All Things Microsoft > Microsoft Software
How to make your Windows machine more stable and secure
skyman8081:
I though the the even-number branches were the STABLE one's. (e.g. 2.2, 2.4, 2.6) and the odd-numbered kernels were the testing and UNSTABLE branch. (2.1, 2.3, 2.5, 2.7).
PS. When I tried 2.6.0 when it was first released, I figured that since it was an even-numbered release it would work smoothly, right? WRONG!
I was running gentoo at the tme, so installing it wasn't too bad. I installed it with the drivers for my hardware selected. Only, one thing when I booted it. The NIC and sound-card didn't work.
Okay, I go back and make sure that the drivers for my NIC's chipset are selected, they are. I have emu10k1 selected, as before. same thing happens.
I keep trying with no success, I'm missing xmms by now.
On the nest try I boot with a kernel panic saying that it can't mount root(/)
Well I look in make menuconfig, and I see that I have reiserfs and ext3 selected (neither are modules). and try again.
same thing.
Guess I had too high of expectations of it, expecting it to work and all...
Calum:
--- Quote from: muzzy ---By "Quick Stabs" I meant your way of answering my points by merely addressing a way I express it. I.e. tangling to words, twisting them, and so on.
--- End quote ---
bullshit. you say something, at least admit it.
--- Quote ---I have a view here that I'm trying to express, and I'd rather like to discuss about it itself than the exact words I use to express it.
--- End quote ---
then say what you mean, and stop trying to change your mind about what you said afterwards.
--- Quote ---Regarding my view of not considering w9x series as a Windows operating system, it's because the two series are a completely different operating systems with completely different design and approach at doing things. NT is what Windows should've been from the very beginning.
--- End quote ---
whatever. you give this reason, but it does not change the fact that windows 98, 95, 3.11 and so on are very much a part of what ms windows is and has been, for a huge proportion of users, myself included.
--- Quote ---17 years? Has it really been that long?
--- End quote ---
longer i think, actually, i think the first windows was 1983 (is this right?) so that makes it twenty something years...
--- Quote ---All of the win3.x, win9x, and NT have been quite radically different systems. I think you're right about my use of the word, I should just call my OS of preference "Windows NT", except that people would think I mean some ancient version.
--- End quote ---
would they? it'd be better than your current choice of words, although i know you prefer not to choose your words very carefully so that you can let other people misunderstand you liberally.
--- Quote ---I've preferred to use "Windows" to only mean the current design, which btw has been a separate branch of an OS since pre-3.x times.
--- End quote ---
again, prefer what you like, windows is windows. and btw it also sucks! :-D
--- Quote ---If only microsoft didn't call them all just "Windows",
--- End quote ---
oh if only! and if only they didn't crash to BSOD within a day of installing them. considering you "hate" (your word), windows XP too, i wonder just exactly which windows releases you actually do like.
--- Quote ---this naming practice makes me think they're referring to the user environment and not the OS...
--- End quote ---
as has always been the case, yes.
--- Quote ---I haven't really looked into HURD, but since it's a pure microkernel design, I'm expecting they won't get a high performance desktop running anytime soon.
--- End quote ---
ok, just wondered if you had checked it out, what you say seems to have been borne out since it's been ongoing for decades with no finished product on the table that i have heard of.
--- Quote ---The message passing overhead of a pure microkernel design is just too heavy IMO. Windows NT bypasses these issue by having a slightly altered microkernel design. If HURD can design around context switching and scheduling overheads which will come from having a microkernel design, it could turn out to be a really good OS. It's a bit early to say, and I haven't really had an in-depth look into it.
--- End quote ---
well, perhaps early when counted in ice ages, in my opinion it should be brought out while at least some of the people who originally started working on it are still alive.
--- Quote ---There have been countless holes in linux which have been as severe as the windows holes. There has been enough time for people to write worms too. Typically, they haven't had such a big impact as the windows worms do. This is because of numbers.
--- End quote ---
like how you back that up, if i say "this is because linux is inherently more secure", then i think i have backed myself up with about the same amount of evidence as you have.
--- Quote ---About MS Paint, yeah it isn't very feature filled, however my point was that it's perfectly suitable for drawing and should not be considered as a joke. It's a serious application that can do a lot of things, just like gimp can do a lot of things. However, mspaint isn't a gimp replacement and gimp isn't a photoshop replacement.
--- End quote ---
yup.
--- Quote ---And regarding suidroots, there just isn't a way around all of it. Applications are set suidroot because they need to do something that the user cannot do. Typically applications drop their root privileges after they're done using it, but there have been countless of vulnerabilities that have occurred before this happens. One way to solve the problem in *nix environment is to create a separate user for the process. This works fine with services, so they can be chrooted for filesystem scoping and so on. However it doesn't work at all for those said applications, because users cannot be given fine grained privileges without really funky patches.
--- End quote ---
you have lost me here, why can unpriveleged users not be created for every time this happens? i just don't have the general knowledge to understand you here i think.
--- Quote ---Pretty much all of the current linux distros depend on root user to exist, and suidroot applications ran as its privileges. There are some interesting process based security patches which takes root privileges away from the user and give them to specific binaries, but such systems aren't used by any common distros.
--- End quote ---
specific binaries then would always be run as root? which ones? is this the same as now, but with no root user? sorry to seem dumb.
--- Quote ---You are making the assumption that sources are necessary for this, yet quality assurance testing is regularly done without sources.
--- End quote ---
i don't see how if one person writes something (in source code, yes?) and then compiles it into a working binary, then gives it to somebody else to check, that the checker will be able to point out potential errors and vulnerabilities just as well from the binary as from the code. the code will contain everything the developer originally wrote, including comments. have i missed something here? this seems pretty simple in concept, to me.
--- Quote ---The devices are still available under the unified namespace, the CreateFile() api supports syntax like \\.\FOO to access objects under the object namespace \??\ directory. The command prompt still looks up object names from the same directory as well, and this is where things like C: D: E: and other symbolic links live, and point to the real physical devices. The idea of the object namespace is to have systemwide (and per-session) named objects for things like events, processes, threads, desktops, etc. Named pipes are still implemented as a filesystem and are all files, even though they're not part of either object namespace nor the filesystem namespace. There are various similar unofficial namespaces, and they are accessible through device objects in the object namespace. In conclusion, I don't think there are any benefits over the "everything is a file" over the NT design. Any issues I can think of can be blamed on the command prompt implementation, which doesn't even support the full NT filesystem namespace (alternate stream syntax not properly supported, for example)
--- End quote ---
i don't know, (and i really don't, since it's not something i think about a lot), but the model you describe at least sounds messy compared with everything being a file. i am sure that's not the most involved criticism, but that's my instinctual thought.
--- Quote ---The thing is, it supported my hardware. Trying to compile it with packet scheduling (hardware independent) stuff made it trash. The kernel is supposed to be compiled with various different settings, and every configuration is supposed to work or at least give a sensible errors what's going on. Some of the configuration I tried wouldn't even go as far as starting init, they'd either mysteriously reboot (bug), or kernel panic due to something unexpected (bug). I know perfectly well how to compile stuff, and to my best knowledge my configurations were totally OK. The kernel just didn't work. If you had the patience to go through some of the changelogs, you'd find that the 2.6.x series is totally fucked. In 2.6.9 you could crash the kernel by merely opening enough connections, a bug which took down my shellbox once. Even with "normal" configurations the damn thing is so bugridden it hurts, and I figured that there were some things that almost always made the kernel die a horrible death when turned on (ingress filtering, for example)
2.4.x late kernels work fine, but lack stuff for which I would've wanted to use 2.6.x. So, I made the mistake of assuming a kernel tree with a "stable" version numbering scheme would've actually had stable kernels.
