Re:$ is made from support contracts!
on
IBM Wants Linux
·
· Score: 2
Pretty much the only exception to that rule is Microsoft, and even they are moving to make support/services a profit center, as part of an 'enterprise' push. In 5 years, I'd expect their business model to look far more similar to Oracle's than today.
Well, the biggest problem Apple had at the time was that their product line was a complete mess. Like Spindler, Amelio promised investors that he would simplify it, but his orders were basically ignored by the rank-n-file managers.
The result was that Apple was trying to sell the PMac 4400, 6500, 7200, 7600, and 8600 models at the same market segment. No one knew whether a 200Mhz 604e was faster or slower than a 300Mhz 603e. On top of that, there was dozens of clones that were largely identical to Apple modles. Confusion reigned. The #1 thing that Jobs did was to reduce that mess to one (1) desktop model, the G3 (which also happened to be nice and fast, spurring lots of upgrade sales).
The Apple's Ctrl+Reset and Ctrl+Apple+Reset* keys sequences post-date the PC. The Apple//e was the first to support this and was introduced in 1982. The earlier Apple ][ and ][+ models just had a RESET key that close enough to the Return key to be occasionally painful (especially after just typing in a long listing...)
Yeah, what killed the market for any sort of advanced operating system on the PC until very recently was the price of memory. Given that you could have a productive DOS system with 1MB or less (and XT clones with that amount of memory were still being sold up until 91-92 when Windows started to get popular), the economies of scale never ramped up, and most PCs were sold with the tiniest amount of memory possible. (Even today, with RAM prices in the toilet, consumer box shops are selling 1.5Ghz systems with only 128MB.)
Anyway, the lack of RAM pretty much killed the market for OS/2, NT, and Unix, and allowed Windows 3.1 and later 95 to walk away with the prize. The comprimises involved in that are still buring users to this day.
A reference to MS-DOS 1.0 containing CP/M code is here: http://www.aaxnet.com/topics/msinc.html#dr :
DR's Gary Kildall sat down at an IBM PC supplied by IBM and, using a secret code, got it to pop up a Digital Research copyright notice.
I've never seen any confirmation of this story, but it does line up with vauge Usenet ramblings and so on. Apparently the guy that Paul Allen bought MS-DOS from was building it as a part-time project. He didn't have time to rewrite all of the utility software, so he just transcoded some CP/M utils from 8080 to 8086 asm. The 'secret code' was probably a DEBUG statement or an easter egg.
Well, think of the period between when the i386 chip started shipping in PCs (1987), and when most PC start shipping with a real protected mode OS (ummmm, Win XP ships later this year?).
MS and IBM were dinking around with OS/2 and Win 3.1. Later on Novell bought UNIX and essentially buried it. There was plenty of opportunity for Unix in the market, but SCO wanted premium dollar. It shouldn't have taken a college student to find a way to create a PC Unix that could be obtained on a MS-DOS budget.
In fact, Microsoft originally offered a port of MS-DOS to Macintosh computers based on MC68000 processors, but it never caught on because the popular applications were binary-only for x86.
Well, I've never heard that particular tidbit in all my days of tidbit collecting, so I question if it's true or not.
On the otherhand, the first Mac port of MS Flight Simulator looked suspiciously identical to the DOS version, down to the fonts, so maybe there's something to it.
- If you don't understand what a dialog box is asking, just hit 'Enter' and go with the recommendation. That's how IIS got installed on all of those PCs and this 'Default.ida' nonsense too. I still don't know what a 'default.ida' is used for, and I'm a pretty technical guy. - Something to do with indexing? Whatever.
Since you asked... Most people install IIS because they want to serve HTML or ASP pages, or maybe just FTP.
What Microsoft doesn't tell you is that Internet Information Service_s_ automatically installs a bunch of other ISAPI services which enable crap that you most like do not want. Examples include:
+ The ability to query Index Server indexes (idq.dll)
+ Internet Printing
+ Remote data queries
etc etc
Some of these things, particularly idq.dll have *repeatedly* had security holes. And that's why installing the the patch is not a fix, because it's only a matter of time until Code Red IV is exploiting another IIS bug to similar effect.
