Well, you asked why people do it, and thats why. Whether it makes sense to you or not, even whether it is logical or not, thats the primary reason why people do it, that I've seen.
Unfortunately, some of the most aggressive of the malware out there are the opposite--they are most destructive on servers and have little to no effect on a workstation or home machine. Code Red and Slammer come to mind (they affected server products like IIS and SQL Server that are not widely deployed or included with client machines). That was bad, but the industry changed. Microsoft's products changed. You just wont see things like that anymore. Slammer in particular, was so bad not because of all the SQL Server installs on servers, but because of the millions of unknown MSDE installs on desktops/laptops.
The products of the CodeRed & Slammer days are very different from those released and deployed now.
You then also disagree with notable industry experts. A monocultural infrastructure might be "simple" and easy to configure, but it is impossible to make any system completely invulnerable, and when a vulnerability is exploited in a monocultural system it can completely wipe it out. Many experts in the field believe the risks of this universal vulnerability of a system to various exploits far outweigh the benefits of the simplicity in managing a single-platform solution. Notable industry experts are not very impressive.
This theory is one of those that sounds great on paper, and sells lots of books and conference keynotes, but doesnt really work in reality.
Even in large orgs with centrally managed everything, when there are outbreaks of things, its always unit by unit, some units within the org get hit, some dont. Happens over and over. One set of servers gets hit, the others dont.
It just doesnt work the way Greer describes in reality. Even in an homogenous system, there are sufficient differences between groups and departments to make it a moot point.
Wouldn't you think, in an Active Directory situation, if you had a mix of Windows and Samba AD domain controllers handling your domains it would be more robust in an attack? It would dramatically reduce the chance that a single exploit could knock out all your domain controllers at once and essentially knock out your whole network. It wouldnt help you much at all. Unless you're using tokens, smart-cards, etc... then once the first dc was compromised, and the first domain-admin or enterprise-admin account was compromised, its all over. They own the keys to your world.
Attacks these days arent about 'knocking out' machines. They're about getting stealthy ownership and using them for profit.
so you have to explicitly set the site up in the Trusted Sites zone, and also turn on the automatic login if you are using IE7 Assuming they arent rogue sharepoint sites, you just push those settings out via group policy, and make it easy on yourself.
I've never really understood why i'd want to use a Linux server with Windows clients - it just doesn't work all that good, causes way more headaches than you save in terms of money. It's all about the skills of the people you have access to.
Better to run a Samba situation if all you have are linux gurus. Better that than have people completely unfamiliar with windows try to setup a windows system securely and reliably. That tends to not work well.
Likewise, if you have access to folks with windows experience, and you're a primarily or all windows shop, then that works well.
In general, better to have a slightly weird configuration (samba servers, windows clients) if its managed and configured well by people who know what they're doing, than a normal configuration thats managed poorly.
Apart from fedorated directories what extra does Sever 2008 bring in the fileserver/domain controller space? As far as I am aware nothing. The typical evolutionary improvements.
IIS7 (big improvement, though not AD/File-server) Hypervisor built in Continued to add security features to the OS & kernel More group policy control and settings Much more modular install (server core stuff) Branch office server improvements (replication, mgmt)
One of the biggest ones I think for a DC or file server is the 'server core' approach. Gives you the ability to install a slimmer server OS than in the past, up to and including no GUI (just powershell). This can be a benny for keeping your file-servers or DCs as simple as possible.
I havent read up on all the details, but since 2003-R2 they've really been putting in some nice features for branch-office server scenarios. And finally an NTFRS/DFS replication system that doesnt suck the big one.
The only possible thing in there is the auto-login you get if you use IE from a machine on the same domain as your sharepoint server.
So for example, in FireFox, Sharepoint works fine... but you get prompted for a login. On IE, you dont get prompted, it just handles it behind the scenes for you (using MS-CHAP v2 I assume, though thats just speculation).
Now, the fancy AJAX and interactive javascript scripting works _much_ better on IE than FireFox, but I'm not sure that falls under 'proprietary protocols'.
Microsoft didn't invent anything in their patent portfolio.
simply paid people to invent things for them. You mean employees? Or researchers? What a concept.
Can you describe any class of person being part of Microsoft that would not be someone 'paid to invent things for them' but who invented things?
Patents in big business, particularly in big technology business, has very little to do with innovation, or legal issues.
It's about survival and cross-licensing.
At this point in time, patents for big tech companies is a form of MAD, and results in crazy cross-licensing and covenants not to sue.
