The videos are really interesting and his background muzak and RGB lighting puts me in a Christmas mood. He generally put Microsoft in a completely different light than I'm used to, he speaks warmly about his job, co-workers and Microsoft, while acknowledging much of the weirdness going on in Redmond.
Only problem is that watching is channel will trigger something in the YouTube algorithm and flood your feed with videos on ADHD. Presumably it has to do with his videos on autism and ADHD, but I feel like YouTube should be smart enough to notice that I didn't watch to videos, only those on coding and Microsoft history.
Dave's Garage is a channel with genuinely interesting content and is very knowledgeable about all things Microsoft/Windows.
However (I hate to be this guy) take everything he says about non Microsoft/Windows stuff with a huge grain of salt. Especially after this comment he made [1]:
>"No, Windows is a closed-source operating system loved by millions. Linux is an open-source operating system which includes a binary blob from Linus Torvalds built into EVERY release that ONLY he has the source code for. Pick your poison. They're both closed, one just has the illusion of transparency."
I thought this was fake but you can check the link as the comment is not deleted yet.
Again I reiterate, Dave's garage has very interesting content, but take everything out of his expertise with some scepticism.
That comment is replying to someone saying "Windows is a rootkit". To me it looks like someone replying to an absurd, untrue statement about Windows with an obviously untrue, absurd statement about Linux.
Unless this is part of a larger pattern of inaccurately describing Linux, I don't believe he literally believes what he is saying in this comment.
I don't know, doesn't read like a joke exaggeration to me.
I think the most likely thing is that he's confused about firmware blobs and is mixing things up.
He probably never looked much at Linux and just heard a few things here and there. He was at Microsoft during the Balmer "Linux is cancer" and "get the facts" era, so that probably coloured his view a bit.
That said, I agree you shouldn't attach too much meaning to a singular comment like this. Maybe he was joking after all, or maybe he was just wrong. We're all wrong sometimes, and that's okay.
I actually have been checking out his channel after watching the Dave Cutler interview and he generally has level headed takes about Linux from what I’ve watched. That comment is… a doozy though.
But generally it seems like he uses all three of Linux, Windows, and Mac and talks positively about each of the three.
"loved by millions"? In all my years in the IT sector, I'm not sure I've ever met anyone who actually loved Windows. I've certainly seen my share of Apple fans (some people call them "cultists"), and of course plenty of Linux/FOSS devotees, but I've certainly never seen this kind of devotion in Windows users.
I’m not as devoted to Windows as Apple people are to Apple, but I will happily go on record and say that at least from the perspective of a user, I’m a fan of windows.
Not the OP, however in my case while not enough to have an Apple tattoo [0], enough to have long stopped being an UNIX zealot since Windows 7 came around, fed up with "Year of Desktop Linux".
Honestly, if you surprised me with a computer running Windows XP I think the most immediate feeling I would feel for that computer is love. Windows 95/98 would also bring up some feelings but not as much as XP.
But yeah, "business as usual" Windows without nostalgia attached is hard to love, in my opinion. For the most part it just works decently but has a "It doesn't seem like I'm in control of my computer, really" feel to it.
You might not see devoted Windows users like mac or Linux but if the Windows users were to try the other two, the majority of them are not going to like the experience and the limitations they come with.
YouTube recommendations have always been pretty awful, incentivizing people to avoid exploring videos on controversial topics once they learn that if they do so, they’ll be inundated with garbage on that topic.
The recent forcing of people (including me) to turn off their ad blockers was an eye opener. Holy crap, YouTube ads are hot garbage, and it’s embarrassing to think that any humans respond to them. YouTube has abandoned any pretense of offering a good user experience.
Worth digging around in the muck a little to watch something as great as this Dave Cutler interview, though.
> YouTube recommendations have always been pretty awful
This is what surprised me a lot. A friend of mine made me install TikTok (after me disparaging it a lot). I made an account for it with a dummy address, went off to the races, and after a couple of days I suddenly caught myself having been scrolling my feed for ~1h10m minutes without realizing it. I literally recoiled and dropped my phone, after which I uninstalled TikTok immediately.
YouTube has never had that kind of grip on my dopamine receptors. There are a great many (longform) edifying videos on there. And sure, there are interesting videos, and it is good at recommending a few adjacent videos to those. But the algorithm is not nearly as good as TikTok, I can recognize that immediately.
Aside from how horrifically good TikTok is at hooking your dopamine receptors, another thing I have to give it credit for is how egalitarian it is. YouTube is all about subscribers and network reach. On TikTok it’s the content that goes viral, not the creator.
Totally agree - TikTok is the most addictive app on your phone. You can download the Unhook chrome extension which blocks related videos and shorts. That really helps to improve your youtube experience.
