Slashdot Mirror
Interview of the Windows XP SP2 Dev Team
Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.
Jesus Christ, hasn't the guy heard of Deedpoll!
Gamers Europe - Gaming News. Reviews.
I followed the link, but it was only a story about the quest for the Holy Grail. Except the Holy Grail was a dixie cup, and the crusaders took twice as long to search for it, but still came up with nothing, except t-shirts with corporate logos.
The Custom Mary
It's interesting to know that there was a fair amount of thought involved in enabling the firewall in SP2. Who would've thought that could break a system? Not that I use Windows much any more, but it's still a welcome enhancement.
"The reason we called it RC1 was that we wanted people to think that we were serious." I for one welcome our serious microsoft overlords... for a change.
The only thiung that really caught me was "lipstick on a chicken"... btw I am on holiday so anything too serious right now won't go in my mind anyway (too much alcohol)
just a web application developer and instructor in Toronto, ON Canada
So at Microsoft, either something works and isn't secure, or is secure and doesn't work.
I know, this isn't really news, but it's not every day you hear it from Microsoft.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
We knew we had a bigger problem than just enabling the firewall.
...can't wait to read it, actually. Right after I finish reading the Worldwide Service Agreement that came with my lawnmower.
"The SP2 product they shipped bore little resemblance to Microsoft's original plans for the release, but was instead a far more secure and stable product that, ultimately, made XP a better operating system." I knew it! Microsoft originally planned it to be unsecure and unstable!!!!! ~kalinga
"and a virtual team of Microsofties"
So is that like little fairies or something that write code while everyone is asleep?
Coder's Stone: The programming language quick ref for iPad
A people that values its privileges above its principles soon loses both. Dwight D. Eisenhower
Looking at the timeline, almost half of it was filled with 'fixing' Internet Explorer
Just drop IE and spend more time on the freaking OS.
I mean they took too long to release a patchset that caused problems and look, 7 or so new bugs found in CORE components [prolly been there since win98 or earlier].
;-)
Maybe if they spent less time "re-inventing the wheel" er... "innovating" they would have more time to actually write what they NEED to write more securely.
There is no reason why commercial software would have buffer overflows [at all] and specially in something like LoadImage().
In FOSS at least you can blame lack of time, review, etc. But in commercial software you're paying for the eyes and the time.
Show me a story where they agree to hold back on re-packaging the latest video/sound codec as a Windows format [hint: wmv == mpeg4 == divx for all intents and purposes] and instead decide to fix a good 10k bugs or so.
Of course I'd settle with the non-integration of MS IE, explorer.exe and MSN and the addition of a POSIX.1 emulation layer [that comes bundled]
Tom
Someday, I'll have a real sig.
"Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. ...
I agree with that, as a Windows 2003 server consumer. Although the prevailing wisdom says that browser use from a server should be minimalist at best.
But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that."
And that is the problem. It is not so much that Internet Explorer is insecure. It can be made VERY secure. But then it is very difficult to use for Joe Average User. There are tradeoffs all over the world wide web. (example: I want to be able to view these nifty stock quotes, but then my browser is open to exploits). The standards are still evolving and programmers are still adjusting towards the safest yet most robust model for all.
Have you Meta Moderated t
"An additional processor-based "no-execute" feature is expected to be offered in forthcoming Intel and AMD processors."
No Operation? (NOP, 0x90)
FWIW: Laurie Litwack is Canadian, Tokuro Yamashiro is of Asian heritage, and Jim Allchin is from another planet.
I've been reading The Old New Thing for a few months now. It's a blog written by a guy at Microsoft (I don't know what department), and among the things he writes about is why windows sometimes works in unexpected ways.
Yeah, Windows has lots of bugs. But some of those bugs can't be fixed, because certain major programs rely on those bugs . When you fix the bugs, you break the programs. Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.
MS has been pussyfooting it about breaking programs in the past, and I'm glad MS finally bit the bullet with SP2 and broke all those programs in the name of security. It was high time. Of course, it means I have to keep a second PC around for some older games, but hey, that's life.
The people at Microsoft know what is wrong with Windows. They have a variety of reasons for not fixing it. I can't say I agree with them completely but some of them make good "business" sense. It's too bad they care more about "business" than the quality of the product itself.
