Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » News

Less Than Perfect Systems

Omissions that make them unfit for use.


Get It

Try It

REDMOND/CUPERTINO (Radsoft/Rixstep) — Today, on 25 October, three weeks after Microsoft's own release, Apple release OS update 12.0.1 'Monterey'.

There's not a lot to write home about here, and Apple consumers are typically wary. Beyond what's written in the media, it must be pointed out that neither vendor shows any signs of addressing the core issues plaguing their respective systems.

Perhaps a walk down Memory Lane can be in order.

The Computer History Museum can offer extensive interviews with respective (and respected) system architects and project shepherds Dave Cutler and Avie Tevanian.

Both interviews are 3-4 hours long, divided into two parts, and grossly entertaining (if you make the time).

Dave's interview took place first, in February 2016. Avie's interview began in February 2017 and concluded in April 2017.

Get the popcorn. (The article continues below.)




Overriding Concerns

Hallmarks for both systems today are that there are glaring systemic flaws in each, consumers are kept in the dark, and vendors are doing nothing about it.

To make it patently clear, straight away, from the get-go:

√ No system today needs to be plagued by viruses. Victimised by hacks and dodgy exploits? Yes, this is possible. Given enough planning and resources, Auric Goldfinger could hack Fort Knox. But the actual virus per se? No.

√ Unix systems are very secure - in fact they're the antithesis of Windows machines in that regard. They cannot be hacked, even by Auric Goldfinger, given only median savvy on the part of the user. Apple systems - to the extent they are still Unix systems - are safer by several orders of magnitude.

The unforgivable facts, however, are that Microsoft systems are still plagued by viruses and Apple have convinced their consumers they are very insecure and so must huddle inside the 'walled garden'.

Operating Systems in the 'Old Days'

There was a time when there was only IBM, and IBM's two legendary operating systems are MVS and VM, the latter of which was used by Dennis Ritchie at Harvard, the former of which was used by us at the Royal Mail. DEC's powerhouse was VMS, the model used by its author, Dave Cutler, for the design of what later became NT.

Messrs Thompson and Ritchie caused a sensation at IBM's Thomas J Watson Research Centre when they first introduced UNIX. Tony Hoare held a number of conferences and surveys on the status of operating systems. The great majority found their systems to be adequate but lacking.

UNIX changed all that. It's hard to conceive of such things today.

Brian Kernighan suggested the following test.

Create a new source code file for a program you'll now write that will simply copy a file. Compile and link the program. Then use the program to copy your original source code file, then try to compile and link the new source code file.

Odds are it won't work on pre-UNIX systems, amazing as it sounds. It was all down to file formats and the inability to understand that files should be a 'stream of bytes' and no more. See this from Catherine Ann Brooks for reference. (Start at time mark 712 - 11:52.)

Programming languages back then were MVS/VM/VMS assembly, IBM's FORTRAN, COBOL, and PL/1 (a combination of all the others). (IBM also had APL, but that's another story and another keyboard.)

UNIX changed all that. The portability of UNIX made its popularity spread quickly. And so here we are today.

Dave

Windows 11 is officially an outgrowth of NT. NT is a product of Dave Cutler and his 'Tribe'. Their account is told well in Gregg Zachary's 'Showstopper!'



NT is what happened when Dave Cutler, working out of DEC's lab in Seattle, on a project called 'Emerald/Prism', was confronted by reps from Microsoft (Nathan Myhrvold says Dave) who'd heard that DEC had plans to get rid of him. Cutler was overwhelmingly respected and popular, so sacking him on the spot would have likely led to outright mutiny.

DEC schemed to give Cutler a 'horizontal' promotion, to let his loyal coworkers get used to not having him around all the time, and then get rid of him. As the story at DEC goes.

What Microsoft wanted was Cutler - they wanted Cutler to work for them. They were in desperate need of a 32-bit operating system. One needs 32 bits (at least) to implement virtual memory, and virtual memory is an absolute necessity on serious machines.

Cutler was a hard bargainer. Nathan Myhrvold had painted a picture of Cutler's back to the wall, but Cutler was a tough one. Everyone in his Seattle lab had to have the same salaries, said Dave. But you have hardware engineers, said Nathan Myhrvold, and we have no need for hardware engineers. Doesn't matter, said Dave, they get jobs too or there's not going to be a deal.

So everyone at Cutler's lab in Seattle, hardware engineers included, got jobs at Microsoft. And Cutler seems to have taken his entire source code tree with him.

