Slashdot Mirror
More Headaches from Vista Security
Michael Cooney writes to tell us Windows Vista may have some serious headaches in store for corporate users with third-party authentication systems like VPNs. From the article: "ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture."
I have the feeling that at this point the managers in Redmond care less about security and more about actually _shipping_ the product.
Maybe even sometime this year.
Film at 11!
I mean, come on, it's hardly news that *EVERY* Windows breaks random stuff.
I rememeber the pain I went through after installing NT Option Pack 4, all sorts of stuff changed in operation. It was sorting that mess out that made me drop my "Microsoft Certified Solutions Provider" ambition.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
What are these ISVs whinging about? This is almost the perfect opportunity to convince their clients that it is time for another upgrade. But wait, that's not all, as mentioned in the article, the upgrade also requires extensive testing, so it's doubly good news.
Programming wise, I guess this would teach these ISVs a lesson that, if they want to develop custom code, they should probably have a more flexible architecture to accommodate any OS changes, or even make it compatible across different OSs.
I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.
Please stop entering code 2,2,7,6,6,4
Hasta la Vista security.
$sig$
Wasn't it just a couple weeks ago we were lamenting "what could have been"?
Microsoft capitulates and disables large chunks of Vista security by default in order to appease corporate customers. People are up in arms.
Microsoft rewrites architecture to make things more secure. People are up in arms.
Me, I'm with the "Good!" crowd. Make things more difficult for me when I transition. It'll make things easier later on.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
This isn't unexpected. Anytime a really new MS OS comes out it tends to break apps from older versions. Security apps are no exception.
This may be true of other OS's as well, though I'm not familiar enough with them to say.
DeviantArt Page
NSFWAs expected the summary on /. is just trying to be inflammatory. The real gist of the article is as follows: Vista will require some programs to be re-written, espcially ones that interfaced closely with the old operating system. Thus many authentication systems will need to be updated. It's not really unexpected or unheard of for new APIs to break old programs. So if you want to bitch about how Vista is going to make you rewrite your code go ahead (I know I am not looking forward to it), but don't pretend it is a security problem.
Philosophy.
From what I can tell, TFA is saying that because much of Windows has been rewritten (including logon and authentication), it is going to be a pita to adapt existing software. No frigging kidding. Doesn't this happen with every major update? If so, why is Slashdot even reporting this? It is something that is normal.
A couple of interesting paragraphs in the article:
Concerning "good news for users", I doubt it. Nothing good has come of Microsoft's perception of "what is good" for users, from the crippled layering of a multi-user paradigm on top of what started out as a single user design (NT/XP over Windows/DOS) to their constant and misguided attempts to create intuitive GUIs (dancing paperclips, self-altering menus with chevrons anyone?). Security is typically hard, and Microsoft will screw this up too.
As for the second paragraphs, could Microsoft again be forcing the hands of third party vendors? Seems they could (indeed, it almost seems likely) wiggle their way into the security market and start charging for different mechanisms of security. Of course that can only happen after they've provided it "free" long enough to get rid of pesky competitors like SecurID (GREAT product, btw) and VPN providers.
I'll fight Microsoft's practices til forever, but I must admit, I'm glad I'm near retirement as far as having to deal with this crap anymore.
It has recently been determined that new versions of operating systems are not always 100% backward-compatible.
Basically, what's this is all about is that the way to alter the login process in Windows, all the way back to NT 3.1, has been a custom "GINA", that replaced part of the Ctrl-Alt-Del login process. Naturally, a lengthy biometric process migth be fine if you do it once a day, but it will both need new software and possibly some thought to work well with a LUA approach, where you need to repeat your credentials more frequently for specific operations. This is basically no different from using sudo or doing admin operations in MacOS X. It's also no different from that you can't use a custom GINA to run a specific app as admin in current Windows versions.
IANSE (I am not a software engineer), but this might not be a "feature" not a "bug".
It's expected that migrating to a new architecture would require, well, rewriting of existing code that worked with the old OS. Wouldn't there be more cause to worry if Vista supported all of the OLD authentication mechanisms as well as its own ones, since maintaining backwards compatibility seems like it could introduce unnecessary security holes?
Every time a new software version comes out, especially one like this with so many changes, you're bound to see compatibility issues with old software. Not to rattle up any of the Microsoft haters here, but personally I could see how the change could be welcomed as finally an resolution to the security problems that are always associated with Windows products. Then again, I'm not running any company where I would have to realize the costs of the updates.
The more interesting question (imho) is why Microsoft abandoning GINA since "the company had started talking about it at its Professional Developers Conference last September."
This ain't a Microsoft problem. When Linus decided to change the driver model in the kernel, many hardware vendors had to rewrite their drivers. When Solaris 2.5 came out, all those SunOS 4.3 drivers became obsolete. Of course, if documentation of the upcoming Vista security model was hard to come by then these vendors would have a real beef, but no-one is saying that this is the case.
On the one hand I'm feeling that this sort of doomsaying article is merely an excuse for the producers of authentication systems to ramp up their prices in a "but this is an whole new version .. no upgrades possible .. you'll need to relicense!" scam.
.. no major differences are likely between the beta and the final. If MSFT are releasing beta software than isn't complete then why are they calling it a beta instead of an alpha or preview?
.. I hope that VA release a version instead .. they could integrate it into sourceforge or something. *chuckle*
On the other hand it's true than the winlogon stuff in Vista Beta isn't entirely complete, and consequently I have to wonder what Microsoft mean by 'beta'? When I (and lots of other people) release a beta it's basically feature-complete and API-locked, but isn't entirely tested
As for MS GINA being dropped
http://twitter.com/onion2k
US Democracy:The best person for the job (among These pre-selected choices...)
This is both good and bad. Good because it should offer more flexibility now and better design for authenticating to Windows while allowing ISVs to integrate their authentication mechanisms in a cleaner fashion. However it will be bad just for those who have to rewrite all their existing code to work with the new model, especially since the new model isn't backwards compatible which will probably annoy many people but it's one way to force adoption of the newer model. Hopefully they are headed in the right direction.
