Slashdot Mirror
Interview of the Windows XP SP2 Dev Team
Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.
We knew we had a bigger problem than just enabling the firewall.
Looking at the timeline, almost half of it was filled with 'fixing' Internet Explorer
Just drop IE and spend more time on the freaking OS.
I mean they took too long to release a patchset that caused problems and look, 7 or so new bugs found in CORE components [prolly been there since win98 or earlier].
;-)
Maybe if they spent less time "re-inventing the wheel" er... "innovating" they would have more time to actually write what they NEED to write more securely.
There is no reason why commercial software would have buffer overflows [at all] and specially in something like LoadImage().
In FOSS at least you can blame lack of time, review, etc. But in commercial software you're paying for the eyes and the time.
Show me a story where they agree to hold back on re-packaging the latest video/sound codec as a Windows format [hint: wmv == mpeg4 == divx for all intents and purposes] and instead decide to fix a good 10k bugs or so.
Of course I'd settle with the non-integration of MS IE, explorer.exe and MSN and the addition of a POSIX.1 emulation layer [that comes bundled]
Tom
Someday, I'll have a real sig.
"Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. ...
I agree with that, as a Windows 2003 server consumer. Although the prevailing wisdom says that browser use from a server should be minimalist at best.
But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that."
And that is the problem. It is not so much that Internet Explorer is insecure. It can be made VERY secure. But then it is very difficult to use for Joe Average User. There are tradeoffs all over the world wide web. (example: I want to be able to view these nifty stock quotes, but then my browser is open to exploits). The standards are still evolving and programmers are still adjusting towards the safest yet most robust model for all.
Have you Meta Moderated t
The people at Microsoft know what is wrong with Windows. They have a variety of reasons for not fixing it. I can't say I agree with them completely but some of them make good "business" sense. It's too bad they care more about "business" than the quality of the product itself.
When Apple did MacOSX, they basically created a "WINE" for MacOS9. Not everything was/is perfect but a great many things continue to work without problems. They didn't sit back and say "oh... we have business reasons for not overhauling the whole OS and starting over from something more secure and stable from the start."
I have said it before and I say it again: Microsoft is perfectly capable of doing exactly what Apple did: Make a new OS and make a WINE to run the old stuff until people finally migrate over. I'm not a developer but there are plenty of examples out there to show it's not impossible. I know I can't be the only person who has ever thought of it and I wonder why they haven't done this at Microsoft already? Some people here have been kind enough to put forth some reasons why Microsoft hasn't just abandoned its current Win32 model -- essentially business reasons -- so can someone offer some likely reasons why Microsoft wouldn't build a new OS and then make a WINE for backward compatibility?
I think the issue is that in the first place, doing useful convenient things for the end user securely was entirely possible. However, it's easier to do useful convenient things for the end user unsecurely. MS chose the latter in the first place, and now 500 million windows users are used to doing useful convenient things securely, MS is stuck hard.
I empathise a bit with these people working on SP2. They were handed a steaming pile of horseshit to make palatable. Maybe there's not much you can do, but that's their job and they were paid well for it. They can either completely redo things and make it so it's not a steaming pile of horseshit any more, but that'll just make the people used to nice warm comfy horseshit feel they've been ripped off, and they've had their comfy horseshit taken away from them.
Only, in the end, because they just don't know of any alternatives, thus can't imagine how much better things can be.
I know this isn't on topic, but after reading the article and seeing how difficult it was to get SP2 out the door, I wonder about their goals for Longhorn.
I keep reading how longhorn is going to have wonderful new features and things nobody knows they need. However, I think that most users just want the stuff in windows xp to work the way it should. Longhorn should be a hardened Windows XP SP2.
That might actually be the incentive for the companies that still run windows 2000 for stability to switch over. That is their market.
Consumers are going to get windows when they buy new computer. I don't care how many linspire running walmart PCs are sold, Dell and HP are selling them with windows.
Their competition is beating them on stability and ease of use, not cool groundbreaking new features. Most computer users just want the PC to be easier to use, not more complicated with new file systems and taskbars with more crap on them.
