The software I use to do this is VMWare which can of course be used to run any PC OS. It's a very good piece of software. Does it run as well under Windows?
Yes, runs quite well. They have done a good job with the product.
Indeed, so why do the patches tell me to reboot. Even for an obviously userspace app like IE?
Because in a world of inexperience users it is easier to just tell them the computer needs to restart, than to tell them that any application that has a dependency on the IE HTML rendering engine will need to automatically be closed, and force ten apps on the users computer to close and possibly cause data loss if the third party application does not respond properly.
This is the real world 101.
If you were applying these patches to Windows Server, you would only see the need to reboot when a core service dependency needs to be changed.
. The intelligence *cough!* of banks and corporations aside, this is an issue. Aside from you deriding my intelligence ("And do you understand the word 'closed'?"), you offer no argument against things multihomed hosts, needed maintenance access (plug in the diagnostic laptop and pow!), malicious access (as I mentioned and you ignored), etc. A closed network adds a modicum of security, but it's extremely fragile. You have to go to pains to keep it closed.
Ok, you truly do realize that MANY ATMS that are ALREADY out there are using everything from old versions of OS/2 that have NO protections against many of the modern network attacks to even modified versions of Windows95 and Win98.
I still will find a version of NT more comforting than these aged OS with very little to no inherent security mechanisms in place.
It would be different if they were ripping out Linux ATMs and contracting to put in NT instead, then you might have the debate here you want.
I'm a physics graduate student working on a PhD. I have half a computer engineering degree (I switched to full-time physics because of time constraints), and I'm 2 classes away from a mathematics bachelors. Just so you know my mathematics background. I don't see the error in my percent-failed calculations.
Wow, that makes both of my doctorates just seem silly now; you have truly shamed me with your vast education. Let me guess, the next post you will pull our your Mensa card and cite your IQ. Geesh.
Bottom line, the numbers you are using are from your OWN creation and not reflective of the real world or the issue you are so adamantly trying to debate.
You keep citing "security watch groups that actually run true statistical analysis of the patches per installation." No, the security watch groups I know of only track bugfixes by distribution, not by what a single user may have installed, a method which is susceptible to the duplicate-package problem which you seem to reject.
You're partially right, many of them only watch severe hacks and patches like having 'root' compromised. However they don't usually pay attention to patches for the calculator or text editor examples I gave.
What "security watch groups" are you referring to? Please post them so that we can all benefit from their knowledge.
Why don't you start with mi2g, you might actually learn a little about the statistical modeling of attacks, potential attacks and vulnerabilities. (BTW www.mi2g.com in case you couldn't figure that one out)
Here let me quote some of 'their' numbers to get you started...
In the month of August, 67% of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. This means a total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in August and only 4,626 Windows servers. -And this is during the time of the 'great' Windows Worms that you love citing.
Additionally, they show that Linux was still the most attacked operating system on-line during the past year - taking the record with 51% of all successful digital attacks.
To recap my position:
(1)*Linux security vulerability counts as reported by the security press (e.g. Security Focus, debian-se
While MS Windows may have the monopoly on the desktop, they have a small percentage of the server market. Apache makes up more then 65% of the web server market.
This is the only part of your troll post worth responding to...
Not even debating the proliferation of Apache installations, do you realize that Apache runs on Windows?
Why do you assume that all Apache installations are non-Windows?
The only patches that require booting in my experience (debian, gentoo, Red Hat, and SuSE) are kernel patches. For all others, the server is just restarted; no reboot is required (if it's a desktop system with X, you might have to restart your X server; don't need to reboot). You can always reboot if it'll make you feel better, of course
And this is different than NT(Windows) how?
And the irony, is that even most kernel level drivers in NT can be dynamically stopped, installed, and started without a reboot. Only service drivers with dependencies that are essential to 'in-use' kernel services require a restart.
All it takes is one infected host on a closed network
And do you understand the word 'closed'? If there is external access to the ATM network, then the banks are dumber than we thought.
Let's now let Microsoft releases 10 patches for the 300 components. Let's assume your MS-Linux patch ratio is true. Then there are 50 patches for Linux in the same timeframe. Mathtime.
Windows: 100*(10/300)=3.33333 percent of Windows packages needed patching, on our very rough average.
Linux/Debian: 100*(50/11600)=0.43103 percent of Debian packages needed patching, again, on our very rough averaging.
Additionally, MS tends to wait and release mega-patches which patches lots of different packages, whereas each Linux package gets counted every time it needs a fix. Finally, even non-security patches get fixed in Linux, so the Linux patch count is even higher. Indeed, Microsoft would need to add on
1/.43103*10*100=2320 2320-300=2020
2020 patch-free packages in order to equal Debian's security fix rate, accepting your high patch count as valid.
Love your numbers, but since I actually have a background in mathematics you are doing nothing but making a fool out of your own base argument.
The fun part of your statistics is the base number of assumed packages that you start with in creating the equation.
You however are not going to convince me or anyone here that knows a little about Linux that five variations of a calculator included in a distribution is going to raise the base number of 'in use' or critical components of an average Linux installation.
So to start with an accurate base, you would have to assess the average packages installed and are in use per Linux installation to the average packages installed and in use for the Microsoft platform you reference.
In basic terms, there have not been 20 critical patches for the five calculator variations in each Linux distribution to offset the 20 critical patches for the average 'in use' services in the average Linux distribution. This is the critical anomaly in your formula.
So next time instead of counting every single package that could be installed in a standard Linux distribution, you need to just start with the average Linux installation packages in use and then compare that number of components to the Windows number of packages you also artificially created.
Your statistical evidence is nothing more than massaging numbers around your hyperbole. I shall just reference the security watch groups that actually run true statistical analysis of patches per installation and security risk of the OSes.
Linux is NOT more secure than the Windows NT base technologies - no matter how many text editors a distribution ships with.
Personally, if I were a bank, I'd not trust any code that I couldn't inspect and compile on my own ("my own" being within the bank).
This would be a very true statement if the source code was 'closed' to be viewed by ONLY the bank. However, as we know, Linux has every script kiddie in the world reading the source code, not just the people at the bank. So how long do you think it will take for someone 'outside' the bank to understand the Linux source code better than the team of experts the bank would have to hire to audit the 'whole source code' for their Linux distribu
Re:Mo Money! Mo Money! Mo Money!
on
Windows ATMs by 2005
·
· Score: 0, Flamebait
The stability of the OS has finally gotten to an acceptable level, however the security has not. Have you been asleep for the last few weeks with the string of SEVERE holes in MS software for win2k, XP and 2003?
And yet is still is 4 to 5 times more secure than Linux. Check the security briefs and patches from the independent security sites, or even the Linux distribution company's sites themselves. Also, did you miss the Linux exploits that have been noted on Slashdot in the last couple of weeks that are JUST as dangerous as any of the NT patched exploits from the last couple of months?
You obviously did not read the article. It stated they will be using a stripped down version of Windows NT.
And what do you thing WindowsXP Embedded is? Right here you lost everyone's respect of having any knowledge on this subject.
Windows needs tons of patches and reboots, where as Linux does not. You just download a patch, apply it and your done.
Funny in our labs, we download more Linux patches than we do Windows patches, and many of the Linux patches require reboots. Do you have a magical version of Linux you are not sharing with us?
Oh, and MS has NEVER made anything 100% secure. There has never been a 100% secure system from anyone.
This is true, there is NO such thing as a fully secure OS, ANYWHERE.
In regard to the article, running an updated embedded version of NT(XP) is far more secure and advanced than the mass amounts of OS/2 based ATMs sitting around the world.
You also seem to disregard that ATMs are deployed in a closed network system, and are not transmitting validations over the Internet, hence all the exploits you mention about Windows insecurities in the past month are moot - they would have no way into the system.
