Microsoft Finally To Patch 17-Year-Old Bug

eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."

oldest bug evar... and other leet speechisms

[perlchild]

Is this a record(for a bug that's "known about" anyways?

Re:oldest bug evar... and other leet speechisms

[Ralish]

Not even close: The 25-Year-Old BSD Bug.

Re:oldest bug evar... and other leet speechisms

[nicknamenotavailable]

Is this a record(for a bug that's "known about" anyways?

A while ago OpenBSD developer found a 33 year old bug.
It depends on your definition of "known about" I guess.

Re:oldest bug evar... and other leet speechisms

No wonder BSD is dying.

Re:oldest bug evar... and other leet speechisms

[jabbathewocket]

since this bug was "discovered" in january its only chance at being a record would be the rapid turnaround in getting it patched..

By that I mean, rapid turnaround on Microsoft scale from disclosure in January, through to early Feb patching..

Re:oldest bug evar... and other leet speechisms

[eparker05]

I don't know if this counts... but the year 2038 problem is coming up in another 28 years. Something tells me that the public will be less riled up about this one. I don't foresee a rise in cult membership or survivalist magazine sales.

Re:oldest bug evar... and other leet speechisms

[jabbathewocket]

Reading the summary, nevermind the article would have kept both of you and the poster above you from posting sillyness.. The bug exists in a bit of 17 year old code, but was discovered last month... so not even remotely "old"

Re:oldest bug evar... and other leet speechisms

Is this a record(for a bug that's "known about" anyways?

No; the oldest known bug is the ol' missing closing parenthesis.

Re:oldest bug evar... and other leet speechisms

[SpaceLifeForm]

The BSD bug referred to was latent for 25 years.

Last I checked, 25 is greater than 17.

Neither is good, but the latter is criminal.

Nothing quite like a "timely" response

[msobkow]

How in the world can a bug exist for 17 years when they've released so many versions of Windows in that time? Hasn't the kernel been revamped three times? (Win98/ME, WinNT/Win2K/WinXP, Vista/7)

Re:Nothing quite like a "timely" response

[chill]

Backwards compatibility FTW! The one thing that if Microsoft broke, they'd have a serious OS horserace on their hands. Then anyone would be free to simply choose OS X, Linux or anything else just on merits and not "it runs all my old software".

Re:Nothing quite like a "timely" response

[SEE]

Um, no. The bug was introduced in Windows NT 3.1, and has remained in the NT line ever since. Windows 7 is very much still built on the NT codebase.

Re:Nothing quite like a "timely" response

[wizardforce]

This has to my knowledge, nothing to do with the kernel. It's a bug in a program used to run older applications. It was only found to be a problem very recently. Until now there was no real understanding that the bug existed and thus no reason to change that part of the OSes.

Re:Nothing quite like a "timely" response

[supersat]

Windows 7 is Windows NT 6.1. NT has been in development for over 20 years.

Re:Nothing quite like a "timely" response

Because it's part of WoW32, the old emulator for 16 bit applications.

Shockingly, this shouldn't exist in any of the 64-bit windows versions because they don't have WoW32 (they have WoW64, and drop support altogether for 16 bit).

Re:Nothing quite like a "timely" response

[siride]

You have no idea what you are talking about. Read the other comments for the details. This is a bug in the ntvdm subsystem which was a newly (at the time) written system for running 16-bit apps on 32-bit Windows.

Re:Nothing quite like a "timely" response

[Brain_Recall]

And just to clarify, this bug was only discovered (at least by someone willing to disclose it) in January 2010. At least Microsoft didn't brush it under the rug for 17 years, I hope...

Re:Nothing quite like a "timely" response

[bheer]

> Windows 3.1 - 7 are often based on the same code set.

You, sir, do not have the vaguest idea of what you are talking about.

> to get into windows 3.1 you need to type in "win" at the DOS window.

I thought for a moment you meant Windows *NT* 3.1 - 7, but ... it's clear that you didn't mean that.

FWIW, this bug affects all NT OSes right back to NT 3.1 (the first released version) and is an obscure kernel bug (it was only found in January 2010!). The BBC article was light on details except to say it "involves a utility that allows newer versions of Windows to run very old programs", but there's more detail from the always-excellent full-disclosure mailing list.

Re:Nothing quite like a "timely" response

Not really

It's since Windows NT 3.1 not Windows 3.1. The first is 32bit and the latter is 16bit. And no the code set is not the same in Windows 3.1 and Windows NT any version...

Anyways, check the article and wikipedia the rest if you really want to know.

Re:Nothing quite like a "timely" response

[bheer]

Er, from a better read of full-disclosure, I see it was reported in June 2009, not Jan 2010 as I stated earlier. Still, that's a long time for a bug to have gone un-noticed.

Re:Nothing quite like a "timely" response

[Jon+Abbott]

I always hated how the Windows 2000 startup screen said "Built on NT Technology", because "NT" itself stood for "New Technology". I guess it's just another case of RAS syndrome.

Re:Nothing quite like a "timely" response

[gparent]

It's actually 7.0. The 6.1 was a technical decision to keep compatibility with broken applications.

Re:Nothing quite like a "timely" response

Like "LOL IBM, we just fucked you in the RAS!"

Re:Nothing quite like a "timely" response

can't you run WOW32 in WOW64?

Re:Nothing quite like a "timely" response

[swinefc]

WOW! You just blew my mind

Re:Nothing quite like a "timely" response

no.. that was just the excuse they gave. the real reason is that 7 isn't much of a code change from vista.

Re:Nothing quite like a "timely" response

[glitch23]

The bug was found in a utility anyway, not the kernel, so even if XP hadn't carried the torch of the previous NT kernel and had been revamped instead, the bug would still be in XP and other recent version of Windows.

Re:Nothing quite like a "timely" response

[noisyinstrument]

If I had got a dollar for every time I had to correct someone for RAS syndrome style mistakes I'd never have to visit an ATM machine again.

Idiots!

Re:Nothing quite like a "timely" response

http://www.winsupersite.com/reviews/winserver2k3_gold1.asp

You mean the N-Ten the Intel i860 emulator. Funny how people listen to marketing and treat the meaning of something can change :)

Re:Nothing quite like a "timely" response

[hairyfeet]

Yes and thank Jebus for backwards compatibility! Or do you actually want all your stuff broken? Converting my customers away from XP to Windows 7 so far I have had exactly ONE app be a PITA, and that was the evil Quickbooks, those that bought Intel no VM chips and couldn't run XP Mode simply went out and bought Quickbooks 09 and all was good in the universe again.

Linux doesn't have to worry about backwards compatibility because users are paying $0 for their software. Imagine if you paid $400 for Photoshop for Linux, but next year it was worthless because the latest kernel wouldn't run it? Wouldn't be very happy then, would you? I am personally VERY happy for backwards compatibility, as nearly all the software I have going back many years all "just works" even though I made the jump from IA32 to X64, first with XP X64 and later Windows 7 HP X64. So while other may laugh at backwards compatibility it makes this old PC repairman VERY HAPPY that I don't have to deal with users on Win98 or WinME (shudders at the flashbacks) because some "must have" apps won't run. Yay backwards compatibility!

Re:Nothing quite like a "timely" response

[symbolset]

Windows 7 is very much still built on the NT codebase.

You lie! Longhorn (Vista, Server 2008) was built from the ground up. Microsoft told me so!

They wouldn't lie to me. <sniff>

Re:Nothing quite like a "timely" response

[Nutria]

Imagine if you paid $400 for Photoshop for Linux, but next year it was worthless because the latest kernel wouldn't run it? Wouldn't be very happy then, would you?

You're right: I'd be sorely peeved.

However, Linux strives for userland consistency, so any problems with old programs (like WordPerfect 8) not running are to be blamed on incompatible (glibc, for example) or non-existent (GNOME 1.4, Gtk 1.3) libraries. Gtk2, GNOME2 and glibc6 (is that a Debianism?) have been out long enough, though, that there aren't too many issues like that anymore.

Not that any non-geek would care about the real reason, so "blame it on Linux" is good enough!

Re:Nothing quite like a "timely" response

Aaahh... That's tin foil hat basement dweller's for ya, always has to be a conspiracy theory behind everything.

Re:Nothing quite like a "timely" response

I think libc 5 was a.out format, and libc6/glibc was elf format, although I may not be remembering right.

Re:Nothing quite like a "timely" response

[Jon+Abbott]

I never listened to their marketing. I was quoting Microsoft's own Windows history webpage.

