Windows Server 8
-
@blakeyrat said:
@disillusionist said:
I'm not convinced that a GUI "sitting at a login screen" is the same thing as "not memory-resident". It's using some level of resources, however negligible.
Well der.
Any server, regardless of the operating system, is using resources for a GUI, even if the GUI isn't actually being used. Sure, those might be swapped out like you said, but as far as I'm aware, there are crucial parts of the GUI that never get swapped out to avoid lag when a user wants to get back to the GUI. Presumably this is because it's assumed that if you build a system with a GUI, you'll be using the GUI (think desktop systems) and if you had to wait a ridiculous amount of time (and in systems that consider milliseconds to be a long time, even half a second can be a long time for a human using the machine) and so the OS leaves a small part of the GUI resident in memory (not virtual) to avoid any interface lag when the user wants to actually use the computer again.
Sure this is probably unecessary because of things like monitors going to sleep, but can you tell me for certain that no part of the GUI remains resident in RAM if the system needs as much RAM as it can grab?
@blakeyrat said:
@disillusionist said:
And more importantly, it's a huge potential source of security holes.
How do you figure? I'll grant "potential", but not "huge".
Erm, how long have you been working with computers again? Even a fresh-faced newb from university would know this, it's basic security. Don't load up a system with crap you don't actually need. It's probably why Unix (and its variants) are so popular for servers, because it's very easy to separate the system and the GUI, and most *nix admins are comfortable on the CLI. The moment you start installing a GUI, you are adding in a huge amount of extra libraries (I'd hazard a guess that the majority of any OS is made up of the GUI and its libraries) The more things there are installed, the larger the area for attack becomes. It's just simple statistics that if the GUI is the largest part of the OS (assuming of course that my guess on this is correct) then it's the largest surface area for attack. The only way for it to have less security holes than the rest of the underlying OS would be if the GUI was built far more secure than the base operating system. Seems unlikely to me...
-
@ASheridan said:
Any server, regardless of the operating system, is using resources for a GUI, even if the GUI isn't actually being used.
Well der. To repeat myself. There's probably a few thousand lines of machine code that run for the mouse handler, even if no mouse is plugged in-- PANIC! A few instructions! Maybe a couple K of RAM! My server can only do 400 simultaneous requests instead of 401! PANIC!!
Get a grip. I'm not saying GUIs magically take up zero resources, as you seem to think I am. I'm saying it's not enough to worry about-- if the GUI overhead is actually impacting your server performance in a meaningful fashion, you need a new/additional server.
@ASheridan said:
Sure, those might be swapped out like you said, but as far as I'm aware, there are crucial parts of the GUI that never get swapped out to avoid lag when a user wants to get back to the GUI.
As disillusionist hinted, the only thing that stays resident in a server OS is the login screen.
@ASheridan said:
Presumably this is because it's assumed that if you build a system with a GUI, you'll be using the GUI (think desktop systems) and if you had to wait a ridiculous amount of time (and in systems that consider milliseconds to be a long time, even half a second can be a long time for a human using the machine) and so the OS leaves a small part of the GUI resident in memory (not virtual) to avoid any interface lag when the user wants to actually use the computer again.
That is one whopper of a sentence, buddy.
But the point here is: if you're running a desktop system, you're not going to have enough background tasks requesting memory that the OS feels it has to swap-out the GUI. A server will. (I know from experience a Windows XP box will, also, if you happen to be running some server-esque software on it while it's logged-out. I admittedly haven't tried this "experiment" with a Vista or Windows 7 machine.)
You seem to have some kind of baffling fundamental misconception of how memory management works in Windows-- as long as there's spare RAM, it'll keep commonly-used stuff in it. The reason servers have their GUIs swapped out is therefore: 1) because it's not being used, 2) because something else needs the memory. It's not because Microsoft put in some "this is a server, swap out the GUI" switch into the OS-- they didn't need to because it already handles that situation.
@ASheridan said:
Sure this is probably unecessary because of things like monitors going to sleep, but can you tell me for certain that no part of the GUI remains resident in RAM if the system needs as much RAM as it can grab?
I think we've already covered this.
@ASheridan said:
Erm, how long have you been working with computers again? Even a fresh-faced newb from university would know this, it's basic security. Don't load up a system with crap you don't actually need.
Do you guys have NO sense of fucking scale? Look, it's not worth getting your panties in a bunch over the 200k of RAM used by a login screen, and a login screen, with the most well-tested UI code you'll ever see anywhere in your lives, does not represent a security risk. Unless you, the administrator, are a fucking idiot.
Philosophically, yes, you should minimize the software running on the server. Again: "well der." Practically you guys are having a conniption fit over nothing! I bet while you're spazzing out over Microsoft's login screen, you're probably running a bloated security-hole-filled Java VM at the same time, yes?
Christ, I give up. Yes, you're right, you're a genius. You should spent 8 weeks per server removing every single DLL that isn't used. This is a good and productive use of your time.
Is there a forum where non-deluded IT people gather?
-
@blakeyrat said:
Is there a forum where non-deluded IT people gather?