Senior Programmer Analyst I feel sorry for the company that is employing you. Ignorance with arrogance is a dangerous thing for a person in a decision making position.
I suggest you go troll somewhere else unless you really need the accolades of the script kiddies... The true Open Source Linux,*nix, and NT professionals here really get tired of uninformed rhetoric from self proclaimed bloviating experts.
You might want to take a look at Software Suspend for Linux. I believe it will be included in the 2.6 kernel, but there's a patch for 2.4. Not only is startup quicker, all your apps are exactly as you left them previously.
I have seen this before and it is a step in the right direction; however, with the kernel/driver nature of Linux lots of hardware still has problems re-initializing and in no way to things come back to life as easily as they do with XP.
With WindowsXP as you will note, rewriting of drivers was not necessary due to the way the NT kernel handles devices and drivers differently than Linux. Even old legacy NT4.0 drivers properly re-initialize in XP using Hibernate.
Since my laptop for example has 'tons' of device drivers that are considered outside of the norm, this makes it very problematic. Especially several ACPI devices and PCMCIA devices that fail to re-initialize properly using SS for Linux. And some of these are pretty important, like the internal fans that dynamically control heat, etc.
This project needs to be supported, but they need to take it farther and hopefully 2.6 support will bring it closer to what is need. The developers also need to look at all the features that ACPI and hibernate in WindowsXP offers and add them. For example the scheduler service in XP via ACPI can do things like wake up the computer from hibernate to sound an alarm or alert you to a reminder or perform any task basically and then hibernate itself back off.
The speed of this utility also needs a major performance boost. Compared to WindowsXP it takes several times longer to hibernate and un-hibernate and takes up more drive space for the swap than just your installed RAM.
Thanks for adding this to the thread, I'm sure there are people out there that didn't know about this utility and will find it very useful...
Hibernation aside, the reason that your laptop appears to boot so fast is because it's still starting services even after you've logged in. You may notice, for example, that your network is not available for a bit of time. Or, perhaps, that you keep seeing icons popping up in the tray? That's part of the boot process...it's just that Microsoft started the GUI before the system was done booting. Linux boots, then starts the GUI.
This is not entirely true for WindowsXP any more than it is for Linux. All the core devices and services ARE loaded before the user even has a chance to login. Period.
There are applications and authentication services that run when the user logs in, but they are USER specific.
As for your claim of the network not being available, this is only true if the user is using DSL or another form of dial in authentication.
If the machine is on the LAN (or cable modem), it can be pinged and respond to telnet services long before the GUI appears on the screen.
And yes WindowsXP boots in under 10secs* on my laptop. Why? Because the NT architecture in XP does load drivers and services non-sequentially, just like this article is trying to help Linux users do. *(And I am talking about a 'real' cold boot - not a hibernate)
As for people (like laptop users) that need a quick power off and power on if they are moving around and working throughout the day, there is nothing more impressive than using the Hibernate features in XP.
With Hibernate on this laptop I can do a full power off in 2secs, and a FULL power on to desktop in 3secs. (including re-initialization of my all my devices like my wireless connection)
Not just because the Hibernate (Suspend to Disk) feature works this well, but the legacy free BIOS and WindowsXP on this laptop are DESIGNED around the concept of providing a super fast hibernate with super fast device re-initialization.
This is why I still use VMWare for Linux on my laptop. Until I can hit a button and have Linux suspend to disk(hibernate) and be off and back on in under a few seconds, I will have to stay with XP, especially when I am moving around throughout the day from meeting to meeting or project to project.
This really isn't something to debate, it is a series of design concepts that the Linux and Open Source world needs to PAY ATTENTION to as it is a better way of computing for mobile users.
I don't care how long someone's Linux box stays up, WindowsXP does as well. What I care about is being able to power off and on fast when I am busy and moving around. And right now, the only way I can do that with Linux is to run it under XP using VMWare.
It seems to be able to do enough, judging from all the worms/viruses we've seen and the damage they've done. I'm sure I don't need to remind you of the local shells provided by IIS, or the zillions of E-mail viruses going around.
Ok, and this differs from any other OS out there how? There will always be exploits. From working in government security, I can assure you there is NO such thing as a fully 'secure' OS. Period.
As for the proliferation of worms and email viruses, do you NOT read the security warning and patches for other OSes? Linux and the standard bundlings in Linux have had more than 20 times the vulnerabilities than Windows in the past year alone.
Additionally, do you think it is the inherent 'insecurity' of the NT architecture that allows email viruses to be spread? Do you understand how most email viruses are spread? All I have to do is write a nasty Linux program to nuke your user data and drop it in an email in a way that YOU trust in opening it. This is the same for ANY OS.
Sure there are 100s of millions more Windows boxes out there, so these viruses affect more people and make more news, and also creates more a target for hackers.
But that does not mean that OTHER OSes are secure from these types of hacks. If our engineers here were malicious, I guarantee you that if you pick ANY OS that they could have a virus successfully deployed in a couple of hours. (Be thankful that more people are not in the business of screwing up the Internet.)
I am beginning to hate this thread, as it sounds like I am defending Microsoft or NT, and I don't like being in that position. But to simply believe that MS and NT is inherently bad at security and other OSes are more secure is simply just fooling yourself.
I know of tons of customers within our technology group that dropped in Linux boxes because their IT teams bought into the 'security myth'. They then had their root access compromised within a few hours, and we had to go in and clean up their mess.
Do you honestly believe that there are no Linux email viruses or MacOSX email viruses? This also is simply not true, sorry. If Linux or MacOSX gets on even half as many desktops as Windows, then you will find the press swarming around a massive amount of security exploits and email viruses for those OSes as well.
Sure - the foundation of WinNT involved far more considerations for security than Unix did at its inception (a nod to VMS here). But then, Microsoft has hardly remained steadfast on security. They have removed some pieces and outright circumvented others. They have implemented additional architecture where security is an obvious afterthought
Very true... And if you watch the industry most OS vendors have made this mistake.
The 'adding' tons of features for the user taking precedence over the security of the OS itself is not the best model. Sure there is a basic 'need' for technology progression to add new features and tools, but it can't be done without analyzing the security risks first. I think Microsoft is finally getting it, at least in the main development groups.
However I do disagree that this is a Microsoft only problem. If you look at the TONS of tools and applications in most Linux distributions you will find the same level of regard for offering applications and tools over their overall security risk.
All too often I see responses in these posts like "That wasn't a Linux flaw, it was in a program that was distributed with Linux" Which is technically true, however when almost every Linux distribution has this program, it becomes a Linux OS wide problem, even though the program or problem itself is not a part of the core of Linux.
And not to pick on Linux, look at MacOSX, or operating systems from the past like OS/2. They all have catered to features over security in many areas.
Even the bigger server markets have been plagued with the security damaging features being added to the OSes. Look at the fight inside Sun over JAVA on its server products, or Novell and the massive incompatibility and security issues when they have tried to feature pack parts of Netware.
I also think someone like Redhat needs to be swiped up the side of the head for doing this as well. Three CDs for a Linux Distribution just screams tons of potentially security compromising software packed into the available installation. We need to keep these companies in check as well.
So I completely agree with you, I just don't buy that it is only Microsoft that has done this, or that Microsoft is not starting to get it.
You missed the parent's next paragraph, which gives examples of "running a webserver under the System or Administrator account" and "[i]nstalling and activating services by default". He's not, or at least doesn't appear to be, bashing the architecture or technology itself; he's bashing the way it's used (or not used, as the case may be). I don't have the knowledge to discuss the security capabilities of NT, but no matter how capable it is, such capabilities are pointless if they aren't used properly. To borrow the tired old house analogy, it's like installing a new ultra-secure electromechanical lock on your door--and then leaving the door wide open while you go on vacation. That's why so many people, myself included, keep railing against Microsoft and Windows for its "lack of security".
