Windows Beats Linux in Live Security Contest

Well, well, well. Now this isn’t what you get to see everyday. Paul Thurrott reports in his latest newsletter.

During a live duel of sorts between backers of Windows 2003 and Red Hat Enterprise Linux during the RSA Conference 2005 this week in San Francisco, a surprising victor emerged. Based on the previously agreed upon rules, Windows 2003 came out ahead, emerging as the more secure OS.

How could this happen, you ask? After agreeing to terms, backers of both OSs evaluated the security-oriented performance of Windows 2003 and Red Hat Enterprise Linux during the past year, looking at such key criteria as number of reported security vulnerabilities and the amount of time that elapsed between the public disclosure of a security flaw and the release of a fix. But doesn’t the open-source model practically guarantee that fixes are released more quickly than they are with proprietary OSs? I guess not.

Results of the competition will be released next month, but here’s the gist: Windows 2003 won every part of the competition. It had fewer flaws overall. The average time between Windows 2003 flaw reports and fixes was less than half that of Red Hat Enterprise Linux. Less than half.

Does this mean that Windows is more secure than Linux on the server? Not necessarily. But it certainly provides an interesting real-world example of why assumptions about Linux security are completely bogus, as I’ve often noted.

Windows Beats Linux in Live Security Contest

Dataset performance in .NET Framework 2.0

Andrew Conrad writes about Dataset performance improvements in .NET 2.0. For me these improvements are really, really good reasons to switch to .NET 2.0 as soon as it ships (or even earlier when a ‘Go Live’ license is available).

System.Data.DataSet contains some very significant performance improvements over prior versions – particularly for large result set scenarios.

In particular,

  • Highly efficient Binary Remoting —  For large Dataset, orders of magnitude better than v1.x
  • Row Insert, Delete and Modify operations – For large Dataset, orders of magnitude better than v1.x. For instance, for a DataTable with PrimaryKey constraint, inserting million rows in random order takes around 45 seconds. Everett took 30 Minutes.
  • Maintaining DataViews in sync with underlying DataTable was very expensive in v1.x, In Whidbey it’s extremely fast – orders of magnitude better.
  • WebServices/Remoting for TypedDataset: It can be send across to other end without having to send its schema, significantly reducing the serialized payload and giving approx 4x+ improvement in end-end latency.

The following article (in addition to highlighting some new V2 features) also details the performance improvements.

Dataset performance in .NET Framework 2.0

MSDN Hard Drive Pilot

I can’t wait to go back and get my hands on the pilot MSDN Hard Drive that Microsoft is testing out. The MVPs are doing pilot tests on a future where the MSDN subscription would be offered in a huge 300GB hard disk and then updates downloaded to it. Forget about all the CDs/DVDs that Microsoft ships out monthly.


Some of the MVPs have already started blogging about it, Andrews has posted his first impressions and Manzi has some pics as well.

MSDN Hard Drive Pilot

Sending XHTML as text/html Considered Harmful

Ian Hickson has an published an intruiging paper on the case for avoiding XHTML.


Here it is in a nutshell:



  • Browsers decide how to handle a file based on the MIME type that the server sends with it.
  • HTML Web pages are identified with a MIME type of text/html.
  • Pages written in XHTML that are sent with a MIME type of text/html don’t benefit from any of the features of XHTML.
  • To benefit from the features of XHTML, pages must be sent as application/xhtml+xml.
  • The most popular Web browser (Internet Explorer 6) cannot view pages sent as application/xhtml+xml.

And all this time, I was ignorantly assuming that any well formed HTML page was XHTML. Well, you live and you learn.


UPDATE: I forgot to link to Ian Hickson’s paper http://www.hixie.ch/advocacy/xhtml.

Sending XHTML as text/html Considered Harmful