Okay, so in the strictest sense of the terms, he's probably right. Software development isn't a charity.
Free Software (GPL/LGPL) is definitely not a charity, it's a give and take trading system. You put in, and you get out, and it largely self-improves through feedback, patches, bug reports, etc.
BSD comes closer, but still required attribution in the past, and of course, the developers were (back in the day) originally producing it as part of various university projects (ie, they get status in return), and more recently, are developing it as for-profit work, but are releasing it. Again, not charity.
That said, whether the argument's been taken out of context, or is accurate in other ways is another matter.
It should also be noted that the security problem doesn't go away if activex is taken out of the picture. Whatever is implemented in it's place still has to be security checked. The difference being that it might be possible to sandbox the object renderer.
The question that I want to know the answer to is "does the part of the standard this feature is attempting to test describe what the security implications should be?"
If the answer is "No", then the people working on IE have every right (and infact, a duty) to look at this from a "More security = better" standpoint than "Make sure it works" standpoint.
No kidding. This would probably kill their adult movie channels pretty quickly if word got out that some deviant at comcast was recording people watching the channels.
Heh, yeah, I saw those threats. Highly entertaining.
That said, I'm clearly misreading something else then. I had thought I'd seen them mention that they had updated and added support for N more drivers, but perhaps that wasn't in the service pack itself, just the general process of adding drivers since vista went RTM last year.
Well, there's no question that that isn't possible, and from what I hear from a few friends inside redhat's support departments, oracle might just be fond of that particular game.
And we certainly do get the occasional clash over drivers poking where they don't belong (or more often, using the so called "GPL only" function calls when they aren't themselves GPLed)
That said, he's right. There's nothing stopping it, except that the driving force behind the driver tends to be someone who's interested in linux, not someone who works for the third party. The motives between the two isn't necessarily different (but not necessarily better, either, there are plenty of half-finished drivers that I've run into in the past)
Of course, I'm on the fence on the issue. Having OEM support for the drivers can be good... or it can be completely sucky, halfassed, and lag behind updates of other kernel components. It also works better when the driver APIs are declared stable and don't change over time. That's an entire debate on it's own however.
The reality is, some OEMs don't have a choice, however. Investing in linux support, particularly for consumer devices may quite simply not be justifiable to their operating costs, as far as they can see. Or they might be tied up in patent, licensed code or technology agreements.
Hrm. I'm using creative's audigy 1 drivers on my 64bit system at home. I haven't looked at the version numbers, but installing the service pack wasn't a problem for me.
(finding and installing the right audigy drivers on the other hand.... *shakes fist at creative*)
I don't have any tips for diagnosis yet. Unfortunately, the word on the technet blogs is that the patch basically waits for some service to release a handle to something it needs to update, gives up on waiting, and backs out.
I don't know what would cause that. Look for any services that've been added that aren't part of the windows services perhaps? disable anything that's snuck into one of the 5 billion different ways of launching a program on startup?
The service pack probably can't risk shutting down services it doesn't know about, after all, they could actually be necessary hardware services. A lot more drivers and applications install services than you'd expect.
Personally, I've done one install against a clean system (I got sp1 from where I work a while ago) and one install on a regularly used laptop, and both have gone well, but it's like comparing one wavelength of an entire spectrum when you consider everything that could be around (including spyware, viruses, etc)
I'd just bite the bullet, and make a clean start. Backup your stuff, install the o/s, install the service pack, reinstall apps, restore data. I can remember friends being bitten by this same problem with the first windows 2000 service pack, some random thing they'd install broke the service pack's installation. It sucks, but I'd take the exact same process when upgrading redhat or even debian. (my personal machines, I'll update, production systems, I'll build up from scratch)
It gives me a chance to refresh my rebuild scripts, eliminate weirdness, clean cruft, etc.
The problem with giving people just enough rope to hang themselves is that they want a little slack so that it's not uncomfortable when they're tying the noose and getting on the chair, and get it by taping on their own rope with duct tape.
See this for an example of this. It's a really painful thing, and really makes me feel sorry for people like Raymond Chen who has to deal with these kinds of issues for pay. (His book's kinda interesting tho)
Admittedly, a lot of the benefits to the linux driver model is that they *don't* get a lot of third party drivers, which helps eliminate a lot of this kind of problem. It still exists however. Just ask anyone who's trying to debug a kernel with the nvidia driver installed.
And SP1 added a truckload more, including updated ones (hence the size of the standalone update).
Particularly for 64bit, which was almost twice the size of the 32bit update.