--- End quote ---
hmm, that was a mistake, when looked at historically. of course stable and unstable when referring to continually developing software is always misleading. if it was stable, then essentially you are saying NO bugs can ever be found in that code again. over a certain size this is completely untenable to ensure. i make no claims for the stability of various version numbers of the linux kernel, but your habit of comparing linux with windows usually hinges on the design model, not the specifics of a particular kernel version, also, you still do not mention the fact that you are comparing a kernel with an operating system, for example red hat and suse seem totally stable to me, they are both based on a linux kernel (from the late 2.4s, so that agrees with you). I have indeed heard pretty horrible things about the 2.6 kernels, another reason i'm steering well clear until one happens to come by default in a linux distribution. i seem to recall the uptake of 2.4 was a lot faster than the uptake of 2.6 seems to be, and this is an indication of just how stable it is, but this in no way reflects on the development model, it could mean a lot of things, organisational problems in the maintainers, trying to implement lots of new (clashing) things at once and many more.
--- Quote ---This was a really REALLY low now. Basically, you are saying that linux shouldn't be ever expected to work?
--- End quote ---
if that's the case then basically you have cotton wool in your ears and your head up your arse. there have been thousands of available versions of the linux kernel, and maybe a dozen or so versions of the NT kernel (always embedded in a take-it-or-leave-it operating system) and to some degree all the linux kernels are development versions, oho but so are all the NT ones, i bet. nothing "works" by your definition. my linux systems "work" for everything i want them to do (well, actually the driver for my samsung printer sucks a bit and prints only half a page at a time, but since it is contributed by samsung, i have them to blame, not the linux kernel itself), but windows fails to "work" by even remaining running long enough for me to save my work sometimes! i know how many of our users' PCs need to be reimaged at work just to fix some problem that is known but unfixable, so don't go moaning to me that linux never works and windows always does.
--- Quote ---Yeah, that's about right.
--- End quote ---
thank you, it is.
--- Quote ---Now, think again what you said, think carefully.
--- End quote ---
ok, you too. why is this necessary?
--- Quote ---Do you really want to ask me this question?
--- End quote ---
i don't need to. clearly you have different criteria for what "works" means than me. clearly you have different ideas of who is responsible for one problem or another and clearly you have different ideas of the severity of one issue or the other from me, and probably this is the case for everybody in a way.
you stick with your nice happy windows if you want, and i will stick with what works for me. hint: not windows
in fact this has always been my position and it will continue to be my position. why you expect me to try and defend "linux" is beyond me, if you're so sold on mswindows, why even bother discussing the issue with people here? are you on some gods given mission to "convert" us to your cause. it reminds me of all those people who whine on about not being able to run xxxwindows-app under linux, why do they bother trying? run it under windows, that's what it's been compiled and released for! the odd thing is, those people never usually seem to have much discursive (and perhaps cognitive) ability, so why your position is so similar confuses me.
muzzy:
--- Quote from: Calum ---bullshit. you say something, at least admit it. then say what you mean, and stop trying to change your mind about what you said afterwards.
--- End quote ---
This is such a big point that I'll address it in a separate message. You were making assumptions about what I was saying, making up connections between things merely because of words used. For example, I said I hated XP and you tried to hit me with what I had earlier said, that most windows haters don't understands how windows works. These two are unrelated, there's no deduction that makes your logic possible.
For another example of your incorrect use of logic and quick stabs, I was asking why do you think a fraud has happened when it could be explained by incompetence. You replied, asking why I claim incompetence when I say windows is well designed. Again, these two are completely unrelated things, and you have introduced unstated assumptions about how incompetence works. I was trying to say that it could've really been just an accident, due to quickly running the thing on some system and making a video of it, and people performing the video making didn't know it was supposed to be a virgin system or whatever. Such mistakes happen, and they're not due to malice. They have nothing to do with implementation of the system, as should be bloody obvious.
I chose not to reply to the specific punches because your logic was completely off, to an extent which made me believe you're just purposedly trying to find something to throw at me. I understand that communication tends to always fail, and things are left misunderstood, but I don't think you're so stupid to make such logic mistakes if you'd stop to think about what you're saying. Now you're calling it bullshit, so I have very little choices left. I'd rather leave your hastily made comments alone, as I don't think there's much point in attacking them. Definitely the details of expression have nothing to do with the subject.
muzzy:
And now, regarding the linux kernel development process.
