Interview of the Windows XP SP2 Dev Team

Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.

Todd Wanke...

[ProudClod]

Jesus Christ, hasn't the guy heard of Deedpoll!

what?

[Nadsat]

I followed the link, but it was only a story about the quest for the Holy Grail. Except the Holy Grail was a dixie cup, and the crusaders took twice as long to search for it, but still came up with nothing, except t-shirts with corporate logos.

prophetic

[OffTheLip]

"The reason we called it RC1 was that we wanted people to think that we were serious." I for one welcome our serious microsoft overlords... for a change.

wow...a long read

[djeddiej]

The only thiung that really caught me was "lipstick on a chicken"... btw I am on holiday so anything too serious right now won't go in my mind anyway (too much alcohol)

This quote sums it up

[TrollBridge]

From TFA: "I can make it so secure that it doesn't work, or I can have 100 percent compatibility"

So at Microsoft, either something works and isn't secure, or is secure and doesn't work.

I know, this isn't really news, but it's not every day you hear it from Microsoft.

Re:This quote sums it up

[lordfener]

I know you're making a joke, but on a serious note in the Windows world the comment is not too far off-center. In the world of computer-illiterate (not meant in a offending way) end users, security is somewhat connected to usability. A bit like taking a Ferrari and then adding enough features that my mom could drive it in the snow without causing a genocide ;-) Non-Windows people--Linux in particular--reason in completely different terms, which result in overall safer, but far less usable for the layman, software. I prefer the Linux way, too... but not everybody thinks the same way :)

Re:This quote sums it up

[jht]

Yes, you can, but that's not so much the problem at Microsoft. The problem Microsoft has is that they designed an OS for ease of use and programming convenience, only to belatedly realize that the consequences of a lax security approach were severe. Now they have to try and shore up the security of an OS that wasn't designed for it, while retaining as much as they can of the prior attributes.

When you can design from a blank sheet of paper, it's a lot easier to have it all. Look at Apple's relative success. They weren't trying to design an OS that would be 100% compatible with virtually all the prior software. Instead, they were able to say "Here's a subset of our old API that we've decided to make work in this new world (Carbon). Apps that use Carbon should work. Older apps will probably work in what we've designed as a VM (Classic). Get with the program".

Of course, Apple had a fraction of the installed base and developers to piss off by doing that. If Microsoft decides to start over and just retain some form of Win32 compatibility layer, the chaos will make Apple's transition pale in comparison. In the long run, it would be worth it, but remember the size of the Windows installed base. That's a lot of inertia to overcome.

In general, the OSS community doesn't have these sort of problems in starting from a market share of near 0%. But with success will lie many of the same issues. So long as security is a priority from the beginning, it probably wouldn't be as bad an issue as it is for Microsoft today.

Re:This quote sums it up

[Chyeld]

I believe that's actually XOR, thank you. Tyranny of OR would basicly be the tyranny of apathy, "Yeah, you could have either one, I don't care, as long as you have atleast one."

I'll get right on it...

[djupedal]

...can't wait to read it, actually. Right after I finish reading the Worldwide Service Agreement that came with my lawnmower.

I see....

"The SP2 product they shipped bore little resemblance to Microsoft's original plans for the release, but was instead a far more secure and stable product that, ultimately, made XP a better operating system." I knew it! Microsoft originally planned it to be unsecure and unstable!!!!! ~kalinga

Microsofties?

[slapout]

"and a virtual team of Microsofties"

So is that like little fairies or something that write code while everyone is asleep?

Can it ever be fixed?

[anicca]

Todd: I thought we'd never ship XP SP2. I just wasn't sure if we could get to the quality level that we need to be at in time. Paul: In time ... ? Todd: Before the next [round of dangerous exploits].

