Why UNIX is better than Windows... By Microsoft

BenBenBen writes "According to a whitepaper found on "a fairly insecure server", UNIX not only is more reliable and easier to maintain than Windows (2000 in this case), it's cheaper too. These shock results are reported on both The Register and (the source) Security Office."

Is This Necessarily Bad?

[carb]

At least it shows Microsoft is keeping some goal in mind in developing Windows - personally I was beginning to wonder ...

Re:Is This Necessarily Bad?

[ryochiji]

> intelligent technicians. However, the message gets lost somewhere between tech and management

One of the things I like about my current job is that that doesn't happen. Okay, I don't work for a big corporation, but a university bookstore run by the student organization (employing something like 100 students).

The web-group (which does web design, development, and server administration) reports directly to the bookstore manager (we're the only non-staff employees to do so). The really cool thing is, he trusts our judgement and actually listens to our recommendations. Hell, the other day, we even got him to start using Mozilla!

But I know my manager's an exception. I don't know what it is with managers. I think it's a lot like politicians...the people who want to achieve power are the last ones to deserve it.

Bingo!

[Saint+Aardvark]

From the Register article:

Another strike against Windows is the GUI: "GUI operations are essentially impossible to script. With large numbers of servers, it is impractical to use the GUI to carry out installation tasks or regular maintenance tasks."

I love Unix. But a huge reason for this unnatural affection is the command line, and the enhancements Unix has made to it (pipes, file descriptors, everything-is-a-file, shell scripting). Even if Microsoft turned around tomorrow and made everything GPL, fixed their security holes and sent chocolates and hookers to Linus and RMS, I'd still prefer Unix for the power of the command line.

In Windows, the command line almost seems like an optional afterthought. In Unix, it's the other way around. (Disclaimer: I'm partly joking, and much more familiar w/U. than M [as I'm sure everyone can tell].) And I think for admin purposes, that makes Unix the more powerful choice.

Re:Bingo!

[Surak]

After a few OS/2 releases, MicroSoft quit and took the code they had from OS/2 and made it into Windows 95.

Uh, sorry, but this is just plain wrong. Microsoft took the code they had from OS/2 and made it into Windows NT. Actually, more correct would be to say that when Microsoft and IBM were working on OS/2 3.0, they had a parting of ways by ending their Joint Development Agreement. There was a settlement, and in the settlement they split the OS/2 code -- Microsoft got the new stuff, and IBM got the old stuff. Ever wonder why the first release of Windows NT was called '3.1'? Now you know. :)

Having knowledge of the internals of all three operating systems, I can honestly say it would be *impossible* for Microsoft to have based much of Windows 95 on OS/2 code. Windows 95 is a DOS-based operating system. Its lineage from Windows 3.x is clear. The internals are almost identical, i.e., VMM32.VXD (aka DOS386.EXE) which has always been 32-bit since Windows/386. It's only the GUI and API that changed to 32-bit, the rest of the stuff is nearly identical.

Re:Bingo!

[doug363]

I think this was one of the improvements that the the Hotmail article noted. Firstly, he/she notes:

It proves to be difficult to configure IIS in a precisely controlled way. The metabase is obscure and poorly documented, and produced too many surprises. Furthermore, a system created using sysprep does not produce a ready-to-run metabase.

Consequently, it was necessary to construct the metabase by using scripts. The scripts were a mixture of command files that repeatedly call the mdutil utility, and some special-purpose pieces of scripting code (VBScript in this case, although any language that supports COM would work). The scripts are run as part of the mini-setup step that follows construction of the operating system on the target computer.

Figuring out the metabase structure, which elements needed to be set, and how to suppress the unwanted elements (for example, the trees defining the default and administration site) was the most complex and error-prone part of the entire setup design. Considerable reverse engineering was necessary. Major improvement is needed in the way the metabase is described to users, and the way that administrators can script the commonest tasks.

In the conclusion, the fact that IIS6 programmers are looking into that issue is stated:

3) The metabase needs to be ripped out and replaced with something that is much easier for an administrator to see and understand, and be confident that there are no hidden surprises. The IIS6 planners have heard this opinion.

So that feature may be due to Microsoft's Hotmail experience.

Re:Huh?

[Saint+Aardvark]

Exactly -- my first impression was "They really are smart, aren't they?"

