Again, you mention Linux. I do not use it. How is it relevant to my comment?
And then there's this mythical "average user". But what does that have to do with me and my own solutions?
I know only one user: myself. I know what works for me. I live in a tty. Do I need a Windows GUI? No.
Finally, I also know that what one can do, another can do. But that is their decision and I am not trying to convince anyone to do what I do.
Windows is a massive, complex truckload of legacy source code that keeps growing with every edition; it has a lot of flaws and the number grows every year; it is not "open source" in the sense of public source code respositories and enabling users to compile from source. This is not opinion. It's fact. These facts do contribute to the state of Windows "security". Bravo for fixing flaws in recent years. But no points for having them to begin with: poor quality control.
>Again, you mention Linux. I do not use it. How is it relevant to my comment?
Um, because you compare like to like. If you are comparing millions of lines of code to 10,000 lines of code, then obviously its easier to audit. Your point about auditing code makes no sense unless you compare the task of auditing equal amounts of source code.
>Windows is a massive, complex truckload of legacy source code that keeps growing with every edition
Please enlighten us how you got access to the source code, which parts you evaluated, what methods you used to evaluate it, and why you think those methods are accurate and scientifically valid.
Unless you do those things, you cannot claim to be fact based. Its fine to have an opinion. Many non technical users who don't understand the NT OS design, confuse the implementation flaws of user mode code, kernel code, third party code, and are unable to differentiate it from NT design flaws. Sure, from a responsibility standpoint, I'm right there with them - If you ship it - you should own up to the flaws regardless of where they come from. I think that MS in the past made some super bone headed decisions (possibly driven by commercial reasons) that screwed them security wise because the 'default install' of Windows was insecure out of the box.
> But no points for having them to begin with: poor quality control.
How do you know this?
As an aside, I find it ironic for you to lament about "complex truckload of legacy source code" while using a TTY which itself is the exact same thing. Ah ! C'est la vie
As a user, I don't. It's closed source. That's the point. What users have is only circumstantial evidence. And then there is the marketing and PR, such as the NYT article.
One of original two comments was "What would we find?" There is nothing to suggest I have read the source code.
Unless and until Windows becomes an open source project, such as the ones that are routinely discussed in this forum, where users can remove code they do not want, then no amount of "updates" or PR by Redmond is going "fix" Windows to my satisfaction. As I said, I am not expecting that to happen, ever.
There is a comment in these threads from a former Microsoft employee that confirms my suspicions about poor quality control. Are you still in disbelief?
As for your aside, I agree. There's legacy code in both. But I suspect it is far less code overall. And, in my opinion, it's in some cases higher quality than what I am getting with Windows (there are certainly exceptions: Dave Cutter's work on the NT kernel being one). Of course, I do not have the Windows source code so I can only speculate what is in there.
More importantly, the size of the software is much smaller and I can modify and recompile it.
I can see to some extent what has been added and changed over the years. I can continue to learn from the source and the people who wrote it, instead of from a marketing department.
Living in a tty is "the exact same thing" as using Windows?
Is that an example of "comparing like to like"?
I am in VGA textmode. I am not using a graphic layer.
The amount of code to implement the tty, which is available to me to read, edit, compile and redistribute, is, I speculate, much smaller and less complex than the amount of code and complexity used to implement the Windows GUI.
As long as you're claiming that your POV is an opinion, or informed speculation at best, I have absolutely no issues with what you're saying, and do not wish to engage in further argument. We probably agree on most things.
And then there's this mythical "average user". But what does that have to do with me and my own solutions?
I know only one user: myself. I know what works for me. I live in a tty. Do I need a Windows GUI? No.
Finally, I also know that what one can do, another can do. But that is their decision and I am not trying to convince anyone to do what I do.
Windows is a massive, complex truckload of legacy source code that keeps growing with every edition; it has a lot of flaws and the number grows every year; it is not "open source" in the sense of public source code respositories and enabling users to compile from source. This is not opinion. It's fact. These facts do contribute to the state of Windows "security". Bravo for fixing flaws in recent years. But no points for having them to begin with: poor quality control.