It would be a lawyer-fest. How long until some law firm pissed off for some reason (or looking for some quick cash) would start defining Windows "phoning home" malicious? Imagine this scenario: Computer: "You have waited more than 14 days to register Office XP. You will not be able to save any document anymore". Lawyer: "It's preventing me from doing my job, just like my last mail-virus. That code is malicious!"
Oh, the irony... Unfortunately, it would become a battle of "My law firm is bigger than yours!"
GPL also grants the right to those who buy the product from you to redistribute it in whatever way they see fit, including free of charge if they wish.
However you're perfectly right. They ARE being nice, and we all should reward them for this.
I'll leave away the technicality that the EULA states that the program can be installed on one machine, and on a single machine it is installed, so that's fine.
The point you're missing and which seems rather important is that VNC does _NOT_ virtualize the screen under windows; it's not Metaframe (or Terminal Service like it's most commonly called these days). VNC server (on windows, on Unix it's another story) just "snapshots" the screen and sends it to the client, and "remotizes" mouse pointer and keyboard. So there's no concurrent usage, and your whole argument collapses, even if it were valid in the first place.
I didn't say that any Linux-based alternative is better or cheaper than WLBS, although I think that NAT-based load-balancing solutions like the ones offered by Linux offer the benefit of better troubleshoot-friendlyiness than WLBS. I agree that they scale worse than WLBS, but the fact is largely irrelevant for loads up to - I think - a significant chunk of a megabit of served bandwidth - which for a typical non-static windows-based site means at least a few dozens of servers, at which point the cost of a proper hardware load balancing solution becomes more than acceptable. Also, WLBS works by tricking switches and forcing them to flood all servers with the data packets. This limits your total served bandwidth severely, doesn't it? It MIGHT be very light on the servers, but then if you have N clusters on a single LAN Segment, maybe 100Mbps switched, each cluster gets on average 1/N of 100Mbps. Sure, it can be worked around by using L3, but still you don't scale past 60% of 100Mbps (the remaingin 40% is lost due to to ethernet broadcast collisions - a conservative estimate).
About WLBS working with everything, try to tell that to an Ethernet-over-ATM switch. The trickery there won't work.
About the instabilities: we were running Apache 1.3.something for NT4. It MIGHT have been the custom-code, or it might have been not. A fact is, since they've been moved to an external load balancer those exact same serves were way less crash-prone.
About using what the business needs: I agree 100% with you. But the business also needs something that works. If you need 24/7 coverage to reboot servers as they stop working, it's pretty hard to say the words "TCO" and not start having fits.
Sorry for the incomplete post. I'll continue here.
I used to have some WLBS (Windows Load Balancing Services) systems (NT4's idea of load balancing cluster). They worked, more or less, most of the time (about 4 reboots/day on average I think). The problem was, the thing was IMPOSSIBLE to debug and troubleshoot, for the simple reason that it was impossible to know where the problem was. WLBS did terrible layer 2 trickery to route requests around, and as a result it didn't work well with anything more complex than a hub. Luckily it's now gone and not missed.
Disclaimer: the opinions here expressed are of course my own and do not necessarily reflect any organization's
At my place we used to have some WLBS (Windows Load Balancing Services) systems.
Re:how does mosix deal with dead cluster members?
on
OpenMosix
·
· Score: 2
Well, one would imagine that all processes hosted on that node, and all processes homed on that node (that is, originally launched on that node) die, while the remaining part of the cluster continues to run undisturbed.
I'm not sure, it just seems reasonable.
Well, those chips have to be designed for instance, and since the numbers are low there's lots of markup just for that. Then there's the bad yields due to the big die-size, and marketing and the other kind of expenses a company has to pay just to survive, such as office space, computers, secretaries, Microsoft software, Linux softwa^H^H^H^H^H^H^H^H^H, etc. A company which just re-sells its employees' work has often a markup of 50% just for these things. Then there's the manifacturing plants' mortage (you know, a silicon manifacturing plant costs a few billion euros), and you see how it stacks up quite fast..
Also, software compatibility is still to be tested.
Better than Windows 2000. XP like you stress is very much like 2000. XP also ships with compatibility modes for emulating 9x and NT4 enviroments.
I'm not saying it's not compatible. It is to be tested, however, like any new product. For instance, take Winpcap (the packet-capture layer used by the Ethereal sniffer Windows version). It works with win2k, but for WinXP you have to use the latest beta version. This means that there ais at least one API that is not compatible, and since there is one, there might be more.
The Windows XP kernel also has significant improvements over the Windows 2000 kernel.
Likely, but for instance some testing has shown that WinXP is about half as fast as Win2k in shuffling data in pipes. This can mean much or nothing at all, but to me it smess of less-efficient context switches.
My PC boots in less than 12 seconds.
I have XP installed on a couple of laptops (a Toshiba and a Compaq), both with "reasonable" hardware (one is a MobP3/1000 with 128 megs and the other a Duron/950, also with 128 megs. Neither takes less than a minute from POST end to login screen.
I _do_ use windows XP, and I'm less than impressed by its features, it's as simple as that.
Or PCAnywhere, or some hardware proprietary solution (there is for sure one from Compaq, I don't remember its name though. For sure it's widely used in my company).
Erm, I _HAVE_ installed XP (home). It came with a Compaq laptop, no other option was supported.
If it's faster, would you tell me why telling its theme engine to "run as fast as possible" sets it to mimic Win2k?
I don't see it booting faster than Win2k. About resources useage, I can say that with 128 megs of RAM it runs just decently, just as win2k does.
The best enhancement I've seen in WinXP[1] wrt win2k is that it has a functional ntp client which synchronizes to time.microsoft.com - Win2k has it, but it defaults to your domain controller AFAIK.
I will of course refrain from the obvious - yet funny - slashdot-karma-whoring comments about the microsoft trying to get a monopoly on time flow:)
I have seen a definite step back in useability in network configuration: it's definitely more powerful than in other microsoft products, but the setup wizard is confusing to no end, at least it was to me.
Never seen anybody use it, and I work in a corporate with about 45-50k Win2k systems.
Remember, in a corporate most of the users will not know how to change their password, and of those who do not many are inclined to. Computer security is inconvenient, and those who would benefit from it rarely have the time, patience or knowledge to practice it.
Let's face it, 99.9% of the windows users have their permissions set to everyone-full control everywhere! How do you expect them to encrypt their sensitive files?
Furthering showing the author is clueless. There is no WinXP server product. The new server product is called.Net Server and will be released later this year, probably Q3 from what I've heard.
As I said, it's not there. Just another way to say it doesn't exist. We're not in Q3 2002.
I don't know about XP, but Win2k does it. Just shift-rightclick on any executable file, and a "run as.." option will appear in the pop-up menu. Fill in user, domain and password and it works, most of the time.
It's neither imo.
The problem is that WinXP adds nothing to Win2k from a corporate point of view.
The new GUI? No use, since the older one is known by the users since 95, and the new one can be disorienting, despite Microsoft's claim of the contrary. Re-training is expensive.
Movie Maker and Media Player? Puh-leeze, Windows installs already enough time-wasting stuff on the OS without needing those.
MSN Explorer? Many businesses restrict access to the Internet, why would they allow looking at MSN?
.net? Pure vaporware so far as far as real-world applications go.
Internet Explorer 6? It doesn't offer much over Internet Explorer 5.5, which is already widely deployed, and besides it's just a download and remote installation away.
Server-side, WinXP is just not there(TM), and it offers a total amount of nothing over win2k.
Also, software compatibility is still to be tested.
What about the Northern Alliance?
on
The Drone War
·
· Score: 2
What Katz forgets is that this is being fought with significant ground troops. It's just that they aren't U.S.A. soldiers, but those of the Northern Alliance. The U.S.A. provided weapons, air supremacy, intelligence and (I suppose) tactical advisories, while the Afghans fought a civil[1] war on the ground.
Let me add that while IDE disks are sold to home users who usually have only one HDD in their computer, I've rarely (if ever) seen a "server"-class system without a RAID controller.
