Slashdot Mirror


Interview of the Windows XP SP2 Dev Team

Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.

12 of 392 comments (clear)

  1. Note IE by spac3manspiff · · Score: 5, Insightful

    Looking at the timeline, almost half of it was filled with 'fixing' Internet Explorer
    Just drop IE and spend more time on the freaking OS.

  2. Somehow not impressed? by tomstdenis · · Score: 4, Insightful

    I mean they took too long to release a patchset that caused problems and look, 7 or so new bugs found in CORE components [prolly been there since win98 or earlier].

    Maybe if they spent less time "re-inventing the wheel" er... "innovating" they would have more time to actually write what they NEED to write more securely.

    There is no reason why commercial software would have buffer overflows [at all] and specially in something like LoadImage().

    In FOSS at least you can blame lack of time, review, etc. But in commercial software you're paying for the eyes and the time.

    Show me a story where they agree to hold back on re-packaging the latest video/sound codec as a Windows format [hint: wmv == mpeg4 == divx for all intents and purposes] and instead decide to fix a good 10k bugs or so.

    Of course I'd settle with the non-integration of MS IE, explorer.exe and MSN and the addition of a POSIX.1 emulation layer [that comes bundled] ;-)

    Tom

    --
    Someday, I'll have a real sig.
  3. Internet Explorer Conundrum by eltoyoboyo · · Score: 4, Insightful

    "Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. ...

    I agree with that, as a Windows 2003 server consumer. Although the prevailing wisdom says that browser use from a server should be minimalist at best.

    But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that."

    And that is the problem. It is not so much that Internet Explorer is insecure. It can be made VERY secure. But then it is very difficult to use for Joe Average User. There are tradeoffs all over the world wide web. (example: I want to be able to view these nifty stock quotes, but then my browser is open to exploits). The standards are still evolving and programmers are still adjusting towards the safest yet most robust model for all.

    --
    Have you Meta Moderated t
  4. such a waste... by erroneus · · Score: 5, Insightful

    The people at Microsoft know what is wrong with Windows. They have a variety of reasons for not fixing it. I can't say I agree with them completely but some of them make good "business" sense. It's too bad they care more about "business" than the quality of the product itself.

    When Apple did MacOSX, they basically created a "WINE" for MacOS9. Not everything was/is perfect but a great many things continue to work without problems. They didn't sit back and say "oh... we have business reasons for not overhauling the whole OS and starting over from something more secure and stable from the start."

    I have said it before and I say it again: Microsoft is perfectly capable of doing exactly what Apple did: Make a new OS and make a WINE to run the old stuff until people finally migrate over. I'm not a developer but there are plenty of examples out there to show it's not impossible. I know I can't be the only person who has ever thought of it and I wonder why they haven't done this at Microsoft already? Some people here have been kind enough to put forth some reasons why Microsoft hasn't just abandoned its current Win32 model -- essentially business reasons -- so can someone offer some likely reasons why Microsoft wouldn't build a new OS and then make a WINE for backward compatibility?

    1. Re:such a waste... by ajv · · Score: 4, Insightful

      They did - it's called NT. It's the kernel under XP, and bears no resemblence to the shim known as Windows 9x/Me.

      I remember a few years ago when I was running NT 3.51 on my dual processor HP workstation just how nice this nice shiny new OS is. I can format a floppy and I can still do other things. Before NT, it took an Amiga to do that. In the Linux of the day, well I could use mformat or dd and zero out the sectors in preparation for a tar, but there was no UI for either and both were relatively arcane.

      The level of transparency in XP running old apps makes Apple's half-baked approach look amateurish.

      I bet when Avalon comes out, you're going to complain that it's not available on Windows Me or 2000, or why Microsoft is forcing developers to abandon their code and start over again. MS can't win on slashdot.

      --
      Andrew van der Stock
  5. Insightful quote... by gwiner · · Score: 5, Insightful
    "Todd: We knew we had a bigger problem than just enabling the firewall. And so at that point, I sent out a mail to everyone in the division saying, "This is what we're going to do. We're going to take a little bit more time to do it. And if you want to submit a security feature, you should do so, and then show up at this room." Well, the next day, it was standing room only, and everyone had a security feature that they wanted to check in. It went all the way down from things like the new Bluetooth stack, to the new Windows Media Player, to the new Group Policy stuff, and on, and on, and on, and on."
    I find it interesting that MS is so aware of their security problems internally, yet still claims to put an emphasis on security. This exchange seems to be good evidence that they ship ahead of any thorough security analysis/testing. Not only did they realize on closer examination that their own firewall didn't work, but half the division shows up with suggestions for known security concerns. Clearly this shows people's voices are not being heard. I guess I'm not surprised, but this seems like fodder for a lawsuit.
  6. Sigh^2 by Ancient_Hacker · · Score: 5, Insightful
    After reading TFA I don't know whether to laugh or cry:
    • Microsoft's best are not able to turn off Media Player 8.
    • Media Player 9 went thru a "security audit", so it must be better than 8, which has been tested by several hundred million people.
    • Enabling a firewall breaks *everything*. Apparently they havent heard of a simple GUI with easily-understood checkboxes. (See IE options... for the classic counterexample).
    • They somehow expect a semi self-anointed czar of security patches to gain everyone's support.
    • Nowhere is it mentioned the (estimated) 45,000 uses of unsafe string functions in the source code.
    Sigh^3?
  7. Payback is a bitch by Progman3K · · Score: 4, Insightful

    Microsoft spent too much time trying to tie-up market-share, instead of architecting and designing their products to help clients.

