Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview of the Windows XP SP2 Dev Team

Posted by Hemos on from the one-step-forward? dept.

Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.

22 of 392 comments (clear)

  1. No Easy Feat by sanityspeech · · Score: 3, Interesting

    It's interesting to know that there was a fair amount of thought involved in enabling the firewall in SP2. Who would've thought that could break a system? Not that I use Windows much any more, but it's still a welcome enhancement.

    1. Re:No Easy Feat by Anonymous Coward · · Score: 2, Interesting

      The problem is some programs require it to operate. Autocad just barfs when you install SP2. Even their new beta's refuse to install with sp2 on the machine. Autodesk insists that it's a microsoft problem and I'm sure microsoft would insist that it's an Autodesk problem. The end result is install SP2 and the architects can't do their work or don't install SP2 and live with the virus' and crap. Neither of which are good choices.

  2. This quote sums it up by TrollBridge · · Score: 5, Interesting
    From TFA: "I can make it so secure that it doesn't work, or I can have 100 percent compatibility"

    So at Microsoft, either something works and isn't secure, or is secure and doesn't work.

    I know, this isn't really news, but it's not every day you hear it from Microsoft.

    --
    There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
    1. Re:This quote sums it up by lordfener · · Score: 5, Interesting

      I know you're making a joke, but on a serious note in the Windows world the comment is not too far off-center. In the world of computer-illiterate (not meant in a offending way) end users, security is somewhat connected to usability. A bit like taking a Ferrari and then adding enough features that my mom could drive it in the snow without causing a genocide ;-) Non-Windows people--Linux in particular--reason in completely different terms, which result in overall safer, but far less usable for the layman, software. I prefer the Linux way, too... but not everybody thinks the same way :)

    2. Re:This quote sums it up by NeoSkandranon · · Score: 3, Interesting

      Your comment about users is dead on, but when thinking about security vs. compatibility (at least in the context of that comment) I think of the following:

      My friend was slamming SP2 from the start because it "broke" alot of apps where he works (a medical powerhouse in the state)

      My response was something along the lines of, wait, let me get this straight, you're complainig because an application you rely on is designed around security risks in the operating system, and those holes were fixed?

      --
      If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
    3. Re:This quote sums it up by jchap · · Score: 2, Interesting



      "We can have security OR compatability. We can have low prices OR product quality... etc..

      Bullshit. You can have both. The visionary companies described in this book DO get both, because they live by what the book describes "Genius of the 'AND'". You CAN have it both ways - it just takes hard work, dediction, and thinking outside of the box."

      This kind of nonsense has really got to stop. It reminds me of the rubbish always talked about C that you could have portablity AND speed AND efficiency AND small code size AND this AND that AND the other AND ffs.

      At some point in design, and indeed in life, you have to make choices and you are forced to make these choices when it becomes impossible to have *everything* you want at one time.

      While it is of course extremely valuable to put off making choices until the last possible moment - to make something other than vapour in this universe you have to actually put pen to paper - and start making choices.

      Now, would you like a tea or a coffee?

      Make a choice or I withdraw the offer... :)

    4. Re:This quote sums it up by NovaX · · Score: 3, Interesting

      You seem to conventiently neglect what Microsoft has done and how they viewed the future. When they designed Windows, all three architectures, none had the Internet in mind. In fact Micrsoft was late to the game because they didn't see it coming.

      Windows 95 was meant to become the next home PC operating system. It had basic networking support to allow home networks and connecting to private networks (e.g. AOL, BBSes). Security was not seen as a major issue - about the same as for DOS/Win3x.

      WinNT was designed for workstations and servers - for intranets. NT has a strong security model and is appropriate for that domain - where you protect from internal threats and only minor external ones.

      In both instances the intended OS didn't have the Internet in mind, so security didn't focus on those relevant issues. In addition, the huge undertaking to develop these OSes created many of these bugs, which lie ontop of core architecture.

      Everything you mentioned with VMs Microsoft has done repeatedly with every generation of Windows. With Longhorn, they'll rip out many of the problematic areas of NT, revise the kernel, and use C# as the development platform. This undertaking will create the fourth generation of Windows - where it is designed for a networked environment.

