Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Software Microsoft Upgrades

Interview of the Windows XP SP2 Dev Team 392

Masa writes "SuperSite for Windows has a nice interview called "Windows XP Service Pack 2: The Inside Story". The interview gives a good insight, what kind of a project the Service Pack 2 was, how it got started and how huge effort it actually was." The ITMJ Product Guide is part of OSTG, as is Slashdot.
This discussion has been archived. No new comments can be posted.

Interview of the Windows XP SP2 Dev Team

Comments Filter:
  • by ProudClod ( 752352 ) on Monday December 27, 2004 @09:15AM (#11190895)
    Jesus Christ, hasn't the guy heard of Deedpoll!
    • Re:Todd Wanke... (Score:4, Informative)

      by ProudClod ( 752352 ) on Monday December 27, 2004 @09:23AM (#11190944)
      Hey,

      To the guy who modded OT - RTFA please. The head of the SP2 project is called Todd Wanke. Deedpoll is the method by which one can legally change their name (in the UK at least).
      • Re:Todd Wanke... (Score:2, Insightful)

        by Anonymous Coward
        Sniggering like Bevis and Butthead at the man's name is not on-topic.
        • "Haw Haw, he said Cockpit" and so on...

          Apologies to Todd and all, I was very bored and the very first thing I noticed when I read the article (unlike many commenters) was a synonym for onanism. And I'm a sucker for the cheap pun.

          On the other hand, he's managing a project like that for Microsoft, he's probably too busy bathing in his lake of cash to care.

  • what? (Score:5, Funny)

    by Nadsat ( 652200 ) on Monday December 27, 2004 @09:16AM (#11190900) Homepage
    I followed the link, but it was only a story about the quest for the Holy Grail. Except the Holy Grail was a dixie cup, and the crusaders took twice as long to search for it, but still came up with nothing, except t-shirts with corporate logos.
    • Re:what? (Score:3, Funny)

      by ValourX ( 677178 )

      but still came up with nothing, except t-shirts with corporate logos

      "I went with Microsoft(TM) and all I got was this stupid 'I've been owned by script kiddies' shirt"

  • No Easy Feat (Score:3, Interesting)

    by sanityspeech ( 823537 ) on Monday December 27, 2004 @09:17AM (#11190905) Journal
    It's interesting to know that there was a fair amount of thought involved in enabling the firewall in SP2. Who would've thought that could break a system? Not that I use Windows much any more, but it's still a welcome enhancement.
  • prophetic (Score:5, Funny)

    by OffTheLip ( 636691 ) on Monday December 27, 2004 @09:18AM (#11190908)
    "The reason we called it RC1 was that we wanted people to think that we were serious." I for one welcome our serious microsoft overlords... for a change.
  • by djeddiej ( 825677 ) * on Monday December 27, 2004 @09:18AM (#11190911) Homepage
    The only thiung that really caught me was "lipstick on a chicken"... btw I am on holiday so anything too serious right now won't go in my mind anyway (too much alcohol)
  • by TrollBridge ( 550878 ) on Monday December 27, 2004 @09:19AM (#11190914) Homepage Journal
    From TFA: "I can make it so secure that it doesn't work, or I can have 100 percent compatibility"

    So at Microsoft, either something works and isn't secure, or is secure and doesn't work.

    I know, this isn't really news, but it's not every day you hear it from Microsoft.

    • by lordfener ( 842728 ) on Monday December 27, 2004 @09:23AM (#11190941)
      I know you're making a joke, but on a serious note in the Windows world the comment is not too far off-center. In the world of computer-illiterate (not meant in a offending way) end users, security is somewhat connected to usability. A bit like taking a Ferrari and then adding enough features that my mom could drive it in the snow without causing a genocide ;-) Non-Windows people--Linux in particular--reason in completely different terms, which result in overall safer, but far less usable for the layman, software. I prefer the Linux way, too... but not everybody thinks the same way :)
      • Your comment about users is dead on, but when thinking about security vs. compatibility (at least in the context of that comment) I think of the following:

        My friend was slamming SP2 from the start because it "broke" alot of apps where he works (a medical powerhouse in the state)

        My response was something along the lines of, wait, let me get this straight, you're complainig because an application you rely on is designed around security risks in the operating system, and those holes were fixed?
        • My friend was slamming SP2 from the start because it "broke" alot of apps where he works (a medical powerhouse in the state)

          SP2 should have been released separately from the firewall.

          That way, users such as he with apps such as those could still get the OS patches and work on deploying the firewall by itself.

          My response was something along the lines of, wait, let me get this straight, you're complainig because an application you rely on is designed around security risks in the operating system, and thos

        • My response was something along the lines of, wait, let me get this straight, you're complainig because an application you rely on is designed around security risks in the operating system, and those holes were fixed?

          Actually, they probably wrote that app using the API documentation of the day. They are not solely to blame, here. How could regular Windows developers know which parts of Windows would be broken by SP2?