That says it all. Even the team in charge of fixing the holes knows there will be new breaches almost immediately. Like http://it.slashdot.org/article.pl?sid=04/12/25/143 3236&tid=172&tid=128&tid=201&tid=1

Note IE

[spac3manspiff]

Looking at the timeline, almost half of it was filled with 'fixing' Internet Explorer
Just drop IE and spend more time on the freaking OS.

Somehow not impressed?

[tomstdenis]

I mean they took too long to release a patchset that caused problems and look, 7 or so new bugs found in CORE components [prolly been there since win98 or earlier].

Maybe if they spent less time "re-inventing the wheel" er... "innovating" they would have more time to actually write what they NEED to write more securely.

There is no reason why commercial software would have buffer overflows [at all] and specially in something like LoadImage().

In FOSS at least you can blame lack of time, review, etc. But in commercial software you're paying for the eyes and the time.

Show me a story where they agree to hold back on re-packaging the latest video/sound codec as a Windows format [hint: wmv == mpeg4 == divx for all intents and purposes] and instead decide to fix a good 10k bugs or so.

Of course I'd settle with the non-integration of MS IE, explorer.exe and MSN and the addition of a POSIX.1 emulation layer [that comes bundled] ;-)

Tom

Internet Explorer Conundrum

[eltoyoboyo]

"Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. ...

I agree with that, as a Windows 2003 server consumer. Although the prevailing wisdom says that browser use from a server should be minimalist at best.

But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that."

And that is the problem. It is not so much that Internet Explorer is insecure. It can be made VERY secure. But then it is very difficult to use for Joe Average User. There are tradeoffs all over the world wide web. (example: I want to be able to view these nifty stock quotes, but then my browser is open to exploits). The standards are still evolving and programmers are still adjusting towards the safest yet most robust model for all.

Some windows bugs can't be fixed

[SnappyCrunch]

I've been reading The Old New Thing for a few months now. It's a blog written by a guy at Microsoft (I don't know what department), and among the things he writes about is why windows sometimes works in unexpected ways.

Yeah, Windows has lots of bugs. But some of those bugs can't be fixed, because certain major programs rely on those bugs . When you fix the bugs, you break the programs. Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.

MS has been pussyfooting it about breaking programs in the past, and I'm glad MS finally bit the bullet with SP2 and broke all those programs in the name of security. It was high time. Of course, it means I have to keep a second PC around for some older games, but hey, that's life.

such a waste...

[erroneus]

The people at Microsoft know what is wrong with Windows. They have a variety of reasons for not fixing it. I can't say I agree with them completely but some of them make good "business" sense. It's too bad they care more about "business" than the quality of the product itself.

When Apple did MacOSX, they basically created a "WINE" for MacOS9. Not everything was/is perfect but a great many things continue to work without problems. They didn't sit back and say "oh... we have business reasons for not overhauling the whole OS and starting over from something more secure and stable from the start."

I have said it before and I say it again: Microsoft is perfectly capable of doing exactly what Apple did: Make a new OS and make a WINE to run the old stuff until people finally migrate over. I'm not a developer but there are plenty of examples out there to show it's not impossible. I know I can't be the only person who has ever thought of it and I wonder why they haven't done this at Microsoft already? Some people here have been kind enough to put forth some reasons why Microsoft hasn't just abandoned its current Win32 model -- essentially business reasons -- so can someone offer some likely reasons why Microsoft wouldn't build a new OS and then make a WINE for backward compatibility?

Re:such a waste...

[ajv]

They did - it's called NT. It's the kernel under XP, and bears no resemblence to the shim known as Windows 9x/Me.

I remember a few years ago when I was running NT 3.51 on my dual processor HP workstation just how nice this nice shiny new OS is. I can format a floppy and I can still do other things. Before NT, it took an Amiga to do that. In the Linux of the day, well I could use mformat or dd and zero out the sectors in preparation for a tar, but there was no UI for either and both were relatively arcane.

The level of transparency in XP running old apps makes Apple's half-baked approach look amateurish.

