Friday, June 20, 2008
Spoiling the fun, however, were the first reports of bugs found in version 3. How critical the newly discovered flaws are has yet to be determined as of this morning. A few blogs reported that one is related to a buffer overflow. Mozilla is reportedly working on a fix.
Nevertheless, the pent-up demand for version 3 is dizzying. According to the Mozilla, downloads peaked at 14,000 per minute on late Wednesday. If you want a distraction from the routine tasks of your day, watch the Mozilla download counter as millions more continue to flock to the site.
The Zero Day Initiative of TippingPoint Technologies, which received the vulnerability hours after the new browser's June 17 release, said the vulnerability is a critical one that an attacker could exploit to execute arbitrary code on the compromised computer.
The Zero Day Initiative is a clearinghouse program that pays researchers for newly discovered vulnerabilities and passes them to vendors so that they can make fixes or issue patches created before the vulnerabilities become public.
The volunteer Mozilla project developed Firefox version 3, which is the fourth major release of the browser. The project said there are more than 15,000 improvements in the latest version, including a smart location bar, the ability to zoom in on a portion of a Web page, improved security and an integrated tool to manage add-ons. It also requires less memory.
According to TippingPoint, the vulnerability affects version 3.0 and 2.0x of the browser, meaning developers did not introduce it in the new release. It has been reported to the Mozilla project, which is working on a fix.
"Not unlike most browser-based vulnerabilities that we see these days, user interaction is required, such as clicking on a link in e-mail or visiting a malicious Web page," TippingPoint reported.
It is not releasing any other details of the vulnerability until a fix is available from Mozilla. The company will report the fix once it has been released.
Monday, June 16, 2008
Microsoft Technical Fellow and Windows guru Mark Russinovich couldn't help poking fun at Vista throughout a troubleshooting session he led today at Tech Ed in Orlando.
The question is whether this is just one guy poking fun at an easy target, or whether it's emblematic of a larger problem. I noted the beginnings of this fracture during a visit to Microsoft in early 2007, when the Forefront group seemed miffed at the Vista group for having failed to implement some of the security features in Forefront. And I've observed this kind of subtle sniping since.
Then I attended a handful of sessions at Tech Ed this week, and I got the distinct impression that things have gotten worse and that serious cultural divides are cracking the veneer of the monolith.
But it didn't really sink in until I saw Russinovich speaking this morning, to his usual packed house of acolytes. And keep in mind that Russinovich is one of only 20 technical fellows at Microsoft--an exalted figure with a huge following among IT pros.
His talk was billed as a primer on debugging mysterious problems such as sluggish systems, application crashes and system hangs on Windows. Now, lots of organizations are still running XP and even older operating systems, so his talk could have been construed as addressing those problems on older systems.
But Russinovich made sure everyone knew that he was also talking about Vista, peppering his remarks with well-pointed jibes that had his audience roaring with laughter at the expense of Microsoft's new OS.
Russinovich also devoted almost a quarter of an hour to teaching his audience ways to get around what he obviously considers important lost functionality in Vista.
Explaining how to debug an application crash, Russinovich noted that IT pros need to start by investigating the dump file for clues about misconfigured files or extensions from a plug-in. "Look for extensions in the crash file with WinDbg [a Windows debugging tool]."
This is easy with pre-Vista systems, Russinovich added.
But with Vista, the crash file is dumped unless the Watson servers request the OS to save the data, Russinovich remarked a little tartly. (The Watson servers gather information generated and sent via those dialog boxes that ask if you want to report the problem or not after an application crash.)
Russinovich then explained that you can still save the crash file when using Vista by launching WinDbg, attaching it to the process, and then saving using a .dump command.
Another workaround (from Russinovich's PowerPoint):
Or you can configure Vista SP1 and Windows Server 2008 to always generate and save a dump file. Create a key named HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps Dumps go to %LOCALAPPDATA%\CrashDumps Override with a DumpFolder value (REG_EXPAND_SZ) Limit dump history with a DumpCount value (DWORD)
IT pros may now have a way around this particular issue, but that's cold comfort to customers wondering how closely to wed their fortunes to Microsoft in the post-Gates era that is about to begin.
It's hardly a secret that Ballmer and Ozzie don't see eye to eye, and a lot of the old guard, like Jeff Raikes, are also following Gates out the door.
As Joe Wilcox noted in January 2007, "Microsoft's evolving management structure [now] puts sales and marketing people at the top of the Microsoft organizational pyramid. Several reorganizations pushed aside or put to pasture many high-level, hard-core technology managers and replaced them with sales and marketing folks."
Microsoft is certainly big enough to take care of itself in the short term, but events (and rivals) are catching up, and it's hard to imagine Microsoft innovating at a fast enough clip to stay ahead of its rivals in a wide range of businesses.
Again quoting Joe, "Cultural clash is maybe inevitable, but its broad impact is still in the early stages."
That was in early 2007. A worsening cultural atmosphere doesn't bode well for Microsoft customers and the experience they may be buying over the next few years.
Wednesday, June 11, 2008
The deprecated and discontinued features are found in a backward compatibility online document on MSDN. There are several major areas with many compatibility issues:
- Database Engine
- Analysis Services
- Integration Services
- Reporting Services
- Full-text Search
Tuesday, June 03, 2008
Server Core in Server 2008 is a fantastic "new way" of dealing with the administration of the Windows operating system. Eliminating the graphical user interface and streamlining the OS to something just short of an appliance makes this OS more secure and highly tailored for specific functionality.
But, there's a learning curve most administrators will need to overcome to get familiar with this new OS. Managed entirely from the command line, there are a host of tools that most administrators haven't needed to know -- until now. Netsh, reg, netdom, net, slmgr ...
all of these are command-line tools that have been around for a while but don't get a lot of attention from administrators because they're usually overshadowed by their GUI adjuncts.
But with Server Core, there is no GUI, and in many cases there isn't even the processing capability on board to even instantiate a graphical tool. So, if you want to use Server Core, you're stuck learning these new/old commands. Until now.
Over at the Windowmaker's blog, Guy Teverovsky introduces the world the first custom GUI for Server Core's GUIless operating system. For administrators resistant to Server Core because of its command-line learning curve, Guy's tool eliminates much of the initial configuration pain by wrapping it into a graphical interface. \
Need to change IP settings? Click the Networking button. Adding to a domain? Click the Computer Name button. RDP, licensing, display, and firewall settings among others are all wrapped up into this little widget.
I'll admit that I'm impressed. For a GUIless OS, this GUI tool at first blush seems to go backwards from Microsoft's intentions, but it's a great stepping stone if you're not ready to move to a complete command- line basis for all your administrative needs.