          It's better to use a vendor who provides clear guidence about binary, source, and API c
      • by Anonymous Coward
        I think the issue is that in the first place, doing useful convenient things for the end user securely was entirely possible. However, it's easier to do useful convenient things for the end user unsecurely. MS chose the latter in the first place, and now 500 million windows users are used to doing useful convenient things securely, MS is stuck hard.

        I empathise a bit with these people working on SP2. They were handed a steaming pile of horseshit to make palatable. Maybe there's not much you can do, but that
    • by MicroBerto ( 91055 ) on Monday December 27, 2004 @10:23AM (#11191338)
      Microsoft is living by the "Tyranny of the 'or'", as described in the book Built to Last: Successful Habits of Visionary Companies [amazon.com]

      We can have security OR compatability. We can have low prices OR product quality... etc..

      Bullshit. You can have both. The visionary companies described in this book DO get both, because they live by what the book describes "Genius of the 'AND'". You CAN have it both ways - it just takes hard work, dediction, and thinking outside of the box.

      Microsofts lamentations will eventually get them beat. As good as they think they are, there is always someone better - with the visionary attitudes described in this book - that will eventually beat them in the long run.

      I'm confident that as a community, OSS will be able to embrace the Genius of the AND in this situation, and get security along with usability. It just takes time.

      • by jht ( 5006 ) on Monday December 27, 2004 @11:28AM (#11191895) Homepage Journal
        Yes, you can, but that's not so much the problem at Microsoft. The problem Microsoft has is that they designed an OS for ease of use and programming convenience, only to belatedly realize that the consequences of a lax security approach were severe. Now they have to try and shore up the security of an OS that wasn't designed for it, while retaining as much as they can of the prior attributes.

        When you can design from a blank sheet of paper, it's a lot easier to have it all. Look at Apple's relative success. They weren't trying to design an OS that would be 100% compatible with virtually all the prior software. Instead, they were able to say "Here's a subset of our old API that we've decided to make work in this new world (Carbon). Apps that use Carbon should work. Older apps will probably work in what we've designed as a VM (Classic). Get with the program".

        Of course, Apple had a fraction of the installed base and developers to piss off by doing that. If Microsoft decides to start over and just retain some form of Win32 compatibility layer, the chaos will make Apple's transition pale in comparison. In the long run, it would be worth it, but remember the size of the Windows installed base. That's a lot of inertia to overcome.

        In general, the OSS community doesn't have these sort of problems in starting from a market share of near 0%. But with success will lie many of the same issues. So long as security is a priority from the beginning, it probably wouldn't be as bad an issue as it is for Microsoft today.
        • by NovaX ( 37364 )
          You seem to conventiently neglect what Microsoft has done and how they viewed the future. When they designed Windows, all three architectures, none had the Internet in mind. In fact Micrsoft was late to the game because they didn't see it coming.

          Windows 95 was meant to become the next home PC operating system. It had basic networking support to allow home networks and connecting to private networks (e.g. AOL, BBSes). Security was not seen as a major issue - about the same as for DOS/Win3x.

          WinNT was design
      • by Chyeld ( 713439 ) <`moc.liamg' `ta' `dleyhc'> on Monday December 27, 2004 @12:13PM (#11192253)
        I believe that's actually XOR [wolfram.com], thank you. Tyranny of OR would basicly be the tyranny of apathy, "Yeah, you could have either one, I don't care, as long as you have atleast one."
    • This isn't limited to microsoft 'tho. As an IT admin and security officer, it's a CONSTANT battle to get the custom app developers to do the RIGHT thing, rather than the EASY thing.

      I can't tell you how many times http://server/application talks to the database with username: application, password: application.
    • You have the attitude of the security folks here at work, while blocking all ports at the firewall and allowing no one internet access, and giving all users limited read-only rights to their computers would create a secure environment, it makes productivity almost nothing. No matter what the OS, you must trade some security for productivity and usefulness.
  • [Laughter] (Score:3, Insightful)

    by spac3manspiff ( 839454 ) <spac3manspiff@gmail.com> on Monday December 27, 2004 @09:19AM (#11190919) Journal
    We knew we had a bigger problem than just enabling the firewall.

  • by djupedal ( 584558 ) on Monday December 27, 2004 @09:19AM (#11190920)
    ...can't wait to read it, actually. Right after I finish reading the Worldwide Service Agreement that came with my lawnmower.
  • I see.... (Score:4, Funny)

    by Anonymous Coward on Monday December 27, 2004 @09:20AM (#11190925)
    "The SP2 product they shipped bore little resemblance to Microsoft's original plans for the release, but was instead a far more secure and stable product that, ultimately, made XP a better operating system." I knew it! Microsoft originally planned it to be unsecure and unstable!!!!! ~kalinga
    • Why do I perceive a scene from Hot Shots here. Loyd Bridges is the MS Manager that the SP2 team comes to:
      Team: "Sir, we need to enable a firewall to help mitigate the rash of IE exploits that's plaguing XP. By limiting port exposure due to the many users who have direct connections over broadband, we can limit virus attacks and spyware."
      Bridges: "I have no idea what you just said. None. But you do a good job and you're a great soldier, so..Carry on!"
  • by slapout ( 93640 ) on Monday December 27, 2004 @09:21AM (#11190930)
    "and a virtual team of Microsofties"

    So is that like little fairies or something that write code while everyone is asleep?

