More Headaches from Vista Security

Michael Cooney writes to tell us Windows Vista may have some serious headaches in store for corporate users with third-party authentication systems like VPNs. From the article: "ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture."

Another day, another microsoft problem

[unity100]

Will wonders never cease

Re:Another day, another microsoft problem

[l2718]

This ain't a Microsoft problem. When Linus decided to change the driver model in the kernel, many hardware vendors had to rewrite their drivers. When Solaris 2.5 came out, all those SunOS 4.3 drivers became obsolete. Of course, if documentation of the upcoming Vista security model was hard to come by then these vendors would have a real beef, but no-one is saying that this is the case.

Re:Another day, another microsoft problem

[Spy+der+Mann]

Excuse me, but isn't "microsoft problem" a redundant phrase?

Re:Another day, another microsoft problem

[unity100]

Well,

Im not talking about this in particular

Every other day a microsoft problem is announced in slashdot. We cant wake up to a day that microsoft wont be appearing with some problem it seems.

Re:Another day, another microsoft problem

[darth_linux]

almost like sco news usedto be... a day without a related post seemed a little emptier.

Re:Another day, another microsoft problem

[NineNine]

If you think that it's a "wonder" that changing OS's is a headache, no matter what platform, then I've got some belly button lint that may "amaze" you!

Re:Another day, another microsoft problem

omg u made teh funnay ha ha i am sure you get all the girls with your witty m$ bashing.

Re:Another day, another microsoft problem

[daeg]

Consider, too, that Microsoft encompasses hundreds of products. If other groups provided as many products as Microsoft did, you might see a similar number of problems. Then again, Microsoft has had a rocky history of security and other issues.

Re:Another day, another microsoft problem

[IAmTheDave]

Not to mention Apple changing processors like 20 times, barely supporting backward compatability across OS iterations, etc.

Not a MS problem - a problem almost always synonymous with progress. Stop hating on MS.

Re:Another day, another microsoft problem

[Bohiti]

To clarify, to you blame Microsoft or Slashdot(etc) for this?

Re:Another day, another microsoft problem

Yes

At this point...

[inertialmatrix]

I have the feeling that at this point the managers in Redmond care less about security and more about actually _shipping_ the product.

Maybe even sometime this year.

Re:At this point...

[Antique+Geekmeister]

Oh, no, they've already missed the Christmas ship date. It's not coming out until Jan. 1 next year at the earliest. And with all the features they've had to pull from it, there is no reason to update to it until at least 1 year after it's released, anyway.

If new OS's and their features turn out to be vital in the next year, it's a good time to be selling Linux or other OS solutions.

Re:At this point...

[From+A+Far+Away+Land]

Vista Security - I sincerely hope that's not going to become another famous oxymoron like previous Windows releases. Remember how XP was the most secure operating system ever until a LAN flaw was found, then later Blaster made XP SP1 default security pointless?

If Vista's default installation isn't cracked wide open by a worm in the first 90 days, then it will be a victory for Microsoft.

Re:At this point...

[inertialmatrix]

I seriously am wondering about the corporate customers that Microsoft hopes are supposedly going to be deploying Vista in November. Pretty soon they will get pushed back to 2007 as well.

Re:At this point...

[houstonbofh]

I have the feeling that at this point the managers in Redmond care less about security and more about actually _shipping_ the product.

To maintain backwards compatability with other Windows versions, of course... ;-)

Re:At this point...

[techno-vampire]

And with all the features they've had to pull from it, there is no reason to update to it...

How true. Of course, I've yet to see a feature they've left in that would make me want to upgrade so the featurectomies haven't changed my mind. I'm already dual-booting into Linux, and if there's anything I can't run under Win98SE, there's always Wine.

Re:At this point...

[93+Escort+Wagon]

"Vista Security - I sincerely hope that's not going to become another famous oxymoron like previous Windows releases."

Hey, you hit on another oxymoron (at least with regards to Vista) - "Windows release".

Duck and cover, duck and cover...

Re:At this point...

Oh please! If you even knew anything about the GINA or writing software, you'd have a different opinion. Novell, Cisco, and everybody else with a security shingle to hang out there wants to put in their custom GINA. This actually hurts security, because if Microsoft has to do a security fix there, it breaks all these custom GINAs, which delays those precious little patches.

Of course, if you knew anything about building software, you'd know that adding custom code to any COTS product is equivalent to single vendor lock-in, and you feel it when the security pressure is on.

Re:At this point...

[zcat_NZ]

90 days? that's a tad optimistic.

I seem to recall someone had written a prototype virus within 24 hours of the first beta being released, which caused Microsoft to drop the advanced scripting they had planned.

I'd try and find a reference but I really can't be arsed. Vista won't be out until next year and by all accounts it's going to suck just as badly as any previous version of windows. Dapper Drake will be out next month and it's going to rock! I've been running it since flight4, it was awesome even back then and it just keeps getting better.

Re:At this point...

[Fred_A]

Especially since corporate customers are always last to deploy new systems. Especially something heavily rewritten and untested like this. They are the same that are reluctant to even apply service packs for fear that they might break something and MS just hopes that they will switch to a completely rewritten OS ?

Sometimes I wonder how Microsoft even managed to stay afloat, much less become dominant in the market... It's one thing to sell to pimple faced gamers who apparently just accept that stuff breaks every now and then but corporate datacenters don't work that way.

Re:At this point...

[jZnat]

They could just include WINE for backwards compatibility, sheesh. ;p

Re:At this point...

[Antique+Geekmeister]

Many corporate accounts get sold a bill of goods, including new OS's on new hardware: reverting the hardware to an older, more stable and more supportable operating system is often expensive and laborious, especially when you have some MCSE consultant selling you a huge new package of demoware, such as a new MS Exchange server, that will "solve all your IT problems".

I've watched this happen repeatedly where the new server is installed with a mandatory server grade license hot off the presses that it doesn't really need.

Re:At this point...

[ftoomch]

Aaah! You're talking about the new Vista Augmented GINA. Nice acronym.

Re:At this point...

[Daengbo]

Dapper Drake will be out next month and it's going to rock!

I love Dapper and all, and have used Ubuntu since 2004, but the last month has seen my laptop slow to a crawl and become unusable. Both laptops in the house running Dapper kernel panic at least once a day, so it's probably not a hardware problem. Beagle can't be installed because programs become impossible to use when it's running -- even when it's niced to 19. No proprietary drivers. Stock install and two days ago my Gnome borked so badly that I had to install KDE to use the computer. I found KDE so much faster that I've stuck with it for a week.

I'm not optimistic about Dapper, though I really want to be. I stopped working the book I was writing about Dapper because I'm unsure whether it will be stable enough for corporate use. I'm waiting a week then looking again.

Re:At this point...

[Fred_A]

I don't know, in my experience large installations normally have enough purchasing power to be able to mandate the OS version from their vendor.

Of course if they don't have an in-house IT department and depend on MSCE consultants, they're probably screwed anyway.

Nowadays I only deal with small structures though so I don't really know what happens in big corporate networks anymore. By myself I don't have the manpower to switch large networks over (most of my work is switching systems over to FOSS). Things might have changed since a few years ago...

Re:At this point...

[somersault]

.. how can you complain about a prerelease version of an OS being unstable, when the idea is that of course it's going to be unstable until it's been tested and revised? I'm about to install Dapper for the first time tonight, maybe only do it on my laptop and leave my desktop with Breezy, but honestly, the whole point in these prereleases is for bug testing - if you're needing stability then why not wait until Dapper is released? Then you have a 'right' to complain if something screws up.

Re:At this point...

[Crayon+Kid]

Obligatory Penny Arcade: yes, that really is a catchy acronym.

Re:At this point...

[Daengbo]

.. how can you complain about a prerelease version of an OS being unstable, when the idea is that of course it's going to be unstable until it's been tested and revised?

The post was in response to a praise of how great Dapper is going to be. I was pointing out that the beta (which I've been running with full knowledge in order to test and write about) has gone downhill recently and the major performance-shattering bugs have not yet been touched yet, especially the crazy Beagle memory leak. I'm not saying that it's going to suck -- I'm saying that it was unusable for about a week, to the point that I ditched Gnome on the machine in order to continue testing other parts of the system. I also said that I need to check back soon to see whether it's been fixed or not.

The release date is coming up quickly (and really should've happened already) though, and this extra period was declared as just "extra time" to really make it solid. I don't feel that it's working out that way and it scares me a little, honestly.

Re:At this point...

[somersault]

Fair enough, I was just wondering if you were using it for casual use (which I am planning to do, as I said - I've never even heard of beagle actually).

Re:At this point...

[Daengbo]

Beagle is the Mono answer to Spotlight (is that right?), and it'll allow you to do great things like full text, real-time searches on emails, PDFs, and ODF files, but it has had a memory leak for a long time, which means that you can't stay logged in for more than a day. Kind of sucks.

Re:At this point...

[Sarisar]

Where I used to work when they were switching to NT (from OS/2) which wasn't too many years ago, the machines they had in the test room ALL came with 98 disks! I believe they have (this year) finally upgraded to XP so I figure it will be many years before they bother with Vista!

Windows Bites

[DrSkwid]

Film at 11!

I mean, come on, it's hardly news that *EVERY* Windows breaks random stuff.

I rememeber the pain I went through after installing NT Option Pack 4, all sorts of stuff changed in operation. It was sorting that mess out that made me drop my "Microsoft Certified Solutions Provider" ambition.

Re:Windows Bites

[x0n]

> I mean, come on, it's hardly news that *EVERY* Windows breaks random stuff.

And that's hardly news considering it tries to be backwards compatible all the way back to at least DOS 2.1; Can you imagine how hard it must be to NOT break more stuff, seriously?

The fact that people have to rewrite core drivers etc to support this model is a sign that Microsoft is finally putting security ahead of compatibility. This is a Good Thing.

- Oisin

Re:Windows Bites

[DrSkwid]

It's not "a good thing" when they change how database connection pooling works.

It used to be recommended practice to stick the db connection in the session object at session.start.

Option Pack 4 changed this behaviour. But it didn't show up until the websites you had already deployed started to get "un-reproducable" errors. The unpooled connections hung around for 30 mins after the last request for that session. Once the site got enough traffic it started killing the application. Could be 6 months, could be a year. Took a while to work that one out, much to the annoyance of my customers, and at my expense "you wrote it, it must be a bug in your code, bug fixes are covered in our agreement". Getting off the MSDN treadmill was glorious.

Re:Windows Bites

[x0n]

Yes, I do remember being told to do that before, and it was an acceptable practice for low-traffic sites. If your site was too busy however, the idle connections sitting in session objects would eventually block new sessions until the session timed out. Not to sound high and mighty, but I never adopted this pattern; it just didn't make sense for low-traffic sites, since it was a "performance" hack, and low traffic sites perform fine. Implementing it on a high-traffic site only made the problem worse.

You say Option Pack 4 changed this behaviour -- how exactly? Connection pooling was turned OFF by default with OP/4. I'm certain of this, because when building boxes back then, I remember having to set the registry key ( HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\ASP\P arameters\StartConnectionPool ) to a non-zero value and restart IIS 3 for it to take effect.

I'd be interested to hear your ideas on this. Personally, I just think you followed bad advice.

- Oisin

Re:Windows Bites

[sr180]

Meh, theyve done better. A simple MDAC (Data Access Componenets) upgrade to fix security errors and memory leaks completely changed the SQL syntax to Foxpro databases through ODBC. Uninstall was not possible. It was either reformat the machine, or go through every sql query and re-write it to the new syntax.

Re:Windows Bites

[DrSkwid]

Yeah, I know this now.

I got the pattern from Windows System Journal magazine.

The other details are a bit hazy now =)

Re:Windows Bites

[DrSkwid]

I'm glad I got off the train when I did. I've learned so much more about computers since switching to BSDi/BSD/plan9 I can't begin to be greatful enough to Bill G. for that =)

Re:Windows Bites

[plague3106]

It's not "a good thing" when they change how database connection pooling works.

It used to be recommended practice to stick the db connection in the session object at session.start.

Funny, I remember that be recommended practice BEFORE connection pooling. Once you have connection pooling, there's no reason to hang on to a connection. Just open and close away.

Option Pack 4 changed this behaviour. But it didn't show up until the websites you had already deployed started to get "un-reproducable" errors. The unpooled connections hung around for 30 mins after the last request for that session.

Wow, you mean it stuck around until the session expired? Who would have thought that an object stored in session would remain until the session is gone? The unpooled connection stayed around because you didn't close it! Eventually the session expires and it gets cleaned up. Connection pooling was never about keeping a session open and never closing it.. ugh.

Took a while to work that one out, much to the annoyance of my customers, and at my expense "you wrote it, it must be a bug in your code, bug fixes are covered in our agreement". Getting off the MSDN treadmill was glorious.

It was a bug in your code; you weren't closing the connection when you were done with it. Connection pooling meant you didn't need to keep the connection in session. You obviously didn't know what you were doing.

Re:Windows Bites

[ratboy666]

If a recommended practice is followed, and an "upgrade" breaks it... whose fault is it?

Lets put this into perspective: SUN has (or used to have) the "application guarantee". Basically, if your application runs, and can pass several source analysis tools, it SUNs problem if the application breaks after a system upgrade.

Of course, developers are used to the Microsoft model (if it breaks, you now have two pieces -- and we have nothing to do with it).

Caveat Emptor

Ratboy

Re:Windows Bites

[plague3106]

If a recommended practice is followed, and an "upgrade" breaks it... whose fault is it?

It was never a recommended practice to put a connection pooled connection into the session. The whole point of connection pooling is that you don't have to worry about performance hits from opening and closing because open just pulls an already opened connection, and close simply returns it to the pool. Indeed, other posters have said it was not recommended practice to store a connection in the session to begin with.

