About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

Vapori$e M$

Week of April 24, 2005

They're going to try to distract you.

Ballyhoo and noise: expect a lot of these in the coming months and years. Bill Gates has his back up to the wall and he doesn't exactly wax ethical when he's cornered.

Linux has been the #1 enemy for a long time. Now, thanks to Ellen Feiss, there's another more dangerous enemy: Apple Computer.

Apple is Unix just like Linux but with an important distinction: Apple boxes 'just work' and they just work 'insanely great'. For your average punter Linux can still be too much of a challenge.

And given that it's been demonstrated over and over again by now that Apple hardware is not only of a better quality but actually cheaper than Wintel junk, and given that Apple's NeXTSTEP/Cocoa has capabilities and a feature set M$ will never have a hope of catching - and given the total market sensation of the Mac mini - the contest becomes a total walkover: game set and match to Apple.

Already the market has begun to respond. Apple sold 571,000 machines last quarter, placing them in the top five of sales in the US. Their stretch to IBM who hold the number four position is a few fractions of a point. Apple are definitely on the move, but more than that: computer users everywhere are on the move - they're finally waking up.

Gates is going to try to concentrate on the feature machine - he's going to try to stop people from making a quick $500 'go for it' to a Mac mini or maybe even better - and the only thing you're going to hear during this time is features features and more features.

  • Until it's coming out of your ears.
  • Until you're so sick of it you want to throw up.
  • As if features an operating system make.

There are those who (seriously it must be pointed out) claim Windows has made great strides and is 'almost' secure today.

To drive the point home yet again, there is a world of difference between patching an ad hoc designed system with ad hoc rubbish and starting with a secure system in the first place.

So somebody gets through a crack - you patch it. With ordinary systems that is. But with Windows you have to look deeper. You have to look at what caused the crack.

With Windows it's a bottomless crack.

Windows is a single user system in an era that can no longer tolerate single user systems.

Every file on a Unix disk has an owner and a group. Permissions are set by the system for the owner, the group, and everyone else. The file system and the kernel work hand in hand. The system as a whole is secure and capable of plugging holes as they eventually appear.

There is no ownership on a FAT disk. FAT disks inherited the M$-DOS file attributes of old which to wit are:

  1. (A)rchive. Used only for backup routines. Every file saved gets this bit set so they can know it needs to be archived again. When they've archived it they reset the bit. This one is so old it's got whiskers longer than Father Christmas.
  2. (D)irectory. Shows you what items are directories. Wow.
  3. (H)idden. But hidden from whom is the big question: it's only an attribute and nothing is really hidden.
  4. (R)ead-only. But anyone and any program can mark and unmark any file with this attribute so it's meaningless.
  5. (S)ystem. Another attribute without meaning. It's descriptive like most of the others and does not limit access in any way for anybody.
  6. (V)olume. Reserved for the root directory to give a name to a volume. Used by the brainiacs in Redmond to circumvent difficulties when implementing long file names. Otherwise not used and in terms of security completely irrelevant.

There they are; the system admits of a capacity for a total of eight file attributes - no more. They're all to be stored in one byte, byte 11 (the twelfth byte) of the 32-byte 'DIRENTRY'. Eight attributes - no more, and six are already taken.

There's no room for ownership. Every file on the disk is owned by whoever gains access to the physical machine, including interlopers coming in 'through the ports' - from the Internet.

And only making matters worse M$ have so designed Windows that it 'advertises' its presence on the net by using ports no one else uses - an IP scanner can see Windows instantly in a list of several thousand scanned IPs.

Windows will admittedly run an alternate file system known as NTFS, but few use it and fewer still know how to use its capabilities for file permissions. NTFS uses a scheme with access control entries (ACEs) contained in an access control list (ACL) and if you understand it and work day and night at it you might just make your box secure. 'Maybe.'