No, I didn't miss the paragraph, just as your response, it was another example of security misconceptions about NT.
Just because the way things are done or the security model of NT seems silly, strange or foreign from where you come from, DOES NOT mean it is wrong or a 'lack of security'.
Sure the Web server IIS runs in a different 'security' mode that is used by default on Linux installations for example, BUT THIS DOES NOT mean that IIS (the web server) is at all insecure because of it. (As an additional note, you do realize that in high utilization servers, even Linux users elevate the web server like Apache to have kernel access. And often it is also ran in a root mode to be able to utilize the *nix security system.)
NT's security model is VERY DIFFERENT than the security model of any *nix. You may see the world from Root and User, but with NT it is not that simple.
Local System Services, Network Services, Administrator, and various User rights are all parts of a bigger security model. It is not only these accounts, but the way these security accounts are implemented within the NT OS itself, that is a completely different conceptual model.
Under the hood you have Token passing and a real Object Oriented Based Security model that ALL processes, drivers, and applications must utilize and pass through to touch any part of the hardware or the OS.
It isn't just as simple as the administrator (root) or Local System account having carte blanc on the system. Even they have to get through the security structure and request permissions for doing anything as well.
This is why the Windows Protection System implemented in Win2k and XP work as well as it does. For example, even though most 'install' software runs in the user mode (often an admin account) or even the local system account, they still can't delete a file like user.exe even if they wanted to - if the admin or Local System account were on par with the root account in *nix, a file like user.exe could easily be removed, breaking the OS.
Just because something like the Web server has a Local System level of security access, DOES NOT mean that it can do whatever it wants on the system. It still has to ask what it can do and where.
So again, I assert that the examples in the previous post are grossly flawed in understanding the security or 'lack of security' as you refer to it. If it was Linux, then YES, these issues would be a 'wide open door', but with NT it just doesn't work like that.
and since that doesn't seem to help Windows NT, that means Microsoft should be DOUBLY ashamed?
Seriously, no one doubts Microsoft's technical abilities. They have a lot of smart people working there.
- That's why I'm baffled that they aren't blowing the doors off Linux in terms of security
Who says they aren't? Linux and the tools of Linux have been getting hit hard this past year. In fact statistically far more than Windows2K, XP, or 2003 in not only the number of exploits but in the number of server compromises.
Also don't dismiss that Linux has a strong following and there are a lot of 'smart' people in the Linux and FreeBSD realm.
Just as Microsoft watches Linux and other OSes for inherent mistakes and flaws, there are many smart people in the Linux world that does a good job of watching for mistakes Microsoft has made, and taking advantage of them by coding around them in Linux as well.
With either NT or Linux, it is only doing a disservice to either OS or the people that use them to buy into the popular beliefs blindly. We need to keep our eyes on EVERY OS as well as every theory and new technology that is coming down the road.
What we get from it, we can take back to our work and make our products and our OSes better everyday. To stick your head in the sand and say Linux bad or MS bad is closing your mind to what else might be out there.
But there is another kind of security problem for which Microsoft is deservedly bashed. The problem Microsoft is bashed for having poor security is when their system is insecure in its design. (It may not have been a design goal.)
Although you have good motives in this post, you have no idea what you are talking about in regard to Microsoft's OS architectural security and its history.
Sure Win9x and Win3.x and DOS are INHERENTLY insecure, as they were designed with a closed system architecture in mind and an evolution of a closed system OS. Just like Mac System software has almost no inherent underlying security. (i.e. they were not designed for security or rigid network security since many of the networking concepts that are common today were not available or widely used when they were originally designed in the 80s. As most home users concepts of networks were CompuServe and BBSes.)
However, the NT architecture and security model that it was designed upon had security as a main priority from its original designs. In fact the Object Oriented/Token based security model that is in the NT base (and the original NT 3.1) are not only conceptually more advanced than the *nix security model, but they also have been successfully implemented to be one of the most secure OS designs in history.
The designers of the NT security model took 'conceptual' ideas of the 'ideal' methodologies for a robust and strong underlying security structure and designed these into the OS from day one.
This is why people like Dave Cutler and other 'respected' Unix and OS engineers at the time that were hired by Microsoft ABANDONED the *nix security models to build an OS using the new theories of OS security and implement them in the NT kernel architecture.
As for backing my claims, I suggest an original text like "Inside Windows NT" - The original 1993 release and the recent updated releases that cover the newer NT code bases - Windows 2000, XP, and 2003.
The OS designers at Microsoft had full control to make NT based upon *nix concepts and technologies if that was what they thought was the most advanced conceptual OS engineering; however, they rejected taking the *nix route and instead went for OS architectural concepts that were on the forefront of technological theory and hadn't even been implemented in a real OS to the extent they were in NT.
As you can see from many of my posts here, I am not a hard core Microsoft or NT zealot, but when I see people just dismiss technologies because they take the popular misconceptions I feel the need to respond.
Even if you hate NT and Microsoft, I truly do hope you will explore what TRULY is in NT in terms of security and its security model for your own knowledge.
Especially considering any information you or someone else reading this post gain from it might be compelled to use some of the Microsoft NT concepts in other OS coding and designs to create richer OS environments for everyone, whether it be MacOSX, Linux, or BeOS.
Even if you take odds and dismiss the intellectuals that designed NT, there is always the chance the Microsoft team did do something innovative or right that can also benefit future OS architectural models.
You don't get it man. Most people don't use flash to "enhance" and "add to" the aesthestic pleasure of a site (either that, or they fail miserably at it).
Considering one of the last web sites I consulted over for our company was for a Famous Rock Band, I have to completely disagree.
Delivering the 'glitz', the photos, and the sounds of the band were more than just expected, they ARE a part of the web experience the band wanted to bring to the web for their fans.
I was in graphic design before desktop publishing was even a term and also have worked on and off professionally in audio visual for years. I have seen both extemes of the spectrum that is now being brought to the web - the plain boring and unusable site, and the pretty and in your face but yet ususable site.
But the PRETTY parts are NOT what makes the site unuseable... Period.
Sure a lot of sites use Flash and OTHER technologies that this lawsuit will screw up, but there ARE times where these technologies work great and ARE what is needed for a web site.
Now if you want to tell the world pop-ups suck, go for it, I won't stop you, but the FLASH in them is not what makes them suck.
Additionally, do you even get the fact that 99% of what can be done in flash can be achieved with DHTML? Flash is just an easy way to get the results people want.
Minimalist does not mean ugly or featureless.
Maybe you STILL don't get it - try looking outside a 'black and white courier' world.
I tend to agree with the previous poster, I'm afraid. The same problem affects many of the current crop video games as well as a lot of Web sites. That is, the developers have focused solely on the appearance (i.e. lots of neat imagery and colors) at the expense of the user, usability, and good content. At the very least, even if a site actually has good content, it is often buried under such a virtual onslaught of pointless animations and graphics that the user may never find it. The content, that is. And I might add that functionality is often degraded, not enhanced. I'm an application designer and GUI programmer by profession, and I appreciate the glitter, but only when it serves a legitimate purpose. Just using Flash because everyone else is using Flash is not a good reason to burden your site in worthless glitz. The Web has become far too much like Las Vegas in the past few years for my taste, scary new technology notwithstanding.
What you say is actually very true, but there ARE times when these features are used correctly and a bit of professional design actually helps usability and the functionality of a web site.
Sure there are tons of sites that use these technologies that there is no need for, and the designers need to be knocked up side the head, but that doesn't mean we should restrict the technology because of a few bad web designers.