Lets put this into perspective: SUN has (or used to have) the "application guarantee". Basically, if your application runs, and can pass several source analysis tools, it SUNs problem if the application breaks after a system upgrade.

Well, good for SUN. Of course they don't seem to be doing too hot anymore, are they?

Of course, developers are used to the Microsoft model (if it breaks, you now have two pieces -- and we have nothing to do with it).

Its pretty easy to keep your code seperate from API calls. Anyone that doesn't do this (regardless of targeting MS or Linux) is a fool.

Win-Win

[foundme]

What are these ISVs whinging about? This is almost the perfect opportunity to convince their clients that it is time for another upgrade. But wait, that's not all, as mentioned in the article, the upgrade also requires extensive testing, so it's doubly good news.

Programming wise, I guess this would teach these ISVs a lesson that, if they want to develop custom code, they should probably have a more flexible architecture to accommodate any OS changes, or even make it compatible across different OSs.

I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.

Re:Win-Win

[lucabrasi999]

don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.

Wait a minute! Did you just compare Windows Vista with Ferrari?

Re:Win-Win

[IdleTime]

I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.

Indinapolis 2005 F1 GP - Need I say more?

Re:Win-Win

[JackHolloway]

"I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed"

You missed the USGP last year, then...yes?

(I know it was Michelen and not Bridgestone, but still...)

Re:Win-Win

[foundme]

I thought it was an appropriate comparison.

1. It has its moments of brilliance,
2. It has an almost continuous monopoly in its turf
3. It relies more or less on a single product for its success
4. There is an increasing pressure to challenge its domination
5. Its star is usually arrogant and breaks his seats
6. Its new version is almost always the last to arrive despite promises
7. Its new version always breaks and it takes a few patches to get it up to speed
8. Regulations and rules are introduced mainly to remove its domination

Re:Win-Win

[lucabrasi999]

You forgot

9. Every time you have a problem with a Ferrari, you can fix it with a re-boot.

Re:Win-Win

[andrew71]

Wait a minute! Did you just compare Windows Vista with Ferrari?

Damnit, Jean. We're doomed. Now that we were beginning to catch up.

Re:Win-Win

[eclectro]

Wait a minute! Did you just compare Windows Vista with Ferrari?

It's expensive to own, expensive to fix, and makes you curse like an italian.

Your point is ???

Re:Win-Win

[Grishnakh]

You're missing some important points where the analogy completely fails:

1. Ferraris are built extremely robust, so you can crash at 150+mph and walk away with a few scratches (google for the Enzo which crashed recently in California). I wouldn't call Windows "robust".

2. Ferraris are extremely attractive machines. Windows looks like it was designed by Fisher-Price.

Re:Win-Win

[andreyw]

Well, its not that they ask Ferrari to slow down, its that due to their contract, Ferrari has no choice but remain uncompetitive.

At least I'm glad this year Bridgestone doesn't suck so much compared to last year. I mean Schumi is actually arriving within the top 3, and even winning! /pissed about the V8s though. Stupid.

Re:Win-Win

[furchin]

Plus both are prone to break-ins.

Re:Win-Win

[Metzli]

Why couldn't Bridgestone do that? Shoot, Michelin did that very thing at the U.S. Grand Prix in Indianpolis last year.

http://edition.cnn.com/2005/SPORT/06/19/usa.grand/

Re:Win-Win

[jazman_777]

I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.

It never takes long for the bad car analogies to come crawling out of the woodwork.

Re:Win-Win

[igb]

``I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.''

Indeed. Which explains the full grid at the US Grand Prix.

[[ For those Americans who don't do F1, the US Grand Prix last year was a six-car farce, because Michelin didn't build tyres which could take the fast corners. ]]

ian

Re:Win-Win

No, but michelin can tell its teams to not race because of a fatal flaw in the tires it sent to a race. See US grand prix, 2005.

Re:Win-Win

[tbone1]

I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.

Indinapolis 2005 F1 GP - Need I say more?

Yes, you need to say "Bernie Ecclestone, you and your Euroweenies got out-teched by NASCAR!"

Sorry, but I am still pretty bitter about this.

The difference is, I can decide not to attend other F1 events. How many managers and IT people are allowed to decide to get rid of Windows?

Re:Win-Win

[anno1a]

To me it looks like he's comparing Microsoft to Bridgestone... Then he isn't committing blasphemy in the process, so I can live with that. (Now I just try not to think about who it is he's actually comparing to ferrari)

Re:Win-Win

So where can I get a pirated Ferrari for 3.99?

Re:Win-Win

[Guanine]

Speaking of that crash, this is a link to it.

Haha

[Ecko7889]

Hasta la Vista security.

Re:Haha

[opec]

How long have you been waiting to use that one? :(

Good!

[Southpaw018]

Wasn't it just a couple weeks ago we were lamenting "what could have been"?
Microsoft capitulates and disables large chunks of Vista security by default in order to appease corporate customers. People are up in arms.
Microsoft rewrites architecture to make things more secure. People are up in arms.

Me, I'm with the "Good!" crowd. Make things more difficult for me when I transition. It'll make things easier later on.

Re:Good!

[SteveXE]

Exactly; Why are people getting angry over better security policies? They have to rewrite some code? Boohoo get over it. If they dont want to do it then just stick with XP and all its gaping holes.

Re:Good!

[Spy+der+Mann]

Wasn't it just a couple weeks ago we were lamenting "what could have been"?

See, the real problem with Vista is not whehter it has flaws or not. The real problem is that it keeps being Microsoft.

Remember how IE5 was the best internet browser "ever"? It was fast, it was stable! The old Netscape couldn't even compare to it! But when it dominated the market, well, you know what happened.

I really don't know if Vista will be the best OS ever. What I know is that people will be forced to use it, and that new Microsoft apps will require Vista features to work properly.

It's all about Microsoft. The name's just burnt out, it has nearly zero credibility right now.

Re:Good!

[drsmithy]

What I know is that people will be forced to use it, and that new Microsoft apps will require Vista features to work properly.

And when you say "forced" you mean "go out and buy themselves". And when you say "new Microsoft apps" you mean "new Microsoft apps released 5+ years later".

Re:Good!

[Unnngh!]

I don't see the conflict here. Microsoft wrote a large amount of code for their new OS without, apparently, any high regard for security. The code-test-debug model does not work very well for building security into software products. It needs to be designed to be secure from the ground up. MS has had plenty of time to see this coming, but their reduction in functionality for security purposes screams that this was not how many of the shiny new Vista features were designed. I'm sure it was code-test-debug all the way and you just can't catch everything like that. You can't catch *everything* anyway, but debugging "insecure" code to make it "secure" will just be a rerun of the last four years.

Is it crazy to expect secure, functional, feature-rich applications from vendors?

Re:Good!

[MrNougat]

Make things more difficult for me when I transition.

Also, though it may be difficult, I know I am capable of adapting and succeeding. Others will not be, and they'll get weeded out of the IT field, thereby putting me in more demand. End users, who are used to the current "default installation is completely insecure, but you can do anything you want," will need my assistance more; any time a minor hoop needs to be jumped through to accomplish something (security), they'll throw up their arms and call me to fix it.

Note to Microsoft - make things as difficult as possible. It's my job to figure those things out and administer. For money.

Re:Good!

[utlemming]

Because vendors haven't been given enough time. If MS had planned and presented vendors with specs of how to interface products, then it wouldn't be so bad. But when things keep changing, people get irritated.

Re:Good!

See, the real problem with Vista is not whehter it has flaws or not. The real problem is that it keeps being Microsoft.

"Hate the sinner, love the sin"? Isn't that kind of backwards?

I really don't know if Vista will be the best OS ever. What I know is that people will be forced to use it, and that new Microsoft apps will require Vista features to work properly.

And this is supposed to be different from anything else, uh, how precisely?

I don't know if OS X Leopard will be the best OS ever. What I know is that some of the people who aren't forced to use Vista will be forced to use it, and that new Apple apps will require Leopard features to work properly.

And I don't give a fuck, because that's how things work. New software gets written. It provides better features. People switch to it and use the new features. Big fucking deal. Get over it.

Re:Good!

No, he means forced, as in your pointy-headed boss wastes the IT budget on Vista upgrades and leaves the rest of us to pick up the pieces. Or perhaps you like forced, as in Dell won't sell PCs with anything but Vista and your fellow Slashdotter is stuck supporting it, better?

And no, running Linux isn't some magical cure; it's a royal pain in the ass. It's hardware support is hit and miss, game support is an ugly hack, and the community is full of RTFM types who can't fathom how anyone can ever run into a problem and need help. God some of you are thick if you think it's a real choice for the average user.

Personally, I'd push folks towards the Mac if it weren't for the inherently limited hardware support and high prices because at least Apple's there with software support that works.

Should be expected.

[slusich]

This isn't unexpected. Anytime a really new MS OS comes out it tends to break apps from older versions. Security apps are no exception.
This may be true of other OS's as well, though I'm not familiar enough with them to say.

Bad summary

[Umbral+Blot]

As expected the summary on /. is just trying to be inflammatory. The real gist of the article is as follows: Vista will require some programs to be re-written, espcially ones that interfaced closely with the old operating system. Thus many authentication systems will need to be updated. It's not really unexpected or unheard of for new APIs to break old programs. So if you want to bitch about how Vista is going to make you rewrite your code go ahead (I know I am not looking forward to it), but don't pretend it is a security problem.

Re:Bad summary

[RingDev]

Yeah, it sounds like for the most part, if you are using managed code you should be fine. If you are depending on OS level API calls, you are hosed. Nothing to suprising here. For most Java/.Net apps this isn't the end of the world. For biometrics drivers, and applications that interact with them, yeah, it's going to suck.

-Rick

Re:Bad summary

[NormalVisual]

If you are depending on OS level API calls, you are hosed. Nothing to suprising here.

Yes, because heaven forbid that something as fundamental as the operating system be something other than a moving target from version to version. Witness the plethora of different driver models and APIs that Windows has foisted upon the world over the years, and the ridiculous amount of time developers have to spend just keeping up with the changes.

Re:Bad summary

[evought]

My take is that the ISVs are not as much concerned by the fact that things are changing, but that the product is supposed to be in late beta, and they have no idea what the model is changing *to*. The old interface has gone away and the new interface is incomplete. They will not get a chance to design/develop/test anything during the beta period. This is odd considering that betas exist for *exactly* this reason.

The fact that an architectural change is happening this late in the process is yet another clue into the very ugly inner workings of the MS development team. I can see, perhaps, having some stubbed calls at this point, but not having the API even complete is ludicrous. It also gives MS a major advantage on any security apps it wants to ship.

I'm not a Ub3r-geek, but how is this newsworthy?

[pcgamez]

From what I can tell, TFA is saying that because much of Windows has been rewritten (including logon and authentication), it is going to be a pita to adapt existing software. No frigging kidding. Doesn't this happen with every major update? If so, why is Slashdot even reporting this? It is something that is normal.

goodbye SecurID, VPNs, etc.

[yagu]

A couple of interesting paragraphs in the article:

The good news for users is that those same observers say Vista, which is being touted for its security features, will eventually deliver a more secure and flexible authentication architecture than exists today in Windows.

The issue over the Vista authentication architecture began to emerge last week when RSA CEO Art Coviello lamented in a press interview the fact that Vista is not providing native support initially for RSA's SecureID for Windows. RSA refused to comment further, but the company will have to rewrite its GINA code using the Credential Provider model. Microsoft also refused comment on Coviello's remarks. A company spokesman says the strategic direction now is Smart Cards, which Microsoft is supporting natively in Vista.

Concerning "good news for users", I doubt it. Nothing good has come of Microsoft's perception of "what is good" for users, from the crippled layering of a multi-user paradigm on top of what started out as a single user design (NT/XP over Windows/DOS) to their constant and misguided attempts to create intuitive GUIs (dancing paperclips, self-altering menus with chevrons anyone?). Security is typically hard, and Microsoft will screw this up too.

As for the second paragraphs, could Microsoft again be forcing the hands of third party vendors? Seems they could (indeed, it almost seems likely) wiggle their way into the security market and start charging for different mechanisms of security. Of course that can only happen after they've provided it "free" long enough to get rid of pesky competitors like SecurID (GREAT product, btw) and VPN providers.

I'll fight Microsoft's practices til forever, but I must admit, I'm glad I'm near retirement as far as having to deal with this crap anymore.

Re:goodbye SecurID, VPNs, etc.

[throx]

crippled layering of a multi-user paradigm on top of what started out as a single user design (NT/XP over Windows/DOS)

Oh, please! Learn your OS history. NT/XP never sat on top of DOS, Win3.x or Win9x. The original NT design was actually supposed to support multiuser UI sessions out of the box (hence the entire UI being designed around a client/server RPC model) but it didn't end up that way for any number of performance and time-to-market constraints.

The Vista design could best be described as a multiuser kernel that got hacked up to service a single user GUI that looked a lot like the existing single user product that was on the market, which was then moved into the kernel to improve performance, which then got a multiuser terminal layer hacked over the top (using the multiuser not-GUI-part-of-the-kernel that was already there), which then got morphed into "Fast User Switching".

The multiuser UI in Windows XP/Vista is most definitely a hack, but it's got nothing to do with Win3.x or DOS.

As for the original context - (yawn). OS upgrades change APIs. MS has been working on security so their security APIs are going to change. If you tie yourself to MS, then you get to do some work to use their new APIs. Nothing to see here - move along.

Re:goodbye SecurID, VPNs, etc.

