alexbobp
commented
3 years ago I will respond point by point.
Drivers A typical linux system does not have several dozen megabytes of unused drivers all in one blob. Those dozens of megabytes of unused drivers are in the form of kernel modules, on disk, which only get loaded when the relevant hardware is detected. There are more customizable distros that allow you to avoid even bloating your disk with drivers you don't need, but either way, the disk space cost of the extra drivers is light compared to other sources of bloat in operating system installed size on disk, and there is no cost at runtime to the extra drivers since they are simply not loaded. This might seem odd in contrast to the windows driver model, and linux can be configured more statically, but a typical desktop linux install (eg ubuntu) is dynamically probing your hardware and loading the appropriate drivers every bootup. (as you might be wondering, yes... this does have a cost on bootup times, and there's a difference between what your typical desktop linux install looks like, and what a more optimized install looks like, but the cost is not very severe)
"Correct me if I'm wrong, but isn't most of Linux still pretending that all strings are ASCII?" You're wrong. Not sure how to elaborate on this. I've just long been used to all my tools handling UTF-8 perfectly, including in filenames and such.
File Extensions Honestly, I think you have a good point on this one. The practical reality in linux-land is that we still use filename extensions to distinguish most of our file formats, and our graphical file browsers use those filename extensions when we click the files, so it's not as different from windows-land as the essay makes it seem. The one big exception is executable status, which is a specific piece of metadata, and this still strikes me as a win for linux. The ability to double click something and have it result in executed code seems worth keeping sacred. This also allows linux to do things like mount an untrusted storage medium with the no-execute flag. I actually don't have a problem with filename extensions themselves, and I think this point is oddly made in the original essay. The biggest criticism I'd have of windows on this point is that it has a default setting of hiding filename extensions, and that is the part that makes it most likely to lead to dangerous user error.
Read-Only I think you're totally correct on this point. The original essay doesn't seem to mention ACLs at all.
Debugging Tools I think you have a good point here. I'm not familiar with WinDbg, but I'll assume you're right about it having comparable capabilities. If it's a first party tool and available for free, then whether it's installed by default seems to be unimportant.
Granular Access Control You're mistaken to think windows does not have the equivalent of the linux root account. You're right that windows has security domains it keeps outside the convenient reach of a normal admin... however that's largely an illusion. An administrative user can easily elevate to those higher levels, eg, running a cmd shell as SYSTEM, or loading arbitrary code as a system service or a kernel driver. On the other hand, if what you really need is an operating system that is able to robustly enforce granular access controls even against processes running as root, linux does have multiple solutions, like SELinux and AppArmor.
Default Software Is Bloat This argument just seems a bit silly when the installed size-on-disk of any linux distro with the standard array of office tools and other "bloat" is still far smaller than that of a naked windows install. But putting aside the comparison, your average linux distro doesn't devote that much space to bundled userland software. The heftiest pre-packaged things you typically see are LibreOffice, and a web browser that the end user might actually want to use. And I think most users still have use for a full-featured office suite, especially one they get for free. EIther way, it's easy enough to uninstall these things, or to install a minimal desktop setup and go from there, but overall I think your average linux distro strikes a very reasonable balance of default software that takes up a modest install footprint to provide a lot of basic functionality users actually want in a computer. And again, it's just an easily observable fact that even full-featured linux distros are less bloated than a vanilla windows install with much less functionality out of the box.
Registries vs Text Files The registry isn't inherently a bad idea. In fact, the two leading families of desktop environments for linux, gnome and KDE, both also have their own version of the registry. What I fundamentally like about the flat files in /etc is that I know how to edit them very quickly and easily, as well as back them up on an individualized basis, restore them, etc. What a centralized database system could provide us is robust data integrity protection, backup and state management and snapshotting on the level of individual applications you configure, and a snazzy editor that makes editing a bunch of hierarchical configuration data convenient and not horrifying. Right now windows gives us none of these things, and the blame is on microsoft. They standardized the idea of configuration in a hierarchical registry, but never supported it properly. The registry is not more convenient to edit than applications having their own config files, even though by all rights it should be, and it ends up providing a single point of failure for corruption, as well. A bunch of files in /etc might seem disorganized, but the simplicity allows you to manipulate it with very standard tools (text editors and basic file management), which is good enough for a lot of people. Despite its shortcomings, it makes it easy to see how to meet needs like backing up, distributing, or programmatically modifying or generating application configuration.
Package manager with signed binaries It's definitely true that windows has similar technologies available, but I think the real point here is that on linux, users have a much more realistic expectation of getting most or all of the software they install through such repositories. This means that the frequency with which a user will have to make the decision to trust a 3rd party website to download software is less, and therefore, one can only hope, those users will be more careful about when it's actually worth it to trust 3rd party sources to install software from. There are also sandboxed app distribution environments on linux like Flathub, though I'm really not qualified to compare whether that or UWP is better.
This wasn't mentioned, but my favorite benefit of linux package managers is dependency handling and the usage of system-installed libraries, instead of every program installing its own copies of every library it uses. To my knowledge, the package managers available for windows don't solve that, aside from ones that repackage linux-like environments, like cygwin.