It is just like in the late 80's and early 90's when desktop publishing was first becoming something people could easily do from a home PC. And you would find flyers and brochures all over the place using every line type and font they had installed on their computer because it was a available.
However, this does not mean that desktop publishing should have been restricted and non-graphic designers should have been forced to only use typewriters.
And Desktop publishing for example is finally evolving where most stuff that is even produced by non-graphical amateurs is respectable.
Let the web site owners and web site visitors weed out the bad web designers, it will happen.
Don't kill technological advancement just because it is used improperly or abused.
The death of flash would be the most wonderful day in web browsing history since it's inception.
Do i hear a HALLELUJIAH!?!? (even if i can't spell it).
While we are at it, i'd love nothing more than to ban HTML, Flash and embedded animated or static images from email and newsgroup postings.
The 160th person to send me 3 lines italicized, purple MS Comic Sans Font on a dark blue background, with 280kb of images IS NOT FUCKING CUTE ANYMORE!!!!!
Gawd, people.
*Warning - Satire intentional*
And while we are at it, we should abandon HTML on the Web as well. Terminal Screens and black and white were good enough for us in 1990 and it should be good enough for everyone now.
(Oh, scary new technology that makes things look pretty, me scared and don't understand.)
Maybe it was those darn XWindows developers that wanted to offer GUIs over a network that started all this silliness back in the 80s. Text is just good enough for everyone.
Damn those color loving, picture using liberals making the web look good and adding functionality. Maybe they are all terrorists and Commies anyway.
Win2K, BTW, is not necessarily IIS5... it can be updated to IIS6 by installing the.NET Framework on it... you know you have IIS6 if your MMC includes options to recycle the IIS worker thread.
This is simply not true. Just adding.NET to Win2k is a far cry from IIS5 with.NET on WIn2k and IIS6 on Windows 2003. (www.microsoft.com)
So now we already know you are off an a tangent you apparently do not fully understand, lets address more issues.
May I ask, do you use a custom admin tool, or go through the MMC for everything? That is, when you get a new customer, and add them to the website, what tool do you use?
Currently all servers are remotely administrated using MMC. Sorry to burst your bubble.
Does each site have it's own IP Address? Or are they hosted off one IP Address? The original poster was, I believe, specifically referring to a site as a seperate virtual server with its own IP address, as I'm sure that's what this study was counting...
Both. Many sites have their own IP, but we also offer Virtual sites without their own IPs BTW - I doubt the post I was referring to was truly referring to 1000-2000 sites with dedicated IPs on Linux being the norm, as IPs are pretty hard to get a hold of these days. And it would take just a few hundred Linux sites like this to put a serious dent in the IP availability.
In a lecture he gave later that day, he said that they upgraded IIS6 to handle more virtual servers because they had one or two big customers that wanted that functionality, but that he specifically recommended that people not run it in that mode unless they had experience with it...
What mode? IIS was designed from its origins to handle virtual sites. Using Port, Host Header, or IP distinction to separate the Virtual requests. So what mode do you purport that he recommended against using IIS in?
We have used and also had clients use IIS since NT4 days supporting hundreds of sites on one system using all three methods to separate virtual site requests. What is new with IIS6 that breaks this, or as you said he claims was not possible with previous version of IIS6?
It is funny that in working in the Windows 2003 Server Beta that the developers on the IIS6 (and previous IIS versions) directly contradict everything you said.
It is also strange that our company has been doing what you are stating is not recommended or possible with IIS, as well as our real world experience contradicts it as well. - Especially since we have been doing it since NT4 days on Pentium class hardware and hosting a couple hundred sites on 200mhz machines with 64mb of RAM.
I would also like to point out that our hosting division is a VERY average hosting company in terms of the sites hosted per server, and we are NOT one of the BIG clients that you suggest are the only ones doing this with IIS.
BTW Rob Howard is one of the ASP.NET program managers and not one of the IIS developers. His field is ASP.NET integration of the ASP and.NET framework models - Not the core IIS engine but the ASP.NET programming frameworks that use IIS.
I have dropped him a personal email to see if what you said in any way reflects what he has been saying publicly or believes.
I know that IIS6 was stepped up to have better performance and in effect would offer the ability to handle more sites per server.
But as you assert a couple of large companies forcing Microsoft to increase IIS6 performance to handle more sites per server is just more than a little far fetched. Especially since I know for a fact that IIS5 does not have a problem with large numbers of sites.
The performance of IIS6 is remarkable and an improvement, but IIS5 was nothing to sneeze at when it comes to handling a large number of sites or a lot of requests per hour.
work in the industry (site colo hosting) so allow me to point out that anyone doing numbers greater than 5-10 virtual servers per box ALWAYS go with Linux... IIS5 couldn't even handle 256, and once you got to the greater than 10 level the admin tools couldn't really take it. Anyone trying to do it ended up coding their own tools to admin the sites.
IIS6 can handle 64K sites, but again the admin tools don't really like it. And once you get on the wrong side of 10 sites per box, performance and stability really start being affected.
Ok, one division of our company is a Hosting provider. We have 200-2000 sites on simple 1.2ghz 1gb RAM machines running both Windows 2000 and Windows 2003 (i.e. IIS5 & IIS6 as you refer to them.)
There are NO performance problems on any sites, and they all support everything from ASP, ASP.NET, PHP, Perl, MySQL, MS SQL 2000, and SharePoint.
So with that said, do you have any statistics for your claims for 'your real world'?
I would like to see this, especially since our significant number of 'real world' servers hosting hundreds to thousands of sites each have excellent performance and is one reason we have won over so many hosted sites to our company.
If you have data, provide it,
Re:Java's not exactly pining for the fields just n
on
Java vs .NET
·
· Score: 1
Sure. I've just been wondering when you'd admit that Pascal has provided a portable VM-based system since the '70s. You mostly did, so I'm happy.
Thanks, I never didn't... But there is a difference between the pascal pcode and pmachine and JAVA, that was where I was going...
Take Care, and thanks for the debate...
Re:Java's not exactly pining for the fields just n
on
Java vs .NET
·
· Score: 1
Unless you're going to argue that Java is portable even when using platform-specific libraries (JNI, or whatever), I don't see the difference. If you stay within the portable system you're fine in both cases. If you step outside, you're screwed
Exactly...
And Sun sued Microsoft for platform specific extensions to JAVA because it would dissolve the 'VM' concept of full portability - yet now we have many platform specific library calls available in JAVA supported by Sun. Business hypocrisy at its finest.
Making it even more of a WRECK for cross platform development in addition to its inherent performance and compatibility problems already.
Can we move on now?
Re:Java's not exactly pining for the fields just n
on
Java vs .NET
·
· Score: 1
Do you actually have any idea what p-code is? It was the (platform-neutral) byte-code for a virtual machine (the p-machine). There was a cross-platform Pascal compiler at the time, but it was made portable by compiling it to p-code, and then distributing the spec for the p-machine so it could be implemented locally.
So guess what, Pascal "consist[ed] of a language running in a VM on multi-platforms like JAVA tries to do."
But if you still have to drop to assembly or are trying to create a GUI based applications, the pcode crap fails miserably. PERIOD.
Slashdot Mirror
Finally, a 64-bit desktop processor!
:)
Oh wait it's been done [apple.com]!
Now just give Apple a few years, and they will have a 64bit Operating System for it as well...
Microsoft 64 2008?
XP 64bit Edition has been out for a couple of years now for the Itanium processors. Just waking up or just not into the 'computer' thing?
For the AMD (64bit extended) processors, SP1 beta, which includes the AMD 64bit version is already out in most tech labs.
We are running it here even and it is even available to MSDN subscribers.
Considering we haven't even posted a bug for it yet, I would say, that not only is it working well, it will hit the release schedule later this year.