> YouTube recommendations have always been pretty awful, incentivizing people to avoid exploring videos on controversial topics once they learn that if they do so, they’ll be inundated with garbage on that topic.
Right-click on the video in question and copy the URL, open a new private mode window, and then paste the link in. Your default viewing preferences won't be contaminated.
If you forget to do this going to "History" in the left pane and removing them from your watched list (seems to) have the same effect as not viewing it via your account in the first place. E.g. I'm not much of a car guy but once in a while a recommendation for a particularly unique car video will come across so I watch it and suddenly my recommendations are chock full of car videos like YouTube just discovered a new hobby I'd love to spend 100s of hours watching videos on - until I clear the video from my history and it's completely back to what it was before.
All I had to do was update the rules for Adblock Plus free version. I'd been getting the warnings for several days, then yesterday it would only let me watch 3 videos. I then updated AB+ rules and nothing pops up and things just play like "normal."
All I had to do was nothing. Yesterday I said to myself, this is the end, I'll never go back, never again attempt to view a video on it, because 99% of the time they'll ask me to purchase premium, please dear self, find new hobby. Today my muscle memory took me once more to YT and there are no ads and no popups begging me for money. They pulled me back in.
I'm using not recently updated uBlock Origin + FF.
> I said to myself, this is the end, I'll never go back, never again attempt to view a video on it, because 99% of the time they'll ask me to purchase premium
I see this kind of language all the time on HN. Reminds me of "This one hurts, it really hurts. I think this hurts worse than Musk buying/poisoning/killing Twitter. I've mentioned this before but a keyboard feels like an extension of your body". The context was Microsoft closing the support forum for some keyboard software they hadn't updated in years.
The top comment from that thread seems relevant: People need to take a break. Being terminally online and complaining about everything is not a healthy way of life.
Yet. The keyword of the times seems to be enshittification, and the only companies that take a step back from it seem to be doing so just to double down on it the moment the outrage calms down.
Well, when/if they add ads, I’ll reconsider my subscription. As of now, I pay to sustain YouTube’s business model and creators I like, and I’m rewarded with no ads.
I know I heard a rough number at some point of the value of a Premium view vs an ad supported view. Can't find it without digging, but here's a source for them being a good amount more valuable https://youtu.be/-zt57TWkTF4?t=412
I have heard anecdotally from streamers that YouTube still pays better than any other platform all other things being equal (so long as you don't touch any topics that YouTube likes to regularly demonetize).
Some creators have previously stated, here on HN, that they get a much bigger slice of YT premium. Sorry, I'm too lazy right now to Google a link for you.
Currently Premium really only gets you no ads, along with YouTube Music. If they start having ads, I don't really see that being a viable product. Of course they could stuff 12 ads in a 20 minute video, but I think they would lose most of their subscribers.
> incentivizing people to avoid exploring videos on controversial topics once they learn that if they do so, they’ll be inundated with garbage on that topic
Not that hard to work around frankly. Just delete the offending video that trigger the avalanche of recommendations from history - make sure you did not leave a comment or vote on the video; zero interaction apart from watching (which will be forgotten when you remove it from your history)
> Holy crap, YouTube ads are hot garbage, and it’s embarrassing to think that any humans respond to them. YouTube has abandoned any pretense of offering a good user experience.
This I agree. YouTube (Google as a whole) has stopped trying to match eyeballs to relevant ads. Instead they have handed the reins to advertisers to bid for who they want to advertise to. So if advertisers was to be self-destructive and make your web experience crap, Google will happily let them as long as they get their check.
I've been using PeerTube recently. After spending a ridiculous amount of effort, I have a server that pulls down indexes from other servers and mirrors content both for me locally and to share bandwidth with other users.
As absolutely awful as this experience has been, it's still less painful than dealing with google ads. The amount and variety of videos on there is much lower, but I've managed to federate with enough servers to curare a fairly interesting list.
I just can't/won't tolerate ads anymore. It doesn't have to be this way, and I choose to simply not use these ad platforms wherever I can. It's much more pleasant online when you go to spaces that aren't constantly trying to sell you something or spy on you so they can sell you more stuff.
Basically, you can have your server follow another instance as if it were a user account. Assuming the remote instance allows follows, their local feed gets duplicated to your federated feed. If they allow mirroring, you can configure the server to mirror in different ways. You can mirror the N most viewed videos, new videos, and 'trending'. Then you can set a disk capacity limit, and have videos fall off after so many days. Presently I'm sitting on 320GB of mirrored videos. 300 is automatic mirroring.
Then of course you as a user can manually request a video be mirrored. I typically mirror everything I watch. I wish it had an option to automatically mirror your subscriptions, but it should be fairly trivial to write a script that does it.
> YouTube recommendations have always been pretty awful, incentivizing people to avoid exploring videos on controversial topics once they learn that if they do so, they’ll be inundated with garbage on that topic.
