Government

Open source for U.S. government: Is there a downside?

It is rumored that the U.S. government might be considering the adoption of open source to replace costly proprietary software. Is this a good idea? Jack Wallen considers this and finds a possible argument against it.

Recently I read that president Obama is considering adopting open source software for the US government. According to Scott McNealey (co-founder of Sun Microsystems), he was asked to prepare a document on the cost-effectiveness of using open source in the government. And why not? It makes perfect sense. Given our current economic climate, why should the government be paying for software that it can get for free?

Let's put this into perspective. Michael Teirmann (Vice President of Red Hat and head of the Open Source Initiative) claims that global proprietary software usage costs around $1 trillion dollars yearly. This figure claims to only cover software that can be replaced by an open source alternative.

In trolling around for a dollar figure spent by the U.S. Government on operating systems, I came across a figure for the year 2004. That figure - 12 billion dollars. Of that 12 billion, 7.2 million will go to server, mainframe, and backup solutions, and the rest will go to desktops.

That was 2004. The cost of operating systems has risen. The cost of government spending has risen. It is now 2009 and the lure of spending 12 billion dollars less in the government is a change I would guess most American citizens would welcome. But is there a downside to this? Amid all the glowing and celebrating open source pundits (like myself) are doing, are we missing any possible downside?

I want to preface this by saying I welcome the government migrating to open source. With open arms, I welcome it. I think the money saved by migrating 100% to open source software would give the U.S. government some much needed breathing room (at least a little breathing room).

But that downside. Yeah. Retail spending is down. Across the board it seems. Imagine what would happen if Microsoft lost a staggering contract like the government contract. Is it possible when a company loses an income to the tune of billions of dollars, it would react by placing the burden of that loss on the consumers? We've seen it before countless times. So if the government pulls out of Microsoft's' bankroll, would Microsoft then raise the price of their already overpriced operating systems and office suites?

I would like to think the buck wouldn't be passed on. But I have a feeling it would. So the question then becomes: If Microsoft would pass on the buck to the consumers, should the government migrate to open source?

In my honest opinion, I think this is just what is needed...responsible spending. We've all heard the story about how the government was spending thousands of dollars on bolts and toilet lids. We've also heard of how many government offices are using out of date software (because their departments couldn't afford updates). Adopting open source software solves so many problems on so many levels. But then again it comes back around to "are we willing to risk the price hike from MS should this occur?"

I don't think we'll ever have to worry about MS going under. But maybe this sort of landslide is just what that company needs for a final wake-up call. If the U.S. government adopts open source software and saves billions of dollars, maybe the average citizen would open their eyes and realize they too could save money using open source software. For open source developers this is a win-win situation. I, for one, would welcome the change.

It looks like responsibility might be sweeping the nation. Hopefully this new way of thinking will continue so open source can do its part in helping to revive the sagging global economy. Personally I think it is worth the risk of higher prices from Microsoft. From my perspective (should this happen) it would only be Microsoft shooting themselves in their only remaining foot.

But what do you think?

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

108 comments
zclayton2
zclayton2

I have installed Linux. I have XP for games. What does the Great Satan in Redmond have to offer?

Tony Hopkinson
Tony Hopkinson

eejits who no one with an IQ above 30 would pay attention to. The only people I've heard make that claim, are those like yourself, to shoot it down. Classic closed source straw man number one.

scoopboys
scoopboys

One of the big issues when looking at making this type of change (from a vendor-supported product to a "community"-supported product) is "how do I structure support?" Today, if someone has a problem (not a security issue, but a functionality issue, like integrating mail with a new type of device like a Blackberry), our organization goes to Microsoft to seek a fix. Where would we go under an open source model? Expend man hours trying to fix it ourselves? Post it to a board and HOPE someone develops a fix? If that, how do you trust the fix and know that there isn't malicious code written in? In a government organization, I'd want to be very certain that the Feds were using the right practices for this, and not trusting code that just anyone provided. I'd want them to have the resources to evaluate the code and be sure it wasn't malicious. Given the government's backlog on so many other things, does anyone think they would be able to establish a support structure that balances evaluation of code for security reasons versus the need to produce the fix? I wouldn't be too confident that the feds would lower instead of raising TCO - they might hire thousands of people to support the "free" software, and end up in a bureaucratically worse place than they're in now...

cooperl
cooperl

how about the fact many in the private population only buy MS products because that is what they use at work...so if work no longer uses it... :)

ZCorrea
ZCorrea

Will Micro$oft jack up the price for consumers if the US Gov goes open source? Business dictates they will. But is this a real concern when the public has at least 2 open source office suites to choose from? I say bye bye Micro$oft, it was real and it was nice, but...