Anger? Where? I didn't say anything angry. I only stated the facts. Cocknozzle
Cocknozzle?
Yeah, no anger at all... LOL
The software I use to do this is VMWare which can of course be used to run any PC OS. It's a very good piece of software. Does it run as well under Windows?
Yes, runs quite well. They have done a good job with the product.
TheNetAvenger
You couldn't take on the reasoned and well thought out answers posted above becuase you and your kind don't have a leg to stand on
Well honey, there actually wasn't a well thought out point to even respond to, just a lot of anger.
I thought a little humor was in order to talk you off the clock tower.
Next time take five, breath in and breath out before getting upset - it causes frown lines.
BTW As a card carrying member of PFLaG, I suggest you re-evaluate labeling me a homophobe you're definately barking up the wrong tree.
faggotass
:)
And the more people use homophobic comments, the higher the statistical odds that they are repressing their own gay feelings.
Just come out, it isn't that hard. Walk up the steps from the basement (um, I mean your room) and tell you mom that you are gay.
Indeed, so why do the patches tell me to reboot. Even for an obviously userspace app like IE?
Because in a world of inexperience users it is easier to just tell them the computer needs to restart, than to tell them that any application that has a dependency on the IE HTML rendering engine will need to automatically be closed, and force ten apps on the users computer to close and possibly cause data loss if the third party application does not respond properly.
This is the real world 101.
If you were applying these patches to Windows Server, you would only see the need to reboot when a core service dependency needs to be changed.
. The intelligence *cough!* of banks and corporations aside, this is an issue. Aside from you deriding my intelligence ("And do you understand the word 'closed'?"), you offer no argument against things multihomed hosts, needed maintenance access (plug in the diagnostic laptop and pow!), malicious access (as I mentioned and you ignored), etc. A closed network adds a modicum of security, but it's extremely fragile. You have to go to pains to keep it closed.
Ok, you truly do realize that MANY ATMS that are ALREADY out there are using everything from old versions of OS/2 that have NO protections against many of the modern network attacks to even modified versions of Windows95 and Win98.
I still will find a version of NT more comforting than these aged OS with very little to no inherent security mechanisms in place.
It would be different if they were ripping out Linux ATMs and contracting to put in NT instead, then you might have the debate here you want.
I'm a physics graduate student working on a PhD. I have half a computer engineering degree (I switched to full-time physics because of time constraints), and I'm 2 classes away from a mathematics bachelors. Just so you know my mathematics background. I don't see the error in my percent-failed calculations.
Wow, that makes both of my doctorates just seem silly now; you have truly shamed me with your vast education. Let me guess, the next post you will pull our your Mensa card and cite your IQ. Geesh.
Bottom line, the numbers you are using are from your OWN creation and not reflective of the real world or the issue you are so adamantly trying to debate.
You keep citing "security watch groups that actually run true statistical analysis of the patches per installation." No, the security watch groups I know of only track bugfixes by distribution, not by what a single user may have installed, a method which is susceptible to the duplicate-package problem which you seem to reject.
You're partially right, many of them only watch severe hacks and patches like having 'root' compromised. However they don't usually pay attention to patches for the calculator or text editor examples I gave.
What "security watch groups" are you referring to? Please post them so that we can all benefit from their knowledge.
Why don't you start with mi2g, you might actually learn a little about the statistical modeling of attacks, potential attacks and vulnerabilities. (BTW www.mi2g.com in case you couldn't figure that one out)
Here let me quote some of 'their' numbers to get you started...
In the month of August, 67% of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. This means a total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in August and only 4,626 Windows servers. -And this is during the time of the 'great' Windows Worms that you love citing.
Additionally, they show that Linux was still the most attacked operating system on-line during the past year - taking the record with 51% of all successful digital attacks.
To recap my position:
(1)*Linux security vulerability counts as reported by the security press (e.g. Security Focus, debian-se
While MS Windows may have the monopoly on the desktop, they have a small percentage of the server market. Apache makes up more then 65% of the web server market.
This is the only part of your troll post worth responding to...
Not even debating the proliferation of Apache installations, do you realize that Apache runs on Windows?
Why do you assume that all Apache installations are non-Windows?
Get a clue...
The only patches that require booting in my experience (debian, gentoo, Red Hat, and SuSE) are kernel patches. For all others, the server is just restarted; no reboot is required (if it's a desktop system with X, you might have to restart your X server; don't need to reboot). You can always reboot if it'll make you feel better, of course
And this is different than NT(Windows) how?
And the irony, is that even most kernel level drivers in NT can be dynamically stopped, installed, and started without a reboot. Only service drivers with dependencies that are essential to 'in-use' kernel services require a restart.
All it takes is one infected host on a closed network
And do you understand the word 'closed'? If there is external access to the ATM network, then the banks are dumber than we thought.
Let's now let Microsoft releases 10 patches for the 300 components. Let's assume your MS-Linux patch ratio is true. Then there are 50 patches for Linux in the same timeframe. Mathtime.
Windows:
100*(10/300)=3.33333 percent of Windows packages needed patching, on our very rough average.
Linux/Debian:
100*(50/11600)=0.43103 percent of Debian packages needed patching, again, on our very rough averaging.
Additionally, MS tends to wait and release mega-patches which patches lots of different packages, whereas each Linux package gets counted every time it needs a fix. Finally, even non-security patches get fixed in Linux, so the Linux patch count is even higher. Indeed, Microsoft would need to add on
1/.43103*10*100=2320
2320-300=2020
2020 patch-free packages in order to equal Debian's security fix rate, accepting your high patch count as valid.
Love your numbers, but since I actually have a background in mathematics you are doing nothing but making a fool out of your own base argument.
The fun part of your statistics is the base number of assumed packages that you start with in creating the equation.
You however are not going to convince me or anyone here that knows a little about Linux that five variations of a calculator included in a distribution is going to raise the base number of 'in use' or critical components of an average Linux installation.
So to start with an accurate base, you would have to assess the average packages installed and are in use per Linux installation to the average packages installed and in use for the Microsoft platform you reference.
In basic terms, there have not been 20 critical patches for the five calculator variations in each Linux distribution to offset the 20 critical patches for the average 'in use' services in the average Linux distribution. This is the critical anomaly in your formula.
So next time instead of counting every single package that could be installed in a standard Linux distribution, you need to just start with the average Linux installation packages in use and then compare that number of components to the Windows number of packages you also artificially created.
Your statistical evidence is nothing more than massaging numbers around your hyperbole. I shall just reference the security watch groups that actually run true statistical analysis of patches per installation and security risk of the OSes.
Linux is NOT more secure than the Windows NT base technologies - no matter how many text editors a distribution ships with.
Personally, if I were a bank, I'd not trust any code that I couldn't inspect and compile on my own ("my own" being within the bank).
This would be a very true statement if the source code was 'closed' to be viewed by ONLY the bank. However, as we know, Linux has every script kiddie in the world reading the source code, not just the people at the bank. So how long do you think it will take for someone 'outside' the bank to understand the Linux source code better than the team of experts the bank would have to hire to audit the 'whole source code' for their Linux distribu
The stability of the OS has finally gotten to an acceptable level, however the security has not. Have you been asleep for the last few weeks with the string of SEVERE holes in MS software for win2k, XP and 2003?
And yet is still is 4 to 5 times more secure than Linux. Check the security briefs and patches from the independent security sites, or even the Linux distribution company's sites themselves. Also, did you miss the Linux exploits that have been noted on Slashdot in the last couple of weeks that are JUST as dangerous as any of the NT patched exploits from the last couple of months?
You obviously did not read the article. It stated they will be using a stripped down version of Windows NT.
And what do you thing WindowsXP Embedded is? Right here you lost everyone's respect of having any knowledge on this subject.