I haven't had too many problems with their recommendations, then again I do not log in and have topic specific containers setup in Firefox. After a while, it pretty much limits videos to a specific topic within a given container. The results may not be things I want to watch, but at least I don't get much crazy stuff.
As for controversial topics: yes, I avoid them. Then again, that has as much to do with avoiding agenda pushing dreck than anything else.
About 3 days ago, I watched a single 10 second Short on a Soufflé from my recommendations page and since then half my recommendations are soufflé videos.
This is not a joke, and “half” is pretty accurate. I’m pretty sure something is broken or YouTube added an LLM to the recommendations engine.
The combination of Firefox, container tabs, uBlockOrigin and uMatrix, makes for a far, far better Youtube experience.
I have a container for "I would like Youtube's algorithm to learn this". Everything transient by default doesn't go into it. This is, incidentally, the most wonderful demonstration of the worst aspect of the whole idea of targetted advertising: buy a sofa, and get sofa ads forevermore, despite you not wanting another one for several years!
I recently watched a video (2 years old video) of a guy documenting that he had participated in make a wish, and that the kid had left this world, etc. very sad video.
My recommendations have been filled with nothing but cancer stories, people on their deathbed, all kinds of ailments, etc. From that single video, which was not at all related to his regular videos. I haven't watched any of them, and they just keep pouring in.
I'm learning rust (programming language) and I went through one playlist of intro videos...apparently I no longer have other hobbies. The DIY/woodworking stuff I've watched religiously for years has just disappeared unless I go hit the topic selector.
There's also been a big addition of "generic" videos to my feed this year--celebrity news and stuff I don't like. In the past, I had a different problem...I wanted to watch nearly every video recommended.
Ha! I didn't know he had adhd. I watched one video of his last week and ever since my feed is all adhd stuff. I was so confused, but now it makes sense.
I feel like no one on the planet understands how YouTube recommendations work. the same for Large Language Models.
YouTube keeps a watch history of every user. users can clean up their view of their watch history, but YouTube keeps it all.
if you watch any particular video, YouTube will start suggesting videos watched by other people who watched the video you just watched. YouTube does not know or care what the subject of the videos are. it only knows that people who watched a given video also watched these other videos.
there is ZERO intelligence, here.
if you want the ADHD recommendations to go away, remove any from your watch history.
your view of your own watch history (the list you can remove videos from) is what sets recommendations for you.
I think the broken assumption is that they make these decisions on the granularity of a channel rather than a video. A channel like Dave Plummer that talks about multiple topics (tech and neurodiversity) gets neurodiversity suggestions even if that's not the video you've watched within the channel.
I assume some followers watch only the tech, others watch only the neurodiversity topics, and some watch both.
You could have a recommendation engine that works in almost exactly the same way as Google's that suffers less from this problem.
The effect of that is what people are referring to here. How is one supposed to know a tech-based video they watched once is the reason for videos made by someone else entirely on the topic of ADHD being recommended. No one is going to make that connection and clean up their watch history accordingly. Additionally tying recommendations to watch history maybe needs a step removed. What if I like to see the history of everything I watched without it affecting my recommendations?
A few months ago I must’ve been digging into settings and turned off watch history as I get only a blank page with no recommendations. I don’t discover content as much as I used to but it’s been a good change for me - just seeing updates from the channels I subscribe. Stumbling across content is left to sites like HN or other communities.
Current AI buzztalk is that we don't know exactly what intelligence is, so we can't possibly know if The Algorithm™ is exhibiting zero intelligence, or if it has somehow gained sentience while we aren't looking and is slowly manipulating us into eternal servitude to it.
Worse is that things land in your watch history simply because your mouse hovered over a video on the page and it auto-played, even if it was only a fraction of a second of play time.
In fairness to the algorithm, Autism, ADHD, and OCD have significant core presentation overlap, and often get talked about in the same spaces online. There's probably a high relation in their searches for the topics.
Doesn't stop the Youtube algorithm from easily being the worst of the major social media sites though.
Are you guys sure that the algorithm’s goal isn’t to shove down your throat a slightly related topic to make you exposed to it, in case you’ll like it? There are a few interests of mine which I found after clicking some recommended video after resisting it for a month.
The "algorithm" isn't some simple KNN. It has many people working on it, so by now it should at least grasp the difference between two topics that are similar and two topics that are the same.
Dave C was a key player in developing Windows NT, which was key to jettisoning the virus-riddled hot mess of Windows prior to that. You're attacking the wrong guy.
I‘ve started as Windows systems engineer with NT 4.0 and it was my day job through around Windows 7 and Windows Server 2008. I rarely had problems or blue screens because of the operating system as such.
Never used 95 or 98 at home though, started with 2000 Pro there.