Re:Nothing quite like a "timely" response

[symbolset]

I've known about this bug for many years - it's one of a few that date back to my college days when I had a scholarly interest in such things. Back then I used to haunt the dark corners of the Internet where these things were good for a laugh. Now they're good for a quarter million dollars because GO's haunt the dark corners now and they pay good money, and only now are ones like this coming out in common knowledge. You may be sure that if you're a high value target you've been exploited this whole time and that's why your competitors mysteriously beat you to market, or how knockoffs appeared more suddenly after your innovation than reverse engineering would allow.

What's absurd is that there are hundreds more just in the core OS. Go to apps and WMP doesn't have a streaming format that doesn't have pwnership, and let's not even talk about IE. Then there's all the forgotten formats and services, each with its vestigal exploits that still work. And then there's Office. Good Lord, as if providing multiple Turing machine capable development environments were not enough, every app includes embeds for hundreds of formats that can hose any machine that opens a document, and for each of those there's a Microsoft-only undocumented interface that's truly trusted to be exploited, because that's how they roll. And one of those apps is an email client - think about that for a bit.

Each fix only adds to the problem. Even if the patch doesn't add new exploits (most do) most people don't patch, and half of the few who do patch slowly to avoid incompatibilities. In the meantime the patch gives clues to the amateurs on which features to exploit. For 90% of systems you only need to pwn it once and leave some obvious malware and the idiot running it will clean it and think it's all good. So the smart black hat builds a database of servers running Windows he can get at from his previously Pwned boxes (yes, some of them are probably inside your firewall and most but not all of them are clients) and crafts a package to pwn the rest of your network and if necessary leave some cleanable traces. The truly nefarious black hats exploit the patching system itself - of course it has exploits and hidden hooks too.

Each rewrite leads to new problems. In 2008 how the hell do you write a server OS that hangs on a bad packet on the file sharing service? That's not what Bill promised us in 2002. In six years they couldn't even get that right? That's your clue that they're not even trying or at least they're not able. At the very least they're struggling just to copy a file as if that were a new requirement.

You would think with the billions they have to throw away on XBox and Pink, from Bing to Zune, Microsoft could afford to hire a few Pakistani code geeks to haunt the dark corners and report what they find written on the wall there. They're getting rid of their profits but they're not doing it well. You would think code security audits would extend to the historical catalog of code, but no... that group has enough to do just vetting this month's patches, let alone the output of the dev teams. I imagine the rest of them are building Bing interfaces into Yahoo's services as if they had a hope in hell of getting us to use Bing. For sure they're not throwing a ton of quality code geeks into saving their butt on WiMo 7. Fixing bugs widely known in the Underground that consumers like you don't know about? That's a 0 priority task.

Windows shops: not only are we laughing at you - we always have and we always will. You poor bastards.

Re:Nothing quite like a "timely" response

[dryeo]

Wordperfect 8 (the tar.gz commercial version) runs fine after installing libc5.deb and xlib5.deb or something close to that. Even Wordperfect8.deb will install though a lot of stuff will get uninstalled. This can probably be fixed by removing the xlibg5.deb dependency.

Re:Nothing quite like a "timely" response

[camcorder]

If a photo manipulation program has something broken with a new version of kernel, that means developers should be unhappy since they are doing something very wrong at the beginning.

Re:Nothing quite like a "timely" response

[kadnan]

They kept promoting that bug as a "feature" in newer versions. /A

Re:Nothing quite like a "timely" response

Don't forget C-disks and CC-cassettes. :)

Re:Nothing quite like a "timely" response

[Antique+Geekmeister]

Oh, my. I did a bit of work, last year, on an ancient project shared project that turned out to still be in use. (Small project, very stable code, old client.) There was a bug in handling mixed case filenames, and another one for handling files with spaces or punctuation in them: I'd never noticed, because when I wrote it it was all UNIX and no one _did_ that. But now some of the files were being generated by Samba clients on Windows boxes, who wrote files like "March 3rd Data.txt". So I fixed the bug, which I'd never noticed, in 12 year old code. It could have become an interesting security issue, too: opening unexpected files as root due to file name mis-parsing.

It happens, and as code is exposed to new uses, it's not unusual. In a large, open source project with "many eyes" on it, I'd expect it to have been noticed a lot faster. (I was careless with filename handling: I've learned better since then, and plenty of experienced programmers would have noticed it themselves if it were more broadly used.) And my code is "trusted", from a "respected vendor". It's the sort of reason that I prefer to start with a working, well-known project and enhance it, rather than writing from scratch: usually someone has already fixed these sorts of bugs. And it's why I like to see the source on an open project, rather than merely submit a bug report to a vendor. I can see if they did that style of bug a *lot*.

In fact, I just had a long chat with a developer about his "case" statements: he refused to acknowledge that they should have "default" cases, in case he had missed something, for the program to error out or report the issue. So we went through his latest program and found 3 such instances where unreported errors would occur. He said "oh, I'll add those cases", and refused to acknowledge the point that you need to handle unexpected cases by actually _noticing_ them. I'm afraid he may have to be let go, and his code seriously reviewed top to bottom, because of this sort of thing.

Re:Nothing quite like a "timely" response

Then you wouldn't need to remember your PIN number

Re:Nothing quite like a "timely" response

[drinkypoo]

Are you sure there's no code remaining from Windows (not NT) 3.1? There's backwards compatiblity for things that ran on it. Why reinvent the wheel badly when you have a bad wheel on hand?

Re:Nothing quite like a "timely" response

[snowgirl]

You're missing the key difference here. Microsoft is making money hand over fist, like mad, and were doing so before security was as important as it is now. It's not so important that they ensure security in their products as ensure that clients believe that security is taken seriously.

Re:Nothing quite like a "timely" response

64bit versions of Windows are not affected. Windows 2008 R2 is not affected by this bug.

Re:Nothing quite like a "timely" response

[neovoxx]

If this bug was in NT 3.1, I wonder if it's also in OS/2?

Re:Nothing quite like a "timely" response

Blah Blah Blah.. lot of hot air, nothing concrete to back it up.

Re:Nothing quite like a "timely" response

[mr_lizard13]

I've known about this bug for many years

Me too. I'm really annoyed - I've only just finished putting the finishing touches to my exploit.

Re:Nothing quite like a "timely" response

[Pharmboy]

Linux doesn't have to worry about backwards compatibility because users are paying $0 for their software.

Not exactly true. I have paid for a great deal of software designed to specifically run on Linux. AVG's coroporate anti-virus server runs on Linux, tons of CRM and database applications run on Linux, even a lot of Perl based management suites for webhosting aren't free. And worth every penny from my experience. So far, compatibility hasn't been an issue when I upgrade for most, although many require a RH based system (RH/CentOS/Fedora) to work.

Re:Nothing quite like a "timely" response

[Kaboom13]

Exploit code or it didn't happen.

Re:Nothing quite like a "timely" response

[ildon]

The article is a little misleading. The bug started in NT 3.1, not DOS or Windows 3.1.

Re:Nothing quite like a "timely" response

That's just bullshit. If this security hole was open for exploit since "your college days", it would've been exploited earlier. So, proof or stfu.

Re:Nothing quite like a "timely" response

[Pharmboy]

Then you wouldn't need to remember your PIN number

It's the price of a cheese pizza and a large soda...

Re:Nothing quite like a "timely" response

[hackstraw]

You're missing the key difference here. Microsoft is making money hand over fist

Tell that to their stockholders. They will laugh.

Re:Nothing quite like a "timely" response

[symbolset]

It's not necessary. Microsoft themselves will publish a list of ones they found for the next forever. If you want advance notice go hang out with the malware geeks. It's not like they're hiding - it's a $20B a year industry. Where are they going to hide?

Re:Nothing quite like a "timely" response

[aquila.solo]

Should I take that to mean that you change it every six months?

Re:Nothing quite like a "timely" response

[jonaskoelker]

Not that any non-geek would care about the real reason, so "blame it on Linux" is good enough!

So what you're saying is that they should blame it on GNU/Linux? ;)

Re:Nothing quite like a "timely" response

[lannocc]

I never listened to their marketing. I was quoting Microsoft's own Windows history webpage.

Are you sure? The New Technology moniker was apparently "a rare spurt of product marketing by the original NT team members", so GP is right assuming his article is correct. The fact that you point to Microsoft's own websites almost guarantees that you've read a little marketing.

Re:Nothing quite like a "timely" response

[Pharmboy]

I guess you have never seen the Futurama episode, "A Fishful of Dollars".

Re:Nothing quite like a "timely" response

[aquila.solo]

My apologies. For some reason that quote didn't register.

Re:Nothing quite like a "timely" response

[drsmithy]

If this bug was in NT 3.1, I wonder if it's also in OS/2?

Given that the two were completely different codebases, I'd have to go with "no".

Re:Nothing quite like a "timely" response

[Jon+Abbott]

I first read it in Byte Magazine, PC Magazine or PC Computing back in the early 90s. I don't have those magazines anymore so I linked to the MS website instead. Both answers are probably right, but it depends on who you ask. :^)

Re:Nothing quite like a "timely" response

And then you wouldn't need to remember your PIN number!!

