Ballmer on Windows Server 2003, Linux

no_demons writes "Microsoft's CEO, Steve Ballmer, has given an interview to CNet about Windows Server 2003 and Linux. He claims that 'our customers have seen a lot more innovation from us than they have seen from that [open-source] community'. Discuss." Also in the news: two critical security vulnerabilities (MS03-014, MS03-015), and this piece about Windows 2003 mentioning that Microsoft is trying to develop a command-line only server.

Microsoft's endemic security failure.

[NZheretic]

The endemic failure of Microsoft toward the security of it's own products, services and customers is reason enough to bring the use of Windows2003 server in mission-critical tasks into question.

For example, Microsoft was notified of the issues, concerning only Microsoft implementation of its JVM, on September 2nd 2002 and after SEVEN MONTHS on April 9th 2003, Microsoft have issued an update to fix the problem.

Such a delay with such a serious vulnerability is so abysmal that it borders on the absurd.

Quality and security are measures which only mean something when compared relatively to another.

There is no absolutely secure, therefore you must expect, that once a vulnerability is made known to the vendor, the vendor should do their utmost to close the Window of Exposure ( http://www.counterpane.com/window.html ) as soon as possible.

For example, with the lastest SAMBA vulnerability, once notified, the SAMBA developer owned up to the mistake and the SAMBA project released a patch within 48 hours. Within aother 24hrs, redhat had already backported the patch into their distributions RPMs. Similarly any major security issues in Mozilla and Netscape browser are also fixed and updateable within a couple of days

Meanwhile, there are currently 13 KNOWN unpatched vulnerabilities in Microsoft's Internet Explorer ( http://www.pivx.com/larholm/unpatched/ ).
Some DANGEROUSLY EXPLOITABLE had not been fixed in over a year ( http://security.greymagic.com/adv/gm002-ie/ ). That Microsoft has not rewritten the scripting system embedded with IE so that it is sandboxed by default is bad enough, but to have such major unpatched vulnerabilities exposed for months is abysmal.

Other inherent vulnerabilities, such as the Shatter attack ( http://security.tombom.co.uk/moreshatter.html ), Microsoft has known about since 1994!

Even if the API/call flaw is inherently unfixable, that is plenty of time for Microsoft to implement a safer methord/systemcall/API, adapt it's own applications to use the safer methord and depreciate the unsafe API.

It also appears that Microsoft 's own implementation of SMB is vulnerable and Microsoft has known about it for over eight years ( http://developers.slashdot.org/comments.pl?sid=599 60&cid=5681769 ), but Microsoft either choose not to, or cannot fix the problem themselves.

Microsoft is clearly not closing the vulnerabilities they are aware that exist in their products and services.

A year after after Bill Gate's Email promoting securtiy over functionality, Microsoft by choice, remains neither secure or trustworthy.

Microsoft's attitude towards the security of it's products, service and customers is abysmal.

From Jason Coombs' A response to Bruce Schneier on MS patch management and Sapphire ( http://www.securityfocus.com/archive/1/315158 )

Microsoft Baseline Security Analyzer (MBSA) and Microsoft's version of HFNetChk both failed to detect the presence of the well-known vulnerability in SQL Server exploited by Sapphire, which is one of the reasons so many admins (both inside and outside MS) had failed to install the necessary hotfix. MBSA and HFNetChk are Microsoft's official patch status verification tools meant to be used by all owners of Windows server boxes ...

...In addition to designing MBSA to avoid scanning for SQL Server vulnerabilities, failing to update mssecure.xml reliably and in a timely manner, deprecating HFNetChk by pushing the MBSA GUI as its preferred replacement, and hiding the details of the technical limitation

Amusing misunderstanding

[rcw-work]

From the article:

We'll be able to patch probably two thirds of the components without shutting the system down. That's an area where the Unix guys are ahead of us, because of the way they do redirection -- they can patch a file and then change the symbolic link. That's an area where we've got a problem, and we'll fix it in the near future when possible.

You can patch a file in use on UNIX without shutting down because you can delete an open file and the applications will still be able to map/read/write to that inode, which will magically disappear when the last application closes it.

Example:

• Application starts using libc.so.
  
• Admin runs mv libc.so-new libc.so.
  
• Application continues to use the old libc.so, which now has no filename.
  
• Application exits.
  
