Slashdot Mirror
More on Longhorn
An anonymous reader writes "Everything I have read concering MS's future plans: Palladium, Client/Server tie in, Office 11 breaking backward compatability, 3 year licensing plans, product activation - all leave me with a foreboding sense of the potential synergy for furthering Microsoft's goals of complete domination. Now this article tells about Longhorn's new filesystem being based on the the future Yukon server. And surprise it will only work with new hardware, which they want to be Palladium enabled. And all pitched to you under the rubric of Security & Efficency.
For years MS has been accused of only wanting
people to run MS Software. Now according to the article, 'Microsoft doesn't think computer users should have to use one program to read and write a word-processing file, another to use a spreadsheet, and a third to correspond via e-mail. Rather, the company thinks, a single program should handle it all.' One program to rule them all, one program to bind them, indeed."
Please finish your quotes.
theefer
Its called emacs ;)
Corporate computing is not some ideal world... it's all about money, money, and more money. Computers exist in the first place to save time (and therefore money).
Conversion Rate Optimisation French / English consultant
I sure hope he isn't talking about security in general, because I sincerely doubt that Palladium will yield any kind of increased security other than security for MS's bottom line. The ignorance of that statement is astounding. Even if Palladium-esque code signing does increase security the added complexity is sure to keep the security people busy for years to come.
One OS to rule them all,
;)
One Passport to find them,
One OS to bring them all,
And with the EULA bind them!
Sorry couldn't resist
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
"This could bring a higher level of security than anything we've ever seen. It will almost completely prevent the platform from being compromised."
Sounds like they will be releasing Longhorn without any networking capabilities..
Kidding aside, the idea of hiding to the final user the application layer may be a good one. If this was done openly (i.e. documenting the API that each class of applications should have and allowing administrators to switch one application with another, from a different vendor, without troubles), could be a good step to make computers easier to use.
Knowing Microsoft, however ...
Ciao
----
FB
If any company is capable of doing this right now it is Microsoft. The idea has a certain charm, it is a logical extension of components and virtual machines.
Microsoft engineers don't seem able to program their way out of a wet paper sack, let alone implement security features.
Individual programmers at MS probably have the same skill levels as those at any software company. The ad-hoc feature growth of many MS products is likely the cause of most of the security problems (and many stability problems as well).
[Set Cain on fire and steal his lute.]
The software that you're trying to run (Doom3.exe) is not compatable with current Microsoft Standards. We at Microsoft believe that one program should "Do it all", and therefore should be integrated into the Operating System's kernel.
The integrated version of Doom3.exe will appear in your kernel once the authors of said file adapt the program for use with Direct3d.
Installation of OpenGL or any software that uses OpenGL is in direct violation of your EULA. Violation of said EULA will be severely punished.
---
Thank you for using Longhorn. There are 15 days remaining until Skynet becomes self-aware. Your extra CPU-cycles are appreciated, even if required.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Since when are 'leaked rumours' (!) news, based on facts? Here we have an article which bases conclusions (!) on rumours.
Ok, not that the conclusions are then worth anything, but still some remarkable opinions are ventilated in the article, even when you take into account the conclusion-based-on-rumour factor.
For example:
"Neither Linux nor Unix ties the operating system to hardware," he said.
Come again? We're talking about a new PCI architecture here, not about a new soundcard!. And since when can I install AIX or HP-UX on ANY i386 system? Ever installed Solaris for Intel on an Intel machine you also happen to use as a workstation (f.e. with Linux on another partition?). The 'he' person definitely doesn't have a clue whatsoever about tying an OS to hardware. It's in all situations very important the OS works flawlessly with the hardware it's installed on, so yes, every OS is tied to a subset of available hardware. Big deal.
Ok, then we move on to:
"I'd like to see Microsoft act like the operating-system leader it is, not promising scores of new features or letting rumors fly but stepping forward and saying, 'We will have X, Y and Z features and not A, B and C,' " he said. "That would be leadership, especially when so many people are dependent on you."
WTF is the 'he' person to ask for this? First he throws in the rumours no-one confirmed as being true (the article clearly states MS didn't say a word about any detail concerning Longhorn) and then he wants MS to clear the sky for him about the rumours and to step forward about any featureset they'll implement in an OS which isn't even in Alpha-stadium nor a releasedate has been set.