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
Microsoft is leveraging its flagship operating system to corner the market on aspirin...
Meanwhile, I hope the 3D Studio Max users are prepared for the impending headaches (same w/ anyone else that uses all kinds of software-based tokens and registration schemes like C-DILLA, if it's even in use anymore).
I wonder if dongles will come back?
On the upside? Umm, there's probably no upside.
Quo usque tandem abutere, Nimbus, patientia nostra?
Excuse me, but isn't "microsoft problem" a redundant phrase?
Dont use windows use Linux problem solved
In other news, random Slashdot user creeves1982 blurts out the usual Slashdot banality about Linux.
It's not so simple and you know it. You can use Linux. I can use Linux, but many MANY people can't use anything but Windows, because they're not computer-oriented, have been trained with Windows-XX and Word/Excel-YY and wouldn't conceive anything else exists, must less be able to use it.
That's how the world is. Microsoft is still the biggest OS and software vendor in the world despite its many shortcomings and its outrageous economic practices because the Windows userbase is massively reluctant to change. The real challenge is to make Linux truly as user-friendly as Windows, and to get users to discover it and get used to it. Simply saying "use linux problem solved" is childish.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Yeah, cause Linux never has low level compatibility updates between releases. Give me a break. Linux is not a cure all. For example, figuring out whether a program is being compiled on an SMP aware Linux system requires looking in a different directory for a specific include file, depending on whether the kernel is 2.2, 2.4 or 2.6. And of course, for certain distros it will be in a completely different location (and if you give the wrong include directory, there is an identically named file in /usr/include which will be snapped up and used, even though it gives no SMP info, so it's hard to tell you failed). Other aspects of the Linux API change in subtle but annoying ways that will break older code that relied on specific behaviors.
Of course, most programs don't need to know whether it is being compiled on an SMP enabled Linux system. Similarly, most people don't need to know much about the low level Windows API. But when programs are written that rely on it, major updates tend to cause breaks. Don't blame Microsoft for that. Be thankful they are trying to make the API more robust. Hell of a lot better than releasing "Windows XP: Vista Edition with nifty keen graphics" and no actual under the hood improvements.
Corporation (in voice of Smithers): But if you do that, then no 3rd party software will work, and we will be forced to use MS.
Bill (in voice of Mr. Burns): excellent./p?
It puts the lotion on it's skin, or else it gets the hose again.
Now, if Vista breaks so much of your software and is going to require retraining all of your staff anyways, then why not just switch over to Linux and drop a boatload of security problems and design errors as well?
Free Software: Like love, it grows best when given away.
this is not a scarcastic remark. I have been insulted before many ways. When I get insulted a new way I shake Peoples hands. Thnak you Rosco
If you are going to drink Bill's Kool-Aid, you shouldn't be surprised if there are undesirable side effects.
Well,
Im not talking about this in particular
Every other day a microsoft problem is announced in slashdot. We cant wake up to a day that microsoft wont be appearing with some problem it seems.
Read radical news here
almost like sco news usedto be... a day without a related post seemed a little emptier.
Power to the Penguin!
If you think that it's a "wonder" that changing OS's is a headache, no matter what platform, then I've got some belly button lint that may "amaze" you!
Vista is also making life very hard for invasive spyware makers like Blizzard (Warden) and NCSoft (GameGuard)...
About damn time.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
... "ISVs also have to completely rewrite and certify the custom code they write"
Making software _easy_ for other software developers to integrate with is very hard. Making software backwards compatible is horribly restrictive to advancing an architecture. It's such a joke to see people complain how Windows is lacking this and that but then complain when the change necessary to give them new features breaks their junk. What happened with OSX?
"because ISVs say Vista's new authentication architecture is incomplete in the beta released in February"
Join the freakin beta. There have been 4 releases since the February one.
This is the result from developing for an OS that changes its interfaces every few years. Complete and utter incompetence. Also on the side of those using this OS as development target platform.
Look at Unix/Unix like OSes. A port to the next generation or a different incarnation is often a recompile and nothing else. Why? Because there is a stable API! Nobody uses platform specific stuff, unless there is no choice. Effect: Far less bugs, far less security critical stuff, because the software is older and well tested! The "cutting edge" (not saying it is, but MS certainly _think_ they are there) has no businedd being used in office and the like environments.
Honestly, I think all the vendors complaining and all the customers suffering get exactly what they deserve for their short-sightedness.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Yep. Any time you're interfacing with the OS at that low a level, you have to consider that new versions of the OS might be different under the hood.
I used to run PCAnywhere on a Windows NT 4 server. We had to dance around on one foot while swinging a chicken around our heads, singing voodoo chants backwards to upgrade the OS and PCAnywhere at the same time, all so that we could get PCAnywhere to (a) work and (b) not crash the server on boot once we upgraded it to Windows 2000.
Consider, too, that Microsoft encompasses hundreds of products. If other groups provided as many products as Microsoft did, you might see a similar number of problems. Then again, Microsoft has had a rocky history of security and other issues.
Here's a great idea:
Don't upgrade. You don't need Vista anyway.
It is no more childish than, oh, you want to have the wonderful privledge of having a secure OS after all these years?
Ok, go ahead and pay us $100 up front for the upgrade plus an additional $200 down the road when you try to do some of the things that you have been doing for years and are no longer able to and we will unlock that superspecial functionality for you through our website's online store.
Oh, by the way, you *may* need to do some minor upgrades to get everything running ship-shape...
Stop by your local Best Buy/Circuit City/Frys/CompUSA/etc. and pick up a $300 graphics card plus an additional $150 in memory and you can keep on doing what you have been doing for years all because we are not big fans of backwards compatability.
By the way, starting 6 weeks after our release date, all of our ISVs have agreed to stop supporting XP so that you can no longer use updated versions of anything anymore because we have all come to the consensus that it is far to damn difficult to make something work in both XP and Vista while not exposing the OS to numberous security holes or creating an inconsistent UI for our consumers.
