Posted on 04/14/2006 4:02:05 PM PDT by Halfmanhalfamazing
A picture is worth millions of words.
(Excerpt) Read more at blogs.zdnet.com ...
2 broken links?
I am underwhelmed
What are you talking about, the links work fine.
I just get broken link icons and when I click my browser just hangs...
The links don't work for me either, and no images are displayed.
...must be using windows as fedora 4 linux and opera work just fine.
The images are finally up and the link now works. I think that blogs.zdnet.com was down for maintenance.
Interesting images, that apparently come from somewhere (where?) on the Sana Security website. I would like more detailed info about what those images represent.
It says the images show the system calls done to serve up a web page by Apache and IIS. But they don't look like that to me. They look more like a call graph.
System calls form a flat space - one such call does not nest a call to a second. These images show a nesting sort of graph structure.
Perhaps these images are the call graph of subroutines with Apache and IIS that are called while handling a request for a page.
If so, these images aren't showing anything about Linux and Windows, as operating systems, rather only showing something about two web servers, Apache and IIS. They show a more complex call graph for IIS, which is plausible.
I suspect that the blogger Richard Stiennon presenting these images on blogs.zdnet.com doesn't fully understand what he is presenting. Since he doesn't provide useful links back to the source of the images, or useful detail on what they represent, we'd be best not to make much of them.
"I tell you, on this Mac I will build my church. And the Hell of Gates shall not prevail against it."
Cheers!
I contract for a software company run by a female high-school dropout with little concept of what we sell (she got the company via a divorce settlement). Rush, rush, rush! Don't write specs, no time for that! Code! Type faster! </rant>
That aside, I am not certain what these images convey, but then I have not yet read the article...
Three words..."Security by Obscurity."
I'm sure that I will be refuted by the counter-culture Mac and Linux users that still haven't gotten over their anti-parent-rebellion issues...but it's a fact.
Windows is more prevalent, so it is more commonly attacked.
I'm not a big Windows fan, I like Linux and VMS, but I don't let this define my life. More people make more applications for Windows. Windows, therefore, rules. Get over it. If you can't handle it, go watch a movie on your Betamax or something.
Many millions of words have been written and said on this topic. I have a couple of pictures. The basic argument goes like this. In its long evolution, Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture. A system call is an opportunity to address memory. A hacker investigates each memory access to see if it is vulnerable to a buffer overflow attack. The developer must do QA on each of these entry points. The more system calls, the greater potential for vulnerability, the more effort needed to create secure applications.
He's spot-on, and I've experienced this for years. Taking an evolutionary approach to software design, whereby the software as a whole evolves organically to meet changing needs and demands, inherently leads to entropy. I know. I work for a company that, despite years of advice from seasoned senior-level developers, refuses to refactor on account of the time. Instead they spend far MORE time debugging the after-effects of short-term hacks - choosing a 1 week fix plus 5 weeks debugging over a single 3-week refactoring.
Microsoft is smarter than that but the O/S is inherently more organic (i.e. interdependent) than Linux. The lawsuit in '98 bore this out (I.E. being included as "part" of the O/S). More organicity means more interdependencies, as he notes.
Linux, by virtue of its very development model (open, worldwide), is inherently modular rather than organic. Hence it is easy to put different skins on X, and easy to secure individual daemons, which are discreet processes. It is better and more secure because it is simple.
I also cannot help but think that Linux developers are largely under far less pressure than Microsofties. Less pressure = more time to implement something simple with higher quality.
Just my thoughts.
(thanks for the excuse to do a little braggin')
Hey, I've used a tool like that!
That's cool.
I thought it would be neat to write a canonical parser which actually takes in the definition of the language in BNF-grammar-like form and actually generates the grammar internally, which it then uses for the actual parsing. A multi-linguistic parser, if you will. This would be the food for the Lexical Analyzer, Semantic Analyzer, and the third one which escapes me right now (it's been a little while).
Tricky part would be generating output.
I suppose this is the sort of thing the .NET framework is based off of, but I never get to work the new and cool stuff. That's why I'm getting the heck out of software in favor of business. But I still love software and elect. engineering, and probably always will.
But what he actually says is confused gibberish.
I scanned through the Sana Security site. The Sana security software attempts to recognize patterns of system calls that identify a healthy computer system/network. The software can then recognize changes in that pattern after malware infection. Maybe the images have to do with those patterns.
Right. That's the tool I've used. But iirc it does it at bind time not run time.
Oh well.
What you've observed is sharper and more concrete.
Having many subroutines is a trait of a well-designed layered system, among other things. You can also have too many subroutines, I believe. Having a subroutine, complete with error checking, for the most minute and atomic tasks (painting a pixel, for example) - requires needless repetition of potentially expensive operations that could be shared with a slightly more organic model. Session state blocks solve some of this (objects are a form of that). But that is a discussion for another time.
On the whole, I agree that I will end up with more subroutines on refactoring, esp. if the original code was written under incredible stress/duress.
Interesting.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.