Sounds like progress to me. Note that the SP will only have included drivers that got updated *AND* passed the WHQL process, and of course, windows doesn't have the scatter-shot advantage of one-driver-fits-all that linux has (some chipsets under windows have a general driver for multiple oems, but often that's not the case)
Unfortunately, those drivers would only have shown up in WU if the manufacturer had submitted them for WHQL, which takes time and money. Some manufacturers often rely on their OEMs to do that, and that's a fairly significant trickle-down path.
(I'm STILL waiting on lenovo to ship non-broken nvidia drivers, until then, i'm sticking with the WHQL ones which don't flake out repeatedly, even if they're severely behind on 3d performance)
And word on the grapevine is that one of those drivers (the fujitsu one, iirc) happily treads on internal data structures in the kernel with hardcoded offsets.
Those offsets changed when the new kernel was built, and the data structure in question was never published directly in the first place, it should have been manipulated via a proper API.
The result? When you *move* a system with the shock-monitor driver? the entire system crashes because that data structure is now garbage. That's right. Physically move the system, and it blue-screens.
Yet the nvidia driver in linux? Doing the same thing, potentially (it doesn't even have to actually do it, the kernel developers just believe that it does, and they may or may not be right, since I haven't checked), and the kernel devs will refuse to talk to you if that driver's loaded when the kernel crashes.
Microsoft at least takes it seriously, and the manufacturer was asked to produce a new driver, which they appear to have done.
This is the price you pay for getting OEM drivers. OEMs take shortcuts and horrible hacks to get the job done. Yet you constantly hear linux users clamouring for more support from OEMs. Personally, I think linux might just be better off even if it does reduce the amount of supported hardware in the short term.
The problem there is that Microsoft never had a chance to lock people into hardware in the first place (and probably never wanted to, but i don't know anything about their motives back in the early days).
The people most responsible for the extreme number of hardware variations for the PC today? IBM. they allowed people to clone their architecture (not without a token fight, though, if I recall). Now we have two major cpu manufacturers, 3 major motherboard chipset manufacturers, 3 major video card manufacturers, millions of extra peripheral devices, and the end result is an impossibly large number of hardware configurations.
The main problem i've seen so far with SP1 has been it backing out after a good chunk of the installation process because some third party tool or driver (which is hard to identify) is holding onto a handle to something that windows update needs to update, but can't because there's an open handle.
At least it does the sane thing and backs out cleanly. Bummer to hear that it's failing for a few people, but you know, it's entirely likely that some third party software has snuck in where it was least expected.
Personally, I've never assumed that a service pack will apply cleanly on a machine that's been in use for some time. I tend to install them immediately after installing the O/S or service, and go from there. I'd do the same for going from RHEL 5.0 -> 5.1, or anything else. Takes away potential headaches.
Pity OEM installs of vista make that a pain, since the recovery image often contains a mountain of extra junk:(.
Huh? What about Sarbanes-Oxley would force the upgrade, specifically?
I must admit I'm not that familiar with the rulings, but it seems odd that it'd mandate a "you must used the most recent system evar!". I'd think that every business in the world would fail on that compliance, i mean, how many "fix" things that aren't broken?
That's one thing I like about the corporate edition of e-trust I'm using atm. I've never seen it visually bug me when updating. *it just does it, and gets on with its job*. Really appreciate that after using AVG and having it bitch at me every single damned day, sometimes even twice a day
Go into Control Panel->Regional and Language Options -> keyboards and languages -> install / uninstall languages -> remove language and check if you've got more than one language installed.
If any of them aren't supported (international english should just be a subset of english, so it should be okay, but it'd be interesting to find out if it's counted as one of the 31 "other" languages) then it'll refuse to install until mid-april, even if you're not currently using it.
I personally like the disinformation about SP1 being pulled or delayed that was blatantly incorrect (it was stated that it would be mid-march when it was announced at the start of Feb, and shock, it's now mid-march, and it's been released)
But still, not like the facts matter to The Register or Slashdot anymore... if they ever did.
Nevermind that at least one of those articles that hit slashdot were in reference to a post that was actually talking about one of the early *betas* of SP1 (not even an RC).
This update is right on time, according to the schedule announced when vista SP1 went RTM.
