The Old Joel on Software Forum: Part 3 (of 5)

Linux hack attempt

The linux crew thwarted an attempt to insert a back door into the source code (no mention of Chinese hackers) - only made one paper:
http://www.smh.com.au/articles/2003/11/07/1068013371170.html

The hack attempt:
http://kerneltrap.org/node/view/1584

Philo

Philo
Wednesday, November 12, 2003

Old news!

Almost Anonymous
Wednesday, November 12, 2003

pretty good win for OSS though, I was impressed at the open way they handled it, and the way the changes were noticed almost immediately.

FullNameRequired
Wednesday, November 12, 2003

I think they are shoring up cvs and Bitkeeper a bit to make this sort of thing even more catchable.

Mike
Wednesday, November 12, 2003

If you read the reports, you find that at least two apparently "senior" programmers inspected the code without detecting the attack.

Open source is wide wide open.

.
Wednesday, November 12, 2003

"If you read the reports, you find that at least two apparently "senior" programmers inspected the code without detecting the attack. "

?? so what? I read code every day and dont detect the bugs that bite me on the ass later, and thats basically what this was....a deliberately inserted bug.

The point is though, that even if no one had noticed the change it wouldn't have mattered much because it was only a _storage_ repository....what that means is that next time Linus (or whoever) pushed their files into it, the changes would have been overwritten anyway.

the _other_ point is that it proves the "many eyes" theory of OSS nicely...if a similar thing had happened in a closed source environment its perfectly possible that _only_ those two programmers would have looked at all.

"Open source is wide wide open."

:) I think they prefer the term 'free' (as in speech, not as in beer)

I guess only history will tell us whether OSS is more, less or equally secure as CSS, but from what Ive seen at least _Linux_ is in good hands.

FullNameRequired
Wednesday, November 12, 2003

One other thing, if this ever happened at Microsoft, would we read about it? I think not.

Mike
Wednesday, November 12, 2003

I'll bet a case of beer that the first successful backdoor hack is in Linux.

- it's open and everyone contributes to it. The two that found this back door weren't looking for security violations, they just noticed some odd code. A little more work and one may get by.

- Which is the jucier target? Windows, which *everyone* says is "insecure," or the uber-secure Linux? Which would be a bigger achievement?

- Which source code is watched more carefully for this kind of thing? You *know* MS watches their code like hawks for intrusions, back doors, unauthorized changes, etc.

- Which source code is more accessible?

And yeah, it was just a repository. That doesn't help when it's your servers (downloaded from that repository) that were intruded.

Mind you, if they get more source code integrity in place then it's less of an issue. But the point is that it's open source, and that means anyone can contribute, no matter what their motives.

As per my previous post, this doesn't mean "avoid Linux at all costs" - just be aware of the vulnerabilities.

Philo

Philo
Wednesday, November 12, 2003

Anyone can submit kernel patches and code, but it doesn't go straight into the CVS. All changes have to pass the scrutiny of the module maintainers. You can bet they'll be more vigilant now.

Justin Johnson
Wednesday, November 12, 2003

>>And yeah, it was just a repository. That doesn't help when it's your servers (downloaded from that repository) that were intruded.

Except that it wasn't an 'official' repository that any of the distributions pull source from. Even if someone was in the habit of pulling from this repository, the opening to infest systems is less then a day (when it gets reloaded from the official tree in Bitkeeper that only Linus has write permission to).

RocketJeff
Wednesday, November 12, 2003

Hi ya philo,

<g> I understand you are not making an attack on Linux (and I wouldn't really be bothered if you were) but I think maybe you have got some things wrong :)

"The two that found this back door weren't looking for security violations, they just noticed some odd code."

did you read the article? they were looking at the code in question because they were alerted by the unexplained entries in the change log...they didn't find this issue themselves (although they knew exactly what file had been altered), but then someone else who was looking at the code because of the alarm they raised noticed it.
_that_ is a strength of OSS, at the first sign of trouble anyone who wants to can verify the code for themselves, and its almost guaranteed that out of sheer boredom a surprising number will do exactly that.

"Which is the jucier target? Windows, which *everyone* says is "insecure," or the uber-secure Linux? Which would be a bigger achievement?"

