If a language feature makes code hard for others to understand, then it is not a good feature of the language. It should either not be used, or used only if accompanied by annotation that explains it.
Harder to understand for who? If it's only hard for people who don't know all the language's major features, then those people are the problem. Templates are a major feature of c++. I can see code that does some obscure thing with macros or shadowing or somehting; due to a quirk of the language, but to exclude a major part of the language?
CreateWindowStation was intoduced in NT 3.51 to support Citrix's WinFrame server, the predessor to MS Terminal Services. Multiple desktops (not sessions) have always existed in NT; when you press ctrl-alt-delete while logged on, it switches to the logon desktop.
About Linux: yeah, there are lot of things in Windows (NT mostly) that Microsoft and everyone else woefully neglects, and that's not usually the case with Free/Open software
*nix *is* fundamentally better for security, and by extension as a webserver, simply because there is much greater partitioning of user access. If someone owns your IIS, then they've owned the whole box. On *nix you can put your webserver in a chroot jail, for example, so that the user it's running under doesn't have access to to the system files...
win2k3 improves on this situation, but it's a basic design flaw in windows (when network connected, which it clearly wasn't originally designed for) which isn't going to be fixed without breaking some compatibility with older apps, which is anathema to microsoft.
The design of WinNT provides for a great deal of access control: every object from thread to semaphore, file, window, etc... has a seperate ACL that can be used for access control and auditing. However, the implementation of Microsoft Windows NT's bundled services and applications suck for security. Part of IIS runs in kernel mode in 2k3, along with the SMB file sharing components. Half of the bundled services can only run as the priveleged user SYSTEM. You can't turn off RPC. NT itself can easily run those services as a lesser user and protect against their being breached, but for some reason, Microsoft doesn't want to make it possible. I know that many high-performance server packages include the possibility of using a kernel mode component to reduce overhead (context switching usually), but only as an option. This is the only possibility for IIS.
What I'm trying to say is that it's not a basic design flaw in Windows, but reckless disregard for security on Microsoft's part in developing their server applications. When I run Apache on Windows, it goes into a custom, unpriveleged account that can't damage anything. About breaking compatibility: yeah, a lot of apps exist that can't run as a normal user; they friviously need admin access. That number is diminishing however, and there are a lot of workarounds.
What about drivers? Currently they store all their config info in the registry under HKLM\SYSTEM\CurrentControlSet. NTLDR loads the CONFIG registry hive in the first stage of startup, before anything else in the windows directory. The Configuration Manager executive service (IE the registry) is even implemented in ntoskrnl.exe. Mabye the registry will only manage low-level configuration in the future?
Re:WinFS WILL be in the next version, just no netw
on
Microsoft Clips Longhorn
·
· Score: 2, Informative
1. You only need a 3rd party tool for command-line support. The disk management mmc snap-in lets you do the same thing: right click on a volume and select 'Change Drive Letter and Paths'. (Actually, the drive letter itself is just a symlink to the device in the object manager namespace.)
2. Yes, it most certainly does work with SMB file sharing. Try it before you expect it not to work.
Now, if Windows had some form of sudo or setuid, that might actually work.
Runas.exe can take command line args, or sud or psexec are even easier to automate with a little script. sud can even create shortcuts that don't give up the admin password.
[...]I much prefer the way OS X handles it, in that you never "log in" as administrator, instead you just temporarily give privilege to one process when installing software or changing system settings. In most UNIX systems, you never log into the GUI as root. Because of this design in OS X, it pretty much forces apps to behave properly, and even casual users will usually understand that having to type in their password meens "something important is happening".
Guess what? You can do the same thing in Windows: lookup runas(included) or sud or psexec.
That's why I browse with a different user account than my actual documents are stored in. It's really quite easy: I click the web browser icon (or whatever program that doesn't need to access my documents) and it transparently uses a su script (you can also use runas.exe that comes with Windows) and voila, my documents are protected from the program since it's running as another user, side by side my other programs.
Out in the Real World, machines are typically used by one person. The only files on that machine, or accessible via the network, that person (and their boss) cares about, are the ones they spend all of their time working on and any virus running as them will have full access to.
One human user does not have to use only one computer account; running different types of programs as different users will do exactly as the grandparent stated.
