Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask the Author of the Latest MS-Funded Windows vs. Linux Study

Posted by Roblimo on from the Out-of-the-frying-pan-and-into-the-Slashdot-fire dept.

Last week on Slashdot you saw a (Microsoft-funded) research study on Windows vs. (Novell) Linux reliability by Dr.Herbert Thompson. Novell disagreed with the study's conclusions. So did most Slashdot readers. Thompson's work been mentioned on Slashdot before, especially his famous five-line script that could change electronic voting machine results and his novel, The Mezonic Agenda: Hacking the Presidency. He's a real, genuine-article computer security expert (and regular Slashdot reader) who is happy to put on his flame-resistant suit and discuss his Microsoft vs. Linux study with you. So ask whatever you like, one question per post. We'll send him 10 of the highest-moderated questions and publish his answers next Monday. He'll jump into the discussion then, which ought to make it rather lively.

22 of 449 comments (clear)

  1. Why risk your creditibilty? by XorNand · · Score: 5, Interesting

    Dr. Thompson:

    Admittedly, I don't know who you are and I haven't read any of your books. Worse, I didn't read your study itself, only its conclusions as reported second-hand by the press. However my lack of knowledge of your backgound is probably consistant with most Slashdot readers and the IT industry as a whole. I have to give you the benefit of the doubt and assume that you are a capable, respected researcher elsewise MS wouldn't have approached you in the first place.

    Could you please explain why you decided to risk drawing your objectivity into question by undertaking this project? Your findings may be 100% valid. And MS may very well have straight-up told you: "Please print whatever you find, even if it casts Windows in a bad light." However, who's going to believe it, even if it were true? If I were in your shoes, I'd be affraid that making a deal like this would ruin my career. If I don't tell MS what they want to hear, word would get out that I don't play ball. If I do report what's in the sponsor's best interest, a lot of people start accusing me of being a shill. Seems like a lose-lose proposition.

    --
    Entrepreneur : (noun), French for "unemployed"
    1. Re:Why risk your creditibilty? by CrimsonSamurai · · Score: 5, Insightful

      Good question. I'd be scared to post anything pro-microsoft on here, as a large number of /. users are pro-linux and anti-microsoft. I myself, am not too biased one way or another. I believe at this time that both linux and windows have their places, and aren't in 100% direct competition.

    2. Re:Why risk your creditibilty? by miffo.swe · · Score: 5, Insightful

      What many of you miss to realize(Microsoft included), is that there are a large group of current Microsoft only customers that are unhappy with their current offerings. Just because someone is against Microsofts decisions doesnt meen they like Linux. Many just see Linux as a catalysator wich will free the market, push standards and make interopability more common between vendors. Its very rare with 100% Microsofts network still Microsoft refuses to support any standard that would make life for their customers easier. The constant steering towards 100% MS networks is pissing people off.

      This really isnt about Linux its about making computers and their software be as standard as the internet.

      --
      HTTP/1.1 400
    3. Re:Why risk your creditibilty? by James_Aguilar · · Score: 5, Insightful

      "Could you please explain why you decided to risk drawing your objectivity into question with insane paranoiac Slashdot readers . . ."

      Corrected. I know it may seem like a troll, but I don't think it is. Something that a lot of the readers of this site don't understand is that not everyone thinks that Linux is the shit to the point of denying all evidence to the contrary. Don't get me wrong, I have one Linux-only computer that I use for work, my other is dual boot, and I like it. I love Linux both for its principles and because it allows me to do things that I can't normally do with Windows, BUT that does not mean that I believe its raw performance to be equal to that of a more heavily funded operating system. And you know what? That's OK. I'd still rather use it.

    4. Re:Why risk your creditibilty? by Haeleth · · Score: 5, Insightful

      I think many here would disagree.

      Hang on, you're saying you believe that you would trust a FSF or OSDL-funded study to be impartial? You're saying that if the FSF funded a study comparing GNU to Windows, and the study came back saying "Windows saves you money in the long term, and Microsoft's Shared Source is as good as Free Software for 99% of users", that the FSF would then be happy to publish that study?

      I don't think so, and I suspect you won't either, if you pause to think about it.

      Nonprofits are not driven by motives which could be considered the mirrored opposite of commercial corporations. There is not the tremendous pressure to turn a profit (or some analog to monetary gain), and in your examples they're run by mere handfuls of individuals receiving very little compensation with only their reputations to fall back on.

      But that doesn't make them impartial! All it means is that the profit motive is replaced by other motives. And there are plenty.

      Think about how much time the major contributors to free software projects put into those projects. Hours, days, months, years of personal time, freely given. Time that could have been spent earning money, or doing charitable work, or even just spending time with their families. Time that was wasted, if it turns out that the software they produced is not actually going to help many people do anything at all.

      When you reach middle age, and the end starts to heave into sight on the horizon of your life, you start to get very, very uncomfortable about the idea that you might have devoted your precious time to an unworthy cause.