The real fix is to disable the extention mappings for things like.ida/.idq and so on (UI is buried in the Computer Management console), and then sleep at night because you don't have to worry about most of the IIS patches. Of course, neither Microsoft or the mainstream media, or slashdot for the most part is offering this advice. (Somewhere buried on their site, they have a 'Securing IIS' document where this is the #1 recommendation, but since they aren't getting the word out, their ass will be bitten hard again.)
And the REAL real fix is for Microsoft to ship Win XP with a sane out-of-box IIS configuraiton. Anyone who needs value-add services can certainly find a way to turn them on. If Linux distros shipped with a thousand Apache modules installed and configured, you'd probably have much of the same problems.
At least on Windows, Mozilla knows how to pickup known compatible plug-ins from the Netscape 4.x plugin directory automatically.
On my box works for Flash, QuickTime, Real, and Acrobat -- all registered in Help+About Plug-ins, but not in the Mozilla plugin directory. (And what happens if you don't have NS4 installed? Guess everyone needs to update their plug-in installers.)
Re:Paul Festa -- not MSNBC
on
Netscape 6.1
·
· Score: 2
Nope, there was an IE 1.0 -- I saw it distributed with a CD collection of MS PR/white papers. (My boss at the time ran out of his office saying "You gotta see this!" so that we could all gather around and chuckle.)
Re:KDE 2s2 feature depth is astounding
on
KDE 2.2 Tagged
·
· Score: 1
I agree, that feature alone brings Unix GUIs out of the dark ages (still would like to see Mac-style exploding rectangles..)
The LocalSystem account has far more than 'pleb' rights -- it's essentially equivilant to Administrator on the file and registry permission level.
They only thing it can't do is talk to MS RPC and SMB services. If the worm can upload something, this restriction could be bypassed.
But what you say about each account having it's own 'desktop' is true. The reason "Allow Service to interact with Desktop" works with SYSTEM is because of it's god-like powers on the local machine.
Yes I can prove this given two seconds on Google. See this provision of the DMCA : http://www.hrrc.org/html/page158791.html
And to respond to the other guy, of course VCR != Macrovision device. However, when your VCR must respect macrovision, by law, and your Digital TV can enable/disable macrovision based on the broadcast signal, by law, your VCR has essentially been defeated.
Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.
Infoworld published a Microsoft study into the causes of NT 4.0 failures. "3rd Party drivers" and "Internal failure" were about equal as the two greatest sources of failure. As someone who saw a few bleu screens in the SP1 through SP4 days, this jibes with experience.
Obviously Microsoft's approach has been to reduce both those causes with the much more stable W2K OS and a enhanced driver certification program.
From what I've heard, the whole Plug-n-Play infrastructure, including USB support was done for NT4 back in 97 or so. They put it on the shelf because they were holding out until ActiveDirectory got finished, which took years longer than expected. (AD was originally promised for NT 4.0!)
When MS released the Option Pack back in 98, people were genuinely pissed, because it essentially meant you had to reinstall the OS *twice* to get a working config. It's really too bad they didn't package up the Option Pack, IE4, and the PnP stuff and release Windows NT 4.5.
Well, this jibes with Miguel of Gnome fame's decription of why Unix "sucks". Everyone is providing infrastructure, and nobody is providing any policy. His point was that most of the major components of a Unix system share no code other than libc and maybe X11.
Of course, the people who do provide policy (like Gnome themselves) are isolated by groups writing competing applicaitons and never have enough critical mass to 'win' the policy battle. In a culture of 'free software' nobody wants to give up their freedom to make a decision about what to use. It's programmer versus programmer over questions such as what widgets to use (did any user ever complain they didn't have enough different widgets?) My theory is that this is a continuation of the commercial Unix tradition of adhering to certain base standards while still promoting vendor lock-in.
Of course going with a single vendor also give that vendor the right to change their mind (as MS has done many times on the DB driver issue!). It also leads to interesting contradictions such as "Managed runtime environments like Java are great! Write Windows software with J++." which transforms into "Managed runtime environments like Java are bad! Write Windows software." which transforms into "Managed runtime environments like.NET are good! BTW, we're seriously breaking your VB code." But at least there is some direction at any given time rather than the policy menu approach in the Unix world.
I think it was tongue-in-cheek, but it's actually serious. Macrovision defeaters are illegal under the DMCA. It is illegal to sell or give away schematics to build Macrovision defeaters. GoVideo had to modify their dual VHS/VHS and DVD/VHS decks to respect Macrovision.
(And, yes, I'm aware that people still sell 'video enhancers' which effectively defeat Macrovision. However the last time I asked at Radio Shack, they no longer stocked the standard $10 inline model that they sold for years.)
Well, at this point IE is in the OS and there's no taking it out. Any breakup would have to grant the OS Corp a licence for at least part of the current version of IE. The Netscape situation will never be rectified (although I suppose AOL could sue in civil court).
The key would be to prevent this sort of thing in the future, or even in the present.
Not ignoring my sig for the moment, the point of the trial is that Microsoft committed criminal actions, and therefore are suspect to certain penaties, including legally limiting their future behavior.
The break up plan wouldn't prohibit the OS company from introducing APIs that do useful things like rendering HTML or playing MP3/WMA music. They might be able to tie those things into the shell, even. It however would prohibit them from shipping a fully-formed web-browser or media player at the same time those APIs are released to the public, and then using OEM contract leverage to enforce shipping those applications in a certain configuration. The idea is that the MS application group should be the exact same competitive situation as anyone else.
The point of the Windows/Applications breakup plan was that Microsoft uses it's OEM contracts for Windows to push application or 'middleware' software (IE, MediaPlayer, MSN,.NET) in a monopolistic manner.
The trial wasn't about whether Microsoft has a monopoly in the Office software market (they probably do), so it pretty much leaves their methods of marketing Office (including tieing it to IE) untouched, except to the extent Office is sold through OEM contract bundles.
Even though Office has a huge marketshare, it's not a very effective method of software distribution. I read that over 50% of the market is on Office 97 or earlier, where OEMs don't have much choice but to ship the latest and greatest version of Windows on new machines.
So, basically, you can forget about all of Microsoft's other crimes, both real and imagined -- the trial is pretty much only about how Microsoft packaged and sold Windows to OEMs (with some supporting bits about Java and Apple).
One can just imagine the hollywood lobbyist chatting up the Senator over a drink -- "Did you that under current law, it's perfectly legal for people to modify our cable boxes and disc players and make perfect digital copies of our content? And using the Internet, tney can take our content and give it away for free to anyone who wants it?"
To the Senator, that wouldn't sound right, and hense the DMCA was born out of good intentions. Sure, at some point someone considered the implications of this, and a a bunch of pro-fair use language was tacked on to the bill, but the core bit of allowing content providers to have legal 'access control' rises above all of that. It would have been a pointless law otherwise.
What other MS admins need to worry about is keeping track of any future additions to their machines. If they, or someone else, adjusts Windows components on that server, this particular hotfix needs to be reinstalled.
That is true -- Either this or another index server hotfix needed to be reinstalled after doing a SP2 upgrade for example. Trying to figure out what Hotfixes are installed or need to be installed is not straight-forward.
However, what IIS admins really need to do is disable the "Application Mappings" that they are not using. This will eliminate the need to apply hotfixes for the significant number bugs in non-core IIS components which aren't widely used.
(To do this, open up the IIS management GUI, look at the Site properties, Home Directory, Configuration. You'll see the mapping from.ida/.idq to idq.dll. Remove these and you are safe from any future Index Server hacks. While you are there, remove the rest of the DLL mappings that you do not need.)
Many Microsoft DCE/RPC servers are vulnerable to remote DoS attacks
...
Workarounds:
Firewall off as much as possible.
I would imagine that 99% of NT installations and even most broadband ISPs have firewalled this stuff (it runs over the NetBIOS ports which generally use insecure authentication anyway).
Do not install COM Internet Services.
This is the predecessor to SOAP or 'web services' ((allows RPC over HTTP). Woe is Microsoft if it turns out that.NET is a gateway to all of the old insecure LAN crap that NT tends to run.
Slashdot Mirror
Pretty much the only exception to that rule is Microsoft, and even they are moving to make support/services a profit center, as part of an 'enterprise' push. In 5 years, I'd expect their business model to look far more similar to Oracle's than today.