[#include unixfan_disclaimer], but honestly: look at the advantages of Unix over Windows in so many situations. I'd always kind of wondered if MS was ignoring those problems/advantages for marketing purposes, or if they Just Didn't Get It. Looks like the former, which is reassuring.

Why doesn't Microsoft...

[dubious9]

Spend money to fix problems with its software? If they know its poorly coded, why don't they launch an entire other branch dedicated to fixing bugs/product maintenance? It's not like they don't have the money. Throw a billion dollars at .net and windows and see if you can make it better. Hell throw five. They'll still have enough money to run the company for a year without any other income.

As much as we'd all like to think, they people over at Microsoft are not idiots. They have enough money to hire the best and the brightest. They do have some quality products (i.e. those whose securities problems are not much of a problem like games, and i personally like their Intellimouse Optical.).

Can anybody tell me why so many smart people won't see the light of day and dedicate big resources to overcome their biggest drawback?

Re:Why doesn't Microsoft...

[Sloppy]

Why should they improve quality? Would doing this increase their revenue? If anything, I think it might decrease their revenue. Combine that with the increased expense, and you've got a publicly-traded company intentionally making less profit than it could -- I smell lawsuit!

I bet almost everyone who has tried to help Windows users over the last few years has heard actual people (not actors auditioning for the part of a moron on a sitcom) say things like this in real life:

• "Darn it, my Windows 98 system is crashing too often. I need to upgrade to that new one, XP."
• "Darn it, Excel95 locked up the whole machine when I tried to load that document. I guess I need to buy the latest version."
• "Darn, I got a virus again."
• "This computer is slow and unreliable, but I'm going to buy a new Dell soon."

If your customers said things like that, what would you do? Ok, now pretend that you are an evil son of a bitch, and answer that question again.

Re:Does republishing these...

[dpilot]

Or at the very least, a violation of the DMCA?

more developer support?

[phorm]

I might be missing this one, as I don't see it in the article, but...
Since when has the windows community had more developer support? MSDN is a bloody nightmare... in 'nix I've had very little problems tracking down assistance, howtos, and code samples.

Re:Hotmail?

[syd02]

Hotmail still runs FreeBSD...behind the Windows 2000 front-end facade.

Go to http://uptime.netcraft.com/ and type in one of the IP addresses that you find in the HTML source at Hotmail's login page.

Re:Huh?

[capt.Hij]

How many years old is Windows?

The fact that you can ask that question is a key issue. MS has made a decision to be backwards compatible. This represents a huge liability. It isn't such a big deal for BSD since upgrading is just a matter of typing "make." What MS is doing makes a heck of a lot more sense to me than what Appled has done. (Oh great, here goes my karma, but now I've started...) Apple built a culture of bravado about how advanced its OS (interface really) is. Then when they hit a wall they decided to just change the processor and the instruction set. They then did it again when going to OSx.

MS on the other hand is trying to evolve rather than start over. If they are willing to admit that there are flaws then they can make necessary changes. That is the reason that you can ask how old Windows is.

Personally, I wished that they had tossed out a lot of bad baggage a long time ago. I especially liked the last paragraph from the Guardian:
It is terrifying to contemplate the efficiency bonus MS would have enjoyed if it had only been willing to base its entire corporate operations on UNIX instead of eating its own dog food. The software monopolist might today be in the bizarre position of being the world's only consumer of unices.

Re:Wow, you guys have no shame

[dbarclay10]

I read "The Register" like I read "The Weekly World News." It's a tabloid in every sense.

See, that's the problem.

In almost every instance, The Register has been right. Yeah, it may still be irresponsible journalism - but as individuals, and as a company, these guys know what the hell they're doing. They check their stuff, even if it won't hold up to normal journalistic integrity checks.

It's kind of like the difference between talking to a judge and talking to a jury. When you're talking to a jury, you can still be telling the truth, but you don't need to present *nearly* so much hard evidence as you need were you trying to convince a judge.

Not that you couldn't present evidence everybody on the planet considers "hard", but courtrooms have their own standards (think about all the cases that were overturned because some extremely incriminating piece of evidence was thrown out of court on some technicality).

The Truth? You can't handle the truth

[Drestin]

Well, this IS Slashdot so the rush to accept ANYTHING even remotely antiMS is to be expected but I'm suprised that so many haven't spent even a few minutes to think this through.

First, is it a real document downloaded while an FTP server had some unsecured directories exposed recently? Possibly. So what? Does this mean that this is official MS scripture? Do you mean that if we review every file on your hard drive we won't find something that a) wasn't written by you, b) you probably don't want us to see, c) doesn't represent your current thoughts.