Basically, if you dont have a decent patent portfolio, and you compete with a big tech business that does, they will come after you for patent violations.
You may win, if you fight, but it'll take 5-10 years and a lot of money. So companies settle.
If you have your own big patent portfolio, then it puts you on more level ground. You then cross license, and who ever has the biggest swinging... I mean the biggest patent portfolio gets paid a little on top.
I'm not sure now... but prior to all the federal lawsuits against MS, the company was notorious in the industry for having nearly zero funds for lobbying, political activity, lawyers, etc.
I'm sure thats changed now... but they started it right.
No reasonable human being would read the information on that page and think that MS is claiming to have 'invented' IPv6, or any of the other things.
It's clear as day that they did research in those areas that was used in real world product development.
You do realize that once an area of study has been 'discovered' or 'invented', that other people are allowed to continue to do research in that area, right?
T-SQL always used to annoy me with it's fussiness about the order you specified tables when using JOIN's SQL Server doesnt care what order you declare the tables in when doing joins.
The joins are performed in the order that the ON = statements are declared.
That being said, I do wish there was a LIMIT , like in MySQL. Just so much easier.
For what its worth, the x64 versions of vista and server 2003 have been nearly flawless for me. So the windows world is much more reasonable wrt this stuff if you can work in the 64-bit versions.
Unfortunately, due to drivers, it only works well if you're buying new hardware, and business class hardware. But if you can work within that, I'm amazed how well x64 vista business is, for example.
Well, its a bug.... these things happen. It's also not universal. I cant remember the URL, but there was 3 or 4 configuration/environment things that had to come together for this to show, but it was more than a very small number. Not universal though.
Also, the software that does this is a service that you can shut down and/or disable.
Also note that it doesnt seem to come into play using robocopy... at least I was not able to duplicate it there. But it did happen while using the shell to copy stuff.
Why did you throw a fake extra 'Microsoft' step on the windows one? There is no such extra layer.
The start-menu approach on windows has exactly one more click than the KDE example you demonstrated. Or less if you use Word alot and it shows up on the front page of the start menu.
Plus, there's no way to go back to XP-style Start Menu. Right click on the start button, choose properties.
Click on the radio button that says 'Classic Start menu'.
Click OK.
There you go.
I dont know what to say about the start menu opening slowly. Your desktop is faster than my laptop (though my laptop has 4gb) and I dont experience that.
I'm running Vista Business x64 though... and MS seems to have done away with alot of the shell extensions in x64 windows, which can cause the kinds of slowdowns you're seeing.
What makes it horrible is that it's still insecure, that it is still poorly-organized Those are some very large generalities.
Can you elaborate on these?
In what ways is it 'still insecure' and 'still poorly-organized'.
Try to avoid describing anything thats not organized exactly like Unix as 'poorly organized'.
I ask because, particularly on the security front, MS has closed most or all of the old holes extant in the windows systems (window messaging attacks, local elevation by co-opting higher-priv windows/processes, etc). So I'm wondering if you're making an educated statement, or are just tossing out random statements.
The learning curve to go from MS Office 2003 to MS Office 2007 is *WORSE* than switching to OpenOffice, a point we have made very clear to our bosses where I work with regards to our recent switch to OpenOffice. But its really not. Put anyone with an open mind and an hour in front of an Office 2007 app with the new ribbon, and within an hour they'll have made the adjustment, and probably find it significantly better than it was before.
All the same functionality is there, the same buttons and names for things, the same concepts. Even the shortcut keys are largely the same.
The only difference is that now it takes substantially less clicks to do almost everything.
So yes, the first couple times you try to use your memorized clickety-clack pattern, it wont work. But after that you find that the interface is so shallow that you need to do very little of it at all anymore.
PAE and AWE have been available in windows since NT4 or Win2000 (cant remember off the top of my head).
The problem is that apps have to be modiifed to take advantage of this.
And hell, you cant even get the vendors of apps like Pro-E, which really need more than 2GB of memory, to use these technologies when run on server OS's.
AWE doesnt create a single >4GB addressing window. It (can) give a 2GB addressing window to each and every process, where that 2GB is actually addressed far above the regular 4GB space.
The problem is that apps have to be modified to use AWE. It's not something that you just 'get for free' by flipping a switch.
So the OS doesnt need AWE. The kernel only uses ~200MB of memory, less than half of which needs to be in physical memory.
Why would you need to leave any non-system software behind?
32-bit software runs great (and often faster) in x64 windows. In fact, right now you'll find that there are about three times as many installed programs in \Program Fils (x86)\ than there are in \Program Files\.
