Slashdot Mirror
Why UNIX is better than Windows... By Microsoft
BenBenBen writes "According to a whitepaper found on "a fairly insecure server", UNIX not only is more reliable and easier to maintain than Windows (2000 in this case), it's cheaper too. These shock results are reported on both The Register and (the source) Security Office."
Looks like this was written by someone from hotmail explaining why they chose UNIX over Windows initially. A lot of it describes trade-offs that would not matter at all to Microsoft (e.g. licensing costs of Win2k) and the impact to a "startup" is mentioned at least once.
I don't think this is a Microsoft internal memo so much as a hotmail-to-Microsoft internal memo.
Actually, I have a few friends who interned at MS this summer and apparently the phrase "eat your own dog food" is very very very popular on the campus.
If anything, including that phrase in the document only makes it seem MORE credible.
I hate Microsoft much as the next guy, but the headline is *way* overwrought. If you actually read the linked article, it's just an honest pro/con comparison. They mention certain advantages of UNIX (text configuration, small size) and certain advantages of Windows (better internationalization, more developer support, better throughput). Entirely realistic and a perfectly fine rationale document. There are some bits I disagree with (eg. Visual Studio being better than the UNIX development tools) but overall, this is just a document written by an engineer weighing the various issues involved in switching from UNIX to Windows.
A deep unwavering belief is a sure sign you're missing something...
I tend to view any such "inside" source very suspiciously - the halloween paper about how to bring linux down was fairly believable, but this... Well, the register says:
Now, I didnt read the paper itself, so I apologize if this post is missing the point.
Join the elite! Post at score:2! Ghostwheel is online.
No it was almost certainly this over the next few days and weeks I have a feeling we will see many more of these kinds of things.
Also see this.
So no it is not criminal it was a screw up at MS.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
Security Office is admitting to criminal activity?
Not necesarily. They never said they "hacked" it. Read this article at Wired yesterday. Apparently there was a public FTP server at MS that MS employees were using to store sensitive files, because they weren't aware that it was public.
The funny thing is that MS was notified, took the server down, cleaned it, put it back up, and the same employees started doing it again.
If the data is in a public server, then it's not "hacking".
lamenes filter won't let me post the whole document so I will have to break it up
Abstract
This white paper discusses the approach used to convert the Hotmail web
server farm from UNIX to Windows 2000, and the reasons the features and
techniques were chosen. It will focus primarily on the planners,
developers, and system administrators. The purpose of the paper is to
provide insight for similar deployments using Windows 2000. We will
discuss the techniques from the viewpoint of human engineering as well
as software engineering.
Early results from the conversion, which was limited to the front-end
web servers, are:
Windows 2000 provides much better throughput than UNIX.
Windows 2000 provides slightly better performance than UNIX.
There is potential, not yet realized, for stability of
individual systems to be equal to that of UNIX. The load-balancing
technology ensures that the user experience of the service is that
stability is as good as it was before the conversion.
As this paper will show, while the core features of Windows
2000 are able to run the service, its administrative model is not well
suited to the conversion.
The observations related here are derived from experience gained at a
single site. More work would be needed to establish whether they are
representative.
Read it on the Internet Archive here:w ww.securityoffice.net/mssecrets/hotmail.html
http://web.archive.org/web/20011123043914/http://
From Microsoft's public version of the description of the migration:
"FreeBSD, a UNIX-like system similar to the Linux operating system, was used to run the front-end Web servers that handled login"
FreeBSD isn't a "UNIX-like", its a real UNIX!!!
It's a common phrase - I've worked at ICL and Sun, and they both use it. It's just another cliche like "singing from the same hymnsheet" and all the other stupid phrases that nobody would use after 5pm.
Author, Shell Scripting : Expert Re
memo
Advantages of UNIX
.
Commonly, although not strictly correctly, the generic term UNIX
describes a family of operating systems that are deployed on a variety
of systems. Although their internal design may be different, the
variants appear to their end-users as the same system, with minor (and
annoying) differences in usage. There are two variants in use at
Hotmail: FreeBSD, which can be used without license cost and is
available in source form, and Solaris, which is bundled with Sun
hardware. Linux, which is just another UNIX variant, was not used at
Hotmail.
The following sections will examine facts about UNIX (specifically
FreeBSD) as they relate to the conversion problem. We also consider
Apache as an intrinsic part of the UNIX-based solution, in the same way
that IIS is an intrinsic part of Windows 2000 Server.
1) Familiarity. Entrepreneurs in the startup world are generally
familiar with one version of UNIX (usually through college education),
and training in one easily converts to another. When setting up a new
enterprise, it?s easy to work with what you know than to take time
investigating the alternatives.
