Slashdot Mirror
MS Patches Go For Quality Over Quantity?
greengrass writes "eWeek.com is running a story about another Microsoft 'study'. This one discusses how good Microsoft is at providing patches for their OS. This is Part 2 of 3 in a series of articles, the first of which compared Linux and Windows on legacy systems." From the article: "Bill Hilf, who is director of Platform Technology Strategy at Microsoft and heads its Linux and open-source lab, told eWEEK in a recent interview that 'the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.'"
I'll be the first to point this out (as I'm sure it's been pointed out many times on slashdot)--Gates has openly stated in an interview with Focus Magazine that users aren't interested in bug fixes.
... ever.
I've read other interviews with Gates in which he went further to explain himself by saying that the feedback they received from users was rarely requesting a bug fix. He listed a percentage in the high nineties that was feedback suggesting new features. And so, with each upgrade and patch, the aim wasn't for security or bug fixes but instead for new features which a lot of people asked for. The engineers will blame him for taking that approach but I'm sure the businessmen will laugh and follow Gates all the way to the bank.
Now, to be fair, it seems he has changed his stance (which--calm down--I believe people are allowed to do). And I applaud them if they really are trying to rectify what they made mistakes on in the past with their new patching strategy. There is (obviously) much debate about if they actually are trying to fix it and if these are actually quality patches. I'm sure the flamewar that ensues on this article will demonstrate that adequately.
I will make a speculation though. IN MY OPINION, the largest thing Microsoft has to fear is a perfectly secure operation system they have created and distributed throughout the world. This is because they will no longer have "upgrades" or new versions of Windows to offer costumers. Yes, some customers are looking for new features, but oftentimes I find myself on my Windows machine just begging it to behave properly as a cut and dry OS. If the rumors of Vista are true and it is an efficient and secure operating system that can function in plain jane deterministic manners, then I want it dual booting with Linux and nothing more
My work here is dung.
Microsoft Corp. seems to be moving away from focusing on the actual number of security patches and updates that it and its software competitors release.
But of course they are...since Joe Brockmeier and Joe Barr of NewsForge , as well as Pamela Jones of Groklaw did such a masterful job of debunking the ridiculous annual summary of vulnerabilities by US-CERT (discussed earlier on Slashdot), Microsoft has necessarily had to switch propaganda tactics.
Instead, it is concentrating on making it easy and efficient for customers to obtain the security fixes and update their systems.
That's funny...I've never had a problem with my Yast Online Update...
"...patching, particularly for security, is not a 'Microsoft problem,' but something that affects all operating system and platform vendors," Hilf said.
Nice straw man, Hilf. No one is claiming that non-Microsoft operating systems don't need to be patched. The issue is whether the patches are issued in a timely manner...or not.
____
~ |rip/\/\aster /\/\onkey
It may be good to have lots of patches, but once you have a car where the duct tape weighs more than any other parts combined, isn't it time to just get another car?
I wouldn't normally think of 4 hours and 6 zillion reboots as "efficient" or "easy". -Julius
How about, which vendor makes the patches unnecessary (i.e., few and far between) because it released a solid, working program?
I don't want patch quality. I want program quality.
I work in proprietary software. Most places that do proprietary software are overworked and quality suffers. (EA is an extreme example where workplace quality suffered as well as program quality.)
In the places I've worked, everyone's too busy doing what they've been assigned and they're overworked because they're understaffed. Hiring more people means less money for the company so that generally doesn't happen.
With FOSS, anyone can pick up the source if they have some spare time and hack away at it, and even if individual contributions are small, there's always someone with some spare time and a different view about how something should work.
Once you start doing for money's sake, you spend more time worrying about your bottom line than about quality.
that the head of their "Linux and open-source lab" is also their "director of Platform Technology Strategy"? Why ever should that be?
"Our interests are to see if we can't scale it up to something more exciting," he said.
just aren't doing it for me anymore.
here we have some MS guy going on and on about a problem that needs to be addressed before your release software, not after
Yeah, because typing "apt-get update" and "apt-get upgrade" once in a while is so damn hard to manage.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
...but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.
My office recently donated some P3 machines to a homeless shelter. The process of wiping the drive and installing Win 2000(SP4) and updating it to be current took nearly 4 hours for one machine. This was a machine that had just the OS. I had to run Windows Update and reboot at least a dozen times. Each time, I'd select and install all patches available. Due to prerequisite patch dependencies, however, each update/reboot cycle would make another 10-15 patches available. Hardly efficient. You'd think they could roll it all up into one huge patch and make it available. (And yes, I can understand the need for some places to avoid certain patches - make that the option, not the norm!)
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
apt-get has been very painful and difficult for me to use.
ART on dA
Tests at Microsoft's Linux lab show that counting the raw number of security updates required by the various operating system flavors is not as meaningful as examining the efficiency of the update process.
Microsoft Corp. seems to be moving away from focusing on the actual number of security patches and updates that it and its software competitors release. Instead, it is concentrating on making it easy and efficient for customers to obtain the security fixes and update their systems."
I have an idea, how about putting more money into security and quality control and focusing on fixing the problems quickly instead of how many they do or how complex the process is?
He who knows best knows how little he knows. - Thomas Jefferson
Umm, WinXP SP2 (not sure if it's just SP2, but that's all I run before I got my BT dongle) does have support for Bluetooth. Sorry.