Marty R. Milette
Marty R. Milette

>why should the government be paying for >software that it can get for free? Because you can NOT get the SAME software for free. PERIOD. And don't forget about the hundreds of other details that would need to be considered... Most FOSS zealots ignore some very fundamental facts that would prevent something this from actually happening -- at least in the REAL world: 1. FOSS applications don't play well with each other. Event getting products that are SUPPOSED to work together to actually work requires hacking and tweaking obscure configuration files scattered all over the disk. Who needs it? Applications (and their installation packages) aren't smart enough to recognize what's already installed or to configure themselves and the other package to work together without MUCH MANUAL intervention. Data sharing nad communication BETWEEN applications? GOOD LUCK! Between proprietary database formats, data stored in flat text files (ugh!) and limited through-the-operating-system capabilities -- SOMEBODY has to write a whole lot of 'glue' code. Simple example: User databases. With Windows you have ONE -- Active Directory. With FOSS -- in most installations you have a separate one for EVERY application. Result: IMPOSSIBLE to maintain consistency between them without at lot of extra code and nonsense like 'batch jobs' to synchronize stuff. gaak! I don't happen know any real, professional developers taking on work for 'free' these days. I supposed you'd have to pay EXTRA to get them to actually DOCUMENT the code -- as it isn't the 'fun' part of hacking stuff together. 2. FOSS applications don't play well with users. User training is almost universally ignored by FOSS advocates -- usually smattered with utter contempt and arrogance. "What do you mean people won't want to learn 6 or more completely different user interfaces?! Are they stupid?!" Standardization in look-and-feel simply does not exist in the FOSS world -- every developer has their own ideas of what is a 'cool' user interface -- which is why there is no consistency among any of them. I don't know any trainers that work for free either -- and, judging from the 'manuals' delivered with most FOSS products -- just telling the user to RTFM is going to result in a HUGE amount of lost productivity. How many person-MONTHS (multiplied by number of users) to spin-up users to learn not only how to work with each different application, but also to transfer data between applications AND between the outside world which DOES still use proprietary applications? That isn't free either. FAR from it. But you don't hear about that from the destroy-the-world-and-rebuild-it crowd. 3. No business (or government) is going to throw away their entire software and infrastructure investment to start over. What idiot would suggest that organizations that have spent YEARS to build up perfectly working environments, custom applications, procedures, policies, documentation, training materials, business processes, etc. etc. etc. are going to just throw it all away and start from scratch? Judging from some posters -- I guess there are quite a few. How many BILLIONS would it cost for just ONE major government department? And can you even THINK about doing even just one? (Right now, they have interoperability, common systems and standards -- rather handy that.) 4. No business (or government) is going to throw away their entire HUMAN investment to start over. FOSS gurus don't grow on trees. It isn't like you can retrain anyone overnight -- the same as you can't turn a FOSS guru into a Windows guru overnight. Interestingly enough, many of the FOSS boys I've met THINK they are 'experts' in both environments -- a false and extremely dangerous belief. They just don't know what they don't know. Very funny when they start telling me that Active Directory is nothing more than LDAP. (Considering how little LDAP is used in FOSS environments, this amuses me to no end.) A wholesale shift to FOSS would result in the most amazing unemployment situation in the world. Hundreds of thousands of Windows jobs would be lost, and if you think there are too many H1-Bs floating around NOW -- just imagine what would NEED to happen to support this mess. Of course, FOSS experts would see their salaries rise because of the short supply and high demand while everyone else is in the unemployment line. Of course, one hopes to be lucky enough that raises are enough to offset the cost of supporting all the unemployed people... 5. Nobody WANTS to be able to edit the source code and recompile the applications. The moment you do this, you have broken interoperability, compatibility and standardization -- rather important in business where you have such trivialities like disaster recovery plans and documentation to worry about. These considerations are just the tip of a very large iceberg. It will be interesting to see if SUN and a few parties interested in this folly will have enough lobbying and contribution money to push it through...