      --

      "Open Source?" - Press any key to continue
    5. Re:This quote sums it up by Anonymous Coward · · Score: 1, Interesting


      The largest item that bites Microsoft is that they started as a single user system. Many microsoft apps are designed with the assumption that they have total crontrol of the sytem and can do things like write whereever on the drive they want. Want an example? Try installing Winamp on windows 2000 and then try running it as anything other than an administrator equivelant account. It crashes! Multi user systems(*BSD, Linux, OSX), on the other hand, are designed from the ground up with access control in mind. There are well defined places for non admin users to put things and the application developers know they must design for this or simply have their application not work. Microsoft is now stuck trying to retrain application developers to do things the new improved way and unfortunatly there is a lot of inertia to overcome in the process.
      Microsoft has well defined places for non-admin users to put things. This has been true since I think Windows 95 (HKCU key). If anything it's been in place since Windows 2000...which is five years old. Windows XP is at least four years old now. How long is it going to take the developers to fix this issue? It's understandable that older software may not work. But software written today doesn't follow Microsoft's published rules (which are required for Windows 2000 certification). The problem isn't with Microsoft. It's with the developers. And until the industry lays the blame at their feet, where it belongs, they won't change.

  3. Can it ever be fixed? by anicca · · Score: 5, Interesting
    Todd: I thought we'd never ship XP SP2. I just wasn't sure if we could get to the quality level that we need to be at in time. Paul: In time ... ? Todd: Before the next [round of dangerous exploits].
    That says it all. Even the team in charge of fixing the holes knows there will be new breaches almost immediately. Like http://it.slashdot.org/article.pl?sid=04/12/25/143 3236&tid=172&tid=128&tid=201&tid=1
    --
    A people that values its privileges above its principles soon loses both. Dwight D. Eisenhower
  4. Some windows bugs can't be fixed by SnappyCrunch · · Score: 5, Interesting

    I've been reading The Old New Thing for a few months now. It's a blog written by a guy at Microsoft (I don't know what department), and among the things he writes about is why windows sometimes works in unexpected ways.

    Yeah, Windows has lots of bugs. But some of those bugs can't be fixed, because certain major programs rely on those bugs . When you fix the bugs, you break the programs. Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.

    MS has been pussyfooting it about breaking programs in the past, and I'm glad MS finally bit the bullet with SP2 and broke all those programs in the name of security. It was high time. Of course, it means I have to keep a second PC around for some older games, but hey, that's life.

  5. 7 developers by dtfinch · · Score: 4, Interesting

    That's what a billion users spending $50+ billion a year on Microsoft software get for their money. They could have hired tens of thousands of programmers just to do line-by-line code audits without making a dent in their budget.

  6. Good. Maybe they can explain... by NoMoreNicksLeft · · Score: 2, Interesting

    Why I get 5 calls a night from one idiot or another who has enabled automatic update without knowing it, download SP2, and subsequently had their entire IP stack screwed. Is that a feature?

  7. Microsoft needs more programmers, it seems? by diegocgteleline.es · · Score: 5, Interesting


    Todd: I'm talking Windows [Division] in general, or Microsoft in general. The Longhorn wave ... we kind of took a year off. We kind of stopped the train, went back and fixed some problems in XP, and now we're gearing the momentum back up. We are getting ready to focus on Longhorn.

    As I had previously read this is not a joke, just look at this quote from a Microsoft worker: http://www.longhornblogs.com/robert/archive/2004/0 8/06/4352.aspx:

    Now, at the same time all this has been going on, there has been a lot of complaining about the constantly slipping Longhorn release date. I haven't weighed in on that too much yet, but I think it's time to break my silence. Microsoft shifted between 80-90% of the Windows Client Team off Longhorn development and onto Windows XP SP2.



    Is not that the SP2 is a bad thing. Is a great improvement, but it took so many time, it was delayed so many times...that's all what Microsoft can do? I mean, they just put all they resources in the SP2 and it took them forever to release it.

    Perhaps it's just me, but the open source world evolves much faster and has more resources than Microsoft. Every 6 months I see more evolution in the OSS field than what I saw in SP2 (and again, it's not that the SP2 was bad - it was great! But just look at fedora 3 with its SELinux integrationand all the rest. We're being faster than them IMHO, and how fast can you evolute is more important than "how good are you today"

  8. Re:Headshots by IamTheRealMike · · Score: 2, Interesting
    Hah, I was just thinking that. What's funny is that Todd Wanke was described in a previous WinSuperSite story as being a real tough case (shadowy former security-related job with the US govt) when running a previous "war room", and apparently people were terrified of him! It also said he was a likable guy in person (well, Paul "I want to be assimilated" Thurrott isn't going to say he's an arsehole is he?). So who knows. They made him look like a fluffy teddybear in those shots.

    I notice they left out some photos of the other team members. Maybe they actually looked like operating systems geeks instead of models?

  9. Re:Internet Explorer Conundrum by globalar · · Score: 2, Interesting

    One major problem is that the enduser needs an interface to navigate through and come to grips with every serious security feature. Since IE has trained millions of users in promiscuous computing, this is a particular challenge.

    Every time something does not work, the enduser rarely cares why, in the technical sense. Instead, they want an abstracted answer to their unvoiced question along with a quick fix and the promise this will never happen again. For every feature, there also needs to be a user-handling sister feature.

    A very simple example is a popup blocker, which must at once notify the user of a popup, prevent its display (the core functionality), and provide a way for the user to configure the feature (UI). While a popup blocker is a pretty much 2-second learning experience for myself, it takes other multiple sessions to come to grips with it.

  10. Re:such a waste... by erroneus · · Score: 3, Interesting

    uh... I'm going to have to disagree with you there...

    Drivers under XP are still running at Ring-0. The same Win32 API thing is still in operation which makes virtually any security problem, a system-wide compromise since the message queue is a problem that cannot be fixed without a complete rewrite/replacement of Win32.

    Part of Windows's current set of problems involve the execution level of device drivers. Another part is the message queue problem. The integration of MSIE is a pretty critical failure too but wouldn't be were it not for the existance of the first two. The first two problems necessitate abandoning or virtualizing the Win32 API as it is today. The only safe way to continue using that API is to run it in a virtual machine that doesn't actually run that API itself. That way, the apps and drivers cannot corrupt the rest of the OS needlessly.

    MS can win on Slashdot if MS would abandon its pride and admit when mistakes are made. It was a mistake to integrate MSIE too deeply into the OS. The shell itself should have be safely disconnected from the kernel. I remember when Win2k was first being introduced and discussed at some Microsoft thingy... I raised my hand during the Q&A session and asked if drivers were still running at Ring-0. The guy I asked didn't have a clue what I was talking about but another guy did and "admitted" '...yes...' with a sigh. So he knew as much as I did that drivers at Ring-0 is a critical problem. (even if all devices are certified by MS, people still write and use those damned VXDs as DLLs for their programs so they can get 'more' from the OS in the way of performance... thereby running their apps at Ring-0 and circumventing program protections.)

    When Avalon (whatever that is) comes out I am sure there will be plenty of people bitching about it... no getting around it. But I think the world has adjusted to the fact that Win98 is an abandoned OS and should be regarded as such. Win2000 is not yet abandoned and should be supported where it is appropriate. (Did people actually use WinME??? Dear god...thought it was just a bad dream...)

    MS forcing developers to start over again should be considered normal and acceptable. I don't think anyone should bitch about that at all. There are other reasons developers should bitch at Microsoft, however. In my view it's like people bitching that they need to go back to school to update their education. Sorry man, but the world is a changing place and if you don't change with it, you will die. But then again... :) Go visit http://www.night.net :) Those jokers are still running WindowsNT for most all of their servers... who knows why other than being unwilling to learn and change with the world... running some oreilly web server I can't recall. (Oh yeah, WebSite...) Servers rebooting several times a day. Simply remarkable the lengths and crap people will endure simply to avoid learning something new. Boggles my mind.

