Slashdot Mirror
Fred Moody Says Linux Worst Operating System Ever
I avoided posting this because it really is pretty lame, but its getting submitted a lot. Basically
Fred Moody says Linux Sucks on ABC. He calls it the worst operating system ever based on the fact that bug traq lists more bugs for it then any other operating system. Stories like this just make me roll my eyes: the thing will get tons of traffic from you guys and his editor will say "Good Job Fred" because they got to sell lots of banner ads on it. *sigh*
My first observation is that this is at least partially true, just because of the makeup of the slashdot community. Face it, we do have quite a few linux zealots and quite a few micros~1 haters.
However, I also believe that this has a great deal to do with some flaws in the moderation system.
The first problem I see is that the first posts to an article are the most likely to be modded up. Moderators tend to hang around the couple most recently posted stories.
Not everybody refreshes Slashdot every two hours. The people that do, are the ones that agree most with the stereotypical slashdot agenda.
Insightful posts take time. It could easily take an hour to *read the article*, do some other research, and post some meaningful commentary. Those who post fast seem more likely to spout out their gut feelings.
To sum up: The people who post first are likely to be avid slashdot readers and more zealotous. Posts that are made soon after the article goes up are not as likely to be based on facts.
On hot trigger issues such as this one, I have read comments soon, then comments later and been pleasantly suprised by a couple better posts that get moderated later. Often on looking further, I notice that there are several more that I would have modded higher than the ones that are modded higher.
Let me try to illustrate this with a graph:
Post Quality vs Time: ;+---+ ;+---------------
|high
|
|+---+
|+++--+
|+-+&nbs p;+---+
|++ 
|++ 
|++
|+-+
|++
++
|
|low
+-----------------------------------------
time--->
Sum of moderation done
|more+-------------- -----------
|+-----+
|+--+
|++
|+
|++
|+
|+
|+
|+
||
|
|less
+-----------------------------------------
time---> As you can see from the graphs, I think there are a lot of good comments posted later that don't get moderated, while a lot of earlier comments that might not be quite so good, do.
I suggest the golden moderation system.
You get 5 moderator points.
2 of the are gold.
2 of them are silver.
1 of them is bronze.
gold points can be used on any post at any time. Silver points can be used on posts attached to articles that are more than 2 hours old. Bronze points can be used on posts attached to stories that are more than 1 day old.
I think this would really do wonders for Slashdot.
> He may be in need of a clue, but isn't this the sort of thing that the common folk look at to make their decisions.
Mayhap, but in this case he actually did us a favor. He misrepresents the numbers so badly that even a PHB can understand it (well, at least after you point it out). Once your PHB understands that high profile pundits can so gratuitously misrepresent the facts, the seeds of doubt will be sown.
But it won't be the seeds of doubt Mr. Moody intended to sow. It will be seeds of doubt about all the Old Guard's desperate attempts to discredit the newcomer.
Thank you, Mr. Moody.
--
Sheesh, evil *and* a jerk. -- Jade
I've never seen a post about DOS on Bugtraq. So, but this logic, DOS is the best OS ever. :P
He's just a very moody guy... must have had :)
a bad day today
Funny, when I add up the numbers I get the following:
/ middle.html%3Fvendor%3DMicrosoft%26title %3D%26version%3Dany
NT : 22
SQL Serv: 6
IIS : 12
IE : 6
Outlook : 5
------------
total : 51
And this is only for Microsoft software. You add in all the third party bugs and the total number of NT bugs quadruples.
The 51 number seems a little higher than the 34 that the site claims for the total number of NT bugs, or does NT not come with Outlook, IE, IIS and SQL server?
And W2K adds in 10 brand new bugs. And Office adds a couple more yet.
The grand total is around 218 with all NT bugs (excluding 98 and 2000 entries.) The total number of all Redhat bugs is only 71.
I got this information from this page: http://www.securityfocus.com/frames/?content=/vdb
Maybe you need to look closer next time and not take someone elses word for things? Don't take my work for it, look for yourself.
-- Never make a general statement.
That aside, I'll agree the vulnerabilities in Linux are more visible than in the past due to deployments, but, most of us who've been doing it for several years, have enjoyed some key features that have helped us make this Operating System and it's applications the treasure to administer that it is today and has been for quite some time:
The list goes on. This is why I have 40 different servers out there in the wild supporting several thousand end-users in education, business, and, of course, entertainment.
