Saturday, March 10, 2007
Windows, Macs, and BSD
David I. Greig (DIG) is the moderator of talk.origins and he swears by BSD. It's the system he uses on "Darwin", the robomoderator of the newsgroup. The box is sitting outside my office right beside "bioinfo," a server that runs on real Linux. DIG can be a bit of a pest when he gets going about BSD but he knows a lot more about this stuff that I do.
Here's a take-off on that obnoxious Mac commercial that you see on TV. I especially like the part about Macs being only 3% of the market—that's why nobody bothers to write viruses for Macs.
I can't tell the difference between Linux and BSD. They look the same to me. What do you think?
[Hat Tip: Jim Lippard]
Mac OS X core system and kernal (which is also called "Darwin", incidently) is actually a BSD 4.4 lite system derived primarily from FreeBSD.
ReplyDeleteThe difference between BSD and GNU/Linux is mostly in the internals. Both are UNIX/X based systems that use desktop environments like Gnome, KDE and XFCE. BSD is closer to true Single UNIX and POSIC spec than GNU/Linux, however. That is why the latter is often called a "clone" of Unix rather than a true Unix system.
"POSIC" should be "POSIX". My bad. :(
ReplyDeleteWe (we = Xnix users, including the sibling operating systems of BSD, Linux and Unix) know when we are beginning to emerge as a Global Force when people start making fun of us. So there.
ReplyDeleteLarry: You must report this to your colleague ...
ReplyDeleteWhen I look at this post on my Linux machine (Edgy Eft, Foxfire 2.x), I cannot see the photograph of the box (with the wires and stuff hanging out of it). When I look at it with my Windows XP machine (also Firefox), I can see the photograph.
When I look back at the Linux machine, where the box is supposed to be, there is a little bit of space ....
(I can use view source to get at the image file and view it that way ... )
Is blogger using good (X)HTML or bad (X)HTML? Or maybe it's a Canadian thing. I don't know...
X.org is the open source version of "Xwindows" windowing software available on most current versions of Linux. The X.org "radeon" driver for ATI graphics cards has a bug that affects UYVY decoding in Xvideo.
ReplyDeleteHey, is that an Antec Sonata enclosure? It's a ***** replacing the power supply in those things. An by the way, I've had several Antec power supplies of approximately that age go bad recently. If you have any troubles, check the voltage on the +5V line.
ReplyDeleteWhen the ain'ts go marching in
ReplyDeleteby Christopher Dreher, Globe and Mail
...
If there really is a Supreme Being who is concerned about how His name is worshipped on Earth, these days He may be wishing he had put a caveat in His scriptures: Please don't irritate the scientists.
...
"I'm not up there as much to preach or convert the unconverted," Mr. diCarlo said.
"I get up there and show a physical demonstration of a decent guy who makes solid arguments and has a nice family. I'm there saying, 'Here I am, and I'm really okay without your God.' I'm sure the other side is wondering, 'Hey, how come he's not eating children and setting kittens on fire?' "
...
I, too, am glad that Macs are only 3% of the market and nobody writes viruses for them.
ReplyDeleteHowever, I have seen a few attempts, and they were pretty pathetic.
Mac OS X is great for a personal computer, but if you're running a server there's nothing remotely as good as Solaris 10. BSD and all forms of Linux simply pale in comparison.
ReplyDelete"BSD" is a family of Unices, not a thing in and of itself. In today's world, "BSD" - especially running on a PC - almost certainly refers to either FreeBSD, OpenBSD or NetBSD.
ReplyDeleteThough the actual family tree is complicated, these all derive from the version of UNIX developed at the University of California at Berkeley. The history in a nutshell: Originally the UNIX operating system came from AT&T's Bell Labs (as is well known). Since AT&T was fairly liberal with the source code at the time, several academic institutions picked up the fledgeling operating system and improved it. Berkeley's version (Berkeley Software Distribution - BSD) found particular favour with the academic community and was widely adopted. When the US defence agencies looked around for a commonly-used OS on which to implement their TCP/IP suite of protocols, they chose to give a grant to Berkeley to do it on BSD UNIX. Canonical versions of the basic Internet protocols were soon added to BSD, and so found their way into academia. In a very real sense, therefore, BSD and the Internet are siblings that grew up together.
There have been a couple of attempts to commercialise BSD UNIX, some of which were rather successful. Bill Joy, an erstwhile member of the Computer Science Research Group at Berkeley, left to co-found a little company you may have heard of: Sun Microsystems. So yes, I had a little smile at Fred's comment that BSD "pales in comparison" to Solaris, since Sun itself is founded on BSD. (Although admittedly the kernel behind today's Solaris environment can trace its roots back to SysVR4, a later attempt to reunite the BSD and AT&T UNIX family lines.)
