Archive for September, 2005
My laptop has been undergoing some pretty gruelling system changes lately. I honestly gave Vista a good try this time with the PDC build and I could really start to see some usefulness growing out of it but things just bogged down as the different versions of the .NET runtimes started to play havoc with the installations I wanted to do – most notably the lastest builds of Visual Studio 2005. So… off came Vista and on went Windows XP (again). I just got XP up and going with the VS2005 builds when I realized I hadn’t tried out all the new stuff in Server 2003R2 (and had also neglected to blow away Vista’s program files directory), so XP came off and Server 2003R2 went on.
With all the reinstalling, I learned a few interesting things about how to do clean reinstallations without having to wipe the disk, so I thought I’d collect the few hints I remember for other people to learn from:
Creates a Windows.Old directory which contains all the stuff it would have overwritten had it been left in the original location. Basically this is the old “Windows” directory, “Program Files” directory and “Documents and Settings” directory with a few others if you’ve got directories laying around with inappropriate names (Boot and Build were the two I had).
Overall, it’s pretty well behaved and there’s no real preparations you need to do to maintain old data. The only thing to know is that “Documents and Settings” becomes “Users” so there’s no real conflict there anyway.
Installing XP or Server 2003:
The install process deletes your Windows directory. There shouldn’t really be anything in there you want to keep anyway so it’s not a big problem.
“Program Files” and “Documents and Settings” are left in place so if you want a clean install you have to somehow rename them before you reinstall. I ended up making a DOS boot disk with read/write NTFS drivers loaded so I could rename the directories before doing the installation. (This was the step I forgot going from Vista to XP which left a bunch of Vista binaries in my Program Files directory).
I think the laptop is finally up and running well on RC0 of Server 2003R2 now, with all the pretty Unix utilities installed and running well (even the Bash shell). Now if only I could find an X Server that wasn’t Cygwin (not that I have anything against Cygwin, but seems a waste to have TWO Unix emulation environments on one machine). I tried working with the “free” X-Win32LX but found that installing it on my work desktop used up my “free” copy and now I can’t get another one for my laptop. Useless idea of a “free” download in my opinion…
I’ve also given up Google’s Desktop Search for MSN’s Desktop Search as the Google search was being a pain and crashing or chewing 100% of my CPU and refusing to give it up in more than a few cases. The MSN search seems a little more friendly, though it won’t install on x64 versions of Windows, which makes me sad.
Apps that have made me happy for natively supporting x64 shell integration on the other had have been WinRAR and Tortoise Subverion, both of which play happily with the 64 bit explorer shell. Now if only my other favorite utilities would pull their fingers out and do the same thing.
One last thing – make sure you disable Symantec Antivirus if you want to do anything file system intensive. Installing the Unix Compatibility stuff on my laptop was slowed down by a factor of approximately 10(!!) when SAV was running and checking all of the 10,000 files as it was installing. I shudder to think how much it’s slowing my compiles and have to start to question whether this slowdown is actually more or less expensive than being hit by a virus.
I happen to like Googleâ€™s search engine and I couldnâ€™t find an easy way to get the built-in search to go to Google instead of MSN (not that MSN was really that bad, Iâ€™m just a creature of habit and am used to Google now).Â Well, a quick trip to the registry and everything was happy â€“ the search engines are all there nicely laid out in registry keys for me.Â To cut to the chase, just create the following text as a .reg file and â€œrunâ€ it to put Google into the search engine list:
Windows Registry Editor Version 5.00
Simple as that!
Note: Apparently this doesn’t work in the latest builds.Â Try here perhaps.
I was going to write some fun stuff about how things are now I’m back in Pittsburgh after my week in LA, but really there’s not much fun stuff happening. I’m madly trying to level Dd in EQ2 (though whether I’m taking tradeskills or levels is an interesting question), and also trying to get spare time to look through all the stuff I discovered at PDC. Tough conflicting requirements on my time there! Oh well, sleep was never necessary and it’s not like tradeskilling takes a huge amount of concentration.