Re:Nothing quite like a "timely" response

[daver00]

"There's backwards compatiblity for things that ran on it."

No there isnt, that went out the window with Win98/ME. NT needs NT stuff and the old DOS based stuff won't run on it.

Re:Nothing quite like a "timely" response

[drinkypoo]

There's backwards compatiblity for things that ran on it.

No there isnt, that went out the window with Win98/ME. NT needs NT stuff and the old DOS based stuff won't run on it.

That is only true on 64 bit Windows. Or perhaps on Vista and 7, I haven't tried on them. But I regularly ran Populous 2 on Windows before I got rid of XP and went back to running Linux. Windows XP runs DOS software just fine, so does every prior version of NT, except of course when they require direct video access. AFAICT windows XP emulates that, too. A virtual machine approach has always been used for 16 bit code on Windows NT, because it refuses to switch back and forth between protected and real mode. Every Win9x except Windows ME, however, not only contains substantial portions of 16 bit code itself, but will also run DOS and Windows 3.1 programs.

Or, short form, you do not know what you are talking about at all.

Re:Nothing quite like a "timely" response

With free software i could just recompile old software and it will run nicely most of the times, even better there is a commmunity o employes and volunteers doing it for me, to the point than install and update are most of the times a very easy, automatized and safe. Software formally proven would not need updates, unless new functionality were to be added, sadly we have neither the intelligence nor the tools to do so.

Re:Nothing quite like a "timely" response

Wrong.

http://packetstormsecurity.org/1001-exploits/mswinnt-pwn.txt

"Microsoft was informed about this vulnerability on 12-Jun-2009, and they confirmed receipt of my report on 22-Jun-2009.

Regrettably, no official patch is currently available. As an effective and easy to deploy workaround is available, I have concluded that it is in the best interest of users to go ahead with the publication of this document without an official patch. It should be noted that very few users rely on NT security, the primary audience of this advisory is expected to be domain administrators and security professionals."

They've known of this bug for AT LEAST six months and at the time the exploit was published there was still no patch. But surprise, surprise! Not long after it was published a patch was released. Fact is, Microsoft doesn't give a shit unless they're called out. Like other posters already mentioned this bug may have been known to some people for years.

Better late than never...

[__aaclcg7560]

Wow! I didn't know that the DOS code was so complicated that it took 17 years to fix.

Re:Better late than never...

[AikonMGB]

You mispronounced "so unused that it took 17 years to find."

Re:Better late than never...

[__aaclcg7560]

[putting on anti-grammar Nazis hat]

Isn't that supposed to be "miswrote" instead of "mispronounced" since 1) I didn't verbally say anything and 2) I very much doubt you could hear me without being in the same room.

[taking off anti-grammar Nazis hat]

Re:Better late than never...

[maxwell+demon]

Actually the canonical term for this meme is "misspelled".

Re:Better late than never...

[AikonMGB]

Possibly; I was going off a meme at our lab that originates from one person saying something negative, and the other responding "you mispronounced 'awesome'."

Aikon-

Re:Better late than never...

[redalien]

What does his choice of words have to do with grammar?

Re:Better late than never...

[__aaclcg7560]

A wrong word choice can change the meaning of the sentence. Grammar is about writing clear sentences.

Re:Better late than never...

[Jedi+Alec]

2) I very much doubt you could hear me without being in the same room.

Well, apparently there's this exploit in the wild....

Re:Better late than never...

[redalien]

Grammar is about the validity of sentences. Two sentences that mean different things can both be grammatically correct. Perhaps you're thinking of semantics?

Windows NT

[dawilcox]

Wasn't Windows NT developed from the ground up separately from DOS? If it's developed separately from DOS (no copy and paste), would it really have the same bugs as DOS (for all intents and purposes an unrelated operating system). This feels like to me Microsoft fixing an error that has been around ever since Linux...

Re:Windows NT

[supersat]

It's not a bug in DOS, but a bug in the NT virtual 8086 machine monitor. Since hardly anyone still runs DOS applications, it's not surprising that it took so long for the bug to be discovered. It's a feature that's not often thought about.

Re:Windows NT

[mysidia]

Yes... the only question is... Why didn't Microsoft disable running DOS apps by default?

Since hardly anyone does it, and the facility is only provided for backwards compatibility, it ought to require explicit manual admin action to enable.

Given the security risk exposure of having such a rarely-used feature exposed as part of the potential attack surface.

Re:Windows NT

[Belial6]

Or MS could do what they should have done with XP and just included DOS as an OS image running inside of a PC emulator.

Re:Windows NT

[cusco]

You'd be surprised. Until two years ago the agents' interface to one of the national insurance firms was a 16-bit app dating from the days of Win 3.11.

Re:Windows NT

[Mashiki]

Why is that a surprise. Businesses here still use programs running under OS/2 1.1

Re:Windows NT

[mysidia]

Then, they would be one of the few windows users who would need the feature manually enabled by the admin for that one program.

But it doesn't need to be enabled in general so that arbitrary programs can easily be run in 16-bit mode just by downloading them and double-clicking a .EXE or .PIF.

Re:Windows NT

[drinkypoo]

Backwards compatibility was Windows' great asset. Note that it is somewhat gone in Windows 7, unless they've fixed things such that Civ II Multiplayer Gold works, or the five or so other games I tried. It and Battlezone (another fail when I tried it) fail in VirtualBox OSE (haven't tried the real one) but work in VMware Workstation... under Windows XP. In the XP days it was still possible to just double-click most DOS games' executable to show off just how antiquated Windows could pretend to be. Dunno how that's working out on Windows 7; certainly XP would run a lot less DOS software than DOS, shock amazement. In fact I had DOSBOX installed on XP to run something or other that flailed on XP. Now I use DOSBOX and Windows XP in VMware workstation since my Gigabyte motherboard won't install XP (Gigabyte says "it works here") to play my games under Linux. It's amazing how well some games work in a virtual machine, 3D and all.

Re:Windows NT

[slimjim8094]

That's what the NTVDM *is*. It's effectively a virtual machine, though it's closer to a virtualizer than a simulator (more like VirtualBox than Bochs)

Re:Windows NT

[Nimey]

My understanding is that it emulates what passed for syscalls in DOS. Parent is probably thinking of something like VM program + complete copy of MS-DOS 6.22, which might have been better in some ways, but also slower, especially on the machines that were common back in late '01 when XP was released.

Re:Windows NT

[Bungie]

Yes... the only question is... Why didn't Microsoft disable running DOS apps by default?

I think Microsoft wasn't concerned because DOS applications are all contained in a virtual machine. The hardware is emulated by the VDM or VXD's. If anything goes wrong NTVDM.EXE terminates like any other user process. Ideally it should be as safe to run and I'm sure Microsoft wanted to make running legacy DOS apps as seamless as possible to the end user.

Re:Windows NT

[yuhong]

In fact, NT retained the ability to run text-mode OS/2 1.x apps up to Win2000!

Re:Windows NT

It would have been silly to do something like that given that Intel specifically added VM86 mode for x86 processors for running legacy code.

Re:Windows NT

Yes, although by now Dosbox is so much better that I don't understand why Microsoft doesn't simply drop it and tell people to install Dosbox if they need to play their old games.

Re:Windows NT

[Celarent+Darii]

We still use an accounting app that is DOS only. There are lots of them out there, more than you think.

Not everyone updates software every year or business cycle. Here in Eastern Europe, it takes ages to update anything.

Just saying that there is often a reason for things.

Re:Windows NT

Does ReactOS have it?

Re:Windows NT

I know of a number of veterinary hospitals that still use a DOS program that they bought for Win 3.1 machines back in the early 90's. They have no reason to pay thousands of dollars to upgrade to a new system, because the old system still works. We even updated all of the computers to XP a few years ago so they could also use Office and Quicken. The DOS program runs in compatibility mode, and works perfectly.

DOS-era programs are as surprisingly prevalent as COBOL in non-tech-centric industries.

Re:Windows NT

[classicvw]

I am still running some DOS based programs. If they work for what you need, why upgrade. MYM9 still keeps track of my checking accounts without any problems.

Re:Windows NT

[mysidia]

There's nothing wrong with some people still using DOS apps, but there aren't that many of them.

They should have to install/enable the feature manually for the program as admin before they can run the DOS app.

For the same reason UUcp or NNTP is not shipped with BSD/Linux anymore, despite some people still using it.

It is a security risk to have unmaintained software or infrequently used functions available or running by default. Since hardly anyone uses UseNet or NNTP anymore, having a NNTP service running or a setuid newsreader installed by default, would be a needless risk.