This means that the absolute least configuration I've seen in a "server" configuration is 2 HDDs in mirroring, with the most usiual (for an x86-class "server" - let's try and compare apples to pears at least) being 3-5 HDDs in RAID5.
18Gb is the low-end cut for SCSI drives now, which makes the "standard" storage size for a server anywhere between 36 and 72 Gb.
High-end dedicated storage appliances have LOTS of drives. A fully-loaded NetApp F840 (I'm not sure about the model number though) can use up to a full 42U rack, with 5 units or so going to the appliance proper, and everything else only holding disks (active or hot-standby) and power supply units.
Erm... distributor-supplied RPMS are usually gpg-signed. So it's only up to the user to check that signature, and thus it's just a matter of cluefulness and a bit of crypto knowledge (i.e. make sure the publisher's public key is really the publisher's).
Dunno about.debs, but I'd find it strange if they weren't similarly armoured..
Yes and not.
Let's admit that Microsoft sells there at a loss, so yes, you're banking that money.
However, if they sell 1 million consoles, it doesn't matter whether 100k of those are converted into L-boxes, they still sold 1 million, and that is what they'll use to lure the game developers to their platform, promising bigger markets.
This is not to say you shouldn't do it:)
it makes more sense to waste a little space duplicating shared libs and simply install programs into their own directories....
Shared libs are not only about wasting disk space (which we usually have plenty of). They're much more gained from them, namely sharing RAM by mapping common code pages into different processes' address spaces.
Think if you had a duplicate libc in every damned process running in a system.
Full disclosure is the way?
I know this, you know this, the marketing team of Microsoft (or any other software, hardware, car, screws, whatever vendor) don't. Admitting a vunlerability is admitting a flaw.
"If a product is on sale, it has no flaws" is what marketeers repeat to themselves like a mantra, it doesn't matter whether said product might even not be working.
What sensible security researchers do is warn the vendor in advance, then wait a "reasonable" time for the vendor to answer. What "reasonable" is up to the researcher, and generally depends on how big the hole is, how likely it is an exploit to be already in the hands of script kiddies, etc.
If the vendor doesn't answer timely (at least a non-automated "gotcha, we're checking this out") then it's disclosure. I'd say that here "timely" is pretty short - a few days at most. After this stage, usually there is a time for fixing the hole, or at least providing a work-around until a patch can be released. This phase can last (empyrical evidence from reading BugTraq) from a few days to a few weeks. Then either the vendor prepares an announcement, or the researcher does.
This is not perfect, sometimes mails get lost, or external pressure gets the better of good judgement, or whatever else. However, this manner of acting gets everybody time to understand what's happening while keeping the "vulnerability window" as tight as possible.
What is different from Culp's statement? That the researchers and not only the vendors get to decide what "appropriate response time" is, so critical knowledge doesn't get stranded in somebody's mailbox until marketing says otherwise.
About releasing proof of concept code responsibly: either such code works or it doesn't. Some professionals deliberately put a couple of syntax errors in their exploits, so that a completely clueless script kiddie can't just fetch them and use them. However, it only takes one clueful script kiddie to release a working version of the exploits. Unfortunately in this particular case it's either black or white, I see no chance for greys.
GFS is now commercial-only (fairly "cheap" from a business point of view - 1000 US$/node before rebates and special offers, but completely unreasonable for home hackers who'd like to try it for the heck of it - might be fun trying to combine it with iSCSI).
OpenGFS seems to have taken off in the free software side of the camp.
Cluster-wide locking requires applications understanding it, so it's not easy. I'm not sure, for instance, what would MySQL (a popular app that might benefit from this) if two processes tried to access the same storage read-write concurrently - even if the locking semantics were perfectly implemented by the filesystem.
Where I work I'm trying to set up a mixed active/standby+active/active configuration (shared Fibre Channel-connected storage, applications that can run independently do so, and those who cannot run in hot-standby). I'm almost ready to go live (glee).
