• Your CPU usage for the System process approaches 100 percent.

The company sure plugged that one.

April 2006: The pretax predicament
On Black Tuesday in April 2006, Microsoft released MS06-015, a patch for Windows Explorer. By the weekend, most Windows users with Automatic Update turned on got it — right across the face. The weekend before tax day, many Windows customers found they couldn’t navigate to the Documents or Pictures folder, couldn’t open or save files, had to type http:// into Internet Explorer to keep it from freezing, and much more.

We ultimately discovered that the patch messed up any machine with an older HP scanner program or an older Nvidia video driver.

Microsoft’s ultimate workaround (KB 918165) included a manual fix procedure that any computer-science grad would be proud to explain, if they can figure it out.

April 2006: Windows Genuine Spyware — er, Advantage
Microsoft uses the Automatic Update channel (and permissions) to install Black Tuesday security patches, as well as non-security-related patches. My favorite example came in late April 2006, when somebody at Microsoft decided Automatic Update would be a great way to install the new Windows Genuine Advantage, uh, feature.

That version of WGA (in addition to throwing off bogus “not genuine” messages) installed a component called WGA Notification that phoned home — sent information to Microsoft about the current computer — with absolutely no notification to or approval from the customer. Lawsuits ensued. I called it Windows Genuine Spyware.

August 2006: The IE patch that created a new buffer overflow hole in IE
Let’s hear it for MS06-042, the cumulative security update for Internet Explorer that not only caused IE to crash, but also introduced a security hole of its very own.

In late August, Microsoft owned up to problems in KB 923762: the part where IE6 crashes while looking at a valid website. Solution? Install the latest, greatest version of MS06-042.

Then in September, Microsoft had to reissue the patch again to “address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow — CVE-2006-3873.”

KB 918899 lists 15 separately identified problems with this patch, from crashes to freezes to inexplicable behavior.

December 2007: Internet Explorer crashes on sites with lots of graphics — like msn.com
Yet another cumulative security update for IE, MS07-069 patched IE so well that many WinXP SP2 customers reported IE6 freezes on sites with many graphics. If you had automatic updates turned on and were running plain-vanilla WinXP SP2, after the patch was installed, you couldn’t let IE go to the default IE6 home page, msn.com.

If you installed the patch for Internet Explorer 7, your (third-party) firewall might not have recognized IE. As a result, it may have kept IE from going out to the Internet. IE produced the marvelously informative error message “Webpage cannot be displayed.”

It took weeks, but Microsoft finally acknowledged the problem and posted a downloadable fix program in KB 946627.

April 2008: Quicken suddenly stops working
Nobody seems to know why, but Microsoft suddenly released the .Net 2.0 Service Pack 1 on a Thursday, one week before tax time, via the automatic update chute. The patch itself had been available as an optional, manual download for months, but somebody flipped the auto update switch.

Within minutes, Quicken users were complaining. QuickBooks got hit, as did TurboTax and software from Commerce Clearing House.

How bad was it? If you were bit, uninstalling, then reinstalling QuickBooks didn’t solve the problem. You had to uninstall, then reinstall .Net 2.0 — if you could get it to uninstall.

All through 2009, 2010, 2011: Bad .Net patches
Over and over again, we saw botched .Net patches — some refused to install, others left .Net dead, others clobbered programs that relied on .Net. It started in January 2009 with a patch that claimed to push .Net Framework 3.5 to Service Pack 1, but didn’t.

Another patch, in March 2009, also identified as .Net Framework 3.5 SP1, installed .Net Framework 2.0 SP2 and .Net Framework 3.0 SP2 as well. It was an unholy mess that had us going in circles for months.

We saw many more .Net patching problems in 2010 and 2011, all compliments of Automatic Update.

March 2009: The XP AutoRun blocker that didn’t
It took Microsoft forever to post a patch that disabled AutoRun in Windows XP. AutoRun, indicted as the culprit behind mass Conficker infections, deserved to die, but Microsoft’s first and second attempts to talk people through the disabling procedure didn’t work.

The final solution is so incredibly convoluted that pages of KB 967715 are devoted to explaining the interactions of all the patches, both delivered via automatic update and manually downloaded. It’s complicated. Bottom line: If you installed only one automatic update, you might’ve thought that you fixed AutoRun, but you didn’t. It took several patches over several months to finally get it right.

December 2010: Patch brings down Task Scheduler
MS10-092 was an innocuous patch, designed to plug a hole in Windows Task Scheduler.

But shortly after people started installing it, they saw messages saying, “The task image is corrupt or has been tampered with.” In some cases, the task was killed. In other cases, the machine froze. Simply uninstalling the patch didn’t solve the problem — great prelude to the holiday season.

KB 2305420 has pages and pages of manual workarounds.

January 2011: A reliability update that wasn’t
On January’s Black Tuesday, Microsoft pushed a nonsecurity patch into the Automatic Update black hole. Known as KB 2454826, Microsoft claimed it was a “performance and functionality update.” Details about the patch at the time were sketchy, but the 0x7F blue screen crashes weren’t.

Microsoft’s advice: Manually uninstall the patch. That’s your reward for turning automatic updates on, bucko.

It wasn’t until the next month that we discovered the real reason why Microsoft pushed this nonsecurity patch out the Black Tuesday chute: It’s a prerequisite for installing the Internet Explorer 9 Release Candidate, which Microsoft was flaunting at the time.

April 2012: TurboTax won’t print
Just before tax day — tell me if this is starting to sound familiar — Microsoft released MS12-025, yet another botched .Net patch.

