Windows XP, Anyone?

B
Earlier this morning my automatic windows update (W2000) flashed and indicated an update was available. As is usual in such cases, I told it
to go ahead. It did its thing and told me it needed to reboot. I closed everything down, and rebooted. Four times in a row I got a blue
screen of death followed by a cryptic notice the winlogin had failed, then it would crash and I would get some kind of warning from the BIOS that some kind of failure had occured follwed by a reboot.

I eventually turned the power off and allowed it to reboot from a power off, which seemed to resolve the problem.

Not the kind of thing I want to happen out on the factory floor, where an operator might not realize that cycling the power was a viable option.

Bob Peterson
 
Bob;

I'd bet you just received the latest MS JVM patch.
I've never heard anyone having BIOS issues with JVM, but I guess anything's possible!!
Thankfully the re-boot repaired what ever was tied in knots.

I'd rather the plant floor computer not suffer the same issues you experienced, but then again, I can't see why a plant floor machine would
be tied directly to the internet, or if it is, why AU would be enabled for any reason.

Mark Hill
Microsoft Windows XP Associate Expert
 
L
Sheer madness. If you genuinely equate an organisation that kills thousands of people by flying planes into buildings with a company of which the worst that can be said is that it has attempted to dominate the software applications marketplace by not fully documenting O/S APIs so their own software runs better and dumping Internet client software to promote takeup of server side technology, then I regret to say that you forfeit any right to be taken seriously. However passionately you feel about Open Source, its takeup is hardly a matter of life and death.

This whole thread has been an exercise in silly FUD and scare tactics. Your comparison is an extreme example. Thanks to the person who posted the actual EULA, which I think demonstrates this clearly.

Tim
 
> Michael Griffin wrote:
> An important point to note though is that while you may be offered
> a choice of whether you want an update when they become available,
> you don't really have a choice. If you say "no", then you may
> *still* get a software update downloaded into your computer
> anyway. This means that if the security system in the DR software
> doesn't work well enough, they can change it later.

My understanding of DRM updates is similar. When you download a program that plays DRM secured content from MS or any other vendor, MS will send you any DRM updates that relate to this program
regardless of how you have configured your XP update mode. DRM updates are outside of the scope of the WinXP update mode. Since you would download this type of program manually, the update mode setting is mute anyway.

What I do not know is whether or not WinXP, when it is connected to the Internet, will poll Redmond for more DRM security updates after a
content player and the related DRM updates have been initially downloaded and installed. The EULA is not clear about this and neither is the
technical information on MS's DRM page. By installing an update to the Windows Media Player you must agree to accept automatic DRM updates
though. "http://www.newscientist.com/news/news.jsp?id=ns99992483":http://www.newscientist.com/news/news.jsp?id=ns99992483 If DRM performs any kind of unsolicited update to a WinXP computer running an
automation application, that would be a problem. Even if this is not happening now, it will. Future Windows releases that include Palladium
will continuosly interact with content and application vendors. Palladium technology is not mentioned in the WinXP EULA.

see
"http://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp":http://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp

and

"http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html":http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Does any of this matter in automation applications ? If you do not install the Windows Media Player or any other DRM enabled content player it would seem to be irrelevant. (Some HMI packages do use the Windows Media Player, however). If your automation computer is not connected to the Internet, other than through a VPN, none of this matters for now.

DRM is presently all about music and movies, but Palladium is about licencing and configuration management. If the makers of Windows based automation software follow in the Palladium direction I expect they will loose customers. I cannot even imagine the mess that would be made by Wonderware or USData tossing an update onto my SCADA system central computer in the middle of the night.

JK
 
C
And the same politics stopped the NSA's work on
Linux, guess who was complaining? It's the best
certification money can buy! Just one more
exclusionary tactic.