Release as optional update and separate download: mid-march (oh, look, it's mid-march right now! fancy that!) Release for automatic install via windows update: mid-april (Mid-april isn't here yet, and a lot can happen in a month, admittedly)
That said, the point about backing up is just *prudence*. But then, all of you slashdot readers backup regularly anyway, don't you?
you don't? (Okay, so neither did I before installing SP1, but that's mainly due to sane segregation of data and apps on my part):)
Well, if you'll recall, the movie/books did present the governments as having severe religious overtones to the rise of power. They basically manipulated the people into having a large amount of religion-based fear to get into power.
There were talks about religious extremists and terrorists being one and the same in the movie at least, if memory serves.
And scientology has allegedly been trying to nose it's way into politics in a lot of places
Uh. You mean these cross platform files? Don't know what you're seeing, but there's a MacOSX link there. Admittedly, the Linux version is a ways off yet, but it's getting there, and is getting help from microsoft, so it'll get there eventually. (patent issues nonwithstanding)
So... evaluating it yet? Or do you have another excuse?
See, now you didn't mention that in your original article. You just said firewire was disabled at boot, and there was a button that enabled it. I presumed you had a switch like my laptop does for it's wireless adapter, a physical switch that works no matter what the pc's doing.
My bad. (I'd love to know what laptop has a hotkey for enabling/disabling firewire tho. Make/model?)
Actually, you'll find it's because Aero demands decent pixel shader support to do the blur effect underneath the titlebar (aka, glass). That's the difference between compiz and aero, basically. Aero uses a bunch of pixel shaders, and thus, limits itself as to what cards can do everything. Compiz uses basic transforms (in most cases) instead, and runs on more hardware as a result. (Note, hardware accelerated alpha blending isn't texture-mapped blurring. The latter's a bit more complex)
Which looks better is a matter of subjective opinion. Glass looks nice to me, but then, I only ever have high-end video cards. Some of the compiz effects are nice as well, although quite a few just bring a system to it's knees just as easily as Aero will, and some compiz effects seem fairly pointless. A lot of it is asthetics, although compiz does have some handy ones as well as just visually appealing ones.
Slashdot Mirror
Okay, so in the strictest sense of the terms, he's probably right. Software development isn't a charity.
Free Software (GPL/LGPL) is definitely not a charity, it's a give and take trading system. You put in, and you get out, and it largely self-improves through feedback, patches, bug reports, etc.
BSD comes closer, but still required attribution in the past, and of course, the developers were (back in the day) originally producing it as part of various university projects (ie, they get status in return), and more recently, are developing it as for-profit work, but are releasing it. Again, not charity.
That said, whether the argument's been taken out of context, or is accurate in other ways is another matter.
You're right. Activex isn't a standard.
*it's an implementation detail*
It should also be noted that the security problem doesn't go away if activex is taken out of the picture. Whatever is implemented in it's place still has to be security checked. The difference being that it might be possible to sandbox the object renderer.
The question that I want to know the answer to is "does the part of the standard this feature is attempting to test describe what the security implications should be?"
If the answer is "No", then the people working on IE have every right (and infact, a duty) to look at this from a "More security = better" standpoint than "Make sure it works" standpoint.
No kidding. This would probably kill their adult movie channels pretty quickly if word got out that some deviant at comcast was recording people watching the channels.
Heh, yeah, I saw those threats. Highly entertaining.
That said, I'm clearly misreading something else then. I had thought I'd seen them mention that they had updated and added support for N more drivers, but perhaps that wasn't in the service pack itself, just the general process of adding drivers since vista went RTM last year.
Well, there's no question that that isn't possible, and from what I hear from a few friends inside redhat's support departments, oracle might just be fond of that particular game.
And we certainly do get the occasional clash over drivers poking where they don't belong (or more often, using the so called "GPL only" function calls when they aren't themselves GPLed)
That said, he's right. There's nothing stopping it, except that the driving force behind the driver tends to be someone who's interested in linux, not someone who works for the third party. The motives between the two isn't necessarily different (but not necessarily better, either, there are plenty of half-finished drivers that I've run into in the past)
Of course, I'm on the fence on the issue. Having OEM support for the drivers can be good... or it can be completely sucky, halfassed, and lag behind updates of other kernel components. It also works better when the driver APIs are declared stable and don't change over time. That's an entire debate on it's own however.
The reality is, some OEMs don't have a choice, however. Investing in linux support, particularly for consumer devices may quite simply not be justifiable to their operating costs, as far as they can see. Or they might be tied up in patent, licensed code or technology agreements.
Or they might just be arseholes.
Hrm. I'm using creative's audigy 1 drivers on my 64bit system at home. I haven't looked at the version numbers, but installing the service pack wasn't a problem for me.