[yagu]

Oh, please! Learn your OS history. NT/XP never sat on top of DOS, Win3.x or Win9x

Never said it (they) did. Actually if you look at your direct quote from my post, I used the term "paradigm". So, in that context, let me expand a bit: the paradigm was very much an assumption, one machine/computer, one user, hence the bizarre logical drives, all accessible to all levels by all users (by default at least -- yes, that's now changing, welcome to century 21).

As for intent, I was on the original NT Beta support team at Microsoft (there were 16 of us), and after walking in the door, I immediately began asking for information on setting up my machine with a multi-user configuration. The team treated me like I was some sort of nut case -- they emphasized multi-user meant multiple users could access services on one machine (file services, not new in NT though, etc.), not multiple users logged onto one machine.

They were barely comfortable with the notion of more than one user ever using one machine, even one user at a time!

As for all of this being a hack, you are absolutely right. I would actually probably be less adversarial with Microsoft if they were more candid about things like this, but to read their literature, they concede nothing, ever. (For example, the initial security access levels "rings" in the NT kernel were elegantly designed and promptly trampled to allow performance by granting direct video hardware access to non-privileged code -- go figure.)

I joined Microsoft in 1992 excited about being a part of what I thought was a sea change in their OS direction. I left shortly after when behind closed doors I discovered it was a facade designed to show Microsoft was ready to play on the same court with the big boys (namely, Unix). Unfortunately, they weren't. Unfortunately, they got away with it. Unfortunately, even today, they don't stand up to hardened Unix systems (they're closer than ever, but still not there).

Re:goodbye SecurID, VPNs, etc.

[throx]

Never said it (they) did. Actually if you look at your direct quote from my post, I used the term "paradigm".

Granted, but reading it literally certainly implies that NT/XP sat over Windows/DOS. Now that you've expanded on what you meant, I definitely agree that the paradigm was lifted straight from Windows/DOS (or probably more strictly OS/2 1.x, then morphed to Win3.x).

In an interesting followup, I don't think moving the GDI into the kernel was that big of a deal. Most operating systems have done this to some extent and it really didn't affect the stability of NT at all. I read big articles at the time on how terrible it was that the GUI crashing would crash the OS, but guess what - grab your NT 3.51 installation and terminate csrss.exe and see what happens. Blue screen. (This still happens on Vista btw). THAT is bad design, for sure.

Again, interestingly enough, the new GUI drivers are going back the other way with the majority of the driver code being pulled back out to user mode and a small amount being left in the kernel as a conduit to the hardware. A whole bunch of other drivers are now user mode apps (mostly USB and Audio drivers). Interesting the way the wheel spins.

And, I absolutely agree that Windows doesn't stand up to the big commercial Unixes (or non-Unixes for that matter) in terms of stability and reliability. Getting better, but not there.

Re:goodbye SecurID, VPNs, etc.

[dbIII]

Oh, please! Learn your OS history. NT/XP never sat on top of DOS

Do you really think the previous poster meant this by using the word "over"? The way I read it is that the single user roots of MSDOS to WinME have overwhelmed the original multiuser NT system and made it a mess where many applications will not run properly without administrator priveliges.

Re:goodbye SecurID, VPNs, etc.

[NormalVisual]

Most operating systems have done this to some extent and it really didn't affect the stability of NT at all

Count yourself lucky that you didn't have the misfortune to have to deal with buggy video drivers then. Nothing brought more joy to my face than suffering frequent crashes due to a viddy driver problem only to have the card manufacturer disavow responsibility for it. Yes, Cirrus Logic, I'm looking at you. Great - because the OS lets display drivers play where they shouldn't, I now have to buy another display card and hope that the drivers for THAT one aren't broken...

It sure would have been nice to have gotten a command prompt instead of forcing a reboot, or better yet, not required a GUI to actually get anything done.

Re:goodbye SecurID, VPNs, etc.

Yea for sure ALL VERSIONS OF M$ Corp crap sit ontop of DOS they just hide it even deeper in the CRUD.

Re:goodbye SecurID, VPNs, etc.

[Scudsucker]

Yes, Cirrus Logic, I'm looking at you.

Huh, I was sure you were going to say ATI. I knew a guy who worked for Gateway's phone support about 7-10 years ago, and anytime someone would mention ATI he would fly into a 10 minute rant about what a POS company they were.

Re:goodbye SecurID, VPNs, etc.

[throx]

Count yourself lucky that you didn't have the misfortune to have to deal with buggy video drivers then.

Buggy video drivers would take down NT 3.51 just as fast as NT 4.0. If you'd read my post, you'd notice that the video driver crashing in user mode in 3.51 would bring down csrss.exe which resulted in the machine blue screening anyway.

I dealt with plenty of buggy video drivers in 3.51 and 4.0 and the end result was the same in either case - a blue screen.

Now, you are absolutely correct that a command prompt would have been better than a blue screen, but that's not the way it worked in 3.51 so you can't make a case that moving the GUI to the kernel reduced stability because in either case a bug led to a blue screen.

Problem Solved

[__aalnoi707]

"Not only the vendors, but the customers that have [authentication systems] already deployed are going to go through a lot of pain," says one ISV who asked not to be named. "We knew there were going to be changes, but we didn't know there would be wholesale changes."

Dont use windows use Linux problem solved

Re:Problem Solved

[Rosco+P.+Coltrane]

Dont use windows use Linux problem solved

In other news, random Slashdot user creeves1982 blurts out the usual Slashdot banality about Linux.

It's not so simple and you know it. You can use Linux. I can use Linux, but many MANY people can't use anything but Windows, because they're not computer-oriented, have been trained with Windows-XX and Word/Excel-YY and wouldn't conceive anything else exists, must less be able to use it.

That's how the world is. Microsoft is still the biggest OS and software vendor in the world despite its many shortcomings and its outrageous economic practices because the Windows userbase is massively reluctant to change. The real challenge is to make Linux truly as user-friendly as Windows, and to get users to discover it and get used to it. Simply saying "use linux problem solved" is childish.

Re:Problem Solved

Yeah, cause Linux never has low level compatibility updates between releases. Give me a break. Linux is not a cure all. For example, figuring out whether a program is being compiled on an SMP aware Linux system requires looking in a different directory for a specific include file, depending on whether the kernel is 2.2, 2.4 or 2.6. And of course, for certain distros it will be in a completely different location (and if you give the wrong include directory, there is an identically named file in /usr/include which will be snapped up and used, even though it gives no SMP info, so it's hard to tell you failed). Other aspects of the Linux API change in subtle but annoying ways that will break older code that relied on specific behaviors.

Of course, most programs don't need to know whether it is being compiled on an SMP enabled Linux system. Similarly, most people don't need to know much about the low level Windows API. But when programs are written that rely on it, major updates tend to cause breaks. Don't blame Microsoft for that. Be thankful they are trying to make the API more robust. Hell of a lot better than releasing "Windows XP: Vista Edition with nifty keen graphics" and no actual under the hood improvements.

Re:Problem Solved

It is no more childish than, oh, you want to have the wonderful privledge of having a secure OS after all these years?
Ok, go ahead and pay us $100 up front for the upgrade plus an additional $200 down the road when you try to do some of the things that you have been doing for years and are no longer able to and we will unlock that superspecial functionality for you through our website's online store.

Oh, by the way, you *may* need to do some minor upgrades to get everything running ship-shape...

Stop by your local Best Buy/Circuit City/Frys/CompUSA/etc. and pick up a $300 graphics card plus an additional $150 in memory and you can keep on doing what you have been doing for years all because we are not big fans of backwards compatability.

By the way, starting 6 weeks after our release date, all of our ISVs have agreed to stop supporting XP so that you can no longer use updated versions of anything anymore because we have all come to the consensus that it is far to damn difficult to make something work in both XP and Vista while not exposing the OS to numberous security holes or creating an inconsistent UI for our consumers.

Yep, now that is childish.

Re:Problem Solved

[mangu]

The real challenge is to make Linux truly as user-friendly as Windows, and to get users to discover it and get used to it.

You are both right and wrong there. I agree that getting users to shift to Linux is really a big problem, but Linux has been more user-friendly and easy to use than Windows for several years now, both for newcomers (example: the main menu that appears when you click at the lower left side of the screen is labeled by function in Linux, rather than by software vendor as in Windows) and for power users (example: mid-click to paste the selection).

Re:Problem Solved

[whitehatlurker]

MANY people can't use anything but Windows, because they're not computer-oriented, have been trained with Windows-XX and Word/Excel-YY and wouldn't conceive anything else exists, must less be able to use it.

Well, that's the problem - MicroSoft is a victim of its own success and will have to make sure that they don't make things too difficult to learn for the people migrating from older versions of Windows. If Vista is too different, some of those people may actually go over to Linux (or Mac OS X, or AmigaOS - okay, maybe not AmigaOS, but check the .sig below).

I personally doubt that this will happen, but it's a possibility.

Re:Problem Solved

[Grishnakh]

It's not so simple and you know it. You can use Linux. I can use Linux, but many MANY people can't use anything but Windows, because they're not computer-oriented, have been trained with Windows-XX and Word/Excel-YY and wouldn't conceive anything else exists, must less be able to use it.

So what are all these people going to do when Vista comes out and it's totally different from XP, just like XP was totally different from 2k and 98? Sounds like they'll need retraining. Why not retrain them for something else instead?

Re:Problem Solved

[Ubernurd]

You have raised a couple of fairly superficial points. Sure, the UI is what the user relates to and the intuitiveness of it is directly proportional to the adoption rate of the software. However, you try teaching my grandma (82 yrs old) how to install a new program from an rpm. Even with apt-get. Don't even get me started on compiling from source. The command line is a strange and mysterious place to her and is pretty much out of the question.

In windows, she can just "click here" and the installer does the rest. All she has to do is click "Next, I agree, Next^N, Finish" and she's done. She doesn't need to know anything about version numbering or dependencies, etc. Of course, that's how easy it is to install all sorts of other crap on Windows, too.

Granted, things like the Synaptic package manager on Ubuntu are just about that easy but what if she wants an app that doesn't appear in that list?

Or what if the Linux installer doesn't auto-detect her printer correctly? Good luck, Grandma!

Don't get me wrong. I think package management and the whole user experience in Linux have come a long way over the years and Linux is ALMOST ready for the desktop. To say that it has been ready for several years I think is a stretch.

Who cares about my grandma? Well, that's just my usual usability metric. Substitute with any computer near-illiterate for the same effect.

Re:Problem Solved

[mangu]

In windows, she can just "click here" and the installer does the rest. All she has to do is click "Next, I agree, Next^N, Finish" and she's done.

But where did your grandma get the installation CD? How did she know which CD to get? Or where to download the software? What if the software your grandma wanst isn't in superdownloads.com? Last time I saw, there were a total of about 18000 available packages in the repositories that come in the standard Ubuntu distribution.

In Linux, (well, in Ubuntu, at least) all your grandma has to do is go to the "system" menu and click on the "package manager" entry, which runs Adept. In the program there's a text box labeled "quick filter", your grandma can type anything there, the software will look over the repositories for packages that have that string, either in the package name, or in the description, or in the maintainer's name. She will be shown a list of matching packages, together with the description of each and the current state, whether that package is installed or not.

If she wants, she can install available packages or remove installed ones at the click of a button. No need to click "Next" on anything, no need to click "I Agree" anywhere. No need to worry about version numbers, no need to worry about dependencies (what was that vbrun.dll version, exactly?), once you click just once on that clearly labeled "Install Package" button, everything is taken care of, the package manager's job is to verify and install everything that's needed.

If Linux is just "almost" ready for the desktop, then Windows XP is definitely very far from being ready.

Re:Problem Solved

[dbIII]

The real challenge is to make Linux truly as user-friendly as Windows, and to get users to discover it and get used to it

No, that's the job of the applications. With Netscape Navigator you didn't have to care what platform you were on - the same with Firefox and many other applications. In many cases you could even say now to use linux and exactly the same applications as before and the paticular problem is solved.

Re:Problem Solved

[Americano]

Yay. We can retrain all our Windows users to use Linux. Maybe they can recompile their kernels and mess around with KDE eyecandy settings while waiting for the software they use on Windows to be ported?

To all of you Linux folks out there who have this dream that corporations around the world will wake up tomorrow, and decide to migrate to Linux en masse:

WAKE UP.

It's not going to happen anytime soon. Your pursuit of the windows desktop market will be a long, slow, uphill battle. Linux is NOT as "user friendly" as Windows is today; And by "user friendly", I don't mean "Wow, look, a GUI!" I mean, "Wow, look, a consistent, well-thought out, familiar, intuitive, clean GUI! Oh, and all my peripherals & software that I'm used to work, too!!!"

The simple fact is, Linux has a long way to go before "average" home users, and "average" corporate users will be able to use it. It simply doesn't have the application & driver support, and it doesn't present a compelling reason to change from Windows. "Linux != Windows" is NOT a good enough reason in most users' minds. Neither is "You can do all the same things in Linux that you do on Windows!" I know that, for all the slagging Windows gets here, I have rarely had any issues with my Windows XP Pro system, from a security, usability, or stability standpoint. No more so than I had with Fedora Core 4, or Gentoo, certainly.

Re:Problem Solved

[Grishnakh]

Maybe they can recompile their kernels

Don't be an idiot. No one recompiles their kernels any more unless they really want to. This isn't 1999.

And by "user friendly", I don't mean "Wow, look, a GUI!" I mean, "Wow, look, a consistent, well-thought out, familiar, intuitive, clean GUI!

You must not be talking about Windows, because it most certainly does not have a consistent, well thought-out, and intuitive GUI. MS's idea of "intuitive" is hiding menu options from you, so the menus are different every time you use them. Yeah, great idea there. They don't even hide the least frequently used items like you'd think, at least on my Server 2003 system, because they keep hiding the two apps I use the most. KDE has a far more well thought-out GUI than any Windows version I've ever used.