(For the sake of brevity, I didn’t bother to list separately MS10-070, MS11-039, MS11-044, MS11-066, or MS11-069, all of which were incredibly botched .Net patches.)

This particular patch kept TurboTax from printing tax forms … on tax day. #epicfail

May 8, 2012: Duqu patch installation failure
A massive patch known as MS12-034 (with many associated KB numbers) left some Windows customers who used Automatic Update wondering what had gone wrong. Some found that the installer failed with an Error Code 0x8007F0F4. When they checked the KB 2686509 support article, they were instructed to delete a keyboard log file. Many people couldn’t find the file.

The instructions in KB 2686509 go on for pages, explaining how to modify and move keyboard layout files — in response to a known, anticipated error thrown off by the installer. Microsoft finally got around to creating a Fix it that made the patching easier. But lots of unsuspecting Windows consumers wasted hours trying to make heads from tails out of this automatically updated disaster.

February 2013: Blue screens on Internet Explorer 9
Once again, Microsoft threw a bunch of machines into a tizzy by releasing a nonsecurity patch on the fourth Tuesday of the month — and sending it down the Automatic Update chute.

This time, KB 2670838, a “Platform Update for Windows 7 x64-Edition” messed with IE9 so badly that it would put a black bar on the right side of the screen. Click on the bar, and your PC died with a blue screen.

Fortunately, the fix is to uninstall the bad patch.

April 2013: More blue screens
This time, MS13-036/KB 2823324 — a Black Tuesday security patch designed to replace a kernel-mode driver — triggered all sorts of bogus warnings and frequently froze machines. Primary suspects include a common IE add-in from Brazil and Kaspersky Antivirus.

Microsoft pulled the patch, then issued a replacement patch: “Microsoft has released security update 2840149. This security update resolves the issue that was introduced by security update 2823324.”

August 2013: The biggest, baddest bungled batch ever
Within 48 hours of the month’s automatic update, Microsoft publicly admitted six Windows patches were bad and pulled four of them, all associated with MS13-066 and Active Directory Federation Services.

As far as I can tell, that’s a record. It’s not only a record for bad patches. It’s a record for how quickly Microsoft acknowledged, documented, and in some cases, pulled the offending patches. We’ve seen bad Patch Tuesdays since, but this one stands out, in both good and bad ways.

November 2013: Outlook 2013 gets special treatment
One of the patches in the November 2013 set caused no end of problems with Outlook 2013 — Outlook hangs when trying to sync IMAP accounts; Out of Office replies on Exchange Server triggered “currently unavailable” messages; Free/Busy data for the Outlook Calendar didn’t download; S/MIME certificates wouldn’t validate; and more.

Unfortunately a second patch released in the November crop made it impossible to fix all of those Outlook 2013 problems by simply uninstalling the bad patch. In the end, users in the know discovered they could resuscitate Outlook 2013 by uninstalling both patches, then deleting and rebuilding the Outlook profile.

Microsoft, which did so well in August — “well” in the sense it cleaned up quickly — really blew it in November.

May 2014: Windows 8.1 Update won’t install, Microsoft backs off its deadline
In a scene straight out of Dante’s “Inferno,” Microsoft cracked the whip and told all Windows 8.1 users that they had to install the KB 2919355 update (so-called Win8.1 Update 1) by May 13, or they wouldn’t get any new patches. Predictably and with much wailing, a vocal subset of Windows 8.1 customers discovered Update 1 wouldn’t install, for love nor money — or anything resembling either or both.

Quite dramatically (tell me if you can visualize the seventh ring), Microsoft finally relented on May 12 and said it would allow the tardy minority to receive updates — but only this one last time.

(I think it’s poetic justice that Win 8.1 Update 2 stalled, then fizzled completely, ultimately leading to a re-release that didn’t do much.)

August 2014: Blue screens all around, Microsoft recommends you manually yank the patches
Four patches in August were credited with driving blue screens on Windows 7, 8, 8.1, and RT machines. Microsoft pulled the patches on Sunday, then issued a very unusual notice, buried deep in a Knowledge Base article: Even if you weren’t having any problem with the patches, you were supposed to manually uninstall them.

Apparently the patches continue to cause problems, even after they were installed, in certain unusual circumstances.

It’s a bit much to tell your Aunt Mabel to manually uninstall a handful of patches, based on a warning in a KB article, but there you have it.

December 2014: Roughly a quarter of all the patches this month generated problems
With only a few of the bad patches fixed before the end of the year, December 2014 represents the worst combination of bad patches and lackadaisical responses I can recall. In response to the unprecedented number of screw-ups, Microsoft pulled a few patches, released two Fix its, created a Silver Bullet patch that specifically killed one of the bad patches, and wrote up numerous manual work-arounds.

Even at this late date, more than two months later, the problems brought down on Excel macro programmers haven’t been fixed.

Would you say Automatic Update is getting better?

Come out of the Automatic Update cave and into the light
That’s by no means an exhaustive list. Some problems are inevitable when you’re dealing with a Windows hardware and software gene pool that looks like the La Brea Tar Pit, but I think you can draw three important conclusions:

First, patching Windows is hard.

Second, Microsoft needs to do a better job of tracking and reporting on problems as they appear.

Third, for Pete’s sake, set Automatic Update to Notify but Don’t Download on any machine controlled by a reasonably savvy Windows jockey.

If somebody tells you differently, point them to this list. If they’re still convinced Automatic Update is the way to go, ask them to refrain from dragging their knuckles on the floor.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


Continue Reading

Follow Us

Bookmark and Share


Popular Posts