MS 'Monopoly'? was ENGR WinNT Reliability

Ralph Mackiewicz wrote:
>The more interesting issue here is WHY do the machines require so
>much rebooting?
>Besides specing Nematron for the project, all non-I/O communications
>were required to be DCOM based using the OPC API. What happens when
>you loose a DCOM connection? How do you reestablish the
>communications channel? Answer: you reboot the machines. Is this the
>reason for the rebooting? If yes, that has nothing to do with
>Nematron. There were other communications solutions being considered
>that had a long track history of reliable operation in GM plants that
>were discarded in favor of the "safer" DCOM route. Maybe that was the
>key mistake? Lumping Nematron into this might not be fair.

Actually, I wasn't referring to the DCOM stuff as the machines I was dealing with didn't have the ethernet drops ran yet. The only things we had for network was Profibus and an occasional RS-232/422/485 connection. There were (and from what I understand from the plant folk I keep in touch with) and still are times when the whole machine would just stop responding. No reason, no notice, no activity. Couldn't even move the mouse pointer. Power down/power up, let chkdsk do it's thing and then wait a few more minutes while Open Control opened up everything it needed
to. That is *IF* there wasn't any real hard drive damage caused by the lockup and/or subsequent "improper" shutdown...

Ahhh, the progress of moving forward... What is it, one step forward, twelve steps back?

Ron Gage - Saginaw, Michigan
([email protected])

Visit the Gastracker website: http://gastracker.rongage.org
 
R

Ranjan Acharya

Does anyone have the link to official documentation from Microsoft regarding NT being booted every ninety days or so?

It would be a helpful document to provide to customers.

Does such a document exist?

Thanks

RJ
 
S

Sam Moore Square D Company/Groupe Shneid

Michael Griffin wrote:
> That was quite an interesting set of articles. What some people
may
>additionally find interesting is that the articles mention that the new
>sockets feature in Windows-XP which will make it the target of choice for
>internet hackers is already in Windows 2000. Anyone who is using Windows
>2000 for anything would find this set of articles very informative.

That is not what it said. It said that until Windows 2000 you could not spoof your IP address with the default network drivers. It also said that this has always been possible in UNIX.

> An automated system which is connected to the internet would seem
to
>be the ideal target for a hacker. An example might be a pumping station
>which is monitored remotely over the internet. It would be always on and
>normally unattended, which are the features a hacker wants.

If you have your automated system on the open Internet and not at least in a VPN then you are asking for problems.
 
S

Sam Moore Square D Company/Groupe Shneid

I use to reboot UNIX boxes every so often. The problem was with an application and not UNIX, except for maybe Ultrix.

I don't reboot my NT boxes. They run forever.
 
>Hardware is no different. Try to find the motherboard, video card, etc.
>that you bought two years ago. How about the non-IDE hard drive from 10
>years ago?

That used to be true, try www.ebay.com . You can get your old Osborne portable computer up and running again if you want.

Jay Kirsch
[email protected]
 
M

Michael Griffin

At 15:47 06/07/01 -0400, Sam Moore Square D Company/Groupe Shneider wrote:
<clip>
>>the articles mention that the new
>>sockets feature in Windows-XP which will make it the target of choice for
>>internet hackers is already in Windows 2000. Anyone who is using Windows
>>2000 for anything would find this set of articles very informative.
>
>
>That is not what it said. It said that until Windows 2000 you could not
>spoof your IP address with the default network drivers.
<clip>
Which is what will make Windows-XP the hacker's choice. Windows 2000 has this same feature and so is prone to the same problem. If you will allow me to quote one of the articles:

"The huge number of Windows XP machines will motivate hackers to find new ways into those machines — AND THEY WILL. Then users of Windows XP
machines will become the most sought-after target for penetration."

The author makes a number of additional statements about Windows 2000 having an equivalent problem. Windows-XP is highlighted because of the much larger number of systems which will be in existance and the poorer
security likely to be implemented. Is there something which I said which contradicts this?