I know that, for all the slagging Windows gets here, I have rarely had any issues with my Windows XP Pro system, from a security, usability, or stability standpoint.

Yeah, I don't have any security problems with my XP Pro system either. Of course, I have to apply security patches pushed by my IT department nearly every day, and to do so I have to drop everything I'm doing while the patch is downloaded and applied and then reboot after each patch, wasting lots of time. And I have to watch out for signs at the security stations every day I come into work, warning about the latest email virus so I know not to click on any attachments that day until IT pushes yet another patch out to the antivirus software.

It simply doesn't have the application & driver support

What drivers is it missing that are needed in a corporate environment? No one needs 3D graphics for their work desktop, and they certainly don't need support for the latest obscure USB gadgets. They also don't need drivers for some piece-of-shit $30 inkjet printer, because workplaces use high-end laser printers with Postscript support. Driver support is NOT a problem for Linux in the workplace.

Applications: most people at work do most of their work with office applications: word processors, spreadsheets, etc. This is all covered quite nicely by Koffice and OpenOffice.org, both with support for the ODF open document standard mandated by the State of Massachusetts and drawing interest by many other national governments. OOo even imports and exports MS Office documents quite well. As long as your organization standardizes on ODF, you'll have the application support for most general tasks. The only reason applications might be a problem are 1) you need some specialized app that only works on Windows (e.g., AutoCAD), or 2) your management is simply addicted to MS's crackware and refuses to try anything different.

Re:Problem Solved

WHAT are you whittering on about in all the years i have been running Linux i hVe never had these problems that people like you seem to suffer from you must be doin something real dumb assed strange or be one of the it aint windBloZe so I'll whinge like crap brigade..

Pete .

Re:Problem Solved

[vadim_t]

What are you compiling, I wonder?

I've never seen a program that needs to be built differently depending on whether the host is SMP or not. If it does exist, that's just horrible design. If it supports an optimization with multiple CPUs, it should detect that at runtime instead.

Re:Problem Solved

[Americano]

Don't be an idiot. No one recompiles their kernels any more unless they really want to. This isn't 1999.

The point is & was that if the software a person needs to work is not available on Linux, then ALL a user will be able to do is engage in a pointless round of FOSS wankery. I know that "most" will not recompile their kernel today -- but "Look, I've got this great Linux system. It's Free & Open Source! What can I do on it? Weeeelll.... I'm waiting for them to install my software... it's being written now..."

MS's idea of "intuitive" is hiding menu options from you, so the menus are different every time you use them.

Exaggeration for effect, or you have the only buggy install of Office & XP that I've ever heard of. Yes, they hide "infrequently used" options. YES, you can turn that option off so that all the menu options are always available.

Of course, I have to apply security patches pushed by my IT department nearly every day, and to do so I have to drop everything I'm doing while the patch is downloaded and applied and then reboot after each patch, wasting lots of time.

If that's literally true, then your Windows admins are idiots. Tell me, what manufacturer is pushing out new security patches "nearly every day"? Certainly not Microsoft. I call bullshit on your claim. What's more likely is that once every few weeks, your system admins distribute a patch bundle via some automated push tool, and you MIGHT have to reboot then. But of course, that doesn't sound as incriminating for Windows, does it? And lord knows, no Linux app has ever been released with a security hole that needs to be patched after install on a user's desktop... right firefox?

And I have to watch out for signs at the security stations every day I come into work, warning about the latest email virus so I know not to click on any attachments that day until IT pushes yet another patch out to the antivirus software.

Funny... are you actually telling me you're a Linux evangelist who has to be specifically told not to click on attachments from people you don't know, or that you're not expecting? As for the antivirus updates, if your IT department is doing their job properly: 1) your a/v software should check for updates daily; 2) You should be trained to ONLY open attachments from trusted sources, and only then, when you're actually EXPECTING an email with an attachment from that person. I know I don't get very many unsolicited powerpoint presentations attached to emails at work. I really can't remember the last time a "big bad email virus" affected me at work. Probably Melissa, back in 1999.

What drivers is it missing that are needed in a corporate environment?

Well, for starters, my IBM Thinkpad's wireless card doesn't work under Linux. At all. My company chose to go with the Orinoco Gold PC cards for laptops without integrated wireless, and the chipset on my particular revision is, at least as of ~9 months ago, completely unsupported by any Linux distro or third-party driver. So that's one for starters... I'm sure that other people could name some others.

Applications: most people at work do most of their work with office applications: word processors, spreadsheets, etc. This is all covered quite nicely by Koffice and OpenOffice.org, both with support for the ODF open document standard mandated by the State of Massachusetts and drawing interest by many other national governments. OOo even imports and exports MS Office documents quite well. As long as your organization standardizes on ODF, you'll have the application support for most general tasks. The only reason applications might be a problem are 1) you need some specialized app that only works on Windows (e.g., AutoCAD), or 2) your management is simply addicted to MS's crackware and refuses to try anything different.

It's not a case of being "addicted" to anything. Look at what you just said: "As

Re:Problem Solved

[Grishnakh]

The point is & was that if the software a person needs to work is not available on Linux, then ALL a user will be able to do is engage in a pointless round of FOSS wankery. I know that "most" will not recompile their kernel today -- but "Look, I've got this great Linux system. It's Free & Open Source! What can I do on it? Weeeelll.... I'm waiting for them to install my software... it's being written now..."

This is pure exaggeration and sensationalism. If the software you need is not available, then obviously you use the platform which has the software you need. I already went over this in my earlier message (my example was AutoCAD).

Exaggeration for effect, or you have the only buggy install of Office & XP that I've ever heard of. Yes, they hide "infrequently used" options. YES, you can turn that option off so that all the menu options are always available.

I see this just on the Server 2003 menus (not XP). And this is professionally maintained by the IT department for a Fortune 100 company, so if they can't figure it out, then no one can.

If that's literally true, then your Windows admins are idiots. Tell me, what manufacturer is pushing out new security patches "nearly every day"? Certainly not Microsoft. I call bullshit on your claim. What's more likely is that once every few weeks, your system admins distribute a patch bundle via some automated push tool, and you MIGHT have to reboot then. But of course, that doesn't sound as incriminating for Windows, does it? And lord knows, no Linux app has ever been released with a security hole that needs to be patched after install on a user's desktop... right firefox?

Again, my company is a Fortune 100 and a leader in the tech sector. If the IT department here can't figure it out, then there's a big problem.

I might have exaggerated a little on the "nearly every day", but there's definitely at least one (many times more, sometimes less) patch per week. The fact that I have to stop everything I'm doing, and then reboot is the worst part.

Of course I have security patches on my Linux systems too. The nice thing is, they don't interrupt me. I click "go" (SUSE 10.0 here) and it does the updates in the background, and then I don't even have to reboot!

As for Firefox, same thing. Just patch, and restart the application. No rebooting required. MS has had over a decade to fix that, and they haven't.

Funny... are you actually telling me you're a Linux evangelist who has to be specifically told not to click on attachments from people you don't know, or that you're not expecting?

Of course I don't, but why should I even bother being careful? I should be able to click on anything in the mail reader without it infecting the system with malware. Anything less is utterly ridiculous. What kind of moron would actually design an email application to automatically open and execute (executable) attachments? The fact is, in Linux, this is simply not a concern. Unsavvy users can be as reckless as they want, and it's unlikely any serious harm will come of it.

Well, for starters, my IBM Thinkpad's wireless card doesn't work under Linux. At all. My company chose to go with the Orinoco Gold PC cards for laptops without integrated wireless, and the chipset on my particular revision is, at least as of ~9 months ago, completely unsupported by any Linux distro or third-party driver. So that's one for starters... I'm sure that other people could name some others.

This is really simple for anyone with a brain: you only buy hardware that is known to have Linux support. Get Intel Centrino, not some cheap-ass Orinoco crap. People already know that many cheap-ass devices have buggy Windows drivers that screw up their systems, so even in the Windows world it's smart to check out the hardware you're buying before just picking the cheapest option.

While using Linux may be perfectly appropriate for corporate use in the IT department, on servers, even maybe b

Re:Problem Solved

[Americano]

This is pure exaggeration and sensationalism. If the software you need is not available, then obviously you use the platform which has the software you need. I already went over this in my earlier message (my example was AutoCAD).

No more exaggerated or sensational than your claim of at least one, sometimes several, patches to apply to your system every week, and having to reboot after every patch or upgrade. I seriously want to know which software company you're working with that is dropping critical patch fixes every week, sometimes several in a week. I want to be sure to NEVER, EVER buy their products. Or could it be that you're just exaggerating for effect, still?

As for choosing the platform which has the software you need -- this is exactly my point. A conversion to Linux "just because we don't want to use Vista" is not a good enough reason to convert. If the software people need to run is written for Vista, then companies will continue using Vista. If a suitable alternative exists for Linux, then companies can consider Linux. "Just train them on Linux instead of Vista," is a very glib statement to make, and it sounds "just that easy," but it's really not when you start looking at the work involved.

Of course I don't, but why should I even bother being careful?

Wow. Just... wow. Your analogy is akin to saying, "Well you drive a Hyundai, so you better be careful. I have a Volvo, so I can drive recklessly." Recklessness + stupidity will always equal problems, regardless of your system's operating system. You may walk away from the crash in a little better condition, but you still cost yourself a metric fuck-ton of money, effort, and hassle with your recklessness.

This is really simple for anyone with a brain: you only buy hardware that is known to have Linux support. Get Intel Centrino, not some cheap-ass Orinoco crap. People already know that many cheap-ass devices have buggy Windows drivers that screw up their systems, so even in the Windows world it's smart to check out the hardware you're buying before just picking the cheapest option.

Once again, you miss the point by a mile. Let me spell it out for you: THERE IS AN EXISTING INVESTMENT IN HARDWARE that must be supported if a company is going to switch over to Linux on that hardware. Unless you're actually suggesting a company go out and buy 10 - 15 thousand new laptop systems so that they can switch? The simple fact here is that my company bought these wireless cards for about 5000 laptops that didn't have integrated wireless in them... if they switched to Linux, those wireless cards would cease to function. I'm sure if you went and talked to companies, there's a lot of similar stories that would block adoption of linux at many other places in similar ways. Now, the company COULD phase in Linux as it replaces systems, but then they're buying the cost of a protracted conversion, and the effort of maintaining two separate, interoperable infrastructures for their Linux & Windows systems, thus delaying any ROI even more.

Maybe not for many places, and maybe not overnight, but they'd be smart to start thinking about migrating, because their smaller competitors who aren't as invested in the MS infrastructure and lock-in will be able to switch much more easily and cheaply, and will have drastically lower IT costs because of it in time.

Of course they're *thinking* about migrating, I never said they shouldn't. It's this notion that sometime in the next 3 years, every company is just going to rebel against Microsoft products (which, for all their issues & eccentricities, *do* work just fine for most people,) and say, "No thanks, we've got Linux" which is, quite simply, a pipe dream.

As far as "drastically lower IT costs," I think the question is still up in the air as to which is lower cost to operate. I've seen studies that say Linux is hands down the cheapest, and I've seen studies that say Microsoft is hands-down the ch

Re:Problem Solved

[Grishnakh]

I seriously want to know which software company you're working with that is dropping critical patch fixes every week, sometimes several in a week. I want to be sure to NEVER, EVER buy their products.

It's a hardware company, not a software company. And it's probably the largest semiconductor maker in the world.

Wow. Just... wow. Your analogy is akin to saying, "Well you drive a Hyundai, so you better be careful. I have a Volvo, so I can drive recklessly." Recklessness + stupidity will always equal problems, regardless of your system's operating system. You may walk away from the crash in a little better condition, but you still cost yourself a metric fuck-ton of money, effort, and hassle with your recklessness.

This isn't quite right. A better analogy is "well, you drive a Yugo, so you better be careful driving because the slightest bump in the road will cause the wheel to fall off and your car to crash and then promptly explode. I drive a Toyota, so I can drive on normal roads without constantly worrying about my wheels falling off or my car exploding."

Seriously, if you actually think an email client that automatically executes a file attached to an email is not the most ridiculous and idiotic design feature, then there's something wrong with you.

Once again, you miss the point by a mile. Let me spell it out for you: THERE IS AN EXISTING INVESTMENT IN HARDWARE that must be supported if a company is going to switch over to Linux on that hardware.

The reality is that most hardware is well-supported. Wireless networking cards are the big exception. New wireless cards really aren't very expensive, if that's the only missing piece.

Re:Problem Solved

[Americano]

It's a hardware company, not a software company. And it's probably the largest semiconductor maker in the world.

Perhaps I'm missing something here. How is it Microsoft's fault that a hardware company you do business with keeps issuing critical patches & updates for their hardware? I'm sorry, but an occasional reboot cycle is not *that* onerous a task. I'd take much larger issue with the "largest semiconductor maker in the world" apparently being unable to get their shit in order enough to drop you a sane release that isn't full of holes & flaws needing constant patching & updates. From what you've told me, I'm simply unimpressed with the state of IT at these "fortune 100" companies, and the "largest semiconductor mfgr in the world." Yes, the reboot can be disruptive, and yes, Microsoft can improve that, I'll agree with you to that extent. But if you're constantly rebooting critical systems for ANY reason, that's a problem... and if the only reason you're doing so is because a particular hardware vendor keeps issuing firmware updates or something like that, then they really need to figure out a way to get their projects under control.

This isn't quite right. A better analogy is "well, you drive a Yugo, so you better be careful driving because the slightest bump in the road will cause the wheel to fall off and your car to crash and then promptly explode. I drive a Toyota, so I can drive on normal roads without constantly worrying about my wheels falling off or my car exploding."

