Slashdot Mirror
Bill Gates: Windows Patched Faster than Linux
petard writes "In a very interesting interview published by the Register, Bill Gates made several interesting claims about Longhorn. Many of them have been extensively covered recently, including plans to force users to patch automatically. Surprisingly, everyone seems to have overlooked his statement that Microsoft fixes bugs faster than Linux developers do. 'We've gone from little over 40 hours on average to 24 hours. With Linux, that would be a couple of weeks on average.' Either he's lying or woefully misinformed; their recent performance seems to be more on the order of 3+ months, or over 2000 hours."
Why do you think they are giving Linux so much attention these days? I think this means we are now in between the "They laughed at us" and "They tried to fight us" part.
And if we follow Mahatma Gandhi's approach, the best approach is to keep doing what we do while letting MS bash away. Eventually it will become quite evident as to which side is interested in doing good for their fellow man.
Un-news
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, Immunix Inc.
Immunix: Security Hardened Linux Distribution
Now I'm no Gates apologist -- I haven't even used Windows for years, except when I am forced to kicking and screaming -- but harping on these statements bothers me.
In 1981, NOBODY needed 640k on the desktop. IBM PCs shipped with a tenth that amount of memory. Even assuming memory growth is exponential in the same manner as Moore's Law, this meant that the average user probably wouldn't need 640k for five years or more. Even in 1987, I remember programs (such as WordPerfect 4.2) that could fit on a single 360k floppy -- so the 640k prediction held for several generations of machine. Not a bad prediction in the computer industry.
There were good reasons for making the 640k assumption. All I'm saying is, don't fault an engineer for making a design decision, even if you don't like him personally.
Having said that, you want a desktop application that takes up more than 4 GB of physical memory? Go download the OpenOffice source and add a line:
calloc(4294967296,sizeof(char));
Take THAT, Bill!
Toronto-area transit rider? Rate your ride.
Most likely, he's just reporting what he's being told. And most likely, it's being mis-measured by someone.
Microsoft is a big company, and Windows is a very complex beast. My initial thought is that perhaps the security developers do indeed code and submit a patch within 24 hours.
But then the patch has to wend its way through the labyrinth of QA and regression testing. Because Windows is so highly integrated, even small changes can have big unforeseen consequences, so they can't rush patches out the door without breaking things. I believe Microsoft makes patches available via their support pages well before it hits Windows Update. What *we* are measuring is the time from bug report to being in Windows Update; what *they* are probably measuring is time to patch submittal or time to initial availability via support.
I really, really prefer the improved code separation in the Unix environment; if, say, BIND has a problem or exploit, it's highly unlikely that a patch it will break Postfix or Apache. Because things are better-separated, the developers understand their packages better and can more confidently push patches into their stable branches.
I worry a little about the way the Unix desktops are becoming increasingly interdependent, with lots of libraries and lots of integration... are we going to end up in the same place, eventually? Microsoft doesn't employ idiots, and considering the amount of trouble they've had scaling, well.... I just hope the free software developers are thinking about this.
When is the last time a vulnerability in the windows kernel was found? To be fair, we will include vulnerabilities in the HAL, since in Linux the kernel contains that functionality as well.
OpenSSH is a part of Linux as much as RPC or Windows Messaging is a part of Windows.
If a linux kernel exploit is fixed in minutes, then it was a pretty dumb bug. Microsoft has been good lately about doing proactive security reviews, and they often find holes before anyone else does. Linux mostly seems to do reactive fixes, at least from where I'm sitting. Which is to say, at a Windows XP machine, but right next to a gentoo Linux system.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's not like revisionist history is a new concept. In 1981, I could completely see, Bill Gates saying the 640K quote, and have it taken out of context. One of the Watson's (of founding IBM fame, I can't remember if it was Sr, or Jr. I'm guessing Sr), once said that worldwide we'd probably only need 5 computers ever. It's not like he's terrible stupid either.
If you really want to have fun and games, write down a particular fact that you can't remember a specific event ever happening in your childhood. Now, store that piece of paper someplace safe. Now everyday imagine that event happening. Picture in your mind how you would remember it if it happened. Over the course of time, you'll "remember" it as a fact that is just like all of your other memories from childhood. You'll know it's inaccurate, but to your mind you can't tell between a the old true memories, and the newly fabricated memories. It's a simple form of brainwashing. I've specific memories that I know for a fact never happened. I constructed a conversation I never had once for the purpose of trying this out. It's the old adage about a lie repeated often enough becomes true.
I'll willingly admit it's entirely possible Bill never said that, and he surely can't prove he never said it. However, I'll never trust Bill's memory about him not saying it. However, if you tracked down the original references to it and debunk that, now you have something. Somebody has to cite it. It's in the Usenet Archives, or in old papers and trade magazines. Find the originals and debunk them, don't cite Bill saying 15 years later that he didn't say it. That's not debunking.
Here, I'll prove it to you. "I've done some stupid things, and I've done some wrong things, but I was never born. Nobody in the human race would ever say they were born.". Does that "debunk" the fact that I was born or not? I'd say my sitting here, and typing into slashdot is pretty strong evidence I was born at some point in the past.
A number of statistics have been proven to be false, but are cited all the time in the past. If you follow all of the original citations back, you'll find they all start at one single reference. The original person who stated it, either lied, or had something wrong with the way they came to the conclusion. By the time anybody figures that out, it'll be a "fact". I know this happened on stuff reguarding sexual orientation (formely common cited stat that 10% of all men are gay), and I believe it's happened on several other occasions about other commonly cited stats.
Debunking involves getting reasonable close to the source and debunking it. Not asking somebody 20 years later, who has a vested interest in not looking like an idiot, if he said something that's blatantly stupid 20 years ago. Read up on what Bill has said about what he thought of the internet.
I believe it was Cringely who pointed out that Bill always proclaims he was a visionary about the net, and saw ahead of everyone how much that could change the world. Yet when you read his book from that time where he was spouting off about what he thought was the next big things in computers, just as the internet went mainstream he never mentioned it once. Bill's in a position where he can't afford to say, I missed that huge new technology. He's Bill Gate's, he thinks Microsoft single handedly invented the Personal Computer. Just read the end of the article.
Kirby