Well, the biggest problem Apple had at the time was that their product line was a complete mess. Like Spindler, Amelio promised investors that he would simplify it, but his orders were basically ignored by the rank-n-file managers.
The result was that Apple was trying to sell the PMac 4400, 6500, 7200, 7600, and 8600 models at the same market segment. No one knew whether a 200Mhz 604e was faster or slower than a 300Mhz 603e. On top of that, there was dozens of clones that were largely identical to Apple modles. Confusion reigned. The #1 thing that Jobs did was to reduce that mess to one (1) desktop model, the G3 (which also happened to be nice and fast, spurring lots of upgrade sales).
The Apple's Ctrl+Reset and Ctrl+Apple+Reset* keys sequences post-date the PC. The Apple //e was the first to support this and was introduced in 1982. The earlier Apple ][ and ][+ models just had a RESET key that close enough to the Return key to be occasionally painful (especially after just typing in a long listing...)
* still supported as Ctrl+Command+Power on Macs
Yeah, what killed the market for any sort of advanced operating system on the PC until very recently was the price of memory. Given that you could have a productive DOS system with 1MB or less (and XT clones with that amount of memory were still being sold up until 91-92 when Windows started to get popular), the economies of scale never ramped up, and most PCs were sold with the tiniest amount of memory possible. (Even today, with RAM prices in the toilet, consumer box shops are selling 1.5Ghz systems with only 128MB.)
Anyway, the lack of RAM pretty much killed the market for OS/2, NT, and Unix, and allowed Windows 3.1 and later 95 to walk away with the prize. The comprimises involved in that are still buring users to this day.
A reference to MS-DOS 1.0 containing CP/M code is here: http://www.aaxnet.com/topics/msinc.html#dr :
DR's Gary Kildall sat down at an IBM PC supplied by IBM and, using a secret code, got it to pop up a Digital Research copyright notice.
I've never seen any confirmation of this story, but it does line up with vauge Usenet ramblings and so on. Apparently the guy that Paul Allen bought MS-DOS from was building it as a part-time project. He didn't have time to rewrite all of the utility software, so he just transcoded some CP/M utils from 8080 to 8086 asm. The 'secret code' was probably a DEBUG statement or an easter egg.
Well, think of the period between when the i386 chip started shipping in PCs (1987), and when most PC start shipping with a real protected mode OS (ummmm, Win XP ships later this year?).
MS and IBM were dinking around with OS/2 and Win 3.1. Later on Novell bought UNIX and essentially buried it. There was plenty of opportunity for Unix in the market, but SCO wanted premium dollar. It shouldn't have taken a college student to find a way to create a PC Unix that could be obtained on a MS-DOS budget.
In fact, Microsoft originally offered a port of MS-DOS to Macintosh computers based on MC68000 processors, but it never caught on because the popular applications were binary-only for x86.
Well, I've never heard that particular tidbit in all my days of tidbit collecting, so I question if it's true or not.
On the otherhand, the first Mac port of MS Flight Simulator looked suspiciously identical to the DOS version, down to the fonts, so maybe there's something to it.
- If you don't understand what a dialog box is asking, just hit 'Enter' and go with the recommendation. That's how IIS got installed on all of those PCs and this 'Default.ida' nonsense too. I still don't know what a 'default.ida' is used for, and I'm a pretty technical guy. - Something to do with indexing? Whatever.
.ida/.idq and so on (UI is buried in the Computer Management console), and then sleep at night because you don't have to worry about most of the IIS patches. Of course, neither Microsoft or the mainstream media, or slashdot for the most part is offering this advice. (Somewhere buried on their site, they have a 'Securing IIS' document where this is the #1 recommendation, but since they aren't getting the word out, their ass will be bitten hard again.)
Since you asked... Most people install IIS because they want to serve HTML or ASP pages, or maybe just FTP.
What Microsoft doesn't tell you is that Internet Information Service_s_ automatically installs a bunch of other ISAPI services which enable crap that you most like do not want. Examples include:
+ The ability to query Index Server indexes (idq.dll)
+ Internet Printing
+ Remote data queries
etc etc
Some of these things, particularly idq.dll have *repeatedly* had security holes. And that's why installing the the patch is not a fix, because it's only a matter of time until Code Red IV is exploiting another IIS bug to similar effect.
