Microsoft vs. Apple
I own both a Mac and a PC. I've used a PC for about 15 years and a Mac for about 3.
If I were to confess to how many machines I actually own, the number is probably in the low twenties, with multiple Win 2k, XP and even an old 98 box somewhere, several Linux servers, a Linux laptop, an HP-UX box and a Solaris 8 server that I've never bothered to update. Got geek?
But there are only two machines I use on a daily basis, and those are a Windows XP box and a PowerBook.
And I've got some complaints about both Microsoft and Apple. I'm going to warn you, this is a really geeky rant. And it's long.
The deal is this: Apple has released a slew of nice, shiny new machines at a very high spec, with a good price and what is hands down the best commercially available operating system on the market. It's everything I every wanted my Linux systems to be - and it runs Microsoft apps, too, like Word, Excel and Powerpoint.
People often accuse Apple of being a bit player in the computer world, with only paltry shares of the market. In fact, they have a 12% share of the laptop market and about a 6% share of the desktop market, which puts them respectively 4th largest and 6th largest in the world. In both cases, they outsell Sony. Apple is actually a fairly big player, there's just a huge gap between Dell, HP and everybody else.
Microsoft has just released a new operating system with an enormous amount of fanfare: Vista. It claims to be the Chuck Norris of operating systems, curing cancer and kicking the collective ass of the rest of the world.
So what's wrong?
Well, there's five things:
1. First, Microsoft is ending VB support for Office for Mac. This is truly frustrating. Most folks don't realise how important scripting is to most of their Office documents. But it effectively ends the Mac as an even semi-serious contender for even very small businesses. I think in the long run that Microsoft will pull support for Office for Mac, in the same way that it pulled support for Project and Visio on the Mac. And Mac sales will really suffer as a result.
2. The frickin' ads. Okay, I'm going to come clean. The Apple community faithful seem to universally love the Mac vs. PC ads. I find them utterly cringeworthy. Buying a computer is already frought - decisions about hardware, software, operating system choices and interoperability swamp most infrequent computer buyers. These ads don't help. They're gloating, self-satisfied, smug attempts to stick a finger in the eye of Microsoft. Why? I can't think of a single good reason. Microsoft has been one of the biggest supporters of Apple; the Microsoft campus used to be covered with Apple Powerbooks and Microsoft remains one of the largest vendors of software for the Mac. At one point, Bill Gates spent a personal $125 million bailing Apple out of a hole.
The ads are deliberately provocative and condescending - and often wrong, or commit the sin of ommission. In iLife, for example, the Apple ads seem to claim that the applications bundled with PCs are boring - like clock and calculator, while iLife is exciting and vibrant. Okay, iLife IS exciting and vibrant but Microsoft has been legally forced to unbundle Internet Explorer and MSN Messenger, so they'd never get away with bundling an iLife-like suite. And Macs all come with calculator and clock, too. An extended analysis about how most of these ads are unfair is outside the scope of this blog entry but I think that nearly every ad is unfair to PCs.
3. Microsoft can't write network software. This drives me absolutely batshit f*cking crazy. I want to break things and throw plates and just get so frustrated by this. It's not hard to write network software. TCP/IP has been around since 1967. It is extremely well documented. It isn't rocket science to write a TCP/IP stack that follows the RFCs. It's straightforward. Every Unix vendor in the world manages to do it. Even Macs finally do it. I'm not asking for raw socket support (okay, I am asking for it, but I'm willing to get it from a Linux box or my Mac), I just want Microsoft to follow the RFCs and document their options.
Time and time again Microsoft f*cks it up and fails to interoperate. Examples? Kerberos. Kerberos is a kind of holy grail for security professionals. It's a universal, standard, well-defined authentication, authorisation and access control server. It has the potential to make enterprise identity management substantially less nightmarish. Microsoft claims that their Kerberos plays well with other Kerberos implementations...but it doesn't. The entirety of the rest of the market has made a decision about how to format the ticket granting ticket and supports the GSSAPI. Microsoft, alone, supports the SSP and has a non-standard format for the the ticket granting ticket. So, if I want to implement Kerberos, I need a non-Microsoft Kerberos supplicant on every single desktop in my organisation (that's 140,000 desktops, for those of you counting) or I need to make AD schema extensions and modify every single operating system that has a resource I want to authorise with Kerberos. For a University, this is probably not a huge task. For us it's stupid. I have critical systems that run on Tandem, OpenVMS, AS/400 and z/OS as well as three flavours of Unix. And all Microsoft would have to do would be to change a few lines of Kerb code and roll out a new version of AD with a checkbox that says "Do you want to work with the rest of the world?"
They've fixed it with AD, but Microsoft's DNS was the worst implementation in the world, hands down. In NT 4.0, they started with a straight BIND port, which was a piece of cake. You edited the text files and had a snack, just like BIND on any other box. Then they moved it into the registry and suddenly adding a record was through a GUI that sometimes worked and sometimes didn't. And there was no way to manually edit. A records were usually okay, but pointers or MX records were a dice roll. Totally unacceptable. They've fixed it now with AD, but it was so egregious that I'm still angry about it. It was devestatingly unprofessional.
And Internet Explorer - which can only look at web pages, by the way - sent two simultaneous requests for a page so close together they looked like a wireless fast retransmission. And would then RST whichever response came second. Why? Because one of the requests was actually Novell NetBIOS addressed, except that the NBT helper application puts it on the wire as TCP/IP. But systems with reasonable IP stacks should just remove the RST from their connection tables and free the socket, right? Well, maybe, if Kevin Mitnick hadn't figured out how to TCP/IP session hijack - so now two connections that close together are indistinguishable from a session hijack and so most firewalls with SYN flooding protection will bin both connections. Great. That means that anyone with web sites behind a CheckPoint firewall, say, using CheckPoints SYN flood protection, will unintentionally DOS users of IE 5. It's not such a problem now (fixed with version 6 of IE), but again, I'm still mad. As if the entire world wasn't utterly and completely ruled and dominated by TCP/IP. Here's a newsflash, Microsoft: thou shall have no other protocols save TCP/IP. Put the NetBIOS down. IBM abandoned the Distributed Computing Environment back in the 1990s. Only you are using it still.
