This is extremely difficult because no customer wants to be interrupted by a reboot during business hours.
I dont even recommend this to any clients. I just tell them I will be doing it afterhours. Sure, its less convient for me, but they arent working for me. IMO, it just goes with the territory.
How fast do you (or your IT group) install patches for major exploits like this?
You kind of have to do a risk analysis on it. If it is a critical exploit, it moves higher. If it is exposed to raw internet, a critical should be done immediately. If it is a web server, likewise. If it is just a server on an internal LAN, it can probably wait a while. And while the parent was scored as funny, in reality it never hurts to wait for feedback on something if you can. You dont get a higher score for being the first person to install a patch.
What do you consider to be an acceptable turn around time for a vulnerability patch that may not even have an exploit yet?
You can always reasure your clients that things are low risk, but low doesnt mean no. Better safe than sorry is a good attitude, and one which will make your client feel more secure (in an emotional sense). Seems you made the right choice.
As an aside, now that MS is planning on holding their security patches to one a month, what does everyone else think? Should they release them asap, or wait once a month? Personally, we just scheduled once or twice a month to do the patching on our servers, but I think putting it out asap is better.
Re:Total secrecy, zero privacy
on
Watching You
·
· Score: 1
but people are generally working 40 hours a week...
Most of the BSOD in Win2k/XP is caused by bad RAM.
If you stick with a qualitly product (no multi-function devices, for example), you should be ok.
As an aside, is it just me, or have HP printers been getting really crappy for the past two years or so?
Re:Total secrecy, zero privacy
on
Watching You
·
· Score: 1
People dont realize that is the catch with more and more surveilance data- as always, the more data, the more you have to sort.
With that large an amount of data, finding anything worthwhile (especially randomly) is going to be impossible. Granted, someone sharp can come along and make a really good sorting/filtering app, but how many really good programmers end up working for the government? answer: not many, and anyone smart ends up stuck behind some middle-management asshole who is just working their 40 til retirement. Governmental catchphrase: dont rock the boat.
So Im not really worried. Honestly, Im more worried about a human-error false positive.
This has to be just about the DUMBEST idea Ive heard about since the halcion days the the Dot-Bombs, when any half-baked idea was worth literally MILLIONS.
Kudos to the con artist who convinced somebody that they were a) employable, and b) had a good idea.
I, not knowing much about computers at the time, decided to do the 'recommended' upgrade to windows XP, rather than the full reinstall. NOTHING worked. Winamp didn't work, Quake3 didn't work, Office didn't work, Novell didn't work, I had to reinstall more or less everything save Internet Explorer.
I dont know where you got that recommendation from. Does it even allow you to upgrade from a 9x path to XP? I know there is at LEAST a warning. Also, ALL the tech sources stictly said upgrading from 9x to 2000/XP is a big no-no (there are differences in the registry structure, for one thing).
Im not saying it didnt happen, Im just saying if you were getting reliable advice it wouldnt have.
Also, the Win9x path had far outlived its usefullness by the time ME was released. However, since Win2k was delayed they needed to extend its life for home users (especially since Win2k was being targetted at businesses). XP Home was the first one targetted at home users.
That is a truly strawman arguement. If you have Windows 95, there is no real reason to upgrade beyond that unless it is for hardware reasons (better USB support under Win98, for example). There is absolutely NO reason to move from Win9x to Win2k, because it is marketted toward businesses (altho it does perform well at home). However, there is NO reason to go to WinXP from Win2k. In fact, I like Win2k much better.
As for the server, I still support TONS of NT4 machines, and we are only really upgrading them as the hardware wears out or becomes dated. Our network is still about half 95/98 clients; we are also replacing them with Win2k thru attrition.
But unless your hardware compells you, their is not an application-level reason to upgrade.
I dont see how anyone can complain about switching from the Win9x kernel to the vastly superior NT kernel.
Also, as far as legacy support for 9x apps goes, they are really very good. Aside from games, I havent encountered many that wont run under Win2k (and I have done a LOT of support with legacy apps, especially custom ones).