(finding and installing the right audigy drivers on the other hand.... *shakes fist at creative*)
Sorry, seen, not had.
I don't have any tips for diagnosis yet. Unfortunately, the word on the technet blogs is that the patch basically waits for some service to release a handle to something it needs to update, gives up on waiting, and backs out.
I don't know what would cause that. Look for any services that've been added that aren't part of the windows services perhaps? disable anything that's snuck into one of the 5 billion different ways of launching a program on startup?
The service pack probably can't risk shutting down services it doesn't know about, after all, they could actually be necessary hardware services. A lot more drivers and applications install services than you'd expect.
Personally, I've done one install against a clean system (I got sp1 from where I work a while ago) and one install on a regularly used laptop, and both have gone well, but it's like comparing one wavelength of an entire spectrum when you consider everything that could be around (including spyware, viruses, etc)
I'd just bite the bullet, and make a clean start. Backup your stuff, install the o/s, install the service pack, reinstall apps, restore data. I can remember friends being bitten by this same problem with the first windows 2000 service pack, some random thing they'd install broke the service pack's installation. It sucks, but I'd take the exact same process when upgrading redhat or even debian. (my personal machines, I'll update, production systems, I'll build up from scratch)
It gives me a chance to refresh my rebuild scripts, eliminate weirdness, clean cruft, etc.
Uh. is this the point where someone chimes in to mention Windows Live OneCare?
Kernel data structure changes.
The problem with giving people just enough rope to hang themselves is that they want a little slack so that it's not uncomfortable when they're tying the noose and getting on the chair, and get it by taping on their own rope with duct tape.
See this for an example of this. It's a really painful thing, and really makes me feel sorry for people like Raymond Chen who has to deal with these kinds of issues for pay. (His book's kinda interesting tho)
Admittedly, a lot of the benefits to the linux driver model is that they *don't* get a lot of third party drivers, which helps eliminate a lot of this kind of problem. It still exists however. Just ask anyone who's trying to debug a kernel with the nvidia driver installed.
And SP1 added a truckload more, including updated ones (hence the size of the standalone update).
Particularly for 64bit, which was almost twice the size of the 32bit update.
Sounds like progress to me. Note that the SP will only have included drivers that got updated *AND* passed the WHQL process, and of course, windows doesn't have the scatter-shot advantage of one-driver-fits-all that linux has (some chipsets under windows have a general driver for multiple oems, but often that's not the case)
Unfortunately, those drivers would only have shown up in WU if the manufacturer had submitted them for WHQL, which takes time and money. Some manufacturers often rely on their OEMs to do that, and that's a fairly significant trickle-down path.
(I'm STILL waiting on lenovo to ship non-broken nvidia drivers, until then, i'm sticking with the WHQL ones which don't flake out repeatedly, even if they're severely behind on 3d performance)
And word on the grapevine is that one of those drivers (the fujitsu one, iirc) happily treads on internal data structures in the kernel with hardcoded offsets.
:(
Those offsets changed when the new kernel was built, and the data structure in question was never published directly in the first place, it should have been manipulated via a proper API.
The result? When you *move* a system with the shock-monitor driver? the entire system crashes because that data structure is now garbage. That's right. Physically move the system, and it blue-screens.
Yet the nvidia driver in linux? Doing the same thing, potentially (it doesn't even have to actually do it, the kernel developers just believe that it does, and they may or may not be right, since I haven't checked), and the kernel devs will refuse to talk to you if that driver's loaded when the kernel crashes.
Microsoft at least takes it seriously, and the manufacturer was asked to produce a new driver, which they appear to have done.
This is the price you pay for getting OEM drivers. OEMs take shortcuts and horrible hacks to get the job done. Yet you constantly hear linux users clamouring for more support from OEMs. Personally, I think linux might just be better off even if it does reduce the amount of supported hardware in the short term.
Damned if you do, damned if you don't
The problem there is that Microsoft never had a chance to lock people into hardware in the first place (and probably never wanted to, but i don't know anything about their motives back in the early days).
:(.
The people most responsible for the extreme number of hardware variations for the PC today? IBM. they allowed people to clone their architecture (not without a token fight, though, if I recall). Now we have two major cpu manufacturers, 3 major motherboard chipset manufacturers, 3 major video card manufacturers, millions of extra peripheral devices, and the end result is an impossibly large number of hardware configurations.
The main problem i've seen so far with SP1 has been it backing out after a good chunk of the installation process because some third party tool or driver (which is hard to identify) is holding onto a handle to something that windows update needs to update, but can't because there's an open handle.
