About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Home » Learning Curve » Red Hat Diaries

It's the System, Stupid

It's not the browser.

Get It

Try It

You can always judge programmers by the general quality of their product. You can conclude that if a product has a lot of bugs - a lot of vulns - then it's not a well written product. You can hold this product up to a yardstick of another product that's never shown any bugs or vulns.

But trying to compare one product to another and drawing a line between them is difficult. If one product has 14 bugs in one year but another has 15, then is the one with 15 no good and the one with 14 acceptable? Where does the line go?

All software has bugs. That's by definition. Actually it's empirical. But that's as close as anyone will ever get. All software has bugs. So what's the difference between one product with 14 bugs and one with 15?

The difference has to be what you can do with the bugs. That's what's critical. All systems have bugs. But systems that are able to protect themselves will survive and systems that haven't any defences, that idiotically rely on the impossible - their user software, their web software having no bugs at all - are shitty systems. Microsoft Windows is such a system.

The focus has to be not on the fact Microsoft have another bug in IE. Of course they have another bug in IE! They've got thousands of them! Fred Brooks who put together IBM's System/360 said it was impossible to ship an OS with less than 1,000 bugs. Bill Gates on the other hand announced in 1996 that his NT 4.0 server had *seventeen bugs but they were going to ship anyway*. Brooks was a realist; Gates is an idiot.

The focus isn't on the bugs. The focus is on who's running the show and how they're running it. If the people running the show really believe (or act as if they believe) there are only seventeen bugs in 32 million lines of code, or if they plan a system to rely completely on peripheral user software having exactly no bugs at all, then they are idiots and they are putting every user at risk.

That's always been the case with Microsoft. It's a terrible thing to look at the world through the Windows of Internet Explorer. It's a very depressing thought. But if the system itself were impervious to attack, then all one would have are the arguments put forth by the likes of Daring Fireball and John 'Mr Embalm' Sircusa who say expressly they want to be snobs or fanatics about how one user interface is better than another. And that's trivial and silly.

The real issue when learning that Microsoft might just have another bug in IE isn't the program IE at all. The issue is and will always remain the fact that once IE is exploited, the whole system goes down for the count.

We left Windows behind nearly ten years ago. And we didn't do that because we wanted a 'Mac' experience. We're allergic to that. We didn't do it because we believed Apple or open source software would have fewer bugs, even if Microsoft came out with a study concluding open source will have fewer bugs over time. We weren't counting bugs.

We did it because we wanted less hassle. We didn't want all this exploitation shit. All the viruses, worms, spyware - this epidemic of malware that's plagued the planet. And in those ten years since we abandoned Windows we haven't been attacked a single time. Going from an environment where people literally cannot work because they're being attacked by swarms of picnic flies each day and every day to an environment where this is all left behind, where that distant world of Windows grows more distant by the day. There's nothing equivocal about that.

No one in the media understands shit. They're not even interested in understanding. News of a new IE hole creates headlines, sells ad space. They do not know and they don't give a shit either. Even the most clued in of them are totally clueless. If it creates a headline, it's good. There's no concern for imparting the common good, no thought of responsibility. They're all arseholes to the last one.

So IE has another bug? Yes, we have every reason to be fearful. Because we know what happens when one of Microsoft's user products sneezes or belches or burps. It's yet another worldwide outbreak or planet-wide security scandal. But it's not because IE sprang another leak. It's because the system IE runs on is shit.

We need to keep that perspective and pass that insight onto others. That's the only way this situation will improve.

See Also
Ars Technica: One day after latest fix, Microsoft investigate new IE flaw

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search
Copyright © Rixstep. All rights reserved.