Xref: utzoo comp.sys.amiga:74335 alt.religion.computers:2213 Path: utzoo!utgpu!cs.utexas.edu!sun-barr!olivea!uunet!cbmvax!martin From: martin@cbmvax.commodore.com (Martin Hunt) Newsgroups: comp.sys.amiga,alt.religion.computers Subject: Re: A3000UX competition Message-ID: <16499@cbmvax.commodore.com> Date: 13 Dec 90 15:49:07 GMT References: <86470@tut.cis.ohio-state.edu> <12003@hubcap.clemson.edu> <36449@cup.portal.com> <1990Dec2.153612.28555@zorch.SF-Bay.ORG> <36488@cup.portal.com> <1990Dec11.164431.819@jarvis.csri.toronto.edu> <16482@cbmvax.commodore.com> Reply-To: martin@cbmvax.commodore.com (Martin Hunt) Organization: Commodore, West Chester, PA Lines: 109 In article bzs@world.std.com (Barry Shein) writes: > >From: martin@cbmvax.commodore.com (Martin Hunt) >>Whichever, distributing >>sources is a good thing in an academic environment, but a very bad idea >>if you are trying to capture the business market. > >Hey! Who let the MBA in? I'm insulted. (I'm not an MBA, but they do sometimes use computers). > >And I suppose you're next going to argue that auto manufacturers >should put their own locks on car hoods to help capture the business >markets? > >Look, all OS's have bugs. Many are tolerable. Most are tolerable by >most people. But if you're the site that has to virtually shut down >operations because of a security flaw which doesn't seem to bother >that many other sites (e.g. if it's an internet break-in opportunity, >most customers won't be on the internet) then you're in trouble w/o >the sources. > >Beyond that kind of extreme situation there are many shades of gray. > >None of this is peculiar to Unix, everything I say could apply to VMS, >AOS/VS etc. Systems with absolutely no security, like DOS or Macs (or >Amigas I assume, but I don't know Amiga/OS), are obviously excluded >from these examples. > >I don't know of any OS, for example, which gives much control over >when someone can log in. > >Say you have operators with (some) privileges and would rather not >have them logging in off-shift. Do you know any OS which lets you put >that kind of logic in? (Oh, under most I can write scripts which >disable accounts at various times, but I get to monkey around with >some things which are fraught with peril.) VMS has that and much more built into it. Some versions of so-called "Secure" Unix also offer features like this. >(I assume someone will say "so ask them not to log in off-shift", a >logic I agree with, but just an example.) I would agree in an engineering company or a university. If I was running the MIS department of a fortune 500 company, a bank, or a government contractor, I would strongly disagree with you. [...] >If I want to add code to demand longer passwords, or a secondary >password if I think it's a really odd time (or place) for this >particular person to be logging in, why should it be so difficult? > >What's the big deal? There probably aren't any big deal trade secrets >in the login sources (in fact, I know Unix' login sources quite well, >they're quite boring and predictable, which is good!) > >It's this binary mentality that either you get all the sources, or >none that goads me. > >How about a few device driver sources? Some windows applications >(admittedly some vendors do make these available, tho it's usually >just the most trivial cases)? Is this sort of stuff really the family >jewels? Not likely. I agree with you. Source code for this kind of stuff should be available to those who are interested. > >Fortunately this situation is changing itself within the Unix >community as almost everything you might want is available as a freely >distributable source equivalent. > >I can't help but wonder where the motivation to write all those >free-source clones comes from if there's really no need. >-- > -Barry Shein > I agree with you that source code is a really great thing for those of us who are capable of modifying it. In an academic or engineering environment, it is a necessity. What I really dislike is people who design operating systems so poorly that simple reconfigurations require modifying the sources and recompiling the kernel. OS kernels should be like color TVs; there are no user-servicable parts inside. VMS does this fairly well. Even AmigaDOS is way ahead of Unix in this. Operating systems (IMHO) should be simple, modular and expandable. In AmigaDOS, filesystems and networking protocols can be dynamically added or removed from the system. Why can't Unix do this? The other issue is the suitability of Unix to businesses. Why do most businesses with VAXen run VMS? It's very expensive and does not come with any source. Because it's easy to configure, is well supported and doesn't require a Unix kernel hacker to support it? Too many computer scientists and programmers write systems for their own world, instead of the real world. Reality is that if your product requires the user to have sources to configure his system or fix bugs, then you cannot expect to be taken seriously outside of the academic environment. Disclaimer: I don't work for the Unix group here, but I do deal with BSD sources every day. :^( Martin Hunt "Windows 3.0 is hot because it's really fun. It has martin@cbmvax.commodore.com brought some excitement back into the PC industry" Commodore-Amiga - Microsoft marketing manager I wonder who took the excitement out in the first place?