2) Reputation for stability. Both the UNIX kernel, and the design
techniques it encourages, are renowned for stability. A system of
several thousand servers must run reliably and without intervention to
restart failed systems. For Windows 2000, we must first prove the
stability in the same environment, and we must then convince the rest of
the world.
Apache is also designed for stability and correctness, rather than
breadth of features or high performance demands.
3) FreeBSD is free. Although there are collateral costs (it?s not
particularly easy to set up) the freedom from license costs is a major
consideration, especially for a startup. The free availability of source
also means that it can be fairly simple (or it can be very difficult) to
make local changes [3]
4) Easy to minimize. The typical UNIX server is taking care of one
task, not acting as a desktop and development platform for a user. It is
particularly easy to cut down the load on the system so that only the
minimum number of services is running. This reduced complexity aids
stability and transparency.
5) Transparent. It?s easy to look at a UNIX system and know what is
running and why. Although its configuration files may have arcane (and
sometimes too-simple) syntax, they are easy to find and change.
6) Preference for text files. Most configuration setups, log files,
and so on, are plain text files with reasonably short line lengths.
Although this may be marginally detrimental to performance (usually in
circumstances where it doesn?t matter) it is a powerful approach because
a small, familiar set of tools, adapted to working with short text
lines, can be used by the administrators for most of their daily tasks.
In particular, favorite tools can be used to analyze all the system?s
log files and error reports.
7) Powerful but simple scripting languages and tools. Again,
familiarity and consistency among UNIX implementations is the key. Over
the years, UNIX versions have evolved a good set of single-function
commands and shell scripting languages that work well for ad-hoc and
automated administration. The shell scripting languages fall just short
of being a programming language (they have less power than VBScript or
JScript). This may seem to be a disadvantage, but we must remember that
operators are not programmers; having to learn a block-structured
programming language is a resistance point. Scripts that combine
executables into pipelines are simple to build incrementally and
experimentally, and even the experienced Hotmail administrators seem to
be taking that approach for special purpose scripts (using CMD) rather
than authoring with one of the object-oriented scripts.
On the other hand, PERL (another language that has grown organically
with a lot of community feedback) is more of a programming than
scripting language. It is popular for repeated, automated tasks that can
be developed and optimized by senior administrative staff who do have
the higher level of programming expertise required.
I was curious about the author, so I started Googling a bit. Many of his newsgroup posts are in relation to Microsoft's UNIX products (like Outlook Express for HP-UX and IE for Solaris) and his .sig is ususally "Test Lead, Microsoft Corp." Here he mentions being an ex-employee of OSF and The Open Group.
Enquiring minds and all that.
the no
--16:41:28-- http://www.securityoffice.net/mssecrets/msdetails. html
. html
(try: 22) => `msdetails.html'
Connecting to www.securityoffice.net:80...
connect: Connection timed out
Retrying.
--16:44:37-- http://www.securityoffice.net/mssecrets/msdetails
(try: 23) => `msdetails.html'
Connecting to www.securityoffice.net:80... connected!
HTTP request sent, awaiting response...
Read error (Connection reset by peer) in headers.
Retrying.
Sigh. Anyway, here's the hotmail page, which I got earlier. It's over 100k so I zipped it, you evil slashdotters: http://www.kyz.uklinux.net/new/hotmail.zip
Allow me to preface this by saying that I feel this way *regardless* of which platform you are developing for:
... otherwise you're just wasting people's time. Of course, if you actually *did* develop for *nix, you'd know that there are tons of good mailing lists out there with kind curteous professionals who dont mind answering your questions if they havn't already been answered in the manual.
.. once you're up to speed and can formulate intelligent questions that havn't been answered a million times before, that mechanic will be much more receptive towards helping you learn new things. Its a pretty natural dynamic, and one thats been around in pretty much any profession or industry.
Anybody who doesn't RTFM _before_ asking is asking for trouble. Doesn't matter what platform they're developing for. If you have time to code, you have the time to read the documentation, or a book, or
BUT, in the windows world, there are way more casual programmers who will help other casual programmers be lazy, in order to learn the bare minimum of what must be done to solve a problem. So people are generally more patient in the Windows world because there are less people who would apply the 'what should a professional do' metric against developers seeking help.
That doesn't make *nix developers elitist. Honest to god mechanics dont wanna stand around all day and explain how your engine works. If you're interested enough, you have time to learn the basics yourself
"Old man yells at systemd"
Au contraire. The whole thing is built around that 16 bit 8-3 filename DOS shell. It's the GUI part that's an "afterthought".
