Commentary: More on Linux
— -- I now find myself in the tremendously unenviable and essentially hopeless position of explaining, in writing, what I have written — to an audience, it bears noting, that does not seem to read, understand, or otherwise know how to employ the English language.
This audience is known to itself as the “Linux community.” I think of them in far less complimentary terms.
Weaker Than the State of the Art
Two weeks ago, I had the temerity to suggest that Linux is overrated. Citing statistics posted on BugTraq, SecurityFocus.com’s computer security mailing list which tracks vulnerabilities in operating systems,and relying on the testimony of security experts, I wrote that Linux systems are weaker than the state of the art in operating systems. I also noted that the number of its reported vulnerabilities, when measured against its market share, was, in essence, higher than the number of Windows NT reported vulnerabilities when measured against its market share.
Or, as Marcus Ranum, CTO of Network Flight Recorder (NFR), a maker of intrusion detection products, and installer and first manager of the whitehouse.gov Web site, puts it: “Linux’s focus isn’t security. It’s features and performance. There are loads of security flaws found in Linux, just as there are in NT; it’s just less of a big deal because the size of the Linux user base is small compared to the NT user base, and the NT user base tends to be less technically sophisticated than the Linux user base and therefore is hit harder by security flaws when they are uncovered.”
I was of course bombarded with quasi-decipherable outrage, orchestrated by the community at slashdot.org — a Linux self-congratulation Web site. A typical example: “Maybe if you actually delt with this [expletive] on a day to day baises you would make educated and well informed articals.”
Distilling the Message
Now the basic, distilled-to-one-line message of my column was this: If Linux had to stand up to the amount of use and abuse Windows NT did, it would not be up to the task. This is not because NT is inherently a “better” operating system than Linux. There is no real way to objectively measure the relative worth of operating systems, since they are such complicated beasts, are measured by so many different metrics, and are designed with different uses and programmer values in mind. But it is to say that NT is a more proven performer over a broader array of landscapes, tasks, scenarios, and markets. The salient point in that column was not that NT is flawless and Linux is flawed; it was that both are flawed, and that Linux is far more flawed than its promoters are willing to admit.