  • by anicca ( 819551 ) on Monday December 27, 2004 @09:25AM (#11190954) Journal
    Todd: I thought we'd never ship XP SP2. I just wasn't sure if we could get to the quality level that we need to be at in time. Paul: In time ... ? Todd: Before the next [round of dangerous exploits].
    That says it all. Even the team in charge of fixing the holes knows there will be new breaches almost immediately. Like http://it.slashdot.org/article.pl?sid=04/12/25/143 3236&tid=172&tid=128&tid=201&tid=1 [slashdot.org]
  • Note IE (Score:5, Insightful)

    by spac3manspiff ( 839454 ) <spac3manspiff@gmail.com> on Monday December 27, 2004 @09:26AM (#11190957) Journal
    Looking at the timeline, almost half of it was filled with 'fixing' Internet Explorer
    Just drop IE and spend more time on the freaking OS.
  • by tomstdenis ( 446163 ) <tomstdenis&gmail,com> on Monday December 27, 2004 @09:30AM (#11190982) Homepage
    I mean they took too long to release a patchset that caused problems and look, 7 or so new bugs found in CORE components [prolly been there since win98 or earlier].

    Maybe if they spent less time "re-inventing the wheel" er... "innovating" they would have more time to actually write what they NEED to write more securely.

    There is no reason why commercial software would have buffer overflows [at all] and specially in something like LoadImage().

    In FOSS at least you can blame lack of time, review, etc. But in commercial software you're paying for the eyes and the time.

    Show me a story where they agree to hold back on re-packaging the latest video/sound codec as a Windows format [hint: wmv == mpeg4 == divx for all intents and purposes] and instead decide to fix a good 10k bugs or so.

    Of course I'd settle with the non-integration of MS IE, explorer.exe and MSN and the addition of a POSIX.1 emulation layer [that comes bundled] ;-)

    Tom
    • Even commercial software is still written by humans, and there is still no single program that can catch (all) errors in other programs. So, yes, they make mistakes just like FOSS coders. FOSS benefits from peer reviews all over the world and yet there are still uncaught mistakes lurking around. Commercial software benefits from paid reviewers all over the world, and yet there are still MANY uncaught mistakes lurking around.


      • So why pay for commercial software? The point is they dedicate resources where FOSS is "laisser-faire".

        By your post if FOSS == commercial in terms of quality and expectations... then why does MSFT exist still?

        That was my point. Show me a story about how MSFT plans to fix their blatantly wrong development strategy. That would be worthy of a news headline. Some lame "interview" with the people responsible for a fairly unsuccessful SP2 isn't that interesting.

        Tom
  • by eltoyoboyo ( 750015 ) on Monday December 27, 2004 @09:31AM (#11190990) Journal
    "Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. ...

    I agree with that, as a Windows 2003 server consumer. Although the prevailing wisdom says that browser use from a server should be minimalist at best.

    But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that."

    And that is the problem. It is not so much that Internet Explorer is insecure. It can be made VERY secure. But then it is very difficult to use for Joe Average User. There are tradeoffs all over the world wide web. (example: I want to be able to view these nifty stock quotes, but then my browser is open to exploits). The standards are still evolving and programmers are still adjusting towards the safest yet most robust model for all.

    • by Kjella ( 173770 ) on Monday December 27, 2004 @09:55AM (#11191114) Homepage
      "Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. ...

      I agree with that, as a Windows 2003 server consumer. Although the prevailing wisdom says that browser use from a server should be minimalist at best.


      Actually, the problem with that is terminal servers.... those who have chosen such a solution, run their browsers from the server. Of course, they should not have the user rights to do anything really nasty, but it is still problematic.

      Kjella
    • i would disagree. You can have functionality too if you code security into the code, the user interface doesnt need to change dramatically so that it is unusable.
      a system similar to the sandbox method for java applets is an idea too ( yes i know there was an exploit with it recently )

      Point is - a program should treat ALL data as malicious and/or broken, if it comes from 'outside' and then prove the data to be valid BEFORE doing something with it.
      Such as checking it fits into buffer sizes for example ( hell
    • One major problem is that the enduser needs an interface to navigate through and come to grips with every serious security feature. Since IE has trained millions of users in promiscuous computing, this is a particular challenge.

      Every time something does not work, the enduser rarely cares why, in the technical sense. Instead, they want an abstracted answer to their unvoiced question along with a quick fix and the promise this will never happen again. For every feature, there also needs to be a user-handl
    • Payback is a bitch (Score:5, Insightful)

      by Progman3K ( 515744 ) on Monday December 27, 2004 @10:09AM (#11191228)
      Microsoft spent too much time trying to tie-up market-share, instead of architecting and designing their products to help clients.