I bet when Avalon comes out, you're going to complain that it's not available on Windows Me or 2000, or why Microsoft is forcing developers to abandon their code and start over again. MS can't win on slashdot.

7 developers

[dtfinch]

That's what a billion users spending $50+ billion a year on Microsoft software get for their money. They could have hired tens of thousands of programmers just to do line-by-line code audits without making a dent in their budget.

Re:7 developers

[spruce]

That's the Mythical Man Month

Insightful quote...

[gwiner]

"Todd: We knew we had a bigger problem than just enabling the firewall. And so at that point, I sent out a mail to everyone in the division saying, "This is what we're going to do. We're going to take a little bit more time to do it. And if you want to submit a security feature, you should do so, and then show up at this room." Well, the next day, it was standing room only, and everyone had a security feature that they wanted to check in. It went all the way down from things like the new Bluetooth stack, to the new Windows Media Player, to the new Group Policy stuff, and on, and on, and on, and on."

I find it interesting that MS is so aware of their security problems internally, yet still claims to put an emphasis on security. This exchange seems to be good evidence that they ship ahead of any thorough security analysis/testing. Not only did they realize on closer examination that their own firewall didn't work, but half the division shows up with suggestions for known security concerns. Clearly this shows people's voices are not being heard. I guess I'm not surprised, but this seems like fodder for a lawsuit.

Microsoft needs more programmers, it seems?

[diegocgteleline.es]

Todd: I'm talking Windows [Division] in general, or Microsoft in general. The Longhorn wave ... we kind of took a year off. We kind of stopped the train, went back and fixed some problems in XP, and now we're gearing the momentum back up. We are getting ready to focus on Longhorn.

As I had previously read this is not a joke, just look at this quote from a Microsoft worker: http://www.longhornblogs.com/robert/archive/2004/0 8/06/4352.aspx:

Now, at the same time all this has been going on, there has been a lot of complaining about the constantly slipping Longhorn release date. I haven't weighed in on that too much yet, but I think it's time to break my silence. Microsoft shifted between 80-90% of the Windows Client Team off Longhorn development and onto Windows XP SP2.



Is not that the SP2 is a bad thing. Is a great improvement, but it took so many time, it was delayed so many times...that's all what Microsoft can do? I mean, they just put all they resources in the SP2 and it took them forever to release it.

Perhaps it's just me, but the open source world evolves much faster and has more resources than Microsoft. Every 6 months I see more evolution in the OSS field than what I saw in SP2 (and again, it's not that the SP2 was bad - it was great! But just look at fedora 3 with its SELinux integrationand all the rest. We're being faster than them IMHO, and how fast can you evolute is more important than "how good are you today"

Sigh^2

[Ancient_Hacker]

After reading TFA I don't know whether to laugh or cry:

• Microsoft's best are not able to turn off Media Player 8.
• Media Player 9 went thru a "security audit", so it must be better than 8, which has been tested by several hundred million people.
• Enabling a firewall breaks *everything*. Apparently they havent heard of a simple GUI with easily-understood checkboxes. (See IE options... for the classic counterexample).
• They somehow expect a semi self-anointed czar of security patches to gain everyone's support.
• Nowhere is it mentioned the (estimated) 45,000 uses of unsafe string functions in the source code.

Sigh^3?

Payback is a bitch

[Progman3K]

Microsoft spent too much time trying to tie-up market-share, instead of architecting and designing their products to help clients.

By (inadvertently) harming their clients like that, they've built a monster, and now, short of scrapping most of their IE work, there is no way they will ever deliver anything robust and secure.

Of course, they WON'T go back and do it right, both because the corporate masters won't stand for it and the fact their development teams are committed to what they've done and their disgracious vision.

So it's game over for Microsoft, who couldn't deliver on what clients really needed.

In fact, they'll survive in computing the same way Mcdonalds survives in cuisine. Some would call that a success, but few would admit to eating there.

Tux??

