Slashdot Mirror
The Setup Behind Microsoft.com
Toreo asesino writes "Jeff Alexander gives an insight into how Microsoft runs its main sites. Interesting details include having no firewall, having to manage 650 GB of IIS logs every day, and the use of their yet unreleased Windows Server 2008 in a production environment.
is have some crazy sys admins throw chairs around.
No firewall? Of course not!
Microsoft servers are notorious for their invulnerability.
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
Vista was never meant as a server. Same as XP isn't used as a server, it's Server 2003.
How can anyone complain that they're running Server 2008? My company's software quality dropped considerably when we stopped eating our own dogfood two years ago. When techs, engineers and everyone else is stuck with the same problems as the future ell-users, shit gets fixed a lot faster and a lot better.
How many times have you seen the microsoft.com website down / hacked?
Cisco Router: ~$700
Server to run it on: ~$2000
Beta testing Microsofts new server 2008 in a production environment: Priceless
Curiosity was framed, Ignorance killed the cat.
Funny, but you're wrong. Pro is for networking enviorments where you need RDP, policies, ability to join a domain, file encryption, etc. Home lacks these.
Gone!
You realize that Win2k3 does turn off most services by default, and Win2k8 takes this even further by not installing them at all.
Uh, didn't I read an article not too long ago about how the update.microsoft.com site was broken into?
Link, please?
Tis a sad day when the fanbois can't even get their insults right. shameful.
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
No, the pro version is more intended toward business users. Not servers, but the sort of thing workers have on their desktop. That's why it has tunings for corporate networks and ACLs and quotas and such.
You can debate the drawbacks and benefits of having so many versions, but XP was never intended to be a substantial server.
Reliability in numbers. If you have 30 machines running your website, no one will notice if one goes down.
- oZ
// i am here.
Humongously Bad Interface. That's the internal name for all new MS APIs.
Curiosity was framed, Ignorance killed the cat.
HBI?
GFS (is the G for "Ghost")?
NBI?
NLB?
ACE?
TIA
Windows Server 2008 is (or rather, will be) effectively "Windows Vista Server Edition", just as Windows Server 2003 is effectively "Windows XP Server Edition".
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Let's set aside the natural urge to bash MS into oblivion. Let's (just for now) ignore conventional advice about network security and firewall use. Now, not only are these guys a Microsoft shop...they ARE Microsoft. MS claims their software is stable and secure. Perhaps it is -- when was the last time microsoft.com was taken down by malevolent hackers?
That said, with their closed source and closed-doors policy to revealing details about the inner workings of the OS, _Microsoft_ may be the only company that can successfully deploy a 100% Microsoft powered solution. How many registry changes, service daemon modifications, and other tweaks have been made to get their config running this way? The world may never know. It's probably impossible for the consumer world to ever have that level on knowledge about the Windows environment, and thus run it at peak security levels. For most consumers and businesses, a Linux OS with properly implemented firewalls is much more secure than an out-of-the-box Windows deployment and router ACLs.
khasim (12/9/06): In a blind taste test, more people preferred Coke over the Pepsi that I had previously pissed in.
I was assuming he meant Host Based Intrusion.
-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d? s: a-- C++++ UL++++ P++ L+++ E- W++ N o-- K- w--- O- M+ V PS+ P
Gotta give credit to MS for eating their own dog food...
Allow incoming connection on port 80? Confirm/deny
Isn't that just you announcing your ignorant of which tools to use? Are you that kid in gym class that was always trying to put his shoes back on without untying them, rather than take the seconds to untie/re-tie he'd stomp himself around the locker room for minutes until they fit right. Oh and, how long would it take you to create and print a tri-fold pamphlet using sed? Perhaps you're the problem, not the app.
Talc is technically a rock...
Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
don't forget the whole slough of Linux servers that they use through Akamai to handle the bandwidth;
it's one reason why why doing a lookup on Microsoft servers, it often shows that they are running Linux. It's also another reason why people point out that Linux is more scalable because even Microsoft can't eat it's own dogfood.
1. The asshat highlights they use no firewall, and yet buried deeper in the article is this "Router ACLs are in place to block unnecessary ports" That's the functional equivalent of a firewall.
2. I get into discussions where tech guys spew traffic numbers and I'm never impressed. It creates issues if you want to actually do something with the data which I doubt they do much beyond running the usual marketing metrics. Until you actually shoot for 99.99 service uptime, you begin to comprehend the challenge it is (on any platform) the traffic itself is not the challenge.
3. I'm very interested in reading what their hardware budget is like. I get excellent performance out of Linux compared to server 2003 boxes on similar compaq dl380's.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Cisco Guards for DoS detection and automated response In other words, they don't use firewalling where you have administrator defined rules to control traffic flow, they use networking equipment that accept administrator defined rules to control traffic flow
What in the world do *you* perceive the difference being between a 'firewall' and a router blocking ports based on source and destination being compared with a set of rules (aka ACLs)? Generally, firewall rules *can* get more complex than that, but mere port blocking by an intermediate router has been considered a firewall, even if it doesn't log violating or accepted packets, even if it doesn't have complex rules about connection state. Even if it doesn't have the word 'firewall' emblazened on the chassis somewhere.
XML is like violence. If it doesn't solve the problem, use more.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Which we do on a regular basis. Every few weeks I see emails going around from higher-ups asking us to test their team's RC or beta stuff at home for them, and the project I'm working on has been dependent on VS2008 since beta2. Everyone here has their favourite project they like to keep tabs on. I've got longhorn server 2008 running on one of my machines here.
That said, the choice to use longhorn server in production isn't actually a bad one. It's really, REALLY stable. I keep hearing (from people both inside and outside the company) that it's more stable than 2003 is (and 2003 has the benefits of multiple service packs). It's also a lot more configurable about what it runs, and how much of it it enables when it's installed. I wouldn't bet the entire stable on it, but I'd be willing to put money on it getting a place.