      By (inadvertently) harming their clients like that, they've built a monster, and now, short of scrapping most of their IE work, there is no way they will ever deliver anything robust and secure.

      Of course, they WON'T go back and do it right, both because the corporate masters won't stand for it and the fact their development teams are committed to what they've done and their disgracious vision.

      So it's game over for Microsoft, who couldn't deliver on what clients really needed.

      In fact, they'll survive in computing the same way Mcdonalds survives in cuisine. Some would call that a success, but few would admit to eating there.
      • I have given up McDonalds and Microsoft for lent, but what doesn't matter are consumers.

        Businesses are locked in, by office and windows. Even mac users (in the business world) are locked in by Microsoft Office. As a desktop support guy, I do my part (tell them to use safari, use mozilla, use firefox), but I have to say the lock in is really in the minds of the drones. When I ask if they have heard of firefox, its a browser they say, what is a 'browser?' You see, to almost everyone non tech Explorer = Inter
    • There's no reason that "nifty stock quotes" couldn't be delivered in plain HTML. If you need to use something insecure like ActiveX to view them, that is because MS has put so much effort into promoting "features" instead of "security".

      If MS were serious about security and simply removed ActiveX from their browser and stopped supporting it, pretty soon the web sites that use it would get re-written to use something more sensible.

      • If MS were serious about security and simply removed ActiveX from their browser and stopped supporting it

        Then Windows Update wouldn't work.

        Features-wise and security-wise, ActiveX in IE is no different from an XPI that installs a Netscape plug-in in Firefox. Or are you talking about a user-controlled ActiveX whitelist to match Firefox's XPI whitelist, defaulting to *.microsoft.com and nobody else?

      • Or more simply, don't browse as the administrative user (root).

  • by Esine ( 809139 ) <admin@tohveli.net> on Monday December 27, 2004 @09:41AM (#11191029) Homepage
    "An additional processor-based "no-execute" feature is expected to be offered in forthcoming Intel and AMD processors."

    No Operation? (NOP, 0x90)
    • by x-caiver ( 458687 )

      No Operation? (NOP, 0x90)

      Yes, you got your 'funny' points, congrats ;)

      "No Execute" is also called "Data Execution Prevention" now. Basically it is a way to mark pages in memory as locations for data only, and not some places that executable code can be put. If you try to execute code from one of these pages -boom-.

      Here is one of the microsoft.com pages on DEP: DEP info [microsoft.com]

  • Well, SP2 may be a bust, but at least Microsoft has the art of the slick headshot down pat...

    Are those project managers or aspiring actors? I can't tell which!
    • Re:Headshots (Score:3, Interesting)

      Hah, I was just thinking that. What's funny is that Todd Wanke was described in a previous WinSuperSite story as being a real tough case (shadowy former security-related job with the US govt) when running a previous "war room", and apparently people were terrified of him! It also said he was a likable guy in person (well, Paul "I want to be assimilated" Thurrott isn't going to say he's an arsehole is he?). So who knows. They made him look like a fluffy teddybear in those shots.

      I notice they left out some

  • by SnappyCrunch ( 583594 ) on Monday December 27, 2004 @09:51AM (#11191093) Homepage
    I've been reading The Old New Thing [asp.net] for a few months now. It's a blog written by a guy at Microsoft (I don't know what department), and among the things he writes about is why windows sometimes works in unexpected ways.

    Yeah, Windows has lots of bugs. But some of those bugs can't be fixed, because certain major programs rely on those bugs . When you fix the bugs, you break the programs. Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.

    MS has been pussyfooting it about breaking programs in the past, and I'm glad MS finally bit the bullet with SP2 and broke all those programs in the name of security. It was high time. Of course, it means I have to keep a second PC around for some older games, but hey, that's life.
    • Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.

      Why does that sound so familiar? Oh, yeah:

      Narrator: A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure,
    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Monday December 27, 2004 @12:29PM (#11192374)
      Yeah, Windows has lots of bugs. But some of those bugs can't be fixed, because certain major programs rely on those bugs . When you fix the bugs, you break the programs. Almost every bug fix windows gets these days is accompanied by a program breaking. MS has to try and decide whether enough users are affected by the bug to make the fix worthwhile.
      So, why doesn't someone at Microsoft call up the vendor of those apps and let them know that the next service pack will break their apps in this very specific fashion?

      Then the vendors can release patches for their apps so that they will work after the service pack is applied.

      And before anyone goes off about how Microsoft would have to spend too much money and time testing every app out there, you're wrong.

      There are lots of companies with contracts with Microsoft and Microsoft could ask those companies to run a quick diagnostic app on some of their machines with the apps those companies consider critical to their business running.

      That way, Microsoft could see what apps were using the bug that they planned to fix and how many of their big customers would be affected by a fix.

      Microsoft has the money, the contact info, the company info and the existing contracts to do just that.

      The real reason Microsoft doesn't do that is because there are too many bugs that rely upon other bugs and Microsoft doesn't even know which are which or where they are.