Linux, as is also well known, was the personal project of Finnish student Linus Torvalds, who wanted to write a UNIX-like operating system for the PC, essentially for his own edification. Linux is - as is probably also well-known - just an operating system kernel. However, put it together with the very many other bits and pieces of UNIX that are available under free and Open Source licences (many of then originating with the GNU project), and you have a full operating system. Of course, people tend to put these bits together in different ways, which is why you have a multitude of Linux distributions.
At around the same time Linus started hacking, some individuals decided that it would be a cool idea to port Berkeley UNIX from minicomputers to these new-fangled PCs that were becoming popular. First there was 386BSD, out of which eventually arose FreeBSD and NetBSD. OpenBSD is a later spin-off of NetBSD. (Today there is still a significant amount of cross-polination between the three free BSDs.)
During the early 90's the BSD source code was at the centre of a complicated legal imbroglio. Essentially AT&T regretted its earlier generosity and decided to get its pound of flesh as far as UNIX is concerned. To cut a long story short: While the free BSDs languished in legal Limbo, Linux took over the world. Well, sort of. FreeBSD and NetBSD remain popular with many of those invisible network gods who run core network services, very much out of the public's site. The implementations on these operating systems of the core TCP/IP reference protocols remain second to none, and are still seen as the "reference standard". OpenBSD is extremely highly regarded in network security circles. (Calling it the world's most secure OS is no exaggeration.)
In a nutshell, *BSD (FreeBSD, NetBSD or OpenBSD) is "real" Berkeley UNIX, ported to run on the PC platform. Linux, on the other hand, is (originally) a PC operating system that happens to be significantly UNIX-like. So yes, "real Linux" in the original post also gave me a smile. You are right, though: For any but the most technical of users, there is essentially little difference between Linux and *BSD. For the most part, anything that runs on one can also be made to run on the other. If your administrator swears by BSD, it's a good sign he knows what he's doing, and it's probably best to leave him to do it. :-) FreeBSD is, in my experience, an excellent OS for doing industrial-strength system administration.
As was mentioned, Apple's OS X is built on top of a core operating system known as Darwin, which Apple provides under an Open Source licence. The Darwin kernel has a very complex technical background, but it is essentially based on the Mach 3 microkernel (another long story) with significant components from FreeBSD. Today's Macs are very much "real UNIX" machines under the surface (In fact, to UNIX ancients like myself they feel a fair bit more "real" than Linux.) This is why they're so prevalent at technical gatherings. (Also, OS X runs just fine on a laptop, something that Linux and *B SD still can't get quite right.) At ISMB - the big computational biology conference - my informal statistical sampling in recent years has yielded that between 60 and 80% of the laptops are Macs. A decade ago, none of us would've touched a Mac with several barge poles strapped together.
Feel free to look up any of the terms above on Wikipedia if you want more (and more accurate; my memory is not what it used to be) information.
Disclaimer: I used to be a FreeBSD committer (contributor), so accept my apologies for any bias.
Here is a Unix family tree.
ReplyDeleteAnd another thing: The whole "Macs have fewer viruses because they have a small market share" meme can't be left unchallenged.
ReplyDeleteThis is usually propagated either by people who don't understand how privilege escalation works in UNIX systems (including Mac OS X), or by anti-virus software vendors who just might have some vested interest in, you know, selling anti-virus software.
While I don't disagree with the thesis that Mac users can do with being a little more serious about security, one should note that while Macs have 3% (or 6% or 16%, depending on whom you believe) of the market share, they don't have 3% of the viruses. I can say this with mathematical certainty even without looking up any data. How? I'll get to that in a minute...
Almost every week for the past year or three there's some new article about how Mac users should take security more seriously because the Mac will get a lethal virus attack "any day now" and is only "relatively safe" due to its low market share. Especially the articles originating with the above-mentioned anti-virus vendors tend to come replete with copious weasel words when describing the current situation: They'll admit that Macs have "far fewer" viruses than Windows at present, or that Mac users have "not been as heavily affected" by viruses as their Windows brethren.
What does "far fewer" mean in this context? If you were to believe these articles, how many viruses would you say is out there in the wild targeting Macs? (For comparison, the average anti-virus vendor will list tens of thousands of Windows viruses.) A few thousand? A couple of hundred, maybe? Actually, the fact that these assertions try to hide is that we can quantify the number exactly. As of today, 11 March 2007, the number is - exactly - zero.
Not a hundred. Not ten. Not three. Zero.
And that's why I can say that, no matter what the size of the Mac's market share is, its share of the virus "market" is exactly 0%.
I, for one, call that statistically significant.