This happened back in the final years of the 1980s. Source code files with his name can be found as far back as 1988.

The first release of NT was version 3.1, this to keep pace with the 9x branch. The word on the street was that NT was sluggish. This was definitely not true. But Cutler hadn't been given explicit instructions by Microsoft for two full years. Then something happened. Some middle-echelon execs summoned him to a meeting. How many of his team followed along isn't known. What is known is that people from that team related the following to us, in person.

The room's long conference table had a few unknown and rather quirky-looking people sitting by themselves at the far end. They were not introduced to Cutler. The execs began by explaining what Bill really wanted: a workstation version of Cutler's file server.

For that's what Emerald/Prism was: a file server. A bulletproof one. Written finally, as Dave had proposed years earlier, not in assembly but in C. Dave hated Unix but he loved C. (And no words can't begin to describe what he thought of Stroustrup's C++.)

Cutler reckoned Bill knew what he'd been doing in Seattle: building a file server and no more. It wouldn't matter who tried to connect - authentication was secure. Authenticated machines carried an access token around. This token described who they were and what they could and could not do. Cutler's access controls define what is possible and what is not, and for whom.

But a workstation version? Why?

Bill's execs told Cutler that Bill also wanted a graphical user interface for his workstation. Not a good move: David Neil Cutler hates graphical user interfaces. Not just dislikes - but hates.

The execs carried on by telling Cutler about their ambition with what they called 'Zero Administration'. Zero Administration was a type of onscreen tutorial guide run by so-called 'property sheets' so people who knew less than nothing could still be able to administer networks.

And those chaps at the other end, they told Cutler, will help you with the Zero Administration stuff and the graphical user interface. They're from our Win16 team.

All this was anathema to Cutler. Servers are hidden away in dark heavily guarded vaults. People don't sit at server consoles and play around. They power on a server and lock the door behind them.

Zero Administration? Cutler finally exploded.

'We won't go into further detail', they said, 'but let's just say things got really ugly at that point'.

Cutler was known for sometimes getting physical. 'He's like a marine.' Thinking of Cutler slamming Bill's execs up against the wall... Cutler had indeed once punched a hole in the building. Ballmer had panicked and sent him an additional 1,400 programmers, and Dave didn't want them and didn't know what to do with them. He punched a hole in a wall.

As a member of the team explained, he and his mates went into downtown Seattle and bought a picture frame to hang over the hole. They all loved Cutler.

Cutler disappeared before the release of NT 4.0. Our colleagues returned to Redmond to visit and found their old mates in a panic.

'Dave's gone! Dave's gone! What are we going to do? Dave's gone!'

Cutler lost any respect he'd had for Gates. Gates feared Cutler. Gates sponsored Cutler's racing cars. 'He pays me to stop pissing all over him', Cutler revealed.

Cutler hacked out a workstation for Bill. He put an active kernel thread in the Registry that made sure that special 'server' features weren't enabled if the user licence was only for the workstation version. (You can inadvertently collide with those Registry keys if you get lost. 'You have attempted to change the conditions of your user licence agreement. You will not be allowed to continue. Press OK.')

Cutler and his Tribe wrote the original NT in 16 million lines of code. Yes, a staggering sum, to be sure. But then something happened with Cutler's old employer DEC, the details not fully known, but it seems DEC threatened to sue Microsoft, and Microsoft settled by turning over a hundred million or two as well as committing to rewriting the entire OS.

But now Cutler's gone. And the resulting version ended up at 64 million lines of code, or four times the original.

Such is the caliber of 'engineers' employed by Microsoft. Or Apple, for that matter. Charles Simonyi, head of Microsoft's HR, explicitly shunned recruits with too much prior experience, anyone with too much a mind of his own. Apple more or less did the same.

The warts in NT appeared not in Cutler's basic design but in what he was forced to put atop - the graphics user interface (GDI). Gates brought in a rogue group to tackle the GDI. The leader of the group ended up spending most of his time trying to write programs that would break the bank in Atlantic City and trying to convince Bill Gates that C++ was a good programming language. Most of the BSODs in NT 4.0 were attributable to them.

Cutler's own file manager - WINFILE.EXE even on NT - was fine. It handled long file names and did all the things it needed to do. The original 16-bit WINFILE had been a wonder in itself. Reportedly taking as many LOCs as the entire first UNIX, it overloaded available controls to the max to create the wizardry that made it famous. You can't operate a system, or control a server, without an adequate file manager. (That's how outsiders can know there are no serious admins at Apple.) The unwashed may be happy with PROGMAN.EXE, the Program Manager, and those who've never washed ever in their lives (there are more than you think) might be flattered with 'what would you like to do today', but the Atlases need serious stuff. Cutler's WINFILE.EXE for NT was serious stuff.