When Apple did MacOSX, they basically created a "WINE" for MacOS9. Not everything was/is perfect but a great many things continue to work without problems. They didn't sit back and say "oh... we have business reasons for not overhauling the whole OS and starting over from something more secure and stable from the start."
I have said it before and I say it again: Microsoft is perfectly capable of doing exactly what Apple did: Make a new OS and make a WINE to run the old stuff until people finally migrate over. I'm not a developer but there are plenty of examples out there to show it's not impossible. I know I can't be the only person who has ever thought of it and I wonder why they haven't done this at Microsoft already? Some people here have been kind enough to put forth some reasons why Microsoft hasn't just abandoned its current Win32 model -- essentially business reasons -- so can someone offer some likely reasons why Microsoft wouldn't build a new OS and then make a WINE for backward compatibility?
Those are pretty nice pictures for geeks. Almost *too* nice. Is this really a collection of programmers?
Join the Slashcott! Feb 10 thru Feb 17!
I know this isn't on topic, but after reading the article and seeing how difficult it was to get SP2 out the door, I wonder about their goals for Longhorn.
I keep reading how longhorn is going to have wonderful new features and things nobody knows they need. However, I think that most users just want the stuff in windows xp to work the way it should. Longhorn should be a hardened Windows XP SP2.
That might actually be the incentive for the companies that still run windows 2000 for stability to switch over. That is their market.
Consumers are going to get windows when they buy new computer. I don't care how many linspire running walmart PCs are sold, Dell and HP are selling them with windows.
Their competition is beating them on stability and ease of use, not cool groundbreaking new features. Most computer users just want the PC to be easier to use, not more complicated with new file systems and taskbars with more crap on them.
People are switching to firefox from IE mainly for the enhanced security and tabbed browsing. Okay, tabbed browsing shouldn't be too difficult to copy to IE, but security is the reason techies are putting that little fox icon on peoples' desktops.
I think they've done a good job with SP2, but I think that people just want the computer to work and are indifferent to the bells and whistles appearing in longhorn betas.
That's what a billion users spending $50+ billion a year on Microsoft software get for their money. They could have hired tens of thousands of programmers just to do line-by-line code audits without making a dent in their budget.
Todd: I'm talking Windows [Division] in general, or Microsoft in general. The Longhorn wave
As I had previously read this is not a joke, just look at this quote from a Microsoft worker: http://www.longhornblogs.com/robert/archive/2004/
Now, at the same time all this has been going on, there has been a lot of complaining about the constantly slipping Longhorn release date. I haven't weighed in on that too much yet, but I think it's time to break my silence. Microsoft shifted between 80-90% of the Windows Client Team off Longhorn development and onto Windows XP SP2.
Is not that the SP2 is a bad thing. Is a great improvement, but it took so many time, it was delayed so many times...that's all what Microsoft can do? I mean, they just put all they resources in the SP2 and it took them forever to release it.
Perhaps it's just me, but the open source world evolves much faster and has more resources than Microsoft. Every 6 months I see more evolution in the OSS field than what I saw in SP2 (and again, it's not that the SP2 was bad - it was great! But just look at fedora 3 with its SELinux integrationand all the rest. We're being faster than them IMHO, and how fast can you evolute is more important than "how good are you today"
- Microsoft's best are not able to turn off Media Player 8.
- Media Player 9 went thru a "security audit", so it must be better than 8, which has been tested by several hundred million people.
- Enabling a firewall breaks *everything*. Apparently they havent heard of a simple GUI with easily-understood checkboxes. (See IE options... for the classic counterexample).
- They somehow expect a semi self-anointed czar of security patches to gain everyone's support.
- Nowhere is it mentioned the (estimated) 45,000 uses of unsafe string functions in the source code.
Sigh^3?Microsoft spent too much time trying to tie-up market-share, instead of architecting and designing their products to help clients.
By (inadvertently) harming their clients like that, they've built a monster, and now, short of scrapping most of their IE work, there is no way they will ever deliver anything robust and secure.
Of course, they WON'T go back and do it right, both because the corporate masters won't stand for it and the fact their development teams are committed to what they've done and their disgracious vision.
