Windows Security
-
An interesting Q & A with Jim Allchin on security and Vista, although the tone of the questions is rather confrontational. It's more like what I'd expect from a Slashdot type crowd.
Allchin is careful and it's interesting to see his arguements for an upgrade. It's security and configuration on the business side, which makes sense. Unfortunately it seems that he's saying we didn't get it right in XP, despite our promises, and so buy our new upgrade and it will work. So what's the argument for Windows Horizon in 2009?
I know it's more complicated than that. When XP was released, some of the schemes, scams, and security issues we're seeing now weren't as big an issue. Starbucks wasn't a place you would go to work. The world has evolved and I understand the challenges there. But I'm not sure I like the upgrade cycle contiuing in some areas, the OS being one of them.
I'm starting to think the "software service" industry should respond here with patches, rewrites, refactors, whatever, to something like XP to allow it to continue to be servieable for a longer time, but for a price. We pay $50 a year and it funds continued development against XP or 2000. I know at some point they'd have to bail, but maybe they could lengthen timelines to something like 10 years for regular support at cost and have people continue to receive patches and run their OS or other software.
I have to admit that I wasn't sure what SQL Server could improve from 2000 that would make a compelling upgrade to 2005. As I dig in more, I see there might be some good reasons to move, but for now I'm still not sold that SQL 2000 support should stop after 5 years.
Especially since it's 5 years old!
Steve Jones
-
Surely (according to this link) http://support.microsoft.com/lifecycle/?p1=2852 product support for SQL2000 has about 2 years more to go in mainstream and then 5 of extended?
-
Avoiding any defence of Microsoft here, because a lot of the XP problems were oversights that probably would have been caught before release if they had a different focus then, I think Vista (and continuing OS upgrades) are inevitable and necessary.
Think of the OS as a house, because the analogy is close. You buy a house, and it can be upgraded and maintained for a certain time, after which the cost of doing so exceeds the value returned. As your family grows, the house you bought starts to feel constricted. You may or may not be able to remodel, but at some point it will end up being more complicated to apply the next remodel because it will sit upon the last three, rather than the original foundation. Granted, most of us usually keep our houses a lot longer than 3 to 5 years, but the principle is the same.
It's fairly obvious that XP is more stable than previous OS efforts from Microsoft, however imperfect it is. It's also fairly obvious that the majority of patches are actually issued because of the Internet-links the OS provides. If there was no Internet, there would probably be very few major security-scares in the industry. The "sneaker net" never really allowed the kind of infectious mass-attacks that we have today.
Nonetheless, because of the way the architecture for Windows was laid down, with user services providing such a rich experience, as long as new ideas for the interface are imagined, there will be new upgrades. Take out the GUI, and, like DOS before it, Windows would reach stable state fairly quickly. But at the same time, taking away that GUI would cripple the reliance people have today on "ease of use" in ther applications.
But that aside, for a moment, consider that $50 a year (or even $25) over a five year period is pretty much the price of most OS upgrades, so maintaining the legacy installations isn't really cost effective in that scenario. It would serve Microsoft (and the public) better to simply find a subscription model to reduce the price of the OS upgrades themselves. If people paid less for an O/S and then paid $20 a year for upgrades and maintenance, it would create a continuous improvement potential and a revenue stream to fund it.
It's awfully early though, so maybe I just need to crawl back into bed.
-
I have heard it said that Microsoft wants to get to a point where they have a new release every two years of SQL Server. As a DBA with 20 Production SQL Servers I say please no. Software companies take their good old time certifiying a new release of SQL Server and with budgets getting even tighter I cannot afford to continue to say to my boss dig in your wallet for a new release of SQL Server. I know the answer to that is the Software Assurance program but that costs a lot of money to. We still have a SQL Server 7 install that we cannot upgrade because the software is obsolete and the software company stated that they had issues to resolve to run on SQL 2000. We are stuck with this for at least another year because we don't have enough application folks to rewrite what this package does at the current time.
I think that the Microsoft operating system pay for patches is a good idea. If I buy a new PC at the end of the life of an operating system I am stuck to have to repurchase a newer operating system when I just bought the last one.Why ? A lot of people cannot just buy a new operating system and pay to have someone install it and make sure their software still works. My retired parents are a good example. I know at some point they have to kill of support for everything but there needs to be some reasonable timeframe established.
-
I don't understand your comment about "patches, rewrites, refactors".
On the one hand, you don't want Microsoft to write code on NT-based Windows to make it better and then sell it as Windows Vista.
On the other hand, you /do/ want them to write code on NT-based Windows to make it better, and charge for it.
You can't have it both ways. There have already been "patches, rewrites, refactors, [to] XP to allow it to continue to be servieable for a longer time" in the form of SP1, SP2, the .Net Framework, which have all added quite a bit in terms of security, features, bugfixes, etc. And they have been free.
-
I doubt they could release new versions every 2 years. What year did 2k or 2k3 come out into production?
Computers have dropped in price to the point where for many it is cheaper just to backup the files and put them on a new box, rather than service those machines.
But what they should do is have ISO's of old OS's for those who wish to tinker, and not in an ADHOC sort of way. It would make for a great historical aspect of MS or OTHERS.
I think the better analogy is a car. The car's life cycle is closer to software rather than a house and a cars resale value decreases while a house's increases.
I guess an old ENIAC or timex sinclair might be worth something to a museum, but more likely looked for the recycling the gold connectors, but most boxes are not worth the effort to dispose of them.
I've found some old memory is useful in daughtercards for some larger business machines. But all in all they are more of a 'privacy' issue and a little labourious in neccessitation for the physical destruction of the old drives.
Well since I've digressed too far already, I'll come back to the topic and put forward, that the diversity of OS's and versions of software show that the industry is vibrant and full of opportunity for those who can solve these problems. This mean work for those in the industry and therefore food on our tables.
I'm quite envious of the 20 SQL SERVERS I must state... and the geek in me would revel over reading the event and transaction logs.
One day the OS will be shipped out as EEPROM again and patches will just be flashing EEPROM. Then maybe you might be able to bring the OS over to a new box with less of an issue.
The possiblity of APP's following the same route wouldn't surprise me either, then the issue of migration might be not as daunting as it currently is.
My 2 cents.
Edward W. Stanley
-
One would think that after 5-6 years, SQL 2000 would be a mature product with very little issues. Yet just last month I discovered a bug that will bring a SQL Server 2000 SP4 instance to its knees. It is a relatively simple query that ANY login to a SQL Server can execute, driving the CPU to 100% utilization and precluding any further activity on the instance short of killing the underlying SQLSERVR.EXE executable or rebooting the server. I will not post the bug but Steve can confirm it. I've told him about it under separate cover and have been working with MS on the bug.
My point is that support for a database product is vital no matter how long the product has been in existence if there is a sizable amount of installed base still active. MS has committed to providing regular support for SQL 2000 through November, 2007. We really need to know now for planning purposes how much extended support will cost so we can make business decisions before 11/2007.
-
Two words: Planned Obsolescence
Since Microsoft does not charge for updates, upgrades, etc...to existing systems (OS or Server) it eventually comes to a point where Microsoft is no longer making money on an old release. This is true of any software company, isn't it? So, eventually the new version has to come out because a new stream of revenue is needed. The key is to provide enough upside for the consumer in the upgrade to offset the price of the upgrade (not just software cost, but time, lost income, support costs etc...).
Personally, I run XP at home and will continue to do so for as long as I can. I have a stable system that is capable of doing much more than I want to do with my PC already. I don't need the redesigned interface, the transparent folders, the sidebar or any other UI enhancements (I don't use many of the enhancements in XP over Win2000). Security improvements are great and needed, of course, but why should I need to buy a new OS to get them?
Would you buy a new car if the new one had lots of features you would never use but had an alarm system your old one doesn't? I wouldn't. I'd buy an alarm.
-- J.T.
"I may not always know what I'm talking about, and you may not either."
-
I'll drive this metaphor further... but first .....your cusory conclusion about the differences between xp and vista are disparaging and therefore can conclude that you fit into the dump the box after it breaks mentality.
New cars or computers will have new components, cars will have better emissions, better fuel economy, hp .. geeze I could go on.
A similiar situation occurs with computers, things like a more secure TCP/IP stack for one, better File system for another, better handling for multiple users, better support for game graphics settings to get better performance out of the wicked new ATI 1900 or NVIDIA next gen 7900...
These things require an overhaul of the original OS, and cost money to develop, and therefore warrant a fee.
I have gotten 100's of hours of entertainment and made a good deal of money out of my pc over the few years since I've built her.
Same was true of my previous pc's.
Those things like making your money back and then a profit off of a purchase is what is called an investment. Entertainment dollar ratio of 10 cents or less an hour is what's called an embarassingly good deal.
Sad that most are more concerned about a few hundred dollars versus what one can do with that expenditure and how much would be needed to be spent to achieve the same results through analog or other means.
(apologies for the spelling, grammer, but not my point of view)
-
Ah, but if it were only the cost of the OS you'd be right. How long was the list of Win2000 compatible software that would not work under XP? How long is the list of software that works under XP but doesn't under Vista be?