I'm chalking this one up to a victory. I suggest all others do the same and keep at it. I still believe this is the greatest Operating System that ever existed. And, I do love my AIX and other UNIXes. But, there's really one word that makes the difference: free >:).
Linux rocks!!! www.dedserius.com
www.dedserius.com
VB != VisualBasic
The SecurityFocus stats page clearly shows RedHat's '99 vulnerabilities as 38 - less than 40% of WinNT's.
So where did the 122 come from? Moody added RedHat's 38 to the Linux Aggregate of 84. He's done the same for this year's numbers (RedHat's count for this year is 17, and the total for Linux is 30 not 47). But the Linux Aggregate already includes the 38 RedHat vulnerabilities and it clearly states that in the preface on the page - Moody is either an incompetent researcher or he is deliberately counting vulnerabilities twice in order to discredit RedHat. I'd be consulting a lawyer about the possibility of a libel suit if I were them.
More likely:
You're a home NT user. Same scenario, only the bug wasn't reported. One fourteen year old who's spent half his life in a debugger has it. The entire internet is now screwed, because the kid released a worm that spread through those legions of "mainstream" MS boxen like wildfire. A bunch of Unix geeks spend a few hours developing filters to protect the world's MS boxen and post the filters to Bugtraq, reducing the load on the network enough that everyone can get back to their pr0n. A few days later MS releases a hotfix that does who-knows-what and may or may not work right on your machine. A few days after that it's discovered that the hotfix re-enables a vulnerable activex control, and another worm is released, but doesn't go anywhere because not many people installed the hotfix anyway...
Obviously, no one has sent him the links (yes link_s_) to the "What's fixed in Win2k SP1" pages. I swear there are more bugs listed there than there are lines of source to Mozilla.
"If you look this list over, and measure each system's number of vulnerabilities against the number of its customers, Linux is arguably the worst operating-system product in history, and Microsoft's the best."
True. IF. Obviously, if you accept that criteria, he's right. He correctly notes earlier that NetBSD has just over one tenth the number of bugs as Windows. But, for whatever reason, it has a much smaller market share.
If you are a home user-- he may be right. Let's analyze a case: You are a home linux user. A vulnerability is reported Friday afternoon. Being a non-nerd computer geek, you spend your friday night at a bar. Saturday morning, you have a hangover. Saturday afternoon, you log on, and voila, a patch has been released! (Wow: an fast vendor response). But something else has happened. A lamer with no life rooted your box while you were out partying. Compare that to the following: You're a home NT user. Same scenario, only the bug wasn't reported. One super criminal has it... and maybe the Fortune 500 company is now screwed (which is why they need 24/7 sysadmins on a patchable OS), but there are no script kiddies around to attack you.
What Fred Moody forgets is that Windows is just as complicated an OS as Linux, and therefore, probably had just as many programming "mistakes" made which resulted in bugs. They're hidden... and he assumes they therefore don't exist. Oops. Obviously, in a high security case, this is absurd, and therefore for any serious target, they need an OS like *BSD (or Linux). But for the home user-- is full disclosure really the best choice?
-- Is "Sig" copyrighted by www.sig.com?
No there are not more bugs. There are LESS bugs.
Look at the chart for your self. I have no idea where Moody is drawing his figures from but it certainly is not the chart which shows Windows to be head and shoulders above everyone else's bug count. I would have expected it to do a lot better given the inavailability of their source code.
Heh, I was thinking the same thing as I went over to read the article. Well, I enjoy reading this crap - I love people proclaiming to be experts smucking themselves in public. But, given is pro-microsoft book and his other articles like "Microsoft Greed is Good", I sense that he's doing nothing more than writing a quicky column based on the very last site he went to with 0 (zero) research only to meet a deadline and get something published. ABC on the other hand publishes his crap because they know it'll get to Slashdot and they'll get a ton of traffic, boosting advert hits and revenue. What a twisted world we live in that rather than publishing something factual and with thought these guys publish garbage based on nothing more than a bar-graph and no education solely to generate hits regardless the gulible morons out there that would actually take his sentiment to heart...
But, it's business, right? "Nothing personal" to quote many a mobster while their victim bleeds to death...
Bugtrack should point out very clearly that it's Linux Open nature that causes such bugs to be openly exposed for the sake of fixing. We hide nothing and make no excuses - if there's a bug then we make sure we know about it and it gets fixed. No commercial OS like Microsoft or Solaris will sit there and publish every bug they find. 37 bugs for Win2000??? Last I heard it was over 65,000. Quite a site more than our measily 47...