Yep, now that is childish.
...insightful, instead of funny.
extend and extinguish was painless...
Not to mention Apple changing processors like 20 times, barely supporting backward compatability across OS iterations, etc.
Not a MS problem - a problem almost always synonymous with progress. Stop hating on MS.
Excuse my speling.
Making The Bar Project
I think it is obvious that they have had to COMPLETELY switch gears in the last several quarters in order to get this product out. I have a feeling that sooner or later the nov coprorate release will be pushed back to Jan also.
all the anti-virus companies are screaming about non-existant viruses on OSX. Get mac people buying their products before MS kills them with it's own inferior poop.
TWO years!
And we have had an API for more than one year - to create CredMan plugins.
And the architecture is "better" - more PAM-like.
Now you won't break SecureID with a service pack.
And this is a problem, how again?
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
two aspirin in every package.
The way "Windows authentication architecture" is extended in XP is very limiting - essentially you write DLL (so called GINA) that replaces part of XP log-in system and this DLL is responsible for retrieval of users credentials for Windows. However it was possible to have only single GINA installed at the same time, so if you wanted to have two security products installed - you were in trouble.
Now Vista will support new architecture for security providers with possibility of multiple providers registered at the same time. A definite improvement for users.
In fact the new architecture is not THAT different from the previous one, so the entire article is moot. Then again, it's SlashDot...
Slashdot - free anti-Microsoft propaganda 24/7
You are both right and wrong there. I agree that getting users to shift to Linux is really a big problem, but Linux has been more user-friendly and easy to use than Windows for several years now, both for newcomers (example: the main menu that appears when you click at the lower left side of the screen is labeled by function in Linux, rather than by software vendor as in Windows) and for power users (example: mid-click to paste the selection).
I've read most comments on this story and see a common theme: backward compatibility ain't gonna be guaranteed or expected.
My current issue is so related, it made me spit Diet Dr. Pepper on the floor when reading. I've been trying for years to get WordPerfect 5.1 for DOS to run on a Windows box. The closest I've ever come is semi-success with Windows98SE. Even then, stuff just wasn't right.
I prefer WP 5.1 for many reasons. First, I grew to love its simplicity. I tailored the screen to be black with white text and not a bloody thing else. The interface was easy to learn. Macros were a breeze.
Anyone got a clue on making this work in a more modern windows box, please include me in your cluefest.
p.s. I've used pico and nano with linux and liked them...but for practicality I must keep a windows machine running.
Whenever Mrs. Fitch breaks wind, we beat the dog.
To clarify, to you blame Microsoft or Slashdot(etc) for this?
And that's a good thing?
A quote from Theo de Raadt:
PAM is completely and utterly broken and cannot be fixed.
Sadly, I couldn't google image any pics in this hurry - this WAS 11 years ago.
For years, I wished someone would sue the bastards for false advertising. Win95 was a cause of headache, not cure.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Really??? you wouldn't have facts or figures or even percentages would you?
Well, that's the problem - MicroSoft is a victim of its own success and will have to make sure that they don't make things too difficult to learn for the people migrating from older versions of Windows. If Vista is too different, some of those people may actually go over to Linux (or Mac OS X, or AmigaOS - okay, maybe not AmigaOS, but check the .sig below).
I personally doubt that this will happen, but it's a possibility.
.. paranoid crackpot leftover from the days of Amiga.
Multiple GINA programs is fairly straightforward.
A single registry value holds what GINA to execute. If the registry value is blank, it executes MSGINA (the Microsoft default).
If you replace the GINA with a 3rd-party program (VPN, Wireless, Encryption, et cetera), then the 3rd-party is responsible for either (a) completely handling the logon, or (b) passing control to MSGINA when it is finished executing.
As a rule, this happens by your 3rd-party GINA keeping a value of its own (in the registry or INI) of what the previous GINA was. That way, if you install a new GINA, when it finishes executing, it calls whatever GINA *used* to be in the default registry location.
First you have MSGINA.
You install ENCRYPT-GINA.
ENCRYPT-GINA executes and calls MSGINA.
Then you install VPN-GINA.
VPN-GINA sees ENCRYPT-GINA as the GINA to execute when complete.
VPN-GINA executes and calls ENCRYPT-GINA
ENCRYPT-GINA keps its own value for what to call next and calls MSGINA.
Add all the GINAs you want.
It's true that *some* GINAs don't play nicely, or won't always execute if a certain GINA has executed before it (or comes after it) - but for the most part it works.
The only REAL problem is when a GINA is stupid enough to place itself incorrectly in the chain -- which can leave a machine executing GINAs in a loop...and Windows is smart enough to restore MSGINA when that happens anyway.
It's not so simple and you know it. You can use Linux. I can use Linux, but many MANY people can't use anything but Windows, because they're not computer-oriented, have been trained with Windows-XX and Word/Excel-YY and wouldn't conceive anything else exists, must less be able to use it.
So what are all these people going to do when Vista comes out and it's totally different from XP, just like XP was totally different from 2k and 98? Sounds like they'll need retraining. Why not retrain them for something else instead?
You have a five digit /.-id. If you are not an uber geek, then no one is.
You have raised a couple of fairly superficial points. Sure, the UI is what the user relates to and the intuitiveness of it is directly proportional to the adoption rate of the software. However, you try teaching my grandma (82 yrs old) how to install a new program from an rpm. Even with apt-get. Don't even get me started on compiling from source. The command line is a strange and mysterious place to her and is pretty much out of the question.
In windows, she can just "click here" and the installer does the rest. All she has to do is click "Next, I agree, Next^N, Finish" and she's done. She doesn't need to know anything about version numbering or dependencies, etc. Of course, that's how easy it is to install all sorts of other crap on Windows, too.
Granted, things like the Synaptic package manager on Ubuntu are just about that easy but what if she wants an app that doesn't appear in that list?
Or what if the Linux installer doesn't auto-detect her printer correctly? Good luck, Grandma!
