Earlier today, reports were flying all around the blogosphere about a critical, holy-crap-its-the-apocalypse bug that had been uncovered in the Windows 7 RTM.

The bug happens when running chkdsk - which becomes RAM-hungry under certain specific circumstances, gets all crazy-like, then causes a BSOD (which I argue is more like a feature of Windows than a bug). Chris123NT posted the news yesterday on his blog, but it took a few hours for the sensationalism to begin. A post at InfoWorld said the bug "risks derailing the Windows 7 product launch."

Oh, crap! We're all in trouble! Or are we?

As it turns out, the only way this really qualifies as a "showstopper" is by virtue of the fact that Ed Bott had to stop what he was doing to show people why it's not. Here's a brief summary:

• The bug only occurs when running chkdsk /R on a non-system drive. The /R? That's to recover data from damaged sectors and relocate it.
• That being the case, single-drive, single partition systems (like 90% of those I repair on a daily basis) are immune to the bug.
• To pull off the chkdsk /r you first have to run an elevated command prompt (which most users won't know how to do), then ignore the warning about the drive being locked, then allow the entire check to complete.
• The InfoWorld post admits that the author "did not succeed in causing the systems to "blue screen" as others have reported." System did slow to a crawl due to lack of available RAM, but there was no Earth-shattering kaboom.
• Reports of this happening when a removable drive is inserted have been greatly exaggerated. When Windows asks if you want to scan and fix? Nothing bad happens.

When Microsoft first announced its Windows Home Server product, it sounded rather appealing to many users. Rather than having to go through the trouble of setting up, say, a Debian server, it became possible to run a powerful server using a familiar environment.

At least that was the concept. However, a distressing bug has surfaced on the Microsoft Knowledge Base. According to the article, Windows Home Server can corrupt or eat files created by several popular Microsoft applications, Quicken, Quickbooks and even Bittorrent downloads, yikes!

We'd think people might want to be able to reliably save such obscure things as pictures, presentations, and torrents on a home server, but maybe we're just weird like that.

[Via Computer World]

Leopard may indeed be a hit, what with selling 2 million copies its first weekend, but it's still a new OS release and is certainly not without glitches. For many users (including a few of us here at Download Squad), one of the most frustrating bugs is Leopard's incompatibility, in any web browser, scripts which use the FileReference.upload() function. What does this mean? Well it means that multi-uploads in Flickr and general uploads in liveBooks or any other site using a script with the FileReference.upload() function do not work. Period. This goes for Safari, Firefox, Camino and Opera.

Adobe has acknowledged the problem and promises that a fix is forthcoming (though the date of such fix is unknown), but this still leaves many users in a lurch.

As far as we know, the only partial workaround that exists is to put the Flash 8 Universal Preview Beta plugin in the ~/Library/Internet Plug-ins folder (renaming the existing Flash plug-in, if it exists, and also renaming the flashplayer.xpt file) - but users should be cautioned that this pseudo-solution is EXTREMELY UNSTABLE. After experiencing frequent browser crashes and kernel panics, we stopped using the old plug-in - even in a separate user account - because the trade-off just wasn't worth the ensuing hassle.

We'll keep you updated on any patches or new workarounds as they develop.

Update: Adobe has released an update that fixes the issue. This is a release candidate prerelease, so you may still find a few bugs, but at least you can upload all of your embarrassing Halloween pictures to Flickr en masse.

Do you have a Google bug that's been driving you up the wall? Matt Cutts may be offering the bug spray you need. Cutts is lead of the search giant's Webspam team, and he's asking openly and honestly on his blog for Google lover's everywhere to tip him off to ghosts in the Google machine.
Matt writes, "Just to be clear, pruning will be ruthless for this post: I only want to see specific queries that seem to show bugs, and the more concisely you can explain something, the better. I'll probably keep just the first example of what looks like a bug. I've got a meeting at noon tomorrow to talk about search bugs, so I'll probably lock the comments after that."

So, hurry up and get your Google bugs in before the window closes.

Windows Vista is garnering some interesting reviews, but the latest from Forbes' Stephen Manes probably isn't going to get framed on Steve Ballmer's wall anytime soon (that could simply be due to a lack of space though). Stephen chose a fairly transparent title of "Dim Vista" for his review, setting the stage for a long list of usability gripes and tales of staggering un-wow-edness. Stephen finds problems in everything from the Windows Firewall not recognizing when a 3rd party firewall is active, the Control Panel being needlessly redesigned yet again and even WordPad no longer being able to open .DOC Word files. And that's all before he gets to the bugs, quirks and other broken pieces of this nearly 6-year venture.

While Stephen's review doesn't have a happy ending, it could serve as a cautionary tale for anyone still considering a move to Vista. At the very least, Stephen recommends waiting until Service Pack 1, and with the way things are shaping up, we're tending to agree.

About a month after the business release of Windows Vista, and a month before its consumer release, hackers and security researchers have uncovered at least six major security flaws in Microsoft's brand new operating system, the New York Times is reporting. Among flaws discovered are one that allows malicious sites to install malware on a victim's computer and one that allows user permissions to be altered on a corporate network, which could allow malware to be installed without authorization. In addition, one Japanese hacker is offering to sell Vista security flaws for $50,000.

I'm not sure whether Microsoft will have a chance to update Vista before it ships to consumers on January 31, or whether they will package fixes as mandatory updates that will be installed as soon as a new Vista PC connects to the internet. Or whether they'll just plug their ears and continue to proclaim that Vista is the most secure OS ever.