The quantity of bugs an OS has is a completely meaningless statistic. What do you think would be a bigger security problem: 60 bullet holes in my front door, or one cannonball hole?
That's where the difference lies. Microsoft security holes on bugtraq are almost guaranteed to be worse than Linux holes. Why? Because, without the source, someone has already encountered the bug in day-to-day use. A lot of these Linux bugs are things like, "Wow, this wasn't coded exactly right; in theory, although I don't know how it could be done, this could be exploited.". Microsoft bugs are likely to be along the lines of, "Ha, ha, I just exploited your OS again!"
"Beware he who would deny you access to information, for in his heart he deems himself your master."
This guy is a well known Microsoft fan. He wrote a book about a year inside MS with the incredible and unironic title
I Sing the Body Electronic: A Year with Microsoft on the Multimedia Frontier . His partisan pro-MS credentials are impeccable.
This would be a good time to check out the Linux Advocacy HOWTO, before lighting up those flamethrowers.
The best-known competitor is Red Hat, but others - notably TurboLinux and Mission Critical Linux - are in the market as well.
Notably? Am I the only one who has NEVER heard of "Mission Critical Linux"? (I'm NOT saying it's bad, but it's pretty much an unknown, and he ranks it up there as "notable." How about Slackware? Debian? Those aren't notable, but "Mission Critical Linux" is. He hasn't done his research.
Linux zealots for years have insisted that the operating system is an invulnerable perpetual motion machine, incapable of crashing or being infested by the kinds of worms and viruses that hackers are constantly sending Microsoft-powered servers.
Can I ask who has ever said that Linux is "Invulnerable", or "incapable of crashing"? I've *NEVER* heard those claims. This guy is an Asshole! Seems to me, he's overexaggerating this crap just to start up the FUD machine.
This looks like an alarmingly high number in comparison with Solaris' 34 or NetBSD's 10, but it is significantly less than the 122 racked up by Red Hat...
For the 800 BILLIONTH TIME: Red Hat is NOT Linux! This idiot is taking a select few distros, and catagorizing them all as "Linux." Someone smack this moron.
If you look this list over, and measure each system's number of vulnerabilities against the number of its customers, Linux is arguably the worst operating-system product in history, and Microsoft's the best. As Linux zealots are beginning to find out, it's a lot easier to
masquerade as a better product than it is to go out and be one.
I could tear this entire paragraph up, but we all know it to simply be FUD. This jackass is trying to generate hits, and he's probably doing a good job.
Oh, did you happen to notice the bottom of the article? Look:
Fred Moody is the author of I Sing the Body Electronic: A Year with Microsoft on the Multimedia Frontier
-- THIS ARTICLE IS A PAID ADVERTISEMENT FOR MICROSOFT CORPORATION. --
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Not only is his claim that Linux has the most bugs disengenuous because he admits that no attempt is made to grade the bugs on severity or whether or not their fixed, but he's patently dishonest. An important part of his claim is that:
This is a bogus claim, though, because he's getting that number by adding up the count for each different version of Linux. That means that, for example, a kernel exploit being discovered will result in not just one but several vulnerabilities on his list- one for each version of Linux that uses that kernel.
To account for this, in fact, Bugtrax has its own Linux aggregate that avoids such double counting and has 84 total Linux bugs last year and 30 this year. (Actually, even that 122 figure seems a bit odd, since if you add up the figures separately you still only reach 98 for all of the distributions listed. It appears that he got it by adding the Linux(aggregate) figure to that of Red Hat, which is totally ridiculous.) Of course someone who uses only one version of Linux would experience only a fraction of these, but an honest count shows that even if you used Debian, Red Hat, Slackware, and SuSe in a heterogeneous network you'd still have fewer vulnerabilities than NT.
There's no point in questioning authority if you aren't going to listen to the answers.
... For Fred Moody's article:
Score: -1 (Troll)
-- iCEBaLM
He seems to be adding the Redhat number to the LINUX (all) number to get his "122" figure. That means the Redhat bugs are being counted twice.
All this is well-covered over on LinuxToday, btw.
Were we display aggregate number of vulnerabilities (Linux and BSD) the number is
the size of the set that results from the union of all vulnerabilities for the components
without duplication. Vulnerabilities are not counted twice.