One of the only real problems is custom apps writing SPECIFICALLY for Win95, instead of using variables (ie. hardcoding c:\windows\system instead of using the %sysdir variable). Its just poor app writing for the most part.
As for Apple breaking stuff, long ago I worked at a store which also did Mac support. We very often had people come in who would have apps break just by applying point release updates, and lets not forget all the apps they broke by switching to (I think it was) OS8 and OSX.
Its not a bad thing to occasional dump legacy support (imo MS should have done it long ago), but MS has been very good about it. A few months ago they came out with another optional patch to further improve legacy support with Win2k. But frankly, Apple is TOO willing to dump legacy support, and have done so at least two or three times in the last decade. MS hasnt truly dumped legacy support at all- you can even get many MS-DOS apps to run under Win2k (as long as it isnt trying to get direct access to the hardware).
A convicted monopolist has alot to say about acceptance because they've already shown they will do anything to protect the monopoly.
But the problem with blaming MS is that they have nothing to gain by keeping BlueTooth down. Since THEY dont have a competing standard (or one they have an interest in), what do they care?
Now if you made the claim that Intel was trying to abuse their monopoly power in some regard, I would be inclined to agree; they are, IMO, much worse in that regard than MS ever was (and they continue their abuses still). Their history in regards to AMD, pushing USB in their chipsets, and hell, even their highly anti-competitive behavior regarding mobo chipsets. Oh ya, and lets not forget the whole Rambus ordeal.
Honestly, I just dont think blaming MS for BlueTooth's failure to gain acceptance passes the smell test.
One of the biggest differences between Windows and Mac OS X, in my opinion, is that Microsoft always tries to retain as much compatibility with previous versions as possible while Apple doesn't. I noticed that with Jaguar and I noticed the same with Panther: about 10-20% of the third party applications just won't load anymore, or they will crash on load. I understand that this policy has dsitinct advantages, but that's a lot of incompatable apps (out of 7,000 available for OSX) and while most of these will be recompiled in the next few months by their authors, the inconvienience caused is already there.
This has been true for a looooong time, but seems to be swept under the carpet. If MS broke this many applications, the linux and apple zealots would be gloating like the DNC at Rush Limbaugh.
Personally, I think its really bad, and I feel bad for the users, but Apple has historically not really cared all *that* much about the end users. If it cant go on the JumboTron behind an AppleWorld keynote speach, it isnt really that important to them.
I really dont think non-acceptance has anything to do with Microsoft. I think its more that Bluetooth is a good short-range solution, but that limits its use.
For example, there is a Logitech wireless moues/keyboard which uses Bluetooth, and it is one of the best you can buy. IMO, this is something Bluetooth excels at.
But when you start throwing in things which need longer range, like cell phones and stuff, you see less and less acceptance, which is either due to a price or performance issue.
As with many standards, MS has little say-so on acceptance. Take FireWire as an example.
I don't have my leftside panel-full-of-drawers, so I have to make do with either the start menu or icons on the desktop. You can try using the Quicklaunch buttons on the task bar. I used to have to run a LOT of different tools at one job, so I expanded the QL bar to take up a whole row. It worked out well for me, anyway.
As for the start menu, it's always been klunky (which is, I'm convinced, why most Windows users litter their desktop with a billion icons), but it's gotten worse in newer versions; now most of the options are hidden, and I have to click the little double-arrow thingies all the time, as if navigating the start menu didn't have enough steps already
I hate menu customization also. R-click the taskbar, select 'properties', and uncheck 'use personalized menues'.
IMO, I hate having everything dumped in there as well, so I generally organize the start menu with categories. I tend to put any system tools which dont get selected very often (like the virus scanner, which usually just does its own thing) into Accessories, I have a folder on my home machine called Games which has all those, office apps have their own folder, etc. It makes it a bit easier- I hate seeing multi-page start menus!
