Slashdot Mirror
Service Pack 1 for Windows Server 2003
mithridate writes "Microsoft has posted the Windows 2003 Service Pack 1 Release Candidate. eWeek has a short review of the service pack. My favorite quote from the article is, 'The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers..."
I am no MS fanboy -- and I will be the first to admit that Windows 95, 98, ME, and XP are unstable and crappy -- but Windows 2000 and Windows 2003 Server are both solid operating systems.
...Security. Oh god, that -1 for me!
... and damned if you don't.
What doesn't kill you only delays the inevitable
You guys flame them for not caring about security, then they take an proactive stance on security which causes a few inconviences and then you bitch about that.
So a bunch of people wrote applications that take advantage of lax security in Windows server environments.
Now Microsoft is saying they won't be so lax anymore, so the applications need to change.
Microsoft is basically damned-if-they-do, damned-if-they-don't. If they don't patch the flaws, they're bad for providing an unsecured environment. If they do patch the flaws, they're bad for breaking existing applications.
I for one fail to see how this is a bad thing... OSes evolve, and applications have to keep up. That's why manufacturers provide separate drivers and software versions for different OS versions, isn't it?
Love Windows 2000 and don't want to bother with XP? You can always run Windows Server 2003 as a workstation with this guide.
Is it just me or are others pissed off that M$ has taken the term "Service Pack" and stretched it way beyond it's intended meaning?
A Service Pack should fix bugs, provide MINOR enhancements, and performance tweaks. Anything more is a version change.
Hell, I would be perfectly happy to see the term "Service Pack" disapear entirely to be replaced by 0.01 releases and 0.1 for bigger changes, like most of the rest of the world does. At least that terminology has meaning to me.
W9x:Thanks for the make-work project Bill.
I hope that you mean this for a corporate production environment.
As for home use, you can simply upgrade, and turn off the firewall. That will allow most programs to work as before.
There are a couple of things that I believe have changed in SP2 that can affect you but are not firewall related: No more raw sockets, and a limit to how many connection can be created per second.
No reason to not install, especially if you are an IE user.
badness 10000
...would be to just firewall every Windows machine behind a Linux box or BSD box and use port forwarding or some other restrictive routing scheme. Even if the hardware to isolate a gigabit's worth of bandwidth ran $1,000, it'd probably still save the company money compared to the man hours required to fix custom software, test it, and install it.
Do not look into laser with remaining eye.
I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...
This is a little predjudicial. You may have some historical examples to draw upon, but we should cut Microsoft some slack. If they didn't release this, people would complain, and when they do, people complain. If Microsoft is willing to admit that the "the improvements are important enough that applications should be changed to accommodate them", then perhaps they are right. It's doubtful that Microsoft is going to cause this much of a hassle unless it was for a good reason - ultimately, it would be easier for them to forgo this. Perhaps it is initial flaws, but how could they get it all right on the very first release?
I know I sound like some sort of Microsoft 'fanboy', but I'm just trying to present a devil's advocate view against the Slashdot bias against Microsoft.
"There's no success like failure, and failure's no success at all."
- Bob Dylan
TFA says they have added the same Windows Firewall as XPSP2. However, this is one issue that I can't see being NEARLY as big of a deal as it was for XP. XP has a much bigger percentage of novice users, many of whom had never even heard of a firewall until SP2. Win 2003 is, in general, used by people who would be aware of how to deal with such things and how to troubleshoot any problems that might occur.
"The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...""
:)
You know for an editor of slashdot, you should really do some research.
If you use the latest service pack for SQL server, XP service pack 2 works fine. The same thing goes for running SQL 2k on Windows 2003. Maybe if you kept up with the current application service releases you would not have problems with the OS ones.
I could bitch and whine about vi, gnome, or anything else and I would told to upgrade to the latest revision. Why should you not do so on SQL?
I am much of an anti-Microsoft person as anybody...
:)
But, guys... this is a release candidate. It designed to test out in your test environment... Even the evil overlords say:
We advise against installing and evaluating beta software on any production computers.
When they don't fix the problems we find before they release the final version... that's when we should start the griping.
Interesting comment by the author about SP2. It made me think about my upgrade practices. On my Win2k servers I wait nearly 6 months before I upgrade or apply any patches. I just need to know all the bugs are out before I put it into production.
However on my linux server I love installing the latest stable builds. Maybe that is because the software tends to be of better quality?... Possibly masochism... maybe... Then again I do run Win2k server.
What could possibly go wrong?
Are that many people even using Windows Server 2003? Other than the .NET Framework that can also be bolted onto W2K, I don't know what the advantages are to running Win 2003. W2K both Pro and Server are very, very stable for us, and as far as I can tell, we have zero incentive to upgrade (if it's even a real upgrade). I personally don't know of a single person or company running Server 2003 for the same reason. W2K works just fine.