      Being so dismissive of FOSS organizations as to just say 'well, eveone's biased anyway' really doesn't seem like an acceptable attitude.

      What's dismissive about that? Microsoft really does think that everyone ought to use Microsoft software, and the FSF really does think that everyone ought to use free software. Everyone is biased. Pretty much everyone does have a pre-existing investment, either of time or money, in one of the options. And human nature does dictate that when you have an investment in something, you are biased towards accepting studies that support it and disregarding studies that don't.

      What's wrong with telling the truth?

  2. My Question by rolfwind · · Score: 5, Insightful

    How can you stay neutral when one side is funding your research?

  3. Selection of applications. by miffo.swe · · Score: 5, Interesting

    The study seemed to only compare comercial applications on the various platforms and not the alternatives. Its very common that comercial apps on Linux have poor support on Linux while the free alternatives blows most out of the water on Windows too. Its not especially hard to select a couple of apps with stellar support on Windows and SAP like support on Linux and blame Linux when the problem really lies in the lack of vendor support. Some vendors even support just one specific linux version without! any patches applied.

    What care was taken in selecting applications with similar support offerings to not bias the study heavily to Microsofts advantage?

    --
    HTTP/1.1 400
  4. Do you agree with Windows Local Workflow by MosesJones · · Score: 5, Interesting


    Microsoft and Linux distros have had a policy for some time of including more and more functionality in the base operating system, the latest example is the inclusion of "Local Workflow" in Windows Vista.

    As a security expert do you think that bundling more and more increases or decreases the risks, and should both Windows and Linux distros be doing more to create reduced platforms that just act as good operating systems.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  5. Re:What about negative results? by Cee · · Score: 5, Insightful

    How many Microsoft-funded studies have been buried because the conclusion was "incorrect"?

    How would Dr. Thompson ever know that? Has he been in charge for a lot of MS-funded studies lately?

  6. A better way of putting it: by einhverfr · · Score: 5, Interesting

    It seems that your study attempted to simulate the growth of an internet startup firm on Windows or Linux. One thing I did not see in the study was a good description of assumptions you made. What assumptions were made in both the design of the requirements and the analysis of the data? What limitations can we place on the conclusions as a result of these assumptions?

    --

    LedgerSMB: Open source Accounting/ERP
  7. What did MS say to you when they gave you funding? by gentimjs · · Score: 5, Interesting

    How many NDAs did you have to sign before starting the study? Did anyone pull you asside to "set the record streight" before the study began? How were you first asked about doing this study? Was it something like "hey, we need a study to boost our TCO stats, here's some cash..." or was it more altruistic like "hey, we need to see how we stack up agaist the competition .. heres some cash, and dont hold any punches!" -GenTimJS

  8. what are the biggest issues by evenprime · · Score: 5, Interesting

    Everyone on /. likes to complain about microsoft security, and microsoft PR people like to point out their improvements. Here's a chance to give ammunition to both sides. What do you think are the three biggest security improvements microsoft has made in the past two years, and what are the three biggest security-related issues that still remain?

    --

    "Weapons should be hardy rather than decorative" - Miyamoto Musashi
    I think that goes for OS's too
  9. Scalability of Results? by hahiss · · Score: 5, Interesting

    You tested six people on two different systems; how is that supposed to yield any substantial insight into the underlying OSes themselves?

    [At best, your study seems to show that the GNU/Linux distribution you selected was not particularly good at this task. But why does that show that the ``monolithic" style of Windows is better per se than the ``modular" style of GNU/Linux distributions?]

    --
    "Every decent man is ashamed of the government he lives under." - H.L. Mencken
  10. Do you think the study was fair? by dtfinch · · Score: 5, Interesting

    The Linux administrators faced some out of the ordinary challenges, not faced by most Linux admins, while the Windows admins faced none.

    For example, most of the time difference between Windows and Linux was spent upgrading gLibC, something that you're really not supposed to do. It's comparable to trying to manually upgrade parts of a Windows 98 system to run a program that required XP, rather than actually upgrading to XP.

    Then, you had the Linux admins getting updates from 4 different sources, rather than just from SuSE's repositories, which is also out of the ordinary, while the Windows admins only visited Windows Update, which only supplies patches to the base operating system, when in reality they'll have to get updates from many other sources if they wanted to keep their apps up to date.

    Do you think this was a fair study?

  11. Why are the requirements different? by altoz · · Score: 5, Interesting

    Looking at your research report's appendices, it seems that the requirements for Windows Administrators were somewhat different than the Linux Administrators. For instance, you ask for 4-5 years sys admin experience minimum for Windows, whereas it's 3-4 years sys admin experience minimum for Linux.

    Why wasn't it equal for both? And doesn't this sort of slight Windows favoring undermine your credibility?

  12. ATMs vs. Voting Machines by digitaldc · · Score: 5, Insightful

    How is it that Diebold can make ATM machines that will account for every last penny in a banking system, but they can't make secure electronic voting machines?