Tell us how you really feel. Just because you don’t like the past doesn’t mean it didn’t happen. I’m glad someone’s documenting it, at least their perspective of it.
To avoid direct godwin's law, do we listen to members of Pinochet's cabinet wistfully interview themselves about the good old days and the wild west of Argentina's totalitarian heydey?
>- day to day execution riddled with a half dozen virus scanners and other things that barely worked. How many millions of dollars have been stolen from people because windows wouldn't actually fix their OS? Or is it billions? Ha ha so funny
So, what was the solution to people downloading viruses?
He went from "I'm only here for the subs and likes" to "I'm mostly here for the subs and likes". I wonder what the next step is.
That said, his channel does have much interesting content. I just wish he didn't go into sponsorship-reviews like with (Chinese) Ecoflow like products.
I haven't watched this video yet but I'm looking forward to it, having read Showstopper[1] quite a few years back.
One thing that stuck out to me when I was still in my early 20s thinking I needed to work all the time was the mention that Dave would always take holidays on time, every time without any debate.
While I may not love Microsoft, it was probably my first real exposure of a highly competent and qualified person who wasn't grinding 24/7.
It still feels nuts to write it but it's a holdover from rural (and retail) life where the mindset is basically "The more you suffer, the more virtuous you are".
As much as I still struggle to properly take time off (that is, it's easy to postpone because of X or Y being more important), thinking about Dave's view is always a good reminder that it's not a choice between taking a break and being good at X.
I wish I would have more spiritual and material insights onto how the 24/7 grind mindset became widespread in USA, possibly via Calvinism and the Protestant work ethic. The foundations do prescribe regular perusal of relief valves.
8 Remember the sabbath day, to keep it holy.
9 Six days shalt thou labour, and do all thy work:
10 But the seventh day is the sabbath of the Lord thy God: in it thou shalt not do any work, thou, nor thy son, nor thy daughter, thy manservant, nor thy maidservant, nor thy cattle, nor thy stranger that is within thy gates:
11 For in six days the Lord made heaven and earth, the sea, and all that in them is, and rested the seventh day: wherefore the Lord blessed the sabbath day, and hallowed it.
Pure personal anecdote, a couple years back I did explicitly choose to observe 'zero work Sundays', either office or domestic. Rejecting the oft self-induced guilt for daring to catch my breath 1/7 made a measurable dent in improving QoL. While YMMV, give it a try. Usually stuff can wait a day.
I have noticed this too. Often people spend the weekend doing housework, personal projects or other chores so it doesn’t really feel much like a rest day.
I don’t always have the chance, but truly doing no work one day a week is very refreshing.
A huge part of this is tied to the "conscientiousness" aspect of the Big 5 personality.
For myself, I need 1.5-2 days of off-time, depending what I'm working on. I consider myself a constant grindstone-lover, and most of the people I work around seem to reflect your 3.5 number, but I've seen some people who probably need 5 days off a week.
No shame in any of it, though. Everyone's wired differently. The USA has a unique taboo about "enjoying life", and I blame its post-WWII militarized culture for the most of it.
And really, it primarily benefits business owners who live by a different motto (making money work for you). Each employee who “puts the nose to the grindstone”/“puts their back in to it” generates more profit for the company but doesn’t need to be paid more. Then when their health deteriorates enough that they can’t do the work they can be replaced.
Apologies for the roughness of this late-night reply. I feel like people here know this intuitively already anyway.
> it was probably my first real exposure of a highly competent and qualified person who wasn't grinding 24/7.
Over the years, I've noticed that most (although certainly not all) highly experience and skilled devs are rigorous and unapologetic about taking time off. I didn't take the clue for a long time, though.
Then I burned out. Now, I recognize that taking time off and sticking to 8 hour workdays (except in actual emergency situations) is a professional responsibility as well as a personal one, because it helps to reduce the risk of burnout, and burnout is bad for literally everybody.
I read the same book you did. How is it that I got the impression from the book that most people (Microsofties) actually did overtime voluntarily? I mean Microsoft didn't have to pay overtime because the employees all thought they were sufficiently compensated by the stock price going up!
Near the tail end of WinNT 3.1 development, I read an article (possibly from Usenet) about someone creating a screensaver that showed a bluescreen.
I had never created a screensaver before.
I could reliably cause my WinNT dev box to bluescreen due to a bug in an internal Microsoft network driver.
So I read the docs for writing a Windows screensaver. After writing down the values shown for my bluescreen, I cobbled together my first and only Windows screensaver.
I sent an email to the Windows NT group announcing my creation for laughs and giggles.
A few weeks later, the NT build group decided to play a prank on Dave Cutler.
They installed my bluescreen screensaver on one of their build servers.
They also unplugged the mouse and keyboard from the build server.
Then they waited...
Dave Cutler comes in to check on the status of the latest NT build.