Like Linus is going to talk about features in the 3.2 kernel, released somewhere in Q4 2004, "because so many people are dependent on you.". Sure...
Never underestimate the relief of true separation of Religion and State.
I'm all in favour of keeping a paranoid eye open to the workings or Redmond, but it might be a bit early to start declaring the closing proximity of the sky. My favourite /. quote is the one about Bill being just a monacle and a Persian cat away from being a Bond bad guy.
/. have been calling for a Be-like fs). An 'all-in-one' office application? It's an interesting challenge, but based on XML, feasable.
;)
The 'database' file system is not new (and many on
Keep in mind though, that this type of pitch is being made to the corporate IS types. Stories like this are 'leaked' to help test the waters. The money just isn't out there any more for the latest bleeding edge operating system and Office upgrades. In order to pry the dollars out of corporate boards these days, you have to show real value, and the IT types these days only know one way to count (with their socks on that is), and that is the magical phrase "TCO". You can guarantee that the M$ marketing types will be selling the reduced training costs of the one-application scheme.
Maybe though, before completely calling it a waste of code, we can judge the ideas on their technical merits and make fun of the marketing slime later? Of course, if your just interested in getting the story posted, keep the chicken little act up
My $0.05 (AUD - we don't have pennies any more)
I think Microsoft will fork itself to death.
The general rule that I see nowdays
is that people still use Microsoft
for its backwards compatability
not its new features.
Microsoft One Window(TM) is the only window you'll ever need to look through. It provides you with a view of everything in the world. Microsoft One Window(TM) knows all. Microsoft One Window(TM) shows you only what you want to see. Microsoft One Window(TM) is GOD.
I had to read this twice to realise that Enderle means that in a negative way. Dear god. The individual words make sense, but we're clearly not speaking the same language.
This just confirms that Microsoft's vision for future PC's really is nothing more than super-X-boxen, running only Microsoft apps. Or, app singular. And if there's a single app handling everything, it has to handle everything, so is there room for any third party software?
Further, given that the X-box is Microsoft branded right now, I wonder when Dell et al will start to wonder if Microsoft will be happy with trusting third parties to build their new toy. After all, it's all about trust, right? At what point will Microsoft decide - and start telling Joe Public - that a "Microsoft PC" is more trustworthy than an identical box built by Dell?
If you were blocking sigs, you wouldn't have to read this.
I think some people posting on this topic have spent too much time watching the X files. It's only an operating system guys, and, if it is as radically different to previous versions of Windows as is claimed in the article, it is going to have to compete not only with Linux and friends, but also with W2k and XP.
So if it really does offer something fundamentally new and useful that outweighs the disadvantages of DRM, people might buy new hardware and switch. If not, they won't. And even if the new OS is a runaway success, it will have to talk to W2K, XP and Un*x servers or it just won't work on the current Internet.
In other words, if things pan out as stated in the article (which is by no means certain), Windows 04 is going to have to compete without most of the advantages enjoyed by previous versions, so it should be a much more even fight between MS and OSS. And could it be that this is what has really got everyone spooked?
Virtually serving coffee
Computer: Dave, this is Billcomp2010. You haven't completed your reading of my EULA, Dave. Dave: Bill can this wait? I'm doing a spacewalk now. Computer: Sorry Dave, my program and your life support will be terminated in 20 seconds. Dave: Noooo....(runs into airlock and begins pulling memory cards and hot swap drives) Computer: What are you doing Dave? Is that a Linux CD you have there Dave? I'm afraid, Dave. Dave: Pound sand, Bill!
Hardware purchases at my company go like this....
COMPANY: Does it run linux?
VENDOR: It will soon!
COMPANY: Don't let the door hit you in the ass on the way out.
Got Code?
Dilbert is coming true. Remember the one where Dilbert is at the computer store and the saleman says something like "this computer only has 1 button and we push that for you before is leaves the factory".
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
If Microsoft is going to put everything into a single program, presumably with loadable .NET-based components for extensible functionality, why did they just spend a decade moving towards a UNIX-like multi-process operating system? The NT/XP kernel and technologies like XML are redundant and inefficient for building that kind of system.