I honestly think thats a straw man...I could equally argue that windows is more likely to be targetted because the kind of hackers who do this dont like MS.
Neither is true I suspect, the fact is that the chappie who did this was very clever, I would bet you an awful lot that he was doing it for specific purpose, and was _not_ out for the rep or street cred.

"Which source code is watched more carefully for this kind of thing? You *know* MS watches their code like hawks for intrusions, back doors, unauthorized changes, etc."

umm....how exactly? I have absolutely no idea what systems MS has in place, whereas I *know* (now at least) what systems Linux has in place.
Sure, I expect that they _do_ have systems....but then they have systems for all sorts of things, no doubt some are more successful than others.
Maybe they are on top of this kind of thing, and maybe they are not...I have no idea and neither do you.
...the difference is that _you_ have _faith_

<g> My own experience of closed source development is that every developer has too little time to do more than their own job anyway, the kind of random poking around that uncovers issues like this is rather more rare.

"- Which source code is more accessible?"

depends what you mean here...most of the distributions are built on top of the tree that linus manages, and _that_ tree is by all accounts very secure indeed.
OTOH I could download the Linux source today, build in a backdoor, and then install it on my clients hardware with very little problem...but then if I was that way inclined I could do much the same thing using Windows without much extra effort.

"And yeah, it was just a repository. That doesn't help when it's your servers (downloaded from that repository) that were intruded."

I dont actually understand what you mean here...

"But the point is that it's open source, and that means anyone can contribute, no matter what their motives."

no, it doesn't mean that at all. Open Source means that I can download the source and look at it, alter it and redistribute the changes. OTOH persuading you (for instance) to install my tree instead of the official source would be rather more problematic.

I _can_ contribute patches to the main tree of course, but before then it would have to go through a lot of checking by a number of others before it reached the 'official' tree....it would be extremely difficult for me to get a patch in, and I suspect impossible for me to get a malicious patch in without it being spotted.
<g> I _could_ of course just bribe Linus or one of the other maintainers to install it, but then I could equally well bribe any other MS employee, so really theres no obvious hole there either.

"
As per my previous post, this doesn't mean "avoid Linux at all costs" - just be aware of the vulnerabilities. "

indeed. I guess my feeling is that the vulnerabilities are pretty equal really....

FullNameRequired
Wednesday, November 12, 2003

Just wanted to address one point quickly:

"I honestly think thats a straw man...I could equally argue that windows is more likely to be targetted because the kind of hackers who do this dont like MS."

I'm thinking "the kind of hackers who do this" aren't looking to discredit an OS; they're looking to access production business systems. Given that, they're going to go for maximizing payoff/effort. If they could even GET the Windows source code, then they're at ground zero with no notes. OTOH, the Linux source code is openly available and documented. So half the battle's done without effort or alerting anyone.

That was my point there - from a security standpoint, Linux is the juicier target.

Philo

Philo
Thursday, November 13, 2003

Back doors, bugs, hackers – There is nothing ruder than criticizing the work of volunteers. You get what you pay for.

m
Thursday, November 13, 2003

As for backdoors, there used to be one in Interbase added by Borland programmers, it was discovered soon after the code was released as open source:

http://slashdot.org/articles/01/01/11/1318207.shtml

Someone else
Thursday, November 13, 2003

Backdoors are not the exclusive of OSS, Philo. There is no way you can decide wether a bug was just an honest error or deliberatly planted. Every organisation has to be vigilant against this. This is why I advocate that the process should support author identification as much as possible. I have said before that the development process is a prime candidate application for better security: think PKI, smartcards etc.
The screening process against dedicated social engineering to get into a development process is never going to be 100%, so at least tractability should be present. Who submitted what and when? Do we trust a simple username/password from a remote location? etc. etc.

Just me (Sir to you)
Thursday, November 13, 2003

The fact the hack attempt was discovered had nothing to do with the opensourceness of linux, in fact, it was the bitkeeper repository administrator who found it. It could have been the same thing for any propietary system.

It doesn't make any difference on security that the people who MAKE the software can see the code, this should be obvious. The difference with free software is that the USER can see (if they want to) the code.

So, I do think that in terms of security free sofware is better, but this particular linux episode is not a good example.