No, that's not a better analogy. It would only be better if Windows, during normal operation, was prone to spontaneous crashes for no reason whatsoever. In practice, recent releases of Windows are reasonably stable, and reasonably reliable, if you take care of it properly -- much like a Hyundai. Linux may be better designed & more "safe" by default, but it still needs to be taken care of properly, and maintained properly, as well -- just like a Volvo. And just to remind you, since you seem intent on forgetting what you initially said:

"[...] why should I even bother being careful? [...] Unsavvy users can be as reckless as they want, and it's unlikely any serious harm will come of it."

Reckless driving will get you killed, injured, or in a lot of trouble no matter how well designed your car is. Perhaps you're a little safer in a Volvo than a Hyundai (or a Yugo), but you are not immune to harm, and reckless driving only compounds your vulnerability.

The reality is that most hardware is well-supported. Wireless networking cards are the big exception. New wireless cards really aren't very expensive, if that's the only missing piece.

You asked for a real example, and I provided one. Yes, most common "business class" hardware may be supported. My initial point stated that there were problems with both hardware drivers AND applications being unavailable for Linux, in response to your comment about "Well why don't companies just train their users in Linux instead of Vista, since Vista's so different from XP that it'll require training." What it boils down to is that most companies have a sizable investment in both their hardware & their applications, and if all they're doing is replacing Microsoft with Linux, and the two run on the same types of hardware, and cost about the same in terms of support, then you're looking at a very long return on investment phase for a company to invest the huge amount of time & effort in retraining employees, and reworking their internal infrastructure to be Linux only.

In other news ...

[l2718]

It has recently been determined that new versions of operating systems are not always 100% backward-compatible.

Wow, sudo means repeating signon

[cnettel]

Basically, what's this is all about is that the way to alter the login process in Windows, all the way back to NT 3.1, has been a custom "GINA", that replaced part of the Ctrl-Alt-Del login process. Naturally, a lengthy biometric process migth be fine if you do it once a day, but it will both need new software and possibly some thought to work well with a LUA approach, where you need to repeat your credentials more frequently for specific operations. This is basically no different from using sudo or doing admin operations in MacOS X. It's also no different from that you can't use a custom GINA to run a specific app as admin in current Windows versions.

Re:Wow, sudo means repeating signon

[mattyrobinson69]

sudo isn't the answer, PAM is.

Re:Wow, sudo means repeating signon

[gardyloo]

[...] a custom "GINA", that replaced part of the Ctrl-Alt-Del login process. Naturally, a lengthy biometric process migth be fine if you do it once a day [...]

      Hm. You're saying that interfacing to a 'gina will be a lengthy process? I'll volunteer!

Re:Wow, sudo means repeating signon

[jZnat]

And sudo uses PAM. Your point?

Re:Wow, sudo means repeating signon

The point is that you don't need to use sudo.

Re:Wow, sudo means repeating signon

[mattyrobinson69]

you were pointing to sudo, which is just a 'frontend' if you will, to pam. I was pointing to pam because its the backend that does all the actual work.

Re:Wow, sudo means repeating signon

[Alioth]

You *can* use 'runas' as a sort of equivalent to su in existing Windows versions. If you run 'cmd.exe' with runas, well, it pretty much works like 'su - ' on Unix.

Backwards Compatibility

[TwentyLeaguesUnderLa]

IANSE (I am not a software engineer), but this might not be a "feature" not a "bug".

It's expected that migrating to a new architecture would require, well, rewriting of existing code that worked with the old OS. Wouldn't there be more cause to worry if Vista supported all of the OLD authentication mechanisms as well as its own ones, since maintaining backwards compatibility seems like it could introduce unnecessary security holes?

Re:Backwards Compatibility

IANSE (I am not a software engineer), ....

And you still have the time to post on slashdot? What are you? Unemployed?

Not really that surprising

[eskimoboy]

Every time a new software version comes out, especially one like this with so many changes, you're bound to see compatibility issues with old software. Not to rattle up any of the Microsoft haters here, but personally I could see how the change could be welcomed as finally an resolution to the security problems that are always associated with Windows products. Then again, I'm not running any company where I would have to realize the costs of the updates.

Re:Not really that surprising

[pallmall1]

Every time a new software version comes out, especially one like this with so many changes, you're bound to see compatibility issues with old software.

I agree. From the article:

ISVs also have to completely rewrite and certify the custom code they write to interface with Winlogon, the Windows process that manages logon and logoff.

If major portions of a system have to be completely redone and recertified, why not redo and certify for a non-Microsoft environment. I've never understood why people feel they have to not only suffer from using an inferior product, but also pay huge fees for the *privilege*. There has never been a better time to break away from Microsoft.

MOD -1 redundant

Everybody knows that decent sized corporates will be running linux before MSFT ship Vista. Mom and pop aren't affected by this, fortunate for MS that they can continue to use an overpriced toy OS.

Re:MOD -1 redundant

[TorAvalon]

Really??? you wouldn't have facts or figures or even percentages would you?

Re:MOD -1 redundant

I would; Windows is 100% crap.

Somewhat redundant

[JediLow]

Saying that Vista is going to cause 'headaches' because the old login software isn't compatiable with it is sort of redundant isn't it? Since Vista is a new architecture and is abandoning GINA for CTP why would anyone expect the programs written for GINA to work?

The more interesting question (imho) is why Microsoft abandoning GINA since "the company had started talking about it at its Professional Developers Conference last September."

Re:Somewhat redundant

[cnettel]

You're taking that quote out of context. They were starting to mention that it would be phased out back in September. GINA has been with us/Windows forever. Custom GINAs never worked well with fast user switching and "Run as" in XP, either, so it's not surprising that it's replaced.

Re:Somewhat redundant

[Aryeh+Goretsky]

Hello, OP is right on target. There are quite a few programs which interface with the operating system that I am expecting will need to be updated. In no particular order:

1. Security - anti-virus, anti-spyware, firewall, IPS/IDS
2. Backup - traditional (tape) backup, CD and DVD disc burning software, disk imaging software
3. Performance tuning/optimization - disk defragmentation, registery tweakers/cleaners and so forth

Also, applications such as games and productivity software which were intended to be run under an Administrator account under Windows XP and earlier operating systems might need to be updated as well in order to work under Windows Vista without presenting an annoying number of dialogs.

Regards,

Aryeh Goretsky

Re:Somewhat redundant

[Alioth]

I wrote a custom GINA for a project I was on in the NT 4.0 days. The reason why GINA is going is the same as what we found - it's inflexible and it's a crap approach. GINA makes PAM on Unix look like paradise.

Interesting..

[onion2k]

On the one hand I'm feeling that this sort of doomsaying article is merely an excuse for the producers of authentication systems to ramp up their prices in a "but this is an whole new version .. no upgrades possible .. you'll need to relicense!" scam.

On the other hand it's true than the winlogon stuff in Vista Beta isn't entirely complete, and consequently I have to wonder what Microsoft mean by 'beta'? When I (and lots of other people) release a beta it's basically feature-complete and API-locked, but isn't entirely tested .. no major differences are likely between the beta and the final. If MSFT are releasing beta software than isn't complete then why are they calling it a beta instead of an alpha or preview?

As for MS GINA being dropped .. I hope that VA release a version instead .. they could integrate it into sourceforge or something. *chuckle*

Re:Interesting..

[ralph+alpha]

Because while the new logon stuff might be alpha or preview quality, the rest of the operating system (the sum of its features) probably are. One incomplete area compared to the tons of features in Vista probably isn't enough to downgrade its status from beta to alpha.

Re:Interesting..

When I (and lots of other people) release a beta it's basically feature-complete and API-locked, but isn't entirely tested .. no major differences are likely between the beta and the final. If MSFT are releasing beta software than isn't complete then why are they calling it a beta instead of an alpha or preview?

When Apple released beta software that wasn't complete, why did they call it OS X 10.0 instead of an alpha or preview? Goodness only knows. Maybe companies do crazy shit from time to time.

Re:Interesting..

[Nurgled]

My company generally releases betas that are complete in some respects but not others, in order to get feedback on those components that are complete. It's only when we hit "release candidate" stage that we are saying that the software is, as far as we are aware, ready to be the stable release should we get no further bug reports.

Re:Interesting..

[Emetophobe]

As for MS GINA being dropped .. I hope that VA release a version instead .. they could integrate it into sourceforge or something. *chuckle*

I heard VA was going to release a version, called VA GINA.

While you're at it...

[BrynM]

From TFA

During migrations, users will have key security infrastructures that straddle two different authentication environments, one for Vista and one for earlier versions of Windows, until migrations are complete... In addition, users with any homegrown authentication mechanisms linked to Windows will have to rewrite their code from the ground up... That task will be painful in part because ISVs say Vista's new authentication architecture is incomplete in the beta released in February.

Why wait for headaches when you could just start porting your authentication systems to any platform except Windows right now? Then, while everyone else is going throught the "dual Win32 backdoor^^^^^^^^authentication" period hell, you can just laugh and say "I did that over a year ago and I won't have to do it again becuase I moved away from MS Products completely".

Re:While you're at it...

[0racle]

And imagine all the free time your employees will have when the no longer have to use computers because you moved to a platform that runs none of your applications.

Move off Windows is not always the answer, in fact, rarely is it the answer. It's just a stupid statement.

Re:While you're at it...

[deacon]

Maybe it's time to look at some new applications. People did that when they moved from expensive VAXs (that worked) to cheap PCs that were rolling on the floor laughably crippled by comparison, just to save the bucks. People are moving now away from windows, to a free OS, which not only works, has a ton of free apps, and saves even more bucks. The only thing that is constant is change.

Re:While you're at it...

[Niten]

If you want to see some serious application breakage, just refer to the OS X 10.3 -> 10.4 upgrade cycle (I still can't get my copy of MATLAB 6.5 to run in GUI mode on Tiger). For all its faults, Microsoft has generally done an excellent job maintaining backward-compatibility between operating system releases. But when something interfaces with the system at such a low level as the authentication framework, then of course any significant upgrade to that framework is going to require some application code rewriting.

Re:While you're at it...

[plague3106]

A VAX is orders of magnitudes more expensive than a PC. The cost savings is substantial.

People won't be switching to Linux due to licensing costs; a good deal of the cost is hardware, and Linux doesn't change that cost at all. Also the free apps don't live up to the non-free ones. Sorry. I've had a linux server since 97, and tried Linux on the deskop from '03 until ealier this year.

I play games, and had to keep windows for that. Not to mention that more and more wierd errors started creeping up in linux. It became a nightmare to install any new application, KDE was getting more flaky, KMail was becoming more and more unreliable, and GNUCash didn't do the things I wanted it to. Not to mention that I got sick of havnig to check a list to see if a printer I wanted to buy would work on it..

I started feeling like I spent more time fighting with the stupid thing then getting it to do what I wanted. So I decided to switch back to XP. Also ended up building a server from SBS 2003 premium.. I wanted more control over the clients from the server and I didn't want to spend my summer researching getting LDAP and Samba playing nicely (my wife's computer was XP only).

Good and Bad

[glitch23]

This is both good and bad. Good because it should offer more flexibility now and better design for authenticating to Windows while allowing ISVs to integrate their authentication mechanisms in a cleaner fashion. However it will be bad just for those who have to rewrite all their existing code to work with the new model, especially since the new model isn't backwards compatible which will probably annoy many people but it's one way to force adoption of the newer model. Hopefully they are headed in the right direction.

In other news...

[Handover+Phist]

Microsoft is leveraging its flagship operating system to corner the market on aspirin...

Man, C-DILLA is going to be a beast too...

[Penguinisto]

Dontcha mean "Service Pack 4"?

Meanwhile, I hope the 3D Studio Max users are prepared for the impending headaches (same w/ anyone else that uses all kinds of software-based tokens and registration schemes like C-DILLA, if it's even in use anymore).

I wonder if dongles will come back?

On the upside? Umm, there's probably no upside.

/P

Re:Man, C-DILLA is going to be a beast too...

[DrSkwid]

If I'd meant Service Pack 4 I would have said it

http://www.microsoft.com/ntserver/nts/downloads/re commended/NT4OptPk/

Re:Man, C-DILLA is going to be a beast too...

[archen]

I wonder if dongles will come back?

Yeah, we're going to get a big one called a "computer monitor" =P

Third Party Software??

[highspl]

Corporation (in voice of Smithers): But if you do that, then no 3rd party software will work, and we will be forced to use MS.

Bill (in voice of Mr. Burns): excellent./p?

While You're At it, Why Not Flip Over to Linux

[Stephen+Samuel]

The whole reason why Windows is supposed to be a good buy is that it's compatible with all of your software. and doesn't require retraining.

Now, if Vista breaks so much of your software and is going to require retraining all of your staff anyways, then why not just switch over to Linux and drop a boatload of security problems and design errors as well?

Re:While You're At it, Why Not Flip Over to Linux

[deacon]

Funny how they push the "no retraining" while at the same time pushing the "completely new menus make you more productive".

Thank You

[__aalnoi707]

this is not a scarcastic remark. I have been insulted before many ways. When I get insulted a new way I shake Peoples hands. Thnak you Rosco

The Cult

[the+eric+conspiracy]

If you are going to drink Bill's Kool-Aid, you shouldn't be surprised if there are undesirable side effects.

Re:The Cult

[Sponge+Bath]

... drink Bill's Kool-Aid

I heard Bill just stole the Kool-Aid from Steve Jobs.
Next up: Balmer in a black turtle neck.

Not just them...

[Duncan3]

Vista is also making life very hard for invasive spyware makers like Blizzard (Warden) and NCSoft (GameGuard)...

About damn time.

Re:Not just them...

[miffo.swe]

Sadly the DRM functions in Vista is more about making the lives of intrusive spyware easier, not harder. This is because Vista has support for drivers untouchable by the users. Microsoft calls it security, i call it rootkits built into the OS. Blizzard and the rest of the pinheads will be using Microsofts DRM to make your computer a real VIP party for everyone byt yourself.

