Why You Should NOT Ditch Windows XP

Nathan Bauman over at PCWorld had an article titled Why You Should Ditch Your Windows XP Laptop Right Now. This sort of pitch has always interested me after a fashion – the thinking just escapes me (as a personal Windows user). The reasoning for a corporate environment would be different, of course.

Here are the reasons Nathan lists for switching to Windows 7:

  1. Windows 7 is easier to use.
  2. Windows 7 is more secure.
  3. Windows 7 supports disks with 4K blocks.
  4. Windows 7 supports more than 2Gb memory.
  5. Windows 8 is a disaster – so get Windows 7 before it goes away.

There are many reasons to stay with Windows XP for now. Be aware that I’ve not yet purchased my own Windows XP – I still have Windows 2000 for when I need Windows (which is almost never).

One reason is that Windows XP runs on virtually anything you can pick up – even one-year old and two-year old (gasp!) hardware. Requirements are 128Mb memory recommended and 1.5Gb disk on a Pentium at 233MHz or better. Windows 7 requires four times the memory, approximately 16 times the disk space, and four times the CPU power.

This variance in requirements leads to much lower costs for Windows XP hardware. A search on eBay for laptops with Windows XP shows a huge number of laptops for less than $300 – some as low as $120. These were laptops that presumably once sold for $1200 or $1800 or better. If we assume that a $300 laptop once sold for $1800, that is an 83% reduction in price from original retail – $1500 that stays in your pocket. New laptops with Windows 7 start at $350 or so for minimal systems; for a full-power system with Windows 7 it could be well over $1000.

The software itself is cheaper. Again, on eBay one can find Windows XP SP2 for $30-$40 whereas Windows 7 Ultimate is $75 and up – a savings of over %50.

Lastly, why buy Windows 7 now at retail prices when you can wait for Windows 8 – and get Windows 7 at fire-sale prices for hardware that by then will have lost 80% of its value. Just by waiting you can save thousands of dollars.

There is also the fact that a lot of software may not yet fully support Windows 7, and the software you count on the most may run only on Windows XP.

So now – that’s why you should stick with Windows XP (just remember to properly secure it!). Let everyone else spend their thousands of dollars and you can get their old equipment for a fraction of its original cost.

However, for an enterprise, the reasoning would be different – and the results might be different.

Microsoft Joins Red Hat in Dropping Itanium Support

Red Hat announced at the end of 2009 that Red Hat Enterprise Linux 6 will not support Itanium, and now Microsoft has announced that Windows Server 2008 R2 will be the last version to support Itanium.

This is not good. HP is the largest vendor of Itanium systems – they should be, since Itanium was an HP-Intel joint venture. Intel just introduced the new Tukwila chip in January, and now Windows and Red Hat Enterprise Linux will not be found on the chip.

Most pertinently for HP, this means that Integrity Virtual Machines running Microsoft Windows and Red Hat Enterprise Linux will neither be available nor supported.

SUSE Linux Enterprise Server (SLES) is still available for Itanium, as is HP-UX, and OpenVMS is due soon. Time will tell if this bailout by Red Hat and Microsoft will affect HP’s bottom line; Intel should be relatively unscathed.

UPDATE: Fixed factual error.

Why Internet Explorer 6 Refuses to Die

Internet Explorer 6 was one of the ways that Google and many other companies were attacked recently. Web developers have hated it for a long time because of its lack of stability and lack of standards support.

IE 6 is the default browser shipped with Windows XP, and routinely is placed into lists of one of the worst technical products ever. Google announced in January that they would stop supporting IE 6 (which means YouTube will no longer work in IE 6). The French and German governments strongly advised (link in French) against using Internet Explorer in January 2010, in part because of security risks in IE 6. There are campaigns everywhere advocating against the use of IE 6.

So why is it still alive and supported by Microsoft? Over at the IT Expert Voice, one writer was determined to find out. The article is very interesting, and listed a number of reasons that IE 6 is still being used in spite of it all:

  • Upgrades comes slowly. If you upgrade your systems on a three to five year cycle, then IE 6 is very likely still present on the network.
  • A critical application requires IE 6. This is quite unfortunate, but happens often enough. If the vendor hasn’t converted to a more standards-compliant environment, the users can’t either.
  • “If it isn’t broke, don’t fix it.” This is almost a “head-in-the-sand” approach – or an extreme reluctance to upgrade at all. Hopefully, this is not common.
  • Using IE 6 can limit users to more appropriate sites. This reason is also incomprehensible: certainly the more popular sites will fail to work in the future with IE 6 – but IE 6 is also a security risk and more and more work-related sites will stop using IE 6 as well. I can’t imagine anyone would seriously use this as a reason to keep IE 6 – but apparently some have.

