XPe in the news. An object lesson?

  • Thread starter Thread starter Mark K Vallevand
  • Start date Start date
Your opinion is completely correct.

People should read EULA more carefully.
Roughly translated it says that MS is not responsible for anything, but OEM
than created and tested XPe build.

Developer should (somehow) know what potential security risks are present in
their device, and they should deal with them accordingly.


Regards,
Slobodan
 
"Think about your security now..." you're absolutely correct Mark.

When designing and building the runtime, think about the firewall component
which would have blocked the worm in question, think about your mechanism to
deploy patches in the future.

There is an MSDN chat on this subject for XPe on Dec 18. Here is the info:

http://msdn.microsoft.com/chats/
December 18, 2003
10:00 - 11:00 A.M. Pacific time
1:00 - 2:00 P.M. Eastern time
18:00 - 19:00 GMT/BST
<quote>
Windows XP Embedded
Join the Windows XP Embedded Product Team for a discussion on securing and
servicing embedded devices. What are some best practices to keep in mind
when thinking about servicing? How do you factor in servicing into device
design? Get your questions answered about Device Update Agent. Learn about
initiatives that the product group is engaged in with respect to
streamlining our QFE release process.
</quote>

Andy
 
people should also keep a copy of their countrys laws on what
responsibilies can be writen away in a contract when there reading the
EULA.

One exsample of this was given in a news article a while back, it was
when the USA was coming in to allow for MS to not be liable if the
copy of windows crashed from a long outstanding un-resolved bug and
caused the truck brakes it was controlling to fail and consequentialy
someone died. The article comented that while this trend is worisome
Australians shouldn't be to worried because such clauses in contracts
in Australia are illegal.

Now its silly to take everything in a news article as gospel (as is
taking anything in the gospels as gospel :P ) but it does serve to
remind you that just because its in a contract doesn't mean its legaly
binding
 
The first question in the chat should be "When will the hot fix mechanism be
available for XPe?"

We have a plan for deploying hot fixes and it ain't pretty. Wouldn't it be
nice for network-connected devices to download and apply hot fixes? Now, we
need to build the fixes into an image and deploy it. Then install and
configure our application. In between we need to save the customer's data.
Its do-able, but it's not pretty. And it costs us money.
 
I wouldn't want to have just the ability to tell the XPE box to try
and download all new hotfixes every x days, while it would be a nice
option there needs to be a much more controlable method, i would hope
for nearly all the following options to be viable:

* auto download hot fixes from:
* MS hot fix site
* Our hot fix web site
* A local network share
* A local disk drive
* Download a list of hot fixes that are to be applied from our web
site and then download the hot fixes from MS's site.

I'm sure there are some other senarios that would be desired as well.
 
I don't have all the answers Mark but it's a valid question, so please bring
them to the MSDN chat where your questions *can* get answered.

Your update mechanism definitely sounds difficult, is there no way to deploy
the hotfixes at the file and registry key level? We supply a doc with the
hotfixes now with all the file/reg resources required to deploy that hotfix
to a device in the field via DUA or some other method by. You can get to
these files by expanding the hotfix self extracting EXE with Winzip. Is
there something missing in the data you require to take advantage of this?

Thanks Mark.
Andy
--

This posting is provided "AS IS" with no warranties, and confers no rights.
==========================================================
 
Well, its special work we need to do every time a hot fix is released.

I couldn't find the doc file in the XPe QFE fixes I've downloaded recently.
Are we talking about a different EXE file?
 
Mark,
The link to the docs are at the bottom of the download pages along with the
link to the EXE is the link to the *.RTF document.

For instance, see the hotfix link below. Scroll to the bottom of the web
page where you can d/l the hotfix, right above it is a link to a doc called
"Additional Info Q823182.rtf". I *believe* we've been doing this since
August, not sure. But anyways, people use this information for the DUA
scripts to push fixed files and updated reg keys down to devices.

http://www.microsoft.com/downloads/...d46-87c1-3357ca3fed28&DisplayLang=en#filelist


Andy

--

This posting is provided "AS IS" with no warranties, and confers no rights.
==========================================================
 
OK. I see it now.

With this information, you can make updates to an installed image. It would
be work, but do-able. I'd much rather execute the EXE on my XPe image.
But, if you are going to promote this, I'd suggest having the information in
a more usable form. Maybe csv or something that might allow a chance at
automation. Still, its very useful information to have. Thanks.
 
We're working on the ability to just run the same EXE on your desktop that
is used by full XP Pro. You're voice has been heard on this one, it's a
feature desired by lots of people.
If you come to the msdn chat and bring up that subject, you'll be able to
get the latest information on that status right from the horse's mouth
<grin>

Thank
--

This posting is provided "AS IS" with no warranties, and confers no rights.
==========================================================
 
Back
Top