[Sussex] The Art of Unix Programming
Geoff Teale
tealeg at member.fsf.org
Sun Dec 14 16:51:17 UTC 2003
On Sun, 2003-12-14 at 15:55, Iain Stevenson wrote:
> Interesting observations there. I have no experience of the M$ stuff but
> did dabble in Applescript and found it a painful experience. The syntax
> never seemed clear leaving application development more of a black art than
> a science.
My point certainly wasn't that programming on Unix is less syntactically
complex (although in C at least this is the case).
> However, methinks you're in danger of falling into "Linux superiority
> syndrome" for want of a better term. Doubtless there are good points in
> all platforms. Certainly the network stuff in Linux is much, much better
> than Apple's OpenTransport. But how often have you scrabbled around trying
> to find that elusive configuration file - the one that really is working,
> not the one that's from a botched install?
Er, never... moreover I wasn't talking about config I was talking
about development. I'll talk a little bit about your config issues
later on. I certainly don't want to come across as believing Linux is
perfect. I've worked on a lot of OS's (Linux, Windows 9x, NT, 2000,
Solaris, SCO Unixware, HP-UX, VMS, Digital Unix, MacOS, Mac OS X, QNX
RtP, BeOS, Plan9, OS/2) and I've seen a lot of different issues handled
in a lot of ways. The greatest thing about Linux is that is actively
drawing in good ideas, and the best ideas become dominant on the
platform because people choose them over inferior solutions. Open
source is truly Darwinian and it isn't artificially constrained by
marketing concerns, deadlines and money.
My real point was this: In windows the OS itself encourages people to
write very large, all encompassing applications - this is because the OS
doesn't make it comfortable for several process to interact whilst
retaining autonomy. For this reason, applications that require
scripting (like Office) have the ability to run scripts inside of them
or to exist inside such scripts. Unfortunately such scripting is very
limiting, requires GUI interaction to instigate and tends to be bound
to massively complex APIs reflecting internal structure which you are
legally prohibited from examining. To make it worse those APIs change
roughly every two years rendering your hard work as useless.
In a Unix environment you recognise that it is better to build a series
of smaller tools that can be strung together (without every having to
know what their in the string with) in order to get a result. That's
the real power of Unix. Every is a file, all programs can read from a
standard input and write to a standard output. GUIs, in most cases,
need only be a mechanism for controlling those programs.
> It seems to me that other OS
> have something to teach Linux in terms of clarity of configuration - and I
> don't mean locking everything up in obscure registries.
Well, there's no reason why Linux should be any more or less difficult
to configure than a rival OS. If I gave you a control panel with GUI
font-ends to the config files would that solve your problems? This is
the approach Mac OS X and a number of Linux distributions take to making
config easier. Personally I am quite happy with config files in /etc.
One area that could be improved for non-technical users is the way
device drivers work. A lot of effort is being put in to push more and
more device specific code out of the kernel and have it work via more
generic control mechanisms. This works well for things like CUPS
because printers essentially just need a channel of communications
provided by OS between them and their driver code.
That said, application config is another matter. Anyone here who thinks
it's essential to have a GUI to configure your httpd or your MTA is
probably not thinking very clearly. The simple truth about setting up
non-trivial systems (especially those in a networked environment) is
that it is non-trivial.
Lets have a little rhetorical pop-quiz on the subject of "Why does
Microsoft IIS suffer more security breaches than Apache?"
Q: Is it because it was written by fools?
A: I don't think so. Microsoft recruits some of the brightest
university graduates the world produces.
Q: Is it because Microsoft doesn't patch quickly enough?
A: Some people say so, but I don't think it's really the case. Most
breaches don't use new flaws but rather older well known ones. Most
crackers aren't as clever as they'd like to believe.
Q: Is it because Windows NT is fundamentally insecure?
A: In part, maybe. Certainly given certain applications and services
proprietary access to the kernels memory space in order to make it
quicker (something they did to the GUI from NT4 onwards and they've been
doing for IIS in recent years) means that now not only can any GUI app
crash the system, but any http interaction can too. Moreover if you can
get access through a weakness to do a lot more noticeable damage if
you've got access to an entire system rather than just to the Apache
account.
Q: Is it because it works 'out of the box' and a lot of people setting
it up don't bother to read the docs properly because if it wasn't taught
to them on their one week Learning Tree course on ASP then they don't
want to know about it?
A: Very, very probably.
--
Geoff Teale
tealeg at member.fsf.org
Free Software Foundation.
This file will self-destruct in five minutes.
More information about the Sussex
mailing list