No. This is the sanest bunch I've ever found. Which is, frankly, depressing as hell.
-
@blakeyrat said:
Is there a forum where non-deluded IT people gather?
How would you know the difference?
-
@blakeyrat said:
That is one whopper of a sentence, buddy.
Irrelevant, you just sound like a pedantic dickweed.@blakeyrat said:
Do you guys have NO sense of fucking scale? Look, it's not worth getting your panties in a bunch over the 200k of RAM used by a login screen, and a login screen, with the most well-tested UI code you'll ever see anywhere in your lives, does not represent a security risk. Unless you, the administrator, are a fucking idiot.
You're missing the point. By this time I'd moved the discussion to the matter of security, but like all good trolls you avoid the points you know you really can't argue against, and bring in points you think you can, reinforcing a non existant argument. To what end I'm not sure, but it's not cool and it's not clever. My advice is to learn to read a bit better before your mouth (or in this case your keyboard finger) engages.
The security point I was making (which your betters have probably already understood) is not the memory usage by the GUI but the added security issues you're getting because of all that extra stuff that's installed. Regardless of whether or not it's actually loaded into RAM or not, it's installed and poses a security risk. By the numbers, the GUI poses more of a risk because there's more of it. It's not a deluded sentiment, it's just plain good sense.
@blakerat said:
You should spent 8 weeks per server removing every single DLL that isn't used.
If I'd have said that you should remove what you're not using then that would have made a bit of sense. I actually said don't install it in the first place. So, you can spend 8 weeks per server (preseumably you're basing this on if you were doing it, did you forget what you're removing from one server to the next?) or you could just not install the crap that shouldn't be on the server which actually saves you time during the install process? Hmm, tough call. Save time and make the server more secure, or set it up to be less secure from day one, and then waste time removing stuff that shouldn't have been on there in the first place and risk breaking the damn server.
And saying that Windows UI code is well tested and by inference more secure, well frankly you've got your head jammed up your posterior. No OS is problem free, and security holes are found in Windows all the time. Wouldn't it be better to stop pandering to the "admins" who can't administrate a server without loading up a GUI and just not install a load of crap that has potential security holes.
-
@ASheridan said:
@blakeyrat said:
That is one whopper of a sentence, buddy.
Irrelevant, you just sound like a pedantic dickweed.I was more impressed than anything.
@ASheridan said:
The security point I was making (which your betters have probably already understood) is not the memory usage by the GUI but the added security issues you're getting because of all that extra stuff that's installed.
Yes, but the counter-point I was making is that you have to first demonstrate that the "extra stuff" actually represents a security threat. I don't take stuff on faith. Especially if you're talking about a server running a Java VM, or a webserver with advanced features, both of which have open ports, a huge vector, and have had tons of exploits in the past. (None of which is true for the GUI components, except perhaps "huge vector".)
@ASheridan said:
Wouldn't it be better to stop pandering to the "admins" who can't administrate a server without loading up a GUI and just not install a load of crap that has potential security holes.
Ah, here it comes. Like every Linux user, you suffer from an acute "high priesthood of technology"-itis. An advanced stage, too.
-
Bah, can't quote blakeyrat. iPad fail. (it's 2:12 am and I can't sleep)
I recently found out about the windows 7 whopper. Now that's a whopper!
-
I don't know how much the option to "disable GUI" does in Server8. The 2008 Server Core installations removed most of the libraries and components, but kept the "window manager" running.
You know why?
Because in Windows, creating invisible windows and sending messages between them is a common, DAMN common RPC method used by a lot of applications and... background services too. Shittily written, 3rd-party services, one of which may be critical for running of YOUR application, or just as well a part of it. Just as a lot of COM components need a window (that may or may not be hidden) to work. Even in system services.
Is it wrong? Yes. But those of you that do read Raymond Chen's blog (or have a single drip of real world experience) should realize that IT is not a perfect world, and the largest reason of Windows being successful being that it does its best to keep the crappy apps working no matter what illegal crap they're pulling on the OS.
So, if the "no GUI" mode actually unloads USER32 and stops the window manager and message pumps... it'd probably be used b less that 1% of deployments, BECAUSE IT BREAKS THEIR OWN "GUI-LESS" SERVICES THAT DO USE HIDDEN WINDOWS FOR INTERNAL PURPOSES.
-
@Zemm said:
windows 7 whopper.
After reading that link, I'm mystified by the ways of marketing. What is the message supposed to be? To me it just says "Windows 7: Unnaturally bloated and probably very bad for you."
-
And what's more, it's not even POSSIBLE to unload the Windows GUI mechanisms because so much of that functionality lives in / is closely associated with the kernel. Also, how about GDI+, RDP, and various and sundry types of easily exhaustible handles and other resources for attack surface and previous vulnerabilities? I'll take Linux, thanks. No chance in hell I'd ever open up all ports on a Windows machine to the world, but I'd consider it with Linux if I knew everything that was running on the machine and did my research. The core software of Linux is rock-solid. Not to mention the few security vulnerabilities that exist get patched many, many times faster. And the software even has a natural barrier to entry against imbeciles who won't take the time to learn how it works!