Commands vs GUIs I'd rather have to enter a command because there's no gui for something, than have to click a gui because there's no command for something... which is how I often feel when administrating windows. Commands can be thrown into a script, and then easily turned into a gui, even if the gui is just a folder with multiple scripts you can click on. That said, this is still a valid criticism. It will be good for the linux community to improve the availability of good guis for administrating various system components. Hopefully that comes in time.
I do want to push back against your claim that GUIs are less error-prone: a lot of times, fixing things on either operating system comes down to searching the internet and following instructions. When the instructions are edits to config files or specific commands to run, the user can perform then via direct copy-and-paste, which is more precise than trying to follow instructions involving manipulating regedit or other configuration GUIs.
Remote Administration I think you mostly have it right here, other than claiming that the remote administration capabilities of windows are more full-featured. There are a variety of good remote access solutions for linux. Personally I think the biggest argument for linux here connects with the previous point... remote access through a command line is more universally stable and reliable than through a GUI (and yes, as bandwidth and technology improve, this will seem like a non-issue to more people). The reason linux users traditionally do remote administration on the command line isn't due to a lack of availability of linux servers for vnc, rdp, nx, etc, but rather that they already feel satisfied with their ability to administrate a linux system via the command line. There's also sshfs, which provides the ability to map a remote filesystem to a local mount point over ssh, which allows the use of locally installed GUI editors or configuration tools on remote systems.
Public Bug Trackers I think you're right here. Most software vendors have some way of taking user feedback. Microsoft's problem isn't a lack of feedback, it's that their interests are not aligned with those of the users!
Malware What you typed above is a complete strawman. The main point the article actually makes is the same as what I said above about package management... that windows lacks centralized trusted repositories that users can actually rely on to install most or all of their software, and windows users are largely trained to download installers from individual 3rd party websites and run them.
MatejKafka
FormerlyChucks
nbeaver
Virtualization and driver limitations.
I'd argue that installing only the drivers necessary for the platform, and not just bundling lots of bloat in kernel is an advantage. Nevertheless, the result is, as you correctly state, that Windows usually won't boot with some hardware configuration changes.
UTF-16, not UTF-8.
Correct me if I'm wrong, but isn't most of Linux still pretending that all strings are ASCII? Not saying that UTF-16 is ideal, but the unicode situation seems much better on Windows than Linux from my (admittedly limited) experience with both.
File extensions are the sole determiner of filetype.
Gotta say, detecting file type based on a magic number doesn't seem like a good way of doing it to me. With extensions, I take a single look at a file name, and I instantly know what will happen when I try to open/run it, as opposed to linux, where i run a .py file, only for linux to launch it as a shell script because someone put a bash shebang at the top.
Ineffectual read-only permissions semantics.
I believe you're talking about the read-only attribute, which is file-only and afaik just a legacy carry-over from earlier systems. If you want to make a folder read-only, just use ACLs, which are much more powerful than linux
rwxpermissions. So, this one is factually incorrect, as you can trivially make a folder read-only with a single ACL entry.Limited default debugging tools.
By default, yeah, but installing WinDbg takes about 10 seconds in MS Store, and it's a much more capable debugger than
gdb. DebugView is portable, you can just take the .exe with you on a flash drive.Lack of granular execution access control
Having a single root account is really bad idea in domain environments, and this decision carried over to personal Windows editions. Allowing binaries to automatically run as root created many security vulnerabilities on Linux where a binary with SUID execute bit set accidentally allows you to run shellcode as root. So, yeah, convenience is nice, but here, it's at the expense of security.
Default software.
Default software is bloat, especially development tools that 99% of Windows users never use. Not saying Windows don't have enough of their own bloat, but I don't see any reason to add more. PowerShell 5 is installed by-default on Windows 10 - you can't compare modern Linux with a version of Windows from 2012. Also, Windows GUI system config is good enough that again, most normal users don't need to use a shell.
Software configuration: registries and text files.
While I mostly have to agree with your assessment of the situation, most Windows apps are quite well-behaved. It is rare for an app to use anything else than
AppData\Roaming\<appname>,AppData\Local\<appname>orHKCU\SOFTWAREregistry directory for storing data/config. Also, modern UWP apps have quite stringent requirements on how to store data, and the paths are well-defined.While I agree that Registry not a great implementation of the underlying idea, it still imo seems cleaner than dumping random text files into /etc, each with different format. Also, the blame doesn't really lie on Microsoft here, but on app developers who refuse to write their apps the way they are supposed to according to system standards.
Package manager with signed binaries.
Package management on Windows is still terrible, no question. But with
wingetand its upcoming support for MS Store, there is finally an official package manager which is gaining traction quite fast. Also, UWP is the best realization of a sandboxed package environment I've seen to date, the issue is mostly with distribution.Fixing configuration problems with commands instead of GUIs.
lsblk;xrandr;lsusb,sudo /etc/init.d/networking restart,... - am I configuring a system here, or summoning a curse unto humankind?Remote administration.
This is just plain wrong.
sshfor text commands.Public bug trackers.
There's Feedback Hub now, which is quite good. I'd argue the issue is mostly about users - when most of your system's user base are nerds and developers, public bug trackers work much better. Ever looked at GitHub issues of an OSS project used by non-technical users?
Malware.
So, the whole point of this is that nobody uses desktop Linux, so there isn't any malware targeted at it? Well, yeah.