Service Pack 1 for Windows Server 2003

mithridate writes "Microsoft has posted the Windows 2003 Service Pack 1 Release Candidate. eWeek has a short review of the service pack. My favorite quote from the article is, 'The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers..."

Looks like they are starting to understand?

...Security. Oh god, that -1 for me!

damned if you do...

[SoupGuru]

... and damned if you don't.

Flame Microsoft

You guys flame them for not caring about security, then they take an proactive stance on security which causes a few inconviences and then you bitch about that.

Catch-22

[rackhamh]

So a bunch of people wrote applications that take advantage of lax security in Windows server environments.

Now Microsoft is saying they won't be so lax anymore, so the applications need to change.

Microsoft is basically damned-if-they-do, damned-if-they-don't. If they don't patch the flaws, they're bad for providing an unsecured environment. If they do patch the flaws, they're bad for breaking existing applications.

I for one fail to see how this is a bad thing... OSes evolve, and applications have to keep up. That's why manufacturers provide separate drivers and software versions for different OS versions, isn't it?

Re:Catch-22

[Spad]

Take a look at the list on the MS website of apps that are broken by SP2.

Microsoft have more applications on there than any other single vendor.

Re:Catch-22

[Matje]

Take a look at the list on the MS website of apps that are broken by SP2.

Microsoft have more applications on there than any other single vendor.

do you think this might be because no one else bothered to have their app tested by microsoft?

Re:Catch-22

[damiam]

Right, but you'd think they could fix their own software to work with their own OS.

Re:Catch-22

[obeythefist]

Ugh, if you actually read the background material, you would notice that SP2 doesn't break anything. It's a list of apps that don't work when you run an unconfigured firewall, for the most part.

Why on earth is it Microsoft's fault that they're telling their users which applications may be affected because in SP2 they're activating a firewall in an attempt to remedy some of the poor security practices they've used in the past?

I think some recognition for a company moving in the right direction wouldn't go astray every now and then, instead of jumping down MS's throat every time they make a move.

Re:Catch-22

[obeythefist]

I don't believe I mentioned BSD or Linux or Jaguar or any other OS or company apart from Microsoft.

I'm not sure what you mean however with regards to "fixing and breaking things more often". Microsoft patches are quite strenuously tested, so they are very slow to arrive (not more often, less often) Very few if any MS patches break third party software. Compare this to the complexity of handling Linux dependencies. I am sure if you upgrade some components of Linux and replace dependencies, you might find a lot of things suddenly stop working. Microsoft isn't really responsible for making third party software work on their OS... are you holding MS accountable for the work of Adobe? Or for the work of nameless shareware developers? Is it not their responsibility to fix the software if they write applications that work outside of Microsoft's preferred APIs?

My experience with Linux dependencies on a couple of different distros have been nothing like your example. Many different applications just don't work on Linux without downloading and installing very specific packages to handle dependencies... so much so that people need to write software purely to handle dependencies. For some reason.. when I install software on a windows box, I double-click an exe file and it works. I don't even need to see the word "dependency". I'm not trying to say one method is better than the other. But what I am saying is that Microsoft have decided to take this path and as a result they have to be very precise with the fixes and patches they apply to their OS.

The unified patching for debian and redhat really makes it easy on the user when you can run a single command to update EVERYTHING in your system.

Shame that isn't available on every Linux distro. With every current version of Windows, I can go to a website called "Windowsupdate.com" and click a single button to update EVERYTHING in my system. And you know what? I don't have to go looking anywhere but microsoft.com for fixes for Windows.

Windows XP SP2 hasn't broken any drivers that I know of, unless they are drivers that for some reason need a hole in the firewall and I suddenly forget how to configure a firewall. Of course I can simply uninstall the service pack if that does ever happen (it doesn't, RTFA please).

So basicly the windows way is bad and painful to use. and the linux was is nice and easy for once

You haven't demonstrated this. Please explain with consise examples of what you mean. Providing a questionable statement without decent supporting arguments is hardly compelling, although on Slashdot people will believe you because "Linux good, Windows baaaaaad".

Microsoft have made the best business decision possible in terms of advancing the security of their platform at the minor cost of a few applications that (again, RTFA because you don't seem to have noticed this) don't work when a firewall blocks them. This is applicable to Linux. Firefox on Linux is *broken* when you install a firewall and block port 80. By your arguments, Linux is therefore "fucked if they do and fucked if they don't" because if you install a firewall the "API is so hacked together to keep everything working" and this somehow has something to do with applying a default-on firewall to the OS. Linux users are purportedly more open minded and understanding of basic OS principles. Why am I constantly meeting Linux advocates who are so more closed minded than the average AOL toting Windows user?

People are bitching at microsoft for no real reason in this case. An unconfigured firewall breaks a few applications that need ports opened, and for some reason, as my parent post said, Linux advocates believe this is a flaw in Windows XP and put the blame squarely on Microsoft.

Explain yourself clearly, concisely, or put your PC back in the box and send it to your OEM. Computer license revoked by the Darwin Internet Preservation Act.

Running Win Server 2k3 as a Workstation

[mr.henry]

Love Windows 2000 and don't want to bother with XP? You can always run Windows Server 2003 as a workstation with this guide.

Re:Running Win Server 2k3 as a Workstation

[Foolhardy]

Er, you know that XP is closer to 2003 than 2000 is. Server 2003 is based on XP; they took the XP code base, re-added the 2000 server stuff and made some updates.
2000 is NT 5.0
XP is NT 5.1
2003 is NT 5.2

Re:Running Win Server 2k3 as a Workstation

[Blakey+Rat]

There's this wide belief that Windows 2000 is better than Windows XP because it's more simple... i.e. less background services, less eye candy, runs faster.

The fact is that XP, once configured close to Windows 2000's defaults, is actually quite a bit faster than Windows 2000, uses the same amount of memory, and still has all the features built-into XP. (Like Remote Desktop, System Restore, more advanced IE.)

In my opinion, there is absolutely no reason to still be using Windows 2000 with Windows XP available. Grab XP, spend an hour customizing it, and you can make it basically a clone of 2000 but with more features.

Re:Running Win Server 2k3 as a Workstation

[nordicfrost]

Well, she must have been seen as an asset, as she apparently was offered a 25% raise over two years time for not leaving MS sales. She now has a job for a local company in another own, her home town. They moved after not enjoying the capital too much. But she apparently misses MS and they want her back, says the GF's friend (talked to her on MSN...)

Also, it seems that the MS sales persons are truly out of it some chatting with others in the development business now revealed another story about a lame MS attempt to sell in solutions. They were offered lunch to hear out the offer from the sales person. They listened politely to the sales chat and then confronted the guy with such questions as mean uptime, compability with older equipment etc. He couldn't answer it, and was finally asked: Why should we replace the Linux domain servers, firewall and file servers with your products? The reply was "Well, the TCO of Windows Server is lower" at which point F burst out in laughter at the restaurant. He replied "You want us to pay XXX money for replacing the software, which by the way requires XXX in hardware upgrades. All this to replace free software legacy systems that had 0 downtime over two years?" at that point they said 'thanks for the lunch, you're paying.' and left.

The sales droid got a bit upset and tried to mention something about Linux being more expensive to maintain, and he replied that they could easily afford the two days of onsite tech for maintanence a year and how many times a year would they require someone to look at the Windows systems?

Service Pack vs Version

[ferreth]

Is it just me or are others pissed off that M$ has taken the term "Service Pack" and stretched it way beyond it's intended meaning?

A Service Pack should fix bugs, provide MINOR enhancements, and performance tweaks. Anything more is a version change.

Hell, I would be perfectly happy to see the term "Service Pack" disapear entirely to be replaced by 0.01 releases and 0.1 for bigger changes, like most of the rest of the world does. At least that terminology has meaning to me.

Re:Service Pack vs Version

[Schnapple]

Would you prefer to have Windows Server 2004 or 2005 come out and be charged for this?

Re:Service Pack vs Version

[E-Rock]

Exactly, Apple releases a new version that fixes the things they half-assed in the prior version of X and they expect you to pay $129.

Re:Service Pack vs Version

[typhoonius]

I think you're missing the point.

What the grandparent means is that bug-fixing Service Packs and feature-adding upgrades should be kept separate so you can grab the bug fixes without worrying about the new features breaking shit. Both would ideally be free.

Hell, look at Apache; they're still updating the 1.3.x line just for security and using the 2.0.x branch for adding new features (which break a fair number of old things). If your site is already running 1.3.x reliably, you don't want to shake it up for no reason--servers are supposed to be reliable, not flashy--but you want the latest security patches. So you can keep grabbing the 1.3.x updates.

