1. 37
  1. 17

    Key part I’ve often used to debunk anti-MS sentiment from security folks:

    “Despite the above, the quality of the code is generally excellent. Modules are small, and procedures generally fit on a single screen. The commenting is very detailed about intentions, but doesn’t fall into “add one to i” redundancy.”

    “From the comments, it also appears that most of the uglier hacks are due to compatibility issues: either backward-compatibility, hardware compatibility or issues caused by particular software. Microsoft’s vast compatibility strengths have clearly come at a cost, both in developer-sweat and the elegance (and hence stability and maintainability) of the code.”

    Seems most of their problems came not from apathy but from caring about compatibility more than about anyone on desktop. That helped ensure their lock-in and billions. The cost was worse flexibility, reliability, and security. Acceptable cost given Gates’ goal of becoming super rich. Not as great for users, though. Fortunately, the Security Development Lifecycle got some of that under control with Windows kernel 0-days becoming rare versus other types. Their servers are very reliable, too.

    Anyone wondering what Microsoft could do if not so focused on backward compatibility need only look at MS Research’s projects. Far as OS’s, Midori and VerveOS come to mind for different purposes. One could be a foundation of the other actually.

    1. 7

      Not as great for users, though.

      I beg to disagree. A lot of end users and small businesses rely on some unmaintained piece of legacy software in one way or another. The fact that they don’t have to keep a separate PC with an unmaintained, insecure OS on it is a definite plus for those people.

      1. 4

        Regarding the “what Microsoft could do” – that’s exactly what they’re trying to with UWP apps in Windows 10. Proper sandboxing for all applications, ideally even all browser tabs in OS-level sandboxes.

        I’m especially interested (and scared at the same time) in the rumors about Polaris, which is said to be a Windows 10 throwing the entire Win32 layer away, with all the backwards compatibility patches only existing within of the UWP sandbox of each separate application, and with much better security (but also, obviously, less customizability).

        1. 3

          They’re definitely doing new stuff with UWP. I’ve been off Windows too long to know anything about it. I was mainly talking about designing every aspect of an OS around high-level, modular, safe, and/or concurrent programming. The two links in my comment will give you an idea of what they’re capable of.

        2. 3

          I’ve never thought that microsoft wrote bad functions, but that their design is over-complicated. There’s too many moving parts, too many function arguments, too many layers, … It’s the accidental complexity that seems to cause logical bugs.

        3. -1

          it looks like the link is broken =(

          1. 1

            I just got to the page fine.

            1. 2

              weird it failed for me initially and i just assumed the link was bad, sorry for the confusion.

            2. 1

              Nope, seems fine?