I don't respond to AC's.
Don't you realize this is Slashdot.
He had to make an idiotic comment like that to get his story in.
Anyways SQL Server runs fine on XP.
The connection limit is done directly in the TCP/IP protocol driver, tcpip.sys which makes it much harder to remove; you have to patch the binary.
Search for "Event ID 4226".
Some (enterprise-grade) applications require the use of SQL Server Desktop Engine (the anti-virus vendor Sophos, for one, use this - Veritas would be an example of another).
In many instances, this doesn't react well with software on Windows server builds (again, as examples, SQL Server proper and Terminal Services both are broken by and break these two products in particular).
Especially in the ranks of middle-sized organisations which don't feel like splashing out hundreds of dollars (or more) for copies of windows server simply to run veritas and sophos, there are plenty of organisations which run 'server' software and SQL desktop engine / SQL Server on workstation builds of windows.
I am a viral sig. Please copy me and help me spread. Thank you
so, does the PC exist to run the OS or the application? i thought the point of PC and the OS was to run the application that's useful. why does running of the application, which actually accomlishes something, must be compromise to enable the OS to run better?
i'm not arguing that OS is an important/integral part of using a PC to accomplish a task. but i feel that their philosophy is backwards. even if it's the truth, they shouldn't say it. PCs do not exist to run the OS. PCs exist to run the applications. no one cares about a PC that can run the OS perfectly if it can't run useful apps.
If programs are written properly and use all the calls and procedures they're meant to then they should work with XPSP2. SP2 did not break anything, it merely patched holes that shouldn't have been there and put an extra layer between the average user and the bits they can take out their PC with. If you use an app which utilises security holes to function, it's your lookout.
How many people can read hex if only you and dead people can read hex?
I am of the mindset that I don't touch anything Windows until Service Pack 1. At least on the server side, it's very possible. For our domain controllers at a large university on 77 Massachusetts Ave. in Cambridge, I specifically am holding off upgrading the domain to Win2k3 until SP1. I am sure many others out there are doing the same.
As for Win2k3 in general, I think it's the best Windows yet, which is still not saying much. I won't touch IIS ever, in fact we have Win2k3 systems running apache because of vendor mandates. It's stable running, but it is Windows, so I only use them to support Windows clients.
Do you see the sig? Do you have it in your sights? Why yes, Miss Moneypenny...
I'm sorry, but all of the posts mentioning catch-22 or "damned if you do, ..." are full of it.
/dev/mem and is not less secure because of it. They are basically just admitting the complete and utter failure of their previous access control. In windows \\device\physicalmemory used to be controlled via an ACL. This method is good enough for Linux, so I don't understand why this isn't good enough for Microsoft.
Basically, Microsoft is breaking a whole crapload of things that don't need to be broken. Several of these changes impact me, and I can tell you that they are not improving security by turning these features off. Actually, they are reducing security by turning these off because now every Tom, Dick, and Harry out there need to go and write their own kernel mode driver to re-implement the missing functions.
For example, in SP1, there is no longer _any_ way to access physical memory from userspace, period. This is perfectly idiotic. Linux has
Thanks for the link - so default firewall settings break SQL server's TCP/IP interface: I didn't know that.
That said, you *shouldn't* be using the TCP/IP interface pretty much ever. If your client is on the same PC you should use "(local)" which will use either named pipes or shared memory IPC; if you're accessing another PC on the same network you should use named pipes and if you *really* need remote enterprise manager across the NET you should remote desktop into the PC and run it locally. Then there's no SP2 vs SQL Server issue *at all*.
To further tighten security on new installations, the Post-setup Security Update Wizard blocks all incoming traffic until the latest updates are applied and Automatic Updates are configured.
We have our own tools to perform updates.
Why do so many people continue to use Windows when all they do is complain about it? I have installed SP2 on numerous machines and have had absolutely no problems. I like Windows for what I use it for, and for purposes where I feel that Windows is not the best choice I also run multiple linux machines.
If you don't like Windows or are just anti-microsoft, then just stop using their products. Maybe this doesn't happen because if everyone who had problems with Microsoft switched to linux or some other open source OS then they'd have nothing left to bitch about.
No one cares what your captcha was
Houston TX, USA
Could you please explain what are the "problems it causes with SQL Server"?
As someone else pointed out above, there's a KB about it: default firewall settings break SQL Server's TCP/IP interface. Which, IMO, you shouldn't use ever.