There should be no middle ground for any part of the system: either it gets blocked or disabled by default, or it gets full scrutiny during security audits.

It only takes one vulnerability.

Re:Windows NT

[squiggleslash]

Why would you setuid a newsreader?

Just curious. I've never seen that before. Newsreaders have no good reason to be root, any more than email clients.

Re:Windows NT

[mysidia]

News readers were typically setgid news.

INN typically had components that ran setgid news and setuid root, since only root can bind ports below 1024, NNTP runs on port 119.

Re:Windows NT

[ImprovOmega]

Why didn't Microsoft disable running DOS apps by default?

In the 64-bit versions of Windows Server/Vista/7 (which are gaining wide adoption) there is no longer support for running old 16-bit dos/win3.1 apps.

With some work it's still possible with something like DosBox, but that's a third party application.

Re:Windows NT

[squiggleslash]

I've never seen news readers being setguid's, but that said, even if they were that's a whole different thing to setuiding a newsreader, let alone to an actually dangerous account such as root. Setguid can be good practice in some instances, it rarely has any downsides unless the administrator and programmers are complete idiots.

INN is an NNTP server, not a newsreader, so that's a whole different ballgame. I don't know how it works now, but once upon a time every server ran as root, so it's no surprise it once did. Today, we know better, and we design servers to run as sandboxed as possible and to never get close to being root. The "1-1024 owned by root" rule has a lot to answer for.

Patch Tuesday ahead.

[LostCluster]

This is a rather odd story to drop into the Slashdot cycle on a Friday Night (East Coast USA), it's basically just a warning that the typical Patch Tuesday (Second Tuesday of every month) is next week and the typical 0-day bugs that will be fixed which leads to the "bad guys" finding out what the bug was and deploying their attacks in the next few days.

This really is a notice to the IT guys and people who don't have automatic update downloads installed... nothing newsworthy or out of the normal cycle of things.

Re:Patch Tuesday ahead.

[__aaclcg7560]

The /. editors are making up for having too many Apple stories since the introduction of the iPad. Now resuming normal "[Microsoft] Evil Empire Bashing" programming. Enjoy!

Re:Patch Tuesday ahead.

[xactuary]

So let's be clear. Every second Tuesday, until hell freezes over, will be a critical windows update event. Heck of a job Stevie.

Not discovered in January

[WD]

Tavis disclosed the ntvdm vulnerability in January, however it was reported to Microsoft on June 12, 2009.
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html

Re:Not discovered in January

[Gilandune]

Which still doesnt make it 17 years, like most of these comments assume in their madman ravings...

Re:Not discovered in January

Neither does it make in 1 month, like most of these comments assume in their madman ravings...

Re:Not discovered in January

[drinkypoo]

Which still doesnt make it 17 years, like most of these comments assume in their madman ravings...

The time the vulnerability was reported has zero bearing on how long the bug has existed.

When is /. going to actually do more then just

[Liquidrage]

ms bash?

A bug no one knew about is being patched a month after it's found. WTG ms?

News for nerds? Or news for those that line your coffers?

Re:When is /. going to actually do more then just

[poopdeville]

Argh, as if bash and Unix's reliance on it wasn't bad enough, there's an MS bash now?

Re:When is /. going to actually do more then just

[DNS-and-BIND]

MS Bash? For a second there, I thought this was about a bug being found in a long-abandoned Microsoft bash shell.

Sorry buddy, Microsoft has a really bad reputation. They retarded the progress of computers for years while pushing out inferior, buggy products supported by unethical, monopolistic business practices. A lot of people here had to deal with that personally and still bear a grudge.

Re:When is /. going to actually do more then just

[Liquidrage]

Fuck you mods and your troll bullshit. /. is owned by a company that has a stake in FOSS. It would be like ars being owned by a company with a stake in HD-DVD and posting any story about blu-ray in a negative light (back when there was a format war).

Every fucking headline or story about MS is painted in a bad way, and I'd say about half the stories deserve a retraction as can be seen in the threads. Other stories like this aren't even fucking news. And the headline is sensational. It's not news for nerds. It's news for nerds with a major bias.

Re:When is /. going to actually do more then just

Ha ha ha ! Good one Liquid... Oh wait! YOU'RE SERIOUS!?!?!? AH HAH AH AHAHHAHAHAHHAHAHAH Ahahhahahahahah AHAhahahahaHAhah!

Moron! What does Bill's anus smell like???

Re:When is /. going to actually do more then just

Outlook is an email client. Exchange is the server.

Re:When is /. going to actually do more then just

[TempestRose]

Why do I always NOT have mod points when I really need them? +1 Fucking HooRah! Go get em...

Re:When is /. going to actually do more then just

[Sir_Lewk]

Don't like it? Go back to digg. Slashdot has never tried to hide or deny it's FOSS bias, nor is it ashamed of it.

Re:When is /. going to actually do more then just

[Xeleema]

Outlook is the best mail server there is.

If you're going to shill with a sub-million UID account, you should get your facts straight. "Outlook" is a client, and no, it's not the best one out there, that's a matter of opinion, with the only alternative choice typically being Lotus Notes. If you really meant "the best mail server", you probably ment to say "Microsoft Exchange", although I would have said "sendmail" or "Whatever Sun/Oracle calls their mail server now", or "anything except Domino".

Re:When is /. going to actually do more then just

[selven]

There were probably crackers who knew about it and were keeping quiet to maximize long term exploitation potential. Also, you may recall that Slashdot did report on an 8-year-old Linux bug too.

Re:Linux Patch

As opposed to ?

What is a "BFF"?

[John+Hasler]

Best F'ing Friend?

Re:What is a "BFF"?

[pinkj]

Best Friend Forever! XD 3 3 3 !!!!

Re:What is a "BFF"?

BillGatesFuckFriend

Re:What is a "BFF"?

No, Best F**k Friend!

Re:What is a "BFF"?

Butt-Fuck Friend? Or in the case of file extensions, I think it's "Big Fucking File"

Re:What is a "BFF"?

[biryokumaru]

IDK, my BFF Jill?

Re:What is a "BFF"?

[Haymaker]

I'm sorry but your butt chins are getting out of control.

Re:What is a "BFF"?

bottom field first

Re:What is a "BFF"?

[CannonballHead]

"Best Friend[s] Forever"

Re:What is a "BFF"?

[Kuraz]

Urban Dictionary: bff - [ Diese Seite übersetzen ] bff - 50 definitions - Acronym - Best Friends Forever. www.urbandictionary.com/define.php?term=bff

Re:What is a "BFF"?

Best Friends Forever...at least in my time.

Re:What is a "BFF"?

best fiend forever

a bug thats older then i am lol

[cryoman23]

17 year old bug and a 14 year old kid reading about the bug(that doesn't effect me btw)

Re:a bug thats older then i am lol

Finish your homework and get in bed! :)

Re:a bug thats older then i am lol

[nicknamenotavailable]

mom... howd u know i was on /. better yet howd u know my user name....

Moms just know.
It's one of those 'eyes in the back of your head' things.

I remember my mom...
She wasn't at all pleased.
But now with DSL you can see so many more pictures than with dial-up.

Re:a bug thats older then i am lol

[siride]

Homework on a Friday night?

Re:a bug thats older then i am lol

You're 14 and wasting your Friday night on /.?

What happened to you kids? Shouldn't you be out smoking pot, sneaking beer and getting laid? It's like this last generation completely forgot how to have fun!

sigh...

[the1337g33k]

Yet another reason I avoid Windows and run for the hills with my linux box, if Windows was patched in a timely matter instead of being vulnerable for weeks, months, 17 years or when the media s**ts their pants, then I just might look at using it.

Just a thought...

Re:sigh...

[siride]

Remember that BSD bug that sat around for about the same length of time? Yeah, it happens everywhere.

Of course, this is only a bug that can be exploited by 16-bit programs and only on 32-bit Windows. Since I run neither of those, it's not even a problem for folks like me.

Re:sigh...

[Ziekheid]

You seriously have no idea what you're talking about. But enjoy being ignorant and naieve about things like this, because problems alike do not exist for other OS's, only in Windows.. right?

Re:sigh...

[the1337g33k]

Touche, however I should have mentioned that I was mainly referring to microsoft waiting to release their patches until "Microsoft Tuesday", whereas linux releases patches as soon as the fix is discovered

Re:sigh...

[the1337g33k]

i forgot to mention a critical piece involving the wait for Microsoft Tuesday before receiving these patches, unlike other OS'es where you don't have to wait a month for the bug to be fixed (unless as mentioned above about the media crapping a load forcing them to release it out-of-band). Hope that clears up the confusion.

Re:sigh...

[siride]

And then you wait till whenever your distro updates the kernel, and that's if you are bleeding edge. Otherwise, you wait for backports. It's probably fast enough, but there's no guarantee you get it the day of.