In fact, I believe that MS's drivers, as simplistic as they are, are far and away better than Toshiba's BT stack (Try to set up BT HotSync with a Treo 650 over Toshiba BT drivers). Unfortunately, they don't hold a candle to the WIDCOMM drivers.
The real travesty in all this is the fact that there are 3 separate comm stacks for the exact same hardware. Even worse is that they are licensed in such a way that I cannot use the WIDCOMM drivers for a BT device that came with Toshiba drivers. However, I can use the MS drivers for anything.
If I have to deal with bugs and patches, I'd rather have Gates & Co. take the time to do the patch correctly. Having a fast, bad patch hose my system would upset me more than a slow, good patch that MIGHT leave me vulnerable for an exploit that MIGHT get through my firewall, router, and AV and MIGHT hose my system.
(Please, bring forth all the comments about how I don't have to deal with bugs and patches if I switch to _______ now.)
apt-get update
apt-get upgrade
Done!
It doesn't get much simpler for the user does it?
XP still doesn't have support for Bluetooth...
You mean the Bluetooth connection between my notebook and my cellphone that I use to connect to the Internet on the road doesn't really work? Uh oh...
-h-
which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage
Yeah, that would be Debian Linux: "apt-get update; apt-get upgrade". No reboot required and nothing breaks.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Crack-addicted strippers announced that their new focus isn't on the quality of their appearance, or the quantity of time you get, but how easy they were once you forked over your $200 and donned your virus protection. In addition, they pointed out that free sex with, say, some hot chick you meet at a party is overvalued compared to sex with them because they are professionals with experience and know-how that you just can't get from your average, ordinary girl.
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
If you are happen to use Debian GNU/Linux you are used to type followed by every once in a while. Works pretty nice and I only once had
a broken Firefox, which was fixed soon.
I think these volunteers Martin Schulze, Michael Stone and all the others
do a phantastic job here.
I like to say Thank you to them here in public!
Peter Funk, Oldenburger Str.86, D-27777 Ganderkesee, Germany
Nice troll, but make it less obvious. Win 2K had support for WiFi, for chrissakes. I believe 98 did too, eventually.
Reading that article made such a refreshing change compared to the Microsoft 'propaganda' stories we usually get linked to. eWeek gave Linux vendors the chance to answer and explain all of the figures which seemed to side with Microsoft - and invairiably once dissected, the usual Microsoft massaging of figures clearly comes to light.
One great example was this:
Interestingly, Microsoft's Hilf has a personal Red Hat workstation in his office that he uses on a daily basis. He selected a random week in October to provide a snapshot of the updates made to his Red Hat Enterprise Linux workstation over that period. He found that, between Oct. 6, 2005, and Oct. 11, 2005, his workstation was updated 66 times.
"I chose those dates randomly," he said. "I use this system daily, so it was literally a snapshot of a given workweek. All this illustrates is that patching and updating are part of any 'living' software system. It is part of the nature of modern software: Things change, bugs happen, features get added, and software needs to get updated."
But Red Hat's Cox pointed out that the second update release for RHEL4 was issued Oct. 5, resulting in a very large number of updated packages over the period of a day or two, "which is what Hilf saw. We only issued two Update releases for RHEL4 in 2005, so he was quite unlucky in his choice of a random snapshot," he said, tongue in cheek.
Unlucky indeed. Nice to see some unbiased reporting and not just verbatim duplication of Microsoft comments and 'press releases' for a change.
"Hey! Unless this is a nude love-in, get the hell off my property!!"
Interestingly they made no comment on caring how effective their patches are.
Doesn't matter whether it fixes the problem - as long as it's easy to install.
apt-get update
apt-get upgrade
It doesn't get much easier than that.
I've had the Automatic Updates icons staring at me from my system tray for the last couple of days. The reason I haven't yet installed the latest security update (KB908519) is because I *know* from past experience that it will ask me to reboot afterwards. I use this machine for work, and like just about everyone else in the world, I've got many different tasks on the go, so I've got several programs open, and I don't want to close them, lose all their state, and spend several minutes rebooting. So, I'll say "no", and later forget that I was supposed to reboot.
I'll promptly install patches when doing so doesn't require unnecessary reboots. If the kernel isn't being patched, don't make me reboot!
...spend a little more money patching and improving their software and a little less of it trying to convince us all that they're paragons of programming virtue, since we don't believe it anyway.
GetOuttaMySpace - The Anti-Social Network
Why does everything have to be a such-and-such "experience". I don't want a patching experience at all, I want to have it happen in such a way that it's a non experience. They make it sound like it should be a movie or a fun fair by calling everything a such-and-such "experience"!
