[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] 70 million computers are using Windows 98 right now

On 7/26/06, Eliah Kagan <degeneracypressure@xxxxxxxxx> wrote:


Waldo--

> It will run  everything  (almost) that runs on top of a win32
> subsystem...(the top bar is higer actullay, it goes for native java,
native
> linux, native DOS, OS2 etc.. is a long list) and drivers as well,
enought
> for migration ;). Anyway you take it if you want, is free to try :D.

It aims to run everything that runs on top of a win32 subsystem and
more, and it will probably succeed. I am very happy about the ReactOS
project--but I think it's important to realize the difference between
what an OS will be and what it is now. In the context of security,
Windows 98's developers are no longer committed to security for
Windows 98 (even to the degree to which they were before), and
ReactOS's developers *cannot* be committed to security for ReactOS
because ReactOS is not stable--i.e. the developers do not classify it
as stable, i.e. the developers are perfectly willing to have bad,
insecure code in the system for an extended period of time if doing so
is most conducive to development.

> It is
> even smaller than 98 and will work with 32 Mb of RAM (maybe less in the
> future, some ppl are already testing at 8 MB!!!! hey that's better than
even
> win 95 and is a full NT Box WOW I beleive M$ make some millions to spend
a
> couple of dollars in memory chips!!).

It was really, really small the day before the first line of code was
written. It was pretty small after the first hundred lines of code
were written. In it's still incomplete state, it is no surprise that
it is still smaller than a complete operating system to which it
eventually is slated to contain comparable functionality in most or
all areas.



It is more complete than incomplete ;) If someone can ever say that a
software is complete. But ceirtanly there is not much missing. I would say
that it is about 70-80 %. Of course what's left are the most hard to do
parts beacause being Windows so closed there are still many obscure points
that needs to be clarified.

I may be misremembering, but I'm pretty sure that my old 75MHz P1

no-MMX Packard Bell box had 8MB of RAM when I put Windows 98 on it
(due to the other 8MB not being properly seated in the RAM slots at
the factory...ah Packard Bell, brings back memories...). Windows 98
crashed a lot, but it didn't crash any more often than I've heard it
crashes on just about any box, due to it being Windows 98.

What is cool is that ReactOS can be run, more or less, with 8MB of
RAM, and ReactOS is an *NT* style system--I wouldn't attempt that with
Windows NT 4.0. I've never used any version of NT before 4.0, and I
don't know what their memory footprints were. Perhaps they were less.



I beleive you can wake up NT 4.0 with a minimun of 16 Mb. I could give it a
try with some virtualization software to figure out but is not one of my
priorities right now. Anyway it will run on a machine where windows 98 runs.
It's hardware requirements are equal or lower.


Today linux distros take 128 Mb or
> more to run decently. So IMHO it is a replacement candidate for some
> situations already.

You have a good point--it may be a reasonable replacement candidate
for Windows 95/98/ME systems **where a guarantee of security being a
priority, from the vendor, is not required**. This implies that the
user knows enough about security to manage the risk that the vendor is
not managing. A guarantee of security from the vendor may not
translate into actual security, but it does translate into security
professionals getting pissed off and vocal when actual security is not
delivered.

I doubt ReactOS is a good replacement candidate for a Linux system--if
memory is the primary concern, OpenBSD or a small Debian system with
the kernel rebuilt sans unnecessary code would be a better option. If
a working Linux or other POSIX-like API is implemented as a subsystem
then it might be a reasonable replacement for Linux and/or other *nix
systems.



No,  of course not.  Not even a fully working windows is a replacement at
all for linux in most situations. Anyway if we put the
linux+wine+ndiswrapper the memory footprint of that configuration is
probably high. You could be righ here, I have not seen the memory
requirements of those configurations.


 Now, Linux is definitely not a natural migration pathway. That theory of
> adapting server oriented operating systems to the desktop, and believe
if
> was going to be a succes has proven to be wrong.

Really? Windows 2000, Windows XP, and Mac OS X seem to work pretty
well for novice users...



Sorry I don't get the point here.

Or are you belaboring the misguided claim that Linux is fundamentally

a server-based system but that Windows NT is not?



There was Windows NT workstation ;). With windows was the other way. From
desktop to server. Of course you can change Linux so much that it won't be
Linux anymore. Definitely putting an X server on top of unix won't make it
ready for desktop, that's a fact.



I wonder if mi parents
> will manage someday to even install it :D. (yes I'm making a
constructive
> critic here)

Have them install ReactOS without assistance, and get back to me.
(Hopefully their machine doesn't have fake parity RAM.)



Is the same way as windows 2000 and they have done that already.


Also do not forget about drivers. Keep in mind that some
> win9x drivers run or will run in ReactOS ;) and NT drivers as well. Ye
you
> can support X or Y hardware for linux (after some hard working time) but
> then with ROS X or Y hardware is or will be supported for sure with
little
> delay because is already there. You don't have to reinvent the wheel,
you
> just need to make the wheel work properly :D.

Or you could use NDISwrapper in Linux (or FreeBSD) and run your
Windows drivers, without rewriting any driver code. Sure, it doesn't
work for everything. Neither does ReactOS.



Why try to put patches to linux when you can have a non patched system ready
to go? And with 0 lerning time too ;). From the security point of view
that's important since it starts right at the user. Remember how many
security problems we see today with incorrectly configured systems.  Observe
also that you have to patch the thing from 2 sides, putting an emulation
layer on top of it and down in the kernel.