    By (inadvertently) harming their clients like that, they've built a monster, and now, short of scrapping most of their IE work, there is no way they will ever deliver anything robust and secure.

    Of course, they WON'T go back and do it right, both because the corporate masters won't stand for it and the fact their development teams are committed to what they've done and their disgracious vision.

    So it's game over for Microsoft, who couldn't deliver on what clients really needed.

    In fact, they'll survive in computing the same way Mcdonalds survives in cuisine. Some would call that a success, but few would admit to eating there.

    --
    I don't know the meaning of the word 'don't' - J
  8. Re:This quote sums it up by jht · · Score: 4, Insightful

    Yes, you can, but that's not so much the problem at Microsoft. The problem Microsoft has is that they designed an OS for ease of use and programming convenience, only to belatedly realize that the consequences of a lax security approach were severe. Now they have to try and shore up the security of an OS that wasn't designed for it, while retaining as much as they can of the prior attributes.

    When you can design from a blank sheet of paper, it's a lot easier to have it all. Look at Apple's relative success. They weren't trying to design an OS that would be 100% compatible with virtually all the prior software. Instead, they were able to say "Here's a subset of our old API that we've decided to make work in this new world (Carbon). Apps that use Carbon should work. Older apps will probably work in what we've designed as a VM (Classic). Get with the program".

    Of course, Apple had a fraction of the installed base and developers to piss off by doing that. If Microsoft decides to start over and just retain some form of Win32 compatibility layer, the chaos will make Apple's transition pale in comparison. In the long run, it would be worth it, but remember the size of the Windows installed base. That's a lot of inertia to overcome.

    In general, the OSS community doesn't have these sort of problems in starting from a market share of near 0%. But with success will lie many of the same issues. So long as security is a priority from the beginning, it probably wouldn't be as bad an issue as it is for Microsoft today.

    --
    -- Josh Turiel
    "2. Do not eat iPod Shuffle."
  9. Re:7 developers by spruce · · Score: 4, Insightful
  10. Never Use the word "I" by mrcparker · · Score: 4, Insightful

    One of the things I do when I run a project is I never use the word "I." Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team.

    What a wanker. This is one of those guys who when he means "you" he says "we". For example - "why don't we spend the next few hours working out the bugs." - which means "why don't you bust your ass for a few hours while I go home and get some sleep.".

  11. Re:It would work. by IamTheRealMike · · Score: 4, Insightful
    The vendors who sold the app.

    Lot's of software isn't sold in the first place.

    Yep. Because the most popular games are new versions of old games. I don't care if DOOM no longer works on XP because of a service pack, but there is no reason why the next version of Quake wouldn't be patched to no longer depend upon that bug.

    Quite a lot of people play games that are >12 months old. Breaking them isn't an option: they simply won't apply any more security updates from that point forward. Like it or not, in the Real World with the sort of end users who have fast machines on the end of fast home DSL, appcompat takes precendence over security. Every time.

    f your company is running a critical app from 1996 without support, your company has bigger problems.

    Welcome to the real world. I've already dealt with several in various test Linux migrations. One of them was written by a company that doesn't appear on Google and is apparently bust anyway. Actually this app was a Windows 3.1 program, from even earlier.

    Think how much stuff is still written in COBOL.

    Actually, it is. Just look at Linux development.

    Linux is pretty much a textbook case of how not to maintain backwards compatibility. It's a serious problem. Some vendors are telling the LSB they won't start porting their apps to Linux until it becomes more stable (C++ in particular is an issue).

    Due to the projects I'm involved with, I deal with the lack of stability on Linux all the time, and I can tell you it's one seriously fucked platform from that perspective. I've seen more than one open source developer get up and walk away (back to Windows) because the stuff they wrote simply didn't keep working.

    Cry me a river. Look into the concept of "source code escrow".

    It's easy to talk about source code escrow now. Too late, it's already happened. On a large scale. Deal with it.

    I'm not worried about companies that didn't take basic precautions when they licensed software. They made the wrong decision, they suffer the consequences. That's business.

    That's why you don't work for Microsoft, and therefore have no say in the matter. You don't sell many operating systems by telling your customers that they're screwed but it's OK because "that's business, it's harsh". People will just tell you to fuck off, and they will give their money to people who care about their software investments (like Microsoft).