Was. WAS built around that 16-bit 8.3 quick and dirty operating system.
It was rebuilt in 1995 to a 32-bit 256 filename DOS replacement, and shortly thereafter in a not-really-DOS-at-all OS called NT.
And in NT, I think the command line was an afterthought. There's a lot that can be done with it, but not nearly enough.
If the paper's legit, expect a command-line resurgance for Windows server. Or at least, hope for one.
(And on a totally different note--I think I'd rather have a "GUI first CLI later" structure than a "CLI first GUI later" strucutre like Linux.)
As a full time Windows developer, I would hate working in Windows if EVERYTHING wasn't easily scriptable. I'll agree that the original nonsense with the registry and VBScript/COM based WSH was a mess, but almost everything has gone XML and by WIndows.NET server everything will be XML configurable. For example, IIS6 is configured like Apache's httpd.conf (but true XML) and there's just a GUI on top for those who want to waste their time or setup a personal web site really quick. Actually, I know people who work internally at MS and they use Perl all the time for automation scripts. I'm not saying that Windows's scripting better, Unix scripting is still a bit more 'natural' IMHO. The problem with Windows is more that the sysadmins generally don't know how to code.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Three clicks in Computer Management won't shut down all services, only user-administerable services.
/maybe/ some file access port for ftp or sftp to upload files. That's it -- none of those silly TCP/UDP135-139 (generalization) ports!
There are a number of services (RPC, NetBIOS, etc) that are VERY difficult to shutdown, and are only useful if you run in a domain or workgroup.
If I have to run IIS on a standalone Windows 2000 box, I DO NOT want these extraneous services running. I want a box that only has ports 80,443,
10b||~10b -- aah, what a question!
2.0 had pipes and redirection too. At the time when MS was going from 1.0 to 2.0, their stratagy was for Unix to eventually replace DOS. That's why they created Xenix.
Sorry to disagree with you, but if you can get work done with Office, which tends to hang without saving your work when inserting graphics, then you should really be able to get a lot more done with FrontPage, which is much cleaner and easier to understand, more reliable, and has productivity features such as macros that Office doesn't. Unfortunately, their marketing sucks. Oh, and by the way, Word was obviously a clone of WordPerfect, just as Excel was obviously a clone of Lotus123 which was a clone of VisiCalc. Original programs, indeed!
"Freedom means freedom for everybody" -- Dick Cheney
Are slashdotters extremely naive or something? Every company takes a look at the competition and compares it to their own product, distributing memos on whats better about the competition so that they can improve on their own products. This isn't news. It's business.
I was about to mod you down but decided to respond instead.
Have you read the article? I suspect not. As you are clearly unaware, Microsoft bought Hotmail. At the time they bought it, Hotmail was running on FreeBSD. Much to Microsoft's shame, they couldn't port Hotmail to Windows and keep the service running. Finally, after months and months and months of effort, they did it. But it isn't done well and as this report demonstrates, their own engineers aren't happy with how it's been done.
This has nothing to do with "looking at the competition". This has everything to do with Microsoft's engineers writing up the reasons for the inadequacy of w2k for a large-scale deployment of this kind. Key phrases from the article:
...and so on. You accuse the /. masses of rabidity but it is, as a point of fact, you who are knee-jerking in defence of the justified laughter and celebration of those of us who have to fight against Microsoft FUD on a daily basis. How nice to have a document to point to now and say, "look, if you don't believe me, believe microsoft. Deploying on a *nix platform is cheaper and better!"
Visual C++ is a pile of stinking shit. A C++ compiler cannot call itself a C++ compiler if it only has half-ass support for a nearly 5 year old standard! VC++ 7 is getting better, and the 7.1 beta is supposed to be quite good, but GCC was there a good while before, and GCC's C++ support is *extremely* robust. Visual Studio has a good code editor (though, the auto-indent tries to force you to layout your code in weird ways, like no indent after public: declaration) and a very good class browser, but other than that, it's not great at all. GDB is perfectly comparable to Visual C++'s debugger, and the remote debugging feature has much less overhead on the target (good for developing embedded code) and an open protocol. Visual C++'s make system uses binary files (ugh) and can be quite delicate and easy to fool (at least in VC++ 6.x). Visual C++ is just peachy for writing Windows/MFC/RAD code, but for anything else, the numerous UNIX tools are far better.
PS> Don't even get me started on Visual Source Safe...
A deep unwavering belief is a sure sign you're missing something...
Actually, Word is a clone of Lotus AmiPro.
When they made DOS, they looked at Unix for an example.
They didn't make DOS, they bought it for something like $50k.
