Why DEC chose SCO UNIX

Chip Salzenberg chip at tct.uucp
Thu Dec 27 08:32:19 AEST 1990 

According to annala at neuro.usc.edu (A J Annala):
>In article <2777E87B.6392 at tct.uucp> chip at tct.uucp (Chip Salzenberg) writes:
>>Well, of course it won't run VMS.  VMS is coded in VAX assembler.
>
>My friends tell me most of VMS is coded in a DEC proprietary language
>called BLISS.  BLISS exists for PDP-11's, PDP-10's, and VAXen -- DEC
>could have chosen to write a new BLISS compiler for the 80386 -- but
>that is not what happened -- instead, DEC adopted SCO UNIX for their
>new machine.

Um, okay.  I've also been informed by Thomas Breuel that significant
portions of VMS are written in FORTRAN.  So to port VMS to the 386,
you'd have to translate all the assembler code, the BLISS language
support and the FORTRAN language support to the 386.  No small job,
even for DEC.

>Moreover, in the process, DEC abandoned it's own ULTRIX 
>(DEC proprietary version of UNIX) in order to adopt SCO UNIX.

SCO UNIX has ready support for *multiprocessing* (SCO MPX).  ULTRIX
doesn't.  I'll bet that this consideration was probably the most
important one.  This advantage is utterly unrelated to any security
issues.  (Also, ULTRIX hasn't yet been ported to the 386; such a port
would likewise be no small job, though infinitely easier than VMS.)

>Living within C2 guidelines is causing us no real grief.

Congratulations.  You're one of the few and fortunate.

>What more do you want from SCO UNIX?

I've enumerated the problems with C2 before.  To repeat some of them:

1.  User info is spread out.  Besides /etc/passwd, you must have a file
    /tcb/files/auth/<first letter of user>/<user>.  Some of the fields
    in the auth file duplicate fields in /etc/passwd.  So forget using
    vi on /etc/passwd.

2.  User and group identities determine privilege at the kernel level.
    For example, user "chip" may be able to run a setuid-root program,
    while user "steve" cannot.  This is a maintenance nightmare.

3.  The C2 security (as described in #2) can be "relaxed", but not
    disabled.  That is, the default kernel permissions can be broadened
    from their fascist defaults, but the kernel is still a C2 kernel.
    So the administrative headaches are still there.

4.  There are lots of "databases" in /etc/auth that figure in system
    security -- i.e. they get in the way.  For example, to add a new
    shell type in /usr/lib/mkuser, it's necessary to edit the secure
    files database /etc/auth/system/files.  When you add a new terminal,
    including a pty, it must be in /etc/auth/system/ttys.  Etc.

4b. C2 breaks automated system administration scripts.

    Our application had a program to create a new user.  That program
    doesn't work any more.  Now users have to run the sysadmsh to
    create new users.  We took great pains to have a consistent user
    interface in our system; the use of sysadmsh blows that strategy
    out of the water.

    Yes, we could write a new program using the new library routines.
    But why should we have to?  Whatever happened to that watchword
    of Unix System V, "portability"?

    The addition of new ttys is another example.  Each tty must be in
    the tty database before it can be used for logins.  This "feature"
    breaks the installation scripts we used for our application.  Yes,
    we know about /tcb/bin/ttys_update.  But we object to the fact that
    we need to know about it and we need to change our code to use it.

To quote Ronald Khoo:
================================================================
> Here is another place where SCO have made a serious mis-assumption.
> They seem to have assumed that "tradition" is the only concern of Unix users.
> It's not simply for a veneer of "traditional" behaviour that we want to
> be able to do /bin/rm -f /tcb, remember that whole Unix way of
> doing things is by tying programs together in an ENVRONMENT.
> 
> If you break this environment, people who only use integrated applications
> like MS-DOS users will be fine, but the rest of us will suffer (read: find
> another vendor) because OUR SYSTEMS WON'T WORK ANYMORE.
================================================================

Clear now?
-- 
Chip Salzenberg at Teltronics/TCT     <chip at tct.uucp>, <uunet!pdn!tct!chip>
"Please don't send me any more of yer scandalous email, Mr. Salzenberg..."
		-- Bruce Becker

More information about the Comp.unix.sysv386 mailing list