| Grex > Systems > #58: Windows Vista goes Gold |
| Windows Vista goes Gold | 
Nov 8 21:29 UTC 2006 |
Windows Vista has been released: http://osnews.com/comment.php?news_id=16430&offset=0&threshold=-1&msg=8#180 138 Phew! Coming so hot on the heels of Windows XP. I really can't believe it!
| response 1 of 27: |
Nov 8 21:39 UTC 2006 |
We're supposed to get our volume license keys for Vista on the 30th, and our media kit shortly after. I suppose now I can start my Vista stopwatch. Six months from now it will be ready for production.
| response 2 of 27: |
Nov 8 21:40 UTC 2006 |
Oh, #1 feature I look forward to in Vista is no more floppy disks for SCSI/RAID drivers! YAY!
| response 3 of 27: |
Nov 8 21:43 UTC 2006 |
Re: #1, Hahah, ain't it the truth.
| response 4 of 27: |
Nov 9 02:02 UTC 2006 |
Windows is for wimps. You fucking pussies, get a real OS like OpenVMS.
| response 5 of 27: |
Nov 9 02:15 UTC 2006 |
You remind me of someone who used to frequent party, hayz3141. Hayz would change religions every week...religiously (pun intended). Towards the end there it got interesting because he had run out of popular religions and had to find some really obscure ones. I see HLN doing the same thing, except with operating systems. First he was all about Unix, then he boasted his knowledge of NetBSD. Then it was Linux, and now it is OpenVMS. Soon he will profess the superiority of OS X, or Solaris. But eventually he will have to start prosthelitizing some obscure OSs. He'll be calling us pussies because we don't run some obsolete 20 year old operating system like Minix or something.
| response 6 of 27: |
Nov 9 03:50 UTC 2006 |
I'm really fucking bitter because I don't have a clue about TCP/IP. This pretty much fucking sucks.
| response 7 of 27: |
Nov 9 10:53 UTC 2006 |
RE: #5. Minix has been updated! Apparently Tannenbaum has finally given in to the people who "want to turn Minix into BSD", made some technical improvements and (I think) given up his anti-X Window System jihad.
| response 8 of 27: |
Nov 9 11:52 UTC 2006 |
re 7: Is Minix still a microkernel? re 6: I think you probably know more about TCP/IP than you think, and probably more than most people. Do you know what an IP address and subnet mask is? Or what a port is? What about NAT? I think people in general have a pretty good grasp on TCP/IP but still think they're clueless about it. Anyway, I think to have a good grasp on TCP/IP you need to have a good working knowledge of the OSI model, including the ability to associate different protocols with different layers. After that you should tackle IPv4, starting with subnetting. The classful subnets (255.0.0.0 255.255.0.0 and 255.255.255.0) are easy. But you should be able to look at an address with a subnet of 255.255.255.192 and know how many addresses are in that network, what those addresses can be, what the broadcast address is, etc.
| response 9 of 27: |
Nov 9 14:23 UTC 2006 |
Re: #7. If anything, it's more like a microkernel now than ever. Minix previously included several things in the "microkernel" that technically shouldn't be in one, as a performance hack. There are efforts underway to progressively remove those bits.
| response 10 of 27: |
Nov 12 18:42 UTC 2006 |
Michael Howard spoke at my UW class last Wednesday night about the .dll's they scrubbed and the "SAL" program they use to scrub out bad code. It was pretty intriguing. I have to say that Vista looks like it will be fairly revolutionary for Microsoft.
| response 11 of 27: |
Nov 12 18:56 UTC 2006 |
I'm not buying into the whole Vista secure bullshit. I'd be more adept to believe that someone would make nylons that don't run before MS created a OS that doesn't need an anti-virus system.
| response 12 of 27: |
Nov 12 23:20 UTC 2006 |
Here are some of the API's they banned in Vista: trcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW, wnsprintf, wnsprintfA, wnsprintfW, sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf, _snwprintf, _snprintf, _sntprintf, wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf, _vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW strtok, _tcstok, wcstok, _mbstok makepath, _tmakepath, _makepath, _wmakepath, _splitpath, _tsplitpath, _wsplitpath scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf _itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow gets, _getts, _gettws IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr strlen, wcslen, _mbslen, _mbstrlen, Other things they did was ban old crypto, fuzz tested the hell out of data for buffer overruns, eliminated weak ACLs, and tested overflows underflows truncations and signedness.... Its impressive and I can't wait to see what the first major glitch is.