Ahh the C option... perhaps this was really written by someone who happens to be an MS employee. Perhaps this guy was just given the job; take Hotmail and move it from BSD to Windows and this guy is like many who might say; but it works as it is. Lets not break it to fix it - lets leave it as it is so I'll write up every reason I can think of not to do this!

Has everyone missed/forgotten the MS papers describing the reasons why and exactly how Hotmail WAS moved from BSD to Windows 2000?

In this document you'll find how untrue so much of what was written in the stolen document. No scripting support in windows 2000 because it also includes a GUI? Are you fucking stupid or what? There is complete scripting control in windows 2000, always has been. You can control every part of windows 2000 networking and services and disks and users and security through scripting. Sure, you can use the GUI too. Does the fact that Linux can run a GUI mean that suddenly it's scripting goes away?

In the conversion to Hotmail they employeed scipts and automation tools builtin to windows. They moved because Windows 2000 was faster and more efficient. It is obviously stable as any honest person running W2K/XP can tell you.

I understand there is a need to attack MS at every step around here. I understand the desire to believe every antiMS piece ever submitted. But sometimes even the more ignorant *nix admin has to eventually read the facts and find that NO OS is perfect. That W2K is not utterly and totally flawed and that it actually is a real competitor for other Server OSes. Once you accept this you can drop the zealous approach and do things in a logic, calm and professional manner. If is really better - prove it to us with grown up responses and facts - not running around waving a copy of The Enquirer which tells us Michael Jackson and Bill Clinton were seperated at birth by aliens somewhere near Roswell.

Re:Huh?

[MrResistor]

You make some good points, but here's my response:

How many years old is UNIX?

I'm unaware of any significant functional breaks during the evolution of UNIX. As far as I can tell there haven't been any, or if there has been it was on the order of the transition from DOS to NT; minor breaks here and there, but on the whole, compatability is maintained.

Re:Exactly.

[sql*kitten]

Are slashdotters extremely naive or something? Every company takes a look at the competition and compares it to their own product, distributing memos on whats better about the competition so that they can improve on their own products.

Indeed and it goes both ways. For example the open source community have been imitating features from commercial software for years - GIMP and Photoshop, KDE and CDE, ext3 and XFS, Mesa and OpenGL, OpenOffice and MS Office etc, etc. It's hardly fair to criticize a commercial entity for studying BSD. Or are the /. editors just bitter because Microsoft hasn't found anything worth incorporating from Linux?

Re:Hotmail?

[dohcvtec]

We probably don't need a whitepaper to tell us what we already knew
No, but this paper shows us that Microsoft already knew what we knew: that FreeBSD is much better in terms of reliability, configuration, and administration. I'd read the "marketingized" version of the (attempted, partially successful) Hotmail conversion before, but this document sheds light on what really happened and why.

Re:The goal in mind being UNIX?

[Hammer]

Office is originally a clone...
Word is a ripoff from WordPerfect
Excel a copy of 1-2-3
(and those copies of Visi-Calc and Visi-Text from early 80-s or was it late 70-s)

Yes Word and Excel has a lot of "features" like the ability to run viru^H^H^H^Hprograms and so on. But OOo is just as good for me (at a much nicer price tag)

Here's another wonderful giggle...

[talks_to_birds]

...from a Micro$oft "server"..

Regarding the much touted recent Windows 2000 Common Criteria Certification, see: Chapter 3 - Secure Configuration for this gem:

"Installation of applications conforming to Windows Installer-based package requirements will have difficulty installing from a CD-ROM on a computer running a Windows 2000 operating system in the Evaluated Configuration.

"The reason is that the Windows Installer service is not a service that was evaluated and is therefore disabled in the Evaluated Configuration of Windows 2000. Additionally, the AllocateCDRoms Registry value that is set in the Evaluated Configuration will not allow Windows Installer to open a .Cap file directly from a CD-ROM.

"Therefore, to install an application conforming to Windows Installer-based package requirements, the Windows Installer service must be temporarily enabled and the "MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms" Registry value must be temporarily set to 0 (this can be accomplished through the Local Security Policy interface)."

So, in order to install any apps on your "secure" Win 2K box, you have to hack the registry and disable the protections that the very Windows 2000 Common Criteria Certification itself were set up to require!

And of course, the "secure" configuration has to have the floppy drive removed, or made inaccessible!

