On Mon, 2004-08-30 at 15:33, Josh Coates wrote: > sorry, but this gets a big 'ol LOL from me.
Me too. I've never been lumped together with people that they really know what they are talking about before. :) > > i submit that windows fundamentally has a very excellent design, and the > security design is also very good. though many of it's apps have security > problems. you're going to have to show me a stack of papers from > "objective" computer scientists elaborating on the fundamental design flaws > in windows. vms and mach are admirable models, and david cutler is an > extraordinary engineer. Windows is not fundementally of a good design. The kernel is, but that's not what windows is. The VMS security model is second to none. It definitely provides flexibility that is lacking in the unix model. However that was not my point. Cutler certainly can't be blamed for Windows extensive problems because he isnt' responsible for them. He provided a strong foundation to build on. The problem is that in the name of flexibility, ease of use, and speed MS has punched numerous holes through it. This is an important point because the kernel is essentially irrelavent to security after a certain point (especially to the users). Todate 99.9% of all Unix-like OS compromises have nothing to do with the kernel. With windows the same number is probably the case. Application security is everything. MS has taken a good kernel and placed an incredibly messy, complicated, and insecure application API on top of this kernel. To make this work fast, they have taken a good portion of this and placed it in the kernel (the GUI). To make matters worse, in the name of ease of use, MS for many years encouraged running applications as root. Then making Internet explorer deeply integrated into the Windows GUI (which for all intents and purposes is the OS), pretty much makes the whole mess a huge liability. There are some flaws in windows that are so intrenched in the design of windows that they will never be fixed. One that comes to mind is the broken way that windows handles event messages to the various windows. It is possible, for example, to send a message from a normal user's window to a system window, and ask it to do anything it wants. MS acknowledges this as a potential problem, but downplays it's significance. This is but one of many problems inherent in the windows system as a whole. For developers this is a lose-lose situation, since it's difficult to write good and secure code with poor APIs. In a very real sense the whole of Windows (APIs and facilities for handling multiple users) has never been really been designed to place security above functionality. MS thought the internet would be a fad too (not sure what they expected would replace it). They are waking up. Hence .NET. Our community should not ignore that fact. If we were to take modern linux (which really has been through the school of hard knocks) and run it on the Windows NT kernel instead of the linux kernel, it would still be more stable and secure than Windows currently is. Conversely, if we were to somehow magically run Windows on the linux kernel, the problems inherent in windows would still be there. > > >Now, as for techno-agnostic...I see several possiblities for what that > means: > >1) You do not believe that we can prove technology exists > >2) You believe that technology exists, but it does not care about you > >individually > >3) You doubt the truth of all technology Personally I found this little comment to be the funniest thing I've heard in a long time. > > let me help you out: > > 1) I don't believe we can prove one technology is "right"/"good" and another > is "wrong"/"bad" > 2) I believe that technology exists, but I don't care about it emotionally > 3) I think all technology mostly sucks, but some technology sucks less than > others Good response. > > you can also say i'm technology neutral, but since many people attach a > religious zeal to technology, i find the term techno-agnostic suits the > methaphor, wouldn't you say? Yes. However you are coming across as a real zealot in your own right. > > Josh Coates > http://www.jcoates.org > > > ____________________ > BYU Unix Users Group > http://uug.byu.edu/ > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list -- Michael L Torrie <[EMAIL PROTECTED]> ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