Oolite: Elite-like game. For Mac, Linux and Windows
yum update -Y
go back to working
If you cannot keep politics out of your moderation remove yourself from the Mod Lottery.. NOW!
its Windows... Typing is so DOS... -closes clickable charmap-
...maybe. Wrong? Not really. The only thing more rediculous than rebooting a workstation several times after a small batch of updates though is doing the same with a server. I'm going to get a tad bit off topic, but in the same thread of throught, so bear with me. Every time someone posts on Slashdot that Unices have better uptimes than Windows boxen, you invariably get a half-dozen disgruntled Windows admins spouting off numbers of how long their servers have been up. What they don't take into account is that if those systems have been up as long as they claim, the necessary updates have not been applied. Most Windows updates still require that a system is rebooted before the patch actually takes effect. Unix-like systems, on the other hand, are routinely patched hot, and typically only require a reboot in the case of a kernel update or invasive hardware maintenance. If Microsoft does finally fix the design flaw that requires one to reboot after nearly every patch, it will not be innovative so much as becoming more Unix-like in design.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
These days, every time I see a 'critical' MS post on Slashdot I am suspicious about it.
The idea of these posts appears to be to get some positive news about Microsoft across to their opponents without being too obvious about it.
This trick consists of two parts:
1) Microsoft did something bad!
2) But hey, at least they are now doing something good.
The first part gets our attention because superficially it appears to be critical of the 'enemy', but the bit that is meant to register is the second bit.
By all means post positive Microsoft stories if you want, then we can see the post for what it is, but let's have less of the spin.
'the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.'
Speaking as a customer who manages a few servers and workstations at a company that has hundreds of the former and tens of thousands of the latter, I disagree. The differentiator for me is made up of two factors; window of vulnerability and severity. Spending two extra hours preparing to apply a patch that arrives one day sooner is a win in my world. And that is indeed a numbers game; one which could be, but has not been, analyzed by this sycophantic series.
Now I agree that for the typical home end user, the above description may be fair. A patch that can be applied by the end user that arrives late is better than a fast patch that cannot. But that only highlights the necessity of taking a hybrid approach to patching if the operating system in question is intended for expert and layman alike (as is XP). Get the info and the preliminary patch to me quickly. Make it pretty for the end user as soon as possible.
Consider then how Linux works; Debian or Gentoo are not necessarily as user friendly, but they get patched at lightning speed. Ubuntu, SuSE, or Lindows (whatever it's called now) may take a bit longer with patches, but have easier point-and-click interfaces for handling them.
Stop-Prism.org: Opt Out of Surveillance
If you want to know the key to evaluating the weaknesses of a Microsoft product simply look for any studies relating to the product. If there's a study saying a certain aspect of the product is well done then you can be sure that part sucks. When your a large company like Microsoft and you have a good product, it speaks for itself in terms of word of mouth. Regular advertising is all you need. When you've got a weakness then you need a "study" because the word of mouth isn't so hot.
Quality? What, is each Microsoft patch hand-crafted from luxurious Corinthian leather and hand fit to the operating system? Two things matter: If the patch is released in a timely fashion, and if it fixes the problem. Wake me up when one of Microsoft's engineers writes a critical patch for his code - while on vacation in Greece - and uploads it via an antiquated dial-up line.
...than it is to go to a website, download and install a new ActiveX control, reboot, go to the website again, download an ActiveX control again, tell it to run genuine advantage, wait, load the update program, pick an option, hit the "review and install" button three times, and then wait 20 minutes while the overloaded update servers pass me a 300KB update at 16KB/s.
As far as the experience of updating, it sure is a lot easier for me to do...
swaret --upgrade (part of program name)
In big companies upper and usually middle management care more about ease of distribution than security. They only care that their short term costs are low when it comes to patching. Other than that they rely completely on the vendor to be rigorous in testing and patching. Big financial firms, for example (and from my own experience), do not test Microsoft application and OS security much. They assume MS will simply take care of it. When patches come out they simply make sure their custom software isn't broken when installing it and proceed. Functionality bugs are found by developers and internal tech support and often reported to Microsoft. But no one is seriously testing security of anything but custom apps.
Actual break-ins almost always go unreported and therefore cost these big companies almost nothing. But they want to claim they're doing all they can for security. Therefore they only care about the cost to patch, not the cost to secure.
Developers: We can use your help.
So if I plug in communications hardware from 2005 into an OS from 2000, and don't install drivers, it doesn't work? News at 11...
I didn't RTFA. I don't think I need. All I needed to see is "Linux", "Microsoft", "patches", "legacy systems". With emphasis on the last one.
Take my three legacy systems: Mom's Pentium MMX 166 webbrowsing machine, my 486 firewall and my work machine, P2 300, 256M RAM. Or something around these lines, somewhere up to 64MB RAM... WHAT systems run on these machines?
Mom's computer runs Win98. Dumbed down interface plus low system requirements. (Sorry: Easy, Lightweight, Stable, pick any two.) My job machine runs NT. It could run 2k but it would slow down so much that the it would risk stalling machine it drives. My 486 runs Debian.
Now which one is most secure? Seems the 486 Debian box, firewall with automatic security updates. Update quality/Legacyness ratio: very high. Neither 98 nor NT are supported anymore. No security updates for them at all. Zero divided by old/medium equipment.
What kind of "legacy" hardware do you need to benefit from the "quality patches" issued by Microsoft? How soon your current hardware will become "legacy", your OS "unsupported", your software "obsolete"? In my case the firewall fulfills its role at 100% efficiency, running some extra services, allowing remote login, being rock-stable and secure. NT quality: 90%. Behind dedicated firewall, running antivirus, crashes less than once a month, provides all I need. Win 98: some 60%. Still somewhat slow, security in hands of Firefox, antivirus and the 486 firewall, crashes on regular basis despite clean system.
Legacy systems are dead for Microsoft. Talking about quality patches for them is laughable.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
"the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage."
Honestly, Windows update is downright clunky and annoying. I don't know what's worse, having to jump to the web browser, the limited availability of combined patches, having to restart / install / repeat if you're behind in updates, needed to download separate patches for popular MS apps that are not included within Windows Update, stupid taskbar warnings, or the simple fact that if you don't update frequently your computer will give you hepatitis.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Of course I can only do this because I refuse to use email or IE on this machine.
Yes, it happens all the time on my Linux machine. I've never installed a driver, yet the stuff works. That's what patching is supposed to do - update the software. It just goes to show how Microsoft charged an arm and a leg for Win2k, then let it rot after a service life shorter than NT, and certainly shorter than Win98.
Since this is posted under a story about patching Windows, it's all relevant.
The only thing that will lead M$ to better quality is competition. When the desktop monopoly cracks and a competitor is offering feature parity with reduced bug counts, they will be forced to improve. Otherwise, they will simply do the minimum necessary to maintain their hegemony.
The idea of charging people money for beta quality that will cost them even more money due to serious vulnerabilities and forced upgrades is loathesome. It is even more unfortunate that the consumer has largely come to accept this in the absence of an alternative. Apple is building a quality product right now, but at a pretty large margin on hardware. Linux is on the rise, but in the desktop market, it is not quite where it needs to be (for many reasons including economic pressure created by M$ deals with vendors).
Oh, well.
My gawd Jim, this is a marketing company for heavens sake! ( not sure why Dr McCoy came to mind...)
:-)
Why would anybody think there is any truth to what the head of Microsofts anti-Linux group says?
Do you think he might have a little motivation to make sure people THINK their OS smells like roses?
I do.
IMO
But thankyou Mr Hilfe for making sure CIO's, CTO, etc know that Linux is on Microsofts mind. THAT,
combined with what their employees are experiencing is great for your competition.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Judging by recent /. submissions, neither quality3 0212
3 9226
http://it.slashdot.org/article.pl?sid=06/01/10/22
nor quantity
http://it.slashdot.org/article.pl?sid=06/01/11/15
There is something real wrong with Microsoft's "ship now, patch later" brand of software development. I recently setup a brand new Dell for a new client. Because of phone line problems, he was limited to about 28.8 kbaud on his dialup connection. Now, realize, this was the latest Dell XP Home image, presumably with all the latest patches at the time of build. I connected and proceeded to do the update. After all, how long could it take?
Six and a half frickin' hours! That's how long!
I recommended that he turn off automatic updates (otherwise, the background ownloads will be chewing up all of his meager bandwidth) and only force updates manually just before he goes to bed at night and let it chug all night long next time. I admonished him to do this at least once a week, but my guess is that it will soon be forgotten.
Is it any wonder that there are still unpatched machines out there?
There is just one story after another about Microsoft "going for quality" and "Microsoft running on machines just as small as those Linux runs on", "Microsoft having fewer vulnerabilities according to some web site", and "Microsoft this" and "Microsoft that". If you read carefully, most of those stories were actually initiated by Microsoft.
So, that makes me wonder: is this just the season for the Microsoft propaganda machine to become active? Or is Linux striking more fear than usual into their hearts?
"the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage."
/.ers have pointed out, most Linux updates are in no way complex, inefficient, or difficult to manage. On my Ubuntu boxes, whenever an update is available, a little red circle with a line through it pops up in my icon notification tray. It doesn't bother me like Windows updates, but it waits for me to click on it. When I do, I click one or two more things indicating (what) I want to update, and it does it all automatically and then goes away. I don't remember ever having to reboot a box after updating, except for one time when I updated the Kernel.
As many
On the other other hand, nearly every time I've updated Windows I've had to restart. Additionally, I keep getting notified to install the anti-spyware program--NO, I DON'T want it. GO AWAY.
Regarding the mentality that MS has versus Linux programmers, Microsoft tries to create patterns. Heck, their model is the "Patch Tuesday" plan, which explains it exactly--you get a ton of updates, all of the latest ones, on a certain Tuesday. Linux distributions, on the other hand (at least the ones I use), allow a user to download the updates as soon as it is finalized.
Microsoft's plan is a bad idea. While Linux doesn't "judge" its updates, instead releasing them upon completion, Microsoft *tries* to hold off until "Patch Tuesday," but then they occasionally make exceptions for notoriously bad exploits. The problem with this theory is that Microsoft programmesr have to make a value call--is this exploit bad enough that it has to be fixed now, or can it wait until next Tuesday?
In other words, your ability to run a secure system is in the hands of people who work for Microsoft. *They* get to make the call on exploits, and if a problem isn't "severe" enough, looks like you're SOL until next Tuesday.
Microsoft is playing to the less-computer-savvy individuals with this move. I think most people who have a good idea of what they're doing on their computer will always want to get any exploits fixed as soon as possible--the Linux method works well for them. But the other users, a huge portion of those who use computers, like habits. They don't like to be interrupted. I would guess a large portion of them are even annoyed by the popups on "Patch Tuesday" and click off of them the first or second few times!
