Re: Future of IT in Lebanon

"BM" <m-e-d-a-w-a-r@xxxxxxxxx> wrote in message
news:dmqu5u$ijg$1@xxxxxxxxxxxxxxxxxxxx
> josephmouhanna wrote:
>> Are you saying that if a program (forget about the nature of the program)
>> does not change much in 10 years is better or more secure than a program
>> where a lot of change occurred?
>
> Two points:
>
> - if a program that starts secure does not change then chances are that it
> remains secure (everything else being the same)

There really is no guarantee this would happen. I would not take that bet as
a software developer. Every environmet brings along its own set of threats.
Before networks, plenty of programs were "apparently" safe. Then networks
came, and that exposed a bunch of programs. Then the Internet came and it
exposed a bunch more problems. We thought Cell phones were safe, but once
they started connecting to the Internet, we learned pretty quickly that
they're not (and they do not run Windows). In fact, the latter bolsters the
claim that the size of the opportunity (to screw with hundreds of millions
of cell phone) proved to be irresistible to hackers and they invested the
time needed to create problems in an environment that everyone thought was
not vulnerable (i.e. not Windows).

> - defects increase as new code changes increase (statistically).. there
> are good practices to reduce defects but nevertheless defects are a fact
> of life in a development cycle. I am sure you are familiar with the
> quality-time-cost triangle. If you cut one, you have to cut the other.

Anytime you write a new piece of code, you introduce potential elements of
instability, especially that no piece of code is an island. That's a given.
I also agree that defects are a fact of life, as no one is perfect and those
who think their code is perfect should be given a pink slip, as they are the
most dangerous part of the project.

>> To flat out say that Linux progammers were made and the mold was broken,
>> would fall into the realm of religion.
>
> Agreed, which idiot is saying this?

We'll get back to this one :-)

>> So, in a world, where designers, architects and programmers are actually
>> smart people who know what they're doing, what's left is the factors I
>> listed, essentially the state of the art of the hardware preventing the
>> development of an impregnable OS that will still perform reasonably well.
>
> Sounds like finger pointing.. it's all the hardware fault. :-)

Sometime it's the hardware's fault, but that's not what I'm saying. What I'm
saying is that it's possible to design an OS with theoretical isolation
between the Kernel (brain) and applications, peripheral functions, etc. (the
equivalent of the brain / blood barrier), but today's hardware (CPU, memory,
buses, etc.) is not powerful enough to provide acceptable performance (with
the various abstraction layers needed). Linux does not provide that level of
brain/blood barrier, and Windows obviously does not. In the abscence of that
new generation of OS'es (and no, a completely Java-based system is not that
OS), every single Kernel or fully integrated OS is going to be vulnerable. I
say this with complete emotional detachment. I have been saying this for
years, including when I was part of the development team for a particular
OS. I am not behloden to any master and I sold all my stock in a particular
company (with the exception of 25 shares I keep for sentimental reasons).
I'm re-focusing my energies in the direction of that new generation OS (and
it will be theoretically distributable across multiple hardware platforms).
In that meanwhile, read the first part of this paragraph for a clue on how
much confidence I have in the impregnability of *any* kernel today.

> I disagree with your premise. The hardware can be a Turing Machine.. how
> you program it makes the difference between men and boys :-)

And I disagree with your disagreement :-) as I'm not talking about the art
of programming, I'm talking about the general architecture of the OS/Kernel
(whatever you want to name it) that makes it vulnerable, and there are
certain degrees of vulnerability.

Now, do you want to remind me about the statement you made earlier in
regards to progammers skills, vis-a-vis your statement here about sepration
of the men from the boys :-)

>> The vulnerability issue can be settled with a single test: the system is
>> either secure, and in that case exploitation is not possible, or it's
>> not,
>
> There are degrees of security. The US government has a rating system. My
> problem with Windows is not just security, I manage my own security just
> fine. My problem with Windows is defects, annoyances and faulty design
> assumptions.