You're right that I was making light of the changes in Vista but it was to prove a point. In order to run all of Vista's bells and whistles and allow it to look like it is supposed to I will need to upgrade my hardware as well.
The total cost of an upgrade from XP to Vista for me is going to be much more than the $150-200 the OS is likely to cost. I will need a new computer and new applications. I'm sure many people will be in the same boat much like the Win98/WinXP upgrade some people did and then found out they had to buy new hardware just to get decent performance out of the new OS. (I speak from personal experience)
As for being a member of the "dump the box after it breaks" crowd. Yes, I guess I am sometimes. I use my computer at home for playing games well below the threshhold of modern graphics, surfing the internet, email and some digital photography. Should I have to buy a whole new computer system, state-of-the-art, and new software which I have to spend time installing and learning just so I can continue to do that?
If I had a car that ran well, got me from point A to point B without problems, didn't break down, and I felt safe in it I wouldn't go and spend the money on the most safe, most technologically advanced car just because it was better. Some people do. Just a difference of approach.
-- J.T.
"I may not always know what I'm talking about, and you may not either."
-
Interesting comments. I don't think there's anything wrong with MS writing a new OS, charging for it, etc. But I'd like to see them and other software vendors continue to support, or allow someone else to support, the older versions. In my mind this is where the copyright issues with software break down. MS continues to hold the W95 copyright, but they won't support it. I guess I'd like to see software move to Open Source or the public domain maybe 4-5 years after it's end of lifed.
Alternatively, I'd like to see MS keep people working on the old OS fixing things, and charging a small fee, maybe $20 a year is better, to continue to receive updates.
As far as every 2 years, I had this arguement in '03 with Tom Rizzo, then Program Manager for SQL Server at the PASS conference. They were bemoaning that SQL would likely come out in 04 and it would be 4 years since the last release (Nov 2000 was ss2k). They would like every 3 years and I argued that 4-5 was perfect. Good enough for the server to get stable, people to learn it well, etc. but not too often to make upgrades hard to keep up with.
If they went with every 2 years, which wouldn't be the end of the world, I'd be ok if they had rock solid upgrades from the TWO previous versions. Most people I would think, would upgrade only every other version, or about every 4 years.
-
As for it being state of the art... nothing a consumer can afford is state of the art... a new entry level pc with vista i imagine will come in at around 400-500 US. A reasonable price for 5-7 years of good use, given your light impact use. And since its not for profit, i must conclude this is part of your entertainment budget. Again that amount seems reasonable for the features and options available.
As for applications, it seems like theywill again will probably put deterents into running hacked wares, but running hacked wares is just stealing to me and seems fair.
Also as for hardware, the usually offending hardware is things like that cheap win modem and goofy french sound cards that do not run.
There are emulation modes as well vmware for one to run legacy software and hardware. I got a win98 only scanner to run that way, albeit it was a little heavy handed but the industry I am in has that in its aspect and if I can't make a scanner work then I shoiuld probably change fields.
Life is about learning, it sounds like a fear of change.
As an aside 95/98/2K/XP really all owe their design interface to Norton desktop.
http://toastytech.com/guis/ndw.html
There is nothing to say you can't run any OS you like, jsut as you are open to run with open source should you want, or even build your own OS.
As for "a car without problems, never breaks down, and is completely safe"; I fear those cars do not exist, except in the same world where noone gets speeding tickets and insurance is pennies a glass.
Cheers.
-
I guess I just don't believe that Microsoft's End-of-Life process is driven by altruism at any level.
Upgrading my system to Vista would likely cost me over $1000 in software I would have to repurchase that was written for XP, I bought several years ago, don't have support on, and won't work under Vista. Not a heavy price to pay, true, but $1000 I'd just as soon not spend if all is working as it I want it to. I'm not an early adopter and I don't have to have the latest, greatest just so I can say I do.
Instead of focusing on a single home user, though, think about the support costs involved with upgrading a company of 1000 desktops to Vista from XP. How about 5000? 10000? I work with and have good contacts in about half a dozen companies. Most of them haven't even fully converted to Win2K3 yet and some still have Win2K on the desktops in at least 10% of the user base because some product they use isn't supported on XP.
Microsoft is eventually going to reach a point where only consumers who want the shiny will upgrade quickly when a new OS comes out because corporations will tire of the expense and time needed to perform an upgrade.
-- J.T.
"I may not always know what I'm talking about, and you may not either."
-
I know all about those costs.... i just finally got rid of 95 box from a holdout... MS seems agreeable with their licencing system for high volumes.. I know over at Konica Minolta, they get a set for the whole company over a reasonable term. But thats the cost of doing business, either that or go back to pen and paper, which suits me fine but its hard on the wrist doing Flash that way...
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply