Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is that a reasonable excuse? If they have so much money their operating system should be fixed faster, not slower, than other operating systems.


More resources should make the number of fixes possible per year greater, but it may not substantially reduce the time from notice to fix any single issue (and may, because of organizational overhead involved, sometimes increase the time for particular fixes over an organization with fewer total resources.)

Maintaining code is not a trivially parallelizable function.


> Maintaining code is not a trivially parallelizable function.

Yes, I know this, thank you.

But we are talking about billions of dollars vs. millions of dollars (for Linux / BSD). We are talking multiple orders of magnitude(!) more money. I realize there isn't a Silver Bullet, but the fact that what we have heard coming out of Microsoft about they're management practices year after year is ABYSMAL, it is not an excuse. Especially when people who are working for free, with no/little organizational support, can beat them at releasing security fixes.

> because of organizational overhead involved

So maybe they should fix it? How is their incompetence at running an organization a valid excuse? If it was a problem they cared about they would be researching how developers and teams of developers perform best, how best to organize code, etc. Instead they used stacked teams for years on end. I have no sympathy.

If it's as serious problem maybe they should stop making new operating system features and devote more resources to fixing, cleaning up, depreciating, etc. the ones they already have?

They are making business decisions, and their ineptitude at security is a result of them. There are no excuses of "they are the only one's doing X" for "they are bad at doing Y when they do X" when they are promising Y!


More money (or resources) = faster solutions is a pretty common fallacy.

Often the size, scope and wealth of resources induces an increasingly slower response to such things.


How is it a fallacy? Because management is incompetent? If your budget goes from 1M to 10M even a child could show you how to spend 1M and throw the rest into a big fire or something. Maybe run two agile teams at 1M each.


Do people not read The Mythical Man Month anymore?


Yea, but that doesn't mean you still don't get some additional speed out of hiring more developers, especially when correctly organized, with sane management policies, and good software development practices.

The point is that Microsoft has the money to hire 100x more developers than the other guys, they should at least be well organized enough to deploy a part of that man power effectively.

Lets put it this way, there are 7 companies out there (at least) maintaining various different distributions of UNIX that can patch quickly, why can't Microsoft patch their 7 operating systems as quickly? From my view what you are saying is that because Microsoft is a monolithic company with 7 code bases it is somehow harder than 7 companies with 1 code base each? How does that track? Especially when Microsoft has a 100x more money than each of those other companies.

I'm not saying there is such a thing as a man-month. I'm saying there are ways to organize production, teams, and software so that people can provide more work than in poorly managed environments.


I honestly can't tell if you are attempting parody or being serious.


I'm perfectly serious. Perhaps I misread the comment I am replying to.

Flat out 'more money to fix the problem' should never make things slower. Worst case you can ignore the money.

Even if it's too late to add people for project X, you should be able to use the money for something to improve productivity on project X+3.

If I'm wrong about something please explain.


Well if you were being serious it sounds like you really need to read this book https://en.wikipedia.org/wiki/Mythical_man_month


I am aware of that book. I considered referencing it in my earlier comments.

I don't know how I can my my point more clear.

If a manager shoves in more workers and slows things down, they are failing at their job.

They are worse than useless.

Because someone useless would take the extra budget, not hire anyone, and not slow down the work. Perhaps they would waste it in vegas.

I am saying nothing that contradicts that book. Just two simple points:

1. More resources only slow down a project when they are misused. They are never inherently bad.

2. It's not even hard to speed up work on security bugs, because each bugfix is a different project and can have its own dedicated team.

Please actually point out something I said that was wrong, instead of making vague references.


My point wasn't that more money itself induces potential slowness, but added infrastructure & scope that surround it (not necessarily even in the same department) often can.

Ignoring more money is pretty unlikely to be an option as a whole, and inefficiencies generally cascade down to some extent.


Other departments matter in some ways, but bugfixing can be self-contained and mostly avoid slowdowns.

But even more important is that these outside slowdown effects are pretty minor. If this was software development then you might have no recourse and you'd be somewhat slower overall. But this is handling many many independent projects. You can hire more teams without having man-month problems, and then handle bugs efficiently.

>Ignoring more money is pretty unlikely to be an option as a whole, and inefficiencies generally cascade down to some extent.

Again, I blame management. A nice sturdy cardboard box as a manager is impervious to social effects from other departments, and it can soak up extra cash too.

I expect anyone being paid to manage to do a better job than a box. Not to go along with the flow uncritically.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: