Slashdot Mirror
Interview of the Windows XP SP2 Dev Team
Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.
Hey,
To the guy who modded OT - RTFA please. The head of the SP2 project is called Todd Wanke. Deedpoll is the method by which one can legally change their name (in the UK at least).
Gamers Europe - Gaming News. Reviews.
We can have security OR compatability. We can have low prices OR product quality... etc..
Bullshit. You can have both. The visionary companies described in this book DO get both, because they live by what the book describes "Genius of the 'AND'". You CAN have it both ways - it just takes hard work, dediction, and thinking outside of the box.
Microsofts lamentations will eventually get them beat. As good as they think they are, there is always someone better - with the visionary attitudes described in this book - that will eventually beat them in the long run.
I'm confident that as a community, OSS will be able to embrace the Genius of the AND in this situation, and get security along with usability. It just takes time.
Berto
There's no reason that "nifty stock quotes" couldn't be delivered in plain HTML. If you need to use something insecure like ActiveX to view them, that is because MS has put so much effort into promoting "features" instead of "security".
If MS were serious about security and simply removed ActiveX from their browser and stopped supporting it, pretty soon the web sites that use it would get re-written to use something more sensible.
Hmmm...they just bought virtual pc. Think that might be a step in that direction?
The firewall should be blocking remote computer from accessing open ports, not localhost from accessing its own ports. When your firewall just blocks all packets instead of using a common-sense rule (allowing all packets from localhost), it causes problems that it shouldn't.
IIRC, the original XP firewall blocked remote access attempts. I want to know exactly which applications on my machine are trying to access the internet and I want to know what they are sending which is percisely why I use a software firewall on XP in addition to my router.
Not everything is analogous to cars. Car analogies rarely work.
It would be awfully nice if the editors marked erroneous stories as erronious, though, wouldn't it?
(For the lazy among you, Secunia can't ever repro these on a fully patch SP1 system, to say nothing of an SP2 system.)
The largest item that bites Microsoft is that they started as a single user system. Many microsoft apps are designed with the assumption that they have total crontrol of the sytem and can do things like write whereever on the drive they want. Want an example? Try installing Winamp on windows 2000 and then try running it as anything other than an administrator equivelant account. It crashes! Multi user systems(*BSD, Linux, OSX), on the other hand, are designed from the ground up with access control in mind. There are well defined places for non admin users to put things and the application developers know they must design for this or simply have their application not work. Microsoft is now stuck trying to retrain application developers to do things the new improved way and unfortunatly there is a lot of inertia to overcome in the process.
Sorry to rain on your parade, but do you think when Linux programs use the syscall interface (int $80), that it's not in ring 0 on x86 architecture?
Or magically, on MacOS X on the PowerPC, drivers running stuff are running in userland? The Mach-FreeBSD port (darwin) runs drivers in the kernel space, and they are free to overwrite any physical or logical memory address, just as on every other operating system ... with the possible exception of Hurd or the original Mach.
From the I/O Kit Device Driver stuff:
If your software is a driver for a disk, a network controller, or a keyboard, it should reside in the kernel.
I'd say that a video card has to be in that category as well, despite the I/O Kit being able to do many things in user land. Quartz simply demands the 3D card to be accessible in kernel land as the transition time is too high for a userland process.
NT has a similar mechanim to the I/O Kit's high level framework, but instead of being OO, it's inherited from VMS and is called deferred procedure calls, where time critical things like interrupt service routines handle the low level stuff like dequeuing buffers before handing the major work to a Win32 service. Serial and USB drivers work like this, for example.
At least in MS-land, the driver certification test suite can torture test the driver to all sorts of corner cases. It takes a fair amount of effort to get a driver properly certified for XP or 2003, but once done, I've never (in 13 years!) seen a certified driver blue screen a box.
I've looked after hundreds of servers and thousands of desktops since 1995 when I first deployed NT (rather than just for my personal use). I forced the issue of certified drivers for desktops in one build of our SOE, and it dropped help desk calls a bit as the machines simply didn't crash any more.
So basically, both Apple and Microsoft made a design decision to speed the performance of their operating systems. Linux is still in the dark ages - all device drivers ... except for portions of USB ... are kernel space on every architecture and Linux has no driver test suite.
I know this stuff because if you look through the XFree86 credits for the Matrix Millennium drivers, you'll see my name.
Please research before posting.
Andrew van der Stock
The NT core has always been multi-user. The Win32 subsystem server has been multi-user since NT 3.51, although you needed 3rd party Citrix to really take advantage of it with remote GUI sessions. NT4 TS had the first Microsoft provided multi-user access to GUI sessions on the Win32 server. The stuff like session namespaces had to be added to work around all the apps that were not multiuser aware.
The only thing that TS and Citrix provide are remote GUI sessions. NT has always been able to service multiple users on other protocols such as Telnet or SSH or X-Windows or filesharing.
I'm not aware of any kludges that Citrix had to use. Care to name any specific ones? NT 3.51, the earliest version Citrix supports, already has window station and desktop objects to divide USER into different sessions. Each window station has a keyboard, mouse, clipboard, a set of global atoms, and a set of desktops. Each desktop contains a display surface, windows, menus and hooks. Both objects have ACLs that control security, i.e. you need access to the desktop object before you can send messages to the windows contained inside of it. Citrix and TS don't provide these objects; NT already has them, since 3.51. They create window stations that connect to non-console devices with the RDP protocol drivers; there's two for the display: rdpcdd.sys and rdpdd.dll, one for keyb and mouse: termdd.sys, one misc redirector: rdpdr.sys. These are just normal video and input drivers, except they have to be connected to a session manually since they do not serve physical devices. The functions to connect a window station to custom devices are undocumented, but the OS itself was only missing the protocol and front-end.
"No Execute" is also called "Data Execution Prevention" now. Basically it is a way to mark pages in memory as locations for data only, and not some places that executable code can be put. If you try to execute code from one of these pages -boom-.
Here is one of the microsoft.com pages on DEP: DEP info