[tlb]

The last 19 years of systems software research have not refuted Rob's thesis. Industry has made incremental progress, academia has written papers but not built much that people want to use. Despite massive increases in graphics processing power, desktop UIs are still about the same as in 2000, just with more shininess.

And the number one thing that could have gotten better in the last 19 years but didn't: security.

[polskibus]

There's a lot of churn in tech - people jump to new stacks for job prospects, instead of solving hard problems in existing frameworks. This is part of the reason why tech keeps on reinventing the wheel instead of providing improved productivity perceived from the business (customers' business needs) perspective.

[eeZah7Ux]

Also, work environments strongly encourage buzzword-driven [development|careers].

It's almost like human society is trying really hard to keep developers busy.

[GuiA]

> desktop UIs are still about the same as in 2000, just with more shininess.

That is because the majority of people fundamentally do the same things with computers than they did 20 years ago. Browse the web, edit pictures, videos, put together presentations, document layout, spreadsheets, etc.

Of course now your home videos are in 4K instead of 320p, and webpages are 10MB of JS instead of 10k of text... but these are changes in scale, not in kind.

However, shiny features is what gets people attracted to your platform, so we get shininess (never mind if functionality actually gets lost in the process).

The perfect illustration of this for me is George RR Martin, a professional writer of indisputable success, doing all of his writing work on a 1980s workstation with WordStar 4.

[i80and]

> And the number one thing that could have gotten better in the last 19 years but didn't: security.

In 2000, people mostly still used Windows 9x. A single-user system with no sandboxing and no built-in firewall.

[tlb]

He's talking about research, so you have to look at the state of the art, not what the masses were still using. In 2000 I used FreeBSD, which was pretty good. It had jails [https://en.wikipedia.org/wiki/FreeBSD_jail] by then, which a reasonable person might still prefer to modern Linux containers.

[kllrnohj]

Windows 2000 also existed at that time, was widely used, and was basically straight out of the future. It had:

NTFS 3.0 with file encryption support

Logical disk management for dynamic disks & expansion of a logical partition over multiple physical disks. Without a reformat.

Distributed file systems & hierarchical storage management.

MMC with group policy control, active directory, centralized event viewer for OS & application events, and system service management

Speaking of which, system services were a thing that actually existed and were managed (systemd fighting still continues, so Linux still hasn't "caught up" on this)

Plug & Play ACPI support (technically windows 98 was the first to support this but it was so broken it was a joke - Linux lagged by a few years and didn't really support it until 2.6).

User-mode print drivers

Network QoS

time service with SNTP support

[cperciva]

We had jails, but we didn't have virtualized network stacks, pluggable TCP congestion frameworks, or bhyve.

[feanaro]

FreeBSD jails have certainly not be a static concept since 2000, so the term "FreeBSD jail" does not denote a single, unchanged thing.

[wyldfire]

> And the number one thing that could have gotten better in the last 19 years but didn't: security.

This is an astonishing claim: what makes you think it hasn't gotten better? It's gotten a LOT better since 2000.

[rayiner]

I’d love to go back to Windows 2000 (and Google circa 2000). The software industry (at least in the desktop side) peaked two decades ago, then spent most of the last decade or so badly reinventing everything on the web.

[kbenson]

> I’d love to go back to Windows 2000

While better than Windows 9X, Windows 2000 was also horrendous with regard to security. That was the era where Windows saw so many exploits and worms, and their security practices so lax that because they started the firewall a few seconds after starting the network interfaces when booting, if you were connected to the internet without a separate firewall on boot (fairly common at that time) it was likely you would be infected by a worm in that few seconds of unprotected networking.

Anyone around at that time will remember the rampant worms infecting large swaths of the internet connected Windows machines. Code Red. Sasser. Blaster. Slammer/Sapphire.

[harryh]

Gmail didn't come out until 2004. You'd be stuck with Hotmail in 2000. Google Maps didn't come out until 2005.

Google Docs (and the subsequent migration of MS Office to web accessible forms) didn't come until even later.

[rayiner]

Gmail is lame compared to Outlook 2000. (It also broke self-hosted email for everyone.) Likewise Google Docs can’t hold a candle to Office 2000 (or even Word Perfect 6.1). It has extremely bare-bones control over text formatting and page layout. E.g. no kerning, limited styling, no footnote styles, limited control of header/footer formatting, no section breaks, etc. No section breaks! The version of Word Perfect I installed from a stack of floppy discs had section breaks!