But accounts having any chance of running third party software almost always have to be 'admin' accounts - accounts belonging to the 'Administrators' group on NT. A caveat of this account is that it can assume ownership of any resource at all with no further authentication.

There are areas of an NT disk and NT Registry that belong to the real honcho named 'SYSTEM' as in VMS, but a member of Administrators can usurp these areas easily. If someone gets hijacked on a Windows box, the rogue code will be piggybacking on code running as an Administrator, meaning the rogue code can steal all of SYSTEM's stuff without blinking.

Also relevant is that Dave Cutler did not design NT as a workstation operating system in the first place: he thought (for years it would seem) that all M$ wanted was a file server. And it was only when Dave and the Tribe were well into the game that M$ let on subtly they wanted something else.

The code for NT Server and NT Workstation are almost identical. Cutler didn't take a step back and figure out a new architecture for end users; he just frobbed Lou's schedulers a bit and put in a few Registry flags and that was it.

Which was fine by the Microsofties, as they don't understand stuff like that too good anyway, and at any rate they don't care much about 'finer points': just get it out the door fast - for example, before Novell come out with NetWare 4.0...

If Bill Gates were a car manufacturer and someone came out with a brilliant new idea for an automobile with five wheels, Bill Gates would rip a wheel off a motorcycle and weld it fast as anything onto the back of one of his premiere products and run to the marketplace and scream 'see - we got one too!'

And then he'd let his marketing gorillas do the rest. There is no implicit coherence in anything Bill Gates ever let out the door. Never has been, never will be.

Bill stole the idea of the Macintosh not from the LRG at PARC but from Steve Jobs. They couldn't reverse engineer the code in the Mac prototypes they had, so they did a clumsy job of trying to emulate it in their own code instead. The result was the first version of Windows.

They were never going to come up with their own operating system, and as luck would have it, Dave Cutler was in their backyard and in trouble with his employer.

Right on time. Pure unadulterated luck.

They couldn't get Cutler to do things their way (as if they could ever figure out what 'their way' would be) and were deliberately silent about their plans for him for several years - they didn't dare approach him and tell him the truth.

What NT and its offshoots represent is a file server constructed in the spirit - almost a duplicate - of DEC's VMS. A server. The add-ons to make this look good for drooling consumers was something that M$ revealed to Cutler's team only several milestones down the road.

Even the GUI on NTx was an 'afterthought': Cutler's original project had no place for a GUI and Cutler himself hates GUIs and wouldn't dream of using one. Why have a GUI when the system is for a server that's going to sit locked in a vault somewhere anyway?

The Windows GUI was so terrible that Cutler had to break one of his golden rules: you never put graphics drivers in at kernel level. NT started as a microkernel OS just like OS X - as time went on, what with the shitty code being written all the time in Redmond, this became more than impractical: it became impossible.

No matter that Cutler really knows what he is doing: the Microsofties do not and their code can bring almost any system to a halt.

It can't have been comfortable for Cutler to go back on his own design. His way of looking at it however was he had no choice. The graphics in NT at the time were at least three times and as much as ten times faster than Windows 95 and he hated Windows 95 and the developers working on it. And here M$ were, insisting he put a graphical interface on a file server - and for what? Wasn't it going to be locked away?

Well not exactly, said M$. We have this new concept called zero administration which means anyone with zero brains will be able to take care of administration...

And here, they said, pointing to the far end of the room where a freaky bunch were sitting silently, here are the people from the Windows 95 project who are going to help you out, Dave.

There are two things Cutler hates: Unix and GUIs. You don't say the word 'Unix' in his presence - you literally do not say it. You shouldn't say 'C++' either, as Bill himself gradually learned. And you don't whisper anything about GUIs either. Dave's likely to go through the roof - or the wall, especially if it's just a plaster wall as many of the walls in Redmond are.

Ballmer overwhelmed Cutler with hundreds of worthless programmers boated over in all haste from India and wherever, faster than Cutler could get rid of them. Cutler wasted more time just trying to keep these idiots out of his hair than he had to do his assigned job. No wonder he literally did go through the walls on more than one occasion, and no wonder he ultimately tired of the futile exercise and left.