Last year I loaded a 1976 version of the PL/C (Programming Language / Cornell) compiler onto a modern IBM System 390 running zVM. And it worked, perfectly, the first time. After 27 years. Take that Microsoft ;-)
It's also a good time to look into your SLAs and get them in order. Make sure to provide a provision that the vendor has to start taking security into consideration. Have them justify why their app needs administrator privs because *I* have to justify it to my auditor. Don't let them off the hook if you can't patch. If viable, withhold payments. Communicate with peers about the level of service the vendor provides (I don't know about small businesses but in medium to large organizations it is surprising how much weight decision makers put into these informal discussions.)
This is an opprotunity not a setback folks.
I don't want knowledge. I want certainty. - Law, David Bowie
Can you disable the "phone home" feature?
--- Hot Shot City is particularly good.
Well if you are running a server you can assumedly be trusted with the simple task of configuring a proper firewall by yourself, if you do indeed need it. Besides, the Win2003 "way" is to not to run any network services at all until you tell it to.
Most .NET developers run SQLServer (along with IIS if they do ASP.net) on their local boxes. It's nice to have your own "private world" in which to work.
Not quite sure if you have ever worked on SqlServer, but it is really no big deal to port something built locally on XP to something on Windows Server 2000/2003.
The only pain in the ass is keeping the dB up-to-date - we have gotten around this by building an asp.net engine to compare the local database schema with the SQL scripts located in a SVN-controlled directory.
Linux or no Linux, the poster of the article states that (s)he still hasn't installed SP2 (which I take to mean Windows XP Service Pack 2) because of the things it messes up with SQL server. This begs the question, why are they running SQL server on a workstation? Windows XP is not an OS meant to run a server.
Just then the floating disembodied head of Colonel Sanders started yelling Everything You Know Is Wrong!-Weird Al
Development. A systems designer I know uses IIS on his Windows XP laptop to design the web-based systems for his clients, then deploys it to production web servers.
There's no place like localhost
Never heard of slipstreaming, eh? Install the patches before you install the OS.
You can also export registry hives and user profiles so you don't have to input those customizations manually for every install.
First off, I was doing this think called joking . Secondly, this technique isn't uncommon anyway, with things called "demilitarized zones" in network management. You build a three-segment network, one segment being the world at large (entirely untrusted from the server perspective) the next segment being the userland machines on your network (semi-trusted from the server perspective), and the third being the servers (entirely trusted). You configure which set of machines get which access privileges through the routing device (any router is a computer, just a specialized one) so that only certain things get through in certain ways. One might port forward or proxy all connections from the world but allow direct routing on a limited number of ports from the userland segment.
At work we route three MUX rings' worth of sites, about 120 sites total, 30,000 machines across the entire WAN on the scale of a city, and the traffic is being handled at the concentration point for all major servers and the outbound internet connection by... drum roll please... a Linux box. That's right, a Linux box. An Intel-based 64bit PCI machine with six gigabit cards and an extensive routing table. It's probably the most stable thing on the network, and hasn't burned out like so many of the switches and routers out in the field due to poor quality fans. It'll probably handle a bunch more traffic than we are throwing at it, too.
So, we could have spent a shitload on a switch like you so advocate, or we could have spent the $3,000 to build this computer. We chose the computer. It's definitely not 'hobbyist'.
Do not look into laser with remaining eye.
2. You do not recompile everything every time you update. Firstly, you might compile an application against libraries and/or kernel headers you have on your system - this depends on what the application is but generally this is very quick on modern systems. Sure kernels, Gnome, KDE, etc take a while to compile but then, you have a choice with Linux...
If you're going to argue against Linux then at least put up a valid argument that is factually correct.
Unfortunately, the vast majority of Windows users base their anti-Linux arguments purely on speculation and FUD, it's very easy to see when they've never even used what they're complaining about.
Please remember that much of the Linux user base is made up of dissatisfied ex-Windows users so the Linux community is usually much more well informed and qualified on Windows than is the case the other way around.
Please make sure you get your facts right in future.
Gentoo Linux - another day, another USE flag.
Come back and speak to us again in another 1000 days or so - by that time you'll probably come close to the record of uninterrupted service for an average UNIX server...
Gentoo Linux - another day, another USE flag.
I have to agree with Microsoft on this one. It is long past time for MS to bite the bullet and stop worrying about breaking shoddy software from the dawn of time -- stuff that never should have worked, but did because earlier OSes allowed unforgiveable sloppiness. There are a lot of app.s out there that deserve to die and be replaced by correct code.
I'm very much in favor of preserving backward compatibility for decent software, but many PeeCee products are great examples of how not to design and build software, and they should go. Now.
(Can you tell how many hundreds of hours I've lost trying to get antiproductivity software running for someone who simply *must* have it?)