[The original source to WINFILE is now available. Ed.]

But then Cutler left. Gates kept a lid on it. Cutler still had an office there and turned up now and then and made appearances at occasional functions, but he was gone gone gone, only racing cars that Bill sponsored.

It's not known who, if anyone, took over. (Officially it was still Dave.) It might as well have been the Ballmer, from the looks of things. Suddenly the file manager wasn't good enough. And some twit at Microsoft invented something called the 'Shell Namespace'.

The Shell Namespace has no correlation to what's on disk, to any iteration of reality. Pushing out the file manager and giving people its replacement instead: that means that people can no longer know what's really on disk. The Shell Namespace includes virtual folders like Control Panel which aren't real folders at all. It also puts 'Desktop' at the top of the hierarchy on the left - and then again halfway down the same tree. Sheer genius.

Did Redmond hire programmers from One Infinite?

We were down in Hursley for a week, teaching NT Systems Programming to the folks at IBM. They had no respect for NT, thought it was crap, only ran Linux at home. We brought along our own modded WINFILE along with the MSDN preview of Windows 2000, reckoning they'd be interested in seeing how the new system would work.

But it turned out that WINFILE no longer worked. Not correctly. And, having seen how students struggled with Explorer, it wasn't fun. Actually downright ridiculous. Think a minute. Microsoft by default hides file extensions - so they can be more like Apple. Now imagine a typical project directory. All the files have the same bloody name. The extensions are hidden. All that can possibly distinguish them are their tiny 16x16 icons - which are often the same. How is that a sensible way to work?

Anyone that thinks that taking one year and ten months to make X-file for Windows is really cool needs their head examined. Then Mark Ward, then of the Telegraph, rang. And asked what we were up to and we told him and he published it.

Having taught NT Systems Programming for years, having contributed to the course materials, having done this with several institutes in Europe, one gradually developed a sense of what can be called a system's 'security model'. Microsoft doesn't have one. Cutler did - because nobody was going to mess with his server, because you couldn't poke around on his server, but only send requests to his server (and either get back what you wanted or get told to bugger off). Put a workstation version in the mix and all bets are off.

NT Workstation inherited the file attributes of MS-DOS and added none of its own. One can in theory apply Cutler's access controls, but ordinary users aren't going to have the savvy or the inclination. Access controls are expected to be static, not changing all the time. After all, they're on a server, and the server room is locked - right?

There are no ownerships in MS-DOS. There are no groups in MS-DOS. MS-DOS is not secure by any stretch of the imagination. And yet it's the MS-DOS file system that's at the base of Windows even today. Not the NT Cutler envisioned, but the Windows Gates did.

You have to make the OS secure. To start with. The fundament must be secure. Anything you put atop an insecure system is lipstick on a pig. Building a high-rise from the penthouse and on down. As Charlie Miller pointed out, and as we've all seen over years and years and years, you cannot add on security as an afterthought. Windows was seen as a standalone system. It still is a standalone system.

Cutler built a secure system. Microsoft spent millions getting agencies to certify this. But those certifications explicitly state that their tests are not for systems with removable media or even Internet connections. Think about it.

Ken Thompson and Dennis Ritchie built Unix before Tim Berners-Lee built the web. The Internet was already out there, but not used much. And yet they built their system as a multiuser system. Perhaps that's the key: multiuser systems can segue into Internet use if they're secure - or securable - from the get-go. MS-DOS was not. Windows gets hit by malware left and right. Windows users are oblivious to how they're getting bruised. And why not fix things? Because ripping up the fundament would break the millions of titles, and that immense software library is what makes Windows a platform people want and need. The bread and butter's not the freak oddity who thinks the interface is nifty, but the corporate - or preferrably governmental - client who buys licences by the carload.

Everything else is just more pig on your lipstick.

Avie

The people at NeXT got a lot of things right. Why build your own fundament when there already are people who do it for you - and do it for free? NeXT chose FreeBSD, of which the Linus has admitted that, had he known of its existence, he wouldn't have bothered trying to make an OS of his own.

NeXT made some mistakes - or, should we say, Steve Jobs made them. Like repainting his factory walls over and over again until he got just the right shade of beige. And once again insisting his new toy be hermetically sealed. And shipping with an optical drive instead of a standard hard drive. But the software side, headed by Avie Tevanian, did a remarkable job, the greatest milestone since UNIX itself.