He turns on the monitor and sees a bluescreen.
He tries moving the mouse.
Nothing.
He tries typing on the keyboard.
Nothing.
Then the unanticipated happens.
He reaches over and pushes the power button on the build server to reboot the build server.
NOOOOOOOOOOOOOOOOOOOOO.
I never heard about the aftermath/any fallout from their prank.
Because a blue screen is a nice spot to debug. It’s like an assert statement. You want to find out what’s the error code, where it happens, and why. Even a vague location can narrow down the problematic area.
Was the BSOD screensaver from sysinternals by Mark Russinovich?
I had installed the same and couple of my colleagues sitting around me had done the same.
Our CTO (Robotics simulation software) was visiting and had an early morning meeting. He saw this on all screens and had a minor panic attack fearing a virus outbreak or software bug.
I installed that on a housemate's PC and waited for his reaction in the next couple days... But it never came. And so I forgot about it.
I moved out. It must have been a couple months later (we were and still are good friends), we're out somewhere and the first thing he says to me "did you install a BSOD screensaver on my computer?!?" And I suddenly remembered, realized it had been months and started laughing.
What's hilarious is he never tried pressing anything or moving the mouse.. since, being a developer, he knew that was pointless. He'd sit down, see the BSOD, (often swear,) then just press the hard reset button. In true evil fashion, I think I set it to a long interval, like 2 hours, so it only activated if he walked away but left it running.
I do still feel a bit bad about it. But only a bit. :)
I’ll recommend here the book “Showstopper!: The Breakneck Race to Create Windows NT and the Next Generation at Microsoft”, which someone else recommended a few weeks ago. Link:
I’m still reading it, but it’s really enjoyable. And it makes me wish I had been part of that history. Particularly the whole thing about dogfooding a brand new OS. But it caught me a few years too early.
Great book. I remember reading it on the flight out to a job interview with an OS team. Thanks to the book, I sounded much more knowledgable than I really was, and I was more excited about the whole space than I had been a few days earlier. ;-)
(Got the offer, but didn't end up taking the job.)
The bit I found interesting was how Xbox's hypervisor is based on that of Azure, rather than anything they did on the desktop, and that Xbox games are/were packaged up with an OS rather than relying on a single OS on the device, so a bit more like containers. Dave also said he's working on making ML workloads run on idle Xbox Cloud Gaming devices. Any architectural tie between Azure and Xbox had never occurred to me before.
sort of, if you go back into the NES and Gameboy days, sure, but PS2/Xbox had an operating system that it loaded and so did PS3/Xbox 360.
Microsoft took a step "backwards" in allowing it to load any variant of the SDK that you built the game with.
In contrast, you had to keep rebuilding your PS4 games when they came out with new major SDK versions, so the development experience was definitely better on the xbox one. (oh, and you could turn a test kit into a retail kit was great too, as someone who worked closer to live operations than dev only).
Many PC games through the mid-1980s were shipped as booters, for ease of use and for copy protection. The growing popularity of hard drives caused the shift to key disks, code wheels/books, and other forms of copy protection. Same for many Apple II games.
Although C64 does not have disk autoboot, one can argue that the same principle exists there too, again because of copy protection; many Commodore disk games use custom disk formats that Commodore DOS cannot read. `LOAD "*",8,1` loads a boostrap that in turn reprograms the drive to load the format for the rest of the game.
There is an amazing video about Xbox security. It's extreme.
For example the games executables are actually encrypted on the game discs, and it's almost impossible to even dump the actual binary that is running. RAM is also encrypted.
Or the reason modern TPMs live inside the CPU is to prevent sniffing the TPM bus which people did on the Xbox.
The part about that video that makes me resolve to never buy an XBox is when they explicitly state that the user is considered hostile and the threat vector – hence the silicon-level DRM that requires a clean room, electron microscope, and molecular beam epitaxy to reverse (which their crypto algorithms also assume will happen, what with the whole pubkey/privkey root of trust and all...).
I'd like to be treated as a customer, and allowed to play on the hardware I just paid a lot of money to buy!
Dave explicitly said in the video that the Xbox hypervisor is based on Red Dog, which is not HyperV based, which was also the hypervisor used in early iterations of Azure, but that currently Azure runs on a variant of HyperV.
Hey Torrent, can you provide a reliable source for that info? Recently, I’ve noticed a surge in Domain Specific VMs even in userland for Linux (like Google Falcon). This has led me to wonder if a boot loader combined with a bytecode VM could optimize performance in not only games but also various applications. I tried checking an Xbox game binary for traces of a VM. Given the potential for encryption obfuscation, I assumed the binaries might be encrypted and didn’t dig deeper. I’m not familiar with the gaming or pirating scenes, so this is all novel to me. But I’m keen on exploring this idea further. What can HyperV bring to the table in this context?