Re:Not just them...

[weicco]

I don't think DRM has anything to do with spyware. In Vista you run everything as normal user, not administator, but restricted user. Even admins are run as users. When ever some program needs admin priviledges, Vista will ask if this is OK and asks for administrator password. This means that there is no way (excluding programming errors and such) that spyware kits can install 3rd party drivers without user's knowledge. If user says that "ok, go ahead and install whatever you like" then it's (s)he's headache.

DRM is of course another thing but you know what... You don't have to buy stuff from Blizzard or any other company that is using evil DRM thingies. It's just like when I'm buying music on these pre-Vista-days. I pick the music store which doesn't have DRM stuff or their policy is accetable for me. Music, games, films and such aren't like food or water which you have to buy every day.

Re:Not just them...

[NickFortune]

You don't have to buy stuff from Blizzard or any other company that is using evil DRM thingies. It's just like when I'm buying music on these pre-Vista-days. I pick the music store which doesn't have DRM stuff or their policy is accetable for me. Music, games, films and such aren't like food or water which you have to buy every day.

Yep, always read the label and if there's a sticker that says "THIS PRODUCT CONTAINS EVIL", then don't buy it. Or I guess you could stick with reputable and well established compaines. Like, errm, Sony...

Seems to me, what that boils down to is "if you don't want spyware, don't use your computer"

Maybe "don't use Microsoft" might be a better solution for those of us who like to have fun with our computers?

Re:Not just them...

[RzUpAnmsCwrds]

Sadly the DRM functions in Vista is more about making the lives of intrusive spyware easier, not harder. This is because Vista has support for drivers untouchable by the users. Microsoft calls it security, i call it rootkits built into the OS. Blizzard and the rest of the pinheads will be using Microsofts DRM to make your computer a real VIP party for everyone byt yourself.

You have no idea what you're talking about. Palladium (NGSCB) was dropped from Vista - the TPM support that is currently in Vista is only there for the BitLocker drive encryption.

The new DRM features in Vista are horribly misunderstood. Here's what's new:

- Protected User Mode Audio. This is a new audio stack that enforces DRM at the driver level, similar to Secure Audio Path in Windows XP. PUMA won't work with unsigned drivers (audio will still work, but WMA-DRM/WMV-DRM files won't work), but this is already the case with Secure Audio Path in XP. You can still play MP3s, non-DRM WMAs, and other files with unsigned drivers - the same as in XP

- Protected Video Path. This works with HDCP to (potentially) prevent high-resolution playback of WMV-DRM, HD-DVD, or Blu-Ray titles on non-encumbered displays. DVDs, unprotected WMA/WMV, and other formats will continue to work as in XP.

- Rights Management Services. Similar to the current DRM features in Office, this allows you to "control" the distribution of content in a business environment.

That's it. No phantom "untouchable" drivers.

Of course, we shouldn't let the facts get in the way of a good argument.

Re:Not just them...

[thejynxed]

I think you forgot to add the keyword yet. There aren't any phantom "untouchable" DRM drivers YET. That doesn't mean there won't be any, especially with the potentially updated DMCA trying to make it legal for companies to do what Sony did with their "rootkit".

Re:Not just them...

[miffo.swe]

There are many capabilitis you "forget" to mention. Like this:

You d/l a game that demands admin to install. This app installs its own driver that shields it from you. Very nice copy protection feature and also very functional for a rootkit. All it demands is that you give it permission once and your toast.

Re:Not just them...

[plague3106]

Wait, are you saying you can be an admin to install this evil driver, but can't possibly become an admin again to remove it?

Wow.. that's a neat trick.

Re:Not just them...

[Benanov]

The driver can always provide no or a buggy uninstall facility (or none at all.) Microsoft probably won't crack down on this practice.

Re:Not just them...

[plague3106]

The driver can always provide no or a buggy uninstall facility (or none at all.) Microsoft probably won't crack down on this practice.

And as an admin you can always delete the file which the driver is contain in. How exactly is MS supposed to enforce that a vendor produce a proper uninstall program? Oh wait, they can require that all drivers are digitally signed by MS. Hmm..

Re:Not just them...

[jb.hl.com]

Maybe "don't use Microsoft" might be a better solution for those of us who like to have fun with our computers?

Yeah, everyone can have fun playing all those really popular Linux games like Half-Life 2, The Sims and F.E.A.R.

OH FUCKING WAIT.

Re:Not just them...

[miffo.swe]

You can uninstall the driver and loose anything that this driver in itself has control over. In theory that something could be your whole hard drive.

Re:Not just them...

[miffo.swe]

Then who will buy Xbox 360 and PS3 and Wii?

Frankly a PC sucks as a gaming platform, Windows or linux are just as bad. I play all my games on consoles because when i play i dont want to work.

Re:Not just them...

[NickFortune]

HL2 works, and the Sims I can live without. I don't know what F.E.A.R is, but I don't suppose it's going to be good enough to make it worth while putting up with a whole new level of Spyware support from Microsoft.

I will admit to dual booting Windows, purely because the games available for Linux are still catching up with the commercial offerings. The trouble is, I'm pretty much resigned to the death of windows as a gaming platform. All the big houses are shifting the consoles which they see as less demanding in terms of development and support and less prone to unauthorised distribution of their software.

If it comes to a choice between enjoing only those entertainments that make moeny for Microsoft and Sony, or of doing what I damn well please with my own machine, I think I'll stick with Linux. However, your mileage may well vary, and I wish you joy in your choice of software platform.

Re:Not just them...

[jb.hl.com]

HL2 works, and the Sims I can live without. I don't know what F.E.A.R is, but I don't suppose it's going to be good enough to make it worth while putting up with a whole new level of Spyware support from Microsoft.

Does it? Half the reports I've seen, including personal experience, say it's unplayable. *waits for lots of people saying they finished it using Cedegay*

Windows is not a spyware magnet. Internet Explorer is. Don't use Internet Explorer (yes, you don't have to use IE on Windows!) and you're fine.

I will admit to dual booting Windows, purely because the games available for Linux are still catching up with the commercial offerings.

That's one way of putting it...

All the big houses are shifting the consoles which they see as less demanding in terms of development and support and less prone to unauthorised distribution of their software.

You really think nobody will release games for PCs anymore? They're a massive market. Far more people have PCs than have the latest consoles, and some types of games simply don't translate well to consoles (e.g the original Sims, strategy games...).

If it comes to a choice between enjoing only those entertainments that make moeny for Microsoft and Sony, or of doing what I damn well please with my own machine, I think I'll stick with Linux. However, your mileage may well vary, and I wish you joy in your choice of software platform.

That's fair enough. I have nothing against people using Linux or whatever, just people who go around claiming Windows/Microsoft are some kind of satanic evil in the world and that everyone should shift to Linux (which for most people is nowhere near sufficient) because they say so.

Re:Not just them...

[NickFortune]

Windows is not a spyware magnet. Internet Explorer is. Don't use Internet Explorer (yes, you don't have to use IE on Windows!) and you're fine.

mmm... I think that's a bit of an oversimplification. There's all the folk who got r00ted by Sony for example. Or the ones who installed something legitmate seeming that brought uninvited company. Rumour has it that even Bill Gates uses Ad-Aware. 'course, Gatesy probably uses IE too, so maybe that doesn't count :)

But even granting the point, I think the original point was that the proposed driver security for Vista was going to make it easier for commerical concerns to install Sony style drivers and harder for the user to undo the mess afterward. Which seems to fit sadly well with my perception of the direction MS taken over the last 10 years or so.

I will admit to dual booting Windows, purely because the games available for Linux are still catching up with the commercial offerings.

That's one way of putting it...

...and possibly being a little generous to the current state of Linux gaming, granted. All the same, I think it's a fair point. As frameworks and engines mature, I think the games market is going to be increasingly driven by the quality of the story over rather than the realism of the graphics. I'd play DeusEx (the original) over Doom 3 any day of the week, for example. Ultimately, it's going to come down to creativity and resources, and the open source world makes more efficent use of them, mainly because it can't just throw money at the problem.

I mean if I want a strategy game, FreeCiv and Wesnoth already scratch my itch better than any of the commercial offerings. Freecraft (or whatever it's called now) needs some better art but was coming along nicely otherwise, and some of the free shooters using the QII and QIII engines are lookng very promising. We're still missing a FreeSim games and probably a couple of others. Overall though I'll stick to my guns: I think Linux is going to catch up, and if need be, I'll wait for it to happen

All the big houses are shifting the consoles which they see as less demanding in terms of development and support and less prone to unauthorised distribution of their software.

You really think nobody will release games for PCs anymore? They're a massive market. Far more people have PCs than have the latest consoles, and some types of games simply don't translate well to consoles (e.g the original Sims, strategy games...).

Do you really find it so hard to believe? Over the last five years I've seen PC games drop from taking up about half my local games store, to taking up two segments, stuck round the back where no one is likely to see them unless they know to look. MS and Sony are both pressurising software houses to release to console only in order to drive console sales, and the little that is reaching the PC is getting there late.

One day, the big games companies are just going to announce that there isn't enough of a market to justify the overhead in development and anyone who doesn't like it is a freeloading pirate loser who should spend some money and buy a proper gaming platform. Or maybe I'm being overly cynical?

That's fair enough. I have nothing against people using Linux or whatever, just people who go around claiming Windows/Microsoft are some kind of satanic evil in the world and that everyone should shift to Linux (which for most people is nowhere near sufficient) because they say so.

I think my viewpoint is closer to "Microsoft are not your friends, and in the long run you'll probably be better off with Linux". As far as I'm concerned, open source is about everyone getting to choose. Most folks will get there in the end, I reckon.

Plenty of time :)

Lame...

... "ISVs also have to completely rewrite and certify the custom code they write"
Making software _easy_ for other software developers to integrate with is very hard. Making software backwards compatible is horribly restrictive to advancing an architecture. It's such a joke to see people complain how Windows is lacking this and that but then complain when the change necessary to give them new features breaks their junk. What happened with OSX?

"because ISVs say Vista's new authentication architecture is incomplete in the beta released in February"
Join the freakin beta. There have been 4 releases since the February one.

Re:Lame...

[mabhatter654]

When you're talking about RSA, you're talking about ISVs expected to have "0-day" compatibility. IT people will want to buy a windows vista box for dev purposes then find out they can't authenticate to their network for months because there's no plugin available.

There's 3 problems here.. all Microsoft's.
first, this is not enough notice for heavy duty security testing. Things like log in script changes should have been final with the first beta. Trivial changes would be OK, but at this point nobody should have to expect sweeping API changes. ID security products expect to have long term testing completed by the time Vista is on the shelf... that's not a starting point for testing key security features.
Why didn't Microsoft work with providers to solidify the API first, then maybe tweak it if necessary? Apple gives Devs a 3 - 6 month start for stuff like this at WWDC with the new features... why can't MS? I understand this is a huge change.. all the more reason to DOCuMENT it up front!!!
Lastly, if security is so important, why are they still mucking about with login changes 6 months before release?! Authenticating to networks is the core of security! cutting out the key providers of enterprise level stuff is just embarassing. All the more reason to look for MS on the way out soon.

Re:Lame...

[Jaxoreth]

Lastly, if security is so important, why are they still mucking about with login changes 6 months before release?!

Who says they're releasing in six months?

Re:Lame...

[colinrichardday]

Hasn't Microsoft announced that Vista will be available for business users in November?

http://www.helpwithwindows.com/WindowsVista/vista- availability.html

from link:

In a press conference call last Tuesday, Microsoft's Platforms & Services Division co-president Jim Allchin announced that Windows Vista will be available to business in November 2006 and broad consumer availability in January 2007.

Re:Lame...

The credential provider piece has been in place for every single Vista public beta - so it's been nearly a year. And that's just if you are not an MS partner (ahem RSA) - MS partners got access to that system for testing development even earlier. MS has been howling to the world that GINA is going away - can't be blamed if developers haven't been listening.

Re:Lame...

[Jaxoreth]

Yes, they have announced that. But why do you suppose they aren't releasing it for non-business use at the same time? Perhaps because it won't be ready yet and they're only shipping a 'release' to avoid breaching their business support contracts?

Re:Lame...

[Thundersnatch]

Vista-related changes have been talked about at TechEd for years, and much has been documented on MSDN for nearly as long. Of course things have changed along the way, as they do with software in development.

What this is really about is a bunch of software vendors crying that they'll have to spend more money on actualy software development. They want MS to leave things the way they were, despite the problems with the old model. While MS cannot afford to piss off ISVs, making their corporate customers happy by improving the Vista security posture is more important.

Re:Lame...

[plague3106]

Apple gives Devs a 3 - 6 month start for stuff like this at WWDC with the new features... why can't MS? I understand this is a huge change.. all the more reason to DOCuMENT it up front!!!
Lastly, if security is so important, why are they still mucking about with login changes 6 months before release?! Authenticating to networks is the core of security! cutting out the key providers of enterprise level stuff is just embarassing. All the more reason to look for MS on the way out soon.

Maybe because until recently apple made all thier own hardware?

Re:Lame...

[Scudsucker]

Maybe because until recently apple made all thier own hardware?

What does hardware have to do with networking protocols? And the hardware Apple has used for the last decade has been almost entirely industry standard...SCSI/ATA/Firewire/USB/PC100/DDR/PCI/AGP /Fast Ethernet/Gigabit Ethernet...

Incompetent OS designers...

[gweihir]

This is the result from developing for an OS that changes its interfaces every few years. Complete and utter incompetence. Also on the side of those using this OS as development target platform.