Don't get me wrong. I think package management and the whole user experience in Linux have come a long way over the years and Linux is ALMOST ready for the desktop. To say that it has been ready for several years I think is a stretch.
Who cares about my grandma? Well, that's just my usual usability metric. Substitute with any computer near-illiterate for the same effect.
Stack overflow: pid 352258, proc httpd, addr 0x11f7ffff0, pc 0x12000195c Segmentation fault (core dumped)
Love 'em or hate 'em, Microsoft's historic strength was that they made it very easy (many would say TOO easy) to write software for Windows. Because Windows' genesis was in the pre Internet days, they designed it in a way that made it powerful for developers but insecure. Now that they're finally GETTING IT and making Windows Vista more secure, the people who have been writing software for Windows are going to have to do a little more work to make their stuff work. This is probably all for the best but it may open up opportunities for other platforms during the transition to secure Windows.
That is PAM's implementation. Not the idea of authentication being performed by a module that talks to the AUTH API! The thing needs to be "signed" to run - so it's an unlikely attack for badware.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Yes
Shut up and do your job. Thanks.
Everything about Vista is going to be a big headache. From the initial sale, think of the sales clerk trying to explain the differences between 6 or 7 versions, with minimal actual differences and major price differences. Add DRM, the usual raft of bugs, and even worse security problems than ever... it's going to be ugly folks. All white box stores need to stock up on XP or start the shift to Linux for all customers. Train them now and end this stupidity.
It still seems like Me revisited.
Professional Politicians are not the solution, they ARE the problem.
>I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.
1 &id=2089905
well, Michelin can
http://sports.espn.go.com/rpm/news/story?series=f
Who logs in to gdm? Not I, said the duck.
They got SO big and SO overconfident in their invincibility on the desktop that they farted around and have SCREWED THE POOCH. They are going down, slowly now, but you can smell it coming. They peaked, the world has passed them by with both the enthusiasm model, the practicality model and the dollars and "sense" model.
Sure, sure sure, still big, still taking in the cash..for now...they are cut, cut bad, cut all over now, getting hammered by their own weight and age.
You see it in boxers, always fight one or two or three fights too many past their prime, instead of full retirement at Champ level.
MS had enough money and power and prestige many years ago to go "world,OK that's it, we have lead you into the digital age and now it is time for us to retire, you have enough lead now to go on", and actually done that, just closed up shop. It would be *wonderful* if corporations could realise that and just "move on", retire gracefully and with some dignity intact. Look at todays SGI anouncement for an example of waiting too long, trying to hang on to something that isn't really tangible, it is called "the past" and "glory".
Of course they won't do that. What I expect them to do is throw BILLIONS of ultimately wasted dollars at advertising, behind the scenes cash bribes..err, lobbying efforts, and really pull out the stops with lawyers and "IP" nonsense.
They are still going down, they have peaked now, they have proven they are beyond where they were a useful company or even a necessary company.
If they were smart and had a CEO and board with brains they would as fast as possible restructure into half a dozen indendent divisions and let the few remaining advantages and products they have go on for a few more years as separate products, to see what could happen if they got reduced back down to lean/mean/ready to fight.This is the 50 lbs overweight half crazy old punch drunk boxer doing a play act shadowbox before the match, you can SEE there isn't anything there but past glory and one more fat paycheck.
Breaking up would be the best possible business move for them at this time, a few of the divisions could possibly stage a good comeback, but not if they get dragged down by the all for one model they have now.
So the Vista version will be called MS V-GINA? Does this smell fishy or what...
Fighting over religion is like seeing whose imaginary friend is best.
We have 15 people. Vista makes me cringe. Can you imagine for large companies. What a nightmare. If it ain't broke, don't fix it. Why would anyone in a corporate environment move to Vista? Oh yeah, better multimedia. Well, that's important for workers.
Mean what you say...say what you mean.
Sophocles sues Microsoft for copyright infringement!
Have gnu, will travel.
The reason it's so easy to install on Windows is not because of any package manager. It's the use of any one of the myriad "Installation Wizards" out there.
And they also exist for Linux. The fact that developers choose not to use them is another matter altogether.
But where did your grandma get the installation CD? How did she know which CD to get? Or where to download the software? What if the software your grandma wanst isn't in superdownloads.com? Last time I saw, there were a total of about 18000 available packages in the repositories that come in the standard Ubuntu distribution.
In Linux, (well, in Ubuntu, at least) all your grandma has to do is go to the "system" menu and click on the "package manager" entry, which runs Adept. In the program there's a text box labeled "quick filter", your grandma can type anything there, the software will look over the repositories for packages that have that string, either in the package name, or in the description, or in the maintainer's name. She will be shown a list of matching packages, together with the description of each and the current state, whether that package is installed or not.
If she wants, she can install available packages or remove installed ones at the click of a button. No need to click "Next" on anything, no need to click "I Agree" anywhere. No need to worry about version numbers, no need to worry about dependencies (what was that vbrun.dll version, exactly?), once you click just once on that clearly labeled "Install Package" button, everything is taken care of, the package manager's job is to verify and install everything that's needed.
If Linux is just "almost" ready for the desktop, then Windows XP is definitely very far from being ready.
Theo de Raadt is demonstrably one of the must flaming people on the net: his behavior and attitudes to anything that does not follow the Revealed Gospel of Theo in the book of OpenBSD is one of the things that actively drives people away from using it for anything.
Fortunately, the OpenSSH developers seem to mostly ignore Theo and actually care about cross-compatibility.
Uhh, Theo *IS* one of the OpenSSH developers...
OK, I am always a bit skeptical of the "impending Microsoft release blunder" industry "news". But I think it is becoming plainly obvious that Vista is a trainwreck.
XP was invariably a block of swiss cheese...Their answer was Service Pack 2 that made everyone feel like a Grad Students in Kindergarten. Firewall this, Firewall that, AHH your virus scanner is out of date!! Let us patch our holey weak assed code for you.