[tsager]

Following the first link in the story leads you to this picture (eventually):
http://www.winsupersite.com/images/reviews/war_tea m_85.jpg

Isn't that a penguin?
Isn't that Tux?
What's he doing there?
Spying?

Or... noo. They hold him captive??!

The question no-one ever asks...

[Cally]

...Microsoft developers,that I'd like to know the answer to, is this. (I'm doing my best to frame this in non-troll-like terms.) Disclaimer: I've drunk the FSF koolaid - my freedom is more important to me than pretty flashing lights, cute interfaces, or another $10,000 salary. (As a matter of fact I'm doing much better for myself, financially as well as life-style-wise, since I stopped accepting money to work with proprietary software... but that's by-the-by.)

Richard Stallman asserts that closed, proprietary - non-Free - software is an ethical wrong. That is to say, it reduces the amount of freedom in the world. By developing, supporting, selling, evangelising - etc, etc - proprietary, non-Free software, one actively HURTS one's fellow humans. I mean this in the RMS sense - I'm not talking about Windows being less secure or less stable than GNU/Linux, but being less free.

How do Microsoft (et al) developers, who are obviously intelligent, hard-working and - at the technical level, at least - well-intentioned people, reconcile this with their consciences? Do they...

• reject the notion that software freedom is a real freedom?
• reject the idea that that freedom is important?
• Just not think about this issue?
• Buy one of the classic get-outs for those co-operating with evil, such as "If I don't do it, someone else will", or "I need to feed my family / pay for my SUV / eat", or... what else?

Hope this doesn't sound like a troll. I just really want to understand why people go along with this system. I don't get it, but obviously most of the rest of the world don't care or have some other cognitive work-around. Please enlighten me someone!

Never Use the word "I"

[mrcparker]

One of the things I do when I run a project is I never use the word "I." Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team.

What a wanker. This is one of those guys who when he means "you" he says "we". For example - "why don't we spend the next few hours working out the bugs." - which means "why don't you bust your ass for a few hours while I go home and get some sleep.".

Re:It would work.

[IamTheRealMike]

The vendors who sold the app.

Lot's of software isn't sold in the first place.

Yep. Because the most popular games are new versions of old games. I don't care if DOOM no longer works on XP because of a service pack, but there is no reason why the next version of Quake wouldn't be patched to no longer depend upon that bug.

Quite a lot of people play games that are >12 months old. Breaking them isn't an option: they simply won't apply any more security updates from that point forward. Like it or not, in the Real World with the sort of end users who have fast machines on the end of fast home DSL, appcompat takes precendence over security. Every time.

f your company is running a critical app from 1996 without support, your company has bigger problems.

Welcome to the real world. I've already dealt with several in various test Linux migrations. One of them was written by a company that doesn't appear on Google and is apparently bust anyway. Actually this app was a Windows 3.1 program, from even earlier.

Think how much stuff is still written in COBOL.

Actually, it is. Just look at Linux development.

Linux is pretty much a textbook case of how not to maintain backwards compatibility. It's a serious problem. Some vendors are telling the LSB they won't start porting their apps to Linux until it becomes more stable (C++ in particular is an issue).

Due to the projects I'm involved with, I deal with the lack of stability on Linux all the time, and I can tell you it's one seriously fucked platform from that perspective. I've seen more than one open source developer get up and walk away (back to Windows) because the stuff they wrote simply didn't keep working.

Cry me a river. Look into the concept of "source code escrow".

It's easy to talk about source code escrow now. Too late, it's already happened. On a large scale. Deal with it.

I'm not worried about companies that didn't take basic precautions when they licensed software. They made the wrong decision, they suffer the consequences. That's business.

That's why you don't work for Microsoft, and therefore have no say in the matter. You don't sell many operating systems by telling your customers that they're screwed but it's OK because "that's business, it's harsh". People will just tell you to fuck off, and they will give their money to people who care about their software investments (like Microsoft).