Back to Top

Friday, September 29, 2006


Yesterday I've participated in the local Windows Academic Program pitch. The main content was delivered by Adrian Marinescu. I can sum it up as a short version of the book Windows Internals. For the one of us who actually have read the book it was a little boring (although in the breaks I've managed to clarify some aspects which were a little fuzzy after reading the book), but for the ones who didn't it probably was right out confusing (as I've noticed from the questions).

He mentioned several improvements which went into the Vista kernel. My feeling about it is that it is very nice, but who will program against an interface which isn't on the market yet, won't be the version used by the majority for several years and there is no backward compatibility (one example which comes in my minds is the new Private Namespaces feature). I know that Microsoft is in a difficult position, because on one hand if they would offer an update kernel for Windows XP, they would kill off incentives to upgrade, but if they don't very few people will program using the new functions until Vista becomes a significant piece of the market. Compare this with Linux where there are very few reasons not to upgrade (one being that it breaks something you really care about – but this is a very rare case and usually updates come out very quickly for the given software). Having such a long release cycle really limits the options Microsoft has in my opinion.

An other feeling that I've got from the presentation (or better said: I've had this feeling for a long time and the presentation only reinforced it) is that Windows as an operating system (and I'm talking about the NT line here) is quite secure, the problem being the default policies and the way that they're trying to get people to adopt a new security policy in Vista for example. Because of fear for their revenue they (and I don't mean the technical people) are not imposing all the security restrictions they should, but rather come up with things like LUA, which IMHO is a semi-solution which can be used to blame the user if something happens (because they clicked yes without reading the message box – what percent of the users reads the dialog boxes anyway?).

Now for the fun part: all the source code that comes with this program. It is composed from three parts as you can see from the main site. I've looked at the licenses first (take care, because there is a different license for each component). The key points that I dislike:

  • You are not allowed to reverse engineer the tools which come with the curriculum. While I'm sure that there is a lot of information in the curriculum itself, probably there will be times where you wonder: how exactly does this tool do that?
  • IANAL, so the definition of derivative work is a little fuzzy to me, and I don't know exactly how this would apply later in your career if you choose to do this line of work (working at a security company for example and doing kernel level development).

Personally I will stay away from it, I think there is enough information out there which doesn't come which such restrictions. Also, for the moment I don't see how such access would be useful. It's nice to have, sure, but I'm not sure that it's actually useful (none of the two major Universities that we have here use / present kernel level code in their OS courses for example).


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.