      For reference, look at this previous /. story: http://slashdot.org/article.pl?sid=04/08/27/153124 2 [slashdot.org]
  • such a waste... (Score:5, Insightful)

    by erroneus ( 253617 ) on Monday December 27, 2004 @09:53AM (#11191101) Homepage
    The people at Microsoft know what is wrong with Windows. They have a variety of reasons for not fixing it. I can't say I agree with them completely but some of them make good "business" sense. It's too bad they care more about "business" than the quality of the product itself.

    When Apple did MacOSX, they basically created a "WINE" for MacOS9. Not everything was/is perfect but a great many things continue to work without problems. They didn't sit back and say "oh... we have business reasons for not overhauling the whole OS and starting over from something more secure and stable from the start."

    I have said it before and I say it again: Microsoft is perfectly capable of doing exactly what Apple did: Make a new OS and make a WINE to run the old stuff until people finally migrate over. I'm not a developer but there are plenty of examples out there to show it's not impossible. I know I can't be the only person who has ever thought of it and I wonder why they haven't done this at Microsoft already? Some people here have been kind enough to put forth some reasons why Microsoft hasn't just abandoned its current Win32 model -- essentially business reasons -- so can someone offer some likely reasons why Microsoft wouldn't build a new OS and then make a WINE for backward compatibility?
    • Re:such a waste... (Score:5, Insightful)

      by ajv ( 4061 ) on Monday December 27, 2004 @10:26AM (#11191366) Homepage
      They did - it's called NT. It's the kernel under XP, and bears no resemblence to the shim known as Windows 9x/Me.

      I remember a few years ago when I was running NT 3.51 on my dual processor HP workstation just how nice this nice shiny new OS is. I can format a floppy and I can still do other things. Before NT, it took an Amiga to do that. In the Linux of the day, well I could use mformat or dd and zero out the sectors in preparation for a tar, but there was no UI for either and both were relatively arcane.

      The level of transparency in XP running old apps makes Apple's half-baked approach look amateurish.

      I bet when Avalon comes out, you're going to complain that it's not available on Windows Me or 2000, or why Microsoft is forcing developers to abandon their code and start over again. MS can't win on slashdot.
      • Re:such a waste... (Score:4, Interesting)

        by erroneus ( 253617 ) on Monday December 27, 2004 @11:52AM (#11192074) Homepage
        uh... I'm going to have to disagree with you there...

        Drivers under XP are still running at Ring-0. The same Win32 API thing is still in operation which makes virtually any security problem, a system-wide compromise since the message queue is a problem that cannot be fixed without a complete rewrite/replacement of Win32.

        Part of Windows's current set of problems involve the execution level of device drivers. Another part is the message queue problem. The integration of MSIE is a pretty critical failure too but wouldn't be were it not for the existance of the first two. The first two problems necessitate abandoning or virtualizing the Win32 API as it is today. The only safe way to continue using that API is to run it in a virtual machine that doesn't actually run that API itself. That way, the apps and drivers cannot corrupt the rest of the OS needlessly.

        MS can win on Slashdot if MS would abandon its pride and admit when mistakes are made. It was a mistake to integrate MSIE too deeply into the OS. The shell itself should have be safely disconnected from the kernel. I remember when Win2k was first being introduced and discussed at some Microsoft thingy... I raised my hand during the Q&A session and asked if drivers were still running at Ring-0. The guy I asked didn't have a clue what I was talking about but another guy did and "admitted" '...yes...' with a sigh. So he knew as much as I did that drivers at Ring-0 is a critical problem. (even if all devices are certified by MS, people still write and use those damned VXDs as DLLs for their programs so they can get 'more' from the OS in the way of performance... thereby running their apps at Ring-0 and circumventing program protections.)

        When Avalon (whatever that is) comes out I am sure there will be plenty of people bitching about it... no getting around it. But I think the world has adjusted to the fact that Win98 is an abandoned OS and should be regarded as such. Win2000 is not yet abandoned and should be supported where it is appropriate. (Did people actually use WinME??? Dear god...thought it was just a bad dream...)

        MS forcing developers to start over again should be considered normal and acceptable. I don't think anyone should bitch about that at all. There are other reasons developers should bitch at Microsoft, however. In my view it's like people bitching that they need to go back to school to update their education. Sorry man, but the world is a changing place and if you don't change with it, you will die. But then again... :) Go visit http://www.night.net [night.net] :) Those jokers are still running WindowsNT for most all of their servers... who knows why other than being unwilling to learn and change with the world... running some oreilly web server I can't recall. (Oh yeah, WebSite...) Servers rebooting several times a day. Simply remarkable the lengths and crap people will endure simply to avoid learning something new. Boggles my mind.

        Well anyway... I know these people are out there and I admit you're probably right that MS can't seem to win on Slashdot, but I'd be willing to bet that people on Slashdot at one time did sing the praises of Microsoft as I once did. I hold that Microsoft EARNED Slashdot's disapproval and it would take a LOT to restore any good feeling we once had.
        • Re:such a waste... (Score:3, Informative)

          by ajv ( 4061 )
          Drivers under XP are still running at Ring-0

          Sorry to rain on your parade, but do you think when Linux programs use the syscall interface (int $80), that it's not in ring 0 on x86 architecture?

