Yesterday, Microsoft capitulated and started publishing changelogs and release information for Windows 10 patches. While the changelogs are severely abbreviated -- for example, the log for 10596.104, a 490MB download, lists only a dozen fixed issues -- they portend a great improvement in Windows transparency. The Powers That Be deserve a big thank you for tackling the oversight rated No. 1 on my list of 10 hurdles to Windows 10 adoption, a practice that's drawn complaints from many corners.
Now it's time to take on the second fundamental problem with Windows 10. Microsoft needs to separate its monolithic Win10 patches into (at least) three buckets. We need separate patches for security updates, for nonsecurity updates/bug fixes, and for "optional" patches, such as drivers and minor feature improvements.
To explain why the patches need to come out in separate buckets, I'd like to step you through what happened last month with the Windows 7/8.1 patch KB 3102429. That patch added the Azerbaijani Manat and Georgian Lari currency symbols to the list of "valid" currency symbols. To understand the not-yet-learned lesson and its importance for Windows 10, look at how the patch progressed.
Microsoft released the patch as an optional "nonsecurity content" update on Nov. 17, 2015. It turned into a recommended patch on Dec. 8. Although it took a week or two for complaints to surface, Windows 7 and 8.1 customers figured out that installing the patch broke Crystal Reports 9 and 10's "export as PDF" capability. Programs created with Visual Studio 2008 and 2010 also froze when they tried to use Crystal Reports.
Microsoft yanked the patch.
On or about Jan. 20, 2016, Microsoft re-released the patch, and it seems to be working fine right now.
That's what happened with a Win7/8.1 patch last month. Try to imagine how that same sequence would play out as a Windows 10 patch.
In the Windows 10 world, all of the patches arrive in one undifferentiated lump. The Azerbaijani Manat and Georgian Lari would make an appearance as a tiny part of a large cumulative update. Admins (and individuals) who follow such details would discover that this big cumulative update breaks Crystal Reports. Those in the know would have two options: Install the CU and gut Crystal Reports and any VS 2008/2010 programs that use Crystal Reports; or wait for Microsoft to come up with its next CU. There's no middle ground.
If you're sufficiently sneaky or you have an update server, you can hold off on installing the patch. But if there's an important security patch buried in the CU mix, what's the admin -- or the individual -- to do?
I understand why Microsoft's moved to cumulative updates. Hey, I've tried installing Windows 7 from scratch a couple of times in the past week, and downloading hundreds of KBs to patch and patch and patch again gets really old, really fast. I feel your pain. But as long as the cumulative updates mash together security patches, bug fixes, and Azerbaijani Manat into an undifferentiated mess, we don't stand a chance at managing our machines.
As long as Windows 10 patches don't break anything, we're fine. But as soon as a major piece of software gets knocked out by part of a cumulative update, we're all going to wish that Microsoft had given us an escape route.