Hacker News new | ask | show | jobs
by gwu78 3338 days ago
https://mobile.twitter.com/hashbreaker/status/85322416941220...

The strange "counterargument" I commonly see on HN to any suggestion that Microsoft closed source software could potentially be unsafe for use on an internet-connected computer is that the company has "improved" since some earlier 1990's/2000's time period.

Are these commenters suggesting that other, open source operating system choices have not also improved since that time period? Should one consider how much did each respective system need to improve?

(By "other, open source operating system choices", I mean the ones that were able to connect to the internet for years before Gates decided the www was something his company should be interested in and to copy the TCP/IP stack from an open source kernel into the Windows kernel).

Are there convincing arguments why Microsoft deserves special treatment compared to the open source alternatives, i.e., why their users should not be permitted to freely evaluate the Windows kernel or Office source code via the public web? Are there compelling reasons why MS users should not be allowed i.e. given the option to edit/remove source code they are uncomfortable with and recompile? Consider the effects of limiting the number of people who can find and fix defects in a product.

Does closed source status of Windows make Microsoft's software superior to the longstanding open source operating system alternatives?
5 comments
schoen 3338 days ago
I don't support anyone hiding source code from users (and have given conference talks about hard-to-detect ways of backdooring binaries), and so I don't mean this to be an excuse for the secrecy of the source code, but every single person I know who's worked in the security industry agrees that Microsoft made a major qualitative improvement in their security at every level, based on spending a lot of money and giving security people power in the development process.

Most people feel Microsoft is managing security better than the main Linux-based operating systems do, in terms of auditing, coding standards, code reviews, and developer security education. (That doesn't mean that they're doing this better than each and every individual open source project.)

Some of the people agitating for giving Microsoft more credit about this have personally seen the results, as in-house or contracted developers or auditors.

It can be hard to make an apples-to-apples comparison about what this means for the security of deployed systems because people are potentially using the systems in different ways with kind of different attack surfaces. (For example, quite a few Windows desktop users may still be downloading unsigned binaries from HTTP sites, which Linux users would be less likely to do because of the prevalence of package managers -- though maybe some of those Linux users will do the curl | sh thing from an HTTP site too.)

I don't think that a typical open source project has improved to the extent that Microsoft has during this timeframe, though, again, it's hard to know exactly what to compare or how to compare it.

link
secstate 3338 days ago
That's a really complete argument. But there's still the elephant in the room of the whole operation being closed source, and the inability to do quantitative analysis into the improving security of a closed source system.

People on the inside can say there have been qualitative improvements, but that's not measurable on the outside and so is no better than hearsay and conjecture. Meanwhile in the GNU/Linux world, you can browse the git repositories and see and audit every step in the development process if needed.

Is it possible that typical open source projects didn't NEED to improve their security over the same timeframe, given that the F/OSS world didn't fuck users over for two decades with unfixed 0days?

Meanwhile, the OP here is talking about Word which is likely a world away from the improving security team working on Windows. Hell, I'm surprised they've got more than a skeleton crew working on the desktop version of Word anymore. People in my community 60+ have been using Google Docs for the last five years already.

link
jfoutz 3338 days ago
Microsoft was really really bad at security. Then the internet became a popular thing. I think an fresh xp install would, on average survive 15 minutes before getting infected by blaster. Microsoft, to their credit, improved dramatically. I don't know if they're extraordinarily good compared to other software producers. Microsoft gets the mention because it was so very bad, back in the day.

It's kind of like when a very lazy person turns into a marathon runner. They made huge changes.

link
kbenson 3338 days ago
There were versions of windows, 2000 if not XP, that could and would get infected in-between the time the network stack initialized and the local software firewall initialized a second or two later. This was actually addressed and fixed, because it was not a unique experience. That's how pervasive and wild the exploit network traffic was before MS got their act together.

Edit: My google-fu is failing me, and I can't find the right keywords to find a reference to this, but I distinctly remember it. Back in the days when firewalls weren't quite as pervasive, and especially not for small colo deployments.

link
ConceptJunkie 3338 days ago
I saw this first-hand when installing Windows 2000 using Parallels circa 2006. I mistakenly believed the configuration I had chosen had the VM behind the Mac's firewall, but it wasn't. The VM was infected before Windows 2000 could install the latest updates... just a matter of minutes.

This is not as extreme as you are describing, but it was also on the corporate network of a large company, not the open internet.

link
secstate 3338 days ago
Indeed. But becoming a marathon runner who finishes in 7 hours, after the finish line has closed, and doesn't get a medal because the cut off was 6:30 :)

No, it's a great achievement, but there's still room for improvement.

link
jmcdiesel 3338 days ago
Their users don't need to be allowed to freely evaluate the source, period. When you write software, you control its distribution.

What the users are free to do, however, is use an operating system/stack that they CAN evaluate the source of.