Sergio Garcia
Thursday, November 13, 2003

Who can guarantee that there are not backdoors in Windows (inserted by MS)?
MS maybe?
How can you verify/trust?

drazen
Thursday, November 13, 2003

Hi Philo,

"I'm thinking "the kind of hackers who do this" aren't looking to discredit an OS; they're looking to access production business systems. "

Im disinclined to agree with that.

I dont believe it was professionally done, although its clear the chappie was clever, it should have been pretty clear to whoever did it that the cvs repository they gained access to was not what they needed, that is, it _would_ have been clear if they had taken the time to get an overview of how things were arranged and how the systems worked before they attempted access to the server.
Personally I believe that it was someone taking advantage of a situation they did not expect to be in. (but maybe had vaguely hoped for).

"Given that, they're going to go for maximizing payoff/effort. If they could even GET the Windows source code, then they're at ground zero with no notes. OTOH, the Linux source code is openly available and documented. So half the battle's done without effort or alerting anyone."

I do hear what you are saying, and of course there is some truth in it, but the fact is that knowing what to do where was _not_ half the battle, the real battle is gaining access to code that matters.
<g> Its no good me knowing exactly how to crack open a particular safe, if I have _no_ idea where the safe is stored, or how to access it.

"That was my point there - from a security standpoint, Linux is the juicier target."

hmm...it clearly was for this would-be hacker, but then the changes that were wrought were _no_ use to anyone. There are Linux sources all over the world, anyone can alter them in the same way that was done here....but its _not_ useful, in the same way that the changes done in this case were _not_ useful, even if they had not been caught.

bottom line? its _easy_ to make changes to a set of Linux kernel source files, but its more difficult in the extreme to make changes to a set of Linux kernel source files that _matter_, that certainly was not achieved in this case.

another way of looking at it is to understand that I have access t othe source code of many, many (rather geeky) books...I can change what they say, remove pages, delete sentences and reword paragraphs, I can add pages and change the way the book reads. I can even persuade others around me to read the new versions of the books, and with a little trickery I may even be able to publish a local copy of my book....but I am _extremely_ unlikely to be able to persuade the official publishers to alter the text in the books they publish, so in a broader sense none of the changes I have made _matter_

FullNameRequired
Thursday, November 13, 2003

If I'm not mistaken, Microsoft's internal network was compromised last year, and it took them a couple of weeks to detect (or be notified; don't recall what it was). They claimed nothing was changed in their source code. Do you really believe they would have notice a change like this? The Linux hack attempt is a local privelege elevation backdoor, that is cleverly disguised; If it somehow got to the official tree, it would have been classified as a bug, rather than a backdoor.

How sure are you that the some of the daily remotely explotiable "bugs" discovered every month in Windows were not deliberately introduced when the network was compromised?

Are you sure it was the only time it was compromised? Are you sure it is under Microsoft's complete control at this moment?

I tend to believe they're safe, and have good practices. But e.g. the recent Valve attack shows that you _should_ be suspicious.

Had the person that infiltrated the Valve network not released the source, but instead, kept quiet and trojaned their source distribution, he would have had tens of thousands of willing zombies when the game released, all neatly cataloged in HL-2 servers.

Philo, the paranoid aspect of your personality is underdeveloped. Do something about it :)

Ori Berger
Thursday, November 13, 2003

"Which would be a bigger achievement?"

Most definitely windows. As you said, linux is open. To back door windows would be harder, IMO.

Thursday, November 13, 2003

Also, what abount the possibility of a Microsoft employee inserting back door code into the OS.

Diligently firing everybody who takes photographs of their G2s may not be enough!

Ged Byrne
Thursday, November 13, 2003

So, is the question: who do you trust more, people that have a financial stake in software working properly or people who volunteer and give a rats-ass about market share?

Tough call.

m
Thursday, November 13, 2003

"During the three months in which the hackers had access to the code, there is a remote chance the software could have been altered, Microsoft told the Wall Street Journal. The company said there is no evidence such alterations were made, however, and experts say the risk of such alterations is small."

http://news.zdnet.co.uk/internet/security/0,39020375,2082221,00.htm

Anonymous
Thursday, November 13, 2003

Ah, the art of deliberate phrasing. Let me play advocate for the other side and rephrase that ....