(quoted from the introduction at the top of the stats page he used http://www.securityfocus.com/vdb/stats. html)
Okay, lets for a moment assume that we want to go distro for distro... and most people believe that RedHat is one of the more insecure of them...
Vendor, Bugs in 1997, 1998, 1999, 2000 (so far)
LINUX (all), 10, 23, 84, 30
RedHat, 5, 10, 38, 17
WinNT, 4, 6, 99, 37
Geee... despite a minor problem at the beginning the numbers look a little different... don't they? In fact evem the agregate Linux numbers come up better then NT (while not a benchmark I would like to use, its the one he seems to be using). To compare the Unix agregate number properly to Windows, we would have to include the Win9x statistics also... right? Somehow I doubt he'd want to do that.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
I've been around Slashdot for a while now, and I've noticed something. First off, I'll agree with most everyone in saying this guy's article has little merit, but in my experience here's what I've seen with this community: Linux articles (esp. ones like this) are almost *instantly* trashed right off the bat, while any troll who has an article saying basically nothing more than "Micro$oft sux" is almost always praised. I don't mean to pick out MS in that example (and for the last time people, it is an S not a $) it just seems rather immature to me at times that opposition is instantly shot down like that. My 2 cents...
For the last time, PIN Number and ATM Machine are redundancies!
>Damn right. I propose that the link to
/. editors post something like this, it should be preceded with a warning: "get some ad-blocking software first not to generate eyeballs for the troll".
>Moody's "editorial" be removed from the story...
>why should we do this bastard the favor of
>slashdotting his pile of BS?
Because then everybody will go to the ABC site anyway, only to get at the story they will have to sift through many more ad-infested sites.
When
The author seems to confuse bugs in Linux (which is a kernel) with bugs in applications that run under Linux. Microsoft is never blamed for bugs in Windows program that they don't create (say ICQ for example), so why should Linux be blamed for bugs in applications that run under it (like sendmail)? I can think of 1 bug that ever crashed Linux from remote (which was fixed in no time), yet I can remember 3 that affected Windows 95/NT (remember OOB?!).
If an article were ever posted that said Windows is insecure because a lot of applications that run under Windows are buggy, Microsoft's army of lawyers would cause the page to be taken down in an instant. It's too bad there's no one to look out for Linux and other "free" OSes. Besides, to anyone with a clue, bugtraq specializes in bugs relating to UNIX type environments. There's a mailing list called "NTBugtraq" (www.ntbugtraq.com) which deals with all the bugs in Windows.
I'm sure I could ramble on longer if I actually read the article past the initial sentence..
In part, probably because he is published.
One can always peruse the reviews posted for and against his book, I Sing the Body Electronic , or The Visionary Position .
Of course, I should warn that these link to amazon.com -- but the reviews seem pretty split on the merits of his book-length work, too -- some are even a bit witty.
Or, I guess one could simply write him and ask.
Here is what I sent to http://www.abcnews.go.com/service/Help/abc_contacu s.html
Dear Sir,
I was suprised to read a news article on your site that was so clearly biased against Linux and so clearly biased in favor of Microsoft.
In the above article, Mr. Moody's conclusions are suspect and his methods are questionable.
Some of the mistakes that he makes are the following:
The totals for Linux includes many more software packages than does NT. For instance, the apache server is included in the Linux numbers, but the IIS web servers numbers are split apart from the NT numbers and Mr. Moody didn't trouble himself to add them into the list of NT vulnerabilities.
Since Linux distributions include several times the number of servers, clients and other software than an NT distribution, it hardly seems fair to directly compare the two OS'es in this manner. For a valid comparision Mr Moody should probably add in the mail, web browser, and other commonly installed server and client software vulnerablities for say the top three Windows packages in several different catagories to the number of vulnerabilites found in NT.
Since Linux is used as a desktop machine by 4% of the worlds computer users it has a lot of non-server software installed. It is possible to install only server software, turn off the services that you don't actually need and only have to update packages for security reasons 1-2 times a year. It is also possible to run Bastile software against a Redhat box and close numeous security holes before they are even a problem.
Because Bug Track is the primary method of tracking bugs in open source distributions nearly all the bugs will be reported here. Microsoft often hides its bugs in a security through obscurity method that rarely works.