At least it does the sane thing and backs out cleanly. Bummer to hear that it's failing for a few people, but you know, it's entirely likely that some third party software has snuck in where it was least expected.
Personally, I've never assumed that a service pack will apply cleanly on a machine that's been in use for some time. I tend to install them immediately after installing the O/S or service, and go from there. I'd do the same for going from RHEL 5.0 -> 5.1, or anything else. Takes away potential headaches.
Pity OEM installs of vista make that a pain, since the recovery image often contains a mountain of extra junk
Huh? What about Sarbanes-Oxley would force the upgrade, specifically?
I must admit I'm not that familiar with the rulings, but it seems odd that it'd mandate a "you must used the most recent system evar!". I'd think that every business in the world would fail on that compliance, i mean, how many "fix" things that aren't broken?
That's one thing I like about the corporate edition of e-trust I'm using atm. I've never seen it visually bug me when updating. *it just does it, and gets on with its job*. Really appreciate that after using AVG and having it bitch at me every single damned day, sometimes even twice a day
Go into Control Panel->Regional and Language Options -> keyboards and languages -> install / uninstall languages -> remove language and check if you've got more than one language installed.
If any of them aren't supported (international english should just be a subset of english, so it should be okay, but it'd be interesting to find out if it's counted as one of the 31 "other" languages) then it'll refuse to install until mid-april, even if you're not currently using it.
I personally like the disinformation about SP1 being pulled or delayed that was blatantly incorrect (it was stated that it would be mid-march when it was announced at the start of Feb, and shock, it's now mid-march, and it's been released)
But still, not like the facts matter to The Register or Slashdot anymore... if they ever did.
Nevermind that at least one of those articles that hit slashdot were in reference to a post that was actually talking about one of the early *betas* of SP1 (not even an RC).
:)
This update is right on time, according to the schedule announced when vista SP1 went RTM.
Release as optional update and separate download: mid-march (oh, look, it's mid-march right now! fancy that!)
Release for automatic install via windows update: mid-april (Mid-april isn't here yet, and a lot can happen in a month, admittedly)
That said, the point about backing up is just *prudence*. But then, all of you slashdot readers backup regularly anyway, don't you?
you don't? (Okay, so neither did I before installing SP1, but that's mainly due to sane segregation of data and apps on my part)
If it's a malevolent alien race, is it really a paradox?
:)
and that begs another question, is there a paradox that could be billed as "unable to get worse than that"
And is being your own parent worse or better than killing an ancestor before they reproduced?
Maybe the sun exploding and wiping out the planet....that might qualify
Hm.. dunno. would falling into a black hole be worse?
but then, what's worse than falling into a black hole? going back in time and pouring bleach into the primordial soup we came from, I guess.
Well, if you'll recall, the movie/books did present the governments as having severe religious overtones to the rise of power. They basically manipulated the people into having a large amount of religion-based fear to get into power.
There were talks about religious extremists and terrorists being one and the same in the movie at least, if memory serves.
And scientology has allegedly been trying to nose it's way into politics in a lot of places
Uh. You mean these cross platform files? Don't know what you're seeing, but there's a MacOSX link there. Admittedly, the Linux version is a ways off yet, but it's getting there, and is getting help from microsoft, so it'll get there eventually. (patent issues nonwithstanding)
So... evaluating it yet? Or do you have another excuse?
See, now you didn't mention that in your original article. You just said firewire was disabled at boot, and there was a button that enabled it. I presumed you had a switch like my laptop does for it's wireless adapter, a physical switch that works no matter what the pc's doing.
My bad. (I'd love to know what laptop has a hotkey for enabling/disabling firewire tho. Make/model?)
Or the attacker, could, you know, opt in for you by pressing the button? :)
Actually, you'll find it's because Aero demands decent pixel shader support to do the blur effect underneath the titlebar (aka, glass). That's the difference between compiz and aero, basically. Aero uses a bunch of pixel shaders, and thus, limits itself as to what cards can do everything. Compiz uses basic transforms (in most cases) instead, and runs on more hardware as a result. (Note, hardware accelerated alpha blending isn't texture-mapped blurring. The latter's a bit more complex)
Which looks better is a matter of subjective opinion. Glass looks nice to me, but then, I only ever have high-end video cards. Some of the compiz effects are nice as well, although quite a few just bring a system to it's knees just as easily as Aero will, and some compiz effects seem fairly pointless. A lot of it is asthetics, although compiz does have some handy ones as well as just visually appealing ones.
ash