| response 13 of 27: |
Nov 13 01:52 UTC 2006 |
There are many ways to fuck yourself in structured programming. Buffer overrun, uderflows, truncations, and signedness are just the tip. There are also format string attacks, unicode attacks, off byte one byte attacks, and a shit load of other things. I would encourage people like nhardon and tweenex to take some remedial CS classes at Devry and read some of the back issues of the Phrack.
| response 14 of 27: |
Nov 13 03:48 UTC 2006 |
Microsoft won't make an OS that doesn't need an antivirus system, because they're moving into that market. They want to sell you the insecure OS, then sell you the software to clean it up, too.
| response 15 of 27: |
Nov 13 19:57 UTC 2006 |
re #13
Threat models and code review should be mandatory annual refreshers for
anybody involved in application development and deployment.
I know that standard annotation language (SAL) was used extensively in Vista
as well as static analysis tools like PREfast and /analyze from Visual Studio
2005. Here's an example of a before & after:
void FillString(
TCHAR* buf,
size_t cchBuf,
TCHAR ch) {
for (size_t i = 0; i < cchBuf; i++) {
buf[i] = ch;
}
}
The arguments
TCHAR* buf,
> size_t cchBuf,
are related but the compiler doesn't know. So after SAL checks it you get:
void FillString(
__out_ecount(cchBuf) TCHAR* buf,
size_t cchBuf,
TCHAR ch) {
for (size_t i = 0; i < cchBuf; i++) {
buf[i] = ch;
}
}
So there is your 'out buffer' in the __out_ function and then there is the
byete count element in _ecount
I'll quit here, though. I don't want someone mistaking me for a programmer.
| response 16 of 27: |
Nov 13 23:58 UTC 2006 |
Interesting. Some of the API's they banned make little sense to me. Still what makes even less sense to me is that, for an OS written in C++, why not use a *class* for string handling, so that all of this C-style string gunk can be factored out? I suppose you'd have to do it somewhere (at, say, boundary points for entry into the operating system - system calls and the like), but that's about it.
| response 17 of 27: |
Oct 24 15:56 UTC 2007 |
Vista is the most unstable OS since Win 3.1. A new disability came to my attention when I needed to send a facsimile and found out that the capacity comes only with Vista Business edition. Home and Premium buyers are just shit out of luck. It took me a bit of searching, but FaxZero fit my purposes. Vista sucks.
| response 18 of 27: |
Oct 29 18:18 UTC 2007 |
I thought Microsoft Office's profusion of versions with different feature sets was confusing enough. Extending that to the OS itself just makes things worse.
| response 19 of 27: |
Oct 29 18:27 UTC 2007 |
Yes, it does, but we can't have it both ways. For years now, Microsoft has been criticized by anti-trust crusaders for bundling software with its OS and abusing its monopoly powers. Now that they're selling versions of the OS that come unbundled from the extra software, nobody's happy.
| response 20 of 27: |
Oct 29 18:57 UTC 2007 |
I think it's partly that, and partly an attempt to cripple cheaper versions so they can upsell. I doubt anti-trust concerns played any role in preventing Windows XP Home from joining a domain, for example.
| response 21 of 27: |
Oct 29 19:18 UTC 2007 |
Right. Similarly with Vista Microsoft insists that if you want to run the OS in a virtual machine, you must buy a business version. There's no good technical reason for that, they just want more of your money (which, given they're a for-profit business, is neither surprising nor inappropriate, it's just what you get when you deal with them.)
| response 22 of 27: |
Oct 30 04:08 UTC 2007 |
What frustrates me is that one cannot buy the components one wants as bolt-on packages. If I want manageability and remote access and semi-server capabilities, but do not want aerodesktop or media center, there is no "this piece from ultimate that I want" that I can add to the most basic versions.
| response 23 of 27: |
Oct 30 05:20 UTC 2007 |
I think it's kind of unreasonable to expect such an approach, and if you think about it such a pricing model breaks down very quickly.
| response 24 of 27: |
Oct 30 14:40 UTC 2007 |
Can linux do what you want?