So it's game over for Microsoft, who couldn't deliver on what clients really needed.
In fact, they'll survive in computing the same way Mcdonalds survives in cuisine. Some would call that a success, but few would admit to eating there.
I don't know the meaning of the word 'don't' - J
Following the first link in the story leads you to this picture (eventually):a m_85.jpg
http://www.winsupersite.com/images/reviews/war_te
Isn't that a penguin?
Isn't that Tux?
What's he doing there?
Spying?
Or... noo. They hold him captive??!
You know, to be quite honest, I'm damned sick of this mindset that only a group of different races and genders is divrse. Five white men can be just as diverse as than a black, white, aisian, ect of varying genders. For the inevitable retarded people responses: I'm not saying that there should only be groups white people.
Richard Stallman asserts that closed, proprietary - non-Free - software is an ethical wrong. That is to say, it reduces the amount of freedom in the world. By developing, supporting, selling, evangelising - etc, etc - proprietary, non-Free software, one actively HURTS one's fellow humans. I mean this in the RMS sense - I'm not talking about Windows being less secure or less stable than GNU/Linux, but being less free.
How do Microsoft (et al) developers, who are obviously intelligent, hard-working and - at the technical level, at least - well-intentioned people, reconcile this with their consciences? Do they...
Hope this doesn't sound like a troll. I just really want to understand why people go along with this system. I don't get it, but obviously most of the rest of the world don't care or have some other cognitive work-around. Please enlighten me someone!
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Then the vendors can release patches for their apps so that they will work after the service pack is applied.
And before anyone goes off about how Microsoft would have to spend too much money and time testing every app out there, you're wrong.
There are lots of companies with contracts with Microsoft and Microsoft could ask those companies to run a quick diagnostic app on some of their machines with the apps those companies consider critical to their business running.
That way, Microsoft could see what apps were using the bug that they planned to fix and how many of their big customers would be affected by a fix.
Microsoft has the money, the contact info, the company info and the existing contracts to do just that.
The real reason Microsoft doesn't do that is because there are too many bugs that rely upon other bugs and Microsoft doesn't even know which are which or where they are.
For reference, look at this previous
One of the things I do when I run a project is I never use the word "I." Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team.
What a wanker. This is one of those guys who when he means "you" he says "we". For example - "why don't we spend the next few hours working out the bugs." - which means "why don't you bust your ass for a few hours while I go home and get some sleep.".
Lot's of software isn't sold in the first place.
Yep. Because the most popular games are new versions of old games. I don't care if DOOM no longer works on XP because of a service pack, but there is no reason why the next version of Quake wouldn't be patched to no longer depend upon that bug.
Quite a lot of people play games that are >12 months old. Breaking them isn't an option: they simply won't apply any more security updates from that point forward. Like it or not, in the Real World with the sort of end users who have fast machines on the end of fast home DSL, appcompat takes precendence over security. Every time.
f your company is running a critical app from 1996 without support, your company has bigger problems.
Welcome to the real world. I've already dealt with several in various test Linux migrations. One of them was written by a company that doesn't appear on Google and is apparently bust anyway. Actually this app was a Windows 3.1 program, from even earlier.
Think how much stuff is still written in COBOL.
Actually, it is. Just look at Linux development.
Linux is pretty much a textbook case of how not to maintain backwards compatibility. It's a serious problem. Some vendors are telling the LSB they won't start porting their apps to Linux until it becomes more stable (C++ in particular is an issue).
Due to the projects I'm involved with, I deal with the lack of stability on Linux all the time, and I can tell you it's one seriously fucked platform from that perspective. I've seen more than one open source developer get up and walk away (back to Windows) because the stuff they wrote simply didn't keep working.
Cry me a river. Look into the concept of "source code escrow".
It's easy to talk about source code escrow now. Too late, it's already happened. On a large scale. Deal with it.
I'm not worried about companies that didn't take basic precautions when they licensed software. They made the wrong decision, they suffer the consequences. That's business.
That's why you don't work for Microsoft, and therefore have no say in the matter. You don't sell many operating systems by telling your customers that they're screwed but it's OK because "that's business, it's harsh". People will just tell you to fuck off, and they will give their money to people who care about their software investments (like Microsoft).