Laptops are usually off most of the time but used when they are on, whereas a sever is on all the time, mostly idle, and a workstation is usually somewhere in between. My laptop has been running WinXP without restart for 6 months when I upgraded the video drivers, and it's been on and in use since then for about 500 hours. Before I use Linux on a mobile system, the software suspend support has to get better.
I won't argue with uptime, but having worked as a programmer on an AS/400, they are awfully easy to denial-of-service. If you run a stalled program interactively, everything crawls. The alternative is to run things as a (low-priority) batch job. The problem is that the batch subsystem will only run 10 batch jobs concurrently- 10 stalled or needing assistance (IE zombied; needing to offload a crash dump) and no more batch jobs get processed. Dumb programmers and users that don't worry why their program never returned can do a lot of damage with almost no priveleges and a lot of stupidity. Mabye it's just a case of bad adminning, but having a latency of 10+ seconds to press enter or a plugged batch system is in some ways worse than a crash.
Where's the MIDI support? Sure, I don't play them all that often, but my primary music player needs to support EVERYTHING I want to play. Can't play.GDM mod files here either, but neither could Winamp... OH it crashed when I tried to load my.MOD collection. The MODs that I could play seem fine. No video playback? The MOD file playback options are pitiful, like lack of panning seperation control. More sort options: Good. More playback order options: Good. No buffer size control. No.AUD file support It takes forever to load long playlists because it has to go through each file. I have to use SidPlay instead of ReSid (for commodore 64 music) and SidPlay does not have enough quality. Also, the timer rate is off (PAL instead of NTSC) and the property page doesn't let me change it. SPC (SNES music) works fine.
I just started looking at it, and I can't seem to find a nice way to make it a small windowshade, like you can with Winamp. Having it in the tray is an extra step I don't want.
I know it's easy to complain without doing anything, but Winamp already does what I want it to and Foobar2000 isn't ready yet. It sucks that Nullsoft doesn't seem to want to fix 2.x but...
GNU/Linux has built-in security and productivity features that have either only recently appeared in Windows, or are
architecturally impossible to include.(emphasis mine)
Eh? Like what? Besides, I thought that Linux tried to build-in the least amount of things possible.
Tell me you've never gotten a sharing violation when using Windows.
Nothing that wasn't easy to fix-- although I don't admin a file server, either.
Describe to me under what circumstances you would want to avoid reading from a file by two processes at once
None. That's why I admitted that it's silly.
Tell me you haven't rebooted when installing software.
I have rarely needed to reboot after installing software on Windows. Most installation programs always tell you to reboot; needlessly. The last time I rebooted was last month to upgrade my video drivers (since the driver writers didn't write a unloadable driver: it is possible to change video drivers at runtime if they support it.)
That's not the point. The problem is that *developers don't*. They plop a zero in that field and don't worry about it.
The design of the win32 api is not solely responsible for that; the developers of those bad apps (and there are plenty, esp for Windows) are most at fault.
On *IX, you blow away a file, and the OS refcounts the thing. It doesn't break any applications currently using the file -- the file just doesn't have a directory entry any more, and when the last application using a file goes away, so does the file.
This is a great way to handle deletion; I wish Windows was the same. When you delete a file that is still open with shared delete access, the directory entry persists until all other references to the file are closed, then it's deleted. It's like using the flag FILE_FLAG_DELETE_ON_CLOSE with Create/OpenFile.
I could be wrong, but I doubt that Process Explorer will let me kill off said handles from a remote system (and certainly not if the access is from a different account...I might even have to go sit in front of the file server to run Process Explorer...I'll admit that it could have been handy other times that I've run into issues though, and didn't know about it).
For files opened with file sharing, there is the 'Shared Folders' MMC snap-in. It lists all the users connected, and all the files they have open, with the ability to disconnect either forcibly. Like (most) other MMC applets, it's easy to connect to a remote machine. If you want to view handles on remote computers, there is the command line program handle that you can run from telnet or from psexec. Sysinternals has a lot of great admin freeware for Windows in general. Sit in front of the file server? What's wrong with terminal services?
On UNIX, you have to go out of your way to lock the file if you want exclusive access (and even if you do so, the lock is merely advisory -- forced locks are done via the permission system). The default is to *not* have a file locked.