Microsoft had to make a decision when determining which patch method to use--do we update systems as soon as possible, keeping users safe; or do we keep users happy by not interrupting their work suddenly, instead using a planned-out method? Microsoft went with the "keep users happy and oblivious" method, though, which shouldn't be a huge surprise.
If you disagree with such a method, at least take comfort in the flak they catch whenever they fail to fix a zero-day exploit as soon as they can--which they've certainly had happen in the recent past. I don't think you're going to find many people complaining about Linux's method of updating, except when you read Microsoft misinformation like the linked article that uses doubletalk attempting to "justify," using technological excuses, for a decision that was really based on a P.R. call--placate users.
PR skills must be listed as part of this guy's job description.
He's using an old PR trick: If the message you were "staying on" becomes fouled, spin the subject to something positive related to the same subject. Microsoft folks are stretching and spinning so far and so hard this past year they seem to be living in a different universe. But that is just tactical.
The strategy behind such behavior is "The Big Lie." Repeat the same lie in front of people over time and you'll soon have a few who believe it, and if you target the right people in the first place -- PHBs in this case -- you'll have believers with budgetary control. The problem with this is the simple law of "Truth Physics:" Truth is lighter than lies and will always raise to the top of the pile, so to keep truth buried one must constantly pile on lies -- or truth will out. The practioner of the "Big Lie" can never, ever stop spewing BS or the game is lost.
That Microsoft is straining so hard and spewing so much BS these days suggests they know they're in trouble; that the BS being spewed is less and less connected with reality suggests they are starting to panic.
Rhetorical question: How long does a house of cards take to fall?
Happy Friday the 13th.
Everything in the Universe sucks: It's the law!
Sure no problem, what I have had my staff and I work on for the past few years is, once you have applied the patch, your Windows operating system will reboot for you. This isn't really new technology, its a feature that has been requested by most if not all Windows Users.
Please rest assured that your Windows will reboot FOR you, after a said amount of time. You know because you've applied a patch it doesn't mean a BSOD reboot wont happen in 5..4..3..2..
"Don't Forget to Salt the Fries"
People care about quantity of fixes because of the quantity of bugs and holes.
If they just had a handful of good quality bugs, careful, deliberate releases of a few good quality patches would be perfectly acceptible.
So now that no one believes the crap about Windows having less updates and exploits than a Linux distribution (where a Linux distribution includes a huge amount of functionality), and every notification ends up getting multiplied, has failed they've tried to focus on the quality of their own patching experience? Give me a break.
The reason why Microsoft has Patch Tuesday is because Windows and their products are so badly designed that they can never be totally sure how a patch will be taken by a system at any time. It just isn't modular. They need to roll more and more patches up into one ball because they just don't have any method at all for package managing their operating system. Also, Patch Tuesday makes them look better numbers-wise.
I'd be pretty confident to update my Linux distribution with a new Firefox or a new patch that comes through YaST for KDE, albeit on a test system first, and be confident that the thing will come back up whatever the machine was being used for (that's if a reboot was necessary, which it isn't except for a kernel). If I updated IE would I be confident nothing else was going to be affected? No, I damn well wouldn't and I've been extremely wary of patching Windows at all, especially when used as a server. Patching is not a way of life in the data centre, or anywhere else for that matter. It's done only when it's necessary.
I remember running 3.51 on my 486/66; it was slick. It had the win3.x gui, "program manager", rather than the win95 one, but it just kept going.
One reason for it potentially being so good is it was the closest NT ever was to a microkernel; the gui really was user mode code running in the win32 subsystem. A duff display or print driver could never bluescreen the system, just the win32 subsys. Which was bad enough, but t least you could normally shut it down.
Nt4 pulled drawing kernel side, so any print/display driver will toast the OS.
I'd switch off the engine while replacing parts on my car otherwise I'd choke on the exhaust fumes or have to do it outside. Err. Do normal people really need an analogy to see that Linux is better than Windows? Oh dear.
which is totally what she said
Yeah, I had a great experience with SP2. My PC only took 10 minutes to startup after that, and crashed regularly. Whee. Now I run Windows Nemesis (SP2 preinstalled) on a WD 36GB Raptor and startup in less than a minute.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
> apt-get update
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
How can Microsoft not got for quantity in this case?
emerge --update world
As long as your system is configured correctly, pretty much any large Linux distro makes this an easy thing to do.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
Of course they go for quality, they have to keep up with the very high quality bugs they have. Each one can take out many systems at once! That's something even very skilled crackers have problems to do.
Also, what other company can deliver extra features in something so simple as metafiles? You can read, write and execute code and not even be locally at the computer. Doesn't it add quite a few new levels of Server and Desktop remote management?
Tsk, a bug going long enough unpatched becomes a feature after all.
Install redhat 6 or so from 2000 and see how well your wireless card works.
Uhhhh. Not true, recently released XP security hotfix royaly screwed over my Windowsm edia conect which is used to stream media to by xbox 360, since the XP auot updated security fix the program starts useing 99% cpu (wmccds.exe) making it hard to do anything, and now i am no longer able to stream media to my xbox 360 until microsoft fixes what they messed up, i even reinstalled the prgoram a few times.
Definetly not what i call quality.