It appears that if a single package has a vulnerablity in Linux then the Bug track list includes the vulnerablity for each affected distribution. Thus, a sendmail report will be counted once for each distribution that uses that version of sendmail. This will tend to artificially inflate the Linux numbers.
Mr. Moody also doesn't take into account how long it takes any given OS to fix each know vulnerablity. Linux will often post the fix with the bug report, or within a couple of hours, while NT products will often go many days or even weeks until a hot patch is released. An example of this is the current vbs vulnerablity that exists in the MS mail client. This is clearly a well known problem, but windows clients are hit again and again by the exact same mail worm.
A final point to make is the fact that even though NT is only used on a third of the web servers on the internet, nearly half the page defacements are against NT boxes.
I am not saying that any OS is more or less vulnerable than any other OS. All OS'es have vulnerabilities and need constant monitoring by well trained security personnel. But some OS'es are much more open and honest about their problems than others.
Thank You!
-- Never make a general statement.
Yes and No. "Release early, release often." The very nature of how things get done encourages bugs to get out. That's how they get found. It's also the reason that it won't ever improve -- current versions of Linux will always be a bit buggy.
You can have stability, but you have to go back a few versions and you lose a lot of flash that way.
I'm messing with Mandrake 7.1 at home, and this Fred Moody guy is actually right about it. It really does suck. I hate it. But it's also has all the [buggy] stuff that I want included. It's flashy and flakey and adminned by a rather poor-quality sysadmin (me) and I can play games on it. That sounds pretty mainstream to me. ;-)
If someone's idea of mainstream is reliability (?!), then here's how to get a pretty bug-free Linux, like the Caldera box I have hidden away under a desk at the office: Get an old outdated distro from a year or so ago, and then apply all the updates. You can build a damn solid box that way, just don't expect Heavy Gear 2 to run on it.
Less bugs than what? As soon as the specify a specific distro release, they set themselves up for a counter-punch.
But there are so many ways of measuring bugginess and vulnerability, Bugtraq items is just one. Mention ILOVEYOU infection rates to the sheep, and the herd may run the other way. It's all just a game of words, and if the Dozers decide to play dirty by quoting meaningless numbers, the zealots in the penguin suits can do it too. BFD.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
With quotes like "[a]ll that aside, though, one conclusion is inescapable", it's clear he understands the flaws in his argument but is willing to propound it anyway. He's clearly trolling for ad revenue and perhaps enough controversy to make a follow-up mea-culpa article a winner also.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Here's an article at SecruityPortal that looked at the same bugtraq data and came to the conclusion that Linux had superior security to NT and showed fewer total advisories and a fewer hacker recess days per advisory.
It seems obvious that ABC is full of crap and has fabricated their results by deliberately misrepresenting factual data.
Now why would ABC (A Bunch of Crap) News do such a thing?
Why are people like Mr. Moody automatically the authoritative source of information on whatever subject they feel like at that moment? Anyone with at least a partial clue knows that posts on bugtraq means fixes are soon to come, which is good for everybody. But how do we get people like Mr. Moody to only comment on subjects he knows and understands?
--
Moody notes that Red Hat Linux leads the way with 122 noted vulnerabilities. Given the shockingly high number of holes open in a RH install, not to mention the overall lack of security (Red Hat 5.1 didn't even enable shadow passwords, and this was preserved in updates all the way up to 6.1, when I reformatted and went to Mandrake) this shouldn't surprise anyone.
"Other Linuxes" (sic) total 47 bugs, which means that any one distribution has fewer reported vulnerabilities than the 99 in Windows NT. Aren't numbers fun?
For more information, click here.
I'm glad someone mentioned this. Remember when Slashdot reported that Windows 2000 had 63,000 bugs in it? Of course, everyone here jumped at it and said, "See, that's why Open Source reigns supreme!" However, a bunch of people replied to that story, saying that Debian and Red Hat were comparatively just as bad.
So what's the point with this?
A bug isn't necessarily a design flaw that's going to take down your program (that bug could just be some complaint of a nitpicky programmer)
Quoting raw statistics without further elaboration is misleading
Just my two cents.
