[NTLUG:Discuss] [Fwd: Re: Linux] -- subtitle says _ignore_ article, NT 6.0 "Longhorn" will not be .NET model ...

Bryan J. Smith b.j.smith at ieee.org
Fri Jul 2 21:48:34 CDT 2004 

[Anonymous] wrote:
> Interesting article on Linux versus Windows, check it out.
> http://www.pcworld.com/news/article/0,aid,115770,00.asp

terry wrote:
> Yea, pretty good article.

I was turned off by the subtitle:  
"Our expert charts the rise of the anti-Windows operating system"

- Credibility Shot Off-the-Bat

Any article that refers to Linux as the "anti-Windows OS" is a joke.
They have absolutely _no_ understanding of Linux.

I was in Best Buy back turn of the century when I had to pick up a
SCSI card quick.  When I was trying to figure out what chipset it
used, the salesperson responded, "why do you need to know that?"

I responded, "Oh, yeah, sorry, I need to know the chipset so I
can figure out if it works with Linux."

And he responded, "What's wrong with you, don't you like Windows?"

I then proceded to inform him that there are many engineering firms
(at the time) that run Linux, and he had better change his attitude.
He got defensive and said that Linux couldn't do anything that Windows
couldn't.  At one point I wanted to point of the differences in our
"job positions," but if I cut him down, it would only make him irrate.

- Of PC Magazines and Superstores

It wasn't long after that I learned of the Microsoft investements in
Best Buy going on at the time, and their getting into the retail
channels.  These sales-people were having an number done on them,
to the point where some "less  professional" even copped attitudes.

While many were anti-customer if they find you are running Linux,
many other technicians and sales people are very cool -- especailly
if they have been their awhile.

They'd confide in me all the issues Microsoft had with their
transitioning in their IT services.  You see, Microsoft uses Best Buy as
a "model" for its point-of-service (POS) capabilities.  Because
Microsoft pays Best Buy for 100% of its IT services, Best Buy _never_
complains, even when Microsoft pulls a real doozy (like unencrypted
WLAN traffic for POS units -- doh!).

I had one guy at an east Orlando location that consistently talked
about the new "distributor policy changes" that were implemented.
Some of the stuff was interesting -- like the fact that Microsoft
had them pulling some of the most popular non-Microsoft Mac software off
the shelf, and when distributors complained, they just made Best Buy Mac
software-free.

- The "If You're Not With Us, You're Against Us" Hypocracy

Sometimes people feel the need to believe that if you're "not with
them, you're against them."  I'm not against Linux or Microsoft, which
I believe makes me one of the most impartial people on both.  I was
an original NT 3.1 beta tester and a user of every version since,
and I started with Linux in 1993, and corporate deployments since 1995.
>From 1998-2003, I did Linux pretty much entirely (with limited NT,
NetApp and Solaris administration/development).

I see the same attitude towards Red Hat now.  They have done with Fedora
Core (FC) and the larger Fedora project in general what most consumers
wanted done with Red Hat Linux (RHL) yet they now complain about it.
The ones that complained about lack of packges are now complaining about
lack of support -- when even more paid Red Hat work goes into Fedora
than ever before on RHL.

All the meanwhile, they use Red Hat Enterprise Linux (RHEL) as their
cannon fodder, failing to recognize what it really is -- a 100%
redistributable distro that offers 5+ year support.  Heck,
it wasn't Red Hat's idea in the first place but SuSE's!  So when Red
Hat's customers came and said they were going to go to SuSE, Red Hat
decided to split the already "torn between two users" RHL line.  It took
Red Hat 2 years to figure out how to solve the consumer question, but in
Fedora, they did it _brilliantly_!

You may not wish to run FC or RHEL.  But there's no sense in feeling the
need to bash Red Hat.  I could draw so many, bi-partisan political
analogies (I'm registered "NOP, no party," not even "independent" -- and
I leave much of my ballot blank, but I still go and vote), to make a
point here, but I won't (ask me off-list if you like).