When they started to do networking, [...] MicroSoft cam up with NetBeui.
I think that one is IBM's fault.
And where is SSH or even telnet on Windows? True, there's a telnet _client_, but MicroSoft is still behing on the rest of the world here (which isn't so bad for desktop systems, but it certainly is for servers).
You can get an ssh client several places, and I'm fairly certain that win2k ships with a telnet server, though I don't know how useful that is, since windows software is so gui oriented. A better remoting solution is to use VNC or to get XP pro and use their single-client term server.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Office is originally a clone...
Word is a ripoff from WordPerfect
Only if you consider WordPerfect to be a "ripoff" of Wordstar. Or EasyWriter. Or Electric Pencil. Or one of the other dedicated word processing systems that were around for a good decade before WordPerfect was published.
Excel a copy of 1-2-3
Excel was more of an evolution of MS Multiplan, created for the original Mac back in 1985. It had a graphical interface from the start. It followed the same general conventions as 1-2-3, but it would have been silly not to.
(and those copies of Visi-Calc and Visi-Text from early 80-s or was it late 70-s)
VisiCalc was introduced in 1979 . The other Visi-On suite applications did not achieve the same level of success.
Fighting over who did what first is pretty pointless. Software inspires others software. Look at all the open source projects that exist only to ape their existing commercial counterparts.
Then, to compound the idiocy, the comment is modded up as "insightful."
Active State's Perl for Win32 is the only thing that has made it possible at all. It's gotten easier as time has gone by, not so much because Microsoft has given us better tools (although they have) but because the various modules that allow Perl to interact with the Windows APIs have gotten better.
.NET)? Microsoft.
Who do you think invested in Active State to get Perl on Windows (and
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Config files in *nix are often inconsistent and obscure /etc/defaults/rc.conf (unless you can't read)? To wit: sshd_enable=YES. OMG that was soooo inconsistent and obscure?!?! Or how about: hostname="foo.bar.com" WTF? Where do I press OK? What is this, text? Wow, who uses text anymore... Seriously, you have a point about sendmail.cf, but most config files aren't so bad, and even then the defaults are usually what you need, and they're already there, so all that's needed is to turn daemons on or off.
The article specifically talks about FreeBSD, so maybe you should take a look at FreeBSD's configuration files. What could be easier than
-- Never hit a man with glasses. Hit him with a baseball bat.
The dominant presentation tool was Harvard Graphics. It was used by EVERY business that needed a tool like that. Microsoft used it all the time.
Then they created PowerPoint. As typical of their strategy, version one and two we're worth wiping your butt with. A friend at MS was ORDERED to stop using HG and start using PowerPoint. He lost animation, audio, etc.
"PPT is a multimedia presentation tool without the burden of being multi or very useful" in his words.
How to get market share for this ? Hmmmm (/me strokes beard).
I know! Bundle it with Word and Excel, call it "Office" and make that the only way for businesses to buy it!
It was a two-fer. If you lived on WordPerfect and Excel, or Word and 1-2-3 or Quattro Pro, well, when you upgraded, you have both MS products. It's now a bad business idea to also go get WordPerfect or 1-2-3 (to be fair, Lotus never really upgraded 1-2-3 in a timely way and Quattro smoked it for $119).
Need a presentation tool? PowerPoint is Free! (no, your honor, it was fair competitive practices - we just gave customers the 3 tools and charged them for Word and Excel but we didn't make PowerPoint "free").
As it aged, it did become more useful. And bloated. And proprietary.
Uh, sorry, but this is just plain wrong. Microsoft took the code they had from OS/2 and made it into Windows NT.
Uh, sorry, but this is just plain wrong. NT is the product of VMS engineers bringing their talents and experience into a different product.
Ever wonder why the first release of Windows NT was called '3.1'?
No, actually. It was to avoid maturity confusion between NT and Windows 3.1. Releasing Windows NT as 1.0 would have made marketing less effective. Given it had the same UI as Windows 3.1 was another reason.
While your last paragraph is true, it hardly constitutes receiving a score of 5. Moderators need less crack.
Why bother.
It was very labor intensive. And, if there was a substantial edit, you had to go back into the HG file, fix your chart, and re-import the whole damn slide. But the end result was spectacular.
We used HG-98 and Ppt-2002. After we finally transitioned off Win9x to totally XP, most of the HG98 problems (mostly crashes) we were having disappeared. (There was one pesky problem I encountered ... but not something I came accross frequently)
HG makes graphics look so much better than the MS-Office produced stuff that it makes me sick anymore to see Excel graphs.