NeXT layered two comprehensive 'frameworks' atop FreeBSD, a basic framework with abstract classes and another with tangible classes for use in applications.

The design of these classes was a model, good enough to use in an advanced class in system architecture. Once you learned the topology of one class, you'd learned them all. Hundreds of them. As IBM had done in their collaboration with Microsoft, NeXT stuck to consistent nomenclatures. Product development times were estimated to be one fifth of other platforms. And that's not even taking Apple into consideration, where the disparity was even greater.

Then along came Jean-Marie Hullot (RIP) who had an Apple program called SOS Interface. Jobs bought up all available copies of the program and hired on Hullot to work for him at NeXT, building what came to be known as Interface Builder. No other platform has ever had anything like it, not even to this day. All platforms should have it.

There are dozens of other 'odds 'n' ends' that NeXT added on. NeXT created a symbiosis between user and developer. On the downside, perhaps: their on-disk application architecture. Windows programs loaded instantaneously, NeXT apps took longer. Cutler's virtual memory was superior to that of FreeBSD's. NT applications are self-contained, NeXT's are strewn about the disk in any number of files. Given median access times, this causes NeXT launches to be a lot slower.

But NeXT could more easily localise. For example, Microsoft had all their European translators convene in Dublin to rewrite software resource sections, after which the engineers could relink them for each target demographic. NeXT on the other hand allowed for third party to create additional resource subdirectories and then use system preferences (through a control panel) to set the order of preferred languages. (One doesn't have to settle for just one language.) Nonetheless, the great number of files in the typical NeXT application slowed things down considerably, a factor we were partially able to remedy, yet another thing no one else discovered.

NeXT also used the superlative programming language Objective-C. Apple's Swift, with its so-called 'playgrounds', is a severe steep step straight down.

At the lowest level, NeXT was FreeBSD. The FreeBSD people took care of FreeBSD. All NeXT had to do was pick up a new copy when it was time for delivery. FreeBSD took care of bug hunts and bug fixes. NeXT could concentrate on the veneer.

Collaboration. A wonderful world.

Armchair quarterbacking:

NeXT's NeXTSTEP, later the platform-independent OPENSTEP, was in the market in 1996. Some major players were using the technology. Wall Street was, and so was WorldCom. Gil Amelio made a plea with these clients not to abandon ship. (Apple had a terrible reputation in the field.) NeXT was finally pulling in a profit when Jobs sold to Amelio.

There was no work to do with NeXT. Apple acquired all the NeXT engineers in the 'merger'. There was no reason to worry about system maintenance. Apple had NeXT's two big names, Jon Rubinstein and Avie Tevanian. They also had all the Apple people who'd successfully run the company into the ground with their Tinker Toy politics. If other companies like Microsoft could successfully manage two product lines, why couldn't Apple? But Apple had a problem: both their software and hardware sucked balls. Apple needed the NeXT people to save Apple. That was the mistake.

The above clips make clear, however, that Apple had genuine concerns with their corporate clients. Our contacts with Apple upper management were more concerned with 'switchers'. This may have been an intentional red herring. Whatever: management understood that they needed transition to survive financially. How this plays into establishing two separate product lines is a different matter. Notwithstanding, Apple ended up wasting five full years getting a market-ready product back to market, which gave Gates the time needed to consolidate his position and his billions. Was this possible to predict at the time? We say 'yes'. And, knowing how aware Steve Jobs was about synchronicity when piloting NeXT, we still find it odd he missed this. The world would be a far better place today if he hadn't.

As to there not being any work to do with NeXT: that's a truth with modifications. Cutler's object-based system architecture was clearly superior to Avie's. Putting the file management API in a capsule of its own as Cutler'd done was clearly needed, but had Avie thought of that? Debatable. Not sure yourself if such an idea makes any sense?

Compare Cutler's single channel access to his file server. Compare it with his access to file management - there's one function call. That's what you get.

https://docs.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shfileoperationa

You get one call. That's it. More of an explanation here.

https://www.developer.com/microsoft/c-sharp/shfileopstruct-and-the-shfileoperation/

typedef struct _SHFILEOPSTRUCT {
    HWND          hwnd;
    UINT          wFunc;
    LPCSTR        pFrom;
    LPCSTR        pTo;
    FILEOP_FLAGS  fFlags;
    BOOL          fAnyOperationsAborted;
    LPVOID        hNameMappings;
    LPCSTR        lpszProgressTitle;
} SHFILEOPSTRUCT, FAR *LPSHFILEOPSTRUCT;

That's completely complete. As you look at what the fields represent, you'll understand fully what Cutler had in mind.