People are switching to firefox from IE mainly for the enhanced security and tabbed browsing. Okay, tabbed browsing shouldn't be too difficult to copy to IE, but security is the reason techies are putting that little fox icon on peoples' desktops.
I think they've done a good job with SP2, but I think that people just want the computer to work and are indifferent to the bells and whistles appearing in longhorn betas.
Sniggering like Bevis and Butthead at the man's name is not on-topic.
Microsoft's marketing team deserves a big fat Christmas, no holiday, bonus. What I'm most impressed with is how this string of security failures around retail versions of Windows (going back how many years) can be re-shaped as a team of scientis-like experts facing an impossible task and doing a great job. If this was any other field of business or eve pro sports, this many security breaches or failures in the core of the product line would have shaken things up for the better. Instead, the reaction is a clever marketing campaign to convince consumers the maker of the problematic and generally insecure product is a victim just like the consumer who is violated when all his or her credit card info or financial records are obtained with SpyWare. The lesson to be learned is that if you spend enough money on marketing, any perception can become a reality. www.softwareobjectz.com
http://www.softwareobjectz.com
That article offers an interesting insight into the Microsoft development process.
I know that even sizeable open-source projects can be ridden with political complications, but this article gave me a new sense of how people interact when working on big projects.
Todd Wanke seems like a good guy, but using the article as a vehicle for his sappy management practices wasn't very appealing.
Also not appealing is Jim Allchin's satanic gaze. Jesus.
Too much hype. Too much bullshit. Too many acronyms. I'm sticking to free software people.
- Microsoft's best are not able to turn off Media Player 8.
- Media Player 9 went thru a "security audit", so it must be better than 8, which has been tested by several hundred million people.
- Enabling a firewall breaks *everything*. Apparently they havent heard of a simple GUI with easily-understood checkboxes. (See IE options... for the classic counterexample).
- They somehow expect a semi self-anointed czar of security patches to gain everyone's support.
- Nowhere is it mentioned the (estimated) 45,000 uses of unsafe string functions in the source code.
Sigh^3?Microsoft spent too much time trying to tie-up market-share, instead of architecting and designing their products to help clients.
By (inadvertently) harming their clients like that, they've built a monster, and now, short of scrapping most of their IE work, there is no way they will ever deliver anything robust and secure.
Of course, they WON'T go back and do it right, both because the corporate masters won't stand for it and the fact their development teams are committed to what they've done and their disgracious vision.
So it's game over for Microsoft, who couldn't deliver on what clients really needed.
In fact, they'll survive in computing the same way Mcdonalds survives in cuisine. Some would call that a success, but few would admit to eating there.
I don't know the meaning of the word 'don't' - J
You obviously don't know the rules of software development...
Adding more programmers to an already late project makes the project even later.
No, they're all managers.
The firewall should be blocking remote computer from accessing open ports, not localhost from accessing its own ports. When your firewall just blocks all packets instead of using a common-sense rule (allowing all packets from localhost), it causes problems that it shouldn't.
Open source evolves much faster because the developers tend to screw their users on a whim. Openoffice is about to change its default file format. FreeBSD's PHP installation structure completely changed without warning for 4.3.8, breaking systems. GIMP developers recently decided to completely change the way some of their dialogs worked, on a point release no less. This pisses people off! To those programmers who think they know how to single-handedly design, write, and maintain software, please stop. You shouldn't significantly change your programs because you learned about another way to do things that is more efficient, cleaner, or will lead to better code reuse. Your users don't care about that stuff; they just want it to work correctly in a consistent manner. Yes, Microsoft changes the way Office looks and works on an almost yearly basis. This pisses people off too, but Microsoft can afford to do it. Open source will never beat them on design, innovation, or functionality. It can only beat them on price and stability. By stability I mean the "always works the same way" stability that most marketing-led commercial teams cannot provide.