>It also said that this has always been possible in UNIX.

It also said that this was a bad thing, and is a problem. However, there are (and will be for the foreseeable future) far more Windows systems around than UNIX systems. Furthermore, the typical UNIX system is far more likely to have been configured by someone who knows what they are doing. This makes Windows systems a much more rewarding target.


>If you have your automated system on the open Internet and not at least in
>a VPN then you are asking for problems.

Which was precisely my point. I see exactly this situation happening in the future because people are not aware of, and not sufficiently alarmed about this problem. You're not doing anyone a favour if you discourage them
from investigating this problem.
I can see a lot of time and cost advantages to having internet access to automated systems for remote monitoring, service, software
changes, etc. If I can see these advantages, then so can a lot of other people. System integrators are *already* asking us if we will give them this
sort of access. So far, we have been saying "no" because of security concerns. How many other people have been saying "yes"?

P.S. - The article also mentions in passing that hackers routinely search for systems which have "PC Anywhere" installed. I have seen plenty of messages here asking about using this software. How many of these applications were properly secured?


**********************
Michael Griffin
London, Ont. Canada
**********************
 
R

Ranjan Acharya

More on the security issue. With directly connected machines, I think the only way to go is with a firewall set up by someone who knows security. Or use some sort of VPN or other private link that is not actually open. I try
to keep away from networked machines.

For example, we used BlackICE Defender on our "firewall" (i.e., on out machine connected to the outside) world. It turns out (thanks to people like those at GRC who independently test the applications) that BlackICE has some problems and we should not be using it. We are now switching to Zone Alarm Pro from http://www.zonelabs.com/. How long will Zone Alarm Pro be top? Also, we are adding MyNetWatchman for intrusion analysis from
http://www.mynetwatchman.com/ -- but I would not bother with that on a production machine. Do we bother with Zone Alarm Pro on a production
machine? We also have a list of tips and tricks from http:www.jsiinc.com/
to help with locking down machines. Additionally we have purchased security guides from http://www.sans.org/. The list is never ending. All this because the underlying OS is not secure. Linux is by no means immune from hacking either.

Interestingly enough, The Register http://www.thregister.co.uk/ think that Steve Gibson overreacted a little bit. However, I personally agree with the sentiments posted by Steve, even if he was overreacting.

I also agree with the comments about engineers who do not understand security on public networks. Let alone security on any machine using a familiar operating system.

We must always remember that (at least according to the security press) most attacks come from within not teen-agers in the former Soviet Bloc.

RJ

 
I don't see a stagnation in the automation world. There are a lot of products and it is an exciting time. We have never had better tools for
interfacing with realtime equipment and there have never been so many ways to control the process and analyze the resulting data. The use of
off-the-shelf technology like Ethernet and TCP/IP and the advent of technology like COM and the web have made life simple compared to what it use to be. You can sit at your desk and run Java script in a browser on your PC and perform I/O with a PLC. This is a wonderful time for the automation industry. By utilizing these tools we are able to support the new initiatives in supply chain management. Life is good.
 
C
That's strange, I don't ever recall saying that Microsoft shouldn't charge whatever they feel their product is worth. I have no problem with that. And I actually liked the bit about flower children, we could use a few more of those instead of hateful murderers on campus. I think if you check the archives I have said not a word about MS selling their software to willing buyers. I do have a problem with the behavior the Sherman act was written to address and the fact that they have with exclusive deals, tying and coercion made it extremely difficult to use anything else and are effectively eliminating choice. The rest of my problems with MS are technical in nature and I have found more flexible and reliable software that provides a degree of access that greatly facilitates problem solving and enhances programming productivity. And I do question why the engineers, the people to whom technical stuff matters aren't interested in making things better anymore.

Regards

cww
 
This, even more than cost and reliablity arguments, is to me, the strongest argument for Linux or other Free or GPL Open source system.