So UNIX is better because you have to go out of your way to do something? Seriously, I think the no-sharing default is to help prevent anamalous behavior. Sharing a file requries extra planning; you wouldn't share a block of memory between two threads, read/write, without a lock; exclusive access provides a primitive kind of locking. If you don't want the file to be locked, you only have to pass one extra flag when opening the file. But you are right that it is silly to deny read access when it's only open for read anyways.
Guess which is a more common problem -- issues caused by files not being locked when they should, or the dreaded "sharing violation"?
Yeah, sharing violation errors. However, sharing violation errors are obvious and direct. Insufficent locking can result in corruption and intermittent behavior that is hard to diagnose.
Plus, the aforementioned "sharing violation" is why Explorer frequently can't delete directories (in XP this is "fixed" to become a silent failure rather than popping up a messagebox alerting the user that the directory could not be deleted)
I created a new directory, changed to it in a command prompt, and tried to delete it. Explorer told me that it couldn't be deleted because it was in use. This is on XP (not that Explorer is anywhere near perfect). If I didn't know what has something open, there is always proces explorer, where I can search for handles and force them to close.
It isn't a real-world issue, but it's probably something that the article author heard from some Windows guy who had once run into *IX and been surprised by the way things work.
Something else you can file under the "I don't understand it, so it must be wrong." attitude.
Overall, I spend very little time dealing with locking problems on either Windows or Linux, both as a user and developer.
Unix also poses some security problems, because multiple users and jobs can access the same file simultaneously.
Um, most operating systems, including Windows allow multiple programs to open the same file at the same time. I guess that's the point of mentioning it, but it shows that the book doesn't even know how Windows works. Heck, even MS-DOS can share files if you load the share.exe TSR.
In a general sense, any server can be used by multiple users at one time.
You just wrote off Windows's terminal services; it IS support for multiple remote users but... you don't care?
What if I said that the majority of Linux installations were single-user desktops? Would that make it any less multi-user? No: the quantity of computers in that role is not the same thing as its ability to perfrom that role. The fact that Windows multi-user terminal servers can exist is enough. Windows NT has had multiple user support since its first release; that support improved with NT4 TSE (terminal server edition), with native support for remote users.
(from the article)
Both Linux and Windows are multi-user operating systems. Both can be used by many different users, and give each user a separate environment and resources. Security is controlled based on the user's identity. Resource access can also be controlled by group membership, making it easier to work with rights for large numbers of users without having to touch each individual account.
I ran some quick tests on my WS2k3 vm and came up with these numbers: Each session commits an additional 3.5MB of private memory plus 6.5MB for explorer, and 36k to the non-paged pool. Each connected session costs 2MB in the paged pool whereas each disconnected session costs 600K in the paged pool. I tracked kernel memory allocations: the 600-2000K session overhead in the paged pool goes almost exclusively to the win32 subsystem, which isn't suprising. The extra user memory is used by a seperate copy of csrss, winlogon, and the remote clipboard server, running in each session. I don't know how this compares to other OSs.
UNIX is designed more with multi-user support in mind than Windows. Where a UNIX would have only one process to serve multiple users, Windows duplicates some of them. Still, the memory overhead I observe doesn't seem excessive. How third-party programs fare is another story though.(usage of shared libraries, memory, files...) Most apps make the gross assumption that there is only one user: at the console. (NOTE: I have never run an actual production terminal server, so it's possible I am missing something important.)
The win32 api is not the system call interface in NT. The native api is. When you call a function from win32 it must be translated into a native api function. It is much simpler than win32 but more complex than unix's syscall api. NT has something sorta similar to jail: different sessions each have a seperate directory of objects.
The NT object manager is sort of like the virtual filesystem in Linux. Every device is named under the \Device object directory. For example, win32 has a symbolic link from "C:" to "\Device\HarddiskPartition1" which links the drive name to the actual device. Every object has a seperate ACL, and every session has a seperate directory, so C: in one session could be connected to something totally different in another session, or nothing at all.
Still, processess can get to anything in the object manager, if they go around win32 and have access in the object's ACL. For more information, check out the winobj tool from Sysinternals, or one of their articles about the Windows NT native api.
Windows NT3.51 added the internal support needed for a multi-user gui, IE WindowStation objects. The first version of Citrix MetaFrame was for 3.51, it wouldn't have been possible without MS's cooperation. Later, MS bought from Citrix or created their own implementation to use in NT4 terminal server edition.