--
--
The real Raunchola isn't cool enough to have any imposters
the scientific community too; when he ran an article: http://www.abcnews.go.com/sections/tech/FredMoody/ moody990914.html about how the new relativisiic heavy ion collider expirements at brookhaven. apparently he thought they were going to accidentally create a black hole that would destroy the world(completely unaware of the fact that collisions of comparable energy occur in the upper atmosphere every day, and we still exist). so he wrote an idiotic little scare column about 'evil scientists'. after recieving a huge amount of email from scientists who work in the field, informing him of how much of a moron he is, he wrote another 'oh poor me' column a few weeks later. now he's doing it again with linux! good job fred, you did it again! and now your burning at the stake will come from the tech. community. :] enjoy!
- "Hear that?! The percolations are imminent! Cease your ingress!"
After reading some of the blatant falsifications and b.s. in his article, I posted a comment through abcnews.com's contact page.
I would appreciate if, for the benefit of your readers, you would note that Fred Moody is a former Microsoft employee. I would also appreciate it if one of your editors would have a chat with him about journalistic integrity and how even a columnist shouldn't misrepresent statistics to further an agenda.
I refer to his column on Linux vulnerabilities, where he "uses" statistics from SecurityFocus to claim Linux is the "worst" OS of all time and Microsoft is the "best". SF states in the first paragraph of their vulnerability statistics page that the stats shouldn't be used to judge how secure an OS is, yet that's exactly what Moody proceeds to do. He then flagrantly fakes a total of "122" vulnerabilities for Linux in 1999, taking Red Hat's 38 and adding that to the aggregate (meaning all distributions, including Red Hat) total of 84. In effect, he counts Red Hat vulnerabilities twice to inflate Linux vulnerability numbers. He also fails to note that each individual distribution has fewer vulnerabilities than either Windows NT or 95/98. Were one to aggregate the Windows numbers, the total would come to 146. Windows NT alone racked up 99 vulnerabilities - higher than the Linux aggregate total.
He also glosses over the "package vulnerabilities" statistics near the bottom of the page. Microsoft products claim the first 12 spots. In 2000, MS products claim 7 of the first 12 - the various Red Hat products (which are known among Linux users as not focused on closing obvious holes) take the other 5. Only TurboLinux gets mentioned in the 2000 list, with 6 vulnerabilities in each of hte two packages mentioned at the bottom of the list.
It is clear that Moody is abusing available statistics, ignoring others, and using his pulpit to push a pro-Microsoft agenda. It is disheartening that ABC would give Moody credibility by posting his columns while they contain such falsifications and omissions. At the very least, a disclaimer noting Moody's past employment would help readers put his writing in perspective. At the most, I would like to see someone technically knowledgable review his columns before publication to ensure he can't twist facts and numbers like he did in this one.
Regards,
Mark Bialkowski
If you decide to feed the troll and read the article, send a comment to ABCnews.com through the aforementioned contact page. A flood of comments questioning Moody's "integrity" might prompt action on ABC's part. Or not. Either way, take the opportunity to call out Moody on this one.
Oh, and make your comment civil. Don't flame, swear, or threaten to "fucking kill" someone. Just explain your reaction to the column and what you feel should be done.
Someday, you're going to die. Get over it.
In other news:
A recent study announced that American president Bill Clinton coughs more than any other American citizen. Clinton has been seen coughing in public and on television over ten times this year, compared to three for actress Julia Roberts, one for celebrity Regis Philbin, and an average of 0.0000001 for every other citizen.
-----
Go ahead, blame me... I voted for Nader!
I've bought 2 CDs in the past few weeks that I wouldn't have if I hadn't heard the MP3s first.
:-)
I've bought 2 blank CDR's in the past few weeks that I wouldn't have if I hadn't heard the MP3s first.
I'll see your senator, and I'll raise you two judges.
I'm wondering if the drive by the major distributors to release a new version every 6 days or so is to blame for the problem. Most of the bugtraq exploits seem to involve redhat based distro's. I don't see very many for debian or slackware.
Basically, I think the issue is one cramming too much stuff in the distro and rushing things out the door.
Am I wrong here? I'm not a security expert, but these bugs seem to be due to overly fast releases.
I think it's a warning sign when a system goes from version 2.x to 7.x in a year. It means that marketing is in control and that's never a goodness.
--Shoeboy
No e-mail address, but you do have a vehicle to express your concerns. Take advantage of the ABCNews.com contact page, and let them know what you think about this.
As for the article, yes, people will be concerned with how buggy Linux is. However, Moody inflated the numbers to make Linux look bad. He added the Red Hat 1999 total of 38 to the aggregate total of 84 (which I assume would include Red Hat) to get 122 vulnerabilities. In short, he counted Red Hat twice. After doing that, he didn't mention a word about Windows' own stats - 99 for NT, 47 for 95/98. The Linux aggregate is less than NT alone.