The only incompatibilities are drivers (and therefore some hardware) or certain system software.
So for example, ISAPI filters on IIS need to be compiled for the right version, 64-bit for x64 IIS, and so forth.
If you're buying a new machine, then there's not really any reason not to go Vista x64.
Just purchase a business class machine that ships with full drivers, and you're good to go.
I've been running for a few weeks with my new HP Compaq 8710w, and Vista Business x64, and its been quite a surprisingly good experience. The machine is fast, stable, and 'just works'. The only compat issue I've found so far is with FogCreek Copilot, which is just VNC rebranded.
Slashdot Mirror
Well, you asked why people do it, and thats why. Whether it makes sense to you or not, even whether it is logical or not, thats the primary reason why people do it, that I've seen.
The products of the CodeRed & Slammer days are very different from those released and deployed now. You then also disagree with notable industry experts. A monocultural infrastructure might be "simple" and easy to configure, but it is impossible to make any system completely invulnerable, and when a vulnerability is exploited in a monocultural system it can completely wipe it out. Many experts in the field believe the risks of this universal vulnerability of a system to various exploits far outweigh the benefits of the simplicity in managing a single-platform solution. Notable industry experts are not very impressive.
This theory is one of those that sounds great on paper, and sells lots of books and conference keynotes, but doesnt really work in reality.
Even in large orgs with centrally managed everything, when there are outbreaks of things, its always unit by unit, some units within the org get hit, some dont. Happens over and over. One set of servers gets hit, the others dont.
It just doesnt work the way Greer describes in reality. Even in an homogenous system, there are sufficient differences between groups and departments to make it a moot point. Wouldn't you think, in an Active Directory situation, if you had a mix of Windows and Samba AD domain controllers handling your domains it would be more robust in an attack? It would dramatically reduce the chance that a single exploit could knock out all your domain controllers at once and essentially knock out your whole network. It wouldnt help you much at all. Unless you're using tokens, smart-cards, etc
Attacks these days arent about 'knocking out' machines. They're about getting stealthy ownership and using them for profit.
Better to run a Samba situation if all you have are linux gurus. Better that than have people completely unfamiliar with windows try to setup a windows system securely and reliably. That tends to not work well.
Likewise, if you have access to folks with windows experience, and you're a primarily or all windows shop, then that works well.
In general, better to have a slightly weird configuration (samba servers, windows clients) if its managed and configured well by people who know what they're doing, than a normal configuration thats managed poorly.
Not really. The PFIF's sole purpose is to pay MS and then give access to that information to open-source developers.
It does keep it out of the hands of hobby or low-end commercial developers, but not open source ones.
IIS7 (big improvement, though not AD/File-server)
Hypervisor built in
Continued to add security features to the OS & kernel
More group policy control and settings
Much more modular install (server core stuff)
Branch office server improvements (replication, mgmt)
One of the biggest ones I think for a DC or file server is the 'server core' approach. Gives you the ability to install a slimmer server OS than in the past, up to and including no GUI (just powershell). This can be a benny for keeping your file-servers or DCs as simple as possible.
I havent read up on all the details, but since 2003-R2 they've really been putting in some nice features for branch-office server scenarios. And finally an NTFRS/DFS replication system that doesnt suck the big one.
Mostly just WebDAV.
... but you get prompted for a login. On IE, you dont get prompted, it just handles it behind the scenes for you (using MS-CHAP v2 I assume, though thats just speculation).
The only possible thing in there is the auto-login you get if you use IE from a machine on the same domain as your sharepoint server.
So for example, in FireFox, Sharepoint works fine
Now, the fancy AJAX and interactive javascript scripting works _much_ better on IE than FireFox, but I'm not sure that falls under 'proprietary protocols'.
Can you describe any class of person being part of Microsoft that would not be someone 'paid to invent things for them' but who invented things?
Patents in big business, particularly in big technology business, has very little to do with innovation, or legal issues.
... I mean the biggest patent portfolio gets paid a little on top.
It's about survival and cross-licensing.
At this point in time, patents for big tech companies is a form of MAD, and results in crazy cross-licensing and covenants not to sue.
Basically, if you dont have a decent patent portfolio, and you compete with a big tech business that does, they will come after you for patent violations.
You may win, if you fight, but it'll take 5-10 years and a lot of money. So companies settle.
If you have your own big patent portfolio, then it puts you on more level ground. You then cross license, and who ever has the biggest swinging
I'm not sure now ... but prior to all the federal lawsuits against MS, the company was notorious in the industry for having nearly zero funds for lobbying, political activity, lawyers, etc.