Again, Microsoft because of their past transgessions will undoubtably fill this new OS with tons of weak assed apps to create a false sense of security.
Hey Microsoft, do us Sys Admins a favor. Stop what you are doing...because it's not what we want. Just look at the *nixes, and how their OS is structured. THAT's how you do security. And don't release another form of Windows until you get it right. I won't buy it. My company can't afford it, and I don't need the hassle.
Yes, these vendors are stating a fact. A new security system will mean a rewrite of the code that was dependant on the old system. That's to be expected. But what they're really doing here is starting the opening salvo in their justification for new versions of their software that they'll foist on the enterprise customers and no doubt make a nice profit. They'll reduce features and blame it on rewriting for Vista. Their will be bugs... and every one of them is going to be, as much as is possible, blamed on Vista. Vista's a scapegoat that the vendors are going to use to shift blame and scrutiny away from themselves and their products.
http://jaganath.blogspot.com/2006/05/windows-vista -source-code-leaked.html
Microsoft wants Vista to be secure. That's because the EULA keeps 'em safe. Let the EULA have defined clauses for security. Then microsoft will need Vista to be secure.
That's the only way I see s/w providers will make serious efforts to make their code more secure- if providers are culpable for damages arising out of security breaches.
Yay. We can retrain all our Windows users to use Linux. Maybe they can recompile their kernels and mess around with KDE eyecandy settings while waiting for the software they use on Windows to be ported?
To all of you Linux folks out there who have this dream that corporations around the world will wake up tomorrow, and decide to migrate to Linux en masse:
WAKE UP.
It's not going to happen anytime soon. Your pursuit of the windows desktop market will be a long, slow, uphill battle. Linux is NOT as "user friendly" as Windows is today; And by "user friendly", I don't mean "Wow, look, a GUI!" I mean, "Wow, look, a consistent, well-thought out, familiar, intuitive, clean GUI! Oh, and all my peripherals & software that I'm used to work, too!!!"
The simple fact is, Linux has a long way to go before "average" home users, and "average" corporate users will be able to use it. It simply doesn't have the application & driver support, and it doesn't present a compelling reason to change from Windows. "Linux != Windows" is NOT a good enough reason in most users' minds. Neither is "You can do all the same things in Linux that you do on Windows!" I know that, for all the slagging Windows gets here, I have rarely had any issues with my Windows XP Pro system, from a security, usability, or stability standpoint. No more so than I had with Fedora Core 4, or Gentoo, certainly.
Maybe they can recompile their kernels
Don't be an idiot. No one recompiles their kernels any more unless they really want to. This isn't 1999.
And by "user friendly", I don't mean "Wow, look, a GUI!" I mean, "Wow, look, a consistent, well-thought out, familiar, intuitive, clean GUI!
You must not be talking about Windows, because it most certainly does not have a consistent, well thought-out, and intuitive GUI. MS's idea of "intuitive" is hiding menu options from you, so the menus are different every time you use them. Yeah, great idea there. They don't even hide the least frequently used items like you'd think, at least on my Server 2003 system, because they keep hiding the two apps I use the most. KDE has a far more well thought-out GUI than any Windows version I've ever used.
I know that, for all the slagging Windows gets here, I have rarely had any issues with my Windows XP Pro system, from a security, usability, or stability standpoint.
Yeah, I don't have any security problems with my XP Pro system either. Of course, I have to apply security patches pushed by my IT department nearly every day, and to do so I have to drop everything I'm doing while the patch is downloaded and applied and then reboot after each patch, wasting lots of time. And I have to watch out for signs at the security stations every day I come into work, warning about the latest email virus so I know not to click on any attachments that day until IT pushes yet another patch out to the antivirus software.
It simply doesn't have the application & driver support
What drivers is it missing that are needed in a corporate environment? No one needs 3D graphics for their work desktop, and they certainly don't need support for the latest obscure USB gadgets. They also don't need drivers for some piece-of-shit $30 inkjet printer, because workplaces use high-end laser printers with Postscript support. Driver support is NOT a problem for Linux in the workplace.
Applications: most people at work do most of their work with office applications: word processors, spreadsheets, etc. This is all covered quite nicely by Koffice and OpenOffice.org, both with support for the ODF open document standard mandated by the State of Massachusetts and drawing interest by many other national governments. OOo even imports and exports MS Office documents quite well. As long as your organization standardizes on ODF, you'll have the application support for most general tasks. The only reason applications might be a problem are 1) you need some specialized app that only works on Windows (e.g., AutoCAD), or 2) your management is simply addicted to MS's crackware and refuses to try anything different.
Less Secure we Complain More Secure we Complain?
Can we just pick a side..
Do we hate Vista because it will be more secure and that is causing Third party applicaiton problems?
Or do we hate Vista because it is not secure enough?
Or do we hate Vista becuase it is more secure but prompts for passwords when doing Root level activities and that will confuse people?
We have to pick a story, we can't be on the opposite side of the fence as each story is released.
Maybe we should just hate Vista just to hate Vista but at least stop contradicting ourselves?
Windows may be breaking things for RSA Tokens that are expensive and expire in three years, but they are adding in much native support for smart cards that are much cheaper than RSA Tokens and do not expire in three years. US Department of Defense, US Federal Govt and big corporations like HP and Sun have adopted Smart Cards. I am not a MS fan, but re-architecting their login and vpn for native smart card support does not seem a bad idea. We should at least look into the economics of smart cards, they may save IT money in the long run.
I would; Windows is 100% crap.
With OSS zealots like you is that they actually think the cost of licensing is that important...
Most companies really don't care, the cost of IT is mainly made up of operational costs such as staffing, so moving to another "free" platform "saving money" is just not true per se, it can save money, but it realy depends on the specific situation.
Please move on and only comment on things you understand...
because much of Windows has been rewritten, it is going to be a pita to adapt existing software. No frigging kidding. Doesn't this happen with every major update?
No, it doesn't. Microsoft's track-record for backwards compatibility is among the best in the industry. Sorry, but while their software has many flaws, there are some things they do very well, and not breaking things in upgrades is one of them.