    Also, does the flame-resistant suit come with its own matching tinfoil hat? (don't answer that one)

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  13. OBSimsons... by schon · · Score: 5, Funny

    How do you sleep at night?

    On top of a pile of money, surrounded by many beautiful ladies.

  14. Who determined the metrics by Infonaut · · Score: 5, Interesting
    Did Microsoft come to you with a specific set of metrics, or did you work with them to develop the metrics, or did you determine them completely on your own?

    Kudos to you for braving the inevitable flames to answer people's questions here on Slashdot.

    --
    Read the EFF's Fair Use FAQ
  15. Can TCO be extrapolated from install behavior? by Qrlx · · Score: 5, Interesting
    I wonder if it's really appropriate to make TCO guesstimates from a study which essentialy asks the question "Which OS has nicer installers?"

    From the study:
    We conducted an experiment pitting Windows 2000 Server against SuSE Linux
    Enterprise Server 8, simulating [a] one year period...At the end
    of the period, both systems are then transitioned to the more recent versions of their
    respective operating systems, Windows Server 2003 and SuSE Linux Enterprise Server 9.

    What I find lacking is the business case for upgrading the OS. And why on earth would any enterprise with even the tiniest amount of foresight and planning deploy Windows 2000/SuSE 8 knowing they will upgrade to the next gen just one year later? (Not that there aren't plenty of enterprises who fit your model, not to mention IT workers seeking to "power level" their skills...)

    Now, certainly there is value in trouble-free installs. But can you say with confidence a better upgrade experience is really a fair test of value? Especially when the entire install/patch/upgrade philosophy between Windows and Linux is so disparate?

    In other words: It's no surprise that Windows will perform better on the treadmill, constantly upgrading is at the very core of Microsoft's profitability.
    --
  16. Weak setup by 0xABADC0DA · · Score: 5, Interesting

    If I understand the study correctly, the windows side had to do nothing but set up a server to do a few different tasks over time and run windows update. The linux side had to have have multiple incompatible versions of their database server running simultaneously on a single system and had to run unsupported versions of software to do it.

    Why wasn't the windows side required to run multiple versions of IIS or SQL server simultaneously? In real life if you need to run multiple database versions you use virtualization or multiple systems, especially if one requires untested software. You don't run some hokie unstable branch on the same system as everything else. Why was a linux solution picked that required this level of work? My other related question is, did any of the unix administrators question why there were being asked to do such a thing? For example, did they come back and say they need a license for vmware? If they did not they do not seem like very competent administrators in my opinion.

  17. A Few Comments: by abscondment · · Score: 5, Interesting

    1. Windows administrators are forced to wait until Windows releases a patch for known vulnerabilities to upgrade their systems. Why, then, were the Linux administrators told to attempt to upgrade their systems before Novell had released newly packaged versions of MySQL? The entire point of a package management system is that administrators rely on companies like Novell to correct dependencies prior to deployment. Since Windows administrators have the same constraint (i.e., waiting for security updates to be released), it is an unfair and arbitrary difference that caused a lot of troubles.

    2. Why did you compare the number of patches required to apply between the systems? This is not a measure of security. Windows patches are bundled and affect many parts of the operating system while Linux patches affect individual components. The overtone in your paper implied that fewer windows patches was in some way easier or more secure; what justification do you have for this assertation?

    3. While kernel patches did not require an immediate reboot during installation, the majority of them need a system restart to immunize the system against a specific vulnerability.

      -Page 25, under "Patching and Milestone Upgrades"

      What is the rationale behind this? Were the Linux administrators required to restart at this point? This is an incredibly contrived situation; one can simply stop and re-start the process in question after the upgrade has completed.

    4. Furthermore, the upgrade methodology questionable. Real companies use development and production servers and don't upgrade the production server until a reproduceable upgrade trajectory has been tested on the development server. The actions of these administrators imply that they had no such access, and that there was no possibility for backtracking or restarting after a failed step. Normally, one would expect the ability to nuke the development server and start over, rather than following a bad plan to worse conclusions.

  18. Administrator Skill Test by fdisk3hs · · Score: 5, Interesting

    A quick read of the report shows that the real losers here seem to be the Administrators. Some of the Linux admins "could not meet business requirements", and some were judged as failures by not using vendor-supplied solutions.
    Isn't one of the points of running Linux servers the freedom to use solutions NOT supplied by the vendor? Is it even possible for the Microsoft admins to make changes that aren't fed from the vendor?
    When the only tool you have is the "Upgrade" button, and the button doesn't work, what then? The advantage of Linux in administration is the flexibility to Make It Happen, even if the vendor sends you something broken.
    I know good admins on Microsoft, and good ones on UNIX. They seem to Make It Happen no matter what, because that is their job. Making It Happen sometimes include custom fixes, that are documented, so you can undo them when the vendor comes through (hopefully) later.
    So the Final Question is, why was it bad for the Linux admins to stray from vendor-supplied fixes, and why is the lack of flexibility on the Microsoft side a "win"?