Cheers, blakey. That was fun. The rest of you posting rants should double check your grammar and spelling - makes you look like a bunch of damn amateurs.
-
@jamesn said:
And what's more, it's not even POSSIBLE to unload the Windows GUI
mechanisms because so much of that functionality lives in / is closely
associated with the kernel. Also, how about GDI+, RDP, and various and sundry types of easily exhaustible handles and other resources for attack surface and previous vulnerabilities? I'll take Linux, thanks. No chance in hell I'd ever open up all ports on a Windows machine to the world, but I'd consider it with Linux if I knew everything that was running on the machine and did my research. The core software of Linux is rock-solid. Not to mention the few security vulnerabilities that exist get patched many, many times faster. And the software even has a natural barrier to entry against imbeciles who won't take the time to learn how it works!Looks like Slashdot's developed a leak...
Look, I'm no Linux expert. I've ran a MUD on it from about 1997-2007 or so. I've tried using it as a desktop about a half-dozen times and always give up before 2 weeks are up because I hit some kind of fundamental problem with it.
But here's the thing: anything that causes that kind of blind devotion has got to be a piece of shit. I look at that crazy run-on paragraph there, and I see the same crazy run-on paragraphs written by Lotus Notes admins about how great their product is. (And of course there's the continual whopper: if your product is free and still has less marketshare than the competition, maybe not so great, huh?) Hell, I used to write that way back when I was guzzling the Mac Kool-Aid by the gallon, but at least I had the excuse that (at the time) Macs were genuinely better than the competition.
So while you might bow down and pray to Linux five times a day (make sure to orient your mat towards Finland), if you want people to take you seriously, you might want to model your posts after, say, a casual discussion among friends instead of, say, the Unibomber Manifesto. Just a tip.
@jamesn said:
Cheers, blakey.That was fun. The rest of you posting rants should double check your grammar and spelling - makes you look like a bunch of damn amateurs.
Wow I feel so special now.
-
@jamesn said:
No chance in hell I'd ever open up all ports on a Windows machine to the world, but I'd consider it with Linux [b]if I knew everything that was running on the machine and did my research[/b]. The core software of Linux is rock-solid.
Well that's fundamental isn't it. Know what's running and do your research. Why only do the effort for Linux and not the same for Windows? Because you're already biased
-
@blakeyrat said:
@jamesn said:
I'll take Linux, thanks.
(And of course there's the continual whopper: if your product is free and still has less marketshare than the competition, maybe not so great, huh?)
I call bullcrap. I doubt you even believe that.
-
@Kittemon said:
@blakeyrat said:
No, I'm pretty sure he believe that. Do you not?@jamesn said:
I call bullcrap. I doubt you even believe that.I'll take Linux, thanks.
(And of course there's the continual whopper: if your product is free and still has less marketshare than the competition, maybe not so great, huh?)
-
@TheCPUWizard said:
[Just out of curiousity how much time have you spent with the (not scheduled to be released until Q3 2012) Intel Kiefer v2 chips?
out of curiosity, how many times have you been sued for violating NDAs?
-
@Kazan said:
@TheCPUWizard said:
[Just out of curiousity how much time have you spent with the (not scheduled to be released until Q3 2012) Intel Kiefer v2 chips?
out of curiosity, how many times have you been sued for violating NDAs?
There has never been even the hint of an NDA violation. With respect to the Kiefer chip, the public announcement devices had been shipped to selected companies was made nearly a year ago [November 2010]. I treat Intellectual Property and other Confidential material very seriously.
-
Well, at least it will help keep OpenGL-based screensavers from (a) eating up server memory due to memory leak in the screen saver, (b) using up all available CPU power to render on servers without OpenGL drivers and (c) crashing the server when the screensaver blue-screened due to a bad OpenGL driver.
Yes, at a previous job, screensavers were mandated on our Windows NT/2000 server consoles (no, forcing someone to lock the screen or logout was not mandated) and the PHB wanted something pretty when he walked by and happened to see a console open on the rack. So the 3D Flag (since we were a .mil, the U.S. Flag replaced the Microsoft one), 3D Pipes or 3D Flowerbox were running constantly on the servers.
Instead of Blank Screen.
:sigh:
Folks really complained when Exchange got slow ...
-
@ASheridan said:
Any server, regardless of the operating system, is using resources for a GUI, even if the GUI isn't actually being used. Sure, those might be swapped out like you said, but as far as I'm aware, there are crucial parts of the GUI that never get swapped out to avoid lag when a user wants to get back to the GUI.
Wait, what? Pretty sure you can build a server without any GUI resources or related "drivers" - as in, no framebuffer, no drivers for keyboard or mouse (if you for some reason count those as GUI resources). For example, if you take a look at the linux kernel config, you'll see options to do just that (you did say "regardless of the operating system", right?).
Now, the other question is whether you want to do that. I'm not a sysadmin, and I don't maintain any servers (other than a VPS for personal hosting), so I don't know. I suppose that being able to plug in a screen and keyboard for diagnostics can be fairly convenient. OTOH, you could probably do that over a serial line (or whatever) as well, so...