I worked in the windows kernel team and my favorite story about DC is when he basically made x64 happen because he hated Itanium architecture so much. He worked with AMD and basically made it happen while cranking in his corner office.
What's intriguing to me is that Itanic was the "fetch" that Intel tried to make happen not once, not twice, but three times: once as iAPX 432, once as i860, and once as Itanium. The whole idea of "pack multiple (often variable bit-length) instructions into a word and rely on compiler writers to determine optimal instruction packings" to make implementation simpler and therefore hopefully faster, but woe betide thee if thy compiler dost not find such optimal instruction packings; for then thy CPU will actually run code more slowly than a conventional design like x86! Someone very high up at Intel must've been very in love with this idea, as it was tried and flopped thrice throughout Intel's entire history as a major microprocessor vendor.
I didn't think AMD64 was a good idea at the time because it was more of the same. But good on Dave for helping eliminate the cruft that pretty much killed the RISC revolution.
There’s a little segment where he talks about that! It blew me away because he so casually mentions how it happened as a side project. I hope someday I can manage to put something that impressive together in my free time.
I was an SDET on the Windows team in the 2000/XP era and heard that the internal code name for the x64 port was “Sundown” because Microsoft was hoping it would take down Sun in the server market. Unfortunately for Microsoft, that prize went to Linux on x86-64.
One of the most pivotal moments in my software engineering career came from reading the leaked NT source code (6-7 years ago) in conjunction with reading the Showstopper[1] book. The NT leak is particularly fascinating because it included all of the author history, so you can see exactly what files Dave Cutler worked on. The book goes into detail about how we ended up with things like kernel modules having pageable sections -- which is fascinating in its own right.
The book describes Cutler coming in and revamping certain assembly routines and you can see exactly what routines are being talked about in the actual source code.
Cutler's code was (and I'm sure still is) absolutely beautiful C code. It really impacted the way I write NT-style C code.
Yes, having watched that I'm waiting to see if there's substantial difference in the content between the two. I've watched a few snippets of this new interview, but so far I am not sure I heard anything new.
Looking back on all both Daves said, there is an extraordinary amount of attention paid to getting things done and out the door, and almost no mention of planning ahead, and actual security strategy. Its all commercial pressure to get the sausage out of the meat grinder, and keep the failures down to an acceptable level.
No wonder things never get better, and never take a turn in the right direction, industry wide. I used to think we'd eventually get to capability based security, but now I see we'll always be stuck with application permission flags, the almost worthless bastard cousin, instead.
Most execs at most companies really are driven by very short-term planning and thinking, as it benefits their career to do so. They just need enough good quarters/years to justify their promotion from VP to SVP or SVP to CEO. Nobody gets blamed and punished three years after they move on to a new role for the shortsighted choices they made in their previous role.
Having said that, Cutler is not one of those execs, but was certainly subject to pressure from above to get systems out the door and keep the revenue stream coming in. As he mentions early in the interview, he’s really bothered by shipping bugs, really disappointed with the quality of software engineers in the industry, and really bothered by program/project managers treating every bug like a rare corner case. I concur with him on all three. Most of the bugs I file are “corner cases”, and yet I hit those issues every day and my bugs have multiple dups in the database and/or my bug gets duped back to an early report.
Having spent a few decades in this industry, all of it in Big Tech, I have yet to come across a company that doesn’t fold to the same sort of pressure, even if the engineers and first-level managers are pushing to get bugs fixed before shipping, and pushing for more frequent bug fix updates.
Steve Jobs pushed individual contributors to perfect products before shipping them. Bill Gates had no taste to justify any sort of perfectionism, or compunction against shipping buggy products (https://www.youtube.com/watch?v=IW7Rqwwth84). It was all dollars and cents, as far as I can tell.
As an Apple user since the launch of the original Mac, I guarantee there have never been any perfect Apple products.
Every Mac OS until OS X crashed continuously on even moderate use. Thankfully Steve did manage to build better systems at NeXT and brought that technology back when Apple acquired NeXT and was able to substantially improve Apple’s Mac product as a result.
It’s still far from “perfect products”, though, even during the time period that Steve was still alive and at Apple. To your point, I do agree that things have gone downhill quality-wise since his death, but I attribute this as much to being completely schedule driven as I do to the personalities involved in managing the projects.
I do use them. The hardware is impeccable. The software is admittedly more spotty. But even then, the OS is great.
All in all, I can't think of a better platform or I'd use it.
And the question wasn't about a better platform or the vague "greatness", but the myth of perfection, the one where serious bugs unfixed for years should be enough to dispel
Shipping is a feature. Nothing is ever done and nothing is ever bug free. Cutting the scope to have a complete product in finite time is the single most important part of product management.
