Pages: 1 2 3 [4] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Captain Schmungles
Caldari Freelancing Corp Confederation of Independent Corporations
|
Posted - 2007.12.13 18:11:00 -
[91]
Quote: Why doesn't Windows protect its files?
The only thing that is actually required to load windows is NTLDR. Boot.ini is a boot configuration menu. If NTLDR is unable to locate the NTFS system on the hard drive, it will load boot.ini and prompt the user to tell the computer where the NTFS system is located.
This is normally not a problem because the default installation of Windows puts Windows on the first partition of the first hard drive, and since the majority of computer users only have one hard drive that does not contain multiple partitions NTLDR is never unable to locate the OS, and therefore never loads the boot menu contained in boot.ini.
So, strictly speaking, Windows does not protect boot.ini because boot.ini is not required to be present in order for the computer to successfully complete a boot sequence. People who experienced problems had problems because their OS was not installed on the first partition of the first hard drive. Boot.ini allows the user to save settings, so typically once you have manually located the OS via the boot.ini menu you never have to do this step again. Technically boot.ini is loaded every time you boot the computer (assuming a non-standard installation), but because the settings are saved the user does not have to manually locate the OS each time.
There is also the issue of administrator privileges. Under Windows the default user account is the administrator account, meaning that the user has permission to edit practically anything on the computer. There are some directories that even the administrator cannot overtly edit but can still edit through backdoor exploits or that rootkits and viruses can edit because they are programs that the administrator is running. In contrast, Linux operating systems do not assign true administrator privileges to anyone and so the Linux kernel does not have the same vulnerabilities as Windows does.
|
X1214
Gallente Sane Industries Inc.
|
Posted - 2007.12.13 20:26:00 -
[92]
It speaks a lot of a company to say sorry, but it says even more to fix what happened. Hats off to you CCP
|
Liang Nuren
The Avalon Foundation Knights Of Syndicate
|
Posted - 2007.12.13 20:42:00 -
[93]
And this is how it should be done. Excellent writeup of the issue.
-Liang -- I give up (Make me say whatever you want!): Price Check: Liang Nuren
|
Blackback Starkiel
EveArt Studios
|
Posted - 2007.12.13 21:36:00 -
[94]
Good to see a clarification on this. It's not so much the explanation itself as much as the proof that it's not being shuffled under the carpet that is the best with this blog. Well done. Even though you might be working day and night on an issue, that is not something the regular users notice -- hence rumours and speculation goes rampant. Telling anything (anything true at least) is better than silence any day.
Personally, I make sure I don't have anything critical under Windows, ever (EVE can always be re-downloaded after all). Windows is a toy good for gaming. Real work is what Linux is for (well, not quite true now that there is a Linux client too ... hmm, what did we need Windows for again?). . Blackback
Holographic gallery of my artwork |
Draconus Lofwyr
Eternal Guardians Corp. The Covenant Alliance
|
Posted - 2007.12.13 22:05:00 -
[95]
While i appreciate full disclosure and would appreciate more of it for more companies, i hope they take these following comments as constructive criticism and not finger pointing or flame baiting.
I am a network, systems, and desktop support admin for a med sized company and have more letters after my name than IN it, and was affected by this bug on one of my systems. I was able to repair this myself as the unit in question was a laptop and was easy to swap out drives to a second system.
I can understand bugs reaching clients due to pressures and deadlines and have to commend CCP for acting quickly to the issue once discovered. However. I will have to say, naming core application files the same as Critical system files no matter where they were located was shortsighted at the minimum and bordering on negligent at the worst. had the file been something more dangerous like replacing explorer.exe or even a .sam file, the damage could have been much harder to repair.
I would recommend a full application audit (which could very well be happening already) for any other potential system risks so this doesn't happen again. boot.ini could have been eve-boot.ini and none of this would have ever been an issue.
DL
P.S. CCP, keep up the rest of the good work on a killer game, every app has its rough mistakes, look at Windows ME and Microsoft Bob (any relation to BoB?)
|
Vexy NiLakum
Amarr Dark Nebula Gallente Division Dark Nebula Galactic Empire
|
Posted - 2007.12.14 02:19:00 -
[96]
I love full disclosures!! I wish there were more of them
Also the following tidbit of information will help those who are interested understand why "Windows will recover if it's on the first partition of the boot drive" and why Windows 6.0 (Vista and Server 2008) was not effected by this problem.