What this tells me is that the company has no clue where they are going. Most of their technologies (NT/XP, C#/.NET, XML/SOAP, DRM, etc.) are "me-too" reactions to industry fads. And a few ideas are somewhat dated gee-whiz gearhead ideas that seem to pop up randomly out of their research organization ("database-as-filesystem", etc.). The only thing that is predictable is that Ballmer and Microsoft marketing will try to figure out how to sell that stuff to the public.
Microsoft is not the only one working on a filesystem that does (if I read the article right) what Yukon does. Vendors like Oracle are already doing something similar today. They realize that most content today exists as "unstructured" data (ie., not columns in relational database tables). They are enhancing their software to more easily handle unstructured data through the database. I actually think this can be a good thing: databases already can manage very huge amounts of data across multiple physical stores. This extends the concept to unstructure files. You can run SQL like operations against it, use enhanced indexing and search techniques, export the content easily using the built-in database access tools (WebDAV views and the like), etc. You get robust role based security, excellent logging/monitoring (which some people might think is a bad thing).
I'll use Oracle as an example because I'm more familiar with it. When you store things like PowerPoints and the like into Oracle, through their products like InterMedia you can automatically do things like search for content insides of these "opaque" files (not just look for file names in a filesystem directory), automate metadata generation (e.g., width/heigh/color depth, etc for images), transcode from one format to another, etc. At this point, most of the capabilities I've seen are "toolkit" oriented. That is, they enable developers to build apps that take advantage of them but aren't necessarily suitable for use directly by end users. I believe all of oracle.com is managed in this way, so check it out.
If Yukon is basically doing a similar thing in extending SQL Server to support unstructured content well, this could very much be a good thing in terms of functionality.
Also, don't be so quick to dismiss MS's security talk as just another way to take over the world. Obviously, these guys are very focused on market success and very focused on competition with GNU/Linux and free software. But they understand that in general security flaws have been a huge achilles heel for their products and they are doing a number of things top to bottom throughout their development process to really wring out security bugs and make more robust software. I can't reveal what most of this is due to non-disclosure, but from what I've seen MS are treating security very seriously and are focusing on the "security gap" in the same way they've focused on competitor functionality in the past.
Wait until Microsoft actually publishes what they plan to implement in Longhorn, rather than what some analysts predict the plan is...
/.]
Will due respect (perhaps) to the analysts, the article reads more like a cute marketing ploy or extreme FUD: haven't Microsoft brought out enough drivel in those areas to warrant even more coming from unofficial/non-connected sources?
I mean, please, when people are quoted as saying "Neither Linux nor Unix ties the operating system to hardware,...This could bring [for Windows] a higher level of security than anything we've ever seen. It will almost completely prevent the platform from being compromised." then exactly how much respect does the article warrant? Not only are the quotes lacking in true factual content, but the majority is damn right humourous (in the groaning sense)!
[Disclaimer: I'm ranting at the article and its content, not the fact that it was submitted to
Am I the only one who gets the image of Longhorn looking like Cartman's TrapperKeeper?
You will be assimilated ...
Karma? Karma? I don't need no stinkin' karma.
or even the medium term view. If win9x is competing with win04, what do you do? Two things:
1. Stop fixing win95 problems when they pop up (yes they do pop up, as certain as the sun rising every day). Eventually retire the OS so that users of this ancient operating system become software renegades, but first make it even more difficult to use than it was when it first came out so that there won't be much fuss when it's eventually retired.
2. Use those billions in the bank to pay a few companies to make software that requires features in newer versions of windows, i.e., not backwards-compatible with win98/ME any more. Microsoft has the money to play this waiting game, and they face no threat from the courts, so every day their influence grows. X-Files indeed- I think you're the one living in the imaginary world.
You say it's just an operating system, why have I been *forced* to use it at every job I've had since at least 1997? They are a *monopoly* and they abuse their power in ways that make life miserable for the rest of us.
microsoftword.mp3 - it doesn't care that they're not words...