I know Linux distros only use the Linux kernel; I was replying to the statement made by EzInKy:
"Pick one" is exactly the problem with Windows. The system only gives you a choice of one kernel, one GUI, one Browser, one MediaPlayer, etc. A decent Linux distro will offer the user a variety of choices for all the above and much more.
Stating that Linux has a variety of choices for a kernel. I misunderstood, so EzInKy later clairified that to mean specialized builds and versions. Several hours before you posted. Try reading related posts before posting yourself.
I would have Google as my home page for searches, (since I want to do a search half the time) but I use the internet-search-from-the-address-bar feature of Mozilla instead.
There is usually a choice between different kernel versions and patches for special uses, hardened, gaming, multimedia, not to mention kernels for different hardware platforms.
Yes, since the Linux kernel is open source, it has much more practical flexibility. Still, they are all variants of the same kernel.
Yes, you can use other tools, but can you choose not to install IE or MediaPlayer if you choose to use another app?
It is bad that MS crippled the add/remove programs so I can't uninstall anything important. Not using them is the next best thing.
Compare apples to apples. You want an editor? If you chose KDE as your GUI KWrite is simple enough. From the command line nano suffices for an intuitive interface.
With a fresh Red Hat 9 install, I had a terrible time even getting X windows to work, let alone KDE, requiring manual config editing. nano sounds like a good idea; I plan to check it out after I post this. The problem is that I don't know which programs are good for what. Microsoft usually has something obvious to use for common things and nothing for uncommon things (uncommon = anything MS doesn't think is common).
Anyway, the point is that the size difference between a decent Linux distro and Windows is due to Linux offering more choices. We can agree that finding documentation on how to use the software is usually better in Windows, but OSS apps have come a long way in that regards in the last couple of years.
OSS apps ARE getting better. A lot better; they are improving so fast that I think they will even become the future of mainstream software.
I guess I'm just complaining about the learning curve; there is so much out there to learn.
Slashdot Mirror
CreateWindowStation was intoduced in NT 3.51 to support Citrix's WinFrame server, the predessor to MS Terminal Services. Multiple desktops (not sessions) have always existed in NT; when you press ctrl-alt-delete while logged on, it switches to the logon desktop.
About Linux: yeah, there are lot of things in Windows (NT mostly) that Microsoft and everyone else woefully neglects, and that's not usually the case with Free/Open software
Did anyone else have trouble getting to slashdot.org for the last 15 minutes or so?
Hey: my HP48GX RPN graphing calc has never crashed! :)
The 9600 baud sieral line would run out of bandwitdh before you could load one page.
I know that many high-performance server packages include the possibility of using a kernel mode component to reduce overhead (context switching usually), but only as an option. This is the only possibility for IIS.
What I'm trying to say is that it's not a basic design flaw in Windows, but reckless disregard for security on Microsoft's part in developing their server applications.
When I run Apache on Windows, it goes into a custom, unpriveleged account that can't damage anything.
About breaking compatibility: yeah, a lot of apps exist that can't run as a normal user; they friviously need admin access. That number is diminishing however, and there are a lot of workarounds.
What about drivers? Currently they store all their config info in the registry under HKLM\SYSTEM\CurrentControlSet. NTLDR loads the CONFIG registry hive in the first stage of startup, before anything else in the windows directory. The Configuration Manager executive service (IE the registry) is even implemented in ntoskrnl.exe.
Mabye the registry will only manage low-level configuration in the future?
1. You only need a 3rd party tool for command-line support. The disk management mmc snap-in lets you do the same thing: right click on a volume and select 'Change Drive Letter and Paths'. (Actually, the drive letter itself is just a symlink to the device in the object manager namespace.)
2. Yes, it most certainly does work with SMB file sharing. Try it before you expect it not to work.
I do the same thing on Linux too.
Laptops are usually off most of the time but used when they are on, whereas a sever is on all the time, mostly idle, and a workstation is usually somewhere in between.
My laptop has been running WinXP without restart for 6 months when I upgraded the video drivers, and it's been on and in use since then for about 500 hours.
Before I use Linux on a mobile system, the software suspend support has to get better.
