Microsoft Longhorn: a new security model?

OSNews is reporting Fewer permissions are key to Longhorn security. “Software engineers who attend Microsoft’s annual Windows Hardware Engineering Conference later this month could get their first taste of a new Windows user permissions model that could change the way thousands of programs are developed and run. But as the company prepares for the final Longhorn development push, questions remain about its plans for a new user privileges model called Least-Privilege User Account, or LUA.”

Man, yet another security model! Systems Engineers struggled mightily with the Windows Domain Model and then Active Directory. I wonder how many more iterations Microsoft will go through before things settle down. Computers are such an infant industry when compared to construction or manufacturing. And even in those industries, its really only in the last century that science and engineering (helped, ironically, by the computer) has brought enough precision to the process to improve the success rate of large building projects and streamline the raw-materials-to-delivered-goods process with JIT and EDI. It will be a long time, I’m afraid, until computers reach that level of maturity. In the meantime, we have to look forward to churn and relearn, new ‘paradigms’ (ugh!) and models.

From Structured Programming and Object-Oriented Programming through Service Oriented Architecture, Extreme Programming and Model Driven Architecture, new models are being tossed around daily. A few rise to the level of popularity to make the buzz, sell a bunch of books and fewer still contribute a bit to the science of computer science, So many appear like last year’s diet craze, embarrassing to recall. Empty promises written by marketeers oversold the software, promising impossible returns on investment. Fred Brooks wrote the definitive conclusion nearly thirty years ago: There are no silver bullets.

What I do see working, out here in the real world, is that evolution works better than revolution. Sure, a few projects achieve amazing success with the latest new whiz-bang tool of the day, but for the vast majority of developers in the trenches, there is a slow accumulation of knowledge and wisdom of best practices that filter out from the few manic successes (and less talked about, but far more common, down-in-flames failures). New tools and techniques work best when introduced into existing systems side-by-side, so practitioners can compare-and-contrast, mastering the new systems at their own pace (while waiting for version 3 or service pack 1), picking up the good parts of “the way we’ve always done things” and matching them with the good parts of the new tools and techniques. Different shops need to evolve at different paces. Shops working in industries with long turnover cycles can take decades, where cutting-edge shops working with highly competitive customers can take months. Revolution means starting over, rewriting all the rules from scratch. No matter how insanely great a new tool, it still takes 5 years to gain the 5 years of experience all the want ads are looking for. It takes a major development effort and a deployment and an update and a redeployment and a wave of new machines and a few major changes before you know how a toolset can handle the entire software development life cycle. A demo with two notebooks on a stage does not a robust system make.

Microsoft wants to start over with a new security model? It took until Windows 95 for the Win31 model to mature, and until WinXP for the WinNT model to be complete. Third time’s the charm?


Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.