Jaqui
Jaqui

only for the proprietary software companies. According to the 18 month study done by the European Union, the impact of open source FINANCIALLY is quite profound. Their report on it: http://jaqui-greenlees.net/files/2006-11-20-flossimpact.pdf It also covers the social impact, and how open source BENEFITS innovation. I have it on my own site, simply because keeping track of the changing url on their site was a pain.

misceng
misceng

Open source software is not only a cost saver but it gives freedom from proprietary tie in. Future generations will be annoyed at not being able to trace history because it is written in out of date MS protocols. The biggest advantage of open source is that anyone can produce software to read the files especially if the use of ISO standard ODF is mandated.

mdean
mdean

Openoffice is now so great, if government office workers were given the choice of their current choice and openoffice, openoffice would win hands down. Desktop control is not possible under windows -- Microsoft owns your desktop. I believe a productivity surge would take place in less than a year!

shaun.mccann
shaun.mccann

Open source is not safe and long term will lead to massive security and economical damage. Its the computer worlds soviet union and we all saw how that ended please people learn lessons from history and do not go to the free side. Nothing in life is free and if it is someone somewhere will make sure you do pay.

pointzerotwo
pointzerotwo

We should pay extra taxes to support Microsoft so that in exchange we would pay less for an OS licenses? Microsoft will charge whatever it thinks the market will bear, in any case. I think the US gov't should use open source software where ever it is feasible, for the following reasons: - It would save a LOT in license costs - Service costs, and IT jobs, should remain about the same - Programming jobs for customizations would increase - The gov't would be getting what they need

jdaughtry
jdaughtry

The lawyers don't like it. And they don't like it because when something fails (as inevitably it will) there is no established legal entity to sue.

FXEF
FXEF

Just about every decision has a downside. The question must be, is the downside greater than the upside? If the US government moves to open source, there is no question that Microsoft will suffer. However, as Microsoft suffers, open source companies will be reaping the harvest. Open source software is not necessarily free as in beer. It can have a dollar cost, and most likely will have a dollar cost in this case.

kent.manley
kent.manley

The issue is clouded by the fact that the government has to buy commercial software using tax dollars, which are essentially confiscated from folks who would otherwise use their money a) for commercial purposes or b) for savings. A cheaper, more efficient government, although it's "taking away" a contract with, for example, Microsoft, would merely shift those resources back to the tax payers, who would then have the leverage to buy or not buy MS products - and hopefully compelling MS to create products consumers actually want and can safely use. Right now, the government's spend does not give it much if any leverage at making MS (or any other commercial vendor) create useful or safe and secure products.

jck
jck

How many hacks and infections of SendMail have you heard of, versus Outlook? Personally, 2 former employers of mine (county governments) are partially converting to open source. Here where I work now, we use mostly Linux servers. We might convert within a year or two to OpenOffice just for the cost savings of $10,000s.

Neon Samurai
Neon Samurai

You just said you have XP installed to play games didn't you? For me, it's the ability to test MS only network protocols and use one or two security tools that I prefer.

Tony Hopkinson
Tony Hopkinson

games, which OS they use to do it is a bit irrelevant. I'm far from a big MS fan, but I have found that the argument you are making and especially the way it's presented, tends to be disregarded by professionals. Just a tip.....