Instead, I found this interesting quote on Slashdot:
“If Coca-Cola accidentally created 100 million cans of faulty Coke, you know for sure the entire 100 million cans would be dropped in the Atlantic or Pacific Ocean, without a second thought and irrespective of what that did to the year’s profits. What do we do with a crappy movie? We double its advertising budget and hope for a big opening weekend. What have we done for the audience as they walk out of the cinema? We’ve alienated them. We’ve sold audiences a piece of junk; we just took twelve dollars away from a couple and we think we’ve done ourselves no long-term damage.” — David Puttnam, movie producer (from GQ magazine, April 1987)
I have barely been to see any movies since I’ve been in the US. It’s just not worth my money or time to go out for what has largely been a bunch of sub-par movies. Why not just stay home and play interactive games, where you get to be active instead of passive in your entertainment? I think I’ve spent orders of magnitude more cash on the games industry than I have on the movie industry.
So, what’s this all about? The movie industry has become complacent. The video game industry is going to kill their profits and unless they find a way to produce more movies that are actually interesting there’s really nothing to do but sell your stock in movie companies that don’t own gaming franchises as well.
Not really much to say about day 4. Today it was all panels for me, on the future directions for .NET and Windows Internals. Rather than the traditional presentation format, it was audience driven with 4-6 speakers responding to questions from the floor. The .NET panels were interesting to listen to but I really couldn’t take much away from them. Future directions seem to be largely driven by demand and performance, with the only vaguely interesting thing (to me) being the possible addition of default implementations for interfaces which will give a poor-man’s multiple inheritance.
The Windows Internals session was more interesting in the line of discussion I concluded with yesterday. I was able to actually talk with the Windows kernel team about the restrictions being placed on kernel mode code and get their feeling on it. It was made rather overwhelmingly clear to me that the driver signing implementation was going in from massive corporate pressure to do something about malware and that sort of pressure (which really affects Microsoft’s bottom line on the business desktop where Linux is far more of a threat) isn’t something they can give way to easily. However, the line being pushed was a little less severe than the one I was hearing yesterday:
- Windows kernel protections will definitely be turned off when a kernel debugger is present.
- The decision to have Microsoft as the only signing authority hasn’t been made yet – it’s just one of the options being considered. Alternately some form of code signing could be used and managed as a group policy (something I’d be quite comfortable with).
- Local kernel debugging tools are likely to go away as they can be used to introduce unsigned code into the kernel. While this was obvious for Windbg, what this means for tools like SoftICE is far more ambiguous. I’m not sure Microsoft could get away with eliminating entire products like that.
- Sysinternals tools aren’t really a consideration in their thinking. While they acknowledge their usefulness, the pressure to restrict kernel mode is overwhelming.
- Kernel debugging through VM connections will be an interesting avenue to continue to use if looking into kernel structures.
- Windows XP-64 already includes code that scans for unauthorized patching and hooking of kernel routines and will bugcheck if it finds something.
- Microsoft recognizes that any security attempt is worthless unless they control the boot sequence from hardware. My take is that they believe raising the bar is better than doing nothing.
I’m still a little annoyed about the whole “need a kernel debugger present” restriction but I can see the point of view from Microsoft’s side, especially when expressed in terms of corporate pressure. Unfortunately that means that despite my love of the NT kernel, it seems Linux is going to become much more the OS of choice for people that want to mess around at the hardware/OS level to create new and interesting things. One of the strengths of Windows has always been its openness which attracted developers over other products, it seems that’s going to change. While I understand the loss, I still mourn it.
Today was definitely an interesting day at PDC. We got our copies of the Release Candidate for DevStudio 2005, picked up the DVD for Longhorn Server and got to listen to Bob Muglia tell us about Microsoft’s plans to seriously put a dent into Linux’s pet Beowulf space. I’ll keep the best until last though, so first things first and here’s the keynote summary:
- The “share the pain” video was almost as good as the “Napolean Dynamite” video. Another excellent production and one that developers can definitely relate to.