Regards

cww

Jeff Dean wrote:
>
>>>Windows had a certified security rating once, but it
>>>was: (a) different version, no longer supported, (
>>>b) with the network not connected, and (c) only C2
>>>anyway).
>>
>
> The US Government (who created and certified "C2" security in Windows NT
> 3.5 and 4.0) and other governments changed it's security rating system
> in 1998. The new system is called the "Common Criteria for Information
> Technology Security Evaluation (CCITSE)."
>
> Windows 2000 is currently undergoing the rigorous review to achieve
> certification comparable to C2 as a distributed operating system
> (connected to a network). Windows XP has also started this process.
>
> To read more about CCISTE see:
> http://niap.nist.gov/howabout.html
>
> To see other CCISTE certified operating systems see:
> http://niap.nist.gov/cc-scheme/ValidatedProducts.html#operatingsystem
>
> To read Microsoft's explanation see:
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
> ity/prodtech/secureev.asp
>
> The truth, the whole truth, and nothing but the truth,
> Jeff
 
Joe Jansen:
> Given the rash of security problems, if Windows makes it through the
> testing, I would question the veracity of the test.

That's needlessly harsh, Joe. Many of the security problems are coding errors, typically buffer overruns, which only play a minor role in CAPP to begin with. The most publicised ones are intrusions over a public network, which is not covered at all (assumption A.PEER, network under
one management). Some of them are exacerbated by lax patching, which again is not covered (A.NO_EVIL_ADM, admin not careless).

The fact of the matter is that CAPP is not all that much security.

Jiri
--
Jiri Baum <[email protected]> http://www.csse.monash.edu.au/~jirib
MAT LinuxPLC project --- http://mat.sf.net --- Machine Automation Tools
 
V

Vladimir E. Zyubin

Hello List,

Monday, September 30, 2002, 1:00:44 AM, Michael Griffin wrote:

LM> On September 24, 2002 01:29 pm, Vladimir E. Zyubin wrote:
LM> <clip>
>> The following question appears in my head after your words:
>>
>> What do the XP-users plan to do when MS cancels to support the XP? Who
>> will generate the authorization keys? Who will rewrite the
>> software in order to port it on new MS OS - devil knows the name... MS
>> produces a new OS every 2 years!
LM> <clip>

LM> The DR system can be thought of as a copy protection system for
LM> data files. There is a utility which can be used to transfer the various
LM> "keys" to a new computer.

I speak about the reactivation code that is needed to reactivate Windows when it frozen because of reinstallation or a "substantial" change of harware. Where I can get it if the OS support will be canceled?

LM> I agree though that I wouldn't be willing to use it for any data
LM> which I wanted to keep over the long term. I have a book on Russia which was
LM> printed 150 years ago, but is still quite readable today. I doubt the
LM> Microsoft DR system will prove to be quite that durable.

Do you you speak about hackers? I speak about legal use of software in legal control systems... the avilability of the cracking means... I
know about it... but the way is not accaptable for the systems I design...

BTW, I heard according to statistics the most hack-crack-oriented nations are Israeli (concentration) and the USA (amount)...

--
Best regards,
Vladimir E. Zyubin mailto:[email protected]
 
P

Peter Whalley

Hi Joe,

Good question and certainly a very relevant one to the list. It seems that at present a fair bit of work (maybe the majority) is going into
understanding how to make Win2000 a secure environment. This includes both training cources and defining standard configuration settings. It may well be that the weight of pressure from both government and major commercial users will force Microsoft to continue to provide some continued support for Win2000 at least as far as these types of users are concerned.

Small organisations without the same commercial clout may however be left out in the cold.

Maybe it's something to write to your congressperson about. That Microsoft should be "encouraged" to continue to support and make Win2000 available for critical infrastructure users who are individually small parts of the
market but who do have critical security needs that are not going to be met by Windows XP.

Regards

Peter Whalley
Magenta Communications Pty Ltd
Melbourne, VIC, Australia
e-mail: peter*no-spam*@magentacomm.com.au
delete *no-spam* before sending
 
P

Peter Whalley

Hi Curt,

My argument was that the approach taken in WinXP was appropriate for the average XP user as I've defined them. For large corporate users, IA users
and anyone else using XP for critical applications I certainly don't consider automatic updating to be appropriate and expect they would turn the feature off and would know how to turn it off.

