Ubuntu stability. I’m still not seeing it.

Here’s some more red meat for all you Linux fans to chew me up over. My Lenovo T60p laptop here at work continues to be annoyingly unstable and I can’t seem to figure out what the cause is. I’ve gone as far as to completely re-install Ubuntu adding in only the bare minimum of extra stuff to get it operational and yet it’s crashing to a black screen, which requires me to power off the machine to get it running again, upwards of 5 to 8 times in a day. In the two hours I’ve been here this morning I’ve had to reboot it four times and that’s just unreasonable. These crashes occur in one of two ways: 1) simply browsing the web and 2) logging out at the end of the day. And, before you ask, I have Desktop Effects totally disabled. The two things beyond the basic install that I put on were 1) ATI’s graphic drivers with the Catalyst Control Center and 2) Adobe’s Flash player. That is it.

I installed the ATI drivers because it’s the only way to get Ubuntu to work properly with the 22” HP monitor I have hooked to the docking station. The built-in screen resolution utility with the default drivers absolutely will not detect that I have two displays (laptop and external monitor) attached, though it will kind of clone the display to the second monitor. Nor will it let me set the external monitor to a resolution higher than what the laptop screen will handle. And I installed the Adobe Flash software because the other two options are not fully compatible and everything I’ve read says that version 9, which I’m using, should work just fine with Ubuntu. My guess is that there’s something wonky with the ATI drivers, but there’s nothing in the way of alternative drivers that works properly with the setup I have here.  Again I freely admit that my lack of Linux knowledge is a contributing factor to my troubles, but it really shouldn’t be this hard to get a stable system that actually does what it’s supposed to do with so little extra crap added to the box. Every now and then I’ll get lucky and Firefox will just quit for no apparent reason—no error messages, no “this application has to be shut down” dialogs, just gone—and I won’t be able to launch it again until I figure out how to kill the process or reboot the system, but those are rare compared to the black-screen-of-death crashes I’ve been getting.

I read an article recently that said Microsoft should be worried about Ubuntu because it “out Vista’s Vista” and I had to laugh. Here’s the relevant snippet:

Well Steve you forgot your biggest threat so far, forget Apple for the moment, they have a few problems of their own to worry about before they are any real threat, Google is so far in front of you at the moment that they possibly dont even consider you a threat yet and Yahoo, well the further you distance yourself from that, the better, you really need to worry about Linux, and Ubuntu in particular as the current version called Hardy Heron out Vista’s Vista. It out performs Vista on the same hardware and it works right out of the box without a drama, the inclusion of Wubi, thus giving it the ability to install within a folder on a Windows machine, yet run as a complete OS without having to fiddle with boot loaders and such will give a lot of die hard Windows users a look at just what Vista should have been, and maybe turn them towards open source.

Not from my experiences it doesn’t. I’ve been running 32 bit Vista Business Edition for quite some time now and it has been rock solid stable. Certainly much more stable than Windows XP was and a helluva lot more stable than even a minimal install of Ubuntu has been. Useless as it is I can enable full desktop effects on Vista without worrying if it’s going to crash my system, not true on Ubuntu 8.04. I can install the proper video drivers for my video card and access all the features without having to worry if it’ll make my system unstable. I can install Adobe’s Flash player and not have to wonder if it’ll make my system unstable. “Works right out of the box without drama”? From what I’ve seen it is to laugh. This became even more glaring to me when I consider the fact that literally all I do on my work machine 99% of the time is run Firefox. Compare that to my Vista box which I not only browse the web with, but edit videos, play system taxing 3D games, playback music, and a whole host of other much more intensive applications.