I won't argue with uptime, but having worked as a programmer on an AS/400, they are awfully easy to denial-of-service. If you run a stalled program interactively, everything crawls. The alternative is to run things as a (low-priority) batch job. The problem is that the batch subsystem will only run 10 batch jobs concurrently- 10 stalled or needing assistance (IE zombied; needing to offload a crash dump) and no more batch jobs get processed. Dumb programmers and users that don't worry why their program never returned can do a lot of damage with almost no priveleges and a lot of stupidity. Mabye it's just a case of bad adminning, but having a latency of 10+ seconds to press enter or a plugged batch system is in some ways worse than a crash.
Where's the MIDI support? Sure, I don't play them all that often, but my primary music player needs to support EVERYTHING I want to play. .GDM mod files here either, but neither could Winamp... .MOD collection. .AUD file support
Can't play
OH it crashed when I tried to load my
The MODs that I could play seem fine.
No video playback?
The MOD file playback options are pitiful, like lack of panning seperation control.
More sort options: Good.
More playback order options: Good.
No buffer size control.
No
It takes forever to load long playlists because it has to go through each file.
I have to use SidPlay instead of ReSid (for commodore 64 music) and SidPlay does not have enough quality. Also, the timer rate is off (PAL instead of NTSC) and the property page doesn't let me change it.
SPC (SNES music) works fine.
I just started looking at it, and I can't seem to find a nice way to make it a small windowshade, like you can with Winamp. Having it in the tray is an extra step I don't want.
I know it's easy to complain without doing anything, but Winamp already does what I want it to and Foobar2000 isn't ready yet. It sucks that Nullsoft doesn't seem to want to fix 2.x but...
Besides, I thought that Linux tried to build-in the least amount of things possible.
Sit in front of the file server? What's wrong with terminal services?
Overall, I spend very little time dealing with locking problems on either Windows or Linux, both as a user and developer.
You just wrote off Windows's terminal services; it IS support for multiple remote users but... you don't care?
What if I said that the majority of Linux installations were single-user desktops? Would that make it any less multi-user? No: the quantity of computers in that role is not the same thing as its ability to perfrom that role. The fact that Windows multi-user terminal servers can exist is enough.
Windows NT has had multiple user support since its first release; that support improved with NT4 TSE (terminal server edition), with native support for remote users.All that is true of both Windows(NT) and Linux.
I ran some quick tests on my WS2k3 vm and came up with these numbers:
Each session commits an additional 3.5MB of private memory plus 6.5MB for explorer, and 36k to the non-paged pool.
Each connected session costs 2MB in the paged pool whereas each disconnected session costs 600K in the paged pool.
I tracked kernel memory allocations: the 600-2000K session overhead in the paged pool goes almost exclusively to the win32 subsystem, which isn't suprising. The extra user memory is used by a seperate copy of csrss, winlogon, and the remote clipboard server, running in each session.
I don't know how this compares to other OSs.
UNIX is designed more with multi-user support in mind than Windows. Where a UNIX would have only one process to serve multiple users, Windows duplicates some of them. Still, the memory overhead I observe doesn't seem excessive. How third-party programs fare is another story though.(usage of shared libraries, memory, files...) Most apps make the gross assumption that there is only one user: at the console.
(NOTE: I have never run an actual production terminal server, so it's possible I am missing something important.)
The win32 api is not the system call interface in NT. The native api is. When you call a function from win32 it must be translated into a native api function. It is much simpler than win32 but more complex than unix's syscall api. NT has something sorta similar to jail: different sessions each have a seperate directory of objects.
The NT object manager is sort of like the virtual filesystem in Linux. Every device is named under the \Device object directory. For example, win32 has a symbolic link from "C:" to "\Device\HarddiskPartition1" which links the drive name to the actual device. Every object has a seperate ACL, and every session has a seperate directory, so C: in one session could be connected to something totally different in another session, or nothing at all.
Still, processess can get to anything in the object manager, if they go around win32 and have access in the object's ACL.
For more information, check out the winobj tool from Sysinternals, or one of their articles about the Windows NT native api.
Windows NT3.51 added the internal support needed for a multi-user gui, IE WindowStation objects. The first version of Citrix MetaFrame was for 3.51, it wouldn't have been possible without MS's cooperation. Later, MS bought from Citrix or created their own implementation to use in NT4 terminal server edition.
I would have Google as my home page for searches, (since I want to do a search half the time) but I use the internet-search-from-the-address-bar feature of Mozilla instead.
When I start my browser, I already have a page I want to go to in mind; why bother to load another first?
I guess I'm just complaining about the learning curve; there is so much out there to learn.