The basic mechanism of MS Update is fragile and prone to break for any number of obscure reasons that MS can't or won't address. Even on MS's own support pages there are innumerable references to the obscure yet popular 'cannot install update' or any number of other vague problems. Often the fix is to record the fix number then root around in the download areas, download them and install them by hand. BTW this doesn't work for many hardware drivers.
So MS can rollout all fixes they want. As long as they insist on using that scheme instead of the more simple - send out a URL, link, download, execute they're going to suffer through lots of machines that don't get updated at all.
For all of the "waiting for Gentoo to compile it" jokes, I have simply NEVER had as few functionality problems as on my Gentoo machines, where *everything* has been compiled on those machines. I believe I can honestly say that my only problems have been the usual 'learning how to configure' or *BINARY-SUPPLIED PROGRAMS* - that weren't compiled on my machine.
I moved to Gentoo for, quite honestly, the geek factor. But it has also been *easy* to maintain, even if it does involve waiting for some compile time.
The living have better things to do than to continue hating the dead.
Microsoft and Quality in the same sentence? Quality would be releasing something that doesn't need as many patches. I don't think one can call a patch 'quality.'
[%] Cingular Ringtones
I don't about you, but I found Microsoft's "Simplicity" of 1) Requiring Internet Explorer to update and 2) The somewhat faulty download mechanism to be more of pain than most places that have a "Click here to download latest patch" link.
See this analysis for more information.
As an opinionated Linux user (read: open source fanboy), here is my analysis of Ubuntu Linux Updater vs. Windows XP Updater, comparing each in complexity, efficiency, and managability. These topics overlap each other, so the results for each category may look similar.
Least Complex: (complex = a whole made up of complicated or interrelated parts)
Most Efficient: (efficient: productive of desired effects; especially : productive without waste
Easiest to Manage (manage = to handle or direct with a degree of skill as to make and keep compliant)
Conclusion:
Ubuntu has a much more attractive patching system to me, and I'm sure the same type of system is available in other package-based systems, including Red Hat, Gentoo, and of course Debian.
Were it not for the incessant need for Windows XP's updates to restart my machine for the smallest patches, I would prefer their security patching system based solely on the fact that it would be easier.
When it comes to completeness of an update system, Ubuntu picks up where Windows XP leaves off, by patching security holes in software as well as the operatin
"Now the trouble about trying to make yourself stupider than you really are is that you very often succeed." -C.S. Lewis
You cannot rely upon patching. Therefore, the OS must be designed with the smallest attackable surface. Ubuntu rocks in this regard. A default desktop installation has NO open ports. That makes it 100% worm proof.
So I've made a hierarchy of vulnerabilities to help me determine the actual seriousness of the "threat". Note: these are only applicable to a default installation.
1. Remote--root access that does NOT require human intervention or other app running.
2. Remote non-root access that does NOT require human intervention or other app running.
3. Local root access that does NOT require human intervention or other app running.
4. Local non-root access that does NOT require human intervention or other app running.
5. Remote root access that requires some human interaction or some combination of apps.
6. Remote non-root access that requires some human interaction or some combination of apps.
7. Local root access that requires some human interaction or some combination of apps.
8. Local non-root access that requires some human interaction or some combination of apps.
9. Remote OS crash.
10. Remote app crash.
11. Local OS crash.
12. Local app crash.
There, now it should be easy to exactly compare different systems. A thousand #12's (local app crash vulnerability) is still not worth a single #1 (remote root access).
And with a bit of thought (like Ubuntu has), it is easy to increase the security of your OS without relying upon the user to install patches.
Of course, once that level is achieved, then it comes down to the items discussed in the article: ease of patching, speed of patch release. Again, all things that Ubuntu rocks at.
If you were going to pick a "random week", I'd think you would pick a random Monday through Friday. Yet he "randomly" picked Thursday through the following Tuesday?
Can Microsoft demonstrate the simplest thing without lying outrageously?
emerge --update world
Except that, if you want to update all your libraries and the like, you probably need "--deep". Plus, there's a few packages under Gentoo that, if upgraded carelessly, break stuff (e.g. grub IIRC), or that refuse to upgrade without manual intervention (e.g. the recent move to Mysql 4.1).
"Except that, if you want to update all your libraries and the like, you probably need "--deep"."
Definitely.
"Plus, there's a few packages under Gentoo that, if upgraded carelessly, break stuff (e.g. grub IIRC), or that refuse to upgrade without manual intervention (e.g. the recent move to Mysql 4.1)."
The former is an example of one of the downsides of upgrading applications automatically with a distribution. The latter is another: major (and even sometimes minor) version upgrades can break existing architecture. I'm not sure of Gentoo's policy as to blocking upgrades, but it seems to be along the lines of "if it could break an existing configuration, don't do it."
I haven't yet had a problem with grub, but perhaps I'm not using it the same way. Apache and Apache2 are seperate installs, and can be emerged side-by-side, which is an interesting way of doing things.
Back on topic, there are ways of updating the system almost completely automatically on pretty much any large Linux distro. It's a non-issue, at this point.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
I'm constantly typing emerge -uDa world. One thing nicer about apt is that it prompts for confirmation on a apt-get upgrade by default, saving me the bother of typing the -a option. I like to know what is being changed before I do an upgrade.