Of course by then DEC had got wind of what was going on and sued. Cutler had taken DEC's own system crosstown to Redmond and didn't even try to hide the fact. Several websites had the complete source tree published online. It was dead easy for DEC to substantiate their claims. As per usual M$ settled out of court.

But by the early spring of 1996 - nine years ago - Cutler was gone. This is a guarded secret in Redmond. Cutler's name carries weight. Now and again M$ spin an interview with him that makes everyone think he's still a gray eminence there, but that's not even close to the truth. And officially Cutler still has a position but he's never around to do anything and that position is in title only - part of the bluff.

Cutler's very gone.

And it was in this context M$ had to attempt a total rewrite of NT. Cutler's code was the property of DEC. What Cutler and the Tribe had done now had to be scrapped and redone by - Microsofties?

Windows 2000 idled at 35% CPU usage. When nothing was going on in the computer the CPU still crunched away at thirty five percent.

Nothing improved with XP; it's still the same old shite system. It's still the same old VMS server Cutler rewrote for M$ and M$ rewrote after Cutler that was never meant to be a workstation system in the first place.

Cutler's ACLs work fine on a file server. Everything is set up once and for all and the box is locked away. Set it and forget it. It's difficult but it doesn't have to be done often, so it's a pain one can soon forget.

But a design like this doesn't work with workstations where people move files around all the time and where skills are at an entirely different level. Unix file properties are difficult enough for some - but they're nothing in the neighbourhood of the challenge access control lists represent.

ACLs are funky critters. There is, for example, an important distinction between an empty ACL and a total lack of one. If there is no ACL at all on an object, it's open season on the object. If the object does have an ACL but there's nothing in it, then no one can do anything with the object.

This gets hairy enough for the developers - imagine how this works out with secretaries, marketing people, and assorted bean counters.

And with the current setup anyone can change ACLs on anything anyway: members of Administrators can obliterate this stuff with the click of a button.

Accessing ACLs is indirect. They're deliberately opaque; you normally will not be able to view them as you would file attributes.

Normal NTx users don't even know what accounts are set up on their boxes. Normal users don't even know there is such a thing as a SYSTEM account.

Normal users are not system administrators. Normal users are not of that caliber either. Normal users have never heard of ACLs and most likely never will.

It gets messy and for once the term 'user friendly' can be justifiably used: if a system is so complex and unwieldy that no one will use it, what good is it anyway? Why are condoms assessed to be only 93% secure? Easy: because in 7% of all cases people don't use them even if they know they should.

XP users who always set up their disks with NTFS and who meticulously audit their resources - files, directories, and Registry entries - for ACLs on every file and every directory and every Registry entry will never grow to 93%. Not even to a tenth of that. It's doubtful such users even exist or ever will.

So at the end of the day the name of the game is fairly certain: it's a war of features like it was a war of browsers and a war of word processors before that. Bill Gates is used to winning and he's got a total lack of ethics that gives him a decided advantage.

But to win he has to sucker you in. He has to blur the distinction between software and system so thoroughly that you miss the issues and again start believing in him. He has to make sure that most people are not able to get the point.

He's going to try to distract you from the real issues - security and privacy and freedom - and continue yelping 'but we got this feature planned and that feature planned and...'

And it will all sound so cool, won't it? Never mind that the shite will only work about as well as anything else from M$ works - Bill has experts working on this - the marketing that is - people who are experts in duping huge demographics of consumers with ballyhoo and noise. And they've hardly begun. Just wait: it will get intense.

  • It'll start coming out of your ears.
  • You'll get so sick of it you'll want to throw up.
  • As if features an operating system make anyway.

To win, Bill Gates and M$ need your help. To win, they need to be able to fool you.

So don't be fooled. Vapori$e M$.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.