The NT kernel is pretty damned clean and stable, from what I know of it - it's a reimplementation of VMS, basically.
Everything built ontop of it isn't, though - and that includes things like the Win32 API, much of which is implemented via kernel-mode drivers for speed. That's where a lot of the problem is.
Whilst Windows deserves a fair amount of the slamming it gets, NT is a nice kernel. It's a pity that you can't use it without running Windows ontop of it.
Perhaps because if it breaks, only a smaller proportion of users are affected?
Remember the latest Google site redesign - I got to see it around a month and a half earlier than its general release, if I visited Google from Uni.
Whilst there's no evidence that's what they're doing this time, there's no evidence to the contrary either. I'll take a look when I get to Uni - if they're using the same subnets as last time, I'll probably see it.
Aye, the CE kernel is RT - but that doesn't stop you from building non-RT apps like PocketPC ontop of it.
(I doubt that it's still suitable to be used in time-critical applications with the PocketPC shell loaded, though, but you should still get realtime response to device interrupts and the like, even on the consumer devices.)
PocketPC is built on CE as a base - CE is a kernel and some services, and includes things like a shell and a command line interpreter, both based on desktop Windows.
PocketPC replaces the shell, adds some apps, and has the configuration tweaked for the specific device it's on. The smartphone variant is similiar.
NT4 to 2000 was a complete re-working of the user management architecture (for machines in a domain).
The workstation changes wern't too visible, though.
Re:SP2 - as secure as any linux distro...
on
XP2 Spotted In The Wild
·
· Score: 5, Insightful
You're right, I wasn't as clear as I should have been - "users running with more privileges than they need" is indeed what I meant.
I'll grant that some of the Windows defaults are appauling, security-wise, and creating users as Administrators is part of that. Microsoft are making an effort to advertise features like Run As, though - there's a topic in XP help explaining why running as an Administrator is a bad idea, for instance.
(That said, I've no idea how many people actually read it, of course).
The point I'm trying to make is that any system with uneducated administrators is going to have security problems, sooner or later. Most Unix users tend to do their research and understand why running as root is a problem, as do the application developers. If your applications will run fine as a normal user, then people will run as a normal user.
That doesn't apply as strongly in the Windows world - people are much less likely to do any security research, and application developers do have a tendency to make it harder for people to run as a user. That's beginning to change, though - the current guidelines for the "Designed for Windows" logo on software include a requirement that software runs correctly as a non-administrator.
Hopefully, the next release (be it a SP3 or Longhorn, should it ever be released) will concentrate on the user education side of things, and make it easier to do the right thing with regards to least privilege.
Not really - it's still an NT OS, after all.
A fair bit of the userland is being redone, and there's a bunch of new stuff, but I don't think too much is being thrown away.
Re:SP2 - as secure as any linux distro...
on
XP2 Spotted In The Wild
·
· Score: 4, Informative
Mozilla has never had a security bug, right?
You run *any* OS as root or equivalent on a daily basis, and you're going to have problems sooner or later.
Okay, so if you're running IE that's more likely to be "sooner" than "later" but the point still stands - the main problem is running systems with more privileges than they need.
It's a right pain in the arse for people who use things like IM file transfer tools, and forget to turn the firewall off. Yes, it'll try it in the other direction... after the three-minute or whatever timeout expires.
Yup, that's been suggested, and I know of at least one ISP that's been looking into it.
The problem is the legal issues. From what I've been told, under UK law, ISPs risk becoming "publishers" if they actively cache content, and therefore become liable for its contents. As it stands, they're simply "common carriers", and have no responsibility for the content.
(Yes, I'm aware that similiar arguments can be made against both webcaches and Usenet servers; I'm only repeating what I've been told. I seem to recall a civil case against a UK ISP with regards to content on their news server, I can't remember the outcome.)
Because the consumer side of the Internet tends to be asymmetric: upload bandwidth is more expensive than download bandwidth, at least with cable and DSL.
Until that changes (when everyone gets fibre-to-the-home, perhaps?), then BitTorrent and other P2P programs will cause headaches for ISPs.