Tony Hopkinson
Tony Hopkinson

Do they give you one? Do they let you buy one? What if your problem is doesn't integrate with a non MS product in market in which they compete? Shall we take a wild guess at their suggested solution? In an open source model, you'd go to the community, if you were serious about it, you would be a member of the community. I don't mean you join a mailing list (if that's working :p ) I mean you contribute. Rest assured if you suggest a change, and everyone else says "Damn good thinking", it will get done. For open source to thrive that's a given. Because it is open source you always have an option of last resort that doesn't involve a major roll out. You pay someone to do what you want to it. As a for instance why can't you have the xml capabilities of SQL 2008 in 2005 or 2k? Answer, because then if that was all you were buying it for , you wouldn't bother. Now whether the 'feds' screw it up, well that's something else entirely. Their record with closed source offerings suggests that's probable. Naff all to do with where they got the software from though.

Neon Samurai
Neon Samurai

There are many companies that offer support contracts. If you require "help desk" type support or, the feeling that you have a place to point fingers "responsibility" type support then you can get a service level agreement just like with any other software vendor. I'd suggest that "responsibility" support is a myth though also as no software company will backup there product if it blows up on you. They'll come help fix the mess but I've yet to see an EULA or other software related contract that didn't absolve the developing company of responsibility for lost data or income. If you want to go it alone you can get ample "help desk" forums, mailing lists and documentation (the BSD and Debian documentation is excelent and applicable to other platforms as well). You can hire a tech who's already educated and comfortable with Linux. Look for Linux+ certifications if that's an HR requirement. You can hire a service contractor like the big names mentioned, some smaller names that specialize or your local area FOSS familiar professionals.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Going with a commercial release from Red Hat or Novell would provide this entity that the government could rely on to evaluate new code. The problem would then be that the cost of licensing would be similar. At one time I looked into licensing prices and the yearly fee for commercial versions of Linux were priced similar to the subscription based licensing that Microsoft offered (the one that allowed upgrades to the latest and greatest). Bill

LateNightLar
LateNightLar

Micro$oft'$ business plan may dictate that they jack up the price for consumers and business if the Uncle Same goes open source, but I believe that they will experience even more defections to open source. Personally, I already I cannot afford to buy up to five copies of M$ Office for my new business, and will probably go to Open Office at some point. I have one system with Office 2003, one with Office 98, and three new systems with no office program at all. Why should I further enrich the behemoth that is M$ when I can't even to give myself a paycheck yet for the 60+ hour weeks I'm putting in?

Tony Hopkinson
Tony Hopkinson

starts out doing what it's contributors want. If you want something else, contribute... I personally feel there would be far more competent software developers if an open source model took off the software developed would be of much higher quality and it would have a far better fit to individual need. It wouldn't break the industry, it would change it that's all.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Open Solaris is well open source. SUN uses it to help test and develop new ideas and technologies. The US government already uses the proprietary Solaris in a number of specialty applications (read here, already have experts and support in place). I don't think it would be too difficult to switch to the open source version and save licensing costs. Bill

melias
melias

You have brought up some very good reasons why Open Source may fail. Let me add one more. I have not used Open Source much, but it seems (seems people, I may be wrong) that much of the open source world is written by very intelligent people who expect the rest of the world to be just as intelligent. They expect end-users to be able to tweak and adjust their systems and software to work in any environment. This is NOT true. Until the Open Source world takes 'just make it work!' to heart, it will NOT beat MS, Apple or any other commercial product that makes a real attempt to force their product to work 'out of the box' with little or no in-depth tweaking. I know there are execptions to this rule where there a company will develop/revamp a product and support it, such as Red Hat, but there is still to much software out there that expects to much knowledge from the end-user.

Tony Hopkinson
Tony Hopkinson

If you are free to choose, and the standard isn't applied in the software, why would you choose it? Compatibility and accessibility are two things we want, no open source alternative is going to take off without applying them. No buy in from the community = no community, evolution in action. It's closed source market dominance that allows proprietry formats and incompatibilities as people see no choice but to accept them in favour of using something familiar. Better still if closed source vendors want to compete against open source, they'll have to adopt it as a given, not an optional extra they can screw with to force a purchased upgrade.

