Friday, August 13, 2004

So, There's This Thing Called Open Source...

Windows XP Service Pack 2

"The good news is: this service pack has already been tested by literally hundreds of thousands of beta testers, in a vast array of hardware and software environments, and the feedback and fixes incorporated into the final release." -MS website.

I seem to recall a similar beta-testing program resulting in a little mishap.
Just maybe the idea ought to be fixing the underlying code library, instead of patching specific bugs.
Since M$ seems to have no drive to do this, let me tell you exactly what this means, and why it needs to be done.
See, when M$ built the original Windows operating systems, they created code, from scratch. As each new version of Windows has come out, they've added to this, but the core libraries remained basically unchanged until Windows XP.
Originally, there were two programming "tracks," one for home users: Windows 95 / 98 / Me; and one for business use, Windows NT / 2000. Each had its own core code library, and its own method of doing things. The NT/2K track featured security far beyond what went into the 95-based OSes, not limited to the OS itself, but even extending down to the file system - 95 etc. use the FAT / FAT32 file systems, which are good, but have no individual file security. NT uses NTFS, which allows locking flags to be placed on individual files directly.
Great.
Now, to avoid reinventing the wheel, When M$ built 98, they dragged-and-dropped as much of the original 95 code as they could. Same trick with 2000: huge quantities of NT code exist inside the 2000 OS. Windows XP is the first OS to unify the two tracks; both the home and professional versions are based on the Windows 2000 architecture; in fact, to a degree, it's fair to say that WinXP is Win2K, but more automated for all us dumb users.
Ok, I can understand why they recycle code, really. However, did you ever read the descriptions of the bugs in Windows Update that all the endless patches are designed to repair? 9 out of 10 are so-called "buffer overruns." The reason for this is that M$ treats ALL its software this way; every piece of software they produce draws hugely on the enormous, pre-existing code libraries from previous projects. When they need code to handle a buffer, it's already written; they just drag, drop, and rename the variables. (Well, it's a LITTLE more complicated than that, but not by much.)

The problem with this is that if a problem exists in the code libraries, it can get replicated hundreds of times throughout their software. M$ has shown a great willingness to patch "holes," in their products, but they've shown no tendency whatsoever to rewrite the relevant code in their libraries so that the bugs simply don't show up in the next release of Media Player Whatever, Internet Exploder, or M$ Office. Not that this would be a small project, but it's gotta be better than hiring hundreds of programmers to write patches.

Now we come to one of the alternatives.
There's this thing called "Open Source." I'm sure you've heard of freeware - software that's given away over the internet for free use, for whatever reason. Yeah. This isn't the same thing.
Most freeware is rigorously protected by its owners, who don't mind you using it, but don't want you reverse engineering it, or trying to find out how it works. Open source software is free, but it also comes with the source code, allowing you not only to see how it works, but in most cases, to rewrite it completely yourself. (As witness Bittorrent - the original program is good as far as the network code, but the GUI (Graphical User Interface) doesn't exist, and just about ANY of the knockoff clients is better than the original as far as ease of use.)
The question is, can you really get along without M$?
Well, I'm trying. Right now, I'm using BSPlayer instead of Media Player, Firefox instead of Internet Explorer, Thunderbird instead of Outlook, and OpenOffice instead of M$ Office. Hell, I even replaced notepad.exe with Metapad. (And I mean replaced - took notepad out of Windows File Protection, renamed Metapad, copied it across, so now when Windows opens something with "notepad" what it really launches is Metapad.)
Of those, Metapad is the only non-open source software there, and it's free.
I'm currently building another computer to teach myself Linux, although I haven't yet decided on which distro to use. (Although I admit I'm currently leaning towards Debian.)

Open source software is coded not only by the two or three (or even one!) people who created it, but by anyone who wants to help out; both Mozilla (Parent of Firefox) and OpenOffice allow users not only to submit bug reports, but also to submit code repairs for bugs that they find, and to write their own extensions to the program.