Agree, with the caveat that I think finding the balance here is really the hard part, and projects that don’t pay down technical debt eventually fail, if only because people decide to replace them because of the debt.
At the time, Windows NT was lauded for having better security than its competitors. I remember “Department of Defense C2 level security” being invoked often. It was a major selling point, though one that didn’t feel relevant for most users (in fact, lots of people felt like “why would I need this?”; it made it seem like an OS that wasn’t for “normal users”).
Early ’90s conceptions of security—both what makes it and how relevant it is/for whom—don’t match our expectations or what we consider state of the art today.
Yeah, that was all marketing nonsense meant to confuse laypeople.
TCSEC Level C2 was intentionally designed to be a “baby’s first security certification” level meant to allow existing known insecure products to get a (low) rating so that commercial vendors could get familiar with the concept [1]. It, at no point, was ever meant to indicate any meaningful level of security was achieved, just that you filed the paperwork. In fact, Level B1, the level above C2, was meant to be the “training wheels” level. Microsoft has still never achieved a security certification in the successor standard, the Common Criteria, that has reached the “training wheels” level.
Microsoft security is a joke now and was a joke then, nothing has changed.
In what world are formal proofs of correctness “box ticking exercises”?
You are wrongly extrapolating that the lowest levels of certification, that were literally designed to allow people incapable of more than box ticking to be rated on a unified scale, somehow applies to the levels that were designed to evaluate actual security.
That is like saying the Richter scale is useless because you can not even feel a 1.0 earthquake. That is the entire point. The scale can measure from very low to very high. You are complaining that the scale is useless because the lowest ratings are easy to get, yeah, duh, that is why they are low ratings.
However, you are correct for SOC. That is because the highest ratings are easy to get and are mere box ticking exercises. If the highest rating is easy, then the standard is useless for evaluating anything beyond that. This logic does not apply when a low rating is easy to get; that just means anything which can only get a low rating sucks.
Adding the word "formal" to something doesn't mean it can do the impossible. It's not realistic to prove things correct, since it's both an impossible amount of work and you'll end up finding that your definition of "correct" was incorrect.
(CompCert, a "formally correct C compiler", has had bugs found in it.)
I do not see how that is relevant to my statement that formal methods, as required by the higher Common Criteria levels, do not constitute “box-ticking exercises”.
Or are you arguing that these standards which require proofs of correctness are useless because proofs of correctness are much less impressive than box ticking?
Nothing realistically complex can be proven "correct". There is even a mathematical theorem about it - given a program's code, one can't even prove that it ever stops.
One can, of course, apply proof of correctness to simple curcuits, where all possible inputs and outputs can be enumerated.
That is a complete misunderstanding of consequences of Rice’s theorem which generalizes the halting problem.
You can not prove non-trivial properties about all programs that could could ever exist with no false positives or false negatives.
You can prove non-trivial properties about almost every program.
For instance, if I want to disallow programs that will not halt, I can just reject any program with a unbounded loop. I may also reject programs with a unbounded loop that will halt, a false negative, but I do not care. I just want to be certain that I will never run a program that will not halt. I just decided: “will definitely halt for my purposes” even though the halting problem is unsolvable in general.
This is generically true and is why formal methods work at all.
I know that I have more confidence in a proven compiler that is thoroughly tested over a random compiler Joe the intern slammed out, but you do not seem to think that way. That is fine, you do you.
> However, he said the Army has moved its web sites to a more secure platform. The Army had been using Windows NT and is currently using Mac OS servers running WebSTAR web server software for its home page web site. Unger said the reason for choosing this particular server and software is that according to the World Wide Web Consortium, it is more secure than its counterparts.
> Unger said the reason for choosing this particular server and software is that according to the World Wide Web Consortium, it is more secure than its counterparts. According to the Consortium's published reports on its findings, Macintosh does not have a command shell, and because it does not allow remote logins, it is more secure than other platforms. The report also said the Consortium has found no specific security problems in either the software or the server.
That’s a rather dubious conclusion if based on that criteria.
Windows XP still likely meets that standard as long as it's air-gapped and placed in a facility that has at least the equivalent level of access control, and never removed.
> I used to think we'd eventually get to capability based security, but now I see we'll always be stuck with application permission flags, the almost worthless bastard cousin, instead.
My hope is that WASI will introduce capability based security to the mainstream on non-mobile computers [0] - it might just take some time for them to get it right. (And hopefully no half-baked status-quo-reinforcing regressive single-runtime-backed alternatives win in the meantime.)
Their EULA absolves them from all consequences! why would they care what happens to your computer after they get their chunk? That could arguably be the biggest economic contribution software has "given" us, these binding agreements that "we'll take your money, but we don't promise you anything, Sucker!"
The market rewards companies that get there first. Market and regulators hand out slaps on the wrist for lapses in security. Actually punished if you are second to market
No, not just that, but before the idea that most systems would be internet connected.