Look at Unix/Unix like OSes. A port to the next generation or a different incarnation is often a recompile and nothing else. Why? Because there is a stable API! Nobody uses platform specific stuff, unless there is no choice. Effect: Far less bugs, far less security critical stuff, because the software is older and well tested! The "cutting edge" (not saying it is, but MS certainly _think_ they are there) has no businedd being used in office and the like environments.

Honestly, I think all the vendors complaining and all the customers suffering get exactly what they deserve for their short-sightedness.

Re:Incompetent OS designers...

[throx]

Look at Unix/Unix like OSes. A port to the next generation or a different incarnation is often a recompile and nothing else. Why? Because there is a stable API! Nobody uses platform specific stuff, unless there is no choice.

Are you for real?

This is true of user level applications, but certainly not for system level ones. The stuff in Unix is hideously incompatible across incarnations - try parsing /proc on something other than Linux and I'll guarantee that things will fail badly (as one example). Try recompiling a Linux x86 driver on NetBSD/PPC and I seriously doubt you'll experience much joy.

RSA writes driver level code (to keep their proprietary algorithms sekrut) and hooks it to the Windows GUI logon process - that's something that changes between desktop managers on Unix, let alone versions or even incarnations! There may be pseudo-stable APIs there but there's an awful lot of redundancy and it's not exactly a clean landscape (xdm, kdm, gdm, whateverdm etc.)

Now, I'm not remotely suggesting Windows is any better than Unix in this regard, but the only thing it really does have going for it is there's a lot fewer "versions" out there. Like Unix, the core APIs are very stable. It's the fringe and special purpose stuff you have to worry about.

Note also that the same thing happens to Unix from time to time: shadow passwords broke a bunch of stuff, MD5 hashes broke more stuff, pam broke a whole different set of stuff, etc.

Re:Incompetent OS designers...

[drsmithy]

This is the result from developing for an OS that changes its interfaces every few years.

Which "interfaces" in Windows are you thinking of that change "every few years" ?

Look at Unix/Unix like OSes. A port to the next generation or a different incarnation is often a recompile and nothing else.

As it is on Windows. Hell, even having to recompile on Windows at all is unusual.

Why? Because there is a stable API!

Which part of Windows's APIs haven't been stable ?

Nobody uses platform specific stuff, unless there is no choice.

Right. That explains why there's so much "unix" software out there that frequently only works on Linux without modification. Or why there's all those wonderful autoconf hacks for different platforms.

Effect: Far less bugs, far less security critical stuff, because the software is older and well tested! The "cutting edge" (not saying it is, but MS certainly _think_ they are there) has no businedd being used in office and the like environments.

"Unix" software is just as buggy as Windows software.

Honestly, I think all the vendors complaining and all the customers suffering get exactly what they deserve for their short-sightedness.

You mean their short-sightedness for not writing modular code ?

Re:Incompetent OS designers...

[A+Life+in+Hell]

Brilliant troll. My hat goes off to you, sir

Not unexpected at all.

[Kelson]

Yep. Any time you're interfacing with the OS at that low a level, you have to consider that new versions of the OS might be different under the hood.

I used to run PCAnywhere on a Windows NT 4 server. We had to dance around on one foot while swinging a chicken around our heads, singing voodoo chants backwards to upgrade the OS and PCAnywhere at the same time, all so that we could get PCAnywhere to (a) work and (b) not crash the server on boot once we upgraded it to Windows 2000.

Re:Not unexpected at all.

[Plunky]

Yep. Any time you're interfacing with the OS at that low a level, you have to consider that new versions of the OS might be different under the hood.

I recall Amiga developers having to learn this going from Workbench 1.2 to Workbench 1.3. Not that the ROM addresses might be different, but that they will be, and the only way around it was to use the published API.

Re:Not unexpected at all.

[Amouth]

ahh this is why i like vnc .. it just dies quitly and you reinstall later

Re:Not unexpected at all.

Yeah, and I just love the way VNC lets you dial in to the server too.

Re:Not unexpected at all.

[Amouth]

that is what setting up a normal vpn is for

Fortunately, there is a solution

[Dachannien]

Here's a great idea:

Don't upgrade. You don't need Vista anyway.

Re:Fortunately, there is a solution

[xXenXx]

EXACTLY what I was thinking. Newer hardware gets cancelled out by newer software, making the whole upgrade cycle rather pointless. Stick with your current software and shell out your hard earned cash on new hardware that will [i]actually[/i] speed up your computer and increase productivity. There is a fine line where features become bloat...

Re:Fortunately, there is a solution

[xXenXx]

Aww oops, really used to BBCode. ;-)

Please mod parent...

...insightful, instead of funny.

nobody ever said...

extend and extinguish was painless...

+5 Good point

I think it is obvious that they have had to COMPLETELY switch gears in the last several quarters in order to get this product out. I have a feeling that sooner or later the nov coprorate release will be pushed back to Jan also.

I guess this is why...

[Anim8me2]

all the anti-virus companies are screaming about non-existant viruses on OSX. Get mac people buying their products before MS kills them with it's own inferior poop.

And we knew that GINA was going away for more than

[Philip+K+Dickhead]

TWO years!

And we have had an API for more than one year - to create CredMan plugins.

And the architecture is "better" - more PAM-like.

Now you won't break SecureID with a service pack.

And this is a problem, how again?

In other news, Vista to include

[noidentity]

two aspirin in every package.

Re:In other news, Vista to include

[jZnat]

Then Tylenol and Advil sue Microsoft for promoting Bayer through its monopoly or something. Sucks to be Microsoft, eh? ;p

It had to fixed anyway...

[tereshchenko]

The way "Windows authentication architecture" is extended in XP is very limiting - essentially you write DLL (so called GINA) that replaces part of XP log-in system and this DLL is responsible for retrieval of users credentials for Windows. However it was possible to have only single GINA installed at the same time, so if you wanted to have two security products installed - you were in trouble.

Now Vista will support new architecture for security providers with possibility of multiple providers registered at the same time. A definite improvement for users.

In fact the new architecture is not THAT different from the previous one, so the entire article is moot. Then again, it's SlashDot...

Re:It had to fixed anyway...

[weicco]

If I remember correctly, custom GINA DLLs can be stacked but it can break a lot of things if there's even one DLL which is behaving badly. I wrote such a DLL once which handled user authentication and let me tell you it was pain in the a**. Documentation was very poor on those days so it was basically try-crash-reinstall-from-Ghost-image. Debugging was pretty hard even when we had SotfIce kernel debugger. So I, for one, welcome our new Winlogon Re-architecture overlo.. architecture :)

In re: Windows breaks older applications

[Presidential]

I've read most comments on this story and see a common theme: backward compatibility ain't gonna be guaranteed or expected.

My current issue is so related, it made me spit Diet Dr. Pepper on the floor when reading. I've been trying for years to get WordPerfect 5.1 for DOS to run on a Windows box. The closest I've ever come is semi-success with Windows98SE. Even then, stuff just wasn't right.

I prefer WP 5.1 for many reasons. First, I grew to love its simplicity. I tailored the screen to be black with white text and not a bloody thing else. The interface was easy to learn. Macros were a breeze.

Anyone got a clue on making this work in a more modern windows box, please include me in your cluefest.

p.s. I've used pico and nano with linux and liked them...but for practicality I must keep a windows machine running.

Re:In re: Windows breaks older applications

[handsome+b]

http://dosbox.sf.net/ is probably a pretty safe bet

Re:In re: Windows breaks older applications

[The+Barking+Dog]

Why not just use pico and/or nano for Windows? Either one has Windows binaries available - you don't even need Cygwin.

Re:In re: Windows breaks older applications

[Angelox]

I was gonna say the same thing - I use it with my Linux, it even runs my old PCBoard BBS, modem ports and all!

Re:In re: Windows breaks older applications

[FreonTrip]

I'm a fan of Wordperfect 5.1 myself. You've got a few options. You can get WP 5.1 to run properly on 98SE, but when the CPU running Wordperfect gets past ~1 GHz the app starts misbehaving in subtle ways that are hard to reproduce. You can underclock your CPU, or use ATSlow or a comparable app to reduce your CPU speed to something the program can handle. Driver support could be tricky, especially when it comes to modern printers. It can be convinced to work on newer incarnations of NT as well (worked fine in NT 4.0, as best I recall), but it's a good deal more work and a good deal of the functionality's unlikely to work properly. For the best overall experience, either keep a tiny DOS virtual machine around to run the word processor, or consider purchasing one of the newer versions of Wordperfect for Windows. I know that version 12 came with a workalike mode that was fully macro-compatible with WP 5.1 and looked remarkably like it, too. Newer versions almost certainly have the same capabilities. Whatever you end up doing, I wish you luck.

Re:In re: Windows breaks older applications

[Presidential]

Fantastic! I can't believe I never found the thing before now. Not to mention it works like a champ. I'm able to run my favorite old word processor from high school now.

I shall be _forced_ to ignore the fact that I can also play old games again, like Wing Commander and Mechwarrior. DOSBox is a double edged evil/good tool here...

Thanks again for all those who recommended this tool.

Oh, and the primary reason I won't buy a copy of version 12 for Windows is that I already paid $400 waaaay back when I bought 5.1. I consider it a matter of principle that I don't need to upgrade now.

WOO HOO!

I'm on record: I think Vista NEVER ships.

[LibertineR]

As a former Microsoftie, every Vista article is like a knife in my side. This kind of shit could not happen 10-15 years ago. Problems were dealt with INTERNALLY, issues were managed and the company stayed focused. I dont know what happened, but this is the worst project management since MS-BOB.

I dont think they will ship the fucker. Who wants it? I get the betas, and all they give me is a big SO WHAT? There is nothing cool or compelling, no matter how PRETTY it is. Where the FUCK did all the features go?

Vista is a fucking SERVICE PACK, to add another GUI to WIN32. So what? I think there are still a few people there who remember how it used to be, and the next announcement wont be another delay, its going to be that they have knifed that bitch, and they are starting over.

And they will be right to do it. KNIFE THAT BABY, BILL!!!

Re:And we knew that GINA was going away for more t

[LurkerXXX]

And the architecture is "better" - more PAM-like.

And that's a good thing?

A quote from Theo de Raadt:

PAM is completely and utterly broken and cannot be fixed.

Does no-one remember the old headache ads?

[Werrismys]

Windows 95 was marketed, at least in Finland, agressively with big ads showing pills and packaging. "No more headaches" was the slogan. The elderly were heard asking for this new "Windows 95" in drugstores.

Sadly, I couldn't google image any pics in this hurry - this WAS 11 years ago.

For years, I wished someone would sue the bastards for false advertising. Win95 was a cause of headache, not cure.

Re:Does no-one remember the old headache ads?

[Handover+Phist]

Nope. I avoided Windows 95 like the plague. I used windoes 98 for about a year, then did side by side testing with linux and windows 2k on identical boxen. As well around that time I had a new family into which television played an extremely minor roll.

At any rate, Microsoft has forever been the masters of the marketing spin. Vista will hit the shelves with fanfare like you've only dreamed about, and it'll probably do well while all the IT guys stand aside and grumble about the insecurities and structure. I'll tell you this though, those IT guys are going to be fighting against early adoption while the managers eat the hype morning noon and night, and eventually shove it onto every workstation they can because they're SURE that it will end all those pesky headaches!

As for the ads, I'm still avoiding them like the plague and will judge the OS when I'm forced to use it.

How MSGINA works...

[mythosaz]

Multiple GINA programs is fairly straightforward.

A single registry value holds what GINA to execute. If the registry value is blank, it executes MSGINA (the Microsoft default).

If you replace the GINA with a 3rd-party program (VPN, Wireless, Encryption, et cetera), then the 3rd-party is responsible for either (a) completely handling the logon, or (b) passing control to MSGINA when it is finished executing.

As a rule, this happens by your 3rd-party GINA keeping a value of its own (in the registry or INI) of what the previous GINA was. That way, if you install a new GINA, when it finishes executing, it calls whatever GINA *used* to be in the default registry location.

First you have MSGINA.
You install ENCRYPT-GINA.
ENCRYPT-GINA executes and calls MSGINA.

Then you install VPN-GINA.
VPN-GINA sees ENCRYPT-GINA as the GINA to execute when complete.
VPN-GINA executes and calls ENCRYPT-GINA
ENCRYPT-GINA keps its own value for what to call next and calls MSGINA.

Add all the GINAs you want.

It's true that *some* GINAs don't play nicely, or won't always execute if a certain GINA has executed before it (or comes after it) - but for the most part it works.

The only REAL problem is when a GINA is stupid enough to place itself incorrectly in the chain -- which can leave a machine executing GINAs in a loop...and Windows is smart enough to restore MSGINA when that happens anyway.

Re:How MSGINA works...

[jZnat]

Is it just me, or does "VPN-GINA" make me think that someone is going to make a GINA called "VA-GINA"?

Re:How MSGINA works...

[Sigg3.net]

VPN-GINA

Typosquatting, are we?

Re:How MSGINA works...

[swb]

There's somebody in the state of Virginia computer systems department putting "Should Virginia create a custom GINA?" on a meeting agenda right now, just hoping that somehow it really will get named VA-GINA and survive long enough to not be renamable.

Re:I'm not a Ub3r-geek, but how is this newsworthy

You have a five digit /.-id. If you are not an uber geek, then no one is.

There's something very ironic about this

[notaprguy]

Love 'em or hate 'em, Microsoft's historic strength was that they made it very easy (many would say TOO easy) to write software for Windows. Because Windows' genesis was in the pre Internet days, they designed it in a way that made it powerful for developers but insecure. Now that they're finally GETTING IT and making Windows Vista more secure, the people who have been writing software for Windows are going to have to do a little more work to make their stuff work. This is probably all for the best but it may open up opportunities for other platforms during the transition to secure Windows.