Regards

Peter Whalley
Magenta Communications Pty Ltd
Melbourne, VIC, Australia
e-mail: peter*no-spam*@magentacomm.com.au
delete *no-spam* before sending
 
P

Peter Whalley

Hi Mark,

Your assertion that the EULA forces users to take the fix is highly contentious but unlikely to be resolved until their is some case law in place (which may never happen). Personally I don't read the EULA that way but then I'm not a lawyer.

Regards

Peter Whalley
Magenta Communications Pty Ltd
Melbourne, VIC, Australia
e-mail: peter*no-spam*@magentacomm.com.au
delete *no-spam* before sending
 
J

Joe Jansen/ENGR/HQ/KEMET/US

I think the confusion may not be entirely coincidental. By calling them "security updates", users are more likely to agree to having the DRM (Digital Restriction Mechanism) updates automaticaly installed. All it takes, according to a previous posting of parts of the EULA, is to download a driver to play a audio or video file, and you implicitely agree to having these updates downloaded forever.

Obviously, then, is the need to keep these players off of any production equipment. That would clear any of this up. Except that media player is "integrated" into windows, and cannot be removed. The "tool" that MS released to "remove" components in "compliance" with the DOJ proposal doesn't actually remove anything. All it does is take them off the menu's. From what I have heard (I don't use XP, so I can't say first hand), WMP and IE are still used as default after they are "removed".

Therefore, taking the media players off isn't a real option, is it?

So it comes down to making sure that no operator ever plays an audio or video file ever on a production machine. According to the EULA, the
operator, by playing the file, is granted decision making authority for your entire company with respect to agreeing to have the DRM updates
shoved down. I believe I addressed the "don't put it on a network" objections in a previous posting. I don't know about anyone else, but I
am not comfortable giving my weekend night shift operators that level of decision making authority for any of the plants.

This does not address, of course, the fact that windows was already found to have at least one backdoor in place (something a while back about NSA access and european gov'ts throwing a fit about finding it. Anyone else remember that?). It does not address what else might be updated "for your convenience" while the DRM downloads take place. Bob Peterson posted his experience with Win2000 updates locking up his system on another thread. I had the same problem on my Dell Laptop, but our IT guy luckily had a copy of SP2 burned to a CD. Imagine if the update occured automatically "for the users convenience". Maybe I am wrong, but if you try to push the ease of use for a PC down to the level of a television, you will end up with something that has the functional ability of a television. PC's are sometimes complicated machines. They are designed to be able to perform
difficult tasks. You either need to make the commitment to learn how to use it properly, or don't use it.

--Joe Jansen
 
M

Mark Liszewski

Mark,
There are many reasons why a plant floor machine may be tied directly to the internet: remote monitoring, alarming, paging, remote gateway, etc.

The whole point is, why would you want MS to perform what ever updates they wanted without the individual setting up the control/monitoring having any control over what the OS (via MS) wants to do?

Not to mention the over bloated (code wise) way the OS was written. If you have to go with any MS OS, stick with the simpler versions like Win98.....simpler is better, and you would think they would have most of teh bugs ironed out by now.

Obviously, I'm not impressed with XP.

IMO
Mark Liszewski
ZTR Controls

P.S. I had the same issue while installing SP3 on Win2k.......except nothing short of formatting the drive helped.......great job Microsoft!
 
>>This does not address, of course, the fact that windows was already found to have at least one backdoor in place (something a while back about NSA access and european gov'ts throwing a fit about finding it. Anyone else remember that?).>>

Give me a break! You state that as if it's fact and can be proved. Try venturing off Slashdot for a while to get the news...

"www.cnn.com/TECH/computing/9909/13/backdoor.idg/":http://www.cnn.com/TECH/computing/9909/13/backdoor.idg/

"www.usatoday.com/life/cyber/tech/ctg035.htm":http://www.usatoday.com/life/cyber/tech/ctg035.htm

"ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=52":http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=52

The FUD in here is really getting deep.

Jeff
 
C
Hi George

I quite agree. Except that I simply can't see the
difference in making money between Linux and Windows. Most people who make money with Windows don't make money selling Windows itself. It's already over priced and often provided by the customer, with the computer, etc. All the profitability is in services around the OS or software for the OS. With the possible exception of support, which is a big item for Windows, why wouldn't the picture be the same? Or, even better as the total cost would be less? That is of course if we could get vendors to port to Linux. I keep hearing that you can't make money with
Linux and an analysis of where people make money
simply doesn't support this. I don't think anyone
but Microsoft makes a lot of money selling MS stuff.

