Re: [tlug] Unix's 40th Birthday

[Curt Sampson <cjs@example.com>]

On 2009-08-21 12:06 +0900 (Fri), Stephen J. Turnbull wrote:

>  > True enough, though you might be suprised at the number of firewalls,
>  > VPN servers, and so on that run on Cisco-like gear.
> 
> But what OS does that run?  I wouldn't be surprised if it's a Unix
> derivative, what is it?

It's not a Unix derivative; it's Cisco's own entirely home-grown OS,
at least for the products that are really Cisco products, and not ones
bought from other companies.

> I suppose they could have developed one from the ground
> up, but I'd think it would be a lot cheaper to just use NetBSD and
> replace the scheduler with something realtime.

I don't think it was cheaper in the 1980s, given that NetBSD didn't
exist. :-) Cisco's OS was reasonably sophisticated (including
multi-tasking, multiple command-line connections via both serial and
telnet interfaces, at least a dozen protocol stacks, and handing off of
parts of the processing to specialized hardware modules) back in the
early '90s when I started using it.

> ...and does the VPN on only one box that connects through the router.
> I don't really consider that box "part of the Internet" in the sense
> we're talking about here; it doesn't do any routing.

It certainly does do routing; it needs to decide whether to send a
packet over the network interface connected to the network on which the
router resides, or over the ("virtual") network interface connected to
the VPN.

> That's why I mention "disruptive innovation".  "Disruptive" doesn't
> mean "radical".  An innovation is disruptive when (1) it finally
> crosses the threshold of being an interesting alternative to the
> "mainstream" configuration for customers, but (2) is too cheap and
> competitive to sustain profit margins that can sustain earnings growth
> in the large incumbent market leaders.

Ah, right, I'm now recalling the details of that book, whatever it was
called (the one that discusses hard drives).

This is why I think that this is possibly a non-disruptive change for
MS; they can certainly make a fair amount of money just by selling new
versions of XP; I suspect, in fact, they make far more from selling any
OS on new hardware than they do on upgrades to existing installations.

>  > It's also going to be interesting to see if the competition can avoid
>  > the downhill slide that's started over the last couple of years.
> 
> This is going to continue, I'm afraid.  If Linus were interested in
> system security ...

Yes, I think I agree with you here. Much as I suspect Linux developers
might argue otherwise, many of them appear to have taken on the
characteristics of people in the marketing department of any large
software company. ("Features! Glitz! Screw the security if it makes it a
bit harder to use!")

> ...but unfortunately what we've got is Theo, who I
> supose is very competent but gathers enemies the way the north side of
> a tree gathers moss.

Well, there's also NetBSD (which actually has a better security record
than OpenBSD does, and from which came arguably the most secure
encrypted filesystem in the free software market). But that project's a
bit mired, too.

Perhaps someone with the talent (but not the personality) of Theo or
Dan Bernstein will one day decide to produce a secure distro, but
it's a huge amount of work, and it's so hard to send patches upstream
(especially when you've got people like Ulrich Drepper involved) that
I can't see it happening unless someone finances it.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com