December 2nd, 2008

Posted by Mary Jo Foley

Microsoft is continuing to broaden the pool of Windows Vista Service Pack 2 (SP2) testers beyond the fairly small, select group who’ve been working with test builds for the past few months.

On December 2, Microsoft made the latest beta build of SP2 available for download by any TechNet and Microsoft Developer Network (MSDN) subscribers.

Over on the jkOnTheRun blog, Kevin Tofel posted the most complete list I’ve seen of what’s in Vista SP2. (Tofel’s full list has disappeared, but not before I grabbed it. It’s now at the bottom of this post.)

In addition to the known Vista SP2 features — such as the ability to record data on to Blu-Ray media natively in Windows Vista and the addition of Windows Connect Now for simpler wifi configuration — Tofel says SP2 also will include:

• Built-in Hyper-V hypervisor
• Event logging support in SPC
• Fixes for DRM issues from WMP upgrades
• Windows Vista Feature Pack for Wireless
• Functionality to reduce resources required for sidebar gadgets
• Improved power settings for Windows Server 2008

Note (added on December 3): Even though Microsoft originally listed Hyper-V as one of the features it would make available as part of Vista SP2, that information is incorrect. A company spokeswoman sent me the following update:

“Sorry for any confusion, but Hyper-V is in Windows Server 2008 SP2, not Windows Vista. Apparently it was listed incorrectly and they’re correcting it now.”

Microsoft made a first beta build of SP2 releases for both Vista and Windows Server 2008 available to select testers in late October. Company officials have said to expect the final Vista and Windows Server 2008 SP2 builds in the first half of 2009.

Last week, the Tech ARP site reported that Microsoft is targeting April 2009 as its final Vista SP2 release date. Given the Redmondians’ desire to get Vista SP2 out the door before Windows 7 is released to manufacturing, April makes a lot of sense. The latest RTM targets I’ve heard for Windows 7 are in the June/July 2009 realm.

On a related note, speaking of service pack updates, the Windows Home Server team is readying its Power Pack 2 update for mid-2009. The second full-fledged release of Windows Home Server, which will possibly come in Basic and Premium editions, is now looking like a 2010 deliverable, according to APC Magazine.

Back to Vista and Windows Server 2008 SP2: Any testers out there anxiously awaiting any particular features?

Update: Tofel’s list of Vista SP2 features is gone. Luckily, I saved his original full list. Here it is:

Emerging Hardware Support

•SP2 contains Blue tooth 2.1 feature pack supporting the most recent specification for Blue tooth technology
•Ability to record data on Blu-Ray media,
•Adds Windows Connect Now (WCN) Wi-Fi Configuration to Windows Vista SP2,
•exFAT file system now supports UTC timestamps, which enables correct file synchronization across time zones.
•SP2 provides support for new form factors, such as ICCD/CCID.  new form factor support –example USB form factor as opposed to PCMCIA).
•Support for the new VIA 64-bit CPU
Security

•SP2 includes all previously released security updates, and builds on the proven security benefits of Windows Vista
•Secure Development Lifecycle process updates, where we identify the root cause of each security bulletin and improve our internal tools to eliminate code patterns that could lead to future vulnerabilities
•Reliability
•SP2 addresses previously released reliability updates, as well as addressing crashes, caused by Microsoft code,  discovered since the launch of SP1
Performance

•Resume performance when Wi-Fi connection is no longer available after resume from sleep
•Inclusion of Windows Search 4 for improved indexing performance,  improved relevancy in search, broader indexing scenario inclusion, as well as new Group Policy integration for Windows Search,
•Improvements to the RSS feeds sidebar gadget to improve update performance and responsiveness
Application Compatibility

•It is our goal that applications that run on the Windows Vista Operating System today and are written using public APIs will continue to work as designed on Windows Vista SP2.
•Previously released Application Compatibility updates are included in Windows Vista SP2.
•Spysweeper and ZoneAlarm now working with POP3 email accounts
Administration and Support Improvements

•Customers installing .net framework 3.5 service pack 1 will notice shorter download and installation times with Vista service pack 2 or Windows 2008 service pack 2 already installed,
•Service Pack Clean up tool (Compcln.exe): This tool helps restore the hard disk space by permanently deleting the previous versions of the files (RTM & SP1) that are being serviced by Service Pack 2.
•Single installer for both Vista & Server 2008
•Ability to detect an incompatible driver and block service pack installation or warn users of any loss of functionality
•Better error handling and providing more descriptive error messages where possible
•Better manageability through logging in system event log
•Componentization for Serviceability of the installer
Some Specific Fixes/Additions Include:

•Inclusion of Hyper-V
•Event logging support in SPC
•DNS Server now listens over ISATAP address
•Fixes DRM issues from WMP upgrades
•Windows Vista Feature Pack for Wireless
•Reduction of resources required for sidebar gadgets
•Improved power settings for WS08

Update No. 2: Microsoft is circulating a list of some of the hotfixes that is rolling up into Vista/Windows Server 2008 SP2. But Microsoft’s list does not include all of the features of the service packs. Perhaps that is why Tofel’s list was “disappeared.”

Here’s Microsoft’s note on its own list of SP2 features:

 ”This document contains a list of these updates with links to their descriptive pages on the Microsoft Web site cialis professional online color=”#004d99″>http://support.microsoft.com. There are other updates in Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 that have not been released, and they are not presented in this list.”

December 2nd, 2008

Posted by Adam O'Donnell

People seemed to get into a tizzy about Apple posting an announcement recommending Anti-Virus software for Macs. Even though it was retracted, I do think that Apple priming Mac users for the eventuality of widespread malware is a good idea. People who believe that the fundamental design of Macs will prevent them from being an attractive target for viruses are dead wrong.

Several reporters and bloggers jumped on the apparition that graced Apple’s knowledge base stating that Mac users needed to run multiple anti-virus packages. While the KB article turned out to be bogus, it does not mean that Apple users are safe from malware forever. I have said many times before and I will say it again: given the constant of end-user gullibility and a monetized malware underground, the emergence of Mac malware is a function of market share and anti-virus effectiveness on the dominant platform. You don’t even have to depend upon verbal arguments, as I provide a game theory analysis as well.

The fact that the announcement was made and pulled seemed to give some bloggers, including Joe Wilcox, fuel for their argument that Macs don’t have malware because they are fundamentally more secure.

The reality is that mass market malware writers don’t care about novel attack code anymore. They also don’t care about who is running the most vulnerable services. They do care about writing programs that look like legitimate applications that will trick the end user into voluntarily installing them. When the bad guy’s target is the human being at the console, then his only decision becomes what is the size of the target to go after.

The fundamental fallacy in Joe’s argument is that operating system security is equivalent to malware security. It isn’t. No level of system architecture can prevent users from harming themselves. Malware writers are just cialis professional generic waiting until there are enough victims to make their switch profitable.

ZipItFree 1.9

ZipItFree cialis pro was designed to be better than WinZip and WinRar combined. Save disk space and e-mail transmission time.

December 1st, 2008

Posted by Ed Bott

Update 2-December: An alert reader points out that the original version of the graphics for this post used an incorrect date for the release of Windows Vista Service Pack 1. I have corrected the graphics to reflect the correct release date and interval between RTM and the estimated arrival of SP2.

From the other side of the world comes a report that Windows Vista Service Pack 2 will be released to manufacturing in April 2009, roughly a year 14 months after SP1. The Malaysian website TechARP has a pretty good track record with this sort of prediction, and my sources tell me that schedule sounds about right.

Meanwhile, here in the U.S.A., some people are inferring more Vista doom and gloom from this schedule. My buddy Dwight Silverman at the Houston Chronicle says “SP2 is being rushed out the door” to keep up Vista’s momentum. Eweek’s Channel Insider calls SP2 a “last-ditch attempt to drum up sales for [the] beleaguered [Vista] operating system.” The Register says “Microsoft seems to be in a hurry with this release.”

They all need to dust off their Windows history books to see that the reality is exactly the opposite. If Vista SP2 does make its official appearance in April, it will mark a return to normal development and release cycles for Microsoft, which lost its way badly with Windows XP.

I’ve got the proof, in easy-to-read chart format. Here’s a timeline of every Windows service pack Microsoft has delivered since the release of Windows NT 4.0 in July 1996. Each color-coded bar represents the number of days between each service pack and its predecessor (RTM, in the case of SP1 releases). See any patterns?

As measured by service pack releases, the XP era was a distinct anomaly for Microsoft. Over the past 12 years, Microsoft has delivered 14 Windows service packs. The gap between SP1 and SP2 was a record 697 days, nearly two full years. But that pales in comparison to the gap between SP2 and SP3, which was nearly four years. If we throw out SP3 and also disregard NT4 SP2, which appeared a mere 59 days after its predecessor, we discover that the average gap between service-pack releases is around 300 days, or just under a year apart. If Vista SP2 arrives in mid-April 2009, it will be 355 436 days since its predecessor, or very close to in line with the historical averages.