Re:sigh...

Real bleeding edge users build their own kernels from snapshot or linux-next on kernel.org FYI

Re:sigh...

[Ziekheid]

So now you realize your argument failed you try fixing it with a different approach?
Look up the list of unpatched vulnerabilities found in your own OS on securityfocus and realize how even this argument fails.
You clearly don't understand the thorough testing some patches go through before they go live. Besides, severe security issues are patches outside the patchcycle on a regular base.

Re:sigh...

All operating systems do have their flaws and linux is certainly no exception here.

@OP: This argument might have gone better had you not mentioned linux and kept it neutral? Loyalty to an OS is OK, but waving the flag around on slashdot is like shouting your gay around a group of guys.

Re:sigh...

whereas linux releases patches as soon as the fix is discover

lol.. nobody cares if the patch is checked in. Distro's still have to run hours of tests before they release the patch. Oh wait.. this is linux. the users are used as guinea pigs. Testing? LOL.. lets just push this crap to the users. No wonder EVERY SINGLE release of ubuntu breaks some shit or the other. Desktop linux is swimming in the kiddie pool. haha..

Re:sigh...

[MobileTatsu-NJG]

Yet another reason I avoid Windows and run for the hills with my linux box, if Windows was patched in a timely matter instead of being vulnerable for weeks, months, 17 years or when the media s**ts their pants, then I just might look at using it.

A.) You don't understand what really happened here. You should read the +5's in this thread before reading the next part of my post.

B.) There is absolutely nothing preventing Linux or anything else from having a problem like this. In fact, this is quite the cautionary tale for anybody running a computer. Your computer has a number of exploitable bugs in it right this second. Your machine is not safe. You need to install updates. You need network protection, firewall, etc. You need to make backups. You need to not run every executable you find from un-trusted sources. You need to use good practices when dealing with sensitive data. Running Linux, BSD, OSX, whatever, doesn't alleviate any of these concerns.

C.) Summaries often contain more information than the headline does. They also usually have links you can click on to get even more info.

Re:sigh...

On the risk of feeding the trolls, I would say that this really depends on the distro. Ubuntu tends to be bleeding-edge, offering the latest and greatest. This is just fine, and the maintainers do a great job.

There are always other distributions which might not sport the latest bells and whistles, but tend to be more conservative in what they include. SUSE, RedHat, Slackware, and Debian come to mind here.

I always recommend choosing the best distribution that fits what you want to do.

Re:sigh...

It must be really fucking cool to be you...

Re:sigh...

[MojoRilla]

There is absolutely nothing preventing Linux or anything else from having a problem like this.

Sure there is. Open source software has maybe thousands or tens of thousands of people looking at the source code for security issues. Microsoft has maybe hundreds?

Security by obscurity isn't secure.

Re:sigh...

[MobileTatsu-NJG]

And that's completely preventing an exploit that was created years ago from being found?

Cicada bug?

[nicknamenotavailable]

Let's call it the Cicada bug.

A Cicada has a life-cycle of 17 years.
Now Microsoft is about to squash it.

Re:Cicada bug?

[biryokumaru]

If I squash the Cicada in my computer, will it finally stop making that clicking noise whenever it's working hard?

Re:Cicada bug?

[Angst+Badger]

Don't worry. Some of the bugs created by Microsoft this year will be around in 17 years, too.

Hooray for you typical Slashdot idiot!

Here's your gold star!

"Finally"?

[holygoat]

Isn't it a little disingenuous to say "finally" when the bug was discovered last month?

That it was introduced 17 years ago doesn't mean that Microsoft has been tardy about fixing it...

Re:"Finally"?

[Nimey]

It was reported to MS in the middle of last year, and the bug's discoverer made it public last month after Microsoft still hadn't fixed it.

Re:"Finally"?

[10101001+10101001]

That it was introduced 17 years ago doesn't mean that Microsoft has been tardy about fixing it...

So, what you're saying is...if say I made a car, it had one or more acceleration issue for several years, I tried fixing the problems years ago, many times saying the car is now safe, but people still keep telling me they have issues; so, there's nothing "tardy" about my fixing the problem?

No, the real question is, why is it that Toyota had to pull cars off their sales floor, being not allowed to sell a known defective product, and Microsoft is still selling incremental versions of Windows while basically every month for years admitted they're selling a defective product?

Re:"Finally"?

[LordNimon]

Because Microsoft's bug is not going to kill anyone. Seriously, you're an idiot if you don't realize that.

You joke, but I think he'd like to

[Adrian+Lopez]

"We are not the streamlined, small, hyper-efficient kernel I envisioned 15 years ago. Our kernel is huge and bloated. Whenever we add a new feature, it only gets worse." -- Linus Torvalds, September 2009.

Re:You joke, but I think he'd like to

[binarylarry]

He doesn't joke, he trolls.

I though I wonder if Linus meant "We are not the streamlined, small, hyper-efficient microkernel I envisioned 15 years ago.".

Re:You joke, but I think he'd like to

[Zero__Kelvin]

"I though I wonder if Linus meant "We are not the streamlined, small, hyper-efficient microkernel I envisioned 15 years ago.".

Andrew Tanenbaum was for a microkernel architecture. Linus argued in favor of a monolithic architecture,as you can see here.

Re:You joke, but I think he'd like to

[symbolset]

He was speaking in absolute terms. Yes, the kernel could be much smaller. It is getting out of hand, relative to the simplicity of BSD and RTOS's and that means that in absolute terms it's bigger than it need be. Distros like dsl get around this by using older versions of the kernel, leveraging the brilliant Busybox (thanks Bruce!), leaving out unnecessary drivers and applications.

He could not have been talking relative to Windows. W7 x64 is a 20GB install - even before you add an office suite or the antimalware suites we've all come to know and love. Given the history it's reasonable to expect W8 will require continuing innovation in installation media.

I, for one, am glad Linus worries about such things in absolute rather than relative terms; instead of selling it to hardware partners as "it's a great way to drive adoption of new hardware!" This might mean that version 3.0 of the Linux kernel will be a total respin to eliminate cruft.

Re:You joke, but I think he'd like to

[binarylarry]

Yes, I know. *I* was joking.

Re:You joke, but I think he'd like to

[VertigoAce]

For what it's worth, the disk space requirements quoted for Windows are not for the OS, let alone the kernel. The disk space calculation is based on the OS, a set of applications (Office + other basic apps), room for documents, plus a couple service packs. The goal for Win7 was that it would be usable on a netbook with a 16GB SSD. I've heard of people getting a full install on an 8GB SSD, but it's not supported.

Re:You joke, but I think he'd like to

[HybridST]

Back when the Win7 RC was new, I tried to install it to a 6GB partition and it needed 6.13GB on an Inspiron 5150. It ran rather well for the 512MB ram I had and the unsupported 64mb go fx5200.

Re:You joke, but I think he'd like to

It takes 9GB with the OS' basic install and the 2gb pagefile to run it in 2gb ram. Just tested as I have a freshly installed VM of win7. That gets you a browser, a text editor and a media player.

Re:You joke, but I think he'd like to

I can't really say on Windows 7 64-bit, but the 32-bit version is only taking up 13GB on my system. Windirstat shows 7.5GB for the windows folder, 2Gb for the swap file, and 1.5GB for the hiberfile. I've got about 1GB worth of programs installed and google chrome is currently using another Gig for cache.

  It's a pretty fresh install, but without installing Steam I would say 20 GB leaves plenty of space for the operating system, and a reasonable amount of space for installing other programs(Openoffice is usually one of the largest programs I install unless I'm installing games).

Re:You joke, but I think he'd like to

[Pictish+Prince]

This might mean that version 3.0 of the Linux kernel will be a total respin to eliminate cruft.

From your mouth to God's ear. The apex of Linux development as far as I'm concerned is SuSE release 5, which had whatever came before 2.64.

Re:You joke, but I think he'd like to

[Gr8Apes]

W7 requires roughly 8.5GB for a standard installation, at least in my VM. Server 2008 R2 with nothing installed (it's "bare bones" after all, to be more "secure") runs about 16GB, also in a VM.

I can state this: the "bloat" is due to the fact that MS has never gone back and re-written anything, they've merely band-aided more and more crap on top of their old "kernel" (I hesitate to call something so lacking in design a kernel).

Re:You joke, but I think he'd like to

You cannot read minds and therefore you don't know that.

Personally I found the comment funny, so I'm more inclined to believe that it was only a joke.

bff

[thehostiles]

Just pointing out that "Microsoft's BFF, Google" deserves a placement in internet culture

Culture of insecurity

The sad thing with MS is that you can point out a problem to them, show them exactly how to fix it and they still do nothing. A business case must be made for every change which goes into their products which has to justify not only the cost of making the change but that of updating all the associated test plans and the financial impact of all future regression testing. It is much less frustrating to leak a security hole and let them patch it as an attempt to wipe the egg from their face, IMHO.