Re:And we knew that GINA was going away for more t

[Philip+K+Dickhead]

That is PAM's implementation. Not the idea of authentication being performed by a module that talks to the AUTH API! The thing needs to be "signed" to run - so it's an unlikely attack for badware.

Dear ISVs,

[dbug78]

Shut up and do your job. Thanks.

Everything about Vista

[BCW2]

Everything about Vista is going to be a big headache. From the initial sale, think of the sales clerk trying to explain the differences between 6 or 7 versions, with minimal actual differences and major price differences. Add DRM, the usual raft of bugs, and even worse security problems than ever... it's going to be ugly folks. All white box stores need to stock up on XP or start the shift to Linux for all customers. Train them now and end this stupidity.

It still seems like Me revisited.

Re:Everything about Vista

[EXMSFT]

ME 2

Re:Everything about Vista

[BCW2]

Me 2007

Re:Bridgestone can ask Ferrari to slow its F1 cars

[citizenr]

>I don't think Bridgestone can ask Ferrari to slow its F1 cars down because Bridgestone tyres cannot perform at high speed.

well, Michelin can
http://sports.espn.go.com/rpm/news/story?series=f1 &id=2089905

MS finally did it

They got SO big and SO overconfident in their invincibility on the desktop that they farted around and have SCREWED THE POOCH. They are going down, slowly now, but you can smell it coming. They peaked, the world has passed them by with both the enthusiasm model, the practicality model and the dollars and "sense" model.

Sure, sure sure, still big, still taking in the cash..for now...they are cut, cut bad, cut all over now, getting hammered by their own weight and age.

You see it in boxers, always fight one or two or three fights too many past their prime, instead of full retirement at Champ level.

MS had enough money and power and prestige many years ago to go "world,OK that's it, we have lead you into the digital age and now it is time for us to retire, you have enough lead now to go on", and actually done that, just closed up shop. It would be *wonderful* if corporations could realise that and just "move on", retire gracefully and with some dignity intact. Look at todays SGI anouncement for an example of waiting too long, trying to hang on to something that isn't really tangible, it is called "the past" and "glory".

Of course they won't do that. What I expect them to do is throw BILLIONS of ultimately wasted dollars at advertising, behind the scenes cash bribes..err, lobbying efforts, and really pull out the stops with lawyers and "IP" nonsense.

They are still going down, they have peaked now, they have proven they are beyond where they were a useful company or even a necessary company.

If they were smart and had a CEO and board with brains they would as fast as possible restructure into half a dozen indendent divisions and let the few remaining advantages and products they have go on for a few more years as separate products, to see what could happen if they got reduced back down to lean/mean/ready to fight.This is the 50 lbs overweight half crazy old punch drunk boxer doing a play act shadowbox before the match, you can SEE there isn't anything there but past glory and one more fat paycheck.

  Breaking up would be the best possible business move for them at this time, a few of the divisions could possibly stage a good comeback, but not if they get dragged down by the all for one model they have now.

Re:MS finally did it

[TorAvalon]

Haha, what a wanker.

Rewrite?

[Ekhymosis]

but the company will have to rewrite its GINA code

So the Vista version will be called MS V-GINA? Does this smell fishy or what...

Speaking as an IT Guy at a small firm

[TheRecklessWanderer]

We have 15 people. Vista makes me cringe. Can you imagine for large companies. What a nightmare. If it ain't broke, don't fix it. Why would anyone in a corporate environment move to Vista? Oh yeah, better multimedia. Well, that's important for workers.

Re:Speaking as an IT Guy at a small firm

[16K+Ram+Pack]

A lot of corporates are going to stick with XP, because it works, and because they have no need for Vista features. The time when people would move up an OS because version X required a new OS are over. There's nothing compelling for an upgrade.

Moving to Vista is expensive in terms of product and time for upgrade. The most likely thing is that businesses will upgrade when their hardware dies.

News Flash!

[PPH]

Sophocles sues Microsoft for copyright infringement!

Installation wizards

[IANAAC]

In windows, she can just "click here" and the installer does the rest. All she has to do is click "Next, I agree, Next^N, Finish" and she's done.

The reason it's so easy to install on Windows is not because of any package manager. It's the use of any one of the myriad "Installation Wizards" out there.

And they also exist for Linux. The fact that developers choose not to use them is another matter altogether.

Re:Installation wizards

[Nurgled]

I, for one, prefer my installers to be archives with a declarative install manifest rather than just-another-app. It would make me much happier if installers were limited in what they were able to do. Why on earth do all drivers come with installers these days? I remember a time when you installed a driver by inserting the install disk and telling Windows what directory the .inf file was in. They should have just dressed that UI up a bit rather than encouraging hardware vendors to bundle all manner of half-baked, broken "value add" applications along with their drivers.

[OT] Re: goodbye SecurID, VPNs, etc.

[Dolda2000]

OT, but about your sig:

Fear: When you see B8 00 4C CD 21 and know what it means

If I'm not mistaken, that would be x86 machine code for "MOV AX, 4C00; INT 21;", which, as far as I can recall, is the DOS "system call" for terminating the current program, right? Maybe I'm being clueless, but what does that have with fear to do? It's not exactly a virus or a F00F bug or anything...

Re: [OT] Re: goodbye SecurID, VPNs, etc.

[CableModemSniper]

You don't become of afraid of the code, you become afraid of the fact that you know what it means. HTH.

Re:And we knew that GINA was going away for more t

[Antique+Geekmeister]

Theo de Raadt is demonstrably one of the must flaming people on the net: his behavior and attitudes to anything that does not follow the Revealed Gospel of Theo in the book of OpenBSD is one of the things that actively drives people away from using it for anything.

Fortunately, the OpenSSH developers seem to mostly ignore Theo and actually care about cross-compatibility.

Re:And we knew that GINA was going away for more t

Uhh, Theo *IS* one of the OpenSSH developers...

bomb

[delong]

OK, I am always a bit skeptical of the "impending Microsoft release blunder" industry "news". But I think it is becoming plainly obvious that Vista is a trainwreck.

More Overkill

[Beefslaya]

XP was invariably a block of swiss cheese...Their answer was Service Pack 2 that made everyone feel like a Grad Students in Kindergarten. Firewall this, Firewall that, AHH your virus scanner is out of date!! Let us patch our holey weak assed code for you.

Again, Microsoft because of their past transgessions will undoubtably fill this new OS with tons of weak assed apps to create a false sense of security.

Hey Microsoft, do us Sys Admins a favor. Stop what you are doing...because it's not what we want. Just look at the *nixes, and how their OS is structured. THAT's how you do security. And don't release another form of Windows until you get it right. I won't buy it. My company can't afford it, and I don't need the hassle.

Vista the scapegoat for the next 3 years...

[Ingolfke]

Yes, these vendors are stating a fact. A new security system will mean a rewrite of the code that was dependant on the old system. That's to be expected. But what they're really doing here is starting the opening salvo in their justification for new versions of their software that they'll foist on the enterprise customers and no doubt make a nice profit. They'll reduce features and blame it on rewriting for Vista. Their will be bugs... and every one of them is going to be, as much as is possible, blamed on Vista. Vista's a scapegoat that the vendors are going to use to shift blame and scrutiny away from themselves and their products.

Vista source code leaked :-)

http://jaganath.blogspot.com/2006/05/windows-vista -source-code-leaked.html

it's in the EULA

[lon3st4r]

Microsoft wants Vista to be secure. That's because the EULA keeps 'em safe. Let the EULA have defined clauses for security. Then microsoft will need Vista to be secure.

That's the only way I see s/w providers will make serious efforts to make their code more secure- if providers are culpable for damages arising out of security breaches.

Less Secure we Complain More Secure we Complain?

[TheNetAvenger]

Less Secure we Complain More Secure we Complain?

Can we just pick a side..

Do we hate Vista because it will be more secure and that is causing Third party applicaiton problems?

Or do we hate Vista because it is not secure enough?

Or do we hate Vista becuase it is more secure but prompts for passwords when doing Root level activities and that will confuse people?

We have to pick a story, we can't be on the opposite side of the fence as each story is released.

Maybe we should just hate Vista just to hate Vista but at least stop contradicting ourselves?

Don't rule out smart cards

[CCNV]

Windows may be breaking things for RSA Tokens that are expensive and expire in three years, but they are adding in much native support for smart cards that are much cheaper than RSA Tokens and do not expire in three years. US Department of Defense, US Federal Govt and big corporations like HP and Sun have adopted Smart Cards. I am not a MS fan, but re-architecting their login and vpn for native smart card support does not seem a bad idea. We should at least look into the economics of smart cards, they may save IT money in the long run.

The common misconception

With OSS zealots like you is that they actually think the cost of licensing is that important...

Most companies really don't care, the cost of IT is mainly made up of operational costs such as staffing, so moving to another "free" platform "saving money" is just not true per se, it can save money, but it realy depends on the specific situation.

Please move on and only comment on things you understand...

Re:I'm not a Ub3r-geek, but how is this newsworthy

[Haeleth]

because much of Windows has been rewritten, it is going to be a pita to adapt existing software. No frigging kidding. Doesn't this happen with every major update?

No, it doesn't. Microsoft's track-record for backwards compatibility is among the best in the industry. Sorry, but while their software has many flaws, there are some things they do very well, and not breaking things in upgrades is one of them.

Compare the upgrade from Windows 98 to Windows XP with the comparable upgrade from OS 9 to OS X. You can run practically any bit of Windows 98 software in Windows XP. You can't run any OS 9 software in OS X without buying a separate copy of OS 9 and using emulation, and people on Mactels can't run any OS 9 software in OS X period.

I find it amusing that nobody ever complains about this, but if they find one single piece of Windows 98 software that doesn't work properly in XP, it's all OMG MICROSOFT IS TEH SUXOR!!!!!11. Can you say "double standards"?

Speed throttling

[DrYak]

Just to mention that DOSBox, the full DOS-on-PC emulation software recommended by another slashdotter, can throttle how much CPU instruction are emulated per second, so it can be an additionnal way to throttle speed to avoid bugs-that-only-appear-above-1Ghz.

Also, note that this emulator can map real ports to ports inside emulator (like com ports). It is possible to use your legacy hardware (modems, etc...) with drivers running inside the emulator.

Re:I'm not a Ub3r-geek, but how is this newsworthy

[Nurgled]

Never mind running Win98 software under XP. If you get hold of a copy of Windows 1.0 you can run the applications that came with that under Windows XP. The only quirk is that the app windows open at the smallest possible window size, because Windows 1.0 didn't support overlapping windows and so the apps didn't actually choose a size for themselves.

Microsoft's devotion to backwards-compatibility is astounding. It's just a shame that their architecture has to suffer because of it.

Re:I'm not a Ub3r-geek, but how is this newsworthy

[shippo]

Mac OS 9 applications written with the Carbon API will work fine under Mac OS X without any need for the Classic environment, and will also run on Intel Macs. I'm running a Carbon application on my Intel Macbook Pro now which I previously ran under Mac OS 9 on an old iBook. It is only applications that pre-date Carbon that will have problems.

There are, however, many applications written using the Carbon API that are only usable on Mac OS X, such as iTunes and Microsoft Office v.X.

Re:I'm not a Ub3r-geek, but how is this newsworthy

[Vorx]

five digits? bah, whippersnappers

This is the reason

[fallen1]

that all concerned people (geeks, nerds, tech-heads, concerned citizens, whatever you may be or path you walk) should be telling The Masses(tm) about Vista. Basically, Windows Vista is going to make it so that YOU NO LONGER OWN OR ARE IN CONTROL OF _YOUR_ COMPUTER.

Think about that for a minute... You, a hard working individual, busted YOUR ass for that $500 to $2000+ dollars YOU are about to spend for a computer _but_ thanks to Microsoft and Vista YOU will not be in control of YOUR computer. Microsoft will. Or Company X will since they have paid Microsoft their "protection" money so they have "the trust" of YOUR computer. WTF will Sony do to YOUR computer since it will "trust" them implicitly - just because Sony paid for a "trusted computing model" blank check from Microsoft? What will happen to you computer when the spyware makers somehow hack the "trusted computing" certificates and begin taking control of YOUR system? How about the fact that YOUR government (any nation, anywhere) could, conceivably, install software on YOUR system without YOUR knowledge simply because YOUR computer "trusts" their software?

Before people begin with the whole "tinfoil hat" rhetoric please take a few moments and seriously look at what YOUR government has been up to for the past 2, 3, or 20 years. Can ANY American here _honestly_ think that the power-hungry, greedy, corporate-backed politicians currently in power would NOT abuse the "trusted computing model"? All they have to invoke is TERRORISM, DRUG WAR, or FOR THE CHILDREN and suddenly every single computer with Vista on it will be vulnerable - any. where. in. the. world. I look at the current state of the United States Government (and those that follow its lead) and I fear for the future as it looks darker and darker every day - especially when the Constitution is being run roughshod over with little care for the founding document and all in the name of "terror".

What has happened to all of us who bought a PERSONAL computer and who love freedom and privacy that we all (SEEM) willing to do nothing? How about the fact that when I spend MY hard earned money on a product it is MINE. Period. The end. Microsoft should have no control over my computer hardware OR software. Microsoft should not be able to give anyone else a blank check to hook software into my computer by telling my system "hey, its cool, you can TRUST this software". I and I alone should be the final arbiter of what runs on my system, what hardware is installed, what sofware I choose to use and I should be _fully informed_ as to what software packages are actually installing on my system. Not learning after the fact that the new Britney Spears CD rooted (there is a joke in that statement somewhere '-) my system out and gave access to company X.

Whew. Sorry about the long rant but I'm way past tired of watching the world go to shit around me and am trying to do my part in educating friends and family to the things that are JUST WRONG(tm).