Quote: NTLDR (abbreviation of NT Loader) is the boot loader for all releases of Microsoft's Windows NT operating system up to and including Windows XP and Windows Server 2003. NTLDR is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. NTLDR can also load a non NT-based operating system given the appropriate boot sector in a file.
NTLDR requires, at the minimum, the following two files to be on the system volume: NTLDR, which contains the main boot loader itself, and boot.ini, which contains configuration options for a boot menu. To load an NT-based OS, ntdetect.com must also be present. (Strictly speaking, only NTLDR is actually required. If boot.ini is missing, NTLDR will default to C:\Windows on the first partition of the first hard drive. Many desktops in the home are in this configuration and a missing boot.ini file will simply generate an error stating it is missing, then boot into Windows successfully.)
The Volume Boot Record written to disk by the Windows NT format command attempts to load and to run the NTLDR program.
In Windows Vista and Windows Server 2008, NTLDR was replaced; the boot loader functionality is instead provided by two new components: winload.exe and the Windows Boot Manager.
http://en.wikipedia.org/wiki/NTLDR
--- Corp Pet.
|
Sarah Aubry
Caldari School of Applied Knowledge
|
Posted - 2007.12.14 03:40:00 -
[97]
So funny how so many people are crying murder yet only ~200 were affected.
End of CCP? if they lost 200 subscribers? yeh....
You cry babys are lucky im not in control of anything at ccp, or it'd be:
"forum threat to sue ccp..." Sarah's response "wow they must be great customers, BAN HAMMER"
"cry about threatening to close all accounts if something is done or not done" Sarah's response "this customer is great!!! BAN HAMMER"
Seriously you people need to either be banned or have your "reply"/"post new topic" buttons removed! |
place1
|
Posted - 2007.12.14 08:03:00 -
[98]
I agree with most of your comment mainly the BAN HAMMER part. I just wanted to state that though I don't have numbers I highly disbelieve this only affected 200 people. The dev blog stated that the 200 people mark was obtained by people that partitioned and called in what about all the people that fixed it them self's or looked to the forums for the fix such as I did? No I cant agree that this was only a problem for 200 people though I never thought of it as a "End of CCP" problem either just one that was serious enough to warrant immediate attention and it got that.
Thank You CCP for your fast response and full disclosure of the problem.
Originally by: Sarah Aubry So funny how so many people are crying murder yet only ~200 were affected.
End of CCP? if they lost 200 subscribers? yeh....
You cry babys are lucky im not in control of anything at ccp, or it'd be:
"forum threat to sue ccp..." Sarah's response "wow they must be great customers, BAN HAMMER"
"cry about threatening to close all accounts if something is done or not done" Sarah's response "this customer is great!!! BAN HAMMER"
Seriously you people need to either be banned or have your "reply"/"post new topic" buttons removed!
|
Gner Dechast
Gallente Flashman Services
|
Posted - 2007.12.14 11:35:00 -
[99]
I value the full disclosure in a profound way that you may not even realize just how deeply.
Distilled read yeilds:
- Didn't manifest in your system setups. - Pressed for time, errors slip by. (proof reading part)
As much as I am frowning towards QA (the number and the kind of bugs that shouldn't get through), in my books that's practically an absolution on the boot.ini incident. What smelled like near criminal negliance now has reasonable explanation to the question "did you ever even try the thing and if you did why didn't you see it?".
My other set of eyebrows are still frowning towards management about forcefully pushing out expansions just before each christmas holiday time to make my "expanded holiday gaming time" buggier plus a whole binder of other questions about the reasoning behind this - but that's outside this thread's subject. Perhaps management comes forth and satisfactorily explains why do we have premature releases...
Thank you for the blog, I believe it does alot of healing.
|
Feyd Darkholme
Caldari
|
Posted - 2007.12.14 23:43:00 -
[100]
I can't think of any MMOG company that would ever even admit it has made a mistake, never mind a mistake like this, and apologize and explain what exactly happened. Not to mention addressing it as quickly, and efficiently as CCP has, and doing all the support related things they have done to help the people effected by this. No MMOG developer I've been involved with over the ten or so years I've been playing MMOGs has been as forthcoming and open with it's customers as CCP has.With this issue and everything else to do with EVE Online. This is exactly why I've held an active account with them for so long. Good on you CCP... ---------------
|
|
Noveron
Caldari Long Live Me
|
Posted - 2007.12.15 03:04:00 -
[101]
apreciate the explanation ---
|
Wonton Tomato
|
Posted - 2007.12.15 08:34:00 -
[102]
In all, we've been contacted by fewer than 215 users (170 by petition, 45 by phone)
Don't forget to add all the customers who contacted you via your company bulletin board (this forum), ooh, that changes things just a bit doesn't it?