Let me reiterate that this may be entirely the fault of my own personal ineptitude at using Linux, but it seems like it’s a lot harder than it should be. Perhaps it’s the laptop I’m trying to run it on. I’m told that some Lenovos don’t play well with Ubuntu, but I don’t have a choice in the matter as it’s a work machine. The odd part to me is that I have two Lenovos sitting here – the aforementioned T60p and an older T43p – and Ubuntu works just fine on the older laptop, but then I hardly touch the older laptop during the day so it spends most of its time idling. I also haven’t installed anything extra on the older machine as compared to the two things I installed on the T60p. Is the message I’m supposed to take away from this that Ubuntu is great so long as you can live with the default install and hardly ever use the damn thing? That wouldn’t work for me because I’m an unabashed tinkerer. I’m always trying out new software and new things on my hardware. Am I foolish to expect that the OS should know how to handle dual monitors without barfing all over the place? Is it really too much to ask for a simple hardware interface that doesn’t require poring through obscure text files to change system settings in hopes it’ll solve the problem? Google searches turn up no end of suggestions all of them providing differing changes to be made to various system files and none of which seem to solve the problem. The point I’m trying to make, again, is the fact that I’m considered a “Computer Professional” and I’m having a hard time. Do you really think Linux in general and Ubuntu in particular can really steal Microsoft’s crown with the average computer user if I’m having this much trouble?

Let the gnashing of teeth begin.

Vista’s security is not quite totally useless after all.

Last Friday I wrote about a presentation on a new hack attack that was claimed to make Vista’s security improvements all but useless. A lot of tech related websites ran the story as though it were the apocalypse for Windows as an OS, but the folks ovet at ArsTechnica.com say things aren’t quite as bad as they might seem:

The work done by Dowd and Sotirov focuses on making buffer overflows that were previously not exploitable on Vista exploitable. These are buffer overflows that would be exploitable on Windows XP anyway; after all, there’s no need to defeat ASLR if an OS does not have ASLR at all. Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista’s (in)famous UAC restrictions. DEP, ASLR, and the other mitigation features in Vista are unlikely to ever be unbreakable, especially in an application like a web browser that can run both scripts and plugins of an attacker’s choosing. Rather, their purpose is to make exploitation more difficult. Microsoft has a solution for those wanting to make it impossible—use .NET. These protections are there for when that’s not an option, to reduce—but not eliminate—the vulnerability caused by such programming errors. Even with DEP and ASLR, the coding errors that result in buffer overflows still ought to be fixed; it is only through fixing the errors that the flaws can truly be eliminated.

Even with the attacks described in the paper, Vista has many worthwhile security improvements compared to XP. Internet Explorer on Vista runs in a highly restricted environment, so that even when it is running malicious code it cannot harm the system. Stories suggesting that Vista’s security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.

They even have a few suggestions on how Microsoft may be able to reduce, if not eliminate, the effectiveness of these new exploits. The whole article is worth a read just for the overview of the security improvements Windows Vista has in place and what the problems are that allow this new attack to succeed. The upshot, however, is that Vista isn’t completely vulnerable to hackers as some sites have suggested.

A new attack method may render Vista’s security useless. May also work on other platforms.

If this article at SearchSecurity.com is correct then Vista’s security system has been rendered moot for folks who insist on using Internet Explorer:

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.

“The genius of this is that it’s completely reusable,” said Dino Dai Zovi, a well-known security researcher and author. “They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.

“What this means is that almost any vulnerability in the browser is trivially exploitable,” Dai Zovi added. “A lot of exploit defenses are rendered useless by browsers. ASLR and hardware DEP are completely useless against these attacks.”

I doubt that there’s truly little Microsoft can do about the problem, but the solutions involved might be unpalatable to their business goals (e.g. drop ActiveX altogether). The attack appears to rely on Internet Explorer specifically so one possible solution for Vista users is to switch to a different browser such as Firefox or Safari. Which, really, they probably should do anyway.

What’s more interesting is the conclusion of the article:

Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.

“This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable,” Dai Zovi said. “I definitely think this will get reused soon, sort of like heap spraying was.”

Unless those other platforms are running Internet Explorer and ActiveX I’m not sure how they’d be vulnerable, but then the article doesn’t go into great detail on exactly what the hack involves. Microsoft has said their aware of the presentation and are interested in looking at it more closely once it’s made public.

Microsoft uses Vista haters to demonstrate that Vista’s not so bad.

If you’ve spent much time here then you already know that I think Windows Vista is a decent operating system that is unfairly maligned. If I had a dime for every time I’ve had someone talk to me about how much Vista sucks only to say they haven’t tried it when I ask if they’ve even touched the OS, well, I’d have at least a few bucks to spend. Surely I’m not the only person who’s noticed that it’s gotten to the point of being “common knowledge” that Vista blows chunks such that the criticisms are repeated endlessly by people who haven’t even used the OS.