    Well anyway... I know these people are out there and I admit you're probably right that MS can't seem to win on Slashdot, but I'd be willing to bet that people on Slashdot at one time did sing the praises of Microsoft as I once did. I hold that Microsoft EARNED Slashdot's disapproval and it would take a LOT to restore any good feeling we once had.

  11. McLaws isn't a MS worker... by Otis_INF · · Score: 2, Interesting

    he's an MVP, not an MS worker. MVP's are people awarded by Microsoft for their efforts in helping others out. An MS employee can't be an MVP by definition.

    FB, C# MVP

    --
    Never underestimate the relief of true separation of Religion and State.
  12. The question no-one ever asks... by Cally · · Score: 4, Interesting
    ...Microsoft developers,that I'd like to know the answer to, is this. (I'm doing my best to frame this in non-troll-like terms.) Disclaimer: I've drunk the FSF koolaid - my freedom is more important to me than pretty flashing lights, cute interfaces, or another $10,000 salary. (As a matter of fact I'm doing much better for myself, financially as well as life-style-wise, since I stopped accepting money to work with proprietary software... but that's by-the-by.)

    Richard Stallman asserts that closed, proprietary - non-Free - software is an ethical wrong. That is to say, it reduces the amount of freedom in the world. By developing, supporting, selling, evangelising - etc, etc - proprietary, non-Free software, one actively HURTS one's fellow humans. I mean this in the RMS sense - I'm not talking about Windows being less secure or less stable than GNU/Linux, but being less free.

    How do Microsoft (et al) developers, who are obviously intelligent, hard-working and - at the technical level, at least - well-intentioned people, reconcile this with their consciences? Do they...

    • reject the notion that software freedom is a real freedom?
    • reject the idea that that freedom is important?
    • Just not think about this issue?
    • Buy one of the classic get-outs for those co-operating with evil, such as "If I don't do it, someone else will", or "I need to feed my family / pay for my SUV / eat", or... what else?

    Hope this doesn't sound like a troll. I just really want to understand why people go along with this system. I don't get it, but obviously most of the rest of the world don't care or have some other cognitive work-around. Please enlighten me someone!

    --
    "None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
  13. Maybe "communication"? by khasim · · Score: 3, Interesting
    Yeah, Windows has lots of bugs. But some of those bugs can't be fixed, because certain major programs rely on those bugs . When you fix the bugs, you break the programs. Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.
    So, why doesn't someone at Microsoft call up the vendor of those apps and let them know that the next service pack will break their apps in this very specific fashion?

    Then the vendors can release patches for their apps so that they will work after the service pack is applied.

    And before anyone goes off about how Microsoft would have to spend too much money and time testing every app out there, you're wrong.

    There are lots of companies with contracts with Microsoft and Microsoft could ask those companies to run a quick diagnostic app on some of their machines with the apps those companies consider critical to their business running.

    That way, Microsoft could see what apps were using the bug that they planned to fix and how many of their big customers would be affected by a fix.

    Microsoft has the money, the contact info, the company info and the existing contracts to do just that.

    The real reason Microsoft doesn't do that is because there are too many bugs that rely upon other bugs and Microsoft doesn't even know which are which or where they are.

    For reference, look at this previous /. story: http://slashdot.org/article.pl?sid=04/08/27/153124 2
  14. Sort of the same, but still very different. by khasim · · Score: 2, Interesting
    Of course any hardware 3d-accelerated video driver in Linux can also bring down the system, since parts of DRI and nvidia's GLX run in the kernel. The salient difference is that video drivers in NT are coded against an interface that is designed not to change. Change your kernel version, or apply the wrong patches to the kernel you're already running, and your Linux video driver might very well break, particularly if it's a binary-only driver like the ones from ATI or Nvidia.
    I don't run hardware accelerated 3d in Linux. Which may explain why I've never had a video problem with Linux, even though the modules would be loaded with the kernel.
    Running video drivers in kernel space is not a "bad technical decision," it's a tradeoff, informed by the realizations that for end users crashing your graphics subsystem is just as bad as crashing the entire machine, video performance is pretty important, and video drivers can be made pretty reliable. It's the same tradeoff most reasonably-performing 3d-accelerated drivers make in Linux. The difference is that it works a lot better in NT, since the driver won't just break one day for no apparent reason.
    But the 2d drivers would also cause problems with Windows. So any video problem in Windows could bring down the whole OS.