Neon Samurai
Neon Samurai

Hmm.. one company hiding source code and being the sole owner of all teh "ideas" along with only source for patches and "new ideas"; aka, communism Versus, many companies competing based on product quality and functionality using similar commodity pieces; aka, free market capitalism And, if you honestly think the source code being visible increase security risks; you may want to also do some reading about security versus obscurity while your reading up on FOSS

Tony Hopkinson
Tony Hopkinson

Or are we just meant to agree and keep paying for good enough to make money from the closed source model? Open source = communism, where did you get that from. Bill 'impartial' Gates?

chris
chris

in license management costs (keeping up with what systems have what, etc)

Tony Hopkinson
Tony Hopkinson

Some one clicked on Yes in an 'Are you sure?' dialog. It's a very small domain where sue is even possible, never mind probable or practical. If that's the foremost concern in their minds they should sack themselves or their legal advisors.

Neon Samurai
Neon Samurai

IBM, Novel and Red Hat all offer service agreements after which, the Gov's lawyers can hold the chosen company accountable when they need fingers to point about. There are other companies offering service contracts too but I didn't think the US gov would be looking to Mandriva over in France or any other foreign companies. The reality though is that MS will probably hand them a stack of enterprise licenses and say; go nuts, just don't demonstrate how easy it is to live without our products please. In the end, they really don't have any greater liability in closed source vendors though. The eula and carefully crafted contracts general remove an liability for software issues from the vendor. MS isn't coming over to anyone's house to fix a computer if Windows Defrag breaks the hard drive.

C-3PO
C-3PO

The reason there are not as many hacks and virus' in Open Source is that the distribution is relatively limited. If it were to go mainstream and be as big as MS, particularly in Government offices, do you not think that hacks and virus' would increase 1000 fold?

Neon Samurai
Neon Samurai

I was wondering of an elegant way to say the same but you word it perfectly; games and the poster's choice of misspelling.

Neon Samurai
Neon Samurai

The value and cost of the update subscriptions did not outweigh our in-house knowledge and regular updates available with other platforms. In the end, we chose a self supported distribution with which we could get third party support for if needed in the future.

Tony Hopkinson
Tony Hopkinson

are those whose business model requires it to stop working at some point, to erm persuade you to buy another one..... Implicit or explicit obsolescence for marketing reasons is a given in our economy. After all once every one has bought the product, where does the producer go next? That's the real challenge that open source poses to the status quo. The obsolescence model cannot be enforced.

Neon Samurai
Neon Samurai

The programs may be written with some expectation of the end user's intelligence but most of the confusion comes from not doing things the Windows way. People ignore the fact that Windows was not easy in the beginning either but they've been using it now for so long that it seems easy. People who have taken the same time to learn FOSS based distributions find Windows somewhat backwards because the Windows way does not seem rational. Those who can comfortably use both platforms have some basis for making an educated decision. In the end, the distribution providers are responsible for making the platform more accessible and Ubuntu is currently the poster child on that front. Other distributions are focuses on other needs. I wouldn't expect a scientific research focuses distribution to hold the user's hand the way Ubuntu does. I would choose the applicable distribution for the task. If meaning any FOSS developed software then how hard is Open Office, Firefox web browser, Thunderbird mail client, Putty ssh client, winSCP sftp client, jkDefrag, Keepass password manager and other FOSS programs easily installed and run on Windows platforms? These programs are not the exception but the norm in the FOSS world. There are many distribution providers that offer service level agreements; Red Hat, Suse, Mandriva, Ubuntu. The end user also has the freedom of choice to go it alone and find all the help needed in forums and online though the trick is not to demonstrait an overblown sense of intitlement or assumption that something not working for you is broken for everyone else. Seeing the same myths presented as fact by people becomes very tiresome. Another handy trick is being civil in your postings which is a place Marty tends to fail miserably; he may have good points but he drives away anyone interested in reading them unless of his specific mindset already. I'm not slamming you in any way here, just offering information. If your personally interested in FOSS then there are many here who are friendly and helpful. If you have something that works for your needs already then that's all good too.