Not only can I trace out unlikely bugs in the O/S (which are unlikely in the first place with Linux), fix them in my source, and rebuild it, But I can freeze the O/S version I use. So if it takes me several years to develop a product, I won't have had to spend money and development time
when the OS's and development systems shift under foot and the prior ones become unavailable.

And as hardware changes, it would be more likely I could find another user who may have already fixed incompatibility problems, and I can fix just
the portion of my system that needs fixing at the cost of a download.

Even if you could find other users of unsupported proprietary gear, all you'd be able to do is commiserate while crying in your (not free) beer,
and cursing the vendors (if they're still in business in their own name, or still an active group in the company they merged with).

It's hard enough to maintain and support our own installed products in the embedded time-frame, without these external problems, too!

Rufus


Ed Mulligan wrote:
>There is no such thing as long term support in the PC world.

<Microsoft quote>
"The following products, on a product-by-product basis, have been determined
to have reached the end of their product lifecycle. Microsoft has
discontinued support for these products...."
</Microsoft quote>

Hardware is no different. Try to find the motherboard, video card, etc.
that you bought two years ago. How about the non-IDE hard drive from 10
years ago?

The traditional automation suppliers have longer support cycles, but I'm
sure we all have worked on systems that were operating just fine on
equipment that is no longer supported. Expect the life cycle to get shorter
and shorter in the non-PC world, too.
 
J

Joe Jansen/ENGR/HQ/KEMET/US

I bought a computer 2 years ago. I wanted Linux on it instead of windows. I was told that I could not buy that computer without windows. The
features I required were not available on another model. Explain again how I "voluntarily" made that pruchase.

The EULA says that if I do not agree to the terms of their license, to return the software for a refund. Try *that* sometime. I now have a copy
of Windows 98, and I am not bound by the EULA, since MS violated their own license in refusing my refund. I told them I would not comply to the
terms of their license and wanted a refund. They told me they would not give it.

As far as the monopoly, refer to my earlier post referenceing the Supreme Court decision. MS even acknowledges, grudgingly, their OS monopoly. I
think this argument can be put to rest. Like it or not, the LAW says it is.

--Joe Jansen
 
J

Joe Jansen/ENGR/HQ/KEMET/US

What is the difference? Win2K and WinXP give Raw Socket access which allows IP spoofing, and others. Yes, Unix based systems have had this for
years. The technical difference is that under Unix based systems, Raw Socket access is grnated only to the root user. This is the equivilant of
the administrator on a Win NT/ 2K system. Win XP gives this access to any user. Therefore, under Unix, you have to be logged in and using your
system regularly as the root user, which is actively discouraged by the system and the designers. Under XP, Raw Socket is accessible at any and all points. I may be wrong, but I think Win2K restricts access to admin, which would be the right thing to do, as long as they make everyone aware that they should not use their system day-to-day as admin.

The problem is XP's ability to access the raw sockets at any point. MS responds by saying that they restrict the zombie applications ability to be installed. I'm not making this up: MS is claiming that their new operating system is virus proof. They are confident that opening this
security hole is ok, because nobody can get a virus onto the machine in the first place. Is anyone else laughing at this point? MS has quite the track record of securing their software from virii, don't they? And the raw socket access is not a problem just for outbound access. If a virus author can get even a small program installed, obviously thru email, with an attachment, or whatever mechanism, this program will then be able to access your data sockets to pull in whatever else it wants to install. This is glaring.

Unix handles this by restricting access to the root, and it is your responsibility to make sure you know what you aredoing as root, and get out
when done. How do I shut off this "feature" (flaw) in WinXP? oh, I can't. gee. Thanks.

--Joe Jansen
 
J

Joe Jansen/ENGR/HQ/KEMET/US

Then you are not following Microsofts recommended practice, are you? They recommend reboot every 90 days.

and honestly, if your NT boxes run "forever" you either have steroid level hardware, with massive RAM and hard drive, or you are't running anything of significance on them. I have run enough NT boxes to know that if you are using them for more than 1 or 2 server functions, they just need to be
rebooted. It is accepted as a norm in the IT industry. MS recommends it.