The real fix is to disable the extention mappings for things like
And the REAL real fix is for Microsoft to ship Win XP with a sane out-of-box IIS configuraiton. Anyone who needs value-add services can certainly find a way to turn them on. If Linux distros shipped with a thousand Apache modules installed and configured, you'd probably have much of the same problems.
Yeah, this article has been up on the web in some form since the Netscape 1.0 days, and also was circulating around usenet.
Kinda nice to see a piece of early WWW writing show up on Slashdot as news.
At least on Windows, Mozilla knows how to pickup known compatible plug-ins from the Netscape 4.x plugin directory automatically.
On my box works for Flash, QuickTime, Real, and Acrobat -- all registered in Help+About Plug-ins, but not in the Mozilla plugin directory. (And what happens if you don't have NS4 installed? Guess everyone needs to update their plug-in installers.)
Nope, there was an IE 1.0 -- I saw it distributed with a CD collection of MS PR/white papers. (My boss at the time ran out of his office saying "You gotta see this!" so that we could all gather around and chuckle.)
I agree, that feature alone brings Unix GUIs out of the dark ages (still would like to see Mac-style exploding rectangles..)
Cool idea, but my guess is that most IIS boxes are not just missing one patch, but instead missing 15.
Maybe a redirect to www.microsoft.com/security instead of the 'Hacked by Chinese' message would be appropriate.
The LocalSystem account has far more than 'pleb' rights -- it's essentially equivilant to Administrator on the file and registry permission level.
They only thing it can't do is talk to MS RPC and SMB services. If the worm can upload something, this restriction could be bypassed.
But what you say about each account having it's own 'desktop' is true. The reason "Allow Service to interact with Desktop" works with SYSTEM is because of it's god-like powers on the local machine.
Yes I can prove this given two seconds on Google. See this provision of the DMCA : http://www.hrrc.org/html/page158791.html
And to respond to the other guy, of course VCR != Macrovision device. However, when your VCR must respect macrovision, by law, and your Digital TV can enable/disable macrovision based on the broadcast signal, by law, your VCR has essentially been defeated.
Yes, despite what the most vocal MS critics say, NT is quite stable, third party drivers do kill it.
Infoworld published a Microsoft study into the causes of NT 4.0 failures. "3rd Party drivers" and "Internal failure" were about equal as the two greatest sources of failure. As someone who saw a few bleu screens in the SP1 through SP4 days, this jibes with experience.
Obviously Microsoft's approach has been to reduce both those causes with the much more stable W2K OS and a enhanced driver certification program.
From what I've heard, the whole Plug-n-Play infrastructure, including USB support was done for NT4 back in 97 or so. They put it on the shelf because they were holding out until ActiveDirectory got finished, which took years longer than expected. (AD was originally promised for NT 4.0!)
When MS released the Option Pack back in 98, people were genuinely pissed, because it essentially meant you had to reinstall the OS *twice* to get a working config. It's really too bad they didn't package up the Option Pack, IE4, and the PnP stuff and release Windows NT 4.5.
Well, this jibes with Miguel of Gnome fame's decription of why Unix "sucks". Everyone is providing infrastructure, and nobody is providing any policy. His point was that most of the major components of a Unix system share no code other than libc and maybe X11.
.NET are good! BTW, we're seriously breaking your VB code." But at least there is some direction at any given time rather than the policy menu approach in the Unix world.
Of course, the people who do provide policy (like Gnome themselves) are isolated by groups writing competing applicaitons and never have enough critical mass to 'win' the policy battle. In a culture of 'free software' nobody wants to give up their freedom to make a decision about what to use. It's programmer versus programmer over questions such as what widgets to use (did any user ever complain they didn't have enough different widgets?) My theory is that this is a continuation of the commercial Unix tradition of adhering to certain base standards while still promoting vendor lock-in.