• Kernel marks the inode that the old libc.so was using as free.
  

Symlinks are cool, and it would have been nice if Microsoft implemented Shortcuts at the file system level, but they aren't what save us from rebooting.

Re:He has a funny idea of "Innovation."

[binaryDigit]

That's 10 years old, except, wait! The internals of Windows NT are based on VMS

NT is NOT "based" on VMS. David Cutler lead the design of both and they are sure to share similarities because of it, but one is not BASED on the other and to say that NT is some "clone" of VMS is flat wrong.

BTW--Linux is not a clone of the original 20 year-old OS. It's a MODERN Unix clone. It's based on POSIX standards which is actually quite a bit newer.

But to choose to stop your own logic with this one. POSIX is based on trying to unite SystemV with BSD! Not only that but POSIX itself was started up around 1985, still almost 20 years ago.

Re:No wonder

[Mr.Intel]

Communism REQUIRES a transitional facist period where a central state stricly *controls everything* This is to re-educate the working class and to ensure there will not be any corruption.

Wrong. Cummunism is the result of a cycle beginning with Fuedalism. Then capitalism, socialism and finally communism. At least that is what Marx and Engel wrote in their manifesto. Capitalism is the state of economic affairs where there is two classes (proletariat and bourgeoisie) and the people are detached from the government. Socialism combines the two classes but leaves the government seperated from the people. Ideally, communism would have the state dissapear completely because the people would not need any centralized control (they are obviously happy according to Marx).

For the record, Fascism is when the state controls the means of distribution, socialism is where the state controls the means of production.

In this case Microsoft, the convicted monopolist, is closer to the central state than the any of the GPL hordes. [conspiracy] I even think that the GPL will ensure that, once Microsoft does control everything, the transition from central control to responsible individual control will be forced to occur where it failed in the past. [/conspiracy] Still, this is more anarchism or libertarian than communist as history defines it.

Microsoft is the epitome of capitalism turning into socialism. As Microsoft completes its domination of the software market, it will control the means of production. Since the people have no purchasing choice, they are controlled. Open Source is, as the parent poster points out, close to ideal communism. Communism as a model is too flawed for practical use because it is the nature of man to be selfish. Hobbes and Machiavelli trumps Marx and Sir Thomas More every time.

Also, motivation [to] do what you want vs. money earned to do what you hate is far more of an incentive for most.

Motivation is important, but motivation to survive is supreme. I would rather code for Microsoft and feed my kids than code for free and enjoy it!

Wait, what does MS innovate???

[Q-Cat5]

Okay, maybe I'm just missing the big pic here, but what exactly has MS innovated again? (Apart from massively restricitive licensing, anti-competitive "bundling", etc.) From what I can see:

MS has a GUI. Apple and Xerox did it first.
MS has multi-tasking. OS/2 had it before MS did, and many OS's did/do it better even after MS finally got around to it.
MS has Word. WordPerfect, among others, did it first.
MS has Excel. Anyone heard of Lotus 1-2-3? Or VisiCalc?
MS has IE. Netscape, Mosaic, et al. all came first.
MS has Outlook, and I know for a fact I got e-mail on various clients long before Outlook was a glint in the e-postman's eye.
MS has "Age of Empire". Microprose already did Civilization.
MS has X-Box. Sony and Nintendo already had products in this area.
MS Money is a Quicken clone.
Visio was already Visio before MS purchased them.
MS NetMeeting was innovated by another company (Databeam) and purchased by MS.
MSN Instant Messenger comes from IRC by way of AIM and ICQ.
For that matter, MSN is basicaly a value-added ISP, essentially AOL with butterflies.
Windows NT was really IBM's OS/2 technology for the most part.
DOS was purchased, and was, in any case, basically CP/M.
Windows post 95(b) provides Internet Access via TCP/IP, but they were probably the last player to enter that game.
Media Player is basically just RealPlayer.

Someone please enlighten me . . . apart from legal and marketting ploys, what has MS actually innovated? What technology did they come up with themselves? (As opposed to either buying someone else's tech and rebranding it, or cloning someone else's idea.) So far, only ones I see as possibles are MS Project and MS PowerPoint, but I have a feeling that these are purchased technology also. (I seem to recall reading as much, but can't find the reference at the moment.)

Any MS apologists care to give us a list of MS innovations?