- Later this year (I assume with the .NET 2.0 release), MS will release “Windows Server 2003 R2” which will have a bunch of new stuff:
- Password synchronization with Unix
- Active Directory can have an NIS master
- Services for Unix bundled.
- .NET 2.0 (obviously)
- WS-Management support.
- MMC 3.0, which supports managed plugins (no mention of Monad though)
- Remoting of single apps
- A guy from Macromedia gave a demo about the new IT infrastructure, but it seemed to me to assume a lot of tight coupling between developers and the field. Maybe I didn’t fully understand it, but sounded like a lot of hype about nothing particularly useful.
- In 2006, they will be releasing the “Compute Cluster Solution” (CCS)
- Obviously targetting Beowulf – takes computing jobs and farms them out to a loose cluster.
- Beta 1 is available.
- Excel 12 will be able to use it to farm out big spreadsheet work.
- It would be nice if you could do a distributed compile on it, but that’s just pipe dreams I think.
- Full committment to have all administration interfaces available via Monad.
- A bunch of work is going on with AD.
- A bunch of work is going on with “Rights Management” too, but I still have to wonder if they really do get it.
- In 2007, Longhorn Server is due out:
- Terminal Services can be remoted through firewalls (so what’s the point of a firewall again if everyone can pump their protocols through them?)
- Transactional File System
- IIS 7 (more on this later)
- Event log is enhanced with a bunch of metadata about events
- Modular architecture – can remove all sorts of stuff including the GUI, it seems.
- Hot add/swap CPUs, Disks and RAM (assuming hardware support)
- IIS 7:
- Very modular, like Apache. Can add/remove modules at a directory level.
- Even tighter ASP.NET integration (when the module is running)
- Better diagnostics and tracing.
- Killing the metabase for XML config everywhere.
- All MS provided modules use the same API that we can write to.
- Gave kudos to Apache – good sportsmanship there really.
- Longhorn Server will support virtualization – VMWare stock gonna crash.
- Everything 64 bit.
The first breakout of the day (after I’d collected my Longhorn Server DVD) was “5 things every Win32 dev should know”. I just had to turn up to this one for the title:
- Performance isn’t what you think:
- Latency is the killer, that means DISK I/O.
- Pointers lead to page faults. Avoid them!
- Arrays are awesome – lots of data locality so less faulting. Trees are bad even though they are O(log n).
- Doing nothing is really fast!
- Play well with others:
- Always ask “what if 2 programs did this?”
- Polling is bad – uses CPU power and keeps memory pages present.
- Be careful in thread pools to clean up when releasing the threads.
- Be aware of remote desktops – animation on them sucks.
- Scale up and down based on machine hardware.
- Large Fonts and DPI changes:
- “Large Fonts” only affect a few things around the window edges. They will go away in Vista.
- High DPI settings affect everything!
- Scale bitmaps to cope with high DPI.
- Expect 96, 120, 144 and 192 DPI and TEST with those DPIs.
- Parent/Child and Owner/Owned is kinda complex:
- Parent/Child is containment
- Owner/Owned is encapsulation
- Reparenting is hard. Avoid it.
- Async input queues and syncing them:
- AttachThreadInput mimics Win3.1 behavior on queues.
- Owner/owned and Parent/Child attach input queues.
- Journal hooks screw up your entire system.
Definitely an interesting talk. Now to see if I can remember it all! The next session was a tough choice. Really wasn’t much going on so I went to a Vista UI guidelines session. Didn’t say much other than go here, and gave a pretty good demo on how to code up the new dialogs for Vista to make stuff look good. There’s a bunch of caveats when dealing with drawing on glass because GDI is so damn old and just doesn’t understand alpha blending. The best deal seemed to just use WPF wherever you can.
The lunchtime session I went to was on memory tuning in .NET. Lots of interesting tips, but nothing too fantastic if you’ve delved around a profiler before. Basically, the tricks are to use vadump, CLR Profiler and sos to poke around and figure out all sorts of cool info.