With Windows, you don't have the choice; you pick the devil you know or the devil you don't. Everyone says Microsoft is damned if they do or damned if they don't with the Service Packs, and it seems like their customers are in the same position.

A cheaper solution...

[TWX]

...would be to just firewall every Windows machine behind a Linux box or BSD box and use port forwarding or some other restrictive routing scheme. Even if the hardware to isolate a gigabit's worth of bandwidth ran $1,000, it'd probably still save the company money compared to the man hours required to fix custom software, test it, and install it.

Microsoft Pre-judged?

[Staplerh]

I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...

This is a little predjudicial. You may have some historical examples to draw upon, but we should cut Microsoft some slack. If they didn't release this, people would complain, and when they do, people complain. If Microsoft is willing to admit that the "the improvements are important enough that applications should be changed to accommodate them", then perhaps they are right. It's doubtful that Microsoft is going to cause this much of a hassle unless it was for a good reason - ultimately, it would be easier for them to forgo this. Perhaps it is initial flaws, but how could they get it all right on the very first release?

I know I sound like some sort of Microsoft 'fanboy', but I'm just trying to present a devil's advocate view against the Slashdot bias against Microsoft.

Windows Firewall

[Ghostgate]

TFA says they have added the same Windows Firewall as XPSP2. However, this is one issue that I can't see being NEARLY as big of a deal as it was for XP. XP has a much bigger percentage of novice users, many of whom had never even heard of a firewall until SP2. Win 2003 is, in general, used by people who would be aware of how to deal with such things and how to troubleshoot any problems that might occur.

Re:Win2k & Server 2k3

[NotoriousQ]

I would not call XP unstable, but it is now suffering from what linux users have suffered for too long: bad hardware / drivers.

If I put cheap memory into the machine - I should expect it to crash. If I run bad drivers - I should expect it to crash.

I do not believe that 2000 is that much more stable than XP. 2003 I do not know, but I guess all of these have the same level of stability, however XP goes on to more computers made out of crap, and therefore it craps out more.

Windows9x was crappy because it did not implement correct separation of processes from each other and from the kernel.

Re:damn.

"The company argues that the improvements are important enough that applications should be changed to accommodate them.' I know I still have not installed SP2 because of the problems it causes with SQL Server, I can't wait to see what kind of havoc it causes on the servers...""

You know for an editor of slashdot, you should really do some research.

If you use the latest service pack for SQL server, XP service pack 2 works fine. The same thing goes for running SQL 2k on Windows 2003. Maybe if you kept up with the current application service releases you would not have problems with the OS ones. :)

I could bitch and whine about vi, gnome, or anything else and I would told to upgrade to the latest revision. Why should you not do so on SQL?

Come on.

[BoldAC]

I am much of an anti-Microsoft person as anybody...

But, guys... this is a release candidate. It designed to test out in your test environment... Even the evil overlords say:

We advise against installing and evaluating beta software on any production computers.

When they don't fix the problems we find before they release the final version... that's when we should start the griping. :)

Re:Windows 2003 popularity?

[ad0gg]

If your running asp.net under win2k it runs as an ISAPI process. With server2003 its runs natively in IIS, makes it a little bit more robust. Also like the security settings, especially being able to control TCP/IP down to the port level. Not sure if this also on win2k, if it is, it must be buried.

Re:Sql Server and SP2?

[njan]

Some (enterprise-grade) applications require the use of SQL Server Desktop Engine (the anti-virus vendor Sophos, for one, use this - Veritas would be an example of another).

In many instances, this doesn't react well with software on Windows server builds (again, as examples, SQL Server proper and Terminal Services both are broken by and break these two products in particular).

Especially in the ranks of middle-sized organisations which don't feel like splashing out hundreds of dollars (or more) for copies of windows server simply to run veritas and sophos, there are plenty of organisations which run 'server' software and SQL desktop engine / SQL Server on workstation builds of windows.

sorry, but what's the point of the computer?

[jxyama]

>'The company argues that the improvements are important enough that applications should be changed to accommodate them.'

so, does the PC exist to run the OS or the application? i thought the point of PC and the OS was to run the application that's useful. why does running of the application, which actually accomlishes something, must be compromise to enable the OS to run better?

i'm not arguing that OS is an important/integral part of using a PC to accomplish a task. but i feel that their philosophy is backwards. even if it's the truth, they shouldn't say it. PCs do not exist to run the OS. PCs exist to run the applications. no one cares about a PC that can run the OS perfectly if it can't run useful apps.

Re:Windows 2003 popularity?

[Malc]

If you're buying or leasing new systems, it's probably a better idea to go with Windows Server 2003 than an OS that's five years old. Sure there's good reason not to jump on the new OS bandwagon, but I think it has proven its stability. Think about it: in three years time (which could be well within the lifetime of those servers), Win2K is going to be getting very long in the tooth. Almost as long in the tooth as NT4 is now.

Anyway, all our new servers use the new OS. Obviously tested it first. It's a lot nicer to work with remotely, and is just generally better all round (shock! horror! Microsoft's marketing turned out to be true!).

Re:Win2k & Server 2k3

[Shippy]

No. Windows 3.1 was a GUI on top of DOS. The real reason why you saw so many crashes and blue screens on the Win9x line is what the grandparent post said. This is why there were "familiar" places the OS would crash. It's because another app or driver would consistently write to that location and, since the separation wasn't there, blue screen the box.

Re:Win2k & Server 2k3

[freakmn]

I haven't seen actual statistics on XP, but I'd say it's at least as stable as W2k with SP6.

Perhaps that has something to do with the fact that Windows 2000 only has service pack 4. This "Service Pack 6" may be some ill-meaning program, sounding like it is helpful, like an internet speeder or something.

I know you just mistyped, and I'm being a real jerk. I understand why that mistake may be made. First, NT, which 2000 is upgraded from, is on version 6a. Internet Explorer, the default browser on 2000, is also at version 6 something. Same with outlook express, default mail application. WAIT! 3 programs all at version 6? That's 666. MICROSOFT IS THE ROOT OF ALL EVIL

CARRIER LOST

Re:Win2k & Server 2k3

[flosofl]

All the consumer-level (read: home user) products up to XP were DOS based. In other words, DOS was the framework and the GUI's were slapped on top(95 beta actually used 7.0 as a version on boot disks made with it). This includes 3.x, 95, 98, and (shudder) ME. XP Home is the first consumer-level OS from Microsoft that is NOT based on DOS - it uses the NT kernel. IIRC, MS made a BIG deal about the fact that XP home was the first non DOS-based OS for home users they've released (a goal for a LONG time).

Re:Win2k & Server 2k3

[fireman+sam]

Windows 3.1 (extended mode) took over memory management as well as DOS was real mode and Windows (ext) was Protected Mode.

Re:Win2k & Server 2k3

[MyHair]

By that logic Linux as loaded by loadlin.exe could be considered DOS based. From Win95 up I don't believe any system calls made it back to the DOS boot system (save perhaps DOS TSR programs/drivers if loaded?), but it was in memory lying dormant somewhere.

Maybe I'm being pedantic. Even if what I say is all true the Win9x line was a hybrid of 32-bit and 16-bit and switched from protected mode to real mode and back as it saw fit. (thunk compiling)

Feeding the trolls despite my better judgement

[TWX]

First off, I was doing this think called joking . Secondly, this technique isn't uncommon anyway, with things called "demilitarized zones" in network management. You build a three-segment network, one segment being the world at large (entirely untrusted from the server perspective) the next segment being the userland machines on your network (semi-trusted from the server perspective), and the third being the servers (entirely trusted). You configure which set of machines get which access privileges through the routing device (any router is a computer, just a specialized one) so that only certain things get through in certain ways. One might port forward or proxy all connections from the world but allow direct routing on a limited number of ports from the userland segment.

At work we route three MUX rings' worth of sites, about 120 sites total, 30,000 machines across the entire WAN on the scale of a city, and the traffic is being handled at the concentration point for all major servers and the outbound internet connection by... drum roll please... a Linux box. That's right, a Linux box. An Intel-based 64bit PCI machine with six gigabit cards and an extensive routing table. It's probably the most stable thing on the network, and hasn't burned out like so many of the switches and routers out in the field due to poor quality fans. It'll probably handle a bunch more traffic than we are throwing at it, too.

So, we could have spent a shitload on a switch like you so advocate, or we could have spent the $3,000 to build this computer. We chose the computer. It's definitely not 'hobbyist'.