Slashdot Mirror
It would be a lawyer-fest. How long until some law firm pissed off for some reason (or looking for some quick cash) would start defining Windows "phoning home" malicious?
Imagine this scenario:
Computer: "You have waited more than 14 days to register Office XP. You will not be able to save any document anymore".
Lawyer: "It's preventing me from doing my job, just like my last mail-virus. That code is malicious!"
Oh, the irony... Unfortunately, it would become a battle of "My law firm is bigger than yours!"
Yes and not.
GPL also grants the right to those who buy the product from you to redistribute it in whatever way they see fit, including free of charge if they wish.
However you're perfectly right. They ARE being nice, and we all should reward them for this.
I believe he's not.
I'll leave away the technicality that the EULA states that the program can be installed on one machine, and on a single machine it is installed, so that's fine.
The point you're missing and which seems rather important is that VNC does _NOT_ virtualize the screen under windows; it's not Metaframe (or Terminal Service like it's most commonly called these days). VNC server (on windows, on Unix it's another story) just "snapshots" the screen and sends it to the client, and "remotizes" mouse pointer and keyboard. So there's no concurrent usage, and your whole argument collapses, even if it were valid in the first place.
I didn't say that any Linux-based alternative is better or cheaper than WLBS, although I think that NAT-based load-balancing solutions like the ones offered by Linux offer the benefit of better troubleshoot-friendlyiness than WLBS. I agree that they scale worse than WLBS, but the fact is largely irrelevant for loads up to - I think - a significant chunk of a megabit of served bandwidth - which for a typical non-static windows-based site means at least a few dozens of servers, at which point the cost of a proper hardware load balancing solution becomes more than acceptable.
Also, WLBS works by tricking switches and forcing them to flood all servers with the data packets. This limits your total served bandwidth severely, doesn't it? It MIGHT be very light on the servers, but then if you have N clusters on a single LAN Segment, maybe 100Mbps switched, each cluster gets on average 1/N of 100Mbps. Sure, it can be worked around by using L3, but still you don't scale past 60% of 100Mbps (the remaingin 40% is lost due to to ethernet broadcast collisions - a conservative estimate).
About WLBS working with everything, try to tell that to an Ethernet-over-ATM switch. The trickery there won't work.
About the instabilities: we were running Apache 1.3.something for NT4. It MIGHT have been the custom-code, or it might have been not. A fact is, since they've been moved to an external load balancer those exact same serves were way less crash-prone.
About using what the business needs: I agree 100% with you. But the business also needs something that works. If you need 24/7 coverage to reboot servers as they stop working, it's pretty hard to say the words "TCO" and not start having fits.
As I said, WLBS is gone and is not missed.
Sorry for the incomplete post. I'll continue here.
I used to have some WLBS (Windows Load Balancing Services) systems (NT4's idea of load balancing cluster).
They worked, more or less, most of the time (about 4 reboots/day on average I think). The problem was, the thing was IMPOSSIBLE to debug and troubleshoot, for the simple reason that it was impossible to know where the problem was. WLBS did terrible layer 2 trickery to route requests around, and as a result it didn't work well with anything more complex than a hub.
Luckily it's now gone and not missed.
Disclaimer: the opinions here expressed are of course my own and do not necessarily reflect any organization's
At my place we used to have some WLBS (Windows Load Balancing Services) systems.
Well, one would imagine that all processes hosted on that node, and all processes homed on that node (that is, originally launched on that node) die, while the remaining part of the cluster continues to run undisturbed.
I'm not sure, it just seems reasonable.
Well, those chips have to be designed for instance, and since the numbers are low there's lots of markup just for that. Then there's the bad yields due to the big die-size, and marketing and the other kind of expenses a company has to pay just to survive, such as office space, computers, secretaries, Microsoft software, Linux softwa^H^H^H^H^H^H^H^H^H, etc. A company which just re-sells its employees' work has often a markup of 50% just for these things. Then there's the manifacturing plants' mortage (you know, a silicon manifacturing plant costs a few billion euros), and you see how it stacks up quite fast..
"25 servers"? Apparently you got confused by the numbers of the comparison chart.
