just general questions about fbsd

[Ted Mittelstaedt]

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Kevin Kinsey
> Sent: Sunday, May 20, 2007 3:19 PM
> To: Anton Galitch
> Cc: questions at freebsd.org
> Subject: Re: just general questions about fbsd
> 
> 
> Anton Galitch wrote:
> > Hi
> > Im writing an article about FreeBSD and want to ask some few question:
> > 
> > - Do the FBSD developers work for free?
> 
> Heh, you mean, at what job?  Most of them work somewhere for
> money, I'm pretty sure. ;-) Occasionally companies will "grant" money
> to a certain developer to remain "unemployed" by others and spend more
> time on FreeBSD.  IIRC, Poul Henning-Kamp got a good portion of a year's
> salary in a fund-raising campaign last year, mostly from some of
> the larger companies listed below.
> 
> Some companies pay an employee a regular salary, but allow or 
> even encourage them to work on FreeBSD as part of their job.
> 
> However, the majority of developers work on FreeBSD in their free time,
> for the love of the system, without much more compensation than the
> satisfaction of a job well done.
> 

I think the majority of developers have FreeBSD involved in some manner
in their jobs, and a lot of times they need something put into it, or
they need a tool to run on it.  Not that their job description specifically
lists "working on the FreeBSD system" but that they are given a lot of
leeway as to how they come up with solutions to their employers problems.

If I was, for example, an employer paying a developer a
salary to write code to keep my business running, I would expect
that whatever OS he preferred to use to run the programs he's writing for
me, he would have source for it.  Microsoft in fact has a specific program
for developers to be able to access Windows source.  Furthermore, I would
also expect that if my developer ran into a problem that was due to
a bug in the OS source, that he would have a channel to get this corrected.
If it was a Windows platform, I would certainly inform my MS sales rep
that continued payment and purchase of MS os licenses was absolutely
contingent on them taking bug corrections from my employee that needed
fixing in their code, bugs that were preventing my developer from building
software that I needed.

> At least, that is what I think/hope/sincerely want to believe.... :-)
> 
> > - What advanced features it has that for example Windows, or MacOS 
> dont
> > have?
> 

Windows, even the server versions of Windows, are fundamentally desktop
software operating systems that are at times pressed into being servers.

FreeBSD and the other UNIXES are fundamentally server operating systems
that are at times pressed into being desktops.

Remember, UNIX came out of the multiuser environment, where you had
a lot of people connected via dumb ASCII terminals to a single mainframe.
>From the beginning, concepts like reentrant code, and separation of
user authority, have been ingrained in it.

Consider for example the extreme difficulty that Microsoft has had
with the simple concept of a "superuser".  A superuser is, as you may
know, a userID on the system that has authority to do anything, change
anything, and that the normal security mechanisms do not apply to.
Under UNIX this is the "root" user ID.

Well, with Windows, in the Win 3.1/win95/win98/winME series, anyone
who booted the Windows system was automatically the superuser.  This
causes a lot of problems as you might imagine with programs, as if a
program has a bug or goes out of control somehow, since the user it
is running under has no security, the program can destroy anything on
the system.

With UNIX, normally, programs are not run under the superuser ID,
they are run under a normal user ID.  Thus programs cannot normally
damage the system.   Microsoft observed the value of this paradigm
and so put it into Windows NT - although, under NT, they called
the superuser "the administrative user" most likely, because they
didn't want anyone to realize they were just copying how UNIX does
things.  But, "administrator" under Windows, and "root" under UNIX are
essentially the same thing.

The problem, though, is that because the concept of the superuser
ID was grafted onto Windows, if you setup Windows so that when it
boots, a person logs into it as a regular user, they have a lot of
problems.  They cannot install software, they cannot run a lot of
different network software, they cannot make changes in simple things
like the screen resolution, and so on.  Both Windows NT and Windows 2K
were setup by Microsoft out of the box like this - when you installed
them, you had to tell them a regular userID and an administrator
userID.  But, due to the problems, Microsoft went to a model in
both Windows XP and Windows Vista, where when you install and set
it up, BY DEFAULT, you are put in as a superuser (administrator)

This saves Microsoft a lot of support calls from people calling in
demanding to know why the Windows OS won't let them do simple things
like change screen resolution - but, it completely defeats the security
in Windows, and makes even the most modern Windows no better than
Windows 3.1 in terms of security.

This I think is one of the best illustrations of the different
approaches of Windows and UNIX.  With a server, since a lot of people
are affected if an errant program crashes it, the security is
never disabled by default, and the installer must deliberately
choose to do it.  With a desktop, nobody is really affected if it
crashes except for 1 person, so since usability is more important
than security, by default this is why security in Windows Vista is
subverted this way, out of the box.

There are a very great many people out there walking around who
have setup Windows systems as servers, and not understood this, and
as a result, caused their company to lose hundreds if not thousands
of dollars of time and labor due to the Windows server crashing as
a result of a virus knocking it down.  A virus, I will say, that IF
the Windows security had been properly enabled, would NOT have been
able to take the Windows server down.

Ted