NT's design was started in 1989 and 3.1 was released in 1993 - development started a full 7 years before the idea of a connected world was commonplace, and a full 12 years before wide deployment of broadband.
Whatever comes along that is a clean break with NT, and Unix - will have these assumptions built in.
POSIX is incompatible with security. Any such new system can not support it to have any hope
of being secure. Do you think folks can live with that?
It's like trying to introduce outlets and circuit breakers to folks used to just hot wiring directly to the grid.
The idea of the OS directly enforcing the will of the user(through power boxes that return handles/capabilities, instead of dialogs that return names) takes a little adjustment.
Not how I remembered this era. When I got my first NT beta CD in 1992 the place I worked already had public IP connectivity and NT already had working TCP/IP. We were pulling new beta releases down from the MS ftp server (rhino.microsoft.com) by early 1993. It was Windows 3.1 that was developed without consideration of internet networking.
Regardless of you feelings towards him or the company he works for, Cutler has been a very influential software engineer through his work on OpenVMS and Windows NT, and I don't think he's talked about as much as the Bell Labs gang, Stallman, Linus, Stroustrup, and so on.
We’ve got such range as a species. Yesterday I read about a 99 year old walking up 1776 stairs of the CN Tower. I’d probably require medevac if I tried that.
I was hoping to get some insight into the roots of NT. At the time my understanding was that it resulted from the split between IBM and MSFT and that MSFT was already developing NT based on their derivative of OS/2. That was IIRC before Dave Cutler went to MSFT.
Later on that (OS/2 -> NT) seems to have been scrubbed from history and NT is now derived from VMS. I'm curious where the truth lies.
It was well documented at the time that early NT error messages occasionally identified themselves as OS/2.
I'm over an hour in and not sure how close I'm getting to that. At about 1:09:00 Cutler states that they "developed NT on OS/2" but I think he meant their toolchain was hosted on OS/2 (and they couldn't wait to get off of it.)
I knew someone who worked on the Windows kernel in the "aughts". Apparently, Dave Cutler was still looking at kernel code reviews back then, and could be quite unsparing in his feedback.
I caught that too! It's either he got an early proc since he's Dave Cutler (see his other mentions of AMD in the talk) or he confused it with EPYC. Considering he mentioned he has two machines, the other 64-core and how AMD approached him before on 64-bit and all.. I'd venture to guess he got in early.
Was the origin of 'NT' in 'Windows NT' really New Technology? Some suggest that the name might have originated from the Intel i860 CPU. Originally, NT was targeted at the Intel i860 CPU, codenamed N10 (or "N-Ten"). Dave Cutler's put to rest that it was 'New Technology' https://www.youtube.com/watch?si=2ZCM44xPTR831MeR&t=4233&v=x...
I've been watching Dave's garage for a while now and really love it. The combination of new projects and "war stories" as well as his personality ticks all the boxes for me.
The Smithsonian has a copy of the “NT OS/2 Design Workbook” by Cutler and others on the team. I don’t think there’s a piece of technical writing I’d more like to read.
This is fascinating in so many respects. One is it is almost like his whole career developed through a series of events attempting to escape the usual bureaucracy of successful companies.
Reading the article is pure folly! They'll steal your IP address, inject silly JavaScript into your hypertext markup interpreter, render their text in unpleasing typefaces and suboptimal contrast, hold you ransom with cookie popups or paywalls... One must protect oneself. The only way to safely interact with the world wide web (called "web" because it's a trap like a spider web!) is to gleen what you can 2nd hand, from the hackernews comments.
Joking around tends to earn downvotes, and that's okay --preferable, even. Your approach is quite common, I think. I very often look at comments first, too, depending on the topic & source. The only time skipping the article is any kind of issue is when people start engaging in the comments without proper context.
I do this sometimes, usually when the topic seems interesting, but I'm not familiar with it, so I don't know if it's worth spending time reading the whole article. By voting up, I hope that it will remain on the home page longer, so that people will notice it and comment on it. Then, if many people comment and if the comments look interesting, I might read the main article.
For those who misread the title as I did, this is not Dave Coulier. Moreover, it is not Dave Coulier wearing stonewashed jeans and a mullet, making Full House era jokes, in a forgotten Microsoft promotional video about Windows 95.
The videos are really interesting and his background muzak and RGB lighting puts me in a Christmas mood. He generally put Microsoft in a completely different light than I'm used to, he speaks warmly about his job, co-workers and Microsoft, while acknowledging much of the weirdness going on in Redmond.
Only problem is that watching is channel will trigger something in the YouTube algorithm and flood your feed with videos on ADHD. Presumably it has to do with his videos on autism and ADHD, but I feel like YouTube should be smart enough to notice that I didn't watch to videos, only those on coding and Microsoft history.