Re: NT vs Unix on the Internet

From: Bennett Todd (betat_private)
Date: Wed May 06 1998 - 04:46:51 PDT

  • Next message: BVE: "NT vs Unix on the Internet"

    > There would be lots more to say, of course.
    One thing I'd add is that the underlying attitude makes an enormous
    difference. Unix arrived on the scene as a brilliant job of
    _simplifying_ an OS; the thing that astonished everyone was how useful
    it was, for how little complexity there was[*]. That virtue has faded
    over the years; layers of cruft have been slathered on, and it may
    be time for a revolution. But still what complexity that is there is
    out and documented for people to scrutinize, analyze, comment on, and
    (increasingly) fix.
    Contrast this with NT: that is an OS designed by someone who didn't
    understand what Unix had contributed; he just wanted to do VMS again,
    and so he did. It's way way more complex, which is bad for security.
    Worse, in an attempt to keep out competition, the internals and as much
    as possible of the API are un- or ill-documented, so very few people can
    really look closely for bugs in the spec and the implementation.
    Good systems enjoy a distinctive security profile over time; during
    testing bugs are (naturally) being uncovered continuously; after public
    release, when the user community increases many times over, a few more
    may be found, then the rate of new bug discoveries plummets, except only
    small waves when scrutiny is brought to bear on previously unconsidered
    parts of the system (e.g. the recent flurry of low-level IP stack bugs,
    w/ DOS attacks on packet reassembly and so on).
    Poor systems also enjoy a distinctive security profile: the rate at
    which really painful and embarrasing new security holes are uncovered
    stays fairly stable over time. Think ``sendwhale'' here. NT is the
    sendmail of OSes. Only unlike sendmail it doesn't pay its freight by
    delivering wonderful new capabilities that raise the bar for any future
    [*] Re simplicity, I _loved_ that classic paper where Ken basically
        sketched out ``what is a Unix'' in broad strokes, something like:
    	handle = open(name, mode)
    	read(handle, buffer, length);
    	write(handle, buffer, length);
    	lseek(handle, distance, origin);
    	pid = fork();
    	exec(filename, arguments);
        That's a Unix. Cool!

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:28 PDT