Re:Culture of insecurity

[Liquidrage]

It was just found a month ago and they are fixing it now. Of course, you are right. But in this case, you are not right.

Re:Culture of insecurity

[blackraven14250]

It was reported to M$ in June 2009.

This is great news!

[martin-boundary]

This is excellent news for Digital Research! With these latest patches, DR-DOS can finally run the latest version of Windows without any spurious error messages. This is a great day!

Re:This is great news!

[Obstin8]

Sorry man, you're posting a comment that just proves you're way too old to be commenting on /.

First, most of the current batch of MCSEs (is that acronym still allowed?) will be replying to you asking for the 800 number for Dr. Dos. I suggest you send them to the Dr. Who site.

Second, your reference to an obscure company called Digital Research will confuse the weenies. DRI.COM now resolves to a site for Colburn's Travels. It appears Mr. Colburn has achieved more mileage from the site than DRI ever did. Check the stats.

Lastly, you're really confusing people with the whole concept of a 'spurious' error. Microsoft has - through the determined, repetitive, and consistent application of "innovation" - eliminated all spurious errors from the code-base. All errors are now completely intentional, rational and self-explanatory. Click here for more information. :)

Re:This is great news!

This is funny, but wrong. This bug is in the NT line of Windows, which never ran on top of any version of DOS (NT could emulate DOS with the ntvdm subsystem where the bug was found), unlike the 3.1-95-98-ME line.

Average Wait For Bug Fixes

[Greyfox]

That's really going to screw up their average response time numbers...

Re:Average Wait For Bug Fixes

[jabbathewocket]

Yah because disclosure in January 2010 (June 2009 privately - January 2010 publicly) is gonna totally screw up turnaround time avg..Why do people fail to comprehend and read the freaking summary much less the articles?

Re:Average Wait For Bug Fixes

[maxume]

What I don't understand is how this manages to screw up Office.

Re:Average Wait For Bug Fixes

With an n as big as Microsoft's, will it really matter?

Meh

[tengeta]

To be honest, it doesn't sound that dangerous if it took that damn long to figure it out. Now it is, but its getting patched. Question here is, did anyone know about it before and abuse it while keeping tight lips? If so, they may really pissed to know its done.

yummy

[Jesus+IS+the+Devil]

BFF, how cute...

Re:If it was just discovered, why make fun of them

[gmuslera]

"Just reported in a public way" != "Just discovered"

Bugs reported in a private way to microsoft could take months to be fixed or disclosed (i.e. the recent IE6+ bug that enabled intruders get into google and other companies recently were reported 4-5 months ago).

And of course, the bad guys dont report bugs, they exploit them. And people could find (or not) that something weird is happening when is already too late.

On relaying news from BBC

This is a really poor example of slashdot news:
I have a BBC Latest Headlines in my Firefox.
Almost everyone uses Firefox.
Anyone who reads news probably checks it sometimes.
I check slashdot.
Beginning to get it? I've already heard about this and the OP contains nothing new!
I guess I'll have to read the comments to find out anything about since BBC doesn't know anything.

Re:Wow that's surprising!

[rodgster]

If I remember correctly, as far back as NT 4.0 NSA Security Guidelines recommended removing the 16 bit MS DOS subsystem. I believe it is also absent in 64 bit Windows 7. I wonder about 64 bit XP & 64 bit Vista.

Old code coming to bite you in the ass.

[cyberzephyr]

That 16 bit shit will come and get you if you don't pay attention.

So then this means...

[RevWaldo]

that sci-fi yarn where the mad programmer unleashes a bit of code that squirrels around the net for fifty or a hundred years, unnoticed by anyone, and when the programmer dies it unleashes the programmer's hate and fury upon the world, and no one is able to stop it even though computer's are a million times more complex and powerful than when the program was originally written? That could work?

Awesome.

Re:Wow that's surprising!

[EvanED]

I believe it is also absent in 64 bit Windows 7. I wonder about 64 bit XP & 64 bit Vista.

The 16-bit subsystem is absent in all 64-bit versions of Windows.

While I'm not positive, my understanding is that this has to do with the CPU not running 16-bit code when in 64-bit mode or something like that, but don't quote me on that. I know VMWare can run a 64-bit guest on a 32-bit host and vice versa, so this can't be the whole story; perhaps VMWare changes the processor's mode between 64-bit and 32-bit when doing a world switch or something like that, and MS doesn't want to do that in order to keep around the 16-bit subsystem.

I Figured the16 Year Olds Would be More Important

[LifesABeach]

Windows Bugs get younger every year

I'm guessing you know this

[symbolset]

No, That's Windows 7 by itself. Office is 3GB extra.

The cited DSL fits in 64MB, all things included.

Damn Small Linux is small enough and smart enough to do the following things:

• Boot from a business card CD as a live linux distribution (LiveCD)
• Boot from a USB pen drive
• Boot from within a host operating system (that's right, it can run *inside* Windows)
• Run very nicely from an IDE Compact Flash drive via a method we call "frugal install"
• Transform into a Debian OS with a traditional hard drive install * Run light enough to power a 486DX with 16MB of Ram * Run fully in RAM with as little as 128MB (you will be amazed at how fast your computer can be!) * Modularly grow -- DSL is highly extendable without the need to customize

It includes three browsers, document processing, email, spreadsheet, VOIP, and a lot more.

The smallest pendrive I've ever heard of is the 64MB USB 1.0 device I'm holding in my hand right now that I bought my wife more than a decade ago. I paid $79 for it at Fred Meyer, because tech stores wouldn't carry it. Actually, there were 16 and 32MB versions of this, but let's not go there because this was the Windows 95 era.

I am on the record as stating that we've had no productivity increases since the advent of Windows. Let me quote from a wise man:

"Word processing was a solved problem in 1984. By 1987 spreadsheets had all the functions a normal person would ever use. Databases took a little longer, but by 1990 that was sorted. An infant could have been born that day and by now would be almost of age to vote and we've seen no real improvement in productivity since."

64MB is 0.32% of 20GB.

So let me ask you: If the Office team needs 3,000 MB to install their full application set, what can they do with 30MB - 1% of that? Splash? Can they even do that?

Re:I'm guessing you know this

[Ardx]

Yes yes.... We see you can spout the damn advertisement for DSL. Whoever got the clue to compare Windows and DSL is dumb... on epic levels. You're comparing an OS not designed with size constraints with an OS specifically designed over YEARS to work with extreme size constraints. Congrats. That's like comparing a semi truck and a delivery bike and bitching because one can't be carried upstairs by the messenger. FFS.

Re:I'm guessing you know this

[Fizzl]

Bah, just couple of years back* I compiled myself a linux from scratch to test if I could get it running on an old discarded 486dx with 8M of mem and a 40M hard drive. I had to cheat a bit by throwing in a 120M hard drive while compiling stuff. Source and object code takes a lot of space.
I can't remember what I used as a bootstrap to start the process. I think I made a custom initrd disks from some old debian netboot images.

* Well, shit. -98 was over ten years ago. I feel like a git.

Re:I'm guessing you know this

[diskofish]

Give me a break. We're comparing apples to oranges here. MS does small too. Windows CE - Microsofts OS for portable devices. Requires 1MB of ram. Fits on pendrives, etc etc. .NET Micro - Microsoft's embedded framework, for embedded application. Will fit in 64k of memory. The entire framework takes up about 10MB.

Re:I'm guessing you know this

[chrysrobyn]

I am on the record as stating that we've had no productivity increases since the advent of Windows.

Are you even old enough to remember word processors in 1984? Spreadsheets in 1987? I realize you're being funny and quoting someone else who said those things, but seriously stop to think about them.

I remember Word Perfect 5.1 in my 80x24 16 color display running on my 286 with 640KB of RAM. Let me tell you, Word from 1994 was worlds better. WYSIWYG is an amazing accomplishment that wasn't easy to get right. Even in 1994 there were small places where it wasn't perfect -- but being able to see bold or italic text instead of a different font color indicating "imagine this text is italic". Compare Word from a few years later -- on the fly typo correction, spelling and grammar highlights, with suggestions? That's progress.

A spreadsheet in 1987 wasn't usable by a vast majority of people who were sophisticated enough to understand basic table structure. Excel from 1997 had enough of a GUI to help even less sophisticated people use functions instead of just using it as a pretty interface to store numbers.

I'm not a fan of how much bloat has happened, but let's pause and understand what we've gained in the last 20 years. I don't see anybody volunteering to go back to their 286 with vintage software, and there's a reason for that.