    Which is very different from a very specific video problem in Linux.

    It is not the same trade-off as with Linux because it is possible to run a Linux server with only the command line interface.

    With Windows, every implementation has those flaws.

    With Linux, only a very specific sub-set of implementations have those flaws.
  15. Death march by Anonymous Coward · · Score: 1, Interesting

    So Microsoft's security strategy is to put together death march development teams? Is this supposed to make me feel better?

    Security is difficult and expensive and costly in terms of developer talent. Microsoft responded to a market situation with a team and a hard driven strategy. Fine. What about next year? What about when the tide of worms and trojans is stemmed, and everyone forgets about how bad it was in 2004?

    Derek

  16. Re:Only on Slashdot ... by IamTheRealMike · · Score: 2, Interesting
    Non sequitur http://www.hyperdictionary.com/dictionary/non+sequ itur "A reply that has no relevance to what preceded it." Your reply neither refuted my position nor supported your's.

    I don't see how. You claimed it was up to the people who sold the software to fix it, and I pointed out that much software was not written to be sold as a product. It was written by the people who had a problem to solve.

    Given the number of zombie Windows machines, it seems that they're not applying them right now. But at least the option would be available to those who choose to.

    Yes, and I just got back from the pub, where I was talking with a friend who claimed you don't need to bother applying security updates if you have a good firewall - in fact, he said, it's best not to because stuff might break. And this is with a huge amount of effort put into things like SP2 by Microsoft. He isn't the first person I've met with that attitude.

    Look into a service contract from these people http://www.codeweavers.com/ they'd still be running that app, but they'd be on a modern, secured OS.

    I work for Codeweavers and in fact this Windows 3.1 app (it was for a hospital) now runs quite well on Linux. We work hard to ensure Wine and CrossOver stay working on an incredibly unstable platform. Do you know that every single release from Red Hat 9 through to Fedora Core 3 has broken CrossOver/Wine in some way? Every single one? These typically weren't "bugs" and they weren't one line fixes. I myself put a lot of work into allowing Wine to run when exec-shield and prelink are active.

    So, I'd like to think my opinion is an informed one because I work at the crossroads where Windows and Linux meet, and the differences in stability between them are like night and day.

    Here's a posting about how to run ancient a.out binaries on an ELF-based version of Red Hat http://www.ofb.net/~jheiss/aout_redhat.shtml. Running ancient apps on Linux is simple. Everyone knows it is simple. Why do you try to claim that it is difficult?

    Here's a simple experiment to try. Install IBM Domino Server and run it on any modern distribution. Any Fedora Core release will do. At least the release I have, won't run. It'll hang during startup in a way that looks like it's running, but actually it's not.

    Now go to garagegames.com and download the Lore demo. Run it. It will fail to start with an error about libgcc_s.so. In fact most of the Loki games are now broken in some fashion.

    Now try disabling NPTL, and they'll start working. Did you know about LD_ASSUME_KERNEL? Do you understand what it does?

    Here's another experiment. Install a stock Red Hat 9 distribution and upgrade its copy of GTK+ to 2.4 - remember, this release is supposed to be backwards compatible. Observe that GNOME now hangs when it logs out due to a semantic change (bugfix) in GObject.

    Final experiment. Write a program to create a menu heirarchy that works on every distribution out there. Actually, don't bother. The one that ships with CrossOver is over 3000 lines of Perl and covers the 6 or so different menu systems otu there as well as cases where a distro ships with more than one at once.

    That's why Linux is the fastest growing server OS right now.

    But which is dominant? I think you'll find it's Windows.

    Sure. Stability and backwards compatibility don't matter much when you're selling a product that just has to serve web pages, or route mail. Everything you need comes out of the box. If stuff breaks it can be fixed by the distribution provider. The same is not true on the desktop which has a much less homogenous set of software in use.