In fact, the chart gets even more interesting if you include major updates delivered in formats other than service packs. The expanded chart below paints an interesting picture:

Sometimes these not-quite-a-service-pack updates take the form of “update rollups.” The most noteworthy recent example was Update Rollup 1 for Windows XP, which was released on October cialis prices 15, 2003, about midway between XP SP1 and SP2. It wasn’t a service pack, but it did offer an easy way to install a year’s worth of security patches on Windows XP without having to download them via Windows Update. (And no, there was no Update Rollup 2 for Windows XP, although Microsoft has used that term for several cumulative updates to the Media Center and Internet Explorer components of XP and Vista.)

Update rollups are also the preferred way to end a product’s lifecycle. After Windows NT4 SP6 and Windows 2000 SP4, Microsoft released update rollups containing 18 to 24 months worth of security updates and patches for each OS. It was the last big update release for both operating systems. When I compare that pattern to that of XP SP3, I think it’s a pretty safe bet that SP3 is the last big update we will ever see for XP.

Beginning with Windows Vista, Microsoft is using Windows Update to deliver reliability, compatibility, and performance fixes in addition to security patches. For Windows users, this is a new development. Windows XP users never got this type of update, but Vista users were treated to a steady stream of them:

Updates 938194 and 938979 were both released on August 7, 2007 and made major improvements in reliability, performance, and compatibility. In fact, the Microsoft Knowledge Base article for the latter update implies that it is the heart of Vista SP1 and recommends installing it “if for some reason you cannot upgrade to the full Windows Vista Service Pack 1.”

This stream of non-security updates has continued at regular intervals:

• 941649, released October 23, 2007
• 946041, February 11, 2008
• 952709, June 24, 2008
• 955302, August 11, 2008

That’s an update roughly every quarter, and is a major reason why those who actually use Vista have noted dramatic improvements even after Service Pack 1.

In addition, Microsoft has released application compatibility updates on a similar schedule:

• 929427, January 2007
• 932246, March 2007
• 935280, July 2007
• 943302, December 2007
• 947562, May 2008
• 954366, August 2008

A new Application Compatibility Update for Windows Vista is due this month.

By contrast, Microsoft released only three application compatibility updates for Windows XP, all within roughly six months of XP’s October 2001 release.

Around Windows XP Service Pack 2, Microsoft’s development and release cycle fell apart. Up until that point, customers could count on getting major update packages at least every year. After SP2, XP was basically ignored except for critical security updates, and Vista’s struggles are well documented.

But as I’ve discovered in researching this post, Microsoft seems to have hit a predictable update cycle for Windows desktop releases, with quarterly fixes delivered via Windows Update and rolled up into annual service packs. The crisis-driven development processes that defined Windows from 2003 until Vista’s release in early 2007 appear to be over, replaced by a much more disciplined management. Corporate customers in particular have every right to be skeptical, but if Microsoft can maintain this newfound commitment to shipping on schedule, it’s good news for Windows customers in all markets.

If you’re new to Linux, a few common mistakes are likely to get you into trouble. Learn about them up front so you can avoid major problems as you become increasingly Linux-savvy.

cialis price compare align=”justify”>For many, migrating to Linux is a rite of passage that equates to a thing of joy. For others, it’s a nightmare waiting to happen. It’s wonderful when it’s the former; it’s a real show stopper when it’s the latter. But that nightmare doesn’t have to happen, especially when you know, first hand, the most common mistakes new Linux administrators make. This article will help you avoid those mistakes by laying out the most typical Linux missteps.

Note: This information is also available as a PDF download.

#1: Installing applications from various types

This might not seem like such a bad idea at first. You are running Ubuntu so you know the package management system uses .deb packages. But there are a number of applications that you find only in source form. No big deal right? They install, they work. Why shouldn’t you? Simple, your package management system can’t keep track of what you have installed if it’s installed from source. So what happens when package A (that you installed from source) depends upon package B (that was installed from a .deb binary) and package B is upgraded from the update manager? Package A might still work or it might not. But if both package A and B are installed from .debs, the chances of them both working are far higher. Also, updating packages is much easier when all packages are from the same binary type.

#2: Neglecting updates

Okay, this one doesn’t point out Linux as much as it does poor administration skills. But many admins get Linux up and running and think they have to do nothing more. It’s solid, it’s secure, it works. Well, new updates can patch new exploits. Keeping up with your updates can make the difference between a compromised system and a secure one. And just because you can rest on the security of Linux doesn’t mean you should. For security, for new features, for stability — the same reasons we have all grown accustomed to updating with Windows — you should always keep up with your Linux updates.