Modern computers are able to solve problems only dreamed of 20 years ago. What I can accomplish in terms of text processing with Perl might be an incredibly inefficient use of memory and horsepower, but I can hack something together in an hour that will slog through gigabytes of data and the problem will be solved before a programmer 20 years ago would have been done optimizing the runtime to fit in the available memory. I'd even point to the travesty that is the chip designer's automated place and route toolset -- what's done routinely today wasn't even possible 10 years ago.

Re:I'm guessing you know this

[Cyberax]

Win CE is a completely different OS from WinNT, it has nothing similar. And it's horribly restrictive and kludgy.

Compare it with Linux - I can run _the_ _same_ kernel on my phone and on a big supercomputer. Of course, it'll be tuned differently but it'll still be the same kernel. .NET Micro is bloated as well. Java card fits on systems with 1Kb of RAM. In any case, both environments are specialized niche applications. They have almost nothing to do with 'complete' Java and .NET.

Re:I'm guessing you know this

[symbolset]

Are you even old enough to remember word processors in 1984?

CPT word processor, 1984 - a dedicated word processing station with 8" floppy disks, a portrait orientation widescreen crisp white CRT measuring 8.5"x11", WYSIWYG and daisy wheel printer. 80WPM. Next question.

Modern computers are able to solve problems only dreamed of 20 years ago.

And yet for the most part, they don't. That was the point of that post. Most computers provide negative productivity - they're timesinks that let people send email and browse the web instead of doing something useful.

Re:I'm guessing you know this

[chrysrobyn]

CPT word processor, 1984 - a dedicated word processing station with 8" floppy disks, a portrait orientation widescreen crisp white CRT measuring 8.5"x11", WYSIWYG and daisy wheel printer. 80WPM. Next question.

Notably without on the fly spelling or grammar highlighting, and zero ability to transparently turn "teh" into "the". "Next question" indeed. You remember the 1984 single purpose word processor without integration into a general purpose computer, without the ability to paste images, screenshots or graphs from a spreadsheet program. And yet you stick by "Word processing was solved in 1984"? Shall I assume you're still using that machine today for professional reasons, and you never find it lacking in any niceties?

And yet for the most part, they don't. That was the point of that post. Most computers provide negative productivity - they're timesinks that let people send email and browse the web instead of doing something useful.

Those time sinks have been around for ages. In modern times, they've been hula hoops, books, comics, video games and countless other things. Computers have certainly become integrated into our modern lifestyle of leisure, and while I certainly agree that bringing a leisure machine into the workplace may have its detriments, I still believe it's a net positive. Gone are the days of relying on a squad of secretaries to synchronize schedules to hold a meeting, now we can do it transparently ourselves. For every person using Netscape when they shouldn't, there's a person who would have been reading a book or a newspaper. Nobody even brings newspapers into the workplace today! Computers aren't the slam dunk productivity multipliers, but saying that they've been stagnant since 1990 when the last database obstacle was overcome is either nieve, foolhardy or pandering to those pining for a time they don't even remember.

Take Boeing. The 787 is a marvel. For all its problems, even if you assume they cost 10% productivity, simply having the computers enabled an airplane to be designed that will add 15-25% efficiency to routes it flies. Given how long it'll fly, that's an immense efficiency multiplier. Winglets weren't even fully understood until computers came along and explained how the vortexes were working. Now that we know, that stuff seems obvious -- but winglets alone add 10% efficiency over an otherwise identical plane without them. And if you design the entire wing around having that feature in the first place, it can be 20-25% shorter, which means less weight and less drag.

Re:I'm guessing you know this

[Gr8Apes]

Are you even old enough to remember word processors in 1984? Spreadsheets in 1987?

I recall Visicalc (1979) and word star (1982), among many others over the years that I've used.

I realize you're being funny and quoting someone else who said those things, but seriously stop to think about them.

I remember Word Perfect 5.1 in my 80x24 16 color display running on my 286 with 640KB of RAM. Let me tell you, Word from 1994 was worlds better. WYSIWYG is an amazing accomplishment that wasn't easy to get right.

WYSIWYG? Sort of. They've still not gotten it right. Word is about the biggest pile of crap that's been foisted on us by MS other than the various flavors of Windows itself. It still has issues formatting between different printers, although this has improved significantly over the past 10 years.

I still yearn for the much better control over output afforded by WordPerfect or WordStar. (I should also note that I published a medium sized manuscript using Tex/Latex with embedded images, tables, etc and full cross-referenced ToC, footnotes, etc in the late 80s, thus my concepts of acceptable printed output might be much more critical than yours, as Word still cannot match what was easy to do in Tex/Latex in the mid 80s. Minor things like reflowing your document with insertions while keeping linked images on the same page or next page anchored in the top or bottom following standard publishing flow rules. But Hey! maybe I'm being too critical of that $500 "word processor" that's "sooooo awesome")

A spreadsheet in 1987 wasn't usable by a vast majority of people who were sophisticated enough to understand basic table structure. Excel from 1997 had enough of a GUI to help even less sophisticated people use functions instead of just using it as a pretty interface to store numbers

I'd say Excel peaked with 97's release and has been going downhill ever since. But that's just me. The really interesting part? Excel, for almost all intents and purposes, has added not one iota of real usefulness to 90+% of its users needs over what was available with Visicalc. Most people use it to

• Make lists of stuff in a table format
• Make simple tables of calculated items
• DIsplay lists of data output from other sources so they can be sorted (actually, it's been so long that I don't recall if Visicalc allowed sorting, so this might be an improvement)

I'll grant you that viewing this output on screen in a GUI is an improvement, but that's just a display change which benefitted more from increased resolution than anything else. When viewing the grid, it's a grid and only so many lines can fit on a given resolution, GUI or no.

I don't see anybody volunteering to go back to their 286 with vintage software, and there's a reason for that.

While no one in their right mind would go back to a 286 they might miss their PDP-11s and the like. They certainly still are using the vintage software. vi/vim/emacs, with updates, are still used by people who need it. Shell scripts are still in vogue, so much so that MS finally released an OS that has rudimentary script capabilities in it (Server 2008 R2). People who hit a windows machine and known anything about *nix machines will quickly miss things like find, grep, zip, tar etc, all standard tools more than 20 years old should they be involved in those tasks. Heck, if you're on windows, I bet you still use Notepad occasionally.

what's done routinely today wasn't even possible 10 years ago.

What's done routinely today: email, web browsing, picture editing, movie editing, were all routinely done 10 years ago. Granted there have been improvement in speed (mostly due to hardware improvements) and added capabilities, but the basics are all still there and still form the basis of what is done today.

Re:I'm guessing you know this

[Sethumme]

web browsing, picture editing, movie editing, were all routinely done 10 years ago

You make strong arguments throughout your post, but there you crossed the line. 10 years have shown major improvements in web browsing, picture editing, and movie editing.

In 2000, nearly every website was merely unformated text and animated gifs, or they were being encapsulated entirely within a single flash file. Javascript was slow, RSS didn't exist, and 95% of web surfers were stuck with IE5. Pop-up blockers? No (thanks IE5). Ad-blockers? No. Themes and extensions? Only for the 5% not on IE.

I used to use Photoshop 5.5, and while color alteration and the beloved clone stamp were strong tools, that antique program doesn't hold a candle to Photoshop CS4 when creating original art. The difference is even more obvious when you compare free, common photo-editing tools from 2000 to modern ones. Auto red-eye removal works. Facial recognition. Simple file conversion. I wouldn't touch the older programs now given the choice.

Movie editing? What can I say? Have you even seen what people can do with home rigs compared to 2000? It's not simply a mater of processor power. Masking, post-processing, and CGI have all improved to the point that your amateur film editor can cobble together something that looks as good as Godzilla 2000. Sure, processor power needed to improve, but the software to automate so many tasks is what makes modern-day CGI so much more straight forward. And that's saying nothing of the improved file management.

Re:I'm guessing you know this

[QuietObserver]

WYSIWYG? Sort of. They've still not gotten it right.

Yet WordPerfect 7 introduced functional WYSIWYG and Print Preview only exists in WordPerfect 9 because it's still necessary in Word (and besides, I can edit in Print Preview). I still use WordPerfect 9 for my own projects, primarily because it is so useful for doing anything practical (I never have to worry about assumptions, I can see all the codes used within the document using 'Reveal codes', and I can delete them manually).

I would like to point out that my father wrote a gazetteer of the state of Utah in the late 90's, which I helped him publish in late 2000, completely using WordPerfect (he wrote it in WordPerfect but a lot of the typing was done as if he were working on a typewriter, so we had to do a lot of editing). The output looks professional, and we fixed all my father's mistakes in about four months, which would have been nearly impossible in Word (the individual volumes, a total of three, are around three hundred pages each).