... but they started it right.
I'm sure thats changed now
Are you kidding me?
No reasonable human being would read the information on that page and think that MS is claiming to have 'invented' IPv6, or any of the other things.
It's clear as day that they did research in those areas that was used in real world product development.
You do realize that once an area of study has been 'discovered' or 'invented', that other people are allowed to continue to do research in that area, right?
The joins are performed in the order that the ON = statements are declared.
That being said, I do wish there was a LIMIT , like in MySQL. Just so much easier.
Thats true, and a good point.
For what its worth, the x64 versions of vista and server 2003 have been nearly flawless for me. So the windows world is much more reasonable wrt this stuff if you can work in the 64-bit versions.
Unfortunately, due to drivers, it only works well if you're buying new hardware, and business class hardware. But if you can work within that, I'm amazed how well x64 vista business is, for example.
Well, its a bug .... these things happen. It's also not universal. I cant remember the URL, but there was 3 or 4 configuration/environment things that had to come together for this to show, but it was more than a very small number. Not universal though.
... at least I was not able to duplicate it there. But it did happen while using the shell to copy stuff.
Also, the software that does this is a service that you can shut down and/or disable.
Also note that it doesnt seem to come into play using robocopy
The shift+delete still works.
There is an option in the autoplay to prompt you every time as well. Which is close to the same functionality as the shift.
Why did you throw a fake extra 'Microsoft' step on the windows one? There is no such extra layer.
The start-menu approach on windows has exactly one more click than the KDE example you demonstrated. Or less if you use Word alot and it shows up on the front page of the start menu.
Click on the radio button that says 'Classic Start menu'.
Click OK.
There you go.
I dont know what to say about the start menu opening slowly. Your desktop is faster than my laptop (though my laptop has 4gb) and I dont experience that.
I'm running Vista Business x64 though
Can you elaborate on these?
In what ways is it 'still insecure' and 'still poorly-organized'.
Try to avoid describing anything thats not organized exactly like Unix as 'poorly organized'.
I ask because, particularly on the security front, MS has closed most or all of the old holes extant in the windows systems (window messaging attacks, local elevation by co-opting higher-priv windows/processes, etc). So I'm wondering if you're making an educated statement, or are just tossing out random statements.
In some cases of usage, an implementation bug of this causes the behavior you're seeing.
This has been publicly stated by MS to be a bug that they are fixing. Some lazy developer hard coded a magic number in where they shouldnt have.
All the same functionality is there, the same buttons and names for things, the same concepts. Even the shortcut keys are largely the same.
The only difference is that now it takes substantially less clicks to do almost everything.
So yes, the first couple times you try to use your memorized clickety-clack pattern, it wont work. But after that you find that the interface is so shallow that you need to do very little of it at all anymore.
PAE and AWE have been available in windows since NT4 or Win2000 (cant remember off the top of my head).
The problem is that apps have to be modiifed to take advantage of this.
And hell, you cant even get the vendors of apps like Pro-E, which really need more than 2GB of memory, to use these technologies when run on server OS's.
AWE doesnt create a single >4GB addressing window. It (can) give a 2GB addressing window to each and every process, where that 2GB is actually addressed far above the regular 4GB space.
The problem is that apps have to be modified to use AWE. It's not something that you just 'get for free' by flipping a switch.
So the OS doesnt need AWE. The kernel only uses ~200MB of memory, less than half of which needs to be in physical memory.
Or just get a laptop that has driver support for x64.
I find that most of the business class machines nowadays have this.
You've got to avoid the consumer level garbage lines though (ie, Dell Inspiron & Vostro, HP Pavilion, etc).
Why would you need to leave any non-system software behind?
32-bit software runs great (and often faster) in x64 windows. In fact, right now you'll find that there are about three times as many installed programs in \Program Fils (x86)\ than there are in \Program Files\.
The only incompatibilities are drivers (and therefore some hardware) or certain system software.
So for example, ISAPI filters on IIS need to be compiled for the right version, 64-bit for x64 IIS, and so forth.
But its really not a problem in most cases.
If you're buying a new machine, then there's not really any reason not to go Vista x64.
Just purchase a business class machine that ships with full drivers, and you're good to go.
I've been running for a few weeks with my new HP Compaq 8710w, and Vista Business x64, and its been quite a surprisingly good experience. The machine is fast, stable, and 'just works'. The only compat issue I've found so far is with FogCreek Copilot, which is just VNC rebranded.