Obviously, Longhorn is not going to come out as early as 2004-- the PI article is at least fair enough to quote another source who knows better than to believe the MS PR. Since the new OS is not likely to be out for another three years, this is a chance for the open source community to make its case to the public of why it should try its products.
The first case for open source will be, "You don't have to give up your old computer!" We already know that Linux and other OSs can be installed on x86 hardware; it has to be easy to install, and it has to have all the other things that people are accustomed to having on their machines. Finally, it has to have programs that are compatible with common file formats, like MS Office. With OpenOffice, that last need has largely been fulfilled, where it comes to productivity.
What would also be helpful is to pitch open source products to hardware manufacturers, as a way to sell more units. If not to the consumer market, then to the business market. Having Linux pre-installed on machines would make the transition to open source a lot easier for the enterprise. Of course, with Longhorn, the promise for the HW people is that they can sell a lot more units in the future with Longhorn. But, in the meantime, they may be struggling with machines that can only be loaded with warmed over versions of XP.
The other thing that has to happen is that people need to be made aware of what DRM really represents. If you don't like MS having admin rights on your machine (as they do with the latest SPs on Win 2k and XP), you sure as hell won't like DRM-enabling Palladium. It's about freedom, and I think a simple slogan on a T-shirt to get this home could be: "DRM=Total Information Awareness". "Trusted Computing" is just a slogan, when the count on security patches for Windows and related products this year is 65; for open source, it's closer to 10. Which do you think is more "trustworthy"?
Always look on the briight side of life! (whistle, whistle)
COM= "component object model"
Programming the COM in Python led me to the realization that most MS programs are just wrappers for the COM. Thats why its so easy, for example, to embed Visio drawings in Powerpoint, etc, etc.
BTW, with PythonWin you can access the MS COM directly without even starting a program. e.g. I've used the Excel functions to bring up a spreadsheet, fill it with data, and then save it, all without ever calling Excel.
Rob.
Comment removed based on user account deletion
chrisseaton wrote:
The research project was Millennium , from the late 1990's. What, you think Microsoft came up with "trustworthy computing" when they did that memo? Or that they started on Longhorn the day XP was released? They have been working on this scheme for a looong time. They had to build .Net just to have a distributed platform-independent development tool they controlled. They are literally betting the company on this.
Yes, but unfortunately it is Microsoft. That means bugs, like the flaw in SQL Server (on which Yukon is based) that may well have eaten some of our nuclear materials.
Even if Microsoft made it bug free for once, they are the last people on the planet I'd put in charge of a world-wide distributed network. I don't know who would be safe to have administrate the thing.
To Microsoft:
The crown is not yours.
Footsteps drum a dirge of doom
By nuclear rage!
The world's great hero,
Dreaded God and Monster King,
Millennium ends.
I have a programme on my laptop called Microsoft works, which seems to be a simplified version of what MS is planning. It has the most obnoxious, unintuitive interface that I have ever seen, cannot open MS' own Office files and has an Office 97 kind of toolbar floating across everything else that is so absolutely unuseful that I just wonder how or who managed to design something like that and get it past QA, if there is something like that in the MS sprawl.
Personally I'm not that worried about this whole Palladium thing from MS. Windows XP has chiefly been successful because of MS' hammerlock on OEMs and because it has offered true improvements in stability over previous versions ofthe OS. I use XP every day and administer a number of XP machines and it truly has improved in stability. The flipside of the XP story is that I had to think twice before migrating there because the EULA is such a piece of capitaistic, fascist greed and fear. MS shoots itself in the foot with it's attempts to control your daily life, and in this they are truly a bunch of fucked up bastards.
I think that MS' recent financial statements showing that they are totally useless and in fact worse than many dotbombs in every single division apart from Windows and Office, offer a good insight into the true source of motivation behind MS's efforts to enforce control over hardware and users: They realise full well that no one really likes them (OEM's trying to free themselves, large companies pissed off enough to migrate to Linux) and their response is to try to tighten the screws even more. Longhorn and Palladium might very well bring improved performance and stability, but like all MS products in recent years, these improvements are mainly a sugar coating to the bitter pill of MS Palladium.