HWND hwnd - this is the window handle of the caller. This is needed because the system will want to place windows (dialog windows) of its own at an appropriate location.

UINT wFunc - the important one. This is an unsigned integer that describes exactly what you want to do. Be it copy a file, rename a file, move a file, whatever.

LPCSTR pFrom - the source path
LPCSTR pTo - the destination path

BOOL fAnyOperationsAborted - it's here you find out afterwards if anything went wrong.

LPCSTR lpszProgressTitle - the system will put one or more message boxes on screen and wants to know what text you want in the title bars.

That pretty much describes it all. So what's your picture of what's going on? It should be that from the moment you send off your SHFileOperation request, from the moment the user clicks that 'OK' button or whatever, you no longer have control - the system does.

Everything from that point is the system protecting itself. File collisions? The system will ask - with the appropriate title in the query box, the box placed at an appropriate position relative to the window of the application making the request.

Dave Cutler had a habit of thinking of most everything. Avie's NeXTs have nothing like this. As time goes on, the little that's left of Avie's work has even less.

Early editions of Apple's OS X with wide-open 'Carbon' access to archaic file system APIs from the 'beige era' had red warning text all over the place.

'Be careful when using this API - you can end up hosing the entire file system.'

Not much security there. Absolutely not acceptable in a modern operating system.

Cutler protected his file system. Avie didn't go far enough. And the old Apple greybeards didn't have a clue what the fuss was about.

Overriding Concerns Revisited

Given two 'new' operating systems that are unleashed on the world in the same month, it becomes necessary to consider what weaknesses these systems traditionally have, and to see if they've actually fixed anything.

Security

Windows is insecure. Get over it. With Windows you need antivirus. You don't need antivirus with any other platform. Worse still: if you understand how antivirus works, you know that no single product will protect you. You also know that no collection of antivirus products will protect you either. And you've probably figured out that the hackers test their exploits against the current releases of all those products, to make sure they get through (at least for a while).

This is the nature of the beast.

Viruses per se, as opposed to generic malware, exist only on Windows, because it's only on Windows that hacker code can write with impunity to sensitive system files.

It's been going on for over twenty years now. If you or your company are still using Windows, don't complain. No one wants to hear you.

Apple's Monterey, as any Unix system, will be more secure. No Unix system allows hacker code to modify sensitive system files. That's in the nature of the file system. Those files are protected by their directories, which in turn are protected by their own directories, and so forth. The security can also be multilevel. Viruses have no chance.

Privacy (Integrity)

Neither Windows 11 nor Monterey have anything to offer here. Both systems are extremely intrusive. Windows is perhaps worse than Apple, but both are bad.

Under the Bonnet

Cutler's APIs are better than Avie's, and Avie's are pretty darned good. The environment at that level is better on Windows. But Windows adds a number of 'frameworks' that are no fun and pretty screwed up. Both platforms suffer today from a lot of corporate 'rot'. Worst of all is that it's closed source, meaning two things: 1) you can't know what they're really doing and you can't trust them, and 2) you can't make the necessary modifications yourself.

You might like one user interface better than the other. But interfaces are a dime a dozen. If you don't have the basics properly in place, nothing else really matters.

Yes it should be easy to get the basics right. But neither of these players seems to care.

Postscript: Linux Mint

Our original plan, when moving down to the RTP, was to go Linux. The deplorable state of Wintel junk hardware led us to Apple.

We were also intimately acquainted with NeXT, whose representatives in Stockholm had contacted us. And the technology they had, even back then, in many respects surpasses what Apple has today.

Apple represented a breath of fresh air. After seeing the weeping and gnashing of teeth in the world of Windows. And we truly believed Apple would lead the charge for a more safe and secure online world.

We were wrong.

It may have taken twenty years to admit this, but there it is. Apple Inc is no more interested in your wellbeing than Microsoft. That's just it. Accept it.

So what to do now?

Without corporate clout, nothing will dislodge Microsoft. Microsoft will never give you an adequately safe and secure operating system.

Without corporate clout, nothing will dislodge Apple either. The trust that people put in Apple was misused and abused in order to turn them into an ugly monster just like Microsoft - perhaps uglier, considering the chokehold they have on their markets, running a sort of 'protection racket' that's got both the media and governments pretty upset.

Perhaps you should try this.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.