Additionally, every time I put a CD in, Windows Media junk insists on opening, even though it's *not* the CD player app I want to use. I can't figure out how to disable that
I havent seen the problem being Media Player, I think disabling autorun in general is kind of buggy. There are two ways I know of to do it, but they are both flaky (because it still works occasionally), and there is another problem where Windows doesnt look at the disk unless autorun is enabled. Its strange, and honestly I think its a hardware problem rather than something with Windows (the newer machines at work dont do this).
Anyway, you can try TweakUI from Microsoft (there is a 9x/NT/2000 version and a different XP version); if you cant find it try looking for 'Power Toys' or 'Power Tools'.
Anyway, it gives a lot of other UI enhancements, but they are mostly per-user settings (in case you have different machines or accounts).
Also, my drive letters, for reasons I'm not confident I can explain perfectly, have changed around two or three times
in the last week, even though none of the drives in question have been removed or changed cables or anything. (I do have way more partitions than
the usual Windows quota of one, but it *ought* to handle that better.)
Thats strange. Try using Disk Manager (not sure about where XP hides it, but from a command prompt type in MMC. From there, go to Console, Add/Remove Snap-in, and choose "Disk Management". From there you can statically assign or change drive letters; just bear in mind that changing a hard drive letter could mess up any applications installed on that drive.
I always set up multiple partitions on servers, because having your application data or user data on the same drive as your OS is a really bad idea; so I know Win2000 can handle multiple partitions well (unless there is some weird hardware issue happening).
With command.com it's the shell, and with cygwin it's the fact that the shell doesn't quite integrate with the OS as completely as it ought.)
Im thinking you should be using cmd.exe instead of command.com; command.com is left in for legacy applications, but the NT command interpreter is cmd.exe. See if that helps.
I don't dare mount the smb share on the Windows PC upstairs properly (i.e., assign a drive letter),
In the same disk management screen, you can also mount a drive so its only accessible via a UNC. there are several options when it comes to mounting partitions; just poke thru the help file for descripts. I guess one problem you may be having is that some apps arent UNC aware (a problem I run into a lot with legacy apps, but sometimes with poorly written custom stuff). In this case you
I recall seeing that IBM is starting to sell these again. Strangely enough, one company I used to work at about five years ago has a stockpile of various old IBM keyboards in their tech lab. Enough in case of nuclear war, I guess (of which they would definitely survive).
My first suggestion is to avoid any Win9x platform like the plague. I am a strictly Windows guy, but I cant use it. It was great back around 95, but there are much better alternatives.
Stick with Windows 2000. You *could* go with XP, but it has many things (UI changes, rearranged control panel applet functions, etc) which prevent me from liking it.
Win9x is just TOO unstable, even in your average user environment. Considering you can purchase a Win2k license for just as much as a Win9x license (even if you *can* purchase it), you are just better off.
As for your last part, ya, rebooting whenever it starts acting funny is essential. If anyone said they had a problem at work (they still have about half win9x machines), my first suggestion is to reboot. Cures about 90% of problems. This isnt a problem under NT 5.x (2000, XP, and 2003).
Slashdot Mirror
I dont even recommend this to any clients. I just tell them I will be doing it afterhours. Sure, its less convient for me, but they arent working for me. IMO, it just goes with the territory.
How fast do you (or your IT group) install patches for major exploits like this?
You kind of have to do a risk analysis on it. If it is a critical exploit, it moves higher. If it is exposed to raw internet, a critical should be done immediately. If it is a web server, likewise. If it is just a server on an internal LAN, it can probably wait a while. And while the parent was scored as funny, in reality it never hurts to wait for feedback on something if you can. You dont get a higher score for being the first person to install a patch.
What do you consider to be an acceptable turn around time for a vulnerability patch that may not even have an exploit yet?
You can always reasure your clients that things are low risk, but low doesnt mean no. Better safe than sorry is a good attitude, and one which will make your client feel more secure (in an emotional sense). Seems you made the right choice.
As an aside, now that MS is planning on holding their security patches to one a month, what does everyone else think? Should they release them asap, or wait once a month? Personally, we just scheduled once or twice a month to do the patching on our servers, but I think putting it out asap is better.
but people are generally working 40 hours a week...