Regards

cww
 
M

Michael Griffin

I was doing some more internet research into this subject, and found the following information which I thought some people may find useful.

A) In some parts of the world for a while Microsoft Office 2000 has had a similar system to WPA for a while. Microsoft stated that 2 percent of activation requests for this product were re-authorisations due to hardware changes or other similar causes rather than due to new installations.
This is rather higher rate than I had expected, especially as this would have been comparatively new software in the relevant time period. If the figures for Windows XP are similar, then re-authorisation of software which
uses a WPA-like system is a problem which can't be ignored and must be dealt with as part of the system design of the project (i.e. troubleshooting and repair documentation).

B) A further point which I discovered is that 24 hour service for telephone re-authorisation is not available everywhere. In other words, if repair and recovery of your system depends upon re-authorisation being available then this may not be possible. You will need to investigate what hours are available in the location where the system is being installed. In some areas only "extended business hours" are supported.

C) Toll free telephone numbers to call for re-authorisation are not available everywhere. It may be necessary to ensure that nightshift or weekend employees are provided with authority to make long distance phone calls (in many plants this is not the case). Windows will run for up to 3 days without re-authorising, but this is not long enough to cover a long weekend or holiday period.

D) I understand that for re-activation requests require telephone contact where you must give a name, address, phone number, and E-mail address. If this is the case, the end user may have to put policies and procedures in place on how to deal with this, as their employees may (quite understandably) object to giving out their *own* name. In other words, there would need to be
a written procedure with appropriate standardised contact information.

E) Microsoft will support WPA activation for the designated life cycle of Windows XP. They have no definite plans at this point for what they will do after the official end of life. They *might* release an update which turns the activation system off, but there has been no definite decision on this. In other words, you may have to have a plan in place for how to deal with this situation either way.

F) Keithley had the following information on their web site, which I found interesting. As part of a customer survey they asked people what operating systems they use or intend to use with test and measurement sytems.

The information below is tabulated as
Column 1 - Operating system
Column 2 - Systems which are currently in use
Column 3 - Systems to be used in the next 12 months


Windows NT/2000 57% 55%
Windows 98 45% 26%
Windows 95 24% 13%
DOS 31% 16%
Unix 14% 14%
Windows XP 12% 21%
Linux 7% 14%
Mac 7% 5%
Other 5% 4%


The columns don't individually add up to 100%, because the same respondent may of course use several different operating systems.

************************
Michael Griffin
London, Ont. Canada
************************
 
Absolutely correct Tim.

I've visited the MS campus in Redmond on a number of occasions and I see no evidence of Osama Bin Laden lurking in the hallways.

This thread is evidence that there are two trains of though. Those who consider Microsoft to be the "Evil Empire", and those who consider MS to
be an example of commercialism at it's best.

Given the direction that MS has taken over these many years, I wonder how many in this group would not have followed the same path?

What exactly has MS done other than become the worlds most successful commercial enterprise?
After all, isn't the goal of every company to create the best product in the world, have their products installed in every household on the
planet, and protect their investments to ensure longevity?

End Users have the option of purchasing any product they choose. It appears they've chosen.

Mark

PS .... I still consider QNX to be the most powerful OS on the planet !!
 
C
I don't think we can suppose that either doesn't
provide backdoors. For that matter, there is no
reason any service pack or installable from MS
couldn't be full of unbidden "features" I agree
that the sticking point is that now they claim the right to legally use the backdoors for good
or evil as _they_ see fit. That is what is new. I guess that makes them "no knock" front doors. And judging from UCITA and other supported efforts, their idea of digital rights management includes locking out content or even killing your system if there is a dispute. In summary, there is no reason to believe that they have ever lacked the capability to do what they wish with your system. Now they demand that you agree to it. The other security issues regarding third parties are simply a constant background noise. But aren't they being used as justification, which leads to the confusion?