CNet also had an interesting article about why Intel continues to use IE 6; it is an excellent read.

LexisNexis Tools Come to Microsoft Office

At the LegalTech Conference taking place in New York City, Lexis announced a partnership with Microsoft. The competition has tools, but this partnership has all the markings of a competition killer.

LexisNexis research tools will be built into Microsoft Office products, in particular: Microsoft Word, Microsoft Outlook, and Microsoft Sharepoint. This means that no matter what Westlaw comes up with, and no matter what Bloomberg comes up with, Microsoft Office comes ready to use LexisNexis out of the box.

Thus, I would expect Microsoft Office upgrades to be high on every lawyer’s agenda shortly. Your corporate counsel is likely to be begging for it as soon as they hear about it.

The Microsoft Windows 7 Time Bomb

A while back, I received the Windows 7 pre-release version (Windows 7 RC apparently). I was excited to try it, but decided not to install it after seeing that it had an operational time limit.

Now the time is upon us, and Microsoft’s Windows 7 RC will start notifying users on February 15 that it will start shutting down on March 1. On that date, Windows 7 will start shutting down every two hours, and without warning, potentially causing data loss. The Windows Blog has an article that clarifies these points.

After the June 1, 2010, expiration date passes, Windows 7 RC will flag itself as “not genuine” and will have a black background specifying that fact for all the world to see. Not a pleasant thing to have happen, to be sure.

Even for those who decide to upgrade, an in-place upgrade is not possible; this points to another way for possible data loss during reinstallation. (Another reason to store your data on a separate drive, whether a network drive, USB drive, or separate partition.)

This entire thing is nothing less than a time bomb penalizing the Windows customer for using Windows 7 RC. I am relieved that I, for one, did not install it.

I can only imagine the problems faced by a small shop that installed Windows 7 RC on several clients, now being forced to reinstall Windows 7 from scratch. I can also just imagine what would happen if a UNIX release did this…

The Dichotomy of a System Administration Career

When you choose to work in system administration, generally you have to focus on one operating system or another. The dichotomy comes in choosing a system to focus on for your career.

How do you go about choosing which system you want to administrate as a career? Do you go with a common system like Microsoft Windows or a relative rarity such as OpenVMS?

If you go with Microsoft Windows Server, for example, there will always be jobs available (relatively so, anyway). Every corporation seems to have at least one Microsoft Windows Server, and they all need to be taken care of by someone who knows what to do. However, there will be lots of other people that do the same thing. So even as there are jobs out there, there are lots of applicants and lots of competition. With this abundance of people who know how to administrate Windows servers (or think they do) comes a lower pay, as an employer can be selective in who they choose. This is the basic economic principle of supply and demand at work.

On the other side is administering UNIX servers – or even more so, OpenVMS servers. The number of people who can administrate these servers is less than those who work with Windows, which means their expertise is more expensive. For a variety of reasons, UNIX is present less in the average enterprise, and the number of UNIX servers is very likely dwarfed by the number of Windows servers. This is an advantage as the pay scale will be higher, but the disadvantage is that the jobs will be fewer.

When the market is tight, those with more specialized skills will find themselves having to move where the work is, and will have to search further afield for possible openings. It is a trade-off – and it’s your choice. Just be sure you have the facts first before you choose.

Windows stealing your focus?

I did some research into this, after being reminded of it as a problem that leads to sysadmin error. When you are typing into a window (such as an SSH session) you do not want a program such as Pidgin to take the input focus and wind up typing the root password into an IM box to a friend – and over the network in the clear besides!

This problem is not unique to Windows; it is just happens in more places in Windows. MacOS X and Gnome can suffer from this problem; KDE apparently is the has the least number of problems with this.

Apparently, there is a registry setting that will fix this (almost); it can be set by using TweakUI or by changing the value by hand with RegEdit. The key and value are:

HKEY_CURRENT_USER\Control Panel\Desktop\ForegroundLockTimeout – set to 30d40 (hex)

Johan Känngård has a short article where he describes a program he wrote to set the proper setting every time he logs in – to foil programs that reset the setting.