/. readers, anything goes as far as OS installs. I can back up my data quickly and experiment without loss. Maybe I can learn about the new technologies that I might someday see in a stable system (SELinux). It's great that these things are being developed, but unfortunate that only the non-serious users can afford to deploy all of these new things. In a few years, perhaps things will have stabilized to the point where we can trust open source developers not to screw us over. In the mean time, they will have to rely on IT professionals with time to kill to be their users. Employees who currently use a lot of this software in business applications are certainly going to have a lot of time to kill if they aren't careful about it.
There are some reasonable people out there such as the Debian stable developers. The only bug fixes are security-related; nothing else ever changes. This is how MS tries to build their systems. Interestingly, I get the impression that Debian is a better-built system by design. It relies on standard, industry-proven software that is fundamentally secure. While there are occasional bug fixes for buffer overflows and such, users can be confident that there will be no reason to redesign the system for a long time.
The trick is to leverage the availability of new technology against the stability of existing systems, and even Debian stable achieves this to some extent due to the inherent modularity of Linux. Certainly, new and functionally different packages will have to be accepted at some point, and the security updates cannot be maintained indefinitely. The previous stable release provided security updates for about three years following its initial release. While this is lousy from an IT manager's standpoint, it's better than most Linux distributions. Slackware is probably second best, and of course Gentoo is dead last.
It's funny that you should post this. Just as people are starting to get sick of the huge costs inherent in the fast evolution of IT, you suggest that this is one of open source's advantages. Make no mistake; it is not an advantage these days. There is no way I would deploy Gentoo on an unsuspecting customer. There is no way I would deploy FC3 on an unsuspecting customer. Server environments, mind you. I will deploy the system that I can rely on to provide years of service without my having to jump through hoops to get security updates or patch software myself. "How good are you today" is the only question that people will increasingly care about.
On my own systems, as with most
You know, to be quite honest, I'm damned sick of this mindset that only a group of different races and genders is divrse. Five white men can be just as diverse as than a black, white, aisian, ect of varying genders. For the inevitable retarded people responses: I'm not saying that there should only be groups white people.
Yes, you can, but that's not so much the problem at Microsoft. The problem Microsoft has is that they designed an OS for ease of use and programming convenience, only to belatedly realize that the consequences of a lax security approach were severe. Now they have to try and shore up the security of an OS that wasn't designed for it, while retaining as much as they can of the prior attributes.
When you can design from a blank sheet of paper, it's a lot easier to have it all. Look at Apple's relative success. They weren't trying to design an OS that would be 100% compatible with virtually all the prior software. Instead, they were able to say "Here's a subset of our old API that we've decided to make work in this new world (Carbon). Apps that use Carbon should work. Older apps will probably work in what we've designed as a VM (Classic). Get with the program".
Of course, Apple had a fraction of the installed base and developers to piss off by doing that. If Microsoft decides to start over and just retain some form of Win32 compatibility layer, the chaos will make Apple's transition pale in comparison. In the long run, it would be worth it, but remember the size of the Windows installed base. That's a lot of inertia to overcome.
In general, the OSS community doesn't have these sort of problems in starting from a market share of near 0%. But with success will lie many of the same issues. So long as security is a priority from the beginning, it probably wouldn't be as bad an issue as it is for Microsoft today.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
That's the Mythical Man Month
That way, users such as he with apps such as those could still get the OS patches and work on deploying the firewall by itself.It would depend upon the specifics of those "holes" and the apps that depend upon them.
There is nothing wrong with having an app listen on an open port. Web servers do it, email servers do it, FTP servers do it, etc.
Not having a firewall should not be considered "security risks in the operating system".
I know lots of people who have turned off the firewall in XP sp2 because it stopped apps from working (VPN in particular). That doesn't sound like much of a "fix" for the "holes" in the OS.
You have the attitude of the security folks here at work, while blocking all ports at the firewall and allowing no one internet access, and giving all users limited read-only rights to their computers would create a secure environment, it makes productivity almost nothing. No matter what the OS, you must trade some security for productivity and usefulness.
One of the things I do when I run a project is I never use the word "I." Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team.
What a wanker. This is one of those guys who when he means "you" he says "we". For example - "why don't we spend the next few hours working out the bugs." - which means "why don't you bust your ass for a few hours while I go home and get some sleep.".
Of course any hardware 3d-accelerated video driver in Linux can also bring down the system, since parts of DRI and nvidia's GLX run in the kernel. The salient difference is that video drivers in NT are coded against an interface that is designed not to change. Change your kernel version, or apply the wrong patches to the kernel you're already running, and your Linux video driver might very well break, particularly if it's a binary-only driver like the ones from ATI or Nvidia.
Indeed.
Running video drivers in kernel space is not a "bad technical decision," it's a tradeoff, informed by the realizations that for end users crashing your graphics subsystem is just as bad as crashing the entire machine, video performance is pretty important, and video drivers can be made pretty reliable. It's the same tradeoff most reasonably-performing 3d-accelerated drivers make in Linux. The difference is that it works a lot better in NT, since the driver won't just break one day for no apparent reason.
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
My response was something along the lines of, wait, let me get this straight, you're complainig because an application you rely on is designed around security risks in the operating system, and those holes were fixed?
Actually, they probably wrote that app using the API documentation of the day. They are not solely to blame, here. How could regular Windows developers know which parts of Windows would be broken by SP2?
It's better to use a vendor who provides clear guidence about binary, source, and API compatibility across versions of their software. Microsoft ain't it, because they still call it Windows XP. So, now, Windows XP != Windows XP. That sucks.
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
Because, when Microsoft break apps with a new release (be it a service pack, or new version), who do you think is going to be blamed for that by the consumers?
Let's say that Bob uses Stamp Collector Deluxe on his Windows 98 box. Bob decides to upgrade to XP, but unknown to him, Stamp Collector Deluxe relies on some undocumented feature of Windows 98, which does not work on XP. The result: Stamp Collector Deluxe does not work anymore, and Bob blames Microsoft, because it used to run fine on 98.
When you decide on being the most popular OS in the world, compatibility is everything, and Raymond Chen, the person the grandparent poster was referring to knows this better that most of us combined.
Lot's of software isn't sold in the first place.
Yep. Because the most popular games are new versions of old games. I don't care if DOOM no longer works on XP because of a service pack, but there is no reason why the next version of Quake wouldn't be patched to no longer depend upon that bug.
Quite a lot of people play games that are >12 months old. Breaking them isn't an option: they simply won't apply any more security updates from that point forward. Like it or not, in the Real World with the sort of end users who have fast machines on the end of fast home DSL, appcompat takes precendence over security. Every time.
f your company is running a critical app from 1996 without support, your company has bigger problems.
Welcome to the real world. I've already dealt with several in various test Linux migrations. One of them was written by a company that doesn't appear on Google and is apparently bust anyway. Actually this app was a Windows 3.1 program, from even earlier.
Think how much stuff is still written in COBOL.
Actually, it is. Just look at Linux development.
Linux is pretty much a textbook case of how not to maintain backwards compatibility. It's a serious problem. Some vendors are telling the LSB they won't start porting their apps to Linux until it becomes more stable (C++ in particular is an issue).
Due to the projects I'm involved with, I deal with the lack of stability on Linux all the time, and I can tell you it's one seriously fucked platform from that perspective. I've seen more than one open source developer get up and walk away (back to Windows) because the stuff they wrote simply didn't keep working.
Cry me a river. Look into the concept of "source code escrow".
It's easy to talk about source code escrow now. Too late, it's already happened. On a large scale. Deal with it.
I'm not worried about companies that didn't take basic precautions when they licensed software. They made the wrong decision, they suffer the consequences. That's business.
That's why you don't work for Microsoft, and therefore have no say in the matter. You don't sell many operating systems by telling your customers that they're screwed but it's OK because "that's business, it's harsh". People will just tell you to fuck off, and they will give their money to people who care about their software investments (like Microsoft).
http://blogs.msdn.com/oldnewthing/archive/2003/12/ 24/45779.aspx
Of course, the open source world does not have this problem because they have the luxury of being able to break anybody that misuses a particular GTK/Qt/whatever API. But Microsoft does not have that luxury. Who knows? Maybe that might be their undoing someday.