          Or magically, on MacOS X on the PowerPC, drivers running stuff are running in userland? The Mach-FreeBSD port (darwin) runs drivers in the kernel space, and they are free to overwrite any physical or logical memory address, just as on every other operating system ... with the possible exception of Hurd or the orig

      • I think there is a big difference with what Apple did with OSX and what MS did with NT.

        Apple totally scrapped backward compatibility with old pre-OSX apps in OSX. They just put OS9 as a "virtual machine" of sorts, that could run as it's own process in OSX. This way people could still run OS9 apps while switching over to OSX.

        Microsoft did create a new kernel with NT, but they retained probably all their old APIs, with all their bugs, basically retaining most of the bugs of previous Windows releases. When y
        • "...In fact, it showed Apple had balls."

          No, it just shows that Apple had a much smaller install base with few large corporate accounts to piss off.
          Don't get me wrong. I do applaud them for taking the more difficult road but backward compatibility is a much different issue for MS.
      • The level of transparency in XP running old apps makes Apple's half-baked approach look amateurish.

        Thats odd, my feeling was the other way around since, I have yet to find a program that fails to run in Apple's OS 9 compatibility "mode"(aside from some apps that attempt to capture from hardware directly, especially hardware that isn't supported by OS X but thats to be expected). Meanwhile 9/10 of all older apps ive attempted to run under win XP fail to work entirely.

        I was much more pleased with OS 9 stu

    • Consider where Microsoft values the following 4 items:

      Customers

      Profits

      Products

      Employees

      I would guess that their order goes 1. Employees, 2. Profits, 3. Products, 4. Customers.

      Perhaps change up profits and employees, but it does seem that they have a great culture and treat their employees well. However - having profits become more important than both your customers and your products will yield a company that can't exist on the corporate landscape for as long as others.

      Profits ARE good. They are the po

      • However - having profits become more important than both your customers and your products will yield a company that can't exist on the corporate landscape for as long as others.

        Microsoft is a public company [google.com]. This means that the company's officers are beholden to the shareholders to deliver value, or the board will remove the officers.

        Shareholders care only about stock price. Stock price is dependent upon profit and liability. Nowhere in there is there a calculation for "treating people well" to increase

    • Re:such a waste... (Score:2, Informative)

      by JAHA ( 649472 )
      Hmmm...they just bought virtual pc. Think that might be a step in that direction?
    • Actually, MS Virtual PC 2004 is great for that. I use it on my desktop to run 95, 98SE, Me, NT4.0, Server2003, XP Home, and XP Pro. The reason, actually, is just for testing software, but I can call any of those up with it (having installed them as OSs under Virtual PC). I also run RH, Fedora, and Debian, but on another box, as running them under a VPC in Windows is kind of silly.
  • by sl4shd0rk ( 755837 ) on Monday December 27, 2004 @09:54AM (#11191105)
    Those are pretty nice pictures for geeks. Almost *too* nice. Is this really a collection of programmers?
  • OT (Score:4, Insightful)

    by Stevyn ( 691306 ) on Monday December 27, 2004 @09:54AM (#11191109)
    I know this isn't on topic, but after reading the article and seeing how difficult it was to get SP2 out the door, I wonder about their goals for Longhorn.

    I keep reading how longhorn is going to have wonderful new features and things nobody knows they need. However, I think that most users just want the stuff in windows xp to work the way it should. Longhorn should be a hardened Windows XP SP2.

    That might actually be the incentive for the companies that still run windows 2000 for stability to switch over. That is their market.

    Consumers are going to get windows when they buy new computer. I don't care how many linspire running walmart PCs are sold, Dell and HP are selling them with windows.

    Their competition is beating them on stability and ease of use, not cool groundbreaking new features. Most computer users just want the PC to be easier to use, not more complicated with new file systems and taskbars with more crap on them.

    People are switching to firefox from IE mainly for the enhanced security and tabbed browsing. Okay, tabbed browsing shouldn't be too difficult to copy to IE, but security is the reason techies are putting that little fox icon on peoples' desktops.