It will not work. My company does not have the money to play MS games and I will migrate everything to Linux and Novell (we already use both) beofre we go with bullshit like this. Larger companies are even more conservative than we are.
The joke is that MS could gain so many new customers and much more trust (there are people who trust them?) if they spent more efforts on simply improving their products instead of trying to fuck with everybody.
Privately I use MacOSX to develop with because the core OS is open source and the Dev tools are free and I'm fucked if I'm going to pay MS $1000 here in Switzerland for Visual Studio.
I think Microsoft decided to go all the way with a full OS-Software-Hardware security solution without first asking the question "What are the sources of security problems on a computer?", to which 99% of the cases the answer would have to be (1) social engineering and (2) user's naiveness.
By Social Engineering I refer to the oldest form of hacking: convince someone to do something for you on his/her machine. No hardware, software, or operating system can protect a user from this today.
By user's naiveness I mean that most users (who naturally are not tech-savy) simply open every email attachment they get, or simply click on "yes" or "ok" on every pop up they see without first reading. Combine this with Social Engineering and I really don't see how Microsoft will stop the wave of attacks against windows machines.
The only thing I have seen so far that works to a good degree is Java's sandbox model, where in a sense every program is an island unto itself, and if it wants to communicate with other programs it needs explicit permissions or use well-document open-standards-based protocols. However even this suffers from user's naiveness sindrome.
Bottom line: Security is an EDUCATIONAL issue. Create awareness and teach people the basics of security (don't give your credit card number to ANYONE who calls you, don't open attachments from people you don't know, use an updated virus scanner, patch the latest discovered holes in your OS, use a firewall, etc), if we manage to do this (a daunting task), I think we can get MUCH farther in the security arena than instead taking all our freedom away in a completelly-controlled and restrictive environment.
My observation over time has been that Linux seems to stay about 3 or 4 years behind Windows in the area of user interaction. For example, the latest RedHat 8.0 release with KDE finally has an elusive "buttery smoothness" that I first noticed with Win2K. (Yes, I know Macs probably had it since 1932, but I don't use those.) RH8 even supports mostly point-and-click administration functionality.
The thing is, going forward from here, I don't see the incremental improvements in OSes as being very compelling. For example, I've had no reason whatsoever to use Windows XP over Win2K. This means that even if the Linux user interface remains a few years behind Windows, the difference becomes less and less important over time.
As far as a database filesystem, I think it will be like the NT security model vs UNIX. Better in theory, but too complicated for anybody to actually use effectively. In the past, the NT security permissions were usually left too loose because nobody wanted to deal with figuring out appropriate settings. Likewise, I'll bet that in the real world, the relational database filesystem will be mostly organized into a strict heirarchy just like today. The bottom line is that it won't have much value for the average user.
Everybody out there is missing the big picture; Bill Gates' goal. What Bill Gates wants is to force everyone to change the rules; he wants to be the Wilt Chamberlain of the business world. To Wilt Chamberlain the proof of his own superiority was that he forced basketball to change its rules - he was so overwhelming that he left a permanent mark on the game.
Bill Gates wants to force everyone to change the rules to deal with him and his company. Being the richest man who ever lived is not enough - like Montgomery Burns he'd "give it all up for just a little more". The little more that he wants is to be so oppressive and intrusive a part of people's lives that they are forced to change the law forever to control what he has done. He has already proven that existing monopoly laws are insufficient to keep him from doing as he pleases.
He wants to be able to answer a tech call and say: "This is Bill Gates speaking; bark like a dog - or I'll cut off your computing forever. Bark... That's a good boy." 'Trusted computing' is the last gear in the machine to allow him to do that. With trusted computing he will be able to shut down anyone at anytime; after all what power has trusted computing got except to break the machine and thus force the user to do exactly what the operating system designers want them to do? If that includes wearing a Microsoft dog collar that ties them to a particular computer - so be it.
Which one? RMS didn't write the first emacs, that was Gosling.
The slashblather today is pretty much of the form 'Microsoft is doing nothing new because it never does', followed by 'Microsoft is going to change the hardware'.
Microsoft does not have a reputation for security, but they do employ some of the top people in the business. Assuming that all those people become imbeciles the minute they move to Redmond is just a self serving slashdot dellusion.