All in all, it's pretty sweet, if you look at it from the sysadmin perspective. Also, the stuff you can setup when you couple it with vista is really nice (from a security standpoint, particularly). That said, some of that functionality is being backported to XP with SP3 or whatever.
Link, please? http://update.microsoft.com/
== Jez ==
Do you miss Firefox? Try Pale Moon.
Program WinYes! is trying to perform an action on a dialog box. Allow/Deny?
which is totally what she said
Actually, when you first boot Windows Server it pops up with the "Configure Your Server" page, and an extra note that until you've set up roles on it, nothing will work. As in, it hasn't started IIS, it hasn't started AD, it hasn't even started Terminal Services. And until you've picked which ones you want to run, it wont even allow inbound connections whatsoever!
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Ok, but is the OS *still* organized like crap? I mean, is C:\Windows still a dumping ground for a bunch of arbitrarily named data files, log files, drivers, and libraries using, for the most part, the old 8.3 naming convention?
.NET has made this significantly less painful, because it was considered ahead of time (it's not much easier to actually manage, but that's the tools more than anything, and just takes a bit of experience.... which unsurprisingly, is what dealing with the idiosyncracies of the old systems take anyway!)
Dude, if you can't hack that right now, how are you dealing with unix instead?
If any platform's based on a standard of bizarre naming due to space saving stupidity, that's it. Far more so than windows. Infact, name any mature platform that's based on reasonable standards for it's underlying API's and structure.
Didn't think you could. While it's true that things like the FHS are helping on the unix side, try telling an oldschool developer like oracle that they need to follow it. They'll laugh. and laugh.
and laugh.
Windows is in much the same position. At least
ash
Because at least Unix has conventions.
Really? Ok, lets open up C:\Windows on one of our Windows servers. Hmmm a folder named "$hf_mig$". I suppose you know what that means or what convention that follows? Or C:\Windows\adam. Kinda looks like it might be some directory tools. Maybe ADAM = Active Directory AdMinistration? What's that doing there anyway? I could keep going down the list. I suppose there is a very good reason why there are
First of all, I was only talking about superficial organization. And if you want to see something nice, have a look at OS X some time. Not only is the System (/System) well organized, but most applications are neatly self contained in
I could give fuck-all what Oracle thinks. My Debian systems are very well organized, thank you very much. I don't find desktop wallpapers in
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Because at least Unix has conventions.
.BMP files in C:\Windows? Desktop wallpapers? Come on. I wonder if they're related the other brilliantly named files such as SET2.tmp and SET3.tmp in that same directory. And don't get me started on the insanity that is C:\Windows\System32. Hardly a single file/folder that doesn't use 8.3 naming. I haven't clue what have that stuff is doing there.
.so's in /usr/lib.)
/usr/share/ on linux too. The organisation might be a bit better, but not by much. The saving grace there is that I have dpkg to work shit out for me. .NET goes even further. You can register as many different versions of a namespace as you like, and .NET will do the mapping for you if you request a specific version.
/Applications/Some.app. They usually don't spew files all over the place when installed. You know where the term DLL Hell comes from, don't you?
.NET does a good job of solving this quite nicely. Adds public/private keys into the mix too, plus a bunch of other mechanisms. .NET isn't just for C# either. It deals with VB, C++, and (ahahahha) J# too.
Conventions are a nice way of saying "that's the way it's always been, so that's the way it stays." Windows has similar problems left over from legacy, going all the way back to CP/M. Yes, this sucks, but so does some conventions in unixland. Just ask a Solaris 10 admin how much it sucks when your upstream vendor breaks decades-long convention.
Really? Ok, lets open up C:\Windows on one of our Windows servers. Hmmm a folder named "$hf_mig$". I suppose you know what that means or what convention that follows? Or C:\Windows\adam. Kinda looks like it might be some directory tools. Maybe ADAM = Active Directory AdMinistration? What's that doing there anyway? I could keep going down the list. I suppose there is a very good reason why there are
You're not looking in the right place. Microsoft, love it or hate it, worked out a long time ago that 'filename' and 'metadata' aren't necessarily the same thing. The filename and path are just handy locational indexes, and don't necessarily need to mean *anything*. Sure, a DLL can, and often, for newer stuff, IS far longer than 8.3, but it wasn't until later versions of NT (3.5/4.0, I don't remember my history too well) that support for it kicked in well enough, and there's some legacy stuff around. You don't break legacy just because it's fun. Microsoft gets this right, even if they had to tread over it a fair bit in vista, and add some nasty hacks to deal with most of the fallout.
Anyway, as I was saying, you're not looking in the right place. Case study: C:\windows\system32\apss.dll: Microsoft(r) InfoTech Storage System Library.
Problem solved. (it's not at all difficult to use something like powershell (or possibly other tools) to just print this out in a souped up version of ls with a little scripting, I might add, just like I can do a few similar scripting tricks on my debian system to tell you who owns the copyright to 90% of
Want another one?
c:\windows\System32\bitsigd.dll: Background Intelligent Transfer Service IGD Support
Oh look, another one, fully named.
Of course, this starts to fall down when the file doesn't contain metadata, but that's a problem for, say, XML schema files in
First of all, I was only talking about superficial organization. And if you want to see something nice, have a look at OS X some time. Not only is the System (/System) well organized, but most applications are neatly self contained in
Yes. I do.
I will admit that the mac platform is neatly arranged, but their QA seems to have gone to the toilet right now. A place that windows' QA has emerged from rather nicely, I should mention.
As for random stuff appearing in random places, try dealing with commercial software. Even on linux, the developers will put shit in strange places. Open