    I think they've done a good job with SP2, but I think that people just want the computer to work and are indifferent to the bells and whistles appearing in longhorn betas.
  • 7 developers (Score:5, Interesting)

    by dtfinch ( 661405 ) * on Monday December 27, 2004 @09:57AM (#11191121) Journal
    That's what a billion users spending $50+ billion a year on Microsoft software get for their money. They could have hired tens of thousands of programmers just to do line-by-line code audits without making a dent in their budget.
  • by gwiner ( 685297 ) on Monday December 27, 2004 @09:58AM (#11191132)
    "Todd: We knew we had a bigger problem than just enabling the firewall. And so at that point, I sent out a mail to everyone in the division saying, "This is what we're going to do. We're going to take a little bit more time to do it. And if you want to submit a security feature, you should do so, and then show up at this room." Well, the next day, it was standing room only, and everyone had a security feature that they wanted to check in. It went all the way down from things like the new Bluetooth stack, to the new Windows Media Player, to the new Group Policy stuff, and on, and on, and on, and on."
    I find it interesting that MS is so aware of their security problems internally, yet still claims to put an emphasis on security. This exchange seems to be good evidence that they ship ahead of any thorough security analysis/testing. Not only did they realize on closer examination that their own firewall didn't work, but half the division shows up with suggestions for known security concerns. Clearly this shows people's voices are not being heard. I guess I'm not surprised, but this seems like fodder for a lawsuit.
    • I guess it would depend on what the lawsuit is for. If it were for the software itself, we all know that won't work. It's licensed to the end-user, and that license contains a "No Warranty" clause, just like every other software out there. But if it were a lawsuit for false advertising... maybe. But I always remember seeing an ad or text or quote by Microsoft that simply says "More Secure". More secure than what, we really don't know. It could mean "More Secure than your home window made of glass" or "More
  • by NoMoreNicksLeft ( 516230 ) <{ten.tsacmoc} {ta} {relyo.nhoj}> on Monday December 27, 2004 @10:00AM (#11191152) Journal
    Why I get 5 calls a night from one idiot or another who has enabled automatic update without knowing it, download SP2, and subsequently had their entire IP stack screwed. Is that a feature?
  • Microsoft's marketing team deserves a big fat Christmas, no holiday, bonus. What I'm most impressed with is how this string of security failures around retail versions of Windows (going back how many years) can be re-shaped as a team of scientis-like experts facing an impossible task and doing a great job. If this was any other field of business or eve pro sports, this many security breaches or failures in the core of the product line would have shaken things up for the better. Instead, the reaction is a c
  • by diegocgteleline.es ( 653730 ) on Monday December 27, 2004 @10:04AM (#11191180)

    Todd: I'm talking Windows [Division] in general, or Microsoft in general. The Longhorn wave ... we kind of took a year off. We kind of stopped the train, went back and fixed some problems in XP, and now we're gearing the momentum back up. We are getting ready to focus on Longhorn.

    As I had previously read this is not a joke, just look at this quote from a Microsoft worker: http://www.longhornblogs.com/robert/archive/2004/0 8/06/4352.aspx [longhornblogs.com]:

    Now, at the same time all this has been going on, there has been a lot of complaining about the constantly slipping Longhorn release date. I haven't weighed in on that too much yet, but I think it's time to break my silence. Microsoft shifted between 80-90% of the Windows Client Team off Longhorn development and onto Windows XP SP2.



    Is not that the SP2 is a bad thing. Is a great improvement, but it took so many time, it was delayed so many times...that's all what Microsoft can do? I mean, they just put all they resources in the SP2 and it took them forever to release it.

    Perhaps it's just me, but the open source world evolves much faster and has more resources than Microsoft. Every 6 months I see more evolution in the OSS field than what I saw in SP2 (and again, it's not that the SP2 was bad - it was great! But just look at fedora 3 with its SELinux integrationand all the rest. We're being faster than them IMHO, and how fast can you evolute is more important than "how good are you today"
    • Here's part of the reason why they're having problems building decent software.

      Todd:
      One of the things I do when I run a project is I never use the word "I." Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team. As part of XP SP2, we just assembled a virtual team.


      C
    • he's an MVP, not an MS worker. MVP's are people awarded by Microsoft for their efforts in helping others out. An MS employee can't be an MVP by definition.

      FB, C# MVP
  • politics and hype (Score:3, Insightful)

    by wooby ( 786765 ) on Monday December 27, 2004 @10:07AM (#11191207) Journal

    That article offers an interesting insight into the Microsoft development process.

    I know that even sizeable open-source projects can be ridden with political complications, but this article gave me a new sense of how people interact when working on big projects.

    Todd Wanke seems like a good guy, but using the article as a vehicle for his sappy management practices wasn't very appealing.

    Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team.

    Also not appealing is Jim Allchin's satanic gaze. [winsupersite.com] Jesus.

    Too much hype. Too much bullshit. Too many acronyms. I'm sticking to free software people.

  • Sigh^2 (Score:5, Insightful)

    by Ancient_Hacker ( 751168 ) on Monday December 27, 2004 @10:07AM (#11191210)
    After reading TFA I don't know whether to laugh or cry:
    • Microsoft's best are not able to turn off Media Player 8.
    • Media Player 9 went thru a "security audit", so it must be better than 8, which has been tested by several hundred million people.
    • Enabling a firewall breaks *everything*. Apparently they havent heard of a simple GUI with easily-understood checkboxes. (See IE options... for the classic counterexample).
    • They somehow expect a semi self-anointed czar of security patches to gain everyone's support.
    • Nowhere is it mentioned the (estimated) 45,000 uses of unsafe string functions in the source code.
    Sigh^3?
  • by hhawk ( 26580 )
    I just like the really nice taken professional photographs of the team. That plus the admission that if SP2 with all the security holes it's had, is still more secure than anything MS has shipped, but then again we have always known, that that a MS box is totally secure esp when, "not attached to any network and having no removable media."
  • Tux?? (Score:5, Funny)

    by tsager ( 196659 ) on Monday December 27, 2004 @10:24AM (#11191353) Homepage Journal
    Following the first link in the story leads you to this picture (eventually):
    http://www.winsupersite.com/images/reviews/war_tea m_85.jpg [winsupersite.com]

    Isn't that a penguin?
    Isn't that Tux?
    What's he doing there?
    Spying?