Compare the upgrade from Windows 98 to Windows XP with the comparable upgrade from OS 9 to OS X. You can run practically any bit of Windows 98 software in Windows XP. You can't run any OS 9 software in OS X without buying a separate copy of OS 9 and using emulation, and people on Mactels can't run any OS 9 software in OS X period.
I find it amusing that nobody ever complains about this, but if they find one single piece of Windows 98 software that doesn't work properly in XP, it's all OMG MICROSOFT IS TEH SUXOR!!!!!11. Can you say "double standards"?
Just to mention that DOSBox, the full DOS-on-PC emulation software recommended by another slashdotter, can throttle how much CPU instruction are emulated per second, so it can be an additionnal way to throttle speed to avoid bugs-that-only-appear-above-1Ghz.
Also, note that this emulator can map real ports to ports inside emulator (like com ports). It is possible to use your legacy hardware (modems, etc...) with drivers running inside the emulator.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
WHAT are you whittering on about in all the years i have been running Linux i hVe never had these problems that people like you seem to suffer from you must be doin something real dumb assed strange or be one of the it aint windBloZe so I'll whinge like crap brigade..
Pete .
What are you compiling, I wonder?
I've never seen a program that needs to be built differently depending on whether the host is SMP or not. If it does exist, that's just horrible design. If it supports an optimization with multiple CPUs, it should detect that at runtime instead.
Never mind running Win98 software under XP. If you get hold of a copy of Windows 1.0 you can run the applications that came with that under Windows XP. The only quirk is that the app windows open at the smallest possible window size, because Windows 1.0 didn't support overlapping windows and so the apps didn't actually choose a size for themselves.
Microsoft's devotion to backwards-compatibility is astounding. It's just a shame that their architecture has to suffer because of it.
Mac OS 9 applications written with the Carbon API will work fine under Mac OS X without any need for the Classic environment, and will also run on Intel Macs. I'm running a Carbon application on my Intel Macbook Pro now which I previously ran under Mac OS 9 on an old iBook. It is only applications that pre-date Carbon that will have problems.
There are, however, many applications written using the Carbon API that are only usable on Mac OS X, such as iTunes and Microsoft Office v.X.
five digits? bah, whippersnappers
Yes this is my real UID. No, it was not bought from EBay.
that all concerned people (geeks, nerds, tech-heads, concerned citizens, whatever you may be or path you walk) should be telling The Masses(tm) about Vista. Basically, Windows Vista is going to make it so that YOU NO LONGER OWN OR ARE IN CONTROL OF _YOUR_ COMPUTER.
Think about that for a minute... You, a hard working individual, busted YOUR ass for that $500 to $2000+ dollars YOU are about to spend for a computer _but_ thanks to Microsoft and Vista YOU will not be in control of YOUR computer. Microsoft will. Or Company X will since they have paid Microsoft their "protection" money so they have "the trust" of YOUR computer. WTF will Sony do to YOUR computer since it will "trust" them implicitly - just because Sony paid for a "trusted computing model" blank check from Microsoft? What will happen to you computer when the spyware makers somehow hack the "trusted computing" certificates and begin taking control of YOUR system? How about the fact that YOUR government (any nation, anywhere) could, conceivably, install software on YOUR system without YOUR knowledge simply because YOUR computer "trusts" their software?
Before people begin with the whole "tinfoil hat" rhetoric please take a few moments and seriously look at what YOUR government has been up to for the past 2, 3, or 20 years. Can ANY American here _honestly_ think that the power-hungry, greedy, corporate-backed politicians currently in power would NOT abuse the "trusted computing model"? All they have to invoke is TERRORISM, DRUG WAR, or FOR THE CHILDREN and suddenly every single computer with Vista on it will be vulnerable - any. where. in. the. world. I look at the current state of the United States Government (and those that follow its lead) and I fear for the future as it looks darker and darker every day - especially when the Constitution is being run roughshod over with little care for the founding document and all in the name of "terror".
What has happened to all of us who bought a PERSONAL computer and who love freedom and privacy that we all (SEEM) willing to do nothing? How about the fact that when I spend MY hard earned money on a product it is MINE. Period. The end. Microsoft should have no control over my computer hardware OR software. Microsoft should not be able to give anyone else a blank check to hook software into my computer by telling my system "hey, its cool, you can TRUST this software". I and I alone should be the final arbiter of what runs on my system, what hardware is installed, what sofware I choose to use and I should be _fully informed_ as to what software packages are actually installing on my system. Not learning after the fact that the new Britney Spears CD rooted (there is a joke in that statement somewhere '-) my system out and gave access to company X.
Whew. Sorry about the long rant but I'm way past tired of watching the world go to shit around me and am trying to do my part in educating friends and family to the things that are JUST WRONG(tm).
Dream as if you'll live forever.
Live as if you'll die tomorrow.
~Anonymous~
Don't be an idiot. No one recompiles their kernels any more unless they really want to. This isn't 1999.
The point is & was that if the software a person needs to work is not available on Linux, then ALL a user will be able to do is engage in a pointless round of FOSS wankery. I know that "most" will not recompile their kernel today -- but "Look, I've got this great Linux system. It's Free & Open Source! What can I do on it? Weeeelll.... I'm waiting for them to install my software... it's being written now..."
MS's idea of "intuitive" is hiding menu options from you, so the menus are different every time you use them.
Exaggeration for effect, or you have the only buggy install of Office & XP that I've ever heard of. Yes, they hide "infrequently used" options. YES, you can turn that option off so that all the menu options are always available.
Of course, I have to apply security patches pushed by my IT department nearly every day, and to do so I have to drop everything I'm doing while the patch is downloaded and applied and then reboot after each patch, wasting lots of time.