PS, Call Cosmos, he's been waiting 8 days now. |
Airdorn
Gallente Sniggerdly Pandemic Legion
|
Posted - 2007.12.15 11:43:00 -
[103]
Goofy bug but awesome response by CCP. It would be nice if all the game companies were so open and honest.
|
Toramt
|
Posted - 2007.12.15 20:22:00 -
[104]
I heartily applaud the detailed explanation of how this happened, including code snippets.
|
Tiger Ma
|
Posted - 2007.12.16 12:46:00 -
[105]
Obviously there are some lessons to be learned here, but the real message I hope you take away from this is to always err on the side of more disclosure.
I wasn't affected by this (the first time ever I'm glad to be on Vista!) but as a software consultant myself I was struggling to understand how this could happen. Your explanation is still making me raise my eyebrows in some areas but it is at least understandable.
I am extremely impressed by your full disclosure. This is exactly how mistakes should be managed, and I say that as someone who runs an IT company myself. |
Erelas RyAlcar
Caldari Destinies Touch Unlimited
|
Posted - 2007.12.16 20:49:00 -
[106]
If we didn't care, we wouldn't be so vocal...etc. I'm certainly glad and have accepted the posted apologies on CCP's behalf, though would rather there not have ever been any need to do so.
Within that dev-blog, the numbers of the customers effected, I'm afraid they'll probably always be debated, brought into question, and would probably have been best left out. CLICK HERE TO HELP SAVE EVE-TV |
xavier69
|
Posted - 2007.12.17 03:08:00 -
[107]
Edited by: xavier69 on 17/12/2007 03:09:32 Microsoft, Windows XP Home & XP Pro Users
http://support.microsoft.com/kb/289022
How to edit the Boot.ini file in Windows XP View products that this article applies to. Article ID : 289022 Last Review : August 6, 2007 Revision : 3.5 This article was previously published under Q289022
SUMMARY
Save a Backup Copy of Boot.ini
Edit the Boot.ini File
Sample Boot.ini File
Modifying the Boot.ini
Adding an Operating System
Removing an Operating System
Setting the Default Operating System
Setting the Time Out
Open the Boot.ini File to Verify Changes
REFERENCES SUMMARY This article describes how to view and manually configure the Boot.ini file in Windows XP from within the Startup and Recovery dialog.
In Windows XP, you can quickly and easily locate the Boot.ini to verify and/or edit the file.
It is suggested to backup the Boot.ini file before editing. The first tasks will involve modifying folder option so as to view hidden files and then backing up the Boot.ini file.
Save a Backup Copy of Boot.ini 1. Right-click My Computer, and then click Properties. -or- Click Start, click Run, type sysdm.cpl, and then click OK. 2. On the Advanced tab, click Settings under Startup and Recovery. 3. Under System Startup, click Edit. This opens the file in Notepad ready for editing. 4. In Notepad, click File on the Menu bar, and then click Save As. 5. Right click in an empty area of the Save As dialog box, point to New in the Context menu, and then click Folder. 6. Type a name for the new folder, for example temp, and then press the ENTER key to create the folder named temp. 7. Double-click the new folder named temp, and then click the Save button to save a backup copy of the Boot.ini file.
Edit the Boot.ini File To view and edit the Boot.ini file: 1. Right-click My Computer, and then click Properties. -or- Click Start, click Run, type sysdm.cpl, and then click OK. 2. On the Advanced tab, click Settings under Startup and Recovery. 3. Under System Startup, click Edit.
Sample Boot.ini File This is a sample of a default Boot.ini file from a Windows XP Professional computer. [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect This is a sample of the above Boot.ini file with a previous installation of Windows 2000 on a separate partition.
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows 2000 Professional" /fastdetect
Modifying the Boot.ini While you can modify the Boot.ini file using the Startup and Recovery dialog, where you can select the default operating system, change the timeout value, or manually edit the file, the following method uses the command line utility, Bootcfg.exe.
Note The Bootcfg.exe utility is only available in Windows XP Professional. This utility is not available in Microsoft Windows XP Home Edition. Therefore, this section does not apply to Windows XP Home Edition.1. Click Start, and then click Run. 2. In the Open text box, type cmd. 3. At the command prompt, type bootcfg /?. 4. The help and parameters for BOOTCFG.exe will display.