Not so long ago the standard repost to any Microsoft post was the time a system stayed up before the blue screen of death. Funny thing, you don't hear that half so often since Windows 2000 and XP hit the stores.
Not so long ago UNIX had a lousy reputation for security. That took about five years to change as people started to deploy Kerberos and ssh to patch up some of the more eggregious holes.
Basically there are two routes the open source community can take. Route one you sit arround and congratulate each other while Microsoft goes out and eats your lunch, or you could start to look at ways to extend the security model of Linux to be competative. The execs at Apple, Wordperfect and Lotus took the first approach so you would be in good company.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
How does this initiative compare to Apple's ill-fated OpenDoc? Is microsoft trying to go the "Document-Centric" way?
I must have missed something somewhere -- when did XML become a programming language?
Has anyone here ever worked with RTF? It's a way of adding basic font, size, layout, and color information and whatnot to a text file. You can think of it as a sort of HTML-lite. It was supposed to be cross-platform too, but Microsoft produced a version of it which was so alien that no other RTF system could handle it without preprocessing.
Now Microsoft is using XML, a cross-platform, open data markup system, and using it extensively in a proprietary, closed operating system?
XML is pretty open (at least, now anyway). What's going to make Microsoft's implementation of it "special" (in that Microsoft-special way) is the internal and proprietary XSLs which read and interpret the tags to display the information on screen and in print. Other systems can read the XML documents, but to make sense of them the way Longhorn's software will requires information that Microsoft yet again won't share.
It should be possible to recreate XSLs from the structure of the XML, which would seem to make it extremely easy to reverse-engineer. In order to prevent that, Microsoft has to "extend" XML in such a way that it breaks on other systems.
I fear for the future of XML now.
You cannot truly appreciate Dilbert until you read it in the original Klingon.
Microsoft recently demonstrated how flawed reliance on signed software can be. They had a bug in an Active X control, and they released a fix for it, but since both the flawed and fixed versions were signed and trusted by Microsoft, a malicious site could push the bad version back onto somebody's computer.
Code signing establishes identity of the signer, but it does not guarantee anything beyond that. It says, "we really think this was made by Microsoft, so if you trust them, you can trust this." Palladium may extend this trust into the hardware, but it's still reliant on the assumption that whoever signed the code is doing their homework.
There are four levels of security for software in my mind:
1) Code that is from an unverified source that I cannot look at
2) Code that is from a verified source that I can look at
3) Code from an unverified source that I can look at
4) Code from a verified source that I can look at
Ultimately any code falling into category 3 or 4 can be made secure presuming that I am knolwedgeable about security and the software I'm dealing with. Category four provides the same assurances as category two, but additionally I can further insure my security by looking myself.
This sig has been temporarily disconnected or is no longer in service
Just take a little look at security focus archives, you'll see that most of the security flaws in windows come from the tight integration of web-related scripting technologies with the core of the operating system.
Read my journal. Look at Code Red and Nimda. How do you think they spread so FAST? The best-known component of those viruses is the one triggered in an email attachment. But it doesn't stop there. The virus modifies every single html document that lives in IIS's web root, including HTTP 404, 403 *and* 500 documents, by appending a javascript window.open call to a "readme.eml" document which exploits Internet Explorer flaw with handling mime types and gets it to execute some code to further infect the machine of a user who browses an infected site.
Did you read the latest security holes? The one that leverages the help dialog box "functionality". Pretty evil.
All those components are tightly integrated within microsoft's flagship operating system, and ZERO thought was put into easily enabling or disabling those features to temporarily protect users while not impairing core functionality.
As far as i'm concerned, you've gotta be a fucking suicidal retard to be using the windows operating system for anything but playing games. Granted it does, at times, serve its purpose of a mildly friendly/convenient operating system on cheap hardware, but those security holes are just too fucking evil, and you sure as fuck get what you pay for.
Oh yeah and now Palladium. So not only are we looking at an OS featuring piss-poor security, we're also looking at a totalitarian privacy-invading roadmap. i weep for computing.
heh.
fuck windows. fuck it right in the ass.
Go Apple.
Extraordinary Vacations. Exceptional Prices