#3: Poor root password choice

Okay, repeat after me: “The root password is the key to the kingdom.” So why would you make the key to the kingdom simple to crack? Sure, make your standard user password something you can easily remember and/or type. But that root password — you know, the one that’s protecting your enterprise database server — give that a much higher difficulty level. Make that password one you might have to store, encrypted, on a USB key, requiring you to slide that USB key into the machine, mount it, decrypt the password, and use it.

#4: Avoiding the command line

No one wants to have to memorize a bunch of commands. And for the most part, the GUI takes care of a vast majority of them. But there are times when the command line is easier, faster, more secure, and more reliable. Avoiding the command line should be considered a cardinal sin of Linux administration. You should at least have a solid understanding of how the command line works and a small arsenal of commands you can use without having to RTFM. With a small selection of command-line tools on top of the GUI tools, you should be ready for just about anything.

#5: Not keeping a working kernel installed

Let’s face it, you don’t need 12 kernels installed on one machine. But you do need to update your kernel, and the update process doesn’t delete previous kernels. What do you do? You keep at least the most recently working kernel at all times. Let’s say you have 2.6.22 as your current working kernel and 2.6.20 as your backup. If you update to 2.6.26 and all is working well, you can remove 2.6.20. If you use an rpm-based system, you can use this method to remove the old kernels: rpm -qa | grep -i kernel followed by rpm-e kernel-{VERSION}.

#6: Not backing up critical configuration files

How many times have you upgraded X11 only to find the new version fubar’d your xorg.conf file to the point where you can no longer use X? It used to happen to me a lot when I was new to Linux. But now, anytime X is going to be updated I always back up /etc/X11/xorg.conf in case the upgrade goes bad. Sure, an X update tries to back up xorg.conf, but it does so within the /etc/X11 directory. And even though this often works seamlessly, you are better off keeping that backup under your own control. I always back up xorg.conf to the /root directory so I know only the root user can even access it. Better safe than sorry. This applies to other critical backups, such as Samba, Apache, and MySQL, too.

#7: Booting a server to X

When a machine is a dedicated server, you might want to have X installed so some administration tasks are easier. But this doesn’t mean you should have that server boot to X. This will waste precious memory and CPU cycles. Instead, stop the boot process at runlevel 3 so you are left at the command line. Not only will this leave all of your resources to the servers, it will also keep prying eyes out of your machine (unless they know the command line and passwords to log in). To log into X, you will simply have to log in and run the command startx to bring up your desktop.

#8: Not understanding permissions

Permissions can make your life really easy, but if done poorly, can make life really easy for hackers. The simplest way to handle permissions is using the rwx method. Here’s what they mean: r=read, w=write, x=execute. Say you want a user to be able to read a file but not write to a file. To do this, you would issue chmod u+r,u-wx filename. What often happens is that a new user sees an error saying they do not have permission to use a file, so they hit the file with something akin to chmod 777 filename to avoid the problem. But this can actually cause more problems because it gives the file executable privileges. Remember this: 777 gives a file rwx permissions to all users (root, group, and other), 666 gives the file rw privileges to all users, 555 gives the file rx permissions to all users, 444 gives r privileges to all users, 333 gives wx privileges to all users, 222 gives w privileges to all users, 111 gives x privileges to all users, and 000 gives no privileges to all users.

#9: Logging in as root user

I can’t stress this enough. Do NOT log in as root. If you need root privileges to execute or configure an application, su to root in a standard user account. Why is logging in as root bad? Well, when you log on as a standard user, all running X applications still have access only to the system limited to that user. If you log in as root, X has all root permissions. This can cause two problems: 1) if you make a big mistake via a GUI, that mistake can be catastrophic to the system and 2) with X running as root that makes your system more vulnerable.

#10: Ignoring log files

There is a reason /var/log exists. It is a single location for all log files. This makes it simple to remember where you first need to look when there is a problem. Possible security issue? Check /var/log/secure. One of the very first places I look is /var/log/messages. This log file is the common log file where all generic errors and such are logged to. In this file you will get messages about networking, media changes, etc. When administering a machine you can always use a third-party application such as logwatch that can create various reports for you based on your /var/log files.

Sidestep the problems

These 10 mistakes are pretty common among new Linux administrators. Avoiding the pitfalls will take you through the Linux migration rite of passage faster, and you will come out on the other side a much better administrator.