Also, if you add the separate distro numbers, you come up with 98. I think this means vulnerabilities present across distributions were only counted once, though the page isn't too clear on that. The individual distro numbers are interesting - Red Hat is the worst at 38, Debian next at 29, yet both are lower than Win9x's total of 47.
Any way you slice it, Moody's screwing with the stats to promote his agenda.
Someday, you're going to die. Get over it.
There's a major learning curve involved in using Linux, and until the public at large is ready and willing to take that step, no amount of GUifying or desktop building will remove the underlying need for Linux users to understand how Linux works.
Nonsense! Linux could very easily be converted into very simple system.
A distro designed to come pre-installed and configured (or be installed and configured by a technician), go directly from the logon screen into a non-user-configurable GUI, install only new software packaged in a certain way from a central server, and never let the user see a shell, would be perhaps even simpler and easier to use than a Mac.
Why doesn't one exist already? Two reasons: you can't sell support for a system that just works (no commercial motive), and nobody who programs computers cares about a system like that (no "I'll write it to use it myself" motive). Currently, free software development optimizes for: minimal effort of development, stability, power, and "coolness". Ease of use for the new user is barely a consideration, except in distro installation programs.
Can you really see a bunch of Linux hackers sitting around trying to write a "toaster" distro in their spare time?
Mass market busking might provide the solution to this kind of problem, but it'll be tough to make people understand why giving their money away is in their best interests.
---
Despite rumors to the contrary, I am not a turnip.
The best-known competitor is Red Hat, but others - notably TurboLinux and Mission Critical Linux
Hands up - how many of you never heard of Mission Critical Linux until this? How many of you have never heard of Debian, Caldera or SuSE? And TurboLinux is major?
Linux is arguably the worst operating-system product in history, and Microsoft's the best
I don't think that there's one vulnerability in there for BeOS. I doubt there are any for AtheOS. Therefore, they're even better than Microsoft's platforms.
This boast[linux isn't vulnerable to worms/viruses] has been easy to make, since until 1999 Linux was too much of a fringe product to stand up to the kind of abuse more widely used systems endure.
Actually, it's because Linux is a true multi-user operating system, something not even NT can claim. Solaris is also immune to those kinds of things. If I try to delete every file on my system right now (I'm on Solaris) I will fail, except for wiping out some of my own data. The backups will remain. The system will still boot. Other users will be unaffected.
Free BeOS, runs from a Linux partition
He may be in need of a clue, but isn't this the sort of thing that the common folk look at to make their decisions.
." and the general public won't think any more about it. They will accept is as given that Windows is better because of it.
If Linux is ever going to make it into mainstream, the mainstream will be looking at things just like that. Microsoft will come out with an ad campaign: "We've got less bugs than
So again it raises the question. Should Linux be mainstream? Is it even close to being ready for mainstream? I know a lot of zealots will start flaming away on this one, but when it comes to the general public, they are like sheep. Large numbers (unless it's their salery) frighten the sheep...
Does anyone out there have Moody's email address? Maybe someone could explain NICELY how he completely missed the boat on the bugs.
In Soviet Russia...michael would be rotting in Siberia!
I sent this to editor@abcnews.com, couldn't find any email addresses on their site. If anyone has it, please post the e-mail address of people at ABCNEWS.com to send it to. (BTW, also sent it to legal@redhat.com :))
o ody.html
==============================
I'd like to inform you of a gross error in an article posted today on ABCNews.com:
http://abcnews.go.com/sections/tech/FredMoody/m
Quote:
"This looks like an alarmingly high number in comparison with Solaris' 34 or NetBSD's 10, but it is significantly less than the 122 racked up by Red Hat and the other Linuxes (their 2000 count stands at 47)"
Truth:
As Mr. Moody explained earlier, there exist different vendors who distribute Linux. Examples include Red Hat, SuSE, Debian, and Slackware. BugTraq counts security holes in each Linux distribution independently. In 1999 they counted 38 holes in Red Hat, 10 in Slackware, 21 in SuSE, and 29 in the Debian distribution [1].