If that's literally true, then your Windows admins are idiots. Tell me, what manufacturer is pushing out new security patches "nearly every day"? Certainly not Microsoft. I call bullshit on your claim. What's more likely is that once every few weeks, your system admins distribute a patch bundle via some automated push tool, and you MIGHT have to reboot then. But of course, that doesn't sound as incriminating for Windows, does it? And lord knows, no Linux app has ever been released with a security hole that needs to be patched after install on a user's desktop... right firefox?
And I have to watch out for signs at the security stations every day I come into work, warning about the latest email virus so I know not to click on any attachments that day until IT pushes yet another patch out to the antivirus software.
Funny... are you actually telling me you're a Linux evangelist who has to be specifically told not to click on attachments from people you don't know, or that you're not expecting? As for the antivirus updates, if your IT department is doing their job properly: 1) your a/v software should check for updates daily; 2) You should be trained to ONLY open attachments from trusted sources, and only then, when you're actually EXPECTING an email with an attachment from that person. I know I don't get very many unsolicited powerpoint presentations attached to emails at work. I really can't remember the last time a "big bad email virus" affected me at work. Probably Melissa, back in 1999.
What drivers is it missing that are needed in a corporate environment?
Well, for starters, my IBM Thinkpad's wireless card doesn't work under Linux. At all. My company chose to go with the Orinoco Gold PC cards for laptops without integrated wireless, and the chipset on my particular revision is, at least as of ~9 months ago, completely unsupported by any Linux distro or third-party driver. So that's one for starters... I'm sure that other people could name some others.
Applications: most people at work do most of their work with office applications: word processors, spreadsheets, etc. This is all covered quite nicely by Koffice and OpenOffice.org, both with support for the ODF open document standard mandated by the State of Massachusetts and drawing interest by many other national governments. OOo even imports and exports MS Office documents quite well. As long as your organization standardizes on ODF, you'll have the application support for most general tasks. The only reason applications might be a problem are 1) you need some specialized app that only works on Windows (e.g., AutoCAD), or 2) your management is simply addicted to MS's crackware and refuses to try anything different.
It's not a case of being "addicted" to anything. Look at what you just said: "As
The point is & was that if the software a person needs to work is not available on Linux, then ALL a user will be able to do is engage in a pointless round of FOSS wankery. I know that "most" will not recompile their kernel today -- but "Look, I've got this great Linux system. It's Free & Open Source! What can I do on it? Weeeelll.... I'm waiting for them to install my software... it's being written now..."
This is pure exaggeration and sensationalism. If the software you need is not available, then obviously you use the platform which has the software you need. I already went over this in my earlier message (my example was AutoCAD).
Exaggeration for effect, or you have the only buggy install of Office & XP that I've ever heard of. Yes, they hide "infrequently used" options. YES, you can turn that option off so that all the menu options are always available.
I see this just on the Server 2003 menus (not XP). And this is professionally maintained by the IT department for a Fortune 100 company, so if they can't figure it out, then no one can.
If that's literally true, then your Windows admins are idiots. Tell me, what manufacturer is pushing out new security patches "nearly every day"? Certainly not Microsoft. I call bullshit on your claim. What's more likely is that once every few weeks, your system admins distribute a patch bundle via some automated push tool, and you MIGHT have to reboot then. But of course, that doesn't sound as incriminating for Windows, does it? And lord knows, no Linux app has ever been released with a security hole that needs to be patched after install on a user's desktop... right firefox?
Again, my company is a Fortune 100 and a leader in the tech sector. If the IT department here can't figure it out, then there's a big problem.
I might have exaggerated a little on the "nearly every day", but there's definitely at least one (many times more, sometimes less) patch per week. The fact that I have to stop everything I'm doing, and then reboot is the worst part.
Of course I have security patches on my Linux systems too. The nice thing is, they don't interrupt me. I click "go" (SUSE 10.0 here) and it does the updates in the background, and then I don't even have to reboot!
As for Firefox, same thing. Just patch, and restart the application. No rebooting required. MS has had over a decade to fix that, and they haven't.
Funny... are you actually telling me you're a Linux evangelist who has to be specifically told not to click on attachments from people you don't know, or that you're not expecting?
Of course I don't, but why should I even bother being careful? I should be able to click on anything in the mail reader without it infecting the system with malware. Anything less is utterly ridiculous. What kind of moron would actually design an email application to automatically open and execute (executable) attachments? The fact is, in Linux, this is simply not a concern. Unsavvy users can be as reckless as they want, and it's unlikely any serious harm will come of it.
Well, for starters, my IBM Thinkpad's wireless card doesn't work under Linux. At all. My company chose to go with the Orinoco Gold PC cards for laptops without integrated wireless, and the chipset on my particular revision is, at least as of ~9 months ago, completely unsupported by any Linux distro or third-party driver. So that's one for starters... I'm sure that other people could name some others.
This is really simple for anyone with a brain: you only buy hardware that is known to have Linux support. Get Intel Centrino, not some cheap-ass Orinoco crap. People already know that many cheap-ass devices have buggy Windows drivers that screw up their systems, so even in the Windows world it's smart to check out the hardware you're buying before just picking the cheapest option.
While using Linux may be perfectly appropriate for corporate use in the IT department, on servers, even maybe b
This is pure exaggeration and sensationalism. If the software you need is not available, then obviously you use the platform which has the software you need. I already went over this in my earlier message (my example was AutoCAD).
No more exaggerated or sensational than your claim of at least one, sometimes several, patches to apply to your system every week, and having to reboot after every patch or upgrade. I seriously want to know which software company you're working with that is dropping critical patch fixes every week, sometimes several in a week. I want to be sure to NEVER, EVER buy their products. Or could it be that you're just exaggerating for effect, still?
As for choosing the platform which has the software you need -- this is exactly my point. A conversion to Linux "just because we don't want to use Vista" is not a good enough reason to convert. If the software people need to run is written for Vista, then companies will continue using Vista. If a suitable alternative exists for Linux, then companies can consider Linux. "Just train them on Linux instead of Vista," is a very glib statement to make, and it sounds "just that easy," but it's really not when you start looking at the work involved.
Of course I don't, but why should I even bother being careful?