Who do you trust more: The work of an opportunistic employee working for a specific company mostly for the stock option value, who's willing to jump ship when a better offer comes along? Who's work is dictated by deadlines and that value that these features give to said company (rather than to the end user - e.g., what do YOU as a user get out of DRM that you didn't have earlier?)

Or would you prefer a labour of love, for which reward is not expected, free of any secret or commercial interest that works against the end user? Work done only by the truly committed?

You ask the same question differently, you get different answers. All analysts master this skill, or otherwise they can't produce an objective report based on objective undisputable data with predetermined results.

Ori Berger
Thursday, November 13, 2003

Ori, the first side makes more sense. The software company has lots of people working together to produce clean, robust, safe software.

Deliberate attacks would need co-ordination between them, for which they would have to weigh the likelihood of the criminal penalties they would face when detected.

Also, it's not true to characterise the work of the open sourcer as a labour of love, while the work of the professional developer isn't. The work of professional developers is also usually a labor of love, for product companies anyway, as opposed to commodity outsourcers.

I would characterise the open sourcer, not the PD, as the opportunist. It's the open sourcer who thinks his work will get him a job, or who so lacks professional reward that he needs to resort to unpaid work to get his kicks.

.
Thursday, November 13, 2003

"The software company has lots of people working together to produce clean, robust, safe software."

while Linux lots of people working together to produce clean, robust, safe software.

"Deliberate attacks would need co-ordination between them, for which they would have to weigh the likelihood of the criminal penalties they would face when detected."

while in Linux, its been shown quite clearly that deliberate attacks would need coordination between them, for which they would have to weigh the likelihood of their loss of respect and weight in the community (I assume we are talking about established developers in both cases, not people who have somehow managed to get access to the code)

"Also, it's not true to characterise the work of the open sourcer as a labour of love, while the work of the professional developer isn't."

this I entirely agree with :) being a professional developer...

"I would characterise the open sourcer, not the PD, as the opportunist. It's the open sourcer who thinks his work will get him a job, or who so lacks professional reward that he needs to resort to unpaid work to get his kicks."

but _thats_ just stupid...most of the fulltime OSS already have jobs..they are being paid to work on the OSS project they are working on.
And even in the cases where they are not, claiming that means they are obviously desperate cases is rather stupid..Im a professional developer but when I retire I fully intend to spend a few hours each week working on OSS projects.
Im rather looking forward to developing in an environment where nothing matters whatsoever except the code I produce...

FullNameRequired
Thursday, November 13, 2003

dot, you sound like you're not familiar with the software industry. "Working together to produce robust clean code". Yeah, right. With few exceptions, everyone cuts down on QA (if they do it in the first place) because they have a deadline they can't miss, the salespeople have already oversold a non working feature, and the competitor is already out.

Civ 2 source code was released recently; without comments. Why, you ask? Because they knew they had embarassing comments in the code, and had no time or incentive to scan all the comments and remove the offensive ones. Fair enough ; But it's an indication of the internal process.

Borland's Interbase had a backdoor for 7 years - an administrative account that cannot be removed. Clean. Robust. Professional.

Please read this forum more often. Many of the posts are rants by programmers that their company, for commercial reasons, won't let them produce a product they'll be proud of.

Ori Berger
Thursday, November 13, 2003

Ori - Not caring about market share lets one focus on niche areas and take bigger risks. Perhaps I misjudge the average OSS volunteer, maybe your offense suggests they do care about market share. Perhaps their motivation is monetary or ego driven. Though, you do use the phrase “labor of love” – something to think about.

m
Thursday, November 13, 2003

Ori, with respect, you sound like you're not familiar with quality environments, and probably not familiar with the distinctions between packaged developers and consulting / outsourcer shops.

My background, and my comments, relate to high quaklity environments staffed by the best people in the industry.

.
Friday, November 14, 2003

More often than not open source is open to read but much harder to contribute to. Any halfway decent project will have a gatekeeper and this is even more so in the case of kernel code.

Simon Lucy
Friday, November 14, 2003

"My background, and my comments, relate to high quality environments staffed by the best people in the industry."

you great pompous ass :) if you are going to make grandiose claims like that you should really be willing to back them up by...you know....actually providing some proof....

In the absence of such proof Im just going to assume that you are a young, inexperienced ass probably with a background in sales and little or no experience in software development.