Yes, there are degrees of security. The problem here is that you *should
not* be required to manage your security and I would no more say that
Windows is safe than Linux is safe or Mac OS is safe (have you been reading
the latest security breaches there?) There is also the knowledge of issues
as opposed to the willingness to do anything about it (where to place your
resources).

[.........................]
>> Linux security has been breached and Windows security has been breached,
>> therefore there's no reason to believe that the problem can get worse on
>> Linux, giving time and inclination.
>
> That's the problem with binary reductionism.

Call it whatever you like. It remains true. Does the Linux community have
any evidence pointing to exhaustive testing in the field, with millions of
deployed *end user* units, and hundreds of thousands of applications? No.

>> Inclination may also be lacking as it seems as if some folks out there
>> are simply anti-Microsoft. Personally, I think that position is unfair
>> and does not take into consideration the simple fact that Microsoft made
>> the industry,
>
> Yes, it does take a Microsoft culture to make one think so. The world
> could in fact have been a better place without Microsoft.

If you mean my Microsoft culture, then you're not in the ballpark. If you
mean the industry in general, then I'm afraid there's no Microsft *culture*.
The DOJ trial was a clear example that there is no Microsoft *culture*,
anti-Microsoft culture perhaps, and perhaps deservedly so, although most of
those crying foul, were only upset because Microsoft was a monopoly and
*not* them. I am more than willing to criticize Microsoft, even when I was
part of the organization, as I believe in calling the shots like they are. I
can also see when one should give credit where credit is due. We're also not
talking about the world being a better place, I'll leave that lofty goal to
he Linux hard core, I'm simply talking about the *industry*, so perhaps we
can focus on that, and we can discuss social issues in another thread.

So back to the industry, if you follow the trends, the PC industry was
starting to happen, but it was not on a trajectory that would put it where
it is today. Instead, it was fragmented, with no standards, with hundreds of
buses, etc. It was impossible for any single party in this space (software
vendors included), to achieve the economies of scale needed to get volumes
going. The IBM forecast for the PC is public knowledge. IBM forecast that it
would sell thousands of units over the lifetime of the product. These are
facts. What Microsoft did (not Bill Gates as some would want you to
believe), is convince IBM that it would be in their best interested to allow
a clone industry to exist. IBM was then talked into not taking any legal
action, its reward was going to be reduced prices for its platform (higher
parts volume). When IBM realized (too late), what had happened, it tried to
kill it, but the cat was out of the bag at the time. It tried one more time
with Windows, and it failed (spent billions of $s on it), so contrary to
your belief that more money went into Windows, if you go back to the early
days, IBM was outspending Microsoft *and* all Windows developers put
together (there were a couple of them making trinkets), at least ten to one.
Projections pointed to a different conclusion from yours, and the
proprietary systems (as in bundling of hardware/OS), did not do better than
10% of the market (and that's only after Apple started bundling the
Microsoft office software, not the OS -- if you think the OS gives it an
edge -- with its product).

In early 1984, there was this article in Time magazine, with Bill Gates on
the cover. At the time, Microsoft had about 200 or so employees. Time
predicted that one day, software will be sold like music, with standardized
pricing. Well, this did not happen, and perhaps the Microsoft influence had
something to do with it, but to be fair, Microsoft was not the primary
factor behind the bubble of the 1990s, leading to its eventual burst. MSFT's
PE ratio was insignificant compared to the Sun, Apple, Amazon, etc, nt even
a minor factor. Human greed was behind it.

>> and without its business tactics (whether or not you agree with them),
>> the industry, at a minimum, would be 5-10 years behind where it is today.
>
> Or 5-10 years ahead. In the 1980's I used a publishing product on a unix
> box that let me:
>
> - enter content without worrying about formatting. Formatting is ideally
> orthogonal to content and one should be able to change it at will.
> - Edit/view the document in what was then called wysiwyg
> - Edit/view the document in SGML
> - Save the document in SGML or LaTeX
>
> This product feed me completely from worrying about formatting. The
> documents created were what was then called camera-ready typeset.

