Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » Security

SOTOS 2009

State of the operating system. The personal one that is.


Get It

Try It

Those of you running IBM mainframes at home can breathe easy. Not too many scary things in the crystal ball for you.

Likewise for those of you running Apache web servers. You're mostly in the clear.

For everyone else there's more to consider.

Not Fit for Use

Microsoft Windows is truly not fit for use. On the Internet that is. With 1.5 billion computers connected to the Internet today and with 1.35 billion running Windows it's a sorry situation indeed.

Many diehard Windows users are balking at the upgrade to Vista. For good reason. They feel relatively comfortable (and safe) running Windows XP. This is easy to explain: most of them have never run anything else.

Microsoft products continue to be the #1 malware accelerators in use. Actually there's no comparison. Year after year the defenders argue that other platforms are going to get hit hard too. And any day now. But that day never comes.

And the reason is simple: Windows is a standalone system. It wasn't meant to be put on the Internet. The only safety checks Windows can pass involve disconnecting from the Internet and not even allowing removable media such as CDs, DVDs, and old floppies. Given those conditions even the old MITS Altair would probably qualify.

There's nothing Microsoft can do about it either. All this talk of hypervisors and whatever's the buzzword next week is just that: talk. Microsoft could sandbox their entire system in Linux of course - but at that point you'd have to wonder why keep that wretched Windows at all. This might work in a transition period but the writing on the wall is there: Windows has to go.

Open Sauce™

Open source kernels are good. Both Linux and the BSDs are excellent underbodies to good personal systems. FreeBSD is considered by some pundits as the greatest achievement in the history of open source software. Linux on the other hand is simply amazing and has won considerable ground in the web server space.

It's when you try to package those kernels with a reasonable interface for ordinary users things start to get shaky. The most talked about GUIs are variants of GNOME and KDE for Linux. GNOME is pure C - and it shows - whilst KDE is mostly C++ - and that shows too (and painfully).

Above and beyond structural difficulties both 'GUIs' suffer from lack of an overall vision, a suitable paradigm for event driven programming, and motley graphics of substandard quality. 'Ease of use' doesn't come to mind when contemplating a Linux GUI.

The proof of how true this is can be found in the story of Mark Shuttleworth's Ubuntu systems. Based on the conservative and relatively stable Debian distro for Linux, these systems are shipped free of charge to any address in the world. Totally free. And yet Shuttleworth still can't puncture the 2% demographic mark. Nobody wants Ubuntu.

Shuttleworth talks of making his default GNOME GUI as pretty as Apple's and of dreams his volunteer crew will someday pass Apple by but he's got to be smoking some controlled substances. Yes you need attractive graphics but above all else you need a flexible system that's supremely easy to use.

Since Day One GNOME and KDE have been copying Microsoft ideas shamelessly. Their programs work the same (crippled) and their configuration files are identically paraplegic. Perhaps the rationale originally was to ease the transition for newcomers? But does it matter? Copying an arbitrary style is one thing; copying an endemically flawed design sis quite another.

Somewhere in their drooling greed to steal the idea of the original 'Mac' the Microsofties missed the point. This can happen. Steve Jobs admits on his first visit to PARC he missed the point too. But Jobs was able to regroup at NeXT; Microsoft can't do it anymore without gutting their entire system and third party software catalogue.

And Jobs at least made the Mac look like it was operating properly; Microsoft never even got that far.

Microsoft, GNOME, KDE: they're all locked into an application oriented interface that sells the system short. Applications have their menus right on their windows; you essentially get one window per app and then things like 'do you want to save this file before you begin a new one?' This doesn't happen with an authentic object oriented GUI.

Program development for Windows, GNOME, and KDE is a lot of 'DIY': things that should be modularised in the system are left to the application instead. There's redundancy: there's a lot of code being duplicated all the time. It's the opposite of optimal.

Application developers should only have to worry about writing the code that 'applies' the system to their particular domain. But you can't do this on Windows, GNOME, or KDE.

 (Apple)

Apple's system is based on NeXT's OpenStep which in turn is based on the same company's legendary NeXTSTEP. Where the Apple Mac missed the mark the NeXT NeXTSTEP hit it spot on. The interface was truly object oriented and more importantly the underbody was as well. The original NeXTSTEP classes remain one of the major achievements in computer science, impeccably organised and designed. No one's ever going to do it better.

Recurring estimates of the efficiency of the programming model hover around needing approximately 20% of the time normally associated with similar tasks on other platforms. And this despite the fact the API is about four times the size of Microsoft's.

Because application development is so much faster and more effective; because there are so many more possibilities; it's easy to develop a symbiosis between user and developer. Users get things closer to what they want faster than they could dream of.

And in terms of ease of use no one will ever beat a Steve Jobs company. GNOME, KDE, and Windows are hopelessly out of touch here. And most likely always will be.

Security

When it comes to security the end user will do best with an open source system. The kernel code is reviewed constantly; patches are applied immediately; there are few if any exploits ever in the wild for these systems.