Well, considering they are both hardware problems, you figure it out, genius.
So now Slashdot gets its news from the Drudge Report.
Damn you Fox!!
If you stick with a qualitly product (no multi-function devices, for example), you should be ok.
As an aside, is it just me, or have HP printers been getting really crappy for the past two years or so?
With that large an amount of data, finding anything worthwhile (especially randomly) is going to be impossible. Granted, someone sharp can come along and make a really good sorting/filtering app, but how many really good programmers end up working for the government? answer: not many, and anyone smart ends up stuck behind some middle-management asshole who is just working their 40 til retirement. Governmental catchphrase: dont rock the boat.
So Im not really worried. Honestly, Im more worried about a human-error false positive.
please dont take away the warm security blanket of our conspiracy fears. its all we have left
Actaully, this also happens to be the case with about 80% of Slashdotter's computers... interesting.
Kudos to the con artist who convinced somebody that they were a) employable, and b) had a good idea.
Does this mean they arent really the experts they pretend to be? Im confused.
So, would this lead one to believe that shorting SCO themselves could be profitable?
I dont know where you got that recommendation from. Does it even allow you to upgrade from a 9x path to XP? I know there is at LEAST a warning. Also, ALL the tech sources stictly said upgrading from 9x to 2000/XP is a big no-no (there are differences in the registry structure, for one thing).
Im not saying it didnt happen, Im just saying if you were getting reliable advice it wouldnt have.
Also, the Win9x path had far outlived its usefullness by the time ME was released. However, since Win2k was delayed they needed to extend its life for home users (especially since Win2k was being targetted at businesses). XP Home was the first one targetted at home users.
As for the server, I still support TONS of NT4 machines, and we are only really upgrading them as the hardware wears out or becomes dated. Our network is still about half 95/98 clients; we are also replacing them with Win2k thru attrition.
But unless your hardware compells you, their is not an application-level reason to upgrade.
Also, as far as legacy support for 9x apps goes, they are really very good. Aside from games, I havent encountered many that wont run under Win2k (and I have done a LOT of support with legacy apps, especially custom ones).
One of the only real problems is custom apps writing SPECIFICALLY for Win95, instead of using variables (ie. hardcoding c:\windows\system instead of using the %sysdir variable). Its just poor app writing for the most part.
As for Apple breaking stuff, long ago I worked at a store which also did Mac support. We very often had people come in who would have apps break just by applying point release updates, and lets not forget all the apps they broke by switching to (I think it was) OS8 and OSX.
Its not a bad thing to occasional dump legacy support (imo MS should have done it long ago), but MS has been very good about it. A few months ago they came out with another optional patch to further improve legacy support with Win2k. But frankly, Apple is TOO willing to dump legacy support, and have done so at least two or three times in the last decade. MS hasnt truly dumped legacy support at all- you can even get many MS-DOS apps to run under Win2k (as long as it isnt trying to get direct access to the hardware).
But the problem with blaming MS is that they have nothing to gain by keeping BlueTooth down. Since THEY dont have a competing standard (or one they have an interest in), what do they care?
Now if you made the claim that Intel was trying to abuse their monopoly power in some regard, I would be inclined to agree; they are, IMO, much worse in that regard than MS ever was (and they continue their abuses still). Their history in regards to AMD, pushing USB in their chipsets, and hell, even their highly anti-competitive behavior regarding mobo chipsets. Oh ya, and lets not forget the whole Rambus ordeal.
Honestly, I just dont think blaming MS for BlueTooth's failure to gain acceptance passes the smell test.
This has been true for a looooong time, but seems to be swept under the carpet. If MS broke this many applications, the linux and apple zealots would be gloating like the DNC at Rush Limbaugh.
Personally, I think its really bad, and I feel bad for the users, but Apple has historically not really cared all *that* much about the end users. If it cant go on the JumboTron behind an AppleWorld keynote speach, it isnt really that important to them.
For example, there is a Logitech wireless moues/keyboard which uses Bluetooth, and it is one of the best you can buy. IMO, this is something Bluetooth excels at.