Let me rave for a minute about Firefox. Firefox supports tabbed browsing, which is the kind of feature that puts a huge smile on your face the first time you use it. Firefox takes care of the user-written extensions by including an Extension Manager right in the Tools menu, which lets you install any plugin you want directly into the browser, update your plugins, and uninstall them again, unlike IE, which typically requires a Windows System Restore if you get a bad one. And some of the extensions are really cool - AdBlock and Bugmenot are two of my favorites. AdBlock lets you banish forever banner ads, Iframes, inline flash ads, and basically any other kind of web-based advertising by filters, even allowing wildcards. Good-bye,
http://*.doubleclick.net/*
Seeya,
http://Servedby.advertising.com/*
Later, alligator. Bugmenot lets you enter signin names and passwords to websites that really have no business knowing who you are, like the New York Times. Without signing up. Just by right-clicking. God bless ya.
Plus, Firefox is FAST - really, really fast. Since it doesn't have the enormous amount of associated kludge that IE does, it doesn't take as long to load, can fetch pages faster, and generally outperforms IE at every level.

Now, I started this talking about Windows XP Service Pack 2; so let's go back there for a second. I had a short, but spirited discussion about the anti-piracy features of this patch collection over on Wil Wheaton's forums with one of the other users, which all boiled down basically to:
(Me): The Service Pack won't install if you're running a pirated copy of Windows XP. That's really stupid.
(Him): No, it's not. M$ has the right to protect its *snore* and besides I have no love for pirates.
(Me): Yeah, yeah, BUT: you're really gonna hate it when, 6 months down the road, your favorite website goes down after a DDoS (Distributed Denial of Service) attack from a virus that's infected thousands and thousands of unpatched computers - that wouldn't have happened if they'd been able to patch.
(Him): *sounds of crickets*

See, that's exactly the problem. Microsoft can only protect its investment at this point through one of two means: either drop the price of their product to a point where Joe User can actually afford to buy it, or to allow huge security holes to continue to exist in the pirated computers, thus affecting (potentially) anyone who uses the internet, as the pirated machines become host to a never-ending series of attacks that will no longer run on the legitimate machines. They're not going to lower the price, rest assured of that; and the result of this will be felt in about 8-10 months. Those of us with Mad Phat Skillz!!1!1!!oneoneone, will no doubt still be able to get and install the patch; I've already seen copies of the SP2 release with the antipiracy features hacked available online. That's beside the point. There are probably, according to M$, over 5 million computers worldwide that are running pirated versions of Windows; of those, how many do you really think are run by people who are A. motivated and B. skilled enough to get and install the patch? Not enough, that's for sure.

This is why I'm moving to open source. There's simply nothing I do with my computer (outside of gaming, but I can run a dedicated gaming box in Windows) that requires any Microsoft software. Linux has its problems, but it's a hell of a lot more secure than Windows, and the software I need for my daily use is there. There are open source code compilers, open source office suites, open source music and video players, and sometime soon (take my word for it) someone will come up with a DirectX clone or emulator for Linux. ATi offers drivers for their graphics cards for Linux, and support is growing. Why? Because I'm not the only one that's tired of it. The carousel of patches needs to stop.

Sadly, it won't - most likely, we won't see Windows Longhorn in 2006, either, and even if it IS a full, buffer overrun-free rewrite of Windows from the ground up, it's also going to require a new computer for anyone that wants to upgrade to it. I just can't see paying $1000 or so for an operating system upgrade.

Maybe you can.

1 Comment:

Kar said...

I only ever knew Windows--until about a year ago when I bought a Mac. It's different in some ways and the same in others, but for now I'm happy with it.

I've read a little about Linux online and the open source idea sounds good; I just don't know how much work--or how worthwhile--it would be for me since I don't know much about working with the actual computer code and finding new software and programs equal (or better) than Windows or Mac stuff. Even with a Mac, ClarisWorks does not really compare to Microsoft Word (though I don't know much what else is out there for Macs) and Word for Macs is something I can't afford right now.

Still, the idea behind Linux (and Unix?) sounds solid--more heads are better than one--and I don't think you have to muck around in the code if you don't want to. I guess we'll see in a couple of years when this computer wears out.