If linux or any other open source alternative was a better actual product, it would find its way to the top of the market. In fact, it already has, on the server... by far. But linux wasn't made to be easy to use, to be quick and easy to install, to install other software onto, etc... and that has kept it back, and it kept it back long enough for microsoft to establish a de-facto standard on the home desktop market...

The closed or open source status of a product has no bearing over its superiority at all. Again, in the world of geeks, it may, but in the world at large, it doesn't, and really, it shouldn't.

link
interfixus 3338 days ago
"But linux wasn't made to be easy to use, to be quick and easy to install, to install other software onto, etc"

For what it's worth (which may be not a great deal): I have installed a lot of Windows and Linux over the years, but my Windows experience has been lackin further and further behind these last few years. A short while ago, I had to a rare chance of setting up two identical machines side by side, one with Windows 10, one with Manjaro, an Arch Linux derivative. The Linux install finished sooner and with less need of interference than the Windows one. It also didn't require preparatory messing round with weird licensing codes and what have you, and of course it didn't require one tenth the amount of postprocessing to reach the desired level of functionality - compare the twenty second operation of setting up a LaTeX which worked to the corresponding twenty Windows minutes of setting up one which didn't.

Your anecdotal mileage may obviously vary.

link
dvtv75 3337 days ago
A couple of years back, I installed Windows Vista on a Lenovo something (no idea what). Took me three days to find most of the drivers and get it all running, and about an hour to do the actual install. I ran it for a few weeks, then the software I was using had a Linux release, so I threw on Kubuntu (15.04 I think it was). Took me no effort to get drivers, as everything (bar the ancient Geforce 3D drivers) just worked out of the box. The system prompted me to install the 3D drivers, and I was done in under an hour.

Windows Licensing had a funny issue, though - I typed the number in, it rejected it, so I typed it in again, verified every character, it rejected it, typed it in a third time, it accepted it. Installed, booted up, and then it told me that I didn't have a genuine Vista (although the sticker on the system was genuine). I used it for a bit, intending to fix it later, and then one day it popped up telling me I needed to activate the system with a genuine number, which it did without asking for a new one, told me happy things and enjoy my Windows experience.

It's enough to drive you to drink...

link
dahauns 3338 days ago
You needed twenty minues for

  choco install latexdistofchoice
?

(Yeah, I know, I'm being a bit facetious. I omitted three additional lines of PS to first install chocolatey...)

link
interfixus 3338 days ago
I need a lot more than twenty minutes to learn about and ascertain the validity of some third party installation robot, which your choco-thing appears to be.

I then need some minutes to get it started.

And yes, installation proces itself took something on the scale of ten to twenty minutes.

Pacman -Syu (or Pamac if you're in a clicky mood) took care of everything in less time than the BibTeX took to download download.

link
dahauns 3338 days ago
> I need a lot more than twenty minutes to learn about and ascertain the validity of some third party installation robot, which your choco-thing appears to be.

> Pacman -Syu

So it's basically "I know one system much better than the other". And your ignorance is somehow the fault of the OS now?

link
interfixus 3338 days ago
If you fail to understand the difference between an integrated package management system overseeing all or most software installation, and a third party bolt-on component like your chocolate robot, we may not really have the basis of a meaningful conversation here.

Anyway, I am not putting anything or anyone at fault. As clearly stated, I was relaying some anecdotal evidence of probably very littly use to the world at large.

link
beagle3 3338 days ago
The sentiment of "the better product will win" is understandable, but wrong as you present it.

Microsoft managed to gain a monopoly (legally or illegally - doesn't matter) and has used it to illegally keep others out, and network effects now (and for the past 20 years) have been that "goodness" measure - technical mediocrity had been sufficient (although recently they have been doing a lot of excellent technical work since the horrible 2000's)

In every single field Microsoft has not been able to leverage their monopoly (e.g. Phones) they are not in a dominant position, even though in some they maintain a competitive one (Xbox one, c#, SQL server)

link
csydas 3338 days ago
This is very true, since the idea of meritocracy doesn't do a lot to overcome business inertia of being in a Microsoft Environment.

If there is a Linux solution that in every way exceeds a Microsoft Solution from a technical and price standpoint, you still need to weigh in the transition costs, employee costs, and the long term effect of changing. It's not always as simple as "X is better than Microsoft's Y, people will use it." There are far more things that get considered, and you can get tied down pretty heavily when your entire workflow and operations rely on a single product or vendor.

The longer you've been using a product, the harder it is to get away from it. It's not that Linux isn't good or making a lot of cool progress in all realms, it's that Microsoft does "good enough" and the transition isn't seamless enough for many use cases.

link
averagewall 3338 days ago
Part of why they succeeded was by being first. Linux was certainly much worse than Windows in the early days when people still used DOS together with Windows. Being first means it was massively better for those people at that time.