Re:I'm guessing you know this

[Gr8Apes]

The WYSIWYG reference was in relation to Word. Word still blows at this.

I never got beyond WordPerfect 6 so can't speak to where it went afterwards.

Re:I'm guessing you know this

[daver00]

Dude, if you 'tune' it differently (read: recompile with completely different sets of code) is it *really* the same kernel anymore?

Re:I'm guessing you know this

[Gr8Apes]

Ok, short answer since I hit the wrong button and lost the longer one:

I'm not talking about you and I here, we're talking about the masses who outnumber us 100K : 1 at least. They don't know Photoshop, unless, maybe, it's Photoshop Elements. If they know how to remove red eye, they will be "advanced" in their circles.

Regarding movies, they certainly don't know anything more complicated than Movie Maker or iMovie. There will be no CGI effects, masking, etc.

These people still routinely do what was routinely possible in 2000.

Re:I'm guessing you know this

[Hal_Porter]

The Windows Recovery console uses the normal Windows NT kernel. So did text mode setup. Both of those are a only a few MB because they are just a kernel and a few drivers and a text mode UI.

Re:I'm guessing you know this

[Cyberax]

About 20Mb for the very minimal install.

Re:I'm guessing you know this

[Cyberax]

Almost all Linux kernels have the same core: process management, scheduler, probably block IO, probably most of the network stack.

So yes, it's still the same kernel.

Re:I'm guessing you know this

[DaVince21]

DSL also feels very outdated, won't support many new wireless cards because it uses an old kernel and generally feels very limited until the user downloads and installs more useful software from the software manager.

If you want to talk about light, good systems, pick a better subject. SliTaZ is pretty decent. Puppy is, too. Had a much better initial experience than I ever had with DSL.

Re:I'm guessing you know this

[QuietObserver]

I know what the WYSIWYG reference was in relation to, I just wanted to point out that Word's failure has been overshadowed by something that works. Besides which, in word, it's more accurate to call is WYSBYGI (What You See But You Get Instead; which was invented by a friend of mine to describe Word's mediocre attempts).

Re:I'm guessing you know this

[Gr8Apes]

OK I live the WYSBYGI comment.

I'll have to disagree with your "overshadowed" statement. Word is still the "standard" that the world operates under and what everyone compares to. Yes it's a flawed POS, but that's what it is.

There was an awesome first release of a word processor/desktop publishing tool a while back that allowed for all sorts of nifty layouts and flow control. It was called ClearLook, and was an OS/2 program. Now I use Pages. It's different and does everything I need. Mostly, it's WYSIWYG which Word is not.

Re:I'm guessing you know this

[QuietObserver]

By "overshadowed", I was referring to functionality, not popularity; WordPerfect's WYSIWYG is so perfectly functional, I never have to "Print Preview" to know what I'm getting, even working in "Draft" mode, as I always do. I definitely agree with you that Word has become the popular standard, despite being a putrid rancid POS.

Re:I'm guessing you know this

[Nicolay77]

My WP5.1 had on the fly typo correction, accent composition (important in my language) and some fixes that have been only rediscovered decades later in cell phones, like pressing space twice to insert a colon, and make the next letter in caps. I also had programmed that if you pressed space, then comma, the comma was moved behind the space automatically.

Sadly, all those macros were not compatible with WP6.0 (they changed the language to add object compatibility and lost a lot of functionality in the process) and were finally lost when my old 80MB disk died.

I do wish some of that stuff I coded in a 286 vintage PC were in use right now.

Re:I'm guessing you know this

[Hal_Porter]

Actually it's 7MB

http://support.microsoft.com/kb/229077

The Windows Recovery Console is used to facilitate repairing an unbootable computer. It requires the Windows installation media (the four Setup disks or the CD-ROM). The Recovery Console can be pre-installed by running the winnt32 /cmdcons command from the Windows installation CD-ROM to place the files on the local hard disk. This option requires approximately 7 megabytes (MB) of disk space on the system partition.

Somebody doesn't want you to read the parent

[symbolset]

Can they mod it to oblivion before I burn up all my Karma? We shall see.

Re:Maybe I'll have to take your word for it?

[Timex]

....and YOUR Slash number has six digits. Mine has five. See? I can count backwards! :)

I've been using Linux since kernel version 0.99pl10, when Slackware ruled on a couple dozen floppies.... ...and get off my lawn!

Best Friend Forever Google??? O RLY???

[davidwr]

If Google was their best friend forever, a future Google employee would invent a time machine, go back to the 1990s, and alert Microsoft of the bug. Since we know that won't happen, it makes me doubt the level of friendship between Google and Redmond when Google invents the time machine.

Re:Maybe I'll have to take your word for it?

[redalien]

Yeah? Well my dick's smaller than yours!

Windows is scary

[Asaf.Zamir]

My Windows 7 is scaring me more and more these days, that's the last thing I needed! 17 Years? Well Microsoft, looking forward for a reason not to go Open Source with my software.. Moving to Ubuntu.

lil birdy says

NSA hole...

Linux Torvalds 2009 == Andrew S. Tanenbaum 1992

[Gary+W.+Longsine]

"We are not the streamlined, small, hyper-efficient kernel I envisioned 15 years ago. Our kernel is huge and bloated. Whenever we add a new feature, it only gets worse."
-- Linus Torvalds [computerworlduk.com], September 2009.

This round of the The Tanenbaum–Torvalds debate on kernel architecture seems to be a self-administered blow from Linux to himself.

Jus' sayin'.

Re:Linux Torvalds 2009 == Andrew S. Tanenbaum 1992

[Gary+W.+Longsine]

Rats. I meant to call him "Linux Torvalds" only in the subject line, as a bit of humor. Mr. Linus Torvalds delivered the knockout blow, to himself, of course.

Re:Maybe I'll have to take your word for it?

[binarylarry]

Apparently your Slashdot ID doesn't make you any smarter.

But what I was getting at was perhaps if Linux chose a more modular design like a Microkernel, it would be less bloated.

Although it was in jest, as I think if they chose a Microkernel it would probably have ended up like Hurd and I'd be typing this from a Mac.

I need to track down John Titor so I can test my hypothesis.

Actually, no

[symbolset]

They're making money like a drunken sailor. I.E. they don't have any more today than they did yesterday because they spend it as fast as it comes in. This has been true for a decade.

16-bit lives?

[ALeader71]

Backwards-compatiabiliy makes me sad.

Re:16-bit lives?

[BUL2294]

32-bit lives?

Backwards-compatiabiliy [sic] makes me sad.
===============
Why on earth would we want to run our 32-bit apps written last year when they could be compiled as 64-bit?

HINT: There's a lot of old code out there that 1) works as it should, 2) the company that wrote it no longer exists and the source-code is gone.

Re:Maybe I'll have to take your word for it?

[binarylarry]

Dear Sir,

You are a clueless moron.

Regards,
binarylarry

Re:Maybe I'll have to take your word for it?

[Timex]

That's great that you can count. Now lets see if you can subtract ;-)

Number of users between me and binarylarry: 1186880
Number of users between me and binarylarry: 1326989
Number of users between you and me: 140,109

See the difference?

Ummm... Check your data again. You got two different numbers between yourself and BL... :D

(I think you meant the second line to be between ME [Timex] and BL.)

Don't do it....

Don't do it... I have heard that it was the final crushing of the only bug to ever get into Microsoft code that causes the mega black-hole that forms at the center of the earth in 2011... (how do i make it so you have to highlight that spoiler???)

Re:Maybe I'll have to take your word for it?

[DimmO]

that's what she said. (?)

Re:Linux Patch

[DaVince21]

Now hopefully MS will finally patch that one problem in Windows, where it's a big bloated pile of shit.

Almost too easy.

17 Year Old DOS Bug PATCH causes BSOD for many.

You all are missing the really sweet part of this. MS patches a 17 year old DOS bug, and for many computers with security conscious owners, we have them set to autodownload and patch. Well, the patch applies and now many folks are getting a blue screen of death. It has been traced to KB977165

See http://techblips.dailyradar.com/story/patch-for-ancient-dos-bug-in-latest-windows-xp-update/

For the average home user, recovery is going to be nearly impossible.

Such a nice helpful company....

Full solution taken from here: http://social.answers.microsoft.com/...4-817bf39c207b

The short version:

1. Boot from your Windows XP CD or DVD and start the recovery console (see this link http://support.microsoft.com/default.aspx/kb/307654 on how to use recovery console)

Once you are in the Repair Screen..

2. Type this command: CHDIR $NtUninstallKB977165$\spuninst

3. Type this command: BATCH spuninst.txt

4. Type this command: systemroot

5. When complete, type this command: exit

The real question is, why do only some of the patched PCs get the BSOD? What is different about them?