Typically it has worked so that odd branches have been used for developing, 1.1, 1.3, 2.1, 2.3, 2.5 .. and then mature features have been incorporated into the stable trees when they've been tested and found to be good. In theory, this should makes it easier to keep the stable trees actually stable. However, currently they've screwed with the 2.6.x tree, and they're releasing versions such as 2.6.11.5. Yes, one additional minor number, reserved for bugfixes alone. You could say that this reflects the increased rate of kernel development speed or some other nice sounding crap, but the fact is that 2.6.x tree is being BUGGY AS HELL, and developing isn't done in a development branch of the kernel. The 2.5 tree was abandoned two years ago and currently there is NO DEVELOPMENT TREE for linux at all. The development is done in a "stable" tree, which truly boggles the mind. Why the heck is this?
It used to be possible to expect that the linux kernel actually works, but no longer with 2.6.x tree. It's not intentional that the "stable" tree kernels don't work.
You're trying to redefine the word "stable" in a new way, and obviously the stable tree cannot be guaranteed to be bugfree. However, the damn code could at least be tested before putting it there. Otherwise the naming practices are just totally pointless. Ofcourse, there hasn't been much logic into them for a while now, with "rc" releases not being release candidates, and other grumpy things going on.
Either way, I don't think there's any purpose to argue about if linux or windows is better for pretty much any purpose, if you're saying that one shouldn't ever expect linux to work at all. System that cannot be trusted is worthless for a great many purposes, since the availability cannot be guaranteed. I thought you were unhappy because windows was buggy and crashing for you, yet you say that linux is better because it can't be expected to work at all. WTF? Did I misunderstand something now?
Calum:
--- Quote from: muzzy ---You're trying to redefine the word "stable" in a new way,
--- End quote ---
not really, no.
--- Quote ---and obviously the stable tree cannot be guaranteed to be bugfree. However, the damn code could at least be tested before putting it there. Otherwise the naming practices are just totally pointless. Ofcourse, there hasn't been much logic into them for a while now, with "rc" releases not being release candidates, and other grumpy things going on.
--- End quote ---
yes i agree, and a lot of people have said similar things. but considering how long we (rhetorically speaking) wait for a windows release to come out, all i am saying is that at least you get the buggy code immediately with linux. i think from what you're saying that you want the versions with an even minor number to be considered not suitable for developers, which is something like the intention of the numbering scheme in the first place, i suppose, i don't really have a serious argument against this point of yours, but i just think that there are working linux kernels, that are not all that old, and in fact are more recent than a lot of windows stuff that is considered current by people who use it.
--- Quote ---Either way, I don't think there's any purpose to argue about if linux or windows is better for pretty much any purpose, if you're saying that one shouldn't ever expect linux to work at all.
--- End quote ---
ignore me as you will, but you are the only one who said linux doesn't work. i say that it does something like five times in my last reply in fact! nevertheless, if you believe there's no point talking about it, if you think linux doesn't work, then why are you still talking?
--- Quote ---System that cannot be trusted is worthless for a great many purposes,
--- End quote ---
precisely why i do not use windows any more.
--- Quote ---since the availability cannot be guaranteed. I thought you were unhappy because windows was buggy and crashing for you,
--- End quote ---
this is true.
--- Quote ---yet you say that linux is better because it can't be expected to work at all. WTF? Did I misunderstand something now?
--- End quote ---
i think so, since i didn't say any such thing.
i am saying (very roughly) that with windows, you get a release every year or two years, that is often unstable for the applications that everybody wants to run on it, and is usually later shown to be insecure in a number of ways. with linux, there are always usable, working kernels, and systems based on those kernels that are at most a few months, or in the case of the occasional distro a year old. these work by and large with the software that people use with them, to the extent that hundreds of software vendors have packaged these apps with the kernel along with their own config files and utilities to create functional, stable systems.
guess which model i prefer, and more importantly why.
you can probably out-wow me on a lot of technical issues, but seeing what works (and what doesn't) for me, and for some other people i know, or have met, and figuring out why is not something you can pull the wool over my eyes about, even though you may educate me on the specifics.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version