- Linux:  The Anti-Superstore, Pro-Consumer Technology

Unfortunately for Linux, it is very anti-superstore.  Superstores rely
on the user believing they must upgrade their PC, OS and peripherials
every 2-3 years.  When Linux offers drivers that are basically eternal,
then upgrading hardware is not necessary, killing a lot of profit
model.  That means peripherial designers _never_ release their specs
so Linux drivers can be written.

The only OEM that has done this enmasse seems to be only HP at this
point, ironically not IBM.  In fact, IBM looks like they're going to
screw with HP like they did with SCO (although SCO's "total response"
was hardly "warranted" in the end), as they are strongarming their
customers not to buy HP Opteron/Linux servers in favor of Power/AIX
ones.

> I take exception with this statement:
> "Microsoft is doing a creditable job of beefing up Windows XP's security."

Compared to what?  MS-DOS 7.x aka Windows 95/98/ME -- of course!

- XP is better than 98, but _not_ better than 2000

But even the NT 5.1 (XP/2003) kernel was "cracked" from its original
NT 5.0 (2000) design, for consumer compatibility.  So while XP might be a
"step up" from MS-DOS 7.x, it's a "step backward" from NT.

Also, their own, new security chief has been quoted as saying, "no version
of Windows was ever designed for the Internet."  Not even NT.  And that's
not changing either.

- Apps, not the OS, are the problem with Windows security

You see, the problem with Windows is not the OS.  Yes, NT has a lot to
still learn from UNIX, but the applications are far worse.  Microsoft's
own applications division (except the Mac division) is mega-ignorant in
many aspects of software design, from data alignment to multi-user
concepts -- things that are _essential_ in UNIX (or non-PC platforms).
Some of the best people to talk to about this is Microsoft's own Mac
software group -- they will lambast their own Windows equivalents
(because PowerPC requires _real_ code design, whereas x86 still lets
you get away with things you shouldn't).

The first 6 months after Gates' "security initiative," the security code
auditors were being locked out of meetings completely.  It failed utterly.
Other than some systems-level stuff, the application developers _ignored_
what was going on.  And they still do to some extend.

I know what it's like to be in a major corporation as a security code
auditor.  It doesn't matter if its bank code, the application developers
will use schedules, deadlines and features to excuse making sound defense-
in-depth changes to their code.  It's not changing anytime soon.

- NT 6.0 Longhorn:  Win32 is alive for at least 5 more years (no .NET)

Proof of this is no further than in Microsoft's _backtrack_ on the .NET
API and security model in NT 6.0 "Longhorn."  .NET is now limited to
"sandboxing" Internet services (server due in 2007),  and the "Avalon"
.NET desktop overlay (client due in 2006), while _everything_ remains
Win32 -- including _all_ of the RPC/NTLM/SMB stuff.

In fact, the most advanced and secure .NET user experience will not
be available from Microsoft come 2006 ... but Novell c/o Mono-based
GNOME 3.  I think Ximian is really going to show up Microsoft _big_time_,
and based on work by AOL-Netscape, HP, Intel, Sun and other corporate
developers who are choosing to work with Mono instead of MS.NET, it's
going to be a real "turning point" in the desktop.

Microsoft's ignoring security for so long is finally going to hurt them.
Their unfulfilled promises in NT 6.0 "Longhorn," despite the majority
ignorance in the IT media (although some _are_ reporting it), will
bit them right in the pocketbook.


-- 
     Linux Enthusiasts call me anti-Linux.
   Windows Enthusisats call me anti-Microsoft.
 They both must be correct because I have over a
decade of experience with both in mission critical
environments, resulting in a bigotry dedicated to
 mitigating risk and focusing on technologies ...
           not products or vendors
--------------------------------------------------
Bryan J. Smith, E.I.            b.j.smith at ieee.org

More information about the Discuss mailing list