Just so. My experience with Red Hat, SuSE and Gentoo has been than there is a significant quantity of breakage associated with routine updates. Most of it is minor breakage (the update renames your config file and copies in the new upstream version) but its breakage nonetheless. In a way minor breakage is worse: having a mission critical server fail is bad, but having a mission critical server deactivate a security configuration or give out bad data is deadly.
My point about Debian is that during minor updates, there is almost never any breakage at all, minor or otherwise. I've had a problem on this score once in the decade I've used it on some 40 servers and even that one was trivial. You only see breakage during upgrades to new major releases and those only once every couple of years.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I fed up of all the moaning and b***hing I have to wade through to fine an interesting comment which actually relates to the parent article(ironic that I'm off topic myself I guess). Yes, Linux is great windows is bad etc The question isn't which OS is better, it's why do you think anyone would bother listening to your rant over the millions of other perfectly good rants that are being spammed into blogs the world over even as I type this comment. Microsoft mightn't have the best OS (cough) but it has the most successful one, live with it or get bent.
"I'm constantly typing emerge -uDa world."
/sbin or something. You could also alias emerge to emerge --ask, but I don't know how much I like that idea.
I thought there was a configuration file that let you set default options for emerge, but after taking a look at the documentation, there appears to be no such file. Shame. What I did was write a script: update_world.sh, that just runs that command, put it in
The problem with --ask being the default is that you can't automate it at all - for home users, the automation is the big deal.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
That's Debian's push, though: be secure and stable. Gentoo isn't pushing to be stable, but to allow the user to be as cutting edge as possible. I'm sure you can be cutting edge in Debian (although I wouldn't know how) or secure and stable on Gentoo, but that's not what those distros work towards, in general.
Luckily, we *nix folks generally have choices for our home boxes.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
windows auto update does not get all of the updates and you need to use the web site to get the rest.
You didn't read a word I typed, did you? Install the original XP and see how well your brand new G-band wireless card works with 256-bit encryption. That's the point, there's something like 200MB of patches for Windows 2000 -- we're talking about "quality" Microsoft patches, remember -- yet Windows 2000 falls short. It was an expensive product, and yet, it's service life was short. So much for "quality".
And thanks for the analogy. I originally installed Slack 4.0 on my work desktop, which dates from 2001. Yet I can use all the very latest hardware supported by the kernel. Why... Because those low "quality" Linux updates are inferior to Windows Update service?
I dont know about you guys, but I have more trouble with Microsoft's updates than i do with actual exploits.
Just yesterday, somebody tried to reboot our print queue server here at the hospital. When it comes back up, *nobody* can print. Lo and behold, I find an article at microsoft support about printing problems after installing a patch. sure enough, roll back the windows update, make a registry change, and boom. Printing is restored. Thanks alot guys, i appreciate that. It'd be nice if the Add/Remove programs list gave a date which those things were installed (w2k).
I've still got a problem on one of my 2003 servers. Some windows update about a video driver exploit constantly changes the desktop appearance colors on the server. regular grey windows are now purple/black. or worse: white text on white background. Try setting permissions when you can't tell if a box is checked or not. It's not too easy. Again, figure out which patch it is, roll it back (which requires a server reboot), and it works again... until that patch gets re-installed.
Han shot first.
apt-get update && apt-get dist-upgrade
You are absolutely correct, but my comments re: Debian were targeted at the statement, "the differentiator for customers is [...] which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage."
As you say, that's not one of Gentoo's goals -- they target the cutting edge. Smooth upgrades are one of Debian's goals, and my point was do one heck of a lot better job of it than Windows.
I was also dissing Red Hat and SuSE -- smooth updates are one of their goals too and they do a mediocre job of it, little better than Windows.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Nor have I had any issues with Windows Update on XP or Windows 2000/2003 Server or Professional. While patches may be a little lacking in expediency (sp?) it couldn't be easier to do. I love that I can have my office XP computer patch itself while my servers download but do not install patches without my explicit command. I can't imagine Windows Update - and especially automatic Windows Update being easier to use, even for non-power users.
I would argue that Windows Update is too easy to use. I have fixed too many computers that were broken by Automatic Updates (and by broken, I mean I had to do a complete reinstall from image) to think of it as anything less than dangerous. I'm an admin of a small network, and I would rather force patches after testing them out than let the 30-or-so computers here get broken by some stupid automatic update.
And no, I'm not just talking about service packs here, and I'm not just referring to one broken patch. This has happened many times with different patches (I will say I tend to install critical patches right away).
And when did other OSs add pre-loaded support for 3rd party wireless cards?
I am getting a little sick of microsoft bashing i really am. I know you guys like your linux! Guess what i have used all the systems out there. I have seen mac os 10 freeze while playing the included chess game(all the macs at the mac store, the employees went nuts trying to hide it from the customers). I have seen linux do all the updates then the next day get hacked! No operating system is ever going to be good enough, plain and simple it is like saying that that cold heat sodering iron really works(i recieved warranty emails at a certain company trust me they don't work), why should anybody read the garble you guys throw out here anyway, when you are comparing apples to oranges. If Windows was opensource wouldn't linux die? Thats right 90% of the world still uses windows, cause most software is written for it. I don't have to look far for an application i need. I don't have to compile everything or edit code to make it work. This is why windows is the number 1 operating system followed by mac. Yet to update some of the things contained in mac you would have to understand how to fix linux. So please stop banging the anti-microsoft drum. I am not huge on windows screw ups, and hey i know a lot of programmers who write a lot of code, yet lets take 4000 coders and let all of them code little pieces then put it all together and tell me you won't find holes, guess what everybody codes different and oops now we have a hole guess what you want holes there are millions in linux just waiting to be discovered, Oh thats right nobody cares about hacking linux cause it is only 1 percent of the desktop market!