Microsoft's web apps are a grim reminder of how desktop UIs have evolved backwards. (I’m in the midst of evaluating Office 365 as part of some IT transitions at work.) It's missing tons of features even compared to Word 2000. And it's a total pig. I thought Office was a pig before, but moving it to the Web made everything 10x worse. (Google Docs is less of a pig, but that seems to be because it has less functionality than Gobe Productive on BeOS.)

I’ll concede that Google Maps is better than what was available in 2010. It bet it would be even better if Google turned it into a Win32 desktop app.

[eli_gottlieb]

>Microsoft's web apps are a grim reminder of how desktop UIs have evolved backwards. (I’m in the midst of evaluating Office 365 as part of some IT transitions at work.) It's missing tons of features even compared to Word 2000. And it's a total pig. I thought Office was a pig before, but moving it to the Web made everything 10x worse. (Google Docs is less of a pig, but that seems to be because it has less functionality than Gobe Productive on BeOS.)

Sure, that's all true, but this backwards devolution also ensures the important thing: that you don't really own the code you run, a centralized provider does, and they can change or break it as they please, without having to remain compatible with your machine. This is a business model problem: they've decided they do better off turning your general-purpose, user-programmable personal computer into a dumb terminal that uses 10x bloated-ass Javascript frameworks to make AJAX calls to their HTTP servers.

[eeZah7Ux]

What a false dichotomy.

I'd love to go back to the irreverent hacker spirit of the 90ies.

[bluGill]

Both statements are true. Security in 2000 was worse by a lot, but the need for security was also less. While there were viruses that deleted all your files, they were very primitive compared to what is done today.

[wbl]

We live in a world where the ratio of computers to people is greater then one and still don't have great isolation between peograms.

[0xdada]

We have pretty great isolation between programs on iOS and Android.

[SCHiM]

I hear you, but security wise this point is countered by the fact that every (n-1) iOS operating system has a public lpe exploit available. A user might not be able to jailbreak their idevice, but a hacker can.

[cpach]

I’m not sure what you mean. How would an attacker jailbreak my iPhone 7?

[jascii]

I wonder what makes you say that? There is more social focus on security, however that seems more a consequence of the pervasiveness of computing in our society then in fundamental progress in our systems-thinking. As far as I can tell, the basic security models have not changed much since the late 60's.

[wyldfire]

"the basic security models have not changed much since the late 60's" != "number one thing that could have gotten better in the last 19 years but didn't: security"

Those two are very different claims IMO. Who cares what the basic security models are if you are significantly more difficult to attack?

We can debate whether these were "innovative" or not but the fact is that in 2000 none of these things existed in anything beyond research if at all there: ASLR, stack canaries, RETGUARD, pledge, jails, seccomp, fuzzing, San/kSan/HWAsan (tagged mem), NX, signed bootloaders/secure enclaves. IMO, iOS took huge steps to isolate the different user applications from one another.

EDIT: I deleted a reference to SELinux. It was introduced only a handful of days before Jan 1, 2001 ;)

[jascii]

The article is talking about academic research while most of the examples you quote seem recent(ish) industry implementations of these security models. I'd say that corroborates rather then disputes the authors thesis..

[eeZah7Ux]

If you consider the [admittedly naive] risk equation:

(amount of data to protect * number of systems that store or handle data * level of risk) - mitigation

...you'll probably agree that the mitigation mechanisms improved 100x but the risk improved even more.

[weberc2]

The topic is security research, not security practice. Security practice has improved, but security research has not (or that's the thesis, anyway).

[naniwaduni]

What we see is security practice. The security practices coming into play today that come out of research already done by 2000 were not widespread in 2000. Is there no security research being done in 2017 that we won't have paid much attention to for another decade?

[microtonal]

New operating systems today tend to be just ways of reimplementing Unix. If they have a novel architecture -- and some do -- the first thing to build is the Unix emulation layer.

How can operating systems research be relevant when the resulting operating systems are all indistinguishable?

[...]

Linux is the hot new thing... but it's just another Unix.

Although they are rooted in FP notions of purity and immutability, I would say that NixOS and Guix try to fundamentally change operating systems.

[joker3]

What do UIs have to do with systems research? And given how much easier it is to use an interface that you're already familiar with, isn't it a good thing that they've mostly stayed the same?

[virgilp]

> academia has written papers but not built much that people want to use.

Does "started in academia" not count? Because that'd give you easy counter-examples, e.g. Scala, Spark.

[scott_s]

LLVM is a huge one.

[eeZah7Ux]

The disconnect between research and development* has been constantly increasing.

* "development" as in making a technology usable, not software development