But when you start throwing in things which need longer range, like cell phones and stuff, you see less and less acceptance, which is either due to a price or performance issue.
As with many standards, MS has little say-so on acceptance. Take FireWire as an example.
I think China was competing for the X-Prize!
As for the start menu, it's always been klunky (which is, I'm convinced, why most Windows users litter their desktop with a billion icons), but it's gotten worse in newer versions; now most of the options are hidden, and I have to click the little double-arrow thingies all the time, as if navigating the start menu didn't have enough steps already
I hate menu customization also. R-click the taskbar, select 'properties', and uncheck 'use personalized menues'.
IMO, I hate having everything dumped in there as well, so I generally organize the start menu with categories. I tend to put any system tools which dont get selected very often (like the virus scanner, which usually just does its own thing) into Accessories, I have a folder on my home machine called Games which has all those, office apps have their own folder, etc. It makes it a bit easier- I hate seeing multi-page start menus!
Additionally, every time I put a CD in, Windows Media junk insists on opening, even though it's *not* the CD player app I want to use. I can't figure out how to disable that
I havent seen the problem being Media Player, I think disabling autorun in general is kind of buggy. There are two ways I know of to do it, but they are both flaky (because it still works occasionally), and there is another problem where Windows doesnt look at the disk unless autorun is enabled. Its strange, and honestly I think its a hardware problem rather than something with Windows (the newer machines at work dont do this).
Anyway, you can try TweakUI from Microsoft (there is a 9x/NT/2000 version and a different XP version); if you cant find it try looking for 'Power Toys' or 'Power Tools'.
Anyway, it gives a lot of other UI enhancements, but they are mostly per-user settings (in case you have different machines or accounts).
Also, my drive letters, for reasons I'm not confident I can explain perfectly, have changed around two or three times in the last week, even though none of the drives in question have been removed or changed cables or anything. (I do have way more partitions than the usual Windows quota of one, but it *ought* to handle that better.)
Thats strange. Try using Disk Manager (not sure about where XP hides it, but from a command prompt type in MMC. From there, go to Console, Add/Remove Snap-in, and choose "Disk Management". From there you can statically assign or change drive letters; just bear in mind that changing a hard drive letter could mess up any applications installed on that drive.
I always set up multiple partitions on servers, because having your application data or user data on the same drive as your OS is a really bad idea; so I know Win2000 can handle multiple partitions well (unless there is some weird hardware issue happening).
With command.com it's the shell, and with cygwin it's the fact that the shell doesn't quite integrate with the OS as completely as it ought.)
Im thinking you should be using cmd.exe instead of command.com; command.com is left in for legacy applications, but the NT command interpreter is cmd.exe. See if that helps.
I don't dare mount the smb share on the Windows PC upstairs properly (i.e., assign a drive letter),
In the same disk management screen, you can also mount a drive so its only accessible via a UNC. there are several options when it comes to mounting partitions; just poke thru the help file for descripts. I guess one problem you may be having is that some apps arent UNC aware (a problem I run into a lot with legacy apps, but sometimes with poorly written custom stuff). In this case you
The truth is over here, and my G5 workstation is way over there...
Since .NET is involved, it must be Microsoft's fault.
I recall seeing that IBM is starting to sell these again. Strangely enough, one company I used to work at about five years ago has a stockpile of various old IBM keyboards in their tech lab. Enough in case of nuclear war, I guess (of which they would definitely survive).
Stick with Windows 2000. You *could* go with XP, but it has many things (UI changes, rearranged control panel applet functions, etc) which prevent me from liking it.
Win9x is just TOO unstable, even in your average user environment. Considering you can purchase a Win2k license for just as much as a Win9x license (even if you *can* purchase it), you are just better off.
As for your last part, ya, rebooting whenever it starts acting funny is essential. If anyone said they had a problem at work (they still have about half win9x machines), my first suggestion is to reboot. Cures about 90% of problems. This isnt a problem under NT 5.x (2000, XP, and 2003).
http://www.globalsecurity.org/org/news/2001/e2 0010619stealths.htm