It has been mentioned that I don't have a dog in this fight since it's unlikely that I will subserve the monopoly. MS users willingly, if
unknowingly, submit to this abuse. Few look past
their problem to another certain effect of the
lofty and benevolent goals of DRM. Unless I am
a Windows owner, current and in good standing,
none of this content will be available to me. This is whether I agree with DRM or not. And moves are afoot to actually build this into the
hardware so it requires "proper" software to run. Of course, that means MS approved software. And obviously, DRM must extend to the Internet. I'm not making this up, I can supply docs. I doubt that any OSS can be delivered with this patented, copyrighted and licensed technology. That's why I'm concerned with the rights of Windows users. You should be too, unless you think an _absolute_ monopoly is a good thing. Even if you don't want to use anything else, I think you'll agree that it should be possible.

Regards

cww
 
M

Michael Griffin

On October 2, 2002 05:45 pm, Jay Kirsch wrote:
<clip>
> Does any of this matter in automation applications ? If you do not
> install the Windows Media Player or any other DRM enabled content player
> it would seem to be irrelevant. (Some HMI packages do use the Windows
> Media Player, however). If your automation computer is not connected to
> the Internet, other than through a VPN, none of this matters for now.

I would speculate that Microsoft server software will in future have a back door through all the firewalls, etc. to allow DRM and Palladium related verification stuff to pass through to the various copyright holders. In
future, there may be no such thing as a computer which isn't networked to the outside world in some fashion. This is just speculation of course, but it seems quite possible.

> DRM is presently all about music and movies, but Palladium is
> about licencing and configuration management. If the makers of
> Windows based automation software follow in the Palladium direction I
> expect they will loose customers. I cannot even imagine
> the mess that would be made by Wonderware or USData tossing an update
> onto my SCADA system central computer in the middle of the night.
<clip>

This is getting a bit off the original topic, but it does have business related implications. I think it is quite possible, likely even, that automation and CAD software vendors will use DRM and Palladium to enforce
software licenses.
They might let you download the actual software for free from their web site (eliminating distribution costs, and distributors), but then charge you (by the minute, or tag, or whatever is suitable) for actually using it. You could work on your project off-line, but then have to connect up to the
internet and pay the accumulated fee to get the project files you have worked on released to where you can apply them.
The same could apply to CAD blocks or MMI and SCADA graphic symbol libraries. You may have to pay a regular "rent" to use someone's pump symbol on your MMI screen.

************************
Michael Griffin
London, Ont. Canada
************************
 
M

Marc Sinclair

I am surprised by some of the reaction to this thread, a large proportion of the list, as far as I can tell, are working in the automation field as systems integrators, like me they choose
components from various manufacturers and build a working system, our skill lies in understanding the components and making them work together within our systems. Windows, in whatever flavour should be evaluated like any other component,
Yes windows XP is probably ten times more reliable that 98SE, but is that enough? - I have plc programs that have not stopped once in 16 years! - anyone who trusts their industrial process to a windows machine is daft. It is
a very nice home pc and entertainment os. :p

The more important point, and the one which lies at the heart of this thread, is one of freedom, anyone who has tried to buy a PC without windows on in will understand exactly what I mean.

Our industry grows and innovates because we stand on the shoulders of others, microsofts' reliance on law and copyright, stifle this. That I think is what is upsetting most people and leads to the hyperbole , It has driven me to use linux, and should encourage others to do so.

Marc Sinclair
 
You're right, Curt. If it negatively effects Linux, it must be Microsoft playing politics. When Microsoft speaks, the US government quivers and shakes in fear of the evil empire. Hahaha... Sorry... Someone pick me up off the floor. :)

You failed to mention that the NSA is still funding security research for Linux with RedHat and Network Associates. Interestingly, the US
government is also working with Apple (among other vendors) to create a secure version of FreeBSD.

The point is, the NSA won't be doing the work themselves, but the federal government is still heavily involved in funding open source R&D.
I'm going to go out on a limb and suggest that this is on par with the lack of NSA developers working in Redmond. It is not the Federal Governments role to endorse any particular vendor or solution, but very important for them to continue funding basic computer science research.

Jeff
 
Top