The "25" that appears there is the number of _client_ licenses for Exchange that you have to buy to get a 30-users mailserver.
Also, software compatibility is still to be tested.
Better than Windows 2000. XP like you stress is very much like 2000. XP also ships with compatibility modes for emulating 9x and NT4 enviroments.
I'm not saying it's not compatible. It is to be tested, however, like any new product. For instance, take Winpcap (the packet-capture layer used by the Ethereal sniffer Windows version). It works with win2k, but for WinXP you have to use the latest beta version. This means that there ais at least one API that is not compatible, and since there is one, there might be more.
The Windows XP kernel also has significant improvements over the Windows 2000 kernel.
Likely, but for instance some testing has shown that WinXP is about half as fast as Win2k in shuffling data in pipes. This can mean much or nothing at all, but to me it smess of less-efficient context switches.
My PC boots in less than 12 seconds.
I have XP installed on a couple of laptops (a Toshiba and a Compaq), both with "reasonable" hardware (one is a MobP3/1000 with 128 megs and the other a Duron/950, also with 128 megs. Neither takes less than a minute from POST end to login screen.
I _do_ use windows XP, and I'm less than impressed by its features, it's as simple as that.
Or PCAnywhere, or some hardware proprietary solution (there is for sure one from Compaq, I don't remember its name though. For sure it's widely used in my company).
Erm, I _HAVE_ installed XP (home). It came with a Compaq laptop, no other option was supported.
:)
If it's faster, would you tell me why telling its theme engine to "run as fast as possible" sets it to mimic Win2k?
I don't see it booting faster than Win2k. About resources useage, I can say that with 128 megs of RAM it runs just decently, just as win2k does.
The best enhancement I've seen in WinXP[1] wrt win2k is that it has a functional ntp client which synchronizes to time.microsoft.com - Win2k has it, but it defaults to your domain controller AFAIK.
I will of course refrain from the obvious - yet funny - slashdot-karma-whoring comments about the microsoft trying to get a monopoly on time flow
I have seen a definite step back in useability in network configuration: it's definitely more powerful than in other microsoft products, but the setup wizard is confusing to no end, at least it was to me.
[1] Ah, the power of network sniffers!
Never seen anybody use it, and I work in a corporate with about 45-50k Win2k systems.
Remember, in a corporate most of the users will not know how to change their password, and of those who do not many are inclined to. Computer security is inconvenient, and those who would benefit from it rarely have the time, patience or knowledge to practice it.
Let's face it, 99.9% of the windows users have their permissions set to everyone-full control everywhere! How do you expect them to encrypt their sensitive files?
Furthering showing the author is clueless. There is no WinXP server product. The new server product is called .Net Server and will be released later this year, probably Q3 from what I've heard.
As I said, it's not there. Just another way to say it doesn't exist. We're not in Q3 2002.
Also notice that
I don't know about XP, but Win2k does it. Just shift-rightclick on any executable file, and a "run as.." option will appear in the pop-up menu. Fill in user, domain and password and it works, most of the time.
It's neither imo.
The problem is that WinXP adds nothing to Win2k from a corporate point of view.
The new GUI? No use, since the older one is known by the users since 95, and the new one can be disorienting, despite Microsoft's claim of the contrary. Re-training is expensive.
Movie Maker and Media Player? Puh-leeze, Windows installs already enough time-wasting stuff on the OS without needing those.
MSN Explorer? Many businesses restrict access to the Internet, why would they allow looking at MSN?
.net? Pure vaporware so far as far as real-world applications go.
Internet Explorer 6? It doesn't offer much over Internet Explorer 5.5, which is already widely deployed, and besides it's just a download and remote installation away.
Server-side, WinXP is just not there(TM), and it offers a total amount of nothing over win2k.
Also, software compatibility is still to be tested.
[1] (cit.) What's so civil about war anyway?
Let me add that while IDE disks are sold to home users who usually have only one HDD in their computer, I've rarely (if ever) seen a "server"-class system without a RAID controller.