I personally think that adding proprietary software to the world increases, not decreases, freedom. The existence of my software in the world gives people more choice. The fact that my software is non-free doesn't change that fact, it just changes the nature of the choice.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that.
It sounds like Microsoft actually has a secure version of Internet Explorer, without all the guck that makes it insecure. But they consider it "unusable for consumers". Probably because you can't run all those stupid "toolbars", "Active-X controls", "upgraders", and other crap you don't need. It's clear that the "features" people won out over the "security" people.
They could at least offer "IE Hard" for everyone who wants it. Most business desktops probably should be running "IE Hard".
Windows NT was not designed as a single user system. The only problem here was Microsoft's Backward Compatibility (TM) demand. That meant that applications written for 9x had to run on Windows NT, which meant working around all of the security and user facilities in NT. All in all the security model presented by Windows NT and up is quite powerful, much more so than Linux. The only problems are, as I mentioned, backward compatibility, and, I think, most programmers are too lazy and/or stupid to correctly utilize windows security. (I'm part of the last group -- stupid.)
Richard Stallman asserts that closed, proprietary - non-Free - software is an ethical wrong. That is to say, it reduces the amount of freedom in the world. By developing, supporting, selling, evangelising - etc, etc - proprietary, non-Free software, one actively HURTS one's fellow humans. I mean this in the RMS sense - I'm not talking about Windows being less secure or less stable than GNU/Linux, but being less free.
How do Microsoft (et al) developers, who are obviously intelligent, hard-working and - at the technical level, at least - well-intentioned people, reconcile this with their consciences? Do they...
Simple:
Richard Stallman is wrong. There is nothing ethically wrong with selling software - it is no more unethical than selling groceries.
His way of doing things is a wonderful and delightful utopian ideal. Unfortunately, the rest of us live in the real world, where humans evolved from mammals, not angels. As such, the utopian ideal is something that will never work within human society.
If you're looking for nobility, go volunteer at a homeless shelter, or an Emergency Room at a hospital. Don't look for it within the free software movement, because (1) the FSF movement is NOT altruistic - the BSD guys, however, are, and (2) the world is much bigger than the confines of your computer screen.
Get a sense of perspective.
Coming soon - pyrogyra
When my mom informed me that I could have a bike OR a skateboard, I accused her of "tyranny of the OR" and suggested substituting AND instead. Needless to say, this did not go over well.
As I understand it, this is due to something called *reality*. Optimization quandaries abound in life, particularly with complex systems. If they could be remedied by cute little catch phrases, Microsoft would have copyrighted them by now. There are after all, oodles of very smart people working at the company--of the variety that whipped your ass in the high school science fair. They are wrestling with a Beast of a project which no one understands in its entirety and have to deal with end-user issues that GeekDom can casually dismiss.
You have confused freedom with what one does with his or her freedom. Freedom being the right to use one's time, property and effort as one wishes. To suggest that proprietary software is evil uncovers the fanatical and unreasoned basis of your position. You should never have to resort to one color arguments that don't even really say anything other than scream that something is wrong.
And it's especially tragic when people of Stallman's statue adopt fanaticism instead of reasoned persuasion, especially given the many merits of open source software.
*IF* a bunch of people wanted to go live in a totalitarian state of their own free will, then yes, I would support that. The freedom to give up freedoms is an important freedom itself.
I have no guilty concience over locking my front door at night. Sure, that constricts your freedom to be able to walk into my bedroom while I sleep, and I *could* make it a public place where all are welcome, but I don't, for reasons of my own, that I don't need to explain because it's MY bedroom, and I feel no guilt for restricting your freedom in that way.
The same for software. I write some for the public good under OS licence, and some proprietary under commercial licence. I have reasons for doing both and I can because I am allowed dominion over my own intellectual creations, and THAT is a greater freedom to me in some cases than your freedom to do whatever you please with my stuff.