But hey! who's gonna install Office 2K from floppies, anyway?

What are these people smoking?

t_t_b

Very interesting reading

[m0i]

If what's inside is to be taken as facts, it's interesting to see that in a large scale environment:
-IIS management is not easy (due to the metabase, and reloading their custom ISAPI module required an additionnal layer to do it without iisreset)
-there's actually no equivalents for rdist, cron, syslog. They ported them to win32.
-they had to hack the net driver to change MTU on the fly

More important to me: they had an hard time figuring out stuff because of the lack of documentation and all undocumented interfaces. They even didn't suspected all the CLI facilities of Win2000 (nor do I).
So, W2K Server is powerful, yet it's setup in a bloated way making it difficult to manage. I wish some good papers would be written on the subject for all of us stuck with administring such boxes to benefit of other's experiences.

Re:Hotmail?

[syd02]

It may depend on what the load balancer gives you. It does look like they're moving more IIS into the back end. Eventually it will probably be all Microsoft. When someone pointed this out to me a year or two ago, it was pretty clear that most files were being served by IIS, but when you went to login (or do anything else) the form was submitted to FreeBSD.

Now I see that 64.4.14.24 is Running IIS 5, but 64.4.14.23 is running Apache on FreeBSD.

At least loginnet.passport.com is running Windows.

Re:Exactly.

[Fulcrum+of+Evil]

The costs issues you quote was between Windows 2000 Advanced Server and Windows 2000 Server...nothing about *nix.

And $15M is nothing to sneeze at. That's probably on par with the hardware cost.

As for the whitepaper, it seems to me it was written by a *nix admin with little Windows server experience (which describes a majority of /. readers as well).

I dunno, looks fairly accurate - in windowsland, admins are prone to Retry, Reboot, Reinstall because it's often difficult or impossible to find out what is really happening. Also, keep in mind that this guy and his team probably have access to the devs who wrote this stuff, which is more than you can say for almost everybody else (on windows, anyway)

Oh...and interdependencies? Look in the Services console and click on Dependencies. Most even have a short description so you know what it does.

He's probably referring to the compex and non-obvious interactions going on in a windows system. When something breaks, your first clue is when something seemingly unrelated falls over. This is the problem with tight integration.

Once again, the Services console could really help this guy get a clue.

Where ddid he ssay that he had no clue? He merely stated that Unix made it easier

As for random ports being open, that's one reason we have these things called firewalls.

And you're supposed to use both. It's this thing called defense in depth - you don't want to be compromised by a single failure.

I think what he meant to say was, "it is never clear TO ME OR MY TEAM which services are necessary". Others do quite well at it.

Bullshit. given that he is working on a high-profile project within MS, it's probably as clear to him as to anybody. The fact is that another company, when doing a large deployment will have trouble.

You seem to have a rather large chip on your shoulder. Just because some admin says that some specific things in windows are lacking, or overly confusing does not make him a high school dropout with an MCSE.

Systemantics

[jefu]

Along the same lines (more or less) is "Systemantics" by John Gall. Everyone in any kind of organization should read this - especially managers. (Don't worry, they'll have little problem finishing it, it doesn't use too many big words, there are pictures and its only about 100 pages long.)

But it portrays, about as accurately as I've ever seen it, how systems are created to do one thing and end up doing something very different - and usually not something all that valuable.

The following is quoted (excerpted) from the back cover.

• Systems are seductive. They promise to do a hard job faster better and more easily ... But ... you are likely to find you time ... now being consumed in the care ... of the system itself. New prolems are created by its very presence.
• Once set up, it won't go away.
• It begins to do strange and wonderful things
• Breaks down in ways you never thought possible
• It kicks back, gets in the way
• Your own perspective becomes distorted by being in the system
• You push on it to make it work
• Eventually you come to believe that the misbegotten product it so grudgingly delivers is what you really wanted all that time.
• You are now a Systems Person

Re:Difference of approach

[IamTheRealMike]

Config files in *nix are often inconsistent and obscure. Not that hairy, undocumented registry keys are any better.

Hmm, about about clean, documented registry keys? That's the approach GConf takes, it has a lot of advantages over raw text. Too bad all the keys aren't documented at the moment, but that's bugs with individual apps rather than a design flaw.

Re:You really don't get it, do you?

[shyster]

You defend Windows as if it were your lifeline, but tell me... How often do you actually walk into your server room, use the KVM switch to get to the proper server, administer the server in person while looking at a monitor? With a GUI, you almost need to do this.