Plan9 lost out to Linux, perhaps partly by being too late. Do we blame Linux for being horrible?

link
beagle3 3338 days ago
As a user of both circa 1994 - no, Linux was definitely not worse. It was about a thousand times more stable, though it lacked e.g. A word processor.

When Microsoft produced win 2 and 3, they unfairly (and likely illegally) used their DOS and then Windows monopoly to stop competitors (DR DOS, BeOS, a few lesser known ones); they later used the Windows monopoly to embed IE and kill Netscape. It didn't matter that IE was, in fact, a better browser - everyone wanted Netscape, and it was only with the IE4 merge into the OS that Microsoft took the internet.

I was involved with one of the smaller and less famous Microsoft victims at the time, and I can assure you that regardless of technical merits, MS made very significant progress by playing dirty.

They paid billions in court for it, but economically it was worth it to them.

link
reitanqild 3338 days ago
But linux wasn't made to be easy to use, to be quick and easy to install, to install other software onto, etc

Just for the record in case someone isn't aware: Modern Linuxes are often easier to install and install software onto (as long as that software isn't written specifically for Windows or Mac OS.)

link
flukus 3338 days ago
I find they still fail a lot of the time. Some issue's I've come across recently:

* no UI scaling for hi res. Sure you can change it manually, but you have to be able to read the login screen to get that far.

* Can't change login screen resolution (haven't seen a way to do this on any distro I've tried).

* Default is to max resolution available (I'd say 1080p is a more sensible default, especially if there is no automatic scaling).

* Secondary drives require manual mounting (or doing it yourself at the command line).

link
reitanqild 3338 days ago
>> But linux wasn't made to be easy to use, to be quick and easy to install, to install other software onto, etc

> Just for the record in case someone isn't aware: Modern Linuxes are often easier to install and install software onto ...

I think my "often" accounts for this.

Also you are now discussing something else (hi res) vs general ease of use.

link
flukus 3338 days ago
> Also you are now discussing something else (hi res) vs general ease of use.

I'm discussing the challenges I've run into getting to a working installation, which is a lot more time and effort than running the installer, yet still part of the installation process.

link
geocar 3338 days ago
I have all of these problems with Windows.

So many apps fail with HiDPi that I just use an external monitor.

Having to compress folders by selecting "send to" and digging around the tray for an eject button, is something I can't figure out how to solve so easily.

link
averagewall 3338 days ago
You don't actually have to eject USB drives. Be default, windows doesn't cache writes to removable media.
link
shakna 3338 days ago
> Can't change login screen resolution (haven't seen a way to do this on any distro I've tried).

Really? You mention in another thread, you used Ubuntu. So you apparently didn't notice this [0] or this [1]?

The issue with this and complexity, is that login screen resolution is often handled by GRUB, not Linux.

Edit: In future you can drop into a commandline via Ctrl+Alt+F1

> Secondary drives require manual mounting (or doing it yourself at the command line).

Install usbmount if its connected by usb, and it'll be automatic.

If it's an internal drive, try gnome-volume-manager and it's a tickbox away. (Which is on quite a few distros by default).

[0] https://askubuntu.com/questions/794074/login-screen-resoluti...

[1] https://askubuntu.com/questions/73804/wrong-login-screen-res...

link
flukus 3338 days ago
> Really? You mention in another thread, you used Ubuntu. So you apparently didn't notice this [0] or this [1]?

Neither of those solutions are user friendly are they?. You think an average person knows what grub is? I did come across the second one actually, but I have no idea if the solution is still relevant or not. I haven't seen anything to indicate what login manager I'm even running, where is this information displayed?

I'm talking about kdm/gdm or whatever is installed these days.

> If it's an internal drive, try gnome-volume-manager and it's a tickbox away. (Which is on quite a few distros by default).

It's there and configured to mount at startup. I keep most of my steam games on there. But if I log in and start up steam all the games are missing. If I navigate to the drive through the file manager and then start steam then it will find them properly. I have no idea what's going on but it doesn't appear to be mounting the drive at startup.

link
shakna 3338 days ago
> Neither of those solutions are user friendly are they?

Neither is Windows. [0]

Changing a login screen is a bit of a technical thing, for technical reasons. Maybe it could be better, but at the moment, everyone sucks equally.

> I haven't seen anything to indicate what login manager I'm even running, where is this information displayed?

Most distros use systemd nowadays, so this is something that is becoming easier:

    cat /etc/systemd/system/display-manager.service | grep '/usr/bin'
Otherwise, it can vary system to system. Because things are very customisable.

> But if I log in and start up steam all the games are missing. If I navigate to the drive through the file manager and then start steam then it will find them properly.

The sure-fire fix for this is fstab, but that is a bit technical, I'll admit. I don't mind it much, because Windows can't mount my Linux drive, and OS X can have mounting issues as well when confronted with partitions it doesn't know.

I'm guessing the partition type is NTFS, so try ntfs-config.

[0] https://social.technet.microsoft.com/Forums/windows/en-US/ff...

link
kevingadd 3338 days ago
Ubuntu's support for less-common screen resolutions is atrocious. Aside from its poor support for hi-dpi, if you try to install it when using low-res display hardware (like VirtualBox's emulated GPU) some of the important installer UI extends off the screen and cannot be seen or clicked.
link
flukus 3338 days ago
The worst thing is that with Qt or Gtk there is zero excuse for this. Someone went out of there way to created a fixed width window.
link
voidz 3338 days ago
Pure nonsense. Or did you try a distribution from 2002?
link
flukus 3338 days ago
Ubuntu 17.04. Is that recent enough for you?

I've tried antergos, red hat and a couple of others, all with similar issues. Many I didn't get far with because I simply couldn't read the login screen. Antergos doesn't even have user switching working out of the box but it was the only one that supported my graphics card until very recently. I used the gnome variant of each.

link
to3m 3338 days ago
This has always been my experience too. I've installed Linux irregularly numerous times over the years and it's never worked 100% properly on any PC I've tried it on. It suffers I guess from having to run on the same wide range of hardware as Windows does, but with a testing and driver development budget of around 50p and some bits of fluff... still, when it doesn't work, it's my time that gets sucked up trying to fix it, and I'm unapologetic about being unhappy about it.

Things are improving compared to the past, though, because my latest install (Ubuntu 16.04 on my desktop PC) required minimal setup effort and only suffers from these problems:

1. volume control keeps popping up for no reason, and the sound stutters each time that happens

2. using 2 x NVidia GPUs disables XRandR, so some things don't work when I've got a 3-monitor setup

3. for reasons unknown, I can't get 2560x1440 on my 27" monitor (yes, I know, you can change the timings using XRandR...)

4. any time I click and drag in Firefox, Firefox crashes instantly

5. something crashes on startup on every boot (and, yes, I dutifully submit the autogenerated bug report)

However LAN+wifi+3D work, and audio has proven sufficient for basic testing. Things could have been a lot worse.

(Somebody on reddit told me "You have broken hardware or you're too incompetent and shouldn't be anywhere near any computer whatsoever". Well, everything runs fine in Windows... so, ouch.)

link
bitexploder 3338 days ago
Ubuntu 16.04 or Fedora are likely to work better than 17.04. Regardless there is still hardware that does not have the best compatibility. Ubuntu does handle individual high DPI displays well though.
link
shakna 3338 days ago
> to establish a de-facto standard on the home desktop market...

Doesn't this have a lot more to do with pre-installs, and the marketing power that comes with it?

Dell's XPS Linux line and the Asus EEE PC were/are both pretty popular with the average person, so far as I'm aware.

link
bitwize 3338 days ago
Indeed. No one wanted Windows until it came preinstalled.
link
literallycancer 3338 days ago
>If linux or any other open source alternative was a better actual product, it would find its way to the top of the market.

If only the world worked like this..

You probably won't see it happen today, but in the past, it wasn't uncommon for Microsoft to threaten companies with made-up charges, bribe the police to raid their offices and steal their hardware and data, just because they opted to use a different product.

link
davidgerard 3338 days ago
> But linux wasn't made to be easy to use, to be quick and easy to install, to install other software onto, etc...

You can only say that in comparison to Windows if you haven't tried installing both any time in the past 15 years.

link
jmcdiesel 3338 days ago
I have installed both multiple times recently...

Linus is NOT as easy to install software into, its a different process for different distros... if what you want isnt in the repo of your choice you have to add repos (because politics matter in software apparently)... lets not even talk GPU driver issues...

I work on linux and mac, and I play on windows. Im familiar with all 3 environments (including various distros for linux). I'm not ignorant of any of the processes. And while linus is easier for me for the most part (I find OSX to be the simplest "plug and play" OS out there, honestly) - for the average user, its just not...

link
davidgerard 3337 days ago
Windows : Not Ready For The Desktop

https://andrewhickey.info/2012/04/07/windows-not-ready-for-t...

Most Windows users never install Windows.

link
jmcdiesel 3337 days ago
No, they chose to buy a computer with windows on it...

And an article starts with complaining that its not free (money) and not open source - it makes it very clear the level of bias right off the bat.

link
davidgerard 3337 days ago
It's a commentary on presumptions. Did you seriously fail to realise this?
link
doggydogs94 3338 days ago
We will never know the answer to your assertion until more than 1% of the OS market is open source.
link
emmelaich 3338 days ago
Only four minutes according to Kevin Mitnick.

https://en.wikipedia.org/wiki/Microsoft_Windows#Third-party_...

link