This means that the absolute least configuration I've seen in a "server" configuration is 2 HDDs in mirroring, with the most usiual (for an x86-class "server" - let's try and compare apples to pears at least) being 3-5 HDDs in RAID5.
18Gb is the low-end cut for SCSI drives now, which makes the "standard" storage size for a server anywhere between 36 and 72 Gb.
High-end dedicated storage appliances have LOTS of drives. A fully-loaded NetApp F840 (I'm not sure about the model number though) can use up to a full 42U rack, with 5 units or so going to the appliance proper, and everything else only holding disks (active or hot-standby) and power supply units.
Hehe. You have a point.
:)
The topic I was covering was the one where somebody tried to spoof the distributor to install a troyan.
Your scenario is an entirely different story
Erm... distributor-supplied RPMS are usually gpg-signed. So it's only up to the user to check that signature, and thus it's just a matter of cluefulness and a bit of crypto knowledge (i.e. make sure the publisher's public key is really the publisher's). .debs, but I'd find it strange if they weren't similarly armoured..
Dunno about
Yes and not. :)
Let's admit that Microsoft sells there at a loss, so yes, you're banking that money.
However, if they sell 1 million consoles, it doesn't matter whether 100k of those are converted into L-boxes, they still sold 1 million, and that is what they'll use to lure the game developers to their platform, promising bigger markets.
This is not to say you shouldn't do it
it makes more sense to waste a little space duplicating shared libs and simply install programs into their own directories....
Shared libs are not only about wasting disk space (which we usually have plenty of). They're much more gained from them, namely sharing RAM by mapping common code pages into different processes' address spaces.
Think if you had a duplicate libc in every damned process running in a system.
Full disclosure is the way?
I know this, you know this, the marketing team of Microsoft (or any other software, hardware, car, screws, whatever vendor) don't. Admitting a vunlerability is admitting a flaw.
"If a product is on sale, it has no flaws" is what marketeers repeat to themselves like a mantra, it doesn't matter whether said product might even not be working.
*bzzt* wrong.
What sensible security researchers do is warn the vendor in advance, then wait a "reasonable" time for the vendor to answer. What "reasonable" is up to the researcher, and generally depends on how big the hole is, how likely it is an exploit to be already in the hands of script kiddies, etc.
If the vendor doesn't answer timely (at least a non-automated "gotcha, we're checking this out") then it's disclosure. I'd say that here "timely" is pretty short - a few days at most. After this stage, usually there is a time for fixing the hole, or at least providing a work-around until a patch can be released. This phase can last (empyrical evidence from reading BugTraq) from a few days to a few weeks. Then either the vendor prepares an announcement, or the researcher does.
This is not perfect, sometimes mails get lost, or external pressure gets the better of good judgement, or whatever else. However, this manner of acting gets everybody time to understand what's happening while keeping the "vulnerability window" as tight as possible.
What is different from Culp's statement? That the researchers and not only the vendors get to decide what "appropriate response time" is, so critical knowledge doesn't get stranded in somebody's mailbox until marketing says otherwise.
About releasing proof of concept code responsibly: either such code works or it doesn't. Some professionals deliberately put a couple of syntax errors in their exploits, so that a completely clueless script kiddie can't just fetch them and use them. However, it only takes one clueful script kiddie to release a working version of the exploits. Unfortunately in this particular case it's either black or white, I see no chance for greys.
GFS is now commercial-only (fairly "cheap" from a business point of view - 1000 US$/node before rebates and special offers, but completely unreasonable for home hackers who'd like to try it for the heck of it - might be fun trying to combine it with iSCSI).
OpenGFS seems to have taken off in the free software side of the camp.
Cluster-wide locking requires applications understanding it, so it's not easy. I'm not sure, for instance, what would MySQL (a popular app that might benefit from this) if two processes tried to access the same storage read-write concurrently - even if the locking semantics were perfectly implemented by the filesystem.
Where I work I'm trying to set up a mixed active/standby+active/active configuration (shared Fibre Channel-connected storage, applications that can run independently do so, and those who cannot run in hot-standby). I'm almost ready to go live (glee).