Wow. Just... wow. Your analogy is akin to saying, "Well you drive a Hyundai, so you better be careful. I have a Volvo, so I can drive recklessly." Recklessness + stupidity will always equal problems, regardless of your system's operating system. You may walk away from the crash in a little better condition, but you still cost yourself a metric fuck-ton of money, effort, and hassle with your recklessness.
This is really simple for anyone with a brain: you only buy hardware that is known to have Linux support. Get Intel Centrino, not some cheap-ass Orinoco crap. People already know that many cheap-ass devices have buggy Windows drivers that screw up their systems, so even in the Windows world it's smart to check out the hardware you're buying before just picking the cheapest option.
Once again, you miss the point by a mile. Let me spell it out for you: THERE IS AN EXISTING INVESTMENT IN HARDWARE that must be supported if a company is going to switch over to Linux on that hardware. Unless you're actually suggesting a company go out and buy 10 - 15 thousand new laptop systems so that they can switch? The simple fact here is that my company bought these wireless cards for about 5000 laptops that didn't have integrated wireless in them... if they switched to Linux, those wireless cards would cease to function. I'm sure if you went and talked to companies, there's a lot of similar stories that would block adoption of linux at many other places in similar ways. Now, the company COULD phase in Linux as it replaces systems, but then they're buying the cost of a protracted conversion, and the effort of maintaining two separate, interoperable infrastructures for their Linux & Windows systems, thus delaying any ROI even more.
Maybe not for many places, and maybe not overnight, but they'd be smart to start thinking about migrating, because their smaller competitors who aren't as invested in the MS infrastructure and lock-in will be able to switch much more easily and cheaply, and will have drastically lower IT costs because of it in time.
Of course they're *thinking* about migrating, I never said they shouldn't. It's this notion that sometime in the next 3 years, every company is just going to rebel against Microsoft products (which, for all their issues & eccentricities, *do* work just fine for most people,) and say, "No thanks, we've got Linux" which is, quite simply, a pipe dream.
As far as "drastically lower IT costs," I think the question is still up in the air as to which is lower cost to operate. I've seen studies that say Linux is hands down the cheapest, and I've seen studies that say Microsoft is hands-down the ch
I seriously want to know which software company you're working with that is dropping critical patch fixes every week, sometimes several in a week. I want to be sure to NEVER, EVER buy their products.
It's a hardware company, not a software company. And it's probably the largest semiconductor maker in the world.
Wow. Just... wow. Your analogy is akin to saying, "Well you drive a Hyundai, so you better be careful. I have a Volvo, so I can drive recklessly." Recklessness + stupidity will always equal problems, regardless of your system's operating system. You may walk away from the crash in a little better condition, but you still cost yourself a metric fuck-ton of money, effort, and hassle with your recklessness.
This isn't quite right. A better analogy is "well, you drive a Yugo, so you better be careful driving because the slightest bump in the road will cause the wheel to fall off and your car to crash and then promptly explode. I drive a Toyota, so I can drive on normal roads without constantly worrying about my wheels falling off or my car exploding."
Seriously, if you actually think an email client that automatically executes a file attached to an email is not the most ridiculous and idiotic design feature, then there's something wrong with you.
Once again, you miss the point by a mile. Let me spell it out for you: THERE IS AN EXISTING INVESTMENT IN HARDWARE that must be supported if a company is going to switch over to Linux on that hardware.
The reality is that most hardware is well-supported. Wireless networking cards are the big exception. New wireless cards really aren't very expensive, if that's the only missing piece.
Perhaps I'm missing something here. How is it Microsoft's fault that a hardware company you do business with keeps issuing critical patches & updates for their hardware? I'm sorry, but an occasional reboot cycle is not *that* onerous a task. I'd take much larger issue with the "largest semiconductor maker in the world" apparently being unable to get their shit in order enough to drop you a sane release that isn't full of holes & flaws needing constant patching & updates. From what you've told me, I'm simply unimpressed with the state of IT at these "fortune 100" companies, and the "largest semiconductor mfgr in the world." Yes, the reboot can be disruptive, and yes, Microsoft can improve that, I'll agree with you to that extent. But if you're constantly rebooting critical systems for ANY reason, that's a problem... and if the only reason you're doing so is because a particular hardware vendor keeps issuing firmware updates or something like that, then they really need to figure out a way to get their projects under control.
This isn't quite right. A better analogy is "well, you drive a Yugo, so you better be careful driving because the slightest bump in the road will cause the wheel to fall off and your car to crash and then promptly explode. I drive a Toyota, so I can drive on normal roads without constantly worrying about my wheels falling off or my car exploding."
No, that's not a better analogy. It would only be better if Windows, during normal operation, was prone to spontaneous crashes for no reason whatsoever. In practice, recent releases of Windows are reasonably stable, and reasonably reliable, if you take care of it properly -- much like a Hyundai. Linux may be better designed & more "safe" by default, but it still needs to be taken care of properly, and maintained properly, as well -- just like a Volvo. And just to remind you, since you seem intent on forgetting what you initially said: Reckless driving will get you killed, injured, or in a lot of trouble no matter how well designed your car is. Perhaps you're a little safer in a Volvo than a Hyundai (or a Yugo), but you are not immune to harm, and reckless driving only compounds your vulnerability.
The reality is that most hardware is well-supported. Wireless networking cards are the big exception. New wireless cards really aren't very expensive, if that's the only missing piece.
You asked for a real example, and I provided one. Yes, most common "business class" hardware may be supported. My initial point stated that there were problems with both hardware drivers AND applications being unavailable for Linux, in response to your comment about "Well why don't companies just train their users in Linux instead of Vista, since Vista's so different from XP that it'll require training." What it boils down to is that most companies have a sizable investment in both their hardware & their applications, and if all they're doing is replacing Microsoft with Linux, and the two run on the same types of hardware, and cost about the same in terms of support, then you're looking at a very long return on investment phase for a company to invest the huge amount of time & effort in retraining employees, and reworking their internal infrastructure to be Linux only.