Next was a Java/.NET integration discussion which I really don’t have too much to write about. The general feeling of the talk was that they could demo a lot of stuff that will work well in a year or so when the final products are out and settled, but we’re still in the mess we currently find ourselves and nothing was mentioned about the small differences in interpretation of WSDL that can cause so many problems.
I’ll leave the Vista Internals talk for last, because the Vista Power Management discussion wasn’t that engaging. They’ve come up with a new event model for Power Management now so you don’t have to poll for power state, and Vista will have all desktops defaulting to sleep on a timeout, which will force a LOT of application developers to actually do something intelligent. You also no longer get the chance to prevent sleeping when the user initiates it – it just happens and you have to cope. As expected though, you can still disable any automatic power events while performing a long task (watching a movie, burning a CD etc.)
Now, for Vista Internals:
- New boot loader which is platform independant (can run 32 or 64 bit code)
- As mentioned before, kernel supports hot swapping or adding of CPUs, RAM, etc. No mention of removing anything though.
- Memory manager was refined:
- Deals with kernel memory more effectively.
- Handles NUMA and large pages.
- Handles the paging of video/GPU memory.
- Drivers can now run in user mode, and system can recover from one of these crashing (maybe).
- Better multimedia support in memory manager, IO manager and process scheduler.
- Lots of changes for windows services:
- Services stay in desktop session 0, but user windows move to session 1 so can’t message each other.
- Services can delay their start to help bring the system up faster.
- Serivces can declare their privilege sets and have their process tokens stripped of unneeded privileges on startup.
- You can get notifications about local or remote service state changes.
- Can programmatically recycle a service process without upsetting the SCM too much (if you do it right).
- Registry is now transactional (always was atomic though, just not across calls)
- Registry and File System can be virtualized (access denied can point the user somewhere else under the hood, to allow low privilege modes).
- Registry filter drivers can now be written, just like File System Filter Drivers.
- WoW64 (the 32 bit emulation layer):
- Supports VM spaces of up to a full 4G for user apps.
- 16 bit support has gone from 64 bit Windows (hooray!!!)
- 32 bit and 64 bit apps can talk to each other via COM (across different processes obviously)
And the real killer:
- All kernel mode code (and some critical user mode code) must be signed by Microsoft in Windows Vista 64 bit (and possibly 32 bit in the future).
- The only proposed way around this is by attaching an external kernel debugger.
Now, while this is being touted as a fantastic way to stop kernel rootkits and other nastiness, it really has a whole raft of other effects which are going to make life annoying, or just plain impossible for power users or administrators. For example, consider the following:
- None of the utilities at sysinternals.com will continue to work unless every revision of the driver code is digitally signed by Microsoft. That severely limits the creativity of people like Russinovich and Cogswell.
- Developers won’t be able to mess around with driver code for experimenting..
- Universities will have to get special builds of Windows to allow their students to write driver code (which is part of many courses these days).
- Driver fixes will be delayed by having to pass through Microsoft’s WHQL whenever a video card company wants to release something new.
- We can’t test any of our drivers on Vista without attaching a debugger – hardly a production test..
And that’s just the tip of the iceberg. The annoying fact is, rootkits can still get in. Sure, it raises the bar for them but the simple fact is, unless Microsoft can get hooks into the hardware itself and prevent it from loading a modified kernel image, malware can simply turn off the checking in the kernel. At some point a decision is made to load or not load a driver. Change that flag and you own the computer. People without computer knowledge will “trust” in Microsoft’s wonderful new security and they’re STILL vulnerable.
I hate stupidity like this. I actually don’t mind it being on, but for goodness sake, give me a method of self-signing stuff, allowing self-signing to happen, or some other switch to opt-out of this stupid restriction. Personally I think it’s got more to do with Digital Rights “Management” than it does preventing rootkits though. One more step for Microsoft refusing to understand core security principles – if you don’t control the entire boot sequence from the first instruction executed by the CPU then you don’t control anything. End of story. Thanks for playing.
I was really excited about Vista too, until I heard this..
« Previous entries