lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200408121618.i7CGIZtJ018873@pop-9.dnv.wideopenwest.com>
From: mvp at joeware.net (joe)
Subject: SP2 is killing me. Help?

The worst problem I have encountered with XP SP2 to date on 3 virtual
machines and two physical machines is the physical machine with dual
monitors needed two reboots after the install to get the display up on the
extension monitor. I got a Windows Popup saying a piece of software needed
an update (Nero) for this version of Windows with an actual link to the
company's website, that was pretty nice and dare say not many OS vendors do
things like that. I can't say that I am not annoyed by some of the changes
such as all the new security dialogs that pop up and such, but being annoyed
isn't a valid reason to gripe when we have been telling MS to fix their
stuff and they actually make the attempt. Telling me something is trying to
download a file in IE or that an installation file I am trying to run isn't
from a known publisher is enhanced security, no matter how annoying it may
possibly be. :o)

What are the specific issues you personally have encountered? We don't need
people running around quoting other stories and other complaints about how
bad it was for some other person they read about or heard about through the
grapevine. Basically if you don't have an issue that you specifically
encountered YOURSELF on YOUR MACHINE that you are looking to tell people
about to get help or document the workaround/fix, shut up, here and
everywhere else. Stop wasting bandwidth. The only person who wants to hear
your opinion on the Service Pack is you. Stories of people's issues with RC2
which is the link you posted really shouldn't hold back people from
installing RTM. Install it, sort out the issues, work to correct them. 

Re: your SP statement... In the mid/late 90's Microsoft was going to attempt
an SP every quarter as NT4 was still pretty fresh. I think SP2 was Jan 97 or
so, and SP3 was May 97 or so. That would have fit the schedule they were
trying for. I believe they backed off of that because it was too much for
them internally AND corporate customers such as the bank I worked for at the
time requested them to slow down since corporate IT groups had troubles
getting a full SP tested and out the door every quarter. The same reason
corporate IT groups requested MS release hot fixes once a month instead of
whenever unless the fix was ready and there was an immediate threat. 

As several others on this list have pointed out multiple times, this Service
Pack will break some things. First off, all Service Packs tend to break
things because they are changing functionality and fixing mistakes and some
companies depend on those mistakes or the functionality being a very
specific way with no exception process when it isn't that exact way.
Additionally, Microsoft has been admitting that this SP would be extra harsh
for some time which is why they had such an open beta and RC testing phase.
They wanted to try and catch as much as possible prior to the release.
People inside of MS didn't have a choice but to run the betas and RCs. If
the employees didn't load it, it got forced down onto their machines anyway.
MS was very diligent about chewing each piece of it. 

Still, things will break. How can you not expect them to break? People have
been whining here for some time that MS is doing this and this and that
wrong and paying too much attention to legacy apps and worrying about
breaking them. Now MS has said, ok, we will work towards security and not be
as worried about apps that people currently run. They haven't been as
aggressive in that area as they could be and that was a complaint I had.
However seeing the whining produced based on how aggressive they were, makes
me realize why they chose not to be as aggressive as they could have been. 

Just because something ran before and doesn't run now doesn't mean it is
Microsoft's fault. It could be that the vendor or local programmer who wrote
the program that doesn't work for you now simply didn't do it correctly.
There are a lot of crap apps out there written by people with no security
understanding and very little programming understanding. Hopefully this will
encourage some of them to get better.

Plain and simple, you can't complain that MS is doing a poor job at trying
to get better and then in the next breath complain about changes they make
to try and do a better job. If MS doesn't change things, things have no
chance at getting "better". So you can whine that MS isn't doing anything to
make the OS better or you can whine that they are changing things and
breaking stuff. You can't do both. There will be issues, no one writes
perfect code. No one will EVER write perfect code. Doesn't matter if it some
guy in his basement working on some open source project or some guy in
Building 41 on Microsoft's Redmond Campus working on an MS OS kernel. 


 joe


 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Darren Reed
Sent: Thursday, August 12, 2004 1:29 AM
To: xtrecate@...oo.com
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] SP2 is killing me. Help?

<various snippage>

Windows XP SP2 has got to be up there with Windows NT 4.0 service pack 2 in
terms of crap updates, possibly even worse.  Maybe M$ are trying to push
everyone away from Windows ?

If I recall correctly, NT4sp3 was not long after NT4sp2.

I wonder if we can expect an XPsp3 "soon" that deals with all the crap that
XPsp2 brings upon us.


Have a read of this:
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=239050
71

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