[Via Monkey Bites via Street Tech]

Symantec has collected evidence of an attack in progress from a new bot that is exploiting multiple bugs that have been around for a few months. Including a bug in Symantec's very own antivirus scanning engine. There have been seven exploits for seven different vulnerabilities from Spybot.acyr that were found in Microsoft Windows and in Symantec's antivirus application. The vulnerability has been around since May 2006, and customers that have updated their applications since then will remain unaffected. Symantec is monitoring a spike in traffic recently with activity mainly lying in .edu domains. Symantec is asking that all customers update their products to the latest available security updates to prevent against any possible attacks.

Since I'm a card-carrying Google Reader convert, I've been loosely following the discussions in its Google Group. I'm constantly impressed with how active some of their engineers like Chris and Mihai are in the conversation, and just the other day they announced some small but much-requested updates and bug fixes to Reader, including:

• First and foremost: An "Add to folder" menu after using the subscribe bookmarklet, the Firefox 2.0 subscribe button and the "Add to Google" button
• The "Feed actions..." menu lets you rename the feed and change its folders
• Some IE 7 display bugs have been fixed
• Some IE 6 display bugs have been fixed
• OPML import should be more tolerant of invalid characters
• The filtering that can be done in the settings page now handles multiple terms (separate them with spaces)
• The settings page should display faster when you have lots of subscriptions

Nothing major, though that 'Add to folder' button is a God-send (Google-send?) for adding new subscriptions and easily filing them away without breaking one's workflow.

Microsoft is always under attack. This time around it's Powerpoint, again. Just a few days after patching bugs, PowerPoint was hit again. A Microsoft Security Program Manager was made aware of a proof of concept code that was affecting Microsoft Office 2003 PowerPoint, as well as PowerPoint 2000, and PowerPoint 2002. This hole allows for hackers to potentially execute code on a user's computer by the user opening a hacked PowerPoint file. A good idea would be to keep checking in with Microsoft, to see if a fix has been integrated by the Microsoft Security Response Alliance.

If your software or web design project is struggling through the fog, let Porchlight show you and your team the way. This web-based project management and bug tracking service offers user-specific milestone and project tracking, so members of your team only need to see the tasks that matter to them. Email updates and RSS feeds for projects, as well as a subscribe-able calendar for upcoming milestones are but a few of the appealing features for this project management app targeted towards software and web nerds alike. Check out more screenshots after the bump, try out the service for free or check out Porchlight's pricing to see if a plan fits your needs.

Mozilla has released a security update to Firefox, version 1.5.0.5. TechWeb is reporting that this update fixes 13 vulnerabilities, including 8 that have been deemed critical by Mozilla. For those keeping score: all 8 of these critical bugs are errors or vulnerabilities that have been found in JavaScript.

Firefox 1.5.x should automatically download this update, but users can still manually obtain a copy from Mozilla's site.

One of the many Windows Vista features Microsoft is eagerly touting is its networking code, which has been re-built from the ground up and promises superior performance to XP networking. Considering all the legacy cruft in Microsoft's products, fresh new code seems like something the be happy about, but according to CNet, Symantec feels otherwise. According to the networking company, scrapping the old "tried and tested code" and writing it anew has introduced fresh vulnerabilities and instabilities which its researches have observed in beta versions of the operating system. Microsoft calls Symantec's analysis is premature and that it does not accurate reflect the maturity of the product when it finally ships.

I was sure we wouldn't see a fix for this one until May's Patch Tuesday, but Microsoft has announced that the fix for the troublesome patch released two weeks ago will be available tomorrow, April 25, halfway through its usual patch cycle. Microsoft also has a knowledgebase article on the issue which basically says "it's the fault of this old third party software" and gives a few registry tweaks if for some reason you can't wait for the patch. Plus one point for fixing it out of cycle, Microsoft. Minus two for releasing a broken patch in the first place.

Microsoft's Patch Tuesday last week meant a sigh of relief for sysadmins dreading the nasty Internet Explorer vulnerability discovered last month, but any relief was short-lived as the round of patches has apparently led to a plague of bugs and incompatibilities. Last week's patches are causing "causing system hangs, Windows crashes and the appearance of strange dialog boxes" and interfering with apps from Google, HP, and even Microsoft's own Windows Media Player. One company is also saying that the new Internet Explorer plugin behavior resulting from Microsoft's patent dispute with Eolas is causing problems for enterprise customers, who are having to click several times to use ActiveX controls. As usual, none of these problems will be fixed until the second Tuesday of next month.

Slashdot's interviews are always most interesting when they're with unexpected subjects, like Mike Nash, Microsoft's VP of Security, and the guy at whom about half of Slashdot's endless parade of anti-Microsoft jokes are indirectly aimed. It's a decent interview, and Nash's answers are fairly canded and relatively free of PR-speak. He retreads the same ground a couple of times, though, and the essence of his message is: Microsoft is really serious about security now, and Windows Vista is going to be super. The most interesting question is #9, in which an anonymous Microsoft employee goes on record to say that the company's security processes really consist of disinterested developers going through the motions and catching perhaps only 10% of security issues. Unfortunately, Nash chooses to pretty much dodge this question, which could be as telling as any actual answer he might've given. However, his answers concerning spyware and adminstrator privileges in Vista are fairly interesting.