Yeah, there's nothing I enjoy more than tweaking my sendmail.cf...
why are you editing sendmail.cf? you don't build it using m4 like the rest of the world? more importantly, why are you using sendmail? postfix and qmail are both joys to configure and use.
Config files in *nix are often inconsistent and obscure.
you must be a linux user. try openbsd sometime. there's nothing obscure about the config files: each one has a man page.
How about an open, common XML format for configuration files?
perhaps because XML wasn't designed to be edited by hand?
When they made DOS, they looked at Unix for an example. They didn't clone it; DOS is single-user, single-tasking, with no security or proper separation of tasks (why, if it's single-tasking?), in strong opposition to Unix (even in it's earliest incarnations, I think, but these were made before I was born ;-) ).
Why don't you explain how to write an OS with security and separation of tasks for a machine without an MMU -- a machine like, say, the IBM PC.
MS bought MS-DOS, which was a clone of CP/M, so it could sell MS Basic to IBM. It later added a few UNIX-like features (e.g. hierarchical directories), but MS-DOS was never intended to be a timesharing, minicomputer-style OS, and IBM would never have licensed it if it had been (and not just because the IBM PC lacked the hardware to do timesharing; IBM worried a lot about PCs competing with its expensive proprietary systems, which was why it refused to use the 386 for so long, so there's no chance it would have agreed to use software that was 'too powerful').
OS/2 eventually got a lot of minicomputer-OS features, but IBM resisted at first, e.g. by insisting that it be written for the 286 (which had only brain-damaged memory management) instead of the 386 (which MS wanted to use from the start).
The first MS OS that was intended to be competitive with minicomputer systems like UNIX and VMS was Windows NT, and it was written for MIPS-based workstations, with the x86 port requiring a 386 (avoiding all that half-baked 8086 and 286 crap that went into DOS and OS/2).
>>When they made DOS, they looked at Unix for an >>example. They didn't clone it
4 Insightful?
The rest of your rant seems well written,but it is obvious that you haven't done even a cursory examination of the history of DOS.
To clue you in, Tim Paterson CLONED CP/M (while working at Seattle Computing), which was then PURCHASED by Microsoft and sold to IBM as DOS. This is well known - in fact DOS 1.0 and CP/M were compatible because of this...
You are off base on Word too - Charles Simonyi was brought to MS to lead the Word (later Office) team largely because he had authored the first full-screen word processor (BRAVO). No doubt the BRAVO core was used in developing Word initially - they did not "copy" Word Perfect.
Damn kids...
You could study win2k a bit more before making such statements.
Go to your network card's TCP/IP properties, click the "Advanced" button, select the "Options" tab and edit the "TCP/IP filtering" option. You can then block every port except 80, 443, 21 or whatever you want. There is plenty of reading material covering this.
-h
Actually, at the time DOS was a pretty good OS for a a system running at 4 or 8 Mhz with anywhere from 256- 640k of RAM and it probably owes more to CPM than unix. Personal computers at the time were not networked to any significant extent and a multiuser, multitasking, secure, OS with IP support wasn't feasable on the hardware an average person could buy. The damnable thing about DOS though was that by the time MS came up with Win95 and NT 15 years had passed. In the meantime many better and cheaper OS's and hardware platforms were killed off by the sheer numbers of PC compatables cranked out running DOS and that abomination of a shell that ran on top of it. NetBUI is as much an API as it is a protocol and the previous poster is correct that it is based on NetBios which was an IBM creation. Don't be too quick to knock it though. If you ever need to transfer lot of files across a slow connection on a LAN try using NETBUI instead of TCP/IP as your protocol. IP adds a lot of overhead and and is MUCH slower.
That's what safe mode is for. All services are disabled in safe mode - no matter how badly I've treated the services list during experimentation, safe mode has always let me back in to correct things.
There's also the recovery console if you know what you're doing.
-h
I didn't need to read the linked article, as I've read around ... 6 or 7 other articles about the exact same thing. They all say the same thing like this one in Danish:
= 12 577
http://www.comon.dk/index.php?page=news:show,id
"The ftp server is usually used by Microsoft's costumers to fetch drivers and updates and to upload files to the company's PSS Security Response Team."
And comon is nice enough do link to the server in question:
ftp://ftppss.microsoft.com/
Granted, The Register's article does use language like "poorly protected server" and "discovered", but I see no problem in using those words, if whoever placed the files there didn't think about using some kind of authentication and directory access for those documents. Then you would still "discover" the files on a "poorly protected server" since it was used for something it was not supposed to be used for.
So in short - something is amiss, but using "juxtapositioning" in your language, doesn't mean your covering up an illigal act.
We do not live in the 21st century. We live in the 20 second century.