Slashdot Mirror
Why Windows Vista Ended Up Being a Mess (usejournal.com)
alaskana98 shares an article called "What Really Happened with Vista: An Insider's Retrospective." Ben Fathi, formerly a manager of various teams at Microsoft responsible for storage, file systems, high availability/clustering, file level network protocols, distributed file systems, and related technologies and later security, writes:
Imagine supporting that same OS for a dozen years or more for a population of billions of customers, millions of companies, thousands of partners, hundreds of scenarios, and dozens of form factors -- and you'll begin to have an inkling of the support and compatibility nightmare. In hindsight, Linux has been more successful in this respect. The open source community and approach to software development is undoubtedly part of the solution. The modular and pluggable architecture of Unix/Linux is also a big architectural improvement in this respect. An organization, sooner or later, ships its org chart as its product; the Windows organization was no different. Open source doesn't have that problem...
I personally spent many years explaining to antivirus vendors why we would no longer allow them to "patch" kernel instructions and data structures in memory, why this was a security risk, and why they needed to use approved APIs going forward, that we would no longer support their legacy apps with deep hooks in the Windows kernel -- the same ones that hackers were using to attack consumer systems. Our "friends", the antivirus vendors, turned around and sued us, claiming we were blocking their livelihood and abusing our monopoly power! With friends like that, who needs enemies?
I like how the essay ends. "Was it an incredibly complex product with an amazingly huge ecosystem (the largest in the world at that time)? Yup, that it was. Could we have done better? Yup, you bet... Hindsight is 20/20."
I personally spent many years explaining to antivirus vendors why we would no longer allow them to "patch" kernel instructions and data structures in memory, why this was a security risk, and why they needed to use approved APIs going forward, that we would no longer support their legacy apps with deep hooks in the Windows kernel -- the same ones that hackers were using to attack consumer systems. Our "friends", the antivirus vendors, turned around and sued us, claiming we were blocking their livelihood and abusing our monopoly power! With friends like that, who needs enemies?
I like how the essay ends. "Was it an incredibly complex product with an amazingly huge ecosystem (the largest in the world at that time)? Yup, that it was. Could we have done better? Yup, you bet... Hindsight is 20/20."
From article:
Our "friends", the antivirus vendors, turned around and sued us, claiming we were blocking their livelihood and abusing our monopoly power! With friends like that, who needs enemies?
Really from the company that's actively pro active in sabatoging privacy and people owning their own software via UWP? So much so that Gabe at Valve wouldn't let the new age of empires onto steam because of the windows store and UWP issue.
Windows isn't exactly a bastion of security. Maybe, just maybe if Microsoft didn't have a history of monopolistic actions themselves, those AV "partners" would have believed them. No sir, not everyone forgot your feuds with NOVEL where you intentionally locked them out of your API only to steal their ideas. Your "screw you" attitude toward OpenGL in favor directx. Etc.
Microsoft is still delusional about the "success" of Windows 10. If the EU goes after Apple over forced deprecation of hardware (battery gate), I sincerely hope they do the same for Microsoft. Windows 10 is a perfect example of it.
Yes it was worth it.
The same cannot be said of W10.
Windows 10 isn't worth the price of "free."
Linux has been more successful in this respect. The open source community and approach to software development is undoubtedly part of the solution. The modular and pluggable architecture of Unix/Linux is also a big architectural improvement in this respect.
So, Microsoft is on the record admitting that Linux's "modular and pluggable" architecture is more sound than Windows' monolithic approach... Not to worry, my friends, the Windows folks won't be behind this 8-ball for long. The systemd folks are working very hard, on closing this gap.
You have the source - you just recompile it. Although you don't have to, since all the distros already have. Your comment is what is bullshit.
How in the hell can Linux be considered "more successful" than even Windows Vista for any of those metrics?
Support for "a dozen years or more" is exceedingly rare within the Linux world. You're looking at RHEL Extended Lifecycle Support to get anywhere near that. Ubuntu LTS releases are only really supported for 5 years, as far as I know.
I think you completely missed his point - Linux was more successful precisely because it wasn't tied up in dozen-plus years of support.
.
Linux development has often devolved into "bickering, lawsuits, and enemies".
Just look at how much strife systemd has caused within the Linux community. Systemd basically tore apart the Debian community and project, and it still hasn't healed even after several years. There have also been numerous arguments regarding systemd in mailing lists, bug reports, and other discussion venues.
Then there are the numerous incidents where Linus has unleashed extreme anger toward other kernel developers for various reasons.
As for lawsuits, just a few days ago Slashdot reported that the IBM and SCO shenanigans are still ongoing. There was also some recent lawsuit involving Bruce Perens that Slashdot reported on. And there was some SFLC and SFC lawsuit that Slashdot reported on. And there was some lawsuit involving the GPL that Slashdot reported on.
This rosy, all-is-good idea that you've got about Linux and open source software is a myth.
From what I've seen of Linux development, and open source development in general, it's far more chaotic, argumentative and disjointed than closed source corporate software development.
This comment is almost literally the entire problem encompassing the Linux platform.
"Just recomplie" (Natch)
Sure. No problem for me, or you.
Tell the average user that who just wants their laptop to recognize their wireless card which requires a niche patch to the kernel to fix, or worse yet someone foolish enough at the end user side to be convinced to run Linux and needs software that they rely on that DOESN'T require a BS in CIS to install when their computer inevitably shits itself.
Want to know why "the year of the Linux desktop" hasn't happened and won't in the foreseeable future? Read. Your. Comment. AGAIN.
This signature is lame.
Vista sucked because they had to fix all the problems stemming from XP being designed as a single user, non networked OS
XP was a direct descendant of NT, which was always designed as a networked multi-user OS. The problem with XP was that, unlike 2000, it aimed for strong Windows 95 compatibility (NT4 and 2000 could run sensibly written Win32 apps) and that included applications that expected to be able to write their configuration files in C:\Program Files\AppName, rather than in the user's home directory, or write to the Local Machine part of the registry instead of the Current User part. Win32 had APIs for doing this correctly from the start (and a lot of apps used them correctly), but a lot of crap just dumped stuff in the wrong place and didn't bother checking for errors so crashed when it didn't work.
The big change around the time of Vista, from security perspective, was the shift in trust domains. In a classic NT (or UNIX) setting, you have a system administrator who has full access and is responsible for installing and configuring software, and you have other users that have their own home directory to play in. The purpose of the OS's security model is to protect the user from other users and to protect the integrity of the system from other users. In a modern system, this is no longer true.
The change is actually the opposite of the one you suggest: computers have become single-user devices, but that user now embodies multiple trust domains. Users run things like mail clients and web browsers that take untrusted data from the network and they want the OS to prevent a compromise in one of these programs (or, ideally, in one part of one of these programs) from being able to access or damage their other data. UAC, which Vista introduced, was part of this shift. There is no longer a separate administrator user (as a user interface - there still is as a kernel abstraction), the user can do whatever they want to their computer but only intentionally. They don't automatically delegate this power to every program that they run.
The end goal for a modern system is for apps to run with very limited privileges, including no access to the user's home directory except for individual locations that are opened using a powerbox abstraction (i.e. open / save dialogs that are owned by a different process that grants access to the locations to the limited application) and explicit privilege elevation for the few things that require it.
The big flaw with UAC was that it only works well as a UI paradigm if the user is asked to elevate privilege rarely. Basically, [un]installing software or doing system configuration should be the only times a user should explicitly be asked. Unfortunately, the whitelists were very incomplete at launch and so users were just trained to click yes.
I am TheRaven on Soylent News