Of course going with a single vendor also give that vendor the right to change their mind (as MS has done many times on the DB driver issue!). It also leads to interesting contradictions such as "Managed runtime environments like Java are great! Write Windows software with J++." which transforms into "Managed runtime environments like Java are bad! Write Windows software." which transforms into "Managed runtime environments like
I think it was tongue-in-cheek, but it's actually serious. Macrovision defeaters are illegal under the DMCA. It is illegal to sell or give away schematics to build Macrovision defeaters. GoVideo had to modify their dual VHS/VHS and DVD/VHS decks to respect Macrovision.
(And, yes, I'm aware that people still sell 'video enhancers' which effectively defeat Macrovision. However the last time I asked at Radio Shack, they no longer stocked the standard $10 inline model that they sold for years.)
Well, at this point IE is in the OS and there's no taking it out. Any breakup would have to grant the OS Corp a licence for at least part of the current version of IE. The Netscape situation will never be rectified (although I suppose AOL could sue in civil court).
The key would be to prevent this sort of thing in the future, or even in the present.
Not ignoring my sig for the moment, the point of the trial is that Microsoft committed criminal actions, and therefore are suspect to certain penaties, including legally limiting their future behavior.
The break up plan wouldn't prohibit the OS company from introducing APIs that do useful things like rendering HTML or playing MP3/WMA music. They might be able to tie those things into the shell, even. It however would prohibit them from shipping a fully-formed web-browser or media player at the same time those APIs are released to the public, and then using OEM contract leverage to enforce shipping those applications in a certain configuration. The idea is that the MS application group should be the exact same competitive situation as anyone else.
The point of the Windows/Applications breakup plan was that Microsoft uses it's OEM contracts for Windows to push application or 'middleware' software (IE, MediaPlayer, MSN, .NET) in a monopolistic manner.
The trial wasn't about whether Microsoft has a monopoly in the Office software market (they probably do), so it pretty much leaves their methods of marketing Office (including tieing it to IE) untouched, except to the extent Office is sold through OEM contract bundles.
Even though Office has a huge marketshare, it's not a very effective method of software distribution. I read that over 50% of the market is on Office 97 or earlier, where OEMs don't have much choice but to ship the latest and greatest version of Windows on new machines.
So, basically, you can forget about all of Microsoft's other crimes, both real and imagined -- the trial is pretty much only about how Microsoft packaged and sold Windows to OEMs (with some supporting bits about Java and Apple).
Time to bring up the quote about law and sausage.
One can just imagine the hollywood lobbyist chatting up the Senator over a drink -- "Did you that under current law, it's perfectly legal for people to modify our cable boxes and disc players and make perfect digital copies of our content? And using the Internet, tney can take our content and give it away for free to anyone who wants it?"
To the Senator, that wouldn't sound right, and hense the DMCA was born out of good intentions. Sure, at some point someone considered the implications of this, and a a bunch of pro-fair use language was tacked on to the bill, but the core bit of allowing content providers to have legal 'access control' rises above all of that. It would have been a pointless law otherwise.
What other MS admins need to worry about is keeping track of any future additions to their machines. If they, or someone else, adjusts Windows components on that server, this particular hotfix needs to be reinstalled.
.ida/.idq to idq.dll. Remove these and you are safe from any future Index Server hacks. While you are there, remove the rest of the DLL mappings that you do not need.)
That is true -- Either this or another index server hotfix needed to be reinstalled after doing a SP2 upgrade for example. Trying to figure out what Hotfixes are installed or need to be installed is not straight-forward.
However, what IIS admins really need to do is disable the "Application Mappings" that they are not using. This will eliminate the need to apply hotfixes for the significant number bugs in non-core IIS components which aren't widely used.
(To do this, open up the IIS management GUI, look at the Site properties, Home Directory, Configuration. You'll see the mapping from
Many Microsoft DCE/RPC servers are vulnerable to remote DoS attacks
.NET is a gateway to all of the old insecure LAN crap that NT tends to run.
...
Workarounds:
Firewall off as much as possible.
I would imagine that 99% of NT installations and even most broadband ISPs have firewalled this stuff (it runs over the NetBIOS ports which generally use insecure authentication anyway).
Do not install COM Internet Services.
This is the predecessor to SOAP or 'web services' ((allows RPC over HTTP). Woe is Microsoft if it turns out that