Windows needs tons of patches and reboots, where as Linux does not. You just download a patch, apply it and your done.
Funny in our labs, we download more Linux patches than we do Windows patches, and many of the Linux patches require reboots. Do you have a magical version of Linux you are not sharing with us?
Oh, and MS has NEVER made anything 100% secure. There has never been a 100% secure system from anyone.
This is true, there is NO such thing as a fully secure OS, ANYWHERE.
In regard to the article, running an updated embedded version of NT(XP) is far more secure and advanced than the mass amounts of OS/2 based ATMs sitting around the world.
You also seem to disregard that ATMs are deployed in a closed network system, and are not transmitting validations over the Internet, hence all the exploits you mention about Windows insecurities in the past month are moot - they would have no way into the system.
Senior Programmer Analyst
I feel sorry for the company that is employing you. Ignorance with arrogance is a dangerous thing for a person in a decision making position.
I suggest you go troll somewhere else unless you really need the accolades of the script kiddies... The true Open Source Linux,*nix, and NT professionals here really get tired of uninformed rhetoric from self proclaimed bloviating experts.
You might want to take a look at Software Suspend for Linux. I believe it will be included in the 2.6 kernel, but there's a patch for 2.4. Not only is startup quicker, all your apps are exactly as you left them previously.
I have seen this before and it is a step in the right direction; however, with the kernel/driver nature of Linux lots of hardware still has problems re-initializing and in no way to things come back to life as easily as they do with XP.
With WindowsXP as you will note, rewriting of drivers was not necessary due to the way the NT kernel handles devices and drivers differently than Linux. Even old legacy NT4.0 drivers properly re-initialize in XP using Hibernate.
Since my laptop for example has 'tons' of device drivers that are considered outside of the norm, this makes it very problematic. Especially several ACPI devices and PCMCIA devices that fail to re-initialize properly using SS for Linux. And some of these are pretty important, like the internal fans that dynamically control heat, etc.
This project needs to be supported, but they need to take it farther and hopefully 2.6 support will bring it closer to what is need. The developers also need to look at all the features that ACPI and hibernate in WindowsXP offers and add them. For example the scheduler service in XP via ACPI can do things like wake up the computer from hibernate to sound an alarm or alert you to a reminder or perform any task basically and then hibernate itself back off.
The speed of this utility also needs a major performance boost. Compared to WindowsXP it takes several times longer to hibernate and un-hibernate and takes up more drive space for the swap than just your installed RAM.
Thanks for adding this to the thread, I'm sure there are people out there that didn't know about this utility and will find it very useful...
The NetAvenger
Hibernation aside, the reason that your laptop appears to boot so fast is because it's still starting services even after you've logged in. You may notice, for example, that your network is not available for a bit of time. Or, perhaps, that you keep seeing icons popping up in the tray? That's part of the boot process...it's just that Microsoft started the GUI before the system was done booting. Linux boots, then starts the GUI.
This is not entirely true for WindowsXP any more than it is for Linux. All the core devices and services ARE loaded before the user even has a chance to login. Period.
There are applications and authentication services that run when the user logs in, but they are USER specific.
As for your claim of the network not being available, this is only true if the user is using DSL or another form of dial in authentication.
If the machine is on the LAN (or cable modem), it can be pinged and respond to telnet services long before the GUI appears on the screen.
And yes WindowsXP boots in under 10secs* on my laptop. Why? Because the NT architecture in XP does load drivers and services non-sequentially, just like this article is trying to help Linux users do. *(And I am talking about a 'real' cold boot - not a hibernate)
As for people (like laptop users) that need a quick power off and power on if they are moving around and working throughout the day, there is nothing more impressive than using the Hibernate features in XP.
With Hibernate on this laptop I can do a full power off in 2secs, and a FULL power on to desktop in 3secs. (including re-initialization of my all my devices like my wireless connection)
Not just because the Hibernate (Suspend to Disk) feature works this well, but the legacy free BIOS and WindowsXP on this laptop are DESIGNED around the concept of providing a super fast hibernate with super fast device re-initialization.
This is why I still use VMWare for Linux on my laptop. Until I can hit a button and have Linux suspend to disk(hibernate) and be off and back on in under a few seconds, I will have to stay with XP, especially when I am moving around throughout the day from meeting to meeting or project to project.
This really isn't something to debate, it is a series of design concepts that the Linux and Open Source world needs to PAY ATTENTION to as it is a better way of computing for mobile users.
I don't care how long someone's Linux box stays up, WindowsXP does as well. What I care about is being able to power off and on fast when I am busy and moving around. And right now, the only way I can do that with Linux is to run it under XP using VMWare.
It seems to be able to do enough, judging from all the worms/viruses we've seen and the damage they've done. I'm sure I don't need to remind you of the local shells provided by IIS, or the zillions of E-mail viruses going around.
Ok, and this differs from any other OS out there how? There will always be exploits. From working in government security, I can assure you there is NO such thing as a fully 'secure' OS. Period.
As for the proliferation of worms and email viruses, do you NOT read the security warning and patches for other OSes? Linux and the standard bundlings in Linux have had more than 20 times the vulnerabilities than Windows in the past year alone.
Additionally, do you think it is the inherent 'insecurity' of the NT architecture that allows email viruses to be spread? Do you understand how most email viruses are spread? All I have to do is write a nasty Linux program to nuke your user data and drop it in an email in a way that YOU trust in opening it. This is the same for ANY OS.
Sure there are 100s of millions more Windows boxes out there, so these viruses affect more people and make more news, and also creates more a target for hackers.
But that does not mean that OTHER OSes are secure from these types of hacks. If our engineers here were malicious, I guarantee you that if you pick ANY OS that they could have a virus successfully deployed in a couple of hours. (Be thankful that more people are not in the business of screwing up the Internet.)
I am beginning to hate this thread, as it sounds like I am defending Microsoft or NT, and I don't like being in that position. But to simply believe that MS and NT is inherently bad at security and other OSes are more secure is simply just fooling yourself.
I know of tons of customers within our technology group that dropped in Linux boxes because their IT teams bought into the 'security myth'. They then had their root access compromised within a few hours, and we had to go in and clean up their mess.
Do you honestly believe that there are no Linux email viruses or MacOSX email viruses? This also is simply not true, sorry. If Linux or MacOSX gets on even half as many desktops as Windows, then you will find the press swarming around a massive amount of security exploits and email viruses for those OSes as well.
Sure - the foundation of WinNT involved far more considerations for security than Unix did at its inception (a nod to VMS here). But then, Microsoft has hardly remained steadfast on security. They have removed some pieces and outright circumvented others. They have implemented additional architecture where security is an obvious afterthought
Very true... And if you watch the industry most OS vendors have made this mistake.
The 'adding' tons of features for the user taking precedence over the security of the OS itself is not the best model. Sure there is a basic 'need' for technology progression to add new features and tools, but it can't be done without analyzing the security risks first. I think Microsoft is finally getting it, at least in the main development groups.
However I do disagree that this is a Microsoft only problem. If you look at the TONS of tools and applications in most Linux distributions you will find the same level of regard for offering applications and tools over their overall security risk.
All too often I see responses in these posts like "That wasn't a Linux flaw, it was in a program that was distributed with Linux" Which is technically true, however when almost every Linux distribution has this program, it becomes a Linux OS wide problem, even though the program or problem itself is not a part of the core of Linux.
And not to pick on Linux, look at MacOSX, or operating systems from the past like OS/2. They all have catered to features over security in many areas.
Even the bigger server markets have been plagued with the security damaging features being added to the OSes. Look at the fight inside Sun over JAVA on its server products, or Novell and the massive incompatibility and security issues when they have tried to feature pack parts of Netware.