It seems Microsoft noticed that trend as well and they set out to put it to the test:

Spurred by an e-mail from someone deep in the marketing ranks, Microsoft last week traveled to San Francisco, rounding up Windows XP users who had negative impressions of Vista. The subjects were put on video, asked about their Vista impressions, and then shown a “new” operating system, code-named Mojave. More than 90 percent gave positive feedback on what they saw. Then they were told that “Mojave” was actually Windows Vista.

“Oh wow,” said one user, eliciting exactly the exclamation that Microsoft had hoped to garner when it first released the operating system more than 18 months ago. Instead, the operating system got mixed reviews and criticisms for its lack of compatibility and other headaches.

To be sure, the focus groups didn’t have to install Vista or hook it up to their existing home network. Still, the emotional appeal of the “everyman” trying Vista and liking it clearly packs an emotional punch, something the company has desperately needed. Microsoft is still trying to figure out just how it will use the Mojave footage in its marketing, though it will clearly have a place.

I wouldn’t be surprised by that at all. Certainly Vista has it’s issues, but then what OS doesn’t. The truth is the problems it had at launch were no where near as bad as what XP went through and, as was the case with past versions of Windows, it’s been slowly improving since then.

Apparently Microsoft is rolling out a new campaign promoting Vista that will run into the hundreds of millions in dollars and will include such things as free technical support for small businesses that switch to using Vista. Along the way you can be sure they’re going to be using that Mojave footage to show that Vista has gotten a bad rap:

“In the weeks ahead, we’ll launch a campaign to address any lingering doubts our customers may have about Windows Vista,” Ballmer wrote. “And later this year, you’ll see a more comprehensive effort to redefine the meaning and value of Windows for our customers.”

What gives the Mojave project its power, though, is the fact that it isn’t Ballmer or someone else at Microsoft saying that Vista has gotten a bad rap. It’s everyday people.

With scenes reminiscent of both Apple’s “real people” campaign of a few years back as well as classic commercials from Folgers and others, the Mojave project could prove a formidable weapon.

The Mojave project is remarkable both for its humble origin as well as the speed with which it was pulled off. The idea started barely two weeks ago in an e-mail from Microsoft’s David Webster to several superiors, including Veghte. Given the green light, Microsoft started videotaping responses just last week, in San Francisco. The preview Veghte gave to CNET News on Wednesday was the first time the footage had been shown outside the company and its contractors.

The footage could get a public airing as soon as next week or even at Thursday’s financial analyst meeting, although plans were still in flux as of late Wednesday night.

With the success of Apple’s anti-Vista ads—Macs are up to an 8.5 market share now—I’m surprised it’s taken this long for Microsoft to get around to fighting back. Now the question is are the big enough to overcome “conventional wisdom”?

Bill Gates says Windows 7 will be out within the next year.

Looks like Vista will be joining the ranks of past Microsoft OSes such as Windows ME as a short-lived and much reviled release as word from the Big Man himself says that Windows 7 will be out next year:

MIAMI—Microsoft Chairman Bill Gates on Friday indicated that Windows 7, the next major version of Windows, could come within the next year, far ahead of the development schedule previously indicated by the software maker.

In response to a question about Windows Vista, Gates, speaking before the Inter-American Development Bank here, said: “Sometime in the next year or so we will have a new version.” Referring to Windows 7, the code name for the next full release of Windows client software, Gates said: “I’m super-enthused about what it will do in lots of ways.”

[…] Unclear is whether Gates was referring to early testing of Windows 7 coming within the year, as opposed to a widespread release or debut. An early test geared toward developers would be conceivable. The company has repeatedly said that it will accelerate the development of new Windows versions, largely as a response to Vista’s roughly five year gestation period.

Of course Windows 7 will be using Vista as its base to begin with so it’s not like Vista is really going away, but this news may be enough for a lot of folks to skip right over Vista as it currently stands in hopes that the next version of Windows fixes a lot of the perceived flaws. It’ll be particularly interesting to see how businesses react to this news considering that last week Microsoft started pushing harder for businesses to adopt Vista.