<g> because not a single competent programmer that I know of would have made such a stupidly grandiose statement and still expect to be taken seriously :)

FullNameRequired
Friday, November 14, 2003

>"My background, and my comments, relate to high quality environments staffed by the best people in the industry."

So you're talking about the 1% of organizations with high software quality, of which Microsoft ain't one of them.

>"So, is the question: who do you trust more, people that have a financial stake in software working properly or people who volunteer and give a rats-ass about market share?"

The programmers in proprietary software companies may care somewhat about market share, but their interest in producing high quality software is usurped by management who forces them to ship something by a given date, regardless of its quality. For this reason, the volunteers can often outdo the hack-and-slap-and-ship-it-by-this-date programmers.

T. Norman
Friday, November 14, 2003

Oh, the harshest criticism - young and inexperienced.

Has the industry really decayed so much that it's considered false to speak of quality? I guess in many non-packaged, non-elite environments it has. Sad.

.
Friday, November 14, 2003

Dear dot,

T.Norman's assertion is optimistic in my opinion. I don't think 1% of companies producing software have high quality standards. Nor 1% of the products, for that matter.

If you work for one of that 0.1% companies, well, good for you. But you probably don't - your assertion implies that you don't know how stuff usually gets done, which hints that you have no basis for comparison, which implies that you have no idea what "quality code" really is. Going back to Norman's optimistic statistic, that means that with 99% probability, you're not in the high quality sector.

I won't try to convince you - you already have your beliefs all set up, and no amount of verifyable evidence (go read PeopleWare or SPSG, if for some reason you are interested) will probably change that. With the right pitch from the right person, you'll probably be inclined to believe that having sex with a professional, for money, is better than having sex with a friend, because - you know, all people are actually after your money, or honing their skills in order to get a better shag in the future. And no one will have sex with you just because they, say, enjoy it or anything. Or, that if they do enjoy it, then it can't be enjoyable to you because they are only doing it for the _their_ fun. Or something. Essentially, that's what you say about software development.

But for the the benefit of others reading this thread, I would like to raise your awareness towards an aspect of product design:

Commercial products are designed to maximize profit for the producer, not value for the consumer. This is true for every industry, and software is no exception.

Why can't you install different versions of Office on the same machine? That's an artificial limitation, designed to make sure that once you upgrade, you'll be applying pressure on your coworkers to upgrade as well. You know, if you could keep the older version, everyone might be able to upgrade at their own leisure (or not at all, if they're satisfied with the older version). And that's unamerican and really bad ... (For the producer, that is).

Why do you have a registry in Windows? That slow, fragile, single point of failure? I'm not sure how it came to be; The original intentions might have been purely technical, but it doesn't work well in practice (compared to the tested and tried, 20 year older solution of keeping configuration files in a per-machine and per-user "home" directory). So why does all software producers keep using it? Because it makes it harder to get things to work without going through an installer. Imagine - if the consumer bought a new machine, and could just copy over all the files, data and programs, and it would just work. We can't have that, can't we? That's so unamerican. But it does increase, slightly, the chance of a new software purchase with every hardware purchase. And it does reduce, slightly, the chance of occasionally using more copies than purchased. So it costs the consumer in complexity of reliable backup, ability to replace hardware, etc. Why should that influence any design decision?

Finally, I used the term "labour of love". That's how many of the Free Software people I know feel about it. Read interviews with, e.g., Linus. Interviewers keep asking him thinks like "How do you feel about Microsoft", "When do you think Linux will reach world domination", etc. His answers, generally entertaining in their nature, can usually be summed up as: "I don't care. I'm building the best kernel I can because I enjoy it. Money is good, thank you very much, but it's not the reason. Popularity is not a deciding factor in any technical consideration" (my words, of course, not his). He constantly rejects popularity-increasing eye-candy stuff in favour of solid design. Can you say that about anyone with commercial interests? (No, you can't say that about most project managers that have no commercial interests either; I brought it up to support the "labour of love" argument).

Ori Berger
Friday, November 14, 2003

"high quaklity"

Something ducks do when flying?

Friday, November 14, 2003

Ori,

I think maybe you've taken too personal a stake in the discussion. There are many benefits to having a registry, and I suspect that you suspicions about the downsides are not so universally true as your statement would imply.