Adding an Operating System At the command prompt, type: bootcfg /copy /d Operating System Description /ID# Where Operating System Description is a text description (e.g. Windows XP Home Edition), and where # specifies the boot entry ID in the operating systems section of the BOOT.INI file from which the copy has to be made.
Removing an Operating System At the command prompt, type: bootcfg /delete /ID# Where # specifies the boot entry ID that you want to be
Ps: Messageboard is Wacked
|
Kardorn Darkhawk
|
Posted - 2007.12.18 15:39:00 -
[108]
I am extremely impressed by this full disclosure. All companies have their software issues from time to time. While this was a particularly unfortunate issue, CCP had a very quick resolution to the issue and is doing right to all those who were harmed adversely by this.
It is a very rare thing to see such a complete write up. Hats off to Dr. Thorsteinsson for this discussion. |
Cruthensis
Gallente Farmer Killers United Corporations Against Macros
|
Posted - 2007.12.18 16:05:00 -
[109]
It turns out, Jawas are the cheapest code monkeys you can hire.
1. Buy Vexor 2. Fit for Gank 3. Suicide ISK farmer 4. Grind sec 5. see 1. |
SheriffFruitfly
Caldari Science and Trade Institute
|
Posted - 2007.12.18 20:29:00 -
[110]
Edited by: SheriffFruitfly on 18/12/2007 20:31:00 Edited by: SheriffFruitfly on 18/12/2007 20:29:30 "Why do you have a file with the same name as a Windows system startup file? The answer is really "legacy"..."
Translation: Because we used to be stupid.
"Why wasn't this caught in a code review? The installer scripting language is not easy to read."
Translation: Because we're still stupid.
"Why didn't you catch this during testing? It's partly the reason above, not enough time to test the graphics content upgrade thoroughly to notice it removed this file. We also discovered that we didn't have enough variation in our hardware and operating system setups..."
Translation: Because our test team is stupid, and also gave in to the marketing folks who said the patch JUST HAD to be out by such-and-such date.
Fact: the repro for this is so effin trivially easy that for test to miss it is per se grounds for termination.
Seriously: Unless there are repercussions for the staff when this kind of idiocy takes place, there is no REAL ownership being taken - only verbal mouthings of words, like a politician. To much harm was done for a simple george-bush-style "OOPS! Programming is *hard* work!" to count as sufficient.
|
|
Msquare
|
Posted - 2007.12.19 20:51:00 -
[111]
Originally by: Jorr Meditir
Originally by: CCP Explorer ... In all, we've been contacted by fewer than 215 users (170 by petition, 45 by phone) who were adversely affected by the boot.ini issue...
Can you please do a survey, to really get a number on how many that were affected by this?
I second that !
|
Tarron Sarek
Gallente Endica Enterprises
|
Posted - 2007.12.24 04:29:00 -
[112]
Thanks for the explanation. Very much appreciated.
___________________________________ - Balance is power, guard it well -
Please stop using the word 'nerf' Nothing spells 'incompetence' or 'don't take me serious' like those four letters |
paleiades
|
Posted - 2007.12.24 17:17:00 -
[113]
life is one long curved ball, how we handle it is what counts;
so, for ccp, if it wasn't boot.ini then it was probably going to be something else . . .
and how did they do?
this thread says it all.
RESPECT.
paleiades
|
Sikmy Voci
|
Posted - 2007.12.31 19:39:00 -
[114]
question to CCP. Any plans on using files that are NOT named exactly as native system files? I mean no disrespect but come on, using "boot.ini" as an "ini" file to your application has got to be the least intelligent thing since <insert whatever>. I'd love to know the reason behind naming a file "boot.ini" that is not used during the boot process of an operating system. On your linux client, you renamed "boot.ini" to "grub.conf" or "lilo.conf" right?
|
kablesky
Caldari Locus Solus
|
Posted - 2008.01.02 23:26:00 -
[115]
Edited by: kablesky on 02/01/2008 23:27:02
Originally by: Sikmy Voci question to CCP. Any plans on using files that are NOT named exactly as native system files? I mean no disrespect but come on, using "boot.ini" as an "ini" file to your application has got to be the least intelligent thing since <insert whatever>. I'd love to know the reason behind naming a file "boot.ini" that is not used during the boot process of an operating system. On your linux client, you renamed "boot.ini" to "grub.conf" or "lilo.conf" right?
did you read what the man said about legacy named files?
edit: "We are reviewing all filenames and changing the name of any file that conflicts with Windows."
|
|
|
|
Pages: 1 2 3 [4] :: one page |
First page | Previous page | Next page | Last page |