Tony Hopkinson
Tony Hopkinson

by sticking it's proprietry add ons inside unintelligible blobs. The blob is accesible and open, it's content is not. And yes it could be done with MS products if they wanted it to. Which they don't. Of course this is for our own good.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Everyone gets the same usage and they should contribute based on their "talents". If you are a big strong programmer then you should contribute to the code base to make it better. If you have no computer talent you should make a financial donation to help support the cause. By the people, for the people. Bill

shardeth-15902278
shardeth-15902278

It isn't really a SLA they want. It is just the legal entity, and lots of confusing legal documents, so that his laywers and their lawyers can get together, work out an agreement that is marginally disagreeable to both sides, and profit nicely in the process. ;)

Tony Hopkinson
Tony Hopkinson

I suggest you check out Chad Perrin's (Apotheon) security blog on this site. He can kick that piece of FUD into touch in a far more knowledgeable and erudite fashion than I. Simply put however. A very popular wax padlock, still has a major technical flaw that will be exploited. If it was less popular, it would still be flawed. Popular and security will only be linked when people choose based on security first , not popularity. If you bought windows based on it's security, perhaps I can interest you in a bridge to go with it. :p

Neon Samurai
Neon Samurai

In the server market, MS is the minority share yet it is still the most vulnerable and slowest to patch exploitable bugs. Servers are where the big money is yet *nix machines are not falling over constantly. (I can nmap a unix/linux/bsd box and it doesn't care where the same nmap scan leaves a Windows server requiring a reboot; WTF is that?) I think that increasing market share would increase the number of attempts against but not the number of successful exploits: - historically, FOSS has patched faster when exploits are discovered counting in hours not days or weeks (MS last unscheduled patch release was a week and a half late). - the patch often accompanies the bug report in FOSS - FOSS development means peer review so developers tend to put effort into coding cleanly (a common theme "I wrote an app that does XYZ and I'll be releasing it in the next week or so as soon as I can clean up my code because it's pretty nasty right now") - Like cryptography science, peer review also helps to discover coding flaws early though this applies more to the popular projects. The end result is that an exploit has a very short time to live. You find something and write your payload for it then you have until someone else discovers your payload or the vulnerability; after that, it's of no use. In contrast, MS DOS viruses are still effective against Windows because MS continues to neglect the design flaws in favor of blaming the third party software developers. It's about saving market image instead of providing safe high quality products.

Tony Hopkinson
Tony Hopkinson

No matter how many bells and whistles you add to a lathe, basically there's depth of cut and length of cut. Minimal lathe control is about eight instructions. Initialise Start Cutting n Move Left n Move Right n Move In n Move Out n Stop Cutting Make Safe A standard interface to the lathe itself, any 'fool' could do it. Of course if you allow that, then many will, and you lose FUD money, based on it being really really really complicated. Even if the developer in this case, had said no I don't want to do that. They could have paid someone to produce that version. If they were even vaguely clever they could have isolated their bit extra, and put it on top of each standard version. They could even earn points by making it public, and may be two or three others would have thought it was clever. Can't do that with closed source, which is the point.

Neon Samurai
Neon Samurai

A company relied on a specific program for there business but where unable to get specifically needed functions so for a long time they just went without the missing needs. When they started looking for a replacement finally, they found a FOSS alternative that did much of what they needed. They posted a suggestion for a missing function and where stunned to get a personal response from teh developer; "hey, hadn't thought of that. I added it and the new version is available on the site." They continued to work with the developer and now have exactly what they need leaving many other users to benefit from those functions also. One of my faourites is a mill that had a computer controlled lathe. The company that made the machine eventually released the driver source and where stunned at how quickly the driver evolved as it grew to include bug fixes and functions they manufacturer had never thought of. The mill benefited by gaining functions that they could never have gotten from or added to a closed driver. Heck, I had an app to install on a server a few days back and was able to easily modify the code in a couple of very simple places (I changed data file and config file locations/names) and I'd never claim that my coding skills qualify me as a developer. Having recently gone through a hardware/software selection process and from past experience, I agree fully, much of the problem is management and accounting mindset on the political front. On the technological front, there are a very minimal few things that actually disqualify various platforms but then, every platform is not best for every problem.