You'd have to be a bit more specific. The term WYSIWYG was coined by a small
Seattle company called Aldus, it was bought out years later by Adobe. I
don't understand what you mean by entering content without worrying about
formatting.

> I am still waiting for MS Word to catch up with this 80's product.
> Everytime I get exasperated with MS Office annoyances I ask God
> (metaphorically) why is she punishing me?

Again, you'll have to be a bit more specific about where Word needs to catch
up. I'm not a Word fan, and I curse it every day for non-intuitive behavior
(try numbered lists with correct results, or mail merge, or having fields
correctly follow chapters, etc.), but I really don't understand the
comparison you're making with this 80's product.

> Another example, I used a spread*** software called Quatro which was
> leaps and bounds ahead of Excel.

How was it leaps and bounds ahead of Excel, and which Quattro? DOS? Windows?
Version 1? Version 5? Version 6?

> Excel was bundled in an office product. Quatro died, excel lived.

This description does not do what happened justice. Reality: Borland was
making the switch from DOS to Windows. Timeline: 1990. The real Borland
objective is to establish its C++ Compiler as the #1 compiler in the market.
The original Quattro code was completely written in X86 assembler, just like
1-2-3, and the target was Lotus (code name for Quattro 1 was Bhudda as in
Bhudda sitting in the Lotus position, with the Lotus position being #1).
Microsoft at the time had something called Multiplan, and Excel was a
product being developed for the Macintosh. The Qauttro for Window code
(minus spread*** engine) had to be re-written, and Borland was also
re-writing its Paradox database for Windows and they wanted to produce an
office Suite by including WordPerfect (although it came from another
company). The original Quattro had problems getting differences between
dates right, but had great graphs (under DOS). Windows erased the graphics
differences, but the Borland Quattro product borrowed from Xerox for a
couple of major features. In the meanwhile, Lotus sued Borland for stealing
the visual appearance and operation of 1-2-3, Borland did not deny it, but
claimed that Lotus could not pattent the way a product worked. The Supreme
Court split on the issue, letting the lower court's decision (favoring
Borland) stand. About 1992, Borland released Quattro for Windows, but they
failed to achieve object compatibility with Paradox, and integration with
WordPerfect, which was now in the hands of Corel. Borland sold Quattor to
Novell, and the latter also bought WordPerfect. Novell could not make the
combination work, and ended up with a Frankenstein that no one wanted to buy
(lousy reviews, performance issues, etc.). Meanwhile, Microsoft put together
an office bundle, and launched on the heels of Novell's faliure to deliver,
and the rest is history.

> I am still waiting for Excel to match Quatro offering.

Please explain where you felt Excel did not live up to Quattro's prowess. I
believe you can still buy Quattro for Windows today.

[...........................]
> Linux kernel does not make the distinction between server and desktop.
>
>> Actually OS2, 17+ years ago. Hardware platforms premitting a reasonable
>> server, but not mission critical suitable, did not arrive until about
>> 1992-1993.
>
> Linux and Windows run on the same hardware which neutralizes the hardware
> argument.

What's the argument then? performace? better device support? pricing?
security? I was responding to your statement that there were no server OS'es
back then.

>> Actually, the Linux kernel is essentially a freely distributable version
>> of Unix.
>
> If this were true you would see Unix trademark holder suing everybody else
> :-)

Really now? :-) how's that lawsuit going BTW? I don't hear about it too much
any more, but I did see a bunch of links on the Linux advocay site.

> Linux started from a different source tree. Anyway, that's for lawyers to
> argue.

Sure, let the lawyers argue that. In any case, I did not say that Linus is a
replica, what I said was that it's a branch from the same *tree* (not
another tree).

>> Unix predates Windows by at least a decade.
>
> 1970.. but it's a different source tree than Linux so the argument doesn't
> hold.

