__/ [ BearItAll ] on Tuesday 21 March 2006 14:02 \__
> Quote from email this morning,
> "You've got a goldfish. No, really, you have. You love this goldfish and
> you feed it everyday. In fact, you grew to love this goldfish almost as
> much as you love developing".
> <snip quote as it takes you out to buy a kebab whilst leaving the lid off
> the goldfish bowl and a window open>
> "Yep the goldfish is in the cat".
> So why is MS interested in goldfish? Well it is to get developers to log
> into the security web site and help them get it sorted.
> "If you love what you build, protect what you love".
> Now, I actually like this, MS are basically saying, we want to sort out our
> security, please help us. It would have been nice if they had worded it
> like that, ok so they a proud people, well we are too, lets face it we
> defended Linux tooth and nail when the desktop was a bag of shite many
> years ago. (I don't mean the server side, which was top class right out of
> the trap (dog racing term)). But MS are finally saying 'We are in trouble,
> we know our security needs sorting and can you help us with it'.
> Well the answer is yes, but the question is, will you listen this time?
> We've had these net meetings before, we had our own news group many years
> ago, we were invited my MS, for developers and designers where we all
> fought for months over the MS security risks in upcoming distros they were
> about to embark on. In all of the arguing the things that we almost without
> exception agreed on was that you could not take GDI into kernel and have a
> safe secure system (I'll do a Why? at the bottem). Then MS went ahead
> anyway, the speed advantage outweighed the loss of security and stability,
> We also had agreed that full security ought to be in the home desktop,
> though this was before the main rush of virus's other than occasional jokey
> ones, hacking was already a well established game. Still, with the GDI down
> there in kernel and the need for user code to access it, what point would
> they be in any major security work.
> Ok, Win 98 was never meant for business machines, and no one really
> expected the flood of virus's that came. But still major damage could have
> been avoided. After the initial bad decision and the first big waves of
> virus attacks, they was a rewrite of the Windows code which could have
> reversed that, built in a security, closed the door on code that is capable
> of executing without the PC owners permision, then a quick sorry, dust the
> mud off yer pants and carry on with everyone happy. But they didn't do
> Why no GDI at kernel? It is very simple and if you haven't guessed already
> you will se that it is obvious, so obvious that Linux has never seriously
> concidered it. If you take graphics functionality down to kernel level, on
> the machines at the time I'm talking about above, they would be a 35%
> performance improvement (which is what you did get in Win98). But to get
> that improvement it is no use only having system libs/drivers working down
> there, you need to allow user code to run down there too. So there it is,
> unknown user code running at kernel level, initially there wasn't even a
> cage down there, there was nothing at all to protect the machine and the
> user. I was as easy as your code running a system("killtree /windows").
> So you see why we all objected to it.
> As it happens it would now be partialy possible, because code caging
> techniques on Linux are a natural part of the system, so mounting a
> particular kernel for games or graphics within a shell could give some of
> that performance boost, though with the speed of current machines it
> doesn't seem worth it.
With or without performance boosts, MS-DOS could always run Alley cat at
decent speeds, so that you could eat the goldfish without getting
electrocuted. The inability to deliver high performance computing is
possible a side-effect of the lack of competition. Typically, one optimises
and secures when there is a concrete threat. Apparently, Microsoft does not
feel threatened, yet. Look at Windows Vista.