Neon Samurai
Neon Samurai

FOSS, anyone can start writing code and choose any platform to run it on under any license the feel applies to there work. If they don't want to be required to contribute back then look at MIT or BSD licenses and your golden. Eight people can write apps to do the same thing and the market will choose which product is best suited to the customer's needs. The company that can't provide the best product doesn't win. With closed source, your at the whim of a single developer company. Microsoft's own end user license dictates that they retain full control over the software and what the end user can do with it. They are the central governance for releasing software patches and new versions as they decide. The responsibility is to the shareholders (czar) to maximize profits at minimum cost and functionality to the end user (we have to save functions for future versions after all). The central authority decided that the users should be annoyed into forcing third party developers to behave as dictated by the central authority and so "allow or deny" was intentionally implemented that way. I can't help but see software from the end user perspective versus the shareholder. On my own systems at home I would be looking at tens of thousands of dollars in license fees just fluxuating based how many test systems and VMs I had installed at the time. Each install comes with all the software a central authority decided I needed to have plus the third party software to protect it due to poor design decisions. I'd be a good little communist drone or desput passing my moneys up to the central authority. Instead, I install VMs and systems as needed. My router firmware is closed source and no longer supported by the central authority; so I replaced it with ddWRT. I'm able to customize other systems as needed. A mail server to test something against; whamoo.. mailserver built without the extra crap like GUI and a tone of usless applications. This model isn't free either, I've taken the time to learn the system just as I had to take the time to learn how any other platform functions. This model simply provides me with higher quality and the freedom to choose; a free man in a free market. I'll take a large selection of platforms assembled from common commodity party and competing based on what provides the best benefits to the end user over having my software use and updates dictated to me any day. If closed source is truly the only or best choice for something (PGP for Enterprise) then that's what I'll use but in the majority of cases, I've found the closed source solution to be lacking. Granted, there is not a day goes by that I don't intimately use three or more software platforms and really, I'd be bored if I was limited to only one platform. I keep all my close source platform licenses in use in my OS collection at home and happily so. Heck, if Vista was not crippled in the affordable range or affordable in the usable range, I'd buy a license and have that in the collection also; I can't afford to have it around purely for recreation though.

Tony Hopkinson
Tony Hopkinson

Co-operative capitalism would be a better description. Open source software, to take off needs more than just IT people. It needs users, it needs people to report bugs, feature requests, future enhancement paths. It's about contribution, that's not a direct financial assist, but it is a very valuable one. Lets be clear here open source as a development model can only 'compete' with general use off the shelf applications. Single use specific pieces of software gain no practical benefit from the open source model. When we buy closed source software to do something like product tracking in a mnuafacturing environment, we buy the code anyway. Most of IT softwares problems in business are directly related to looking at it from a cost point of view, instead of an added value one. OPen source projects can only thrive by added value, and quality. Closed source can rely on lock in and obscurity. Who exactly are those two things good for? Communist dictatorships, for a sart.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

I was thinking more of socialism vs capitalism rather than a government model. Capitalism is you work for a profit (MS sells software) where as socialism people contribute based on their talents (open source - donation based). Bill

Neon Samurai
Neon Samurai

Copyleft and the GPL are only but one set of licenses available to Open Source developers. The BSD and MIT licenses tend to be much more permissively open ended. Even if it the GPL was the sum total of all FOSS'dom, the kernel developers sticking to GPL v2 rather than the more restrictive GPL v3 means there is even choice within that segment. I'd say it's more Bazaar market versus Cathedral church instead of any specific model of political governance.

shardeth-15902278
shardeth-15902278

I meant that as a smart-alec comment about lawyers being the only genuine beneficiaries in the whole blame process. I'll go back to my corner.