I am giving away 2000 premium accounts on my new dating website myfantasyromance.com check it out!
Yes, but they're much further along than MS. I meant it when I said every program on my system is covered by emerge - I haven't had to look outside the system once.
True. With every other distro I had to track down obscure programs like most. Gentoo has pretty much everything - the Qt rendering engine for GTK, most, the Sun Java JDK, the accelerated NVidia driver... Portage can get everything except for a few proprietary packages - and when it can't fetch a file itself it gives you detailed information as to how to fetch it manually.
I'm lso using portage on OS X now and I prefer it over Fink and DarwinPorts, even though I have to unmask most packages (Gentoo/OS X has not had much testing so far)...
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
TTYL, :-).
How is it possible for a person to discern the "quality" of a patch from Microsoft? No source code is released, so you can't tell if the new code is truly better than the old stuff. It's like telling a blind person "this Picasso is really beautiful". Sure, he could touch the canvas to verify that there's something there, but there's no way to verify the statement. This type of statement is completely unverifiable.
That the linux community feels a need to compare itself to Ms. Comparing linux to the MS OSs is ludicrous. They are in such different markets, do ing such diff things, that it is simply not worth the effort to compare them.
I think it is a sign of the insecurity of the linux community that they feel the need to compare to MS. Either linux is good, and does things that people want, or it isnt and doesnt. People like myself, and my dad, and the cfo at the tiny company i work for don't use firefox cause they care (or even know) about open source issues and MS vs M$, they use firefox because of tabs, save all tabs to a book mark folder, adjustable font size. These are features that people want. Unless linux delivers features that people want, it is a hobby for nerds (which explains the success in the server market)
Many years ago, budding young engineers built electronic equipment from heath kits; today the play with the linux os.
Install Windows 2000 Pro with Service Pack 4 already Slipstreamed.
Install Internet Explorer 6 (reboot)
Install "Rollup 1" which is what SP5 would have been. (reboot)
Install all post-Rollup patches. This means all patches after April 2005. (reboot)
Install DirectX 9C
Install Media Player 9
Install post DX9 and post MP9 patches (why these aren't being installed patched is beyond me! reboot)
Install final set of patches if they remain. (reboot)
Create disk image for rolling out to other systems of the same model.
You can get around Windows 2000/XP's inability to boot on other motherboards by changing the IDE controller to the MS Standard driver and then making the image, but it doesn't always work. Doing a repair install will remove you patches and in some cases require the install media for other programs (Easy CD/DVD 6, etc).
So yes, Windows 2000 is being phased out by Microsoft and is likely being kept in this state of endless patches in the hope that IT Directors will see how long it takes (because IE6, MP9 and DX9 aren't in a real SP5) and just move to Windows XP Pro.
I don't know how many times I've now read people repeat over and over: "apt-get! apt-get! apt-get! It's so easy! Come on Grandma! What's the problem? Just open the console and type it." It's really getting old people... Average mom and pop users do NOT WANT TO TYPE ANY COMMANDS... period. I realize many nix users feel a pressing need to criticise people for not understanding the simplicity of console commands and proper use of an operating system using said commands, but the reality is, those who can use a console are the minority. I have an understanding of it's use, but in no way can i do everything with it. I also don't want to be bothered to look up how to do something on the internet/manual/forums every time i want to do something different from the norm. I don't believe most people will do that, they will just NOT do it if it can be done intuitively. To sum up... yes apt-get is easy, for those who know how to use it. Throw someone into windows who has never used it, and chances are they might figure out how to update. Do the same in certain nix distros with no icon notification update sytem, there's no way a newbie will be able to update their computer without doing research.
(Futurama) Fry: "My folks were always on me to groom myself and wear underpants. What am I, the pope?"
first and so far only time I have seen a BSOD on my XP box is after installing the recent WMF patch and forgeting to reboot... though I forget how long afterwards it happened.
Lead me not into temptation... I can find it myself 8+)
yum -y update
Windows Update is not a production-worthy system. It fails silently. It is ONLY worth bothering about if you can't be bothered to use real patch management. (Or a real OS, for that matter)
I don't consider Windows ready for the enterprise, and the ease of running a patch attempt - however late - doesn't matter a whit against the uncertainty of whether that attempt succeeds.
Six unpatched flaws, with aggregate total of 737 days since informed.
Redhat EL4
17 critical vulnerabilities [in 2005], Red Hat made fixes for every one of them available to customers via the Red Hat Network within two days of the vulnerabilities being known to the public, with 87 percent of them being available the first day. Source
[I calculate that as 19 days total exposure]
Arithmetic says: MS exposure 38.79 times as bad as RH!
Or just Microsoft's? My Mandriva machines are automatically updated across the board. All of the applications, and the updates typically arrive with 3-7x less lag than Microsoft's updates.
Like the man said, couldn't be easier.