Disclaimer: Windows is my lifeline. I'm paid to work on Windows machines. And to answer your question, I do it quite often if it's the most convenient way to get things done. Of course, I also have an admin workstation with MMC tools loaded, can telnet in, can run TightVNC, or Terminal Services for remote control, or can use a lot of tools (native Win2K + 3rd party) to administer from the CLI of my own box. Or, I can automate things via WSH using VBScript (my scripting language of choice) if it's something repetitive. Whichever suits me and the problem at hand at the moment and makes my life easier.

Not saying that UNIX is wrong in it's CLI, but saying that a GUI in Windows is not a good excuse for not being able to automate or run from the CLI if you want.

A server is not something that you should not have a mouse or a keyboard hooked up to. It's a little box, in a darkened and protected room. It should NEVER go down. Ideally, it should never even be touched after the day it's installed.

Servers DO go down, both UNIX and Windows. It's a cost of doing business. And you usually don't have to touch a Windows server after it's installed unless you want to change something. That's about the same as for UNIX, isn't it?

You say that open ports on Windows servers should be taken care of by a firewall. Tell me, if Windows were secure, why would a firewall be necessary at all?

So, do you run *nix boxes on the internet without a firewall? I don't. I'd say it's pretty standard practice to put webservers of all kinds behind firewalls, so the paper pointing out open ports is a bit of a red herring.

The imaging servers / multicasting solution you speak of is the lazy man's solution. It is the state of programming society that has lost the interest in efficiency, because modern hardware can cover up inefficiency. The inefficiency still remains. This lazy way is not the kind of mindset that a forward looking, intelligent individual should have. So what if the right way is sometimes a little more difficult?

When the "right way" takes more time, specialized skill, and effort, then it's the "more expensive way". And then you have to weigh the costs involved as well. A forward looking, intelligent individual uses the resources available to him to do the job in the most EFFICIENT manner. When hardware is cheaper than eeking out another .1% performance boost from recoding or optimizing, then throwing hardware at the problem is a viable solution. I can buy 512MB of RAM for less than what it costs for a client to pay me for 1 hour. If that solves the problem, then it makes more sense to buy the RAM. That's business.

Sometimes we don't have fibre, sometimes we don't have 1000BT. Most times, we don't have the massive RAID arrays and ultra expensive hardware that MS can provide.

Yeah, multicasting a 900MB image requires fiber and 1000BT. And huge terabyte SAN's of course. Right. And don't forget the massive supercomputer cluster to process that huge load. My god, it's almost 1.5 CD's worth! That's half of the RedHat download! (I know, RedHat includes more than just Linux, but it's quite feasible to download all 3 ISO's on a DSL line, so I don't think Gigabit Ethernet is required for a 900MB image).

Oh, and a *Nix can have just about everything turned off with exception of the kernel. I can load hardware drivers without rebooting, I can kill every process that isn't necessary.

Umm...you can kill every process in Windows that isn't necessary too. That's why they're called unnecessary. Admittedly, if your only tool is the taskmanager then you're not a knowledgeable admin, so Windows will protect you from yourself...but I see that as a good thing.

I can completely update my system without a reboot, yet every service pack I've encountered requires at least 1 reboot.

Like a reboot is that big of a deal. It takes all of 5 minutes, and can even be scheduled. Let's get off the uptime high horse, eh? If you need 24/7 uptime, there's ways to get it, but be prepared to pay for it...both with *nix or Windows.

I've run into situations where I couldn't "Stop" a service that was running on Win2k, but never with *nix.

Like I said, you're probably not a Windows admin. I am, and have never run into a service I couldn't stop. There are some I shouldn't have stopped, but that's another story. =)

Bottom line is that both Windows (2000) and *nix are good operating systems. Well suited to almost any task required of a server. They both require knowledgeable admins to be used to their fullest potential, but Windows has the edge in ease of use. A semi-technical manager can have a Windows network up in an weekend...not so for *nix. Of course, the price the manager pays is that his server isn't really set up correctly, but that's what you get when a manager or low skilled admin sets up a server. Same thing as when I work on my car, I know it's not up to the same standards as a professional mechanic, but sometimes it's worth the tradeoff. Linux and FreeBSD have advantages in that they're free, highly configurable, and can run on old hardware. Strong selling points for some, not so for others. Everything involves tradeoffs.