9x was never stable at all.

I dare you to run your 100 favorite Windows 98 applications on Windows
98 and ReactOS, and see which one seems more stable in the end. (And
taking files out of proprietary Windows and putting them into your
ReactOS system for this purpose is cheating.)



You are probably right here. Anyway Win98 is not supported anymore (we
wouldn't be talking about this at all). ReactOS is supported and will be at
least for a long time. Mainly the stability problems related with ROS are
due to memory management and maybe because some code still runs in ring-0.
Of course bugs too. Anyway I am not the most indicated person to talk about
the subject. The point is.. if it doesn't works for you right now (maybe it
does) stay tuned as it probably will someday.

It was never stable in the sense that any operating system that

crashes constantly and has an insane design is never stable. On the
other hand, it worked well enough that millions of users put money in
Microsoft's pocket to use it.



Millions of users never had a choice. I'm happy that some have it now.

Microsoft is a company oriented around

company profit, not user empowerment, and there was nothing keeping
company profit in line with user empowerment. This followed naturally
from the fact that Microsoft was a proprietary software vendor
competing in a market of proprietary software vendors. That Microsoft
has many of the attributes of a monopoly helps, too. When a Microsoft
spokesperson says that an operating system of theirs is stable, that
means that it's stable enough that people will buy it. (Just like when
a car company says their new vehicle is safe, it means it's safe
enough that people will buy it and the government won't go after
them--and of course they might be lying...it might not even be that
safe.) Microsoft now has to compete with developers who put user
empowerment first (or who put company profit first but have worked
hard to align company profit with user empowerment), and consequently
Microsoft must take users' desire to exercise control over their own
property (which is what security is about anyway, at the end of the
day) into account.



I agree.


In fact it was the big lie of the century to
> claim it as a production release.

The big lie was that as a server-oriented operating system, Windows NT
wouldn't scale to the non-"enterprise", and that consequently Windows
9x had to continue to crash the computers of millions of home users.
The only serious reason why a home user might not have wanted to use
Windows NT 4.0, besides the slightly higher system requirements (and
come on, I've had it running smoothly on a 486 with 32MB of RAM), was
because there was less driver support, the installation process sucked
worse, and the cost was high. There is no reason why Microsoft
couldn't have dealt with those problems easily, released a variant of
NT as an OS for home users, and killed Windows 98 back when it
deserved to die--i.e. sometime before it was renamed from Windows 95C
(OEM). It ended up taking Windows ME to convince the folks at
Microsoft that NT was better than 9x, even for home users.

When Windows 2000 was first released, software retailers were telling
people not to buy it because it was only good for business use. There
was no sense in this, but people believed the retailers and didn't buy
it. (It was pretty buggy when it was first released, though, so maybe
the net effect of this retailer uncriticality was positive.) Now you
are saying it ("[t]hat theory of adapting server oriented operating
systems to the desktop, and believe if was going to be a success has
proven to be wrong"), and there is still no sense in it. Or am I
missing something?



Yes there is sense. I'm making a critic to those that make things hard
without need. Also why adapt a server oriented OS when you don't have to?
What is more effective, that some people develop something situable or
millions have to learn something without need? Definitely less resources
will be wasted. And we are talking about a big difference.


Don't you think is a better idea?

If you're asking, do I think it's a better idea to run ReactOS than to
run Windows 98 (or than to run Linux), then I think that's a
not-well-formed question. What operating system is best depends on who
is running it on what, doing what, and with what needs.



I agree with that too. For example I'm not running it because right now I
need a stable windows compatible box to work. Also remember we are talking
about windows 98 users that have to keep with their hardware and/or license.

I would certainly prefer to run ReactOS than to run Windows 98 on any

of my machines. I attempted to install ReactOS on one of my machines,
but it failed to do anything, probably due to the damn fake parity RAM
that was in the machine and not due to any fault of ReactOS. I'm happy
I got that machine for free, because it had a sticker on it that said
it was stocked with ECC and I would've been pissed if I had paid for
that and got XOR gates instead. (And no, I'm not now nor have I ever
run Windows 98 on that machine--I have Windows 2000 on it. Gotta do
something with that consarned Windows 2000 license...)

> I'm even happy that
> 98 is finally in the trash bin at least from the M$ side of the game.

You're happy that Microsoft no longer helps users of the product or
evolves the codebase of the product? How does this fit in with your
apparent claim (with which I agree) that the product is bad because
Microsoft didn't put enough work into it before releasing it?



Both. Some users will search for better alternatives. Unfortunately some
(probably most) will remain stocked, that's inevitable. I'm pretending to
let them find that alternative wich someday finally will give us some
freedom. And for the evolution of the codebase of course. I'm happy that the
Frankestein just doesn't grows bigger. Jej is even good for those not having
direct contact with it. We'll have less zombie machines shooting out worms
and/or virus and less services going down because of that at least. And that
is just the peak of the iceberg, imagine how much possibly corrupt
information we'll get rid with the change and of course less data loss. I
think is a beter idea to kill than to try to fix the twisted thing.

I think this discussion is still materially related to security

vulnerabilities, and consequently is suitable for being on FD. If you
agree, then feel free to post what I have said here to FD with your
reply. If you feel it best to keep it one-to-one, that's fine with me,
too.



Sure. Why not? I like when many people participates in discussions, maybe we
all end up getting more knoweledge and better points of view.

-Eliah





Regards
Waldo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/