On Mon, Jul 14, 2014 at 11:47 AM, Andrew Wyatt <andrew at fuduntu.org> wrote: > >> >> Anyway, he also seems determined to see it all as black and white, rather >> than looking at the *much* larger set of bugs and vulnerabilities that >> Windows Server has had than any version of 'Nix. Sure, we have some... but >> a *lot* fewer, and overwhelmingly far less serious. >> >> mark >> >> > Yup, overwhelmingly less serious. > > http://heartbleed.com/ > > Oh, wait. Openssl doesn't have much to do with Unix/linux. It is just one of a bazillion application level programs that you might run. Are you going to include all bugs in all possible windows apps in your security comparison? But init/upstart/systemd are very special things in the unix/linux ecosystem. They become the parent process of everything else. For everything else, the only way to create a process is fork(), with it's forced inheritance of environment and security contexts. In any case, giant monolithic programs that try to do everything sometimes become become better than a toolbox, but it tends to be rare. First, it takes years to fix the worst of the bugs - but maybe that has already happened in fedora... And after that it is an improvement only if the designers really did anticipate every possible need. Otherwise the old unix philosophy that processes are cheap - if you need another one to do something, use it - is still in play. If you need something to track how many times something has been respawned or to check/clean related things at startup/restart you'll probably still need a shell there anyway. -- Les Mikesell lesmikesell at gmail.com