I also think someone like Redhat needs to be swiped up the side of the head for doing this as well. Three CDs for a Linux Distribution just screams tons of potentially security compromising software packed into the available installation. We need to keep these companies in check as well.
So I completely agree with you, I just don't buy that it is only Microsoft that has done this, or that Microsoft is not starting to get it.
Have a good day,
The NetAvenger
You missed the parent's next paragraph, which gives examples of "running a webserver under the System or Administrator account" and "[i]nstalling and activating services by default". He's not, or at least doesn't appear to be, bashing the architecture or technology itself; he's bashing the way it's used (or not used, as the case may be). I don't have the knowledge to discuss the security capabilities of NT, but no matter how capable it is, such capabilities are pointless if they aren't used properly. To borrow the tired old house analogy, it's like installing a new ultra-secure electromechanical lock on your door--and then leaving the door wide open while you go on vacation. That's why so many people, myself included, keep railing against Microsoft and Windows for its "lack of security".
No, I didn't miss the paragraph, just as your response, it was another example of security misconceptions about NT.
Just because the way things are done or the security model of NT seems silly, strange or foreign from where you come from, DOES NOT mean it is wrong or a 'lack of security'.
Sure the Web server IIS runs in a different 'security' mode that is used by default on Linux installations for example, BUT THIS DOES NOT mean that IIS (the web server) is at all insecure because of it. (As an additional note, you do realize that in high utilization servers, even Linux users elevate the web server like Apache to have kernel access. And often it is also ran in a root mode to be able to utilize the *nix security system.)
NT's security model is VERY DIFFERENT than the security model of any *nix. You may see the world from Root and User, but with NT it is not that simple.
Local System Services, Network Services, Administrator, and various User rights are all parts of a bigger security model. It is not only these accounts, but the way these security accounts are implemented within the NT OS itself, that is a completely different conceptual model.
Under the hood you have Token passing and a real Object Oriented Based Security model that ALL processes, drivers, and applications must utilize and pass through to touch any part of the hardware or the OS.
It isn't just as simple as the administrator (root) or Local System account having carte blanc on the system. Even they have to get through the security structure and request permissions for doing anything as well.
This is why the Windows Protection System implemented in Win2k and XP work as well as it does. For example, even though most 'install' software runs in the user mode (often an admin account) or even the local system account, they still can't delete a file like user.exe even if they wanted to - if the admin or Local System account were on par with the root account in *nix, a file like user.exe could easily be removed, breaking the OS.
Just because something like the Web server has a Local System level of security access, DOES NOT mean that it can do whatever it wants on the system. It still has to ask what it can do and where.
So again, I assert that the examples in the previous post are grossly flawed in understanding the security or 'lack of security' as you refer to it. If it was Linux, then YES, these issues would be a 'wide open door', but with NT it just doesn't work like that.
Thanks for responding,
The NetAvenger
and since that doesn't seem to help Windows NT, that means Microsoft should be DOUBLY ashamed?
Seriously, no one doubts Microsoft's technical abilities. They have a lot of smart people working there.
- That's why I'm baffled that they aren't blowing the doors off Linux in terms of security
Who says they aren't? Linux and the tools of Linux have been getting hit hard this past year. In fact statistically far more than Windows2K, XP, or 2003 in not only the number of exploits but in the number of server compromises.
Also don't dismiss that Linux has a strong following and there are a lot of 'smart' people in the Linux and FreeBSD realm.
Just as Microsoft watches Linux and other OSes for inherent mistakes and flaws, there are many smart people in the Linux world that does a good job of watching for mistakes Microsoft has made, and taking advantage of them by coding around them in Linux as well.
With either NT or Linux, it is only doing a disservice to either OS or the people that use them to buy into the popular beliefs blindly. We need to keep our eyes on EVERY OS as well as every theory and new technology that is coming down the road.
What we get from it, we can take back to our work and make our products and our OSes better everyday. To stick your head in the sand and say Linux bad or MS bad is closing your mind to what else might be out there.
But there is another kind of security problem for which Microsoft is deservedly bashed. The problem Microsoft is bashed for having poor security is when their system is insecure in its design. (It may not have been a design goal.)
Although you have good motives in this post, you have no idea what you are talking about in regard to Microsoft's OS architectural security and its history.
Sure Win9x and Win3.x and DOS are INHERENTLY insecure, as they were designed with a closed system architecture in mind and an evolution of a closed system OS. Just like Mac System software has almost no inherent underlying security. (i.e. they were not designed for security or rigid network security since many of the networking concepts that are common today were not available or widely used when they were originally designed in the 80s. As most home users concepts of networks were CompuServe and BBSes.)
However, the NT architecture and security model that it was designed upon had security as a main priority from its original designs. In fact the Object Oriented/Token based security model that is in the NT base (and the original NT 3.1) are not only conceptually more advanced than the *nix security model, but they also have been successfully implemented to be one of the most secure OS designs in history.
The designers of the NT security model took 'conceptual' ideas of the 'ideal' methodologies for a robust and strong underlying security structure and designed these into the OS from day one.
This is why people like Dave Cutler and other 'respected' Unix and OS engineers at the time that were hired by Microsoft ABANDONED the *nix security models to build an OS using the new theories of OS security and implement them in the NT kernel architecture.
As for backing my claims, I suggest an original text like "Inside Windows NT" - The original 1993 release and the recent updated releases that cover the newer NT code bases - Windows 2000, XP, and 2003.
The OS designers at Microsoft had full control to make NT based upon *nix concepts and technologies if that was what they thought was the most advanced conceptual OS engineering; however, they rejected taking the *nix route and instead went for OS architectural concepts that were on the forefront of technological theory and hadn't even been implemented in a real OS to the extent they were in NT.
As you can see from many of my posts here, I am not a hard core Microsoft or NT zealot, but when I see people just dismiss technologies because they take the popular misconceptions I feel the need to respond.
Even if you hate NT and Microsoft, I truly do hope you will explore what TRULY is in NT in terms of security and its security model for your own knowledge.
Especially considering any information you or someone else reading this post gain from it might be compelled to use some of the Microsoft NT concepts in other OS coding and designs to create richer OS environments for everyone, whether it be MacOSX, Linux, or BeOS.
Even if you take odds and dismiss the intellectuals that designed NT, there is always the chance the Microsoft team did do something innovative or right that can also benefit future OS architectural models.
Take Care,
TheNetAvenger
You don't get it man.
Most people don't use flash to "enhance" and "add to" the aesthestic pleasure of a site (either that, or they fail miserably at it).
Considering one of the last web sites I consulted over for our company was for a Famous Rock Band, I have to completely disagree.
Delivering the 'glitz', the photos, and the sounds of the band were more than just expected, they ARE a part of the web experience the band wanted to bring to the web for their fans.
I was in graphic design before desktop publishing was even a term and also have worked on and off professionally in audio visual for years. I have seen both extemes of the spectrum that is now being brought to the web - the plain boring and unusable site, and the pretty and in your face but yet ususable site.
But the PRETTY parts are NOT what makes the site unuseable... Period.
Sure a lot of sites use Flash and OTHER technologies that this lawsuit will screw up, but there ARE times where these technologies work great and ARE what is needed for a web site.
Now if you want to tell the world pop-ups suck, go for it, I won't stop you, but the FLASH in them is not what makes them suck.
Additionally, do you even get the fact that 99% of what can be done in flash can be achieved with DHTML? Flash is just an easy way to get the results people want.
Minimalist does not mean ugly or featureless.
Maybe you STILL don't get it - try looking outside a 'black and white courier' world.