If it was a clear cut, then why are lawyers still arguing over it?

>> [..] Also, how are you coming up with your funding estimate?
>
> How about by-market capitalization?

Market capitalization and product funding are not related. If this were the
case, Amazon at one point would have had the highest per capita budget.

>> Are you counting the funding that went into Unix over the past 30 years?
>
> Why would I? Didn't MS learn from Unix too (hint Xenix). NT borrowed a
> lot of then current micro-kernel architecture developed for different *nix
> flavors.

I did not claim that Microsoft's work was original. Just like everything
else, it built on previous work. I was countering your point about Linux
funding. FYI, the Microsoft teams that developed Windows, did not do any
work on Xenix, and the original Windows and Xenix had nothing in common. If
you mean NT, then the history that went into NT was not inherited from
Linux, but from the DEC OS platform (via the chief architect who used to be
the chief architect for that line at DEC, predating Unix, and later running
parallel to it). If you don't remember, DEC was the big name before the mini
computer lost its footing.

>> how about the thousands of unpaid coders who contribute?
>
> Free time.. nobody paid them :-)

Hmmmm :-)

>> Do you think more man power went into Windows than Linux or the other way
>> around?
>
> More (unpaid) Labor goes into each version of Linux than (paid) Windows
> labor that's why it is a better product. :-)

Are you changing your position on the funding? :-) In any case, *better* is
a very subjective term. Are we talking features? stability? security?
availability of applications? availability of devices? pricing? etc.

[..................]
>> No, they do not have *individual* specs.
>
> No company that values its reputation crates any product without a spec. A
> company that creates products without specs is a garage operation (not
> that there is anything necessarily wrong with garage operations). Also,
> having a spec and publishing a spec are different notions.
>
>> The spec is called the Hardware Design Guide version 20xx (where xx
>> stands for the year). It is published by Microsoft and created by the
>> hardware vendors who convene with Microsoft.
>
> I am sure MS does but that does not preculde hardware makers from making
> hardware specs for products they create.

Yes, a company will have its own internal spec for the motherboard. This is
not published though, and is irrelevant to this discussion (supporting the
networking hardware under Linux). A driver is written for the component, and
the bus the component it interfaces with, *not* the motherboard. In this
case, what's needed to build a driver for the networking hardware, is the
networking chipset's specs and how it interfaces to the motherboard (PCI,
PCI-X, etc.).

[......................]
> Java is not yet a standard and won't be until Sun opens it up.

Sorry, but this is not the way the market sees it. We may split hairs in
here, but in reality, developers our there are writing for Java (and a few
for Microsoft's .net).
[......................]
> I am not disputing that MS is making money off Mac. Nevertheless, had
> Steve Jobs and Bill Gates not kissed and made up and B.G. pumped an
> infusion of cash into Apple, where would the Mac be today?

So Microsoft did have a positive contribution :-)

> BTW, Mac OS X runs on a *nix kernel :-)

Yes, and have you been following the vulnerability reports?

>> A winning IT strategy is being presented to the Lebanese government.
>> You'd hope they listen. I will write a report on the IT delegation's
>> visit (they're here on the 9th).
>
> Looking forward to reading your report.
>
> Seeing that the portion about Lebanon in this thread has ended..

I'm responding to a current theme of yours on SCL, which is actually
relevant: that Lebanon's best chances are by going Linux and Open Source to
develop an IT industry. I'm presenting some counter arguments, mainly that
Lebanon should not have religion about any of these issues, and while it's
in the process of building a software industry, it cannot affors to
experiment, and needs to focus on the platform that guarantees it the
largest number of potential seats. Linux is not it, it's Windows, Apple, and
Java development. Open Source is something I am not convinced would be to
Lebanon's benefit at this point, especially if the focus is on secondary
applications (to avoid getting squished by the big boys).

> I will stop contributing to this thread in public. We can carry forth in
> email.
>
> Thanks for a vibrant discussion!
>
> bassem


.

Quantcast