Apple rate a 'second best' because although they too use an open source kernel they modify it. This results in redundancies; and security updates often have to wait until the code has been retooled for their own system. And as this system is essentially a closed rather than an open system the code can't benefit from the same comprehensive review.

And bugs - and security vulnerabilities - can therefore creep in.

Perhaps worst with Apple's OS is its hodgepodge character: when Apple 'acquired' NeXT they essentially had two widely disparate operating systems - their old, antiquated, and increasingly buggy 'Mac OS'; and NeXT's space age NeXTSTEP and OpenStep.

One of the great unfortunate ironies is how disparate these systems are: their ideas cannot be feasibly combined.

Then chief of software Avie Tevanian remarked - perhaps sarcastically - that the company should gut both system and write a new one from scratch. But what they did instead was create the current system - a 'hodgepodge'.

For the safety of the user there must be one and only one path from the user's actions to the computer resources. High level code must not be able to circumvent the security model of the underlying kernel.

And although Apple's OS is supposed to be a 'Unix' like any of the others it cannot behave as such: Apple insist on using an update to their old 'Mac' file system which is incompatible with Unix.

There are some good things about this file system; but at the end of the day you simply can't marry two systems so dramatically different and expect good results. That Apple have succeeded as much as they have given these circumstances is commendable; but they'll never rid their system of its flaws until they totally remove all the old 'Mac OS' still in it.

Apple have also inherited and on their own created divergences in system design that don't belong in a secure system. Rather alone in this regard, Apple sell systems with deep rooted design flaws that can spell disaster. So far precious few hackers have attempted serious attacks on the system but this isn't for lack of opportunity. The holes are there.

Price & Performance

Apple computers are more expensive. They have always been more expensive and they will continue to be more expensive given the corporation's current marketing strategy. Apple do not licence their system to OEMs; they instead insist on people running their software only on their own hardware.

This puts a painful limit on how much market share they can acquire.

And because they only sell to a single digit demographic their own costs are higher. Research and development as well as plant tooling costs have to be offset; these are distributed through their miniscule user base. Apple users pay more.

But for the higher price the user gets an eminently usable system. Apple's OOTB (out of the box) experience is justifiably famous: open the box your computer comes in and get a rush. Things just work. They take nearly no setup time at all. There's no time wasted or hair pulled to get the hardware working with the software. It just works™.

Other OEMs may at times come out with models that surpass Apple's in raw performance but none of them can today offer an operating system that performs as well as Apple's. The NeXT technology Apple acquired has it all over the competition.

  • Vector graphics in floating point. The NeXT/Apple graphics system isn't pixel based. Neither integer coordinates nor pixel oriented APIs dominate. It's all about lines connecting one point with another. The Rixstep screen saver Rorschach appears to spread tiny dots around the screen; those 'dots' are actually rectangles. And using floating point coordinates doesn't limit the hardware: the hardware might have to convert the coordinates into pixel values but you don't have to.
  • Full Unicode support. Apple's file systems support UTF-8 and Apple have long been a key player in the Unicode consortium. All text is handled internally as Unicode.
  • Cocoa services. Apple's systems have more context information available than any other. Users do less 'click copy and paste' than on other systems. Workflow is far better.
  • Stable code that's also lean and mean. Apple's programming paradigm yields ease of use without the concomitant 'bloat' found on other systems. Software can be adequately tested before release. Diagnostics embedded in the system provide far more information for the development cycle than on any other platform.
  • Pretty in a useful way. Apple graphics - like NeXT graphics - can appear blazingly impressive. What designers for the other platforms never seem to grasp is that there's a good reason for the doodads. The transparency Apple have had for ten years was there so you could actually read through - not to make a blur.
  • Overall integration. Software on an Apple system works better with the system and with other programs. The base classes of the Cocoa framework coordinate application interfaces so users see the same thing every time - the famous 'user recognition principle' defined by IBM.
  • Getting you where you want to go. All systems will prove lacking in one or another minor aspect but Apple have it all over the other platforms in terms of leading you where you want to go. You'll rarely get lost on an Apple system - you'll rarely run into a challenging and cryptic and confusing system alert. You'll get taken to where you want to be.

Another matter that must be addressed is the illusion Microsoft systems are cheaper. Yes Microsoft Windows OEM hardware is cheaper; but use of a Windows system is not - Windows is the most expensive personal system in the world.

No matter the obscene and outrageous prices for the software itself - this is normally baked into the total price of the computer; it's the cost of trying (in vain) to keep the computer secure that makes the difference.

Reckon with perhaps three separate antivirus titles; and paying the annual subscription fees for the vital signature list updates; reckon with all the time wasted on that nonsense - then factor in recurring trips to your local 'PC doctor' to try to do the job no antivirus program can.

Best Buy's 'Geek Squad' today charge US$300 for a house call to disinfect a Windows computer - something that reasonably needs to be done several times a year; how much money did you save by buying a Windows PC instead of an Apple?

 - 'Mac Skywatcher'

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.