Heard on NPR yesterday a theory that Windows has so many security holes because the OS simply wasn't designed with security in mind. Specificaly, the piece said, computers used to sit in your house without being hooked up to a network or, if they were, it was for very short periods of time. Though that's more true of most Commodore 64s than Windows 95 boxes, I thought that was an interesting theory.

Of course if you extend it to Linux, you get an interesting result as well. Linux is, obviously, an OS designed for servers -- computer that, by definition, are constantly hooked to a network. The theory would make you think that Linux and other *nixes would be designed with security in mind. Sure enough, Linux has proven more secure to this point than Windows.

I think there's a factor that's missing here, however. Windows in closed source, and only a very few very biased eyes ["Let's do the minimum we can to make a buck!" -- and that's not a hit on MS; that's with most any corporation, I believe] get to look at that network code. Linux is open source, and everything's lain on the table for anyone to see. Though it would seem that MS has more resources to ensure that their code is rock solid, there's obviously not a good audit trail for holes inserted. Anyhow, I think there might be something to be said for open source helping with security -- and possible being better for server uses.

In other news an interesting feature just added to #develop, the open source .NET IDE that's, imo, not quite yet ready for prime time:

A very cool new feature is the C# to VB.NET converter based on our new Coco/R - generated parser (see Tools / Convert Buffer C# to VB.NET). Note that it sometimes must take heuristic decisions, but this will change once we convert entire projects (at issue is type lookup which is impossible without knowing all project-local and referenced types).

I'm doing a VB.NET project in my new position in the coming months. I wonder if this is good enough that I still use this to get my hands dirty with C# and still deliver a VB.NET end product...