    Or... noo. They hold him captive??!
  • So glad (Score:2, Funny)

    by Muttonhead ( 109583 )
    I'm so glad Slashdot devotes so many stories to Windows. I haven't used it in so long it nice to touch base now and then.
  • by Cally ( 10873 ) on Monday December 27, 2004 @12:28PM (#11192368) Homepage
    ...Microsoft developers,that I'd like to know the answer to, is this. (I'm doing my best to frame this in non-troll-like terms.) Disclaimer: I've drunk the FSF koolaid - my freedom is more important to me than pretty flashing lights, cute interfaces, or another $10,000 salary. (As a matter of fact I'm doing much better for myself, financially as well as life-style-wise, since I stopped accepting money to work with proprietary software... but that's by-the-by.)

    Richard Stallman asserts that closed, proprietary - non-Free - software is an ethical wrong. That is to say, it reduces the amount of freedom in the world. By developing, supporting, selling, evangelising - etc, etc - proprietary, non-Free software, one actively HURTS one's fellow humans. I mean this in the RMS sense - I'm not talking about Windows being less secure or less stable than GNU/Linux, but being less free.

    How do Microsoft (et al) developers, who are obviously intelligent, hard-working and - at the technical level, at least - well-intentioned people, reconcile this with their consciences? Do they...

    • reject the notion that software freedom is a real freedom?
    • reject the idea that that freedom is important?
    • Just not think about this issue?
    • Buy one of the classic get-outs for those co-operating with evil, such as "If I don't do it, someone else will", or "I need to feed my family / pay for my SUV / eat", or... what else?

    Hope this doesn't sound like a troll. I just really want to understand why people go along with this system. I don't get it, but obviously most of the rest of the world don't care or have some other cognitive work-around. Please enlighten me someone!

    • I personally think that adding proprietary software to the world increases, not decreases, freedom. The existence of my software in the world gives people more choice. The fact that my software is non-free doesn't change that fact, it just changes the nature of the choice.
    • Richard Stallman asserts that closed, proprietary - non-Free - software is an ethical wrong. That is to say, it reduces the amount of freedom in the world. By developing, supporting, selling, evangelising - etc, etc - proprietary, non-Free software, one actively HURTS one's fellow humans. I mean this in the RMS sense - I'm not talking about Windows being less secure or less stable than GNU/Linux, but being less free.

      How do Microsoft (et al) developers, who are obviously intelligent, hard-working and - at t
    • You have confused freedom with what one does with his or her freedom. Freedom being the right to use one's time, property and effort as one wishes. To suggest that proprietary software is evil uncovers the fanatical and unreasoned basis of your position. You should never have to resort to one color arguments that don't even really say anything other than scream that something is wrong.

      And it's especially tragic when people of Stallman's statue adopt fanaticism instead of reasoned persuasion, especially giv
  • by mrcparker ( 469158 ) on Monday December 27, 2004 @12:33PM (#11192403)
    One of the things I do when I run a project is I never use the word "I." Even if you went back through every piece of mail I wrote for Windows Server 2003, and Windows XP SP2, you'll never see the word "I" in any of those emails, unless there was a specific reason for it. I'm just a believer in that if you want to get things done, the best way to do it is as a team.

    What a wanker. This is one of those guys who when he means "you" he says "we". For example - "why don't we spend the next few hours working out the bugs." - which means "why don't you bust your ass for a few hours while I go home and get some sleep.".
  • by Animats ( 122034 ) on Monday December 27, 2004 @03:53PM (#11194130) Homepage
    • "Paul: How does IE in SP2 compare to IE in Windows Server 2003? Was the original idea to make it more like "IE Hard"? Obviously, it can't be that locked down.

      Todd: The original idea was to make it sort of like IE Hard. The IE in Windows Server 2003 is really unusable for consumers. But we were thinking that drastic at first. I can tell you that during the [initial design] phase were definitely thinking as drastic as that.

    It sounds like Microsoft actually has a secure version of Internet Explorer, without all the guck that makes it insecure. But they consider it "unusable for consumers". Probably because you can't run all those stupid "toolbars", "Active-X controls", "upgraders", and other crap you don't need. It's clear that the "features" people won out over the "security" people.

    They could at least offer "IE Hard" for everyone who wants it. Most business desktops probably should be running "IE Hard".

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...