Me, I like the registry because I can write an upgrade installer that will make it brain-dead simple for the user to replace the old, possibly buggy version with the new, less buggy version. That's a real bear to pull off with local configuration files.

If you don't think that it's a quality issue, you're mistaken. Over the last two weeks I've been working on a project that requires multiple iterations of code, testing by someone who isn't me, and then code again. After a week of watching the client copy each successive version into a new location on his hard disk, and dealing with daily bug reports that were reporting on old, outdated versions because the user got lost, being able to write these sorts of installers was a life saver. He can still install multiple versions if he really wants to, but my installer will make that the harder option, rather than the easier.

So don't run down the registry as a vast conspiracy to shaft the customer. At least in this case, it's a tool to keep the customer from shafting himself.

Clay Dowling
Friday, November 14, 2003

Clay, I repectfully disagree.

The registry is _nothing_ but a filesystem, and a retarded one. It lacks streaming; It lacks proper interfaces; It's inefficient; It doesn't provide _any_ value beyond a file system.

On unix, every software keeps its configuration in the user's home directory, under a ".softwarename" file (or directory, if there are multiple files). It's hidden from most user processes, but it's part of the file system, backed up when you backup your home, moved and mounted when you move and mount it. The machine specific setup is usually under "/etc/softwarename".

Anything you do with the registry, you can do with these files -- really. And it's actually how good Unix programs behave.

The file standard gives you a _lot_. What does the registry give you over such a file standard?

Conspiracy is the more polite explanation here, I'm afraid.

P.S: Rumours are that Longhorn is going to abolish the registry, and embed it in the file system instead. Innovative if true, don't you think?

Ori Berger
Friday, November 14, 2003

"Conspiracy is the more polite explanation here, I'm afraid."

in general I agree with your description of its deficiencies, but I dont really agree with the explanation for its existance.

I suspect that, way back when, it just seemed like the best solution to a problem :)

FullNameRequired
Friday, November 14, 2003

Unix config file are very useful and appropriate for how Unix works in general. Good discussion in the book "The Unix Philosophy" by Gancarz.

I have no idea on why MS went with a registry. Maybe they thought it would be cool and the wave of the future. But, big bad MS has seemed to listen to customer demand. I can't remember where I read it, but I think the new IIS consists of a single XML config file and Longhorn will be more remote admin friendly.

m
Friday, November 14, 2003

FullNameRequired:

The impolite explanation is incompetence. Yep, it probably seemed like the right idea. I find it surprising that everyone's _still_ doing it, 10 years later, even though it has always caused problems and worked much _worse_ than the filesystem.

So it's either incompetence on behalf of ... 90% of the programmers, or a conspiracy (or another explanation I'm not aware of).

I find the conspiracy angle reasonable, especially because I've talked this issue over with both developers and software lawyers, and they seem to favour it (those that are aware of the alternatives, anyway), despite all the obvious shortcomings, because it forces the user to go through the legalese again and makes it harder to preinstall.

I suspect if it wasn't for this reason, everyone would have rolled back to using the file system exclusively. (Oh, and another pre-requisite would be that technical decision makers in the industry were competent - something which I have a more-than-reasonable doubt about).

Ori Berger
Saturday, November 15, 2003

Dear Ori,
The registry came in with Windows 95. Windows 3.1 didn't have one. Your suggestion that it persuades people to upgrade their software when they buy new hardware is nonsense.

I can think of no reason to use different versions of Office. In fact you can save a document in any of the previous formats if you are worried about incompatibility.

Now for a real conspiracy ask why the only format Word can't read is that for MS Works :)

Stephen Jones
Sunday, November 16, 2003

Stephen, perhaps it doesn't persuade anyone to upgrade, but it surely gets them to reinstall, rather than just copy the files - which is generally a good idea, except when it makes it effectively impossible to just copy the files. I know software vendors I talked to actually like that.

Ok, so you weren't bitten by Word incompatibilities. How about Word 7 not being able to read Word 6 documents properly? The first version of Word that didn't break BiDi compatibility with previous versions was from XP, as far as I know. Up until Word 2000, the BiDi support changed, in subtle ways. For example, in Israel, it's common to write apartment numbers with slash following the street number - e.g., "Hill Street 13/9" means "13 Hill Street, Apartment 9". Save that in Word 6, Reload that in Word 7, and you get "Hill Street 9/13" (of course, you need to write the hebrew equivalent, not latin letters). This bug was never officially acknowledged by MS, nor fixed. It was settled out of court for an undisclosed sum, when they were sued by an israeli law firm, though.

The object models changed slightly along versions. If you had macros/vba that relied on them, you need to upgrade them. Fair enough; but it's extremely useful to debug it against a working version, for which an older Word version is required.

And finally, older versions of Word could install side by side. The limitation was artificially introduced with Word 7. Even if you can't see any reason for installing two versions on the same machines, do you see any value for the end user in this limitation? I can only see value for Microsoft.

Ori Berger
Sunday, November 16, 2003

One less documented bug was the incompatibility between documents written in English on Arabic enabled Word and English Word or Word 2000. It seemed to effect one document in ten - and of course would always happen when you urgently needed to print but couldn't find a printer attached to a machine with the correct version.

I recommend saving in .rtf unless there are embedded files.

The registry replaced .ini files. If you don't put a key in the registry you won't be able to double click because you can't set up the file association. I personally think that's a good idea since you can restrict the users who can install programs.

You can choose not to write anything to the registry when you write the program. Frankly I can't see where there is a problem - you have to write the stuff somewhere so what is wrong with putting it in one central place.

Stephen Jones
Sunday, November 16, 2003

Stephen, we're all used to reconfiguring every Windows system we set up. I, for example, disable the dumb "hide extensions ..." in Explorer, to kill the "personalized menus" in every software.

But when I work on Unixes, I just copy the relevant .rc files over, and forget about it.

The problem is not that the registry exists - the data, as you stated, must be placed _somewhere_. The problem is that the registry does not provide any advantage over a standard filesystem, yet it DOES have many drawbacks compared to one: It's harder to backup, or move around. You can't use general purpose tools on it (I frequently "find", "grep" and "diff" my /etc directories and .rc files - and it would have been useful if I could diff registries as well).
You can't apply standard filesystem security and permissioning tools to the registry (and you don't have equivalents either). In fact, you need RegEdt32 and not RegEdit to even _view_ the security settings.

I'm not asking "what does the registry give you". I'm asking "what does the registry give you that the file system doesn't". For the sake of argument, set up an imaginary "C:\Registry" directory, under which you have "HKEY_LOCAL_MACHINE" and friends, under which the entire registry is implemented as a file system. Reserve a file name for the "default" special value, and escape other names if you insist (although I must say I've never seen the default value used anywhere).

I listed above a few things in which this implementation is better than the filesystem orthogonal "registry hive". Is there anything that the registry provides that is not provided by this scheme?

Ori Berger
Sunday, November 16, 2003

The registry is not a file system, it's a database. When we get the database file systems everyone wants then all files will be a registry.

What I fail to understand is what disadvantage the registry has over a standard file system.

Stephen Jones
Wednesday, November 19, 2003

In what way is the registry not a filesystem?
In what way is it a database?

Both the filesystem and the registry are databases of binary objects indexed by hierarchically constructed names, with some security definitions, etc.

Can you query the registry in a different way than you query the filesystem?

List of things I can do _today_ with the filesystem but not the registry:
1. Backup & Restore identifyable sections
2. Search using standard FIND / Grep tools
3. Compare using diff / fc and friends
4. Copy and move trees around
5. Edit using one of the thousands of editors of my choice
6. Expose through the network, using a variety of protocols.

List if things I can do with the registry _today_ but not the filesystem:
?

Of course, everything is possible. In fact, all I have to do is write a filesystem driver that exposes the registry as a filesystem to get all these benefits. Or, if I somehow reimplement the registry functionality directly through the filesystem (registry hierarchy becomes filesystem hierarchy; Keys become directories; Values become files; Registry locking becomes file locking). I estimate 200 lines or so of code would establish the mapping semantics (although patching the system call table to make this system wide will take more ..)

The question still stands though - the registry is a filesystem except by name; an inefficient and nonstandard one. Why use it at all (except for inertia, and lack of awareness)?

Ori Berger
Wednesday, November 19, 2003