Oh, let's talk about the DCE/RPC for a moment. Here's how DCE is supposed to work: there's a listener, called an endpoint mapper, on a static port (used to be 135, now 445), which maintains a catalogue of available services and resources. You make a connection to that listener and request a service, then the two of you negotiate a subsequent port for your conversation, different to 135 or 445. This frees up sockets for the endpoint mapper and is in general neither good nor ill. The way that Microsoft cocks up coding DCE/RPC is the following:
a. They refuse to publish their UUIDs. This is amateur. Strictly bush league. Listen, I've bought your software, I've paid the extortionate fee, tell me what I've bought, that's all I'm asking. Now, because I've spent months painstakingly attempting to capture the UUIDs, I now know why they don't want to share them. A UUID is a Universally Unique Identifier. It's a 128-bit number that is supposed to be generated in a proscribed manner so that it is definitely unique. There are enough numbers in this space that you could number all of the fundamental particles in the universe and still have most of your numbers left. There's an RFC (4122, for the curious) and an ITU-T Rec. X.667 (ISO/IEC 9834-8:2005) that governs how they are generated. Microsoft didn't follow this convention. How embarassingly didn't they follow it? Well, one of their actual UUIDs is 01234567-89ab-cdef-0123-456789abcdef. The rest aren't much better. But you'll have to find them on your own.
b. They inconsistently invoke DCE sessions. FRS Replication is the most egregious violator of consistency. It makes a connection to the endpoint mapper, then migrates to a high port and keeps the same TCP session numbers, which makes me uncomfortable but I don't think is actually illegal. So far, we're okay. Not great, but okay. Then, FRS Replication just assumes that the socket is available forever. Even though the stack should time a session out after ten minutes, AD might come back after an hour and try to use the socket without a new handshake. Okay, that's bad behaviour. But what's really irritating is that it the first DC to try and communicate will actually do the handshake each time whereas the DCs on the recipient end will try and use the back connection on the same socket without a handshake and continuing the session with the next sequence numbers more than ten minutes after initiation without any keepalives. So if you're enforcing protocol compliance on your network, FRS Replication only works in one direction. Which is a real f*cker. What's the Microsoft answer? It's not good. Steve Riley does his best to put a good face on a bad situation, but opening up every port above 1024 is a non-starter and limiting RPC down to the use of a single high port doesn't work if I have 140,000 clients hitting my DCs. And tunneling defeats the purpose of protocol enforcement and network anomaly detection. Basically, you can't run FRS Replication through a firewall. And it's easily fixed, too; just time out the connection after ten minutes and open another one. The TCP handshake is three packets, it won't kill you. Considering all the other chatty crap Microsoft needlessly spams onto my network, three 64 byte packets every hour will go completely unnoticed.
4. Windows Vista is a Mac OS X rip off. Yes, it is. I'm really, really disappointed in Microsoft. Vista is the New Coke of operating systems. I'm not saying that the ideas behind OS X aren't any good - they are good. They're just about the best around, many of them stolen from BSD, microkernal architecture research, BeOS and Steve Jobs' very own NeXTStep operating system. But that doesn't mean that Microsoft should copy them. Innovation involves finding new, clever ways to solve problems. Ripping off Spotlight, Widgets, and even Chess is just low. Shame on you, Jim Allchin! Shame on you, Microsoft!
It would bother me less if they hadn't taken five years to do it. In five years, they've managed to come up with an OS that still uses the NT kernel, has a skin on it to make it look like Mac OS X and is sort of backwards compatible with Windows XP, kind of, unless you are an anti-virus program. I think, with a team of about a dozen people that I actually know, pulled that off in about four months. And I'd have had the good sense to steal the journalled file system, too, which Apple borrowed from VMS.
5. Finally, there are no good games on Mac. I mean this. World of Warcraft is not a "good game," it's a short step away from heroin. Okay, Age of Empires 2 came out on Mac, but it was severely hobbled. It didn't run at the default resolutions of the widescreen Macs, so everything looked ugly, it froze up and lagged and was notoriously difficult to multiplay. Here are some great games that you can't get on a Mac: Battlefield 2, Lord of the Rings 2 (Battle for Middle Earth), Dawn of War, anything from Steam (Half-life, Counterstrike, Call of Duty, etc), anything from PopCap (Bejewelled, Bespelled, etc). There are some great applications for Macs. I don't want to knock it. But I hate that I have to maintain two complete systems in order to play games. And I know that the new Macs are now also PCs, but they're not really the answer. The graphics cards that ship with the new Macs are garbage, unless I buy a Mac Pro - and even then I have to get a graphics card upgrade and the final package costs $3000 and I'm still not getting the kind of graphics performance I want for my gaming. With that kind of cash I can buy a MacBook (for everything but games) and a top notch PC with a real video card, like an NVIDIA 7950 GTX, with what I have left over.
OS X is clever. It's a lovely platform. The graphics toolkit at it's heart is brilliant. Apple really leverages the graphics capabilities of the graphics hardware. But no one who's writing great games is writing for it, which is a shame.
Okay, I'm spent. If you made it this far, congratulations. When I read this through I got lost myself somewhere around the UUIDs.