I continue to find it amusing that people will defend arguments that even Microsoft has given up and admitted as untrue.

--Joe Jansen
 
J

Joe Jansen/ENGR/HQ/KEMET/US

What planet are you living on? Look around! Check out Jim Pinto's archives. Stocks are flat or falling, mergers are the only way anyone is
geting market cap, and it's looking like Rockwell, who has divested everything but their Automation business to become Rockwell Automation, is ripe for a buyout!

There's new software toys, yes, but the ENTIRE economy is slumping. R&D budgets are slashed, etc. Innovation is in minute increments, which is
why the patent suits are flying all over the place. And what is new, isn't really. It is just pretty versions of what could be done years ago. Making my HMI run in a browser instead of stand alone is not innovation. It is a re-compile, and I question it's actual usefulness. Since most vendors want to charge per seat for this too, it isn't something I have given serious thought to.

Like I said, check out Jim Pinto's stuff if you don't see it. It's there.

--Joe Jansen


> I don't see a stagnation in the automation world.
 
R

Ralph Mackiewicz

> Please refer to zdnet.com for information regarding the US appeals
> court decision. MS does, in point of fact and law, maintain a
> monopoly in the desktop operating systems market. Furthermore, MS
> has, in point of fact and law, violated section 2 of the Sherman
> Anti-trust law. You can say and believe what you want, but the facts
> are evident as attested to in mind-numbing and sleep inducing detail
> by the courts.

Just because a bunch of congressman and senators in the early part of the twentieth century misused the word monopoly when they wrote the
Sherman Anti-trust law doesn't change the meaning of the word.

What the federal judiciary has been doing regarding MS is ruling on a point of law, not on a definition. They said MS had a "monopoly" on
desktop o/s **AS DEFINED BY THE SHERMAN ANTI-TRUST LAW**. There is a reason why legal and medical terms are sometimes defined by latin
names: so the legal/medical meaning doesn't get confused with the real definition in popular usage. Too bad they didn't do that with Sherman.

You can say that Microsoft is the dominant supplier of desktop O/S but they don't have a monopoly on anything other than Windows.

> Laws exist to prevent monopolies, not protect them.... And, as stated
> above and by the courts, this one does exist.

Laws do not prevent monopolies. Laws create them. Try to setup a company to distribute electricity to residential customers and you will soon enough discover how the law is used to enforce a monopoly. Then to compare, start a company to market graphical user interface operating systems in competition with MS. You may have some trouble
getting investors but you won't get arrested for it. The last I heard Linus Torvalds is still a free man.

> I would also question the accuracy of your "hundreds of choices"
> reference.

OK. I exaggerated a little. The RTOS buyers guide lists 33 O/Ses in their listing. That doesn't even include MS, Linux, and the Unix variations. So there are over 30 operating systems available not hundreds. Sorry.

> In closing, neither you nor I are a lawyer, but the judges are. You
> may not like what they said, but MS does fit the legal definition of a
> monopoly, and has fulfilled the legal definition of violation of US
> Anti-Trust law. Therefore, by definition, they are a monopoly.

I may not be a lawyer but I do know the difference between a legal opinion (MS is a monopoly as defined by the Sherman Anti-trust Act)
and the incorrect assertion that there are no choices because MS has a monopoly on operating systems. Curt W. is proof enough of how this
latter assertion is incorrect: he is building systems that don't have MS in it.

Regards,
Ralph Mackiewicz
 
M
> Just because a bunch of congressman and senators in the early part of
> the twentieth century misused the word monopoly when they wrote the
> Sherman Anti-trust law doesn't change the meaning of the word.

Sure it does. Word meanings change all the time.

> What the federal judiciary has been doing regarding MS is ruling on a
> point of law, not on a definition. They said MS had a "monopoly" on
> desktop o/s **AS DEFINED BY THE SHERMAN ANTI-TRUST LAW**.