So why is this? We come back to the issue of how UNIX handles privilege escalation. While it would be perfectly feasible to write a virus for OS X (or Linux or *BSD) it would be a relatively pointless exercise, since in only a tiny, tiny percentage of instances would the viral code execute with sufficient privileges to cause any damage, which means that a large-scale infection would be very unlikely indeed. (And I'm using "very unlikely" here in the sense that a statistician would. :-) And that is pretty much that.
Viruses don't work like that. Even if there were viruses for the Mac (and there have been some), they require a certain level of market share in order to spread. For instance, if you look at email viruses they are largely targeted at outlook and outlook express. The virus doesn't know what program is going to open it, but the virus makers know the vast majority of people use outlook or outlook express on windows. Many people will have up-to-date virus protection to keep them safe. Many others are not stupid enough to open unsafe attachments. Many others may have the latest patches for the software and/or windows to render the virus useless. The only way the virus can spread is if a few people don't have any of those characteristics. In order to spread the virus it has to hit as many targets as possible in order to find those few that will actually be vulnerable. That is much more difficult on a mac because of their low market share. Saying that since Macs have 3% of the market share than they should have 3% of the viruses is woefully simplistic.
ReplyDeleteLets give an example. Lets say that a given person has a 5% chance of having a Mac. The number has increased over the last few years, I think it is either 4% or 5% and 5% makes easier math. And lets say people have on average 19 people in their email address book (making a group of 20 people, once again to simplify the math). Now I will assume that the computers these people use are evenly distributed based on the Mac market share. Based on the Mac market share, the expected number of Mac users in this group of friends is 1. That means that if they were to somehow get an email virus for a Mac, and it emailed itself to all the people in the address book, then on average not a single Mac user would get it and the virus would fizzle out. On the other hand if a windows user were to get it, it would be sent to, on average, 17 windows users. Even if only 10% of windows users are susceptible to the virus then you would still expect the virus to find 1 or 2 viable targets out of those 20. Now there will be some variability in individual cases but over tens or hundreds of millions of computer users this will tend to even out and the average behavior will dominate.
Now lets say that an email user has on average 99 people in their address book. In the case of a windows computer you would expect a virus to have 89 potential targets. You would only need about 1.1% of the users to be vulnerable in order to expect there to be a target amongst those 99 computers. On the other hand you would need 25% of Mac users to be vulnerable in order to expect the virus to propagate. This would require them to no thave their computer patched, not avoid unsafe attachments, not have virus protection. And it would likely require that they are all using the same email program. That is an impossibly high number. So even those Mac viruses that are released most likely will not spread very far simply due to the difficulty in finding targets. Windows viruses, however, are practically guaranteed to find targets (at least for a while). Even with better control of user rights like Mac and *NIX (which Vista has), all it takes is a small chance that someone will accidentally approve the virus's request for additional access and it will be able to spread. Mac, however, requires a huge chance that someone will give similar approval.
That is not to say that OS X is not very secure, it is. But there very well could be major security vulnerabilities that are just not worth virus writers' time to find. Even if a virus was written, and they have been, they simply do not spread. Windows, however, could be extremely secure but virus writers will work tirelessly to find even the slightest hole they can exploit. And the hole does not have to be very big, only a few percent chance of the virus spreading is enough when there are that many windows computers.
And what is more, they really don't have to. Microsoft announces whenever they patch a security hole. Viruses writers then use that information to write viruses, knowing that they just need a small group of people who don't update their computers in order to make the virus a success. Viruses often come out months after patches that render them useless have been released but they still become major problems.
O, ye benighted masses! There is no operating system in the world finer than VMS.
ReplyDeleteBlasphemy! The only OS you need is Emacs. Not only does it double as a text editor, but you can even play Tetris on it.
ReplyDelete:-)
Back in 1968 I was running my Fortran programs on an IBM 360/91. Does anyone know what the operating system was called back then? I assume it was written in assembler, right? I think it was just called Operating System 360.
ReplyDeleteAhhhh ... such fond memories. Lugging boxes of computer cards gave you a sense of power. Not to mention the fact that it was a lot more exercise than carrying a 2 gig memory stick on a lanyard around your neck. You youngsters don't know what you're missing.
Yep, that was OS/360.
ReplyDeleteSome Unixes not in the family tree chart:
ReplyDeleteJuniper's Junos operating system on its routers, which is derived from FreeBSD.
Arbor Networks' Arbos operating system on its DoS detection and traffic engineering analysis devices, which is derived from OpenBSD.
The chart also fails to give credit to Multics, from which Unix copied many of its ideas and got its name (a Unix is a castrated Multics). (My second computer-related job was a systems developer for the Multics operating system, at Honeywell's Phoenix Multics Development Center.)