[Linux-aus] It's a step in the right direction, but only a step
Leon Brooks
leon-olc at cyberknights.com.au
Tue Mar 23 09:32:02 UTC 2004
http://computerworld.co.nz/news.nsf/NL/6671974C513F31E8CC256E5B00723C21
> And in what might be a first for a senior Microsoft executive, [Peter]
> acknowledged that Linux is not going to be a passing fad.
> “Linux is going to be part of the future. It’s going to be like Unix was.”
While I appreciate the message in there that Linux is going to rule the server
landscape, and am frankly flabbergasted that a Microsoft exec would openly
confess as much (bonus points for so doing, Peter), I don't appreciate the
innuendo that Unix is in some way a "has been" or that Linux is going to join
it in has-been land.
I can plug a Linux CD into one machine, and a minute later have a fully
functional Linux workstation and server going there, with extensive office,
networking and diagnostic capabilities - all without disturbing what's on the
hard disk. I do so regularly while repairing virus-savaged MS-Windows LANs.
The staff can be editing up documents and getting on with their lives while
I'm still repairing their system.
I can issue one command and reboot the rest of the office into the same
software within a very few minutes, without any extra CDs (hurrah for PXE and
caching). I can batch-process information supercomputer-style on this
network. I can permanently install the software onto the machines' hard disks
while they're running and being used for day-to-day work. This is not the
substance of a has-been, and I CAN'T DO ANY OF IT without a great deal of
effort in MS Windows, and a great deal of licence-counting.
> For each of Red Hat, Mandrake and Debian, their websites reported more
> than double the number of security advisories of Windows 2000 and XP,
> Moore said, and while the Linux security advisory rate was rising, that for
> Windows was falling.
I can speak to this with authority on Mandrake. First, account for the
*nature* of the patches. Very few of them are for show-stopper issues. Think
CodeRed. If what Peter infers from this were true, there should be twice as
many attacks through Apache as through MS IIS, but day after day my Apache
web logs show stuff like this MS IIS probe and no Apache probes:
GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
Next, account for what's being patched. Mandrake 10.0 ships with over 1800
packages including three different equivalents to MS Office, three different
equivalents to MS Exchange, two different equivalents to MS SQL Server, three
different equivalents to MS Outlook, three different equivalents to MS
Internet Explorer and so on ad infinitum. One would expect to see roughly
three times as many updates based on this factor (more choice) alone.
Microsoft supports an organisation trading as "Software Choice". I hope you're
not going to turn around and claim that more choice is now a Bad Thing. The
workstation I'm typing on has 1458 packages installed; some for me, some for
my wife, and some for my children.
Even allowing for the observation that those packages are generally more
granular (call it the equivalent of roughly 500 MS Windows software
packages), just getting all of that software installed together on MS Windows
at one time without having it "tread on each other's toes" would be a minor
miracle. When even such basic issues haven't been completely solved, security
must by definition take a back seat to not rocking the boat.
> “Security is an industry issue,” Moore said, “and we’re getting better.”
Security is a multifaceted thing, and blaming it principally on "the industry"
denies that you're (Microsoft) putting sufficient weight on more important
issues such as basic software architecture.
Fixing security aspects such as this would require Microsoft to bite the
bullet and make statements along the lines of "OK, so the MIME handling in
Windows is broken, and that Outlook application is a house of cards from keel
to crowsnest. We're going to re-engineer those, *without* building in more
DRM hooks and other junk and lock-ins designed to help us and our market
image at the expense of customer utility."
The people best placed to help you face that are your MVPs, who are as close
to a genuine Open Source community as Microsoft (so far) gets.
If Microsoft doesn't do something radical along those lines, and very soon,
Linus Torvalds' flippant quip, "Really, I'm not out to destroy Microsoft.
That will just be a completely unintentional side effect." will come to pass.
Really. And then what of the customers stranded by Microsoft lock-ins, but
without any source of security updates?
Meanwhile, there is no such single point of failure in the Open Source world.
Cheers; Leon
More information about the linux-aus
mailing list