So we can now come to agreement that Microsoft has a "monopoly". It's not the definition of monopoly used in early twentieth century, but
rather the definition used under anti-trust law, which is the context of this debate.

> Laws do not prevent monopolies. Laws create them.

Create?, perhaps, more accurately, they enable monopolies. If it weren't for laws, we could all have copies of Microsofts, Rockwell Automation, Modicon, and etc. But it is law that stops us. And having a monopoly is not illegal, what is illegal is using anti-competitive practices when you have a monopoly.

Mark Blunier
Any opinions expressed in this message are not necessarily those of the company.
 
I wasn't talking about the market. I was talking about stagnation in functionality. And, I don't rely on Jim Pinto.
 
>Ralph Mackiewicz writes:
>Laws do not prevent monopolies. Laws create them.

I agree, Ralph. The only thing that will happen by getting the government involved in regulating Microsoft is that Windows will become entrenched as the primary PC operating system. Political
interest groups that want to regulate Microsoft will realize that their own interests are preserve by protecting Microsoft from competition. Who needs that ?

Jay Kirsch
 
Come on over and sit and watch my boxes run then because I apologize ... they just run (most are off the shelf Gateway boxes, even some of the servers), I must have gotten all the equipment that was made on Wednesday ........ I
apologize. 99% of the network machines have only been rebooted when something new was added (updated, new software etc) and that is rare,
otherwise (and I also apologize to M$) they just run. Although I will say that lots of research and reading went into setting them up properly vs open the box and pray.

By the way you say the same thing my IT department says, I actually started printing for my boss all of the network messages they send on rebooting servers etc., because we just don't have to, until I ran out of ink in the printers and the paper was getting used up too fast (sarcasm). This isn't the largest network in the world only about 100-200 clients, 10 servers (the
IT dept is about double that size) , but of the 1-200 over half are running HMI and data monitoring and the Operators Window into the processes all day long and the servers only get looked at once or twice a year, which is the only plant down time we have. (In fact I just defragmented a server hard drive that was 78% fragmented with data after 2 straight years of running with no downtime).

Now I won't say that this kind of support and knowledge comes cheap, I spend 2-3 hours a day trying to stay on top of technology (reading etc.)(lifelong learning) but then again hey, this is my hobby and they pay me for it.

By the way, better bring some resource kits to read because either your finger is going to get sore waiting to hit my reset buttons, or your going to get real, real bored..............

Dave

DAVCO Automation
The "Developing Application Value" Company
 
Ralph:
> Wrong! The definition of the word monopoly that I use is not derived from
> a board game or from some popular misconception/misuse. The definition is
> derived from the dictionary.

It's always a bit rickety to argue by dictionary, but okay.

> Webster's New Collegiate Dictionary defines monopoly as: 1) exclusive
> ownership through legal privilege, command of supply, or concerted action
> 2) exclusive possession, 3) a commodity controoled by one party 4) a
> person or group having a monopoly.

> While MS has a monopoly on Windows (granted by copyright and patent
> *LAWS*) they do not have a monopoly on operating systems.

You don't need a law to have a monopoly; even your definition offers "command of supply" and "concerted action" as alternatives.

> This is not nitpicking. Language is important. MS may be a despicable
> company with unethical business practices but they are not an O/S
> monopoly.

What they have is close enough to a monopoly for government work. That is not in dispute, not even by MS. They have violated laws regulating
monopolies. (Note - regulating, not forbidding.) That is also not particularly in dispute.

> Everyone has a choice. MS customers voluntarily make their purchases.
> There are no laws that require you to purchase MS products.

Again, MS achieved a near-monopoly not through laws but through other means. But what's really bad is that they misused the resulting power.

Jiri
--
Jiri Baum <[email protected]>
http://www.csse.monash.edu.au/~jiribvisit the MAT LinuxPLC project at http://mat.sourceforge.net
 
Top