I tend to agree with the previous poster, I'm afraid. The same problem affects many of the current crop video games as well as a lot of Web sites. That is, the developers have focused solely on the appearance (i.e. lots of neat imagery and colors) at the expense of the user, usability, and good content. At the very least, even if a site actually has good content, it is often buried under such a virtual onslaught of pointless animations and graphics that the user may never find it. The content, that is. And I might add that functionality is often degraded, not enhanced. I'm an application designer and GUI programmer by profession, and I appreciate the glitter, but only when it serves a legitimate purpose. Just using Flash because everyone else is using Flash is not a good reason to burden your site in worthless glitz. The Web has become far too much like Las Vegas in the past few years for my taste, scary new technology notwithstanding.
What you say is actually very true, but there ARE times when these features are used correctly and a bit of professional design actually helps usability and the functionality of a web site.
Sure there are tons of sites that use these technologies that there is no need for, and the designers need to be knocked up side the head, but that doesn't mean we should restrict the technology because of a few bad web designers.
It is just like in the late 80's and early 90's when desktop publishing was first becoming something people could easily do from a home PC. And you would find flyers and brochures all over the place using every line type and font they had installed on their computer because it was a available.
However, this does not mean that desktop publishing should have been restricted and non-graphic designers should have been forced to only use typewriters.
And Desktop publishing for example is finally evolving where most stuff that is even produced by non-graphical amateurs is respectable.
Let the web site owners and web site visitors weed out the bad web designers, it will happen.
Don't kill technological advancement just because it is used improperly or abused.
The death of flash would be the most wonderful day in web browsing history since it's inception.
Do i hear a HALLELUJIAH!?!? (even if i can't spell it).
While we are at it, i'd love nothing more than to ban HTML, Flash and embedded animated or static images from email and newsgroup postings.
The 160th person to send me 3 lines italicized, purple MS Comic Sans Font on a dark blue background, with 280kb of images IS NOT FUCKING CUTE ANYMORE!!!!!
Gawd, people.
*Warning - Satire intentional*
And while we are at it, we should abandon HTML on the Web as well. Terminal Screens and black and white were good enough for us in 1990 and it should be good enough for everyone now.
(Oh, scary new technology that makes things look pretty, me scared and don't understand.)
Maybe it was those darn XWindows developers that wanted to offer GUIs over a network that started all this silliness back in the 80s. Text is just good enough for everyone.
Damn those color loving, picture using liberals making the web look good and adding functionality. Maybe they are all terrorists and Commies anyway.
Give me a break...
Win2K, BTW, is not necessarily IIS5... it can be updated to IIS6 by installing the .NET Framework on it... you know you have IIS6 if your MMC includes options to recycle the IIS worker thread.
.NET to Win2k is a far cry from IIS5 with .NET on WIn2k and IIS6 on Windows 2003. (www.microsoft.com)
.NET framework models - Not the core IIS engine but the ASP.NET programming frameworks that use IIS.
This is simply not true. Just adding
So now we already know you are off an a tangent you apparently do not fully understand, lets address more issues.
May I ask, do you use a custom admin tool, or go through the MMC for everything? That is, when you get a new customer, and add them to the website, what tool do you use?
Currently all servers are remotely administrated using MMC. Sorry to burst your bubble.
Does each site have it's own IP Address? Or are they hosted off one IP Address? The original poster was, I believe, specifically referring to a site as a seperate virtual server with its own IP address, as I'm sure that's what this study was counting...
Both. Many sites have their own IP, but we also offer Virtual sites without their own IPs
BTW - I doubt the post I was referring to was truly referring to 1000-2000 sites with dedicated IPs on Linux being the norm, as IPs are pretty hard to get a hold of these days. And it would take just a few hundred Linux sites like this to put a serious dent in the IP availability.
In a lecture he gave later that day, he said that they upgraded IIS6 to handle more virtual servers because they had one or two big customers that wanted that functionality, but that he specifically recommended that people not run it in that mode unless they had experience with it...
What mode? IIS was designed from its origins to handle virtual sites. Using Port, Host Header, or IP distinction to separate the Virtual requests. So what mode do you purport that he recommended against using IIS in?
We have used and also had clients use IIS since NT4 days supporting hundreds of sites on one system using all three methods to separate virtual site requests. What is new with IIS6 that breaks this, or as you said he claims was not possible with previous version of IIS6?
It is funny that in working in the Windows 2003 Server Beta that the developers on the IIS6 (and previous IIS versions) directly contradict everything you said.
It is also strange that our company has been doing what you are stating is not recommended or possible with IIS, as well as our real world experience contradicts it as well. - Especially since we have been doing it since NT4 days on Pentium class hardware and hosting a couple hundred sites on 200mhz machines with 64mb of RAM.
I would also like to point out that our hosting division is a VERY average hosting company in terms of the sites hosted per server, and we are NOT one of the BIG clients that you suggest are the only ones doing this with IIS.
BTW Rob Howard is one of the ASP.NET program managers and not one of the IIS developers. His field is ASP.NET integration of the ASP and
I have dropped him a personal email to see if what you said in any way reflects what he has been saying publicly or believes.
I know that IIS6 was stepped up to have better performance and in effect would offer the ability to handle more sites per server.
But as you assert a couple of large companies forcing Microsoft to increase IIS6 performance to handle more sites per server is just more than a little far fetched. Especially since I know for a fact that IIS5 does not have a problem with large numbers of sites.
The performance of IIS6 is remarkable and an improvement, but IIS5 was nothing to sneeze at when it comes to handling a large number of sites or a lot of requests per hour.
work in the industry (site colo hosting) so allow me to point out that anyone doing numbers greater than 5-10 virtual servers per box ALWAYS go with Linux... IIS5 couldn't even handle 256, and once you got to the greater than 10 level the admin tools couldn't really take it. Anyone trying to do it ended up coding their own tools to admin the sites.
IIS6 can handle 64K sites, but again the admin tools don't really like it. And once you get on the wrong side of 10 sites per box, performance and stability really start being affected.
Ok, one division of our company is a Hosting provider. We have 200-2000 sites on simple 1.2ghz 1gb RAM machines running both Windows 2000 and Windows 2003 (i.e. IIS5 & IIS6 as you refer to them.)
There are NO performance problems on any sites, and they all support everything from ASP, ASP.NET, PHP, Perl, MySQL, MS SQL 2000, and SharePoint.
So with that said, do you have any statistics for your claims for 'your real world'?
I would like to see this, especially since our significant number of 'real world' servers hosting hundreds to thousands of sites each have excellent performance and is one reason we have won over so many hosted sites to our company.
If you have data, provide it,
Sure. I've just been wondering when you'd admit that Pascal has provided a portable VM-based system since the '70s. You mostly did, so I'm happy.
Thanks, I never didn't... But there is a difference between the pascal pcode and pmachine and JAVA, that was where I was going...
Take Care, and thanks for the debate...
Unless you're going to argue that Java is portable even when using platform-specific libraries (JNI, or whatever), I don't see the difference. If you stay within the portable system you're fine in both cases. If you step outside, you're screwed
Exactly...
And Sun sued Microsoft for platform specific extensions to JAVA because it would dissolve the 'VM' concept of full portability - yet now we have many platform specific library calls available in JAVA supported by Sun. Business hypocrisy at its finest.
Making it even more of a WRECK for cross platform development in addition to its inherent performance and compatibility problems already.
Can we move on now?
Do you actually have any idea what p-code is? It was the (platform-neutral) byte-code for a virtual machine (the p-machine). There was a cross-platform Pascal compiler at the time, but it was made portable by compiling it to p-code, and then distributing the spec for the p-machine so it could be implemented locally.
So guess what, Pascal "consist[ed] of a language running in a VM on multi-platforms like JAVA tries to do."
But if you still have to drop to assembly or are trying to create a GUI based applications, the pcode crap fails miserably. PERIOD.