Some security holes only affect a specific Linux distibution, and some security holes affect many distributions. For example, Red Hat might suffer from hole "A", but SuSE users might not be effected. SuSE might suffer from security hole "B" while Red Hat does not. Both SuSE and Red Hat distributions might suffer from security hole "C". This is very similar to the way sometimes Windows 2000, NT, 98, and 95 suffer from the same security holes, while other times the holes are dependent to a particular version
BugTraq also counts the total number of security holes in all Linux distributions. This means that in the previous case, we would have holes "A", "B", and "C" for a total of three security holes. Hole "C" would not be counted twice even though it is found in two distributions. This is where Mr. Moody did not bother to get his facts straight. He takes the total number of security holes found in all Linux distributions (84), adds them to the total number of security holes found in Red Hat (38, which were already counted in the previous number, 84), and comes up with the figure 122.
Therefore, the statement that there are "122 [security holes] racked up by Red Hat and the other Linuxes" is completely inaccurate. Minimally, the number 122 should be corrected to the real value, 84. I understand that this will completely undermine Mr. Moody's thesis that "Linux is... the worst operating system", since it clearly shows that all Linux distributions -- taken collectively -- have fewer security holes than Windows NT (99).
However, it is misleading to use the collective statistic of 84 security bugs for all Linux distributions. A user installs a single Linux distribution at a time. Thus, even if a user chose install the Linux distribution with the most security holes (RedHat, with 38), that user would be susceptable to less than 40% of the security vulnerabilities to which a user with Windows NT would be susceptable, speaking quantitatively.
Ironically, the very report to which Mr. Moody refers [1] clearly identifies Windows NT as the most vulernable operating system for both 2000 and 1999. In 2000, it has nearly three times the number of secutiry vulnerabilities as the nearest non-Microsoft operating system.
I believe that the article's gross inaccuracies and Mr. Moody's flagerantly misleading statements warrant a full retraction of the article.
References:
[1] "BUGTRAQ Vulnerability Database Statistics"
http://www.securityfocus.com/vdb/stats.html
People express random and silly opinions. That's fine (it's always been like that). But those people who work for the biggest companies get their random, silly, uninformed opinions heard.
The only times I'm aware of ABC.com news.com msnbc.com suck.com slate.com salon.com etc are when Slashdot talks about them. Why should we pay them ANY mind at all? Why not have an article that says "Michael Low thinks that Windows 98 should have a different backgoround color"?
CT: your first instinct was right: don't bother with this crap. Don't bother ME witht his crap.
Many technical journalists have been writing books on technical subjects. Wearing these titles as a badge of honor, they get increased prestige within the mainstream technical media-a-go-go. Are these technical gurus really technical, or are they blowing smoke?
Different Shades of Blue
"Fred Moody is the author of I Sing the Body Electronic: A Year with Microsoft on the Multimedia Frontier and of The Visionary Position: The Inside Story of the Digital Dreamers Who Made Virtual Reality a Reality." is the tagline that follows Fred Moody's well throught out and researched works of literature--a sort of "in your face" style bio. Just so he knows that you know that he knows what he's talking about.
After all, if he wasn't in the digital know, he wouldn't be published, or would he? News from Amazon's sales rank, a service of Online Book Giant Amazon.com tells a completely different story.
Amazon Sales Stats
Amazon.com keeps a running tally of their most popular books, from the worst in trash romance, to the best in literature, Amazon serves as the ultimate resource in determining how your favorite author rates among his peers.
Take, for instance, "The Official Three Stooges Encyclopedia : The Ultimate Knuckleheads Guide to
Stoogedom", it sold 3.75 as many copies as Moody's "I Sing the Body Electronic". That means it's 3.75 times better.
Techical books can't compare with madcap hijinx? "Using MS-DOS 6.22" has is supporting 4.67 more wobbly desks than Moody's "The Visionary Position", and DOS is better than "I Sing the Body Electronic" by a whopping multiple of 17.5.
Somone thought there wasn't enough idiots freefalling to their death or being rescued by National Guardsmen, and "The Complete Idiot's Gude to Rock Climbing" was born. Guess what Moody? That author is almost 10 times as talented as you.
All that aside, though, one conclusion is inescapable: A book which prompted my English Lit professor to laugh a girl out of class, "Jonathan Livingston Seagull : A Story", is 258 times as good as the year Moody spent with Microsoft. Drag Harry Potter into this and his ranking quickly approaches infinity.
As Fred Moody is finding out, it's a lot easier to masquerade as a great writer than it is to go out there and be one.