Slashdot Mirror
Presumably he means the IE6 SP2 popup blocker. It's part of XP Service Pack 2, and hasn't been backported to 2K.
European Union Copyright Directive... the EU equivalent of the US DMCA.
The NT kernel is pretty damned clean and stable, from what I know of it - it's a reimplementation of VMS, basically.
Everything built ontop of it isn't, though - and that includes things like the Win32 API, much of which is implemented via kernel-mode drivers for speed. That's where a lot of the problem is.
Whilst Windows deserves a fair amount of the slamming it gets, NT is a nice kernel. It's a pity that you can't use it without running Windows ontop of it.
This, perhaps?
(Yes, I know, it's very short range, but it's a step in the right direction, certainly.)
Perhaps because if it breaks, only a smaller proportion of users are affected?
Remember the latest Google site redesign - I got to see it around a month and a half earlier than its general release, if I visited Google from Uni.
Whilst there's no evidence that's what they're doing this time, there's no evidence to the contrary either. I'll take a look when I get to Uni - if they're using the same subnets as last time, I'll probably see it.
Aye, the CE kernel is RT - but that doesn't stop you from building non-RT apps like PocketPC ontop of it.
(I doubt that it's still suitable to be used in time-critical applications with the PocketPC shell loaded, though, but you should still get realtime response to device interrupts and the like, even on the consumer devices.)
PocketPC replaces the shell, adds some apps, and has the configuration tweaked for the specific device it's on. The smartphone variant is similiar.
NT4 to 2000 was a complete re-working of the user management architecture (for machines in a domain). The workstation changes wern't too visible, though.
Ah, I wasn't aware of that - thankyou.
You're right, I wasn't as clear as I should have been - "users running with more privileges than they need" is indeed what I meant.
I'll grant that some of the Windows defaults are appauling, security-wise, and creating users as Administrators is part of that. Microsoft are making an effort to advertise features like Run As, though - there's a topic in XP help explaining why running as an Administrator is a bad idea, for instance.
(That said, I've no idea how many people actually read it, of course).
The point I'm trying to make is that any system with uneducated administrators is going to have security problems, sooner or later. Most Unix users tend to do their research and understand why running as root is a problem, as do the application developers. If your applications will run fine as a normal user, then people will run as a normal user.
That doesn't apply as strongly in the Windows world - people are much less likely to do any security research, and application developers do have a tendency to make it harder for people to run as a user. That's beginning to change, though - the current guidelines for the "Designed for Windows" logo on software include a requirement that software runs correctly as a non-administrator.
Hopefully, the next release (be it a SP3 or Longhorn, should it ever be released) will concentrate on the user education side of things, and make it easier to do the right thing with regards to least privilege.
Not really - it's still an NT OS, after all. A fair bit of the userland is being redone, and there's a bunch of new stuff, but I don't think too much is being thrown away.
Mozilla has never had a security bug, right?
You run *any* OS as root or equivalent on a daily basis, and you're going to have problems sooner or later.
Okay, so if you're running IE that's more likely to be "sooner" than "later" but the point still stands - the main problem is running systems with more privileges than they need.
It's a right pain in the arse for people who use things like IM file transfer tools, and forget to turn the firewall off. Yes, it'll try it in the other direction... after the three-minute or whatever timeout expires.
Yup, that's been suggested, and I know of at least one ISP that's been looking into it.
The problem is the legal issues. From what I've been told, under UK law, ISPs risk becoming "publishers" if they actively cache content, and therefore become liable for its contents. As it stands, they're simply "common carriers", and have no responsibility for the content.
(Yes, I'm aware that similiar arguments can be made against both webcaches and Usenet servers; I'm only repeating what I've been told. I seem to recall a civil case against a UK ISP with regards to content on their news server, I can't remember the outcome.)
Because the consumer side of the Internet tends to be asymmetric: upload bandwidth is more expensive than download bandwidth, at least with cable and DSL.
Until that changes (when everyone gets fibre-to-the-home, perhaps?), then BitTorrent and other P2P programs will cause headaches for ISPs.