There is a detailed explanation from Jeff Atwood at Coding Horror about the problems inherent in the focus-stealing approach, and how to fix it as a user – and also an article about the problems with XP’s automatic update nagging (a prime offender in focus-stealing).

There is also a nice article from Pro Reviewer about the problem. One suggestion sometimes made (and made well here) is to use a utility that keeps a window on top of all others: this utility will also, by extension, refuse to give up focus from the affected window. Pro Reviewer reviews DeskPins, which seems to work well. Just don’t expect any windows to come to the front…. like Outlook notifications or popups, etc.

Announcements: Firefox, Virtuozzo, PDF, and more

There are a variety of interesting announcements that have been floating about.

Probably the most talked about is Firefox 3 – it set a world record for the most software downloads in a single day – over 8 million downloads. Wow!

FreeBSD already has a build of Firefox 3. When will we see a build of Flock 1.2 I wonder?

HP announced that they will sell and support Parallels Virtuozzo (a commercial version of OpenVZ) on Itanium systems running Windows and Linux. What this means for HP-UX VM is unclear at this time.

Adobe’s PDF format has been formalized as a standard, ISO 32000-1. Only time will tell how much of a benefit this will be.

Apple updated MacOS X and MacOS X Server to 10.5.4; time to update your systems. Now would be a good time to check out those security guides for MacOS X (10.3, 10.4, and 10.5) that Apple released early last month.

Also, if you missed it, the security distribution BackTrack released version 3 last month. BackTrack is a live CD Linux distribution focused on security and penetration testing: fix your systems before the attackers do it for you.

The EeePC and UNIX/Linux

Wandering about, it would appear that UNIX aficionados (geeks!) are putting everything imaginable onto the EeePC.

For example, there are people running MacOS X Tiger, MacOS X Leopard, OpenSolaris 2008.05, Ubuntu, and NetBSD on the EeePC. There is a video review of the EeePC which is very informative and well done (even if the video itself is slightly off-color). There is another video describing the EeePC and how to install Ubuntu Linux onto it. There’s even a video demonstration of MacOS X Tiger running on the EeePC. Doesn’t seem to be anything it can’t do.

There’s a NetBSD on EeePC page as well.

This all makes me want to go get one for myself; I’ve been holding off. One of these with a dual-bootable Windows/Linux or Windows/UNIX installation would be perfect – and as it boots off of flash cards as well, perhaps Windows 2000 on flash would be just the thing for me (every corporate doodad requires Windows – VPN, WPA, intranet – ack!).

These machines apparently continue to be quite popular, as this romp through UNIX on the EeePC shows.

PWN to OWN Contest at CanSecWest 2008

The PWN to OWN Contest is a hacking contest at the CanSecWest security conference that pits a standard install of Linux, Windows, and MacOS X against all comers. Each laptop has a default installation on it, and has not been hardened at all. The successful hacker will not only win a cash prize, but the system in question as well.

The MacBook Pro was the first to fall, and the laptop running Microsoft Vista Ultimate second. However, there will be those that misinterpret the results by not realizing how the contest was conducted.

Each contestant gets 30 minutes to attempt to crack the machine, and can choose which machine to attack. The attacks are limited by the rules, and each day that went by the rules allowed a wider range of attack vectors. It was a third party application (Adobe Flash) that permitted the compromise of the Microsoft Vista machine.

No part of the contest can be considered a scientific study into which system is more secure than the other: contestants attacked a single machine of choice, and contestants were allowed their attempts one at a time – and the operating system was not hardened.

This is entirely different than, for example, the Capture the Flag contest at DEFCON. That contest consists of setting up a server and trying to capture the other teams “flag” through compromising the server in some way. In that contest, any and all comers are permitted to enter and to attack at will during the contest with whatever vulnerabilities and methods they have available.

Speaking of DEFCON, DEFCON 9 saw the entrance of an Alpha-based VMS machine – installed with the standard setup – which remained unscathed throughout the contest, though try they did. The VMS Team (the Green Team) had a writeup and also wrote a white paper afterwards.

If you are interested in DEFCON, DEFCON 16 will be August 8-10 in Las Vegas, Nevada.

Also, speaking of DEFCON – let’s not forget the similarly named but totally unrelated InterSystems DEVCON2008, which is just wrapping up. DEVCON, among other things, covers Caché development and related. It is interesting to note that InterSystems DEVCON began 15 years ago, whereas DEFCON began 16 years ago. I wonder how much Caché security is covered at DEVCON2008.