seanferd
seanferd

17. LIMITED WARRANTY FOR SOFTWARE ACQUIRED IN THE US AND CANADA. Microsoft warrants that the Software will perform substantially in accordance with the accompanying materials for a period of ninety (90) days from the date of receipt. If an implied warranty or condition is created by your state/jurisdiction and federal or state/provincial law prohibits disclaimer of it, you also have an implied warranty or condition, BUT ONLY AS TO DEFECTS DISCOVERED DURING THE PERIOD OF THIS LIMITED WARRANTY (NINETY DAYS). AS TO ANY DEFECTS DISCOVERED AFTER THE NINETY-DAY PERIOD, THERE IS NO WARRANTY OR CONDITION OF ANY KIND. Some states/jurisdictions do not allow limitations on how long an implied warranty or condition lasts, so the above limitation may not apply to you. Any supplements or updates to the Software, including without limitation, any (if any) service packs or hot fixes provided to you after the expiration of the ninety day Limited Warranty period are not covered by any warranty or condition, express, implied or statutory. LIMITATION ON REMEDIES; NO CONSEQUENTIAL OR OTHER DAMAGES. Your exclusive remedy for any breach of this Limited Warranty is as set forth below. Except for any refund elected by Microsoft, YOU ARE NOT ENTITLED TO ANY DAMAGES, INCLUDING BUT NOT LIMITED TO CONSEQUENTIAL DAMAGES, if the Software does not meet Microsoft's Limited Warranty, and, to the maximum extent allowed by applicable law, even if any remedy fails of its essential purpose. The terms of Section 19 ("Exclusion of Incidental, Consequential and Certain Other Damages") are also incorporated into this Limited Warranty. Some states/jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you. This Limited Warranty gives you specific legal rights. You may have other rights which vary from state/jurisdiction to state/jurisdiction. YOUR EXCLUSIVE REMEDY. Microsoft's and its suppliers' entire liability and your exclusive remedy for any breach of this Limited Warranty or for any other breach of this EULA or for any other liability relating to the Software shall be, at Microsoft's option from time to time exercised subject to applicable law, (a) return of the amount paid (if any) for the Software, or (b) repair or replacement of the Software, that does not meet this Limited Warranty and that is returned to Microsoft with a copy of your receipt. You will receive the remedy elected by Microsoft without charge, except that you are responsible for any expenses you may incur (e.g. cost of shipping the Software to Microsoft). This Limited Warranty is void if failure of the Software has resulted from accident, abuse, misapplication, abnormal use or a virus. Any replacement Software will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer, and Microsoft will use commercially reasonable efforts to provide your remedy within a commercially reasonable time of your compliance with Microsoft's warranty remedy procedures. Outside the United States or Canada, neither these remedies nor any product support services offered by Microsoft are available without proof of purchase from an authorized international source. To exercise your remedy, contact: Microsoft, Attn. Microsoft Sales Information Center/ One Microsoft Way/Redmond, WA 98052-6399, or the Microsoft subsidiary serving your country. 18. DISCLAIMER OF WARRANTIES. The Limited Warranty that appears above is the only express warranty made to you and is provided in lieu of any other express warranties or similar obligations (if any) created by any advertising, documentation, packaging, or other communications. Except for the Limited Warranty and to the maximum extent permitted by applicable law, Microsoft and its suppliers provide the Software and support services (if any) AS IS AND WITH ALL FAULTS, and hereby disclaim all other warranties and conditions, whether express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of reliability or availability, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, all with regard to the Software, and the provision of or failure to provide support or other services, information, software, and related content through the Software or otherwise arising out of the use of the Software. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE SOFTWARE. 19. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATON, SOFTWARE, AND RELATED CONTENT THROUGH THE SOFTWARE OR OTHERWISE ARISING OUT OF THE USE OF THE SOFTWARE, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 20. LIMITATION OF LIABILITY AND REMEDIES. Notwithstanding any damages that you might incur for any reason whatsoever (including, without limitation, all damages referenced herein and all direct or general damages in contract or anything else), the entire liability of Microsoft and any of its suppliers under any provision of this EULA and your exclusive remedy hereunder (except for any remedy of repair or replacement elected by Microsoft with respect to any breach of the Limited Warranty) shall be limited to the greater of the actual damages you incur in reasonable reliance on the Software up to the amount actually paid by you for the Software or US$5.00. The foregoing limitations, exclusions and disclaimers (including Sections 17, 18, and 19) shall apply to the maximum extent permitted by applicable law, even if any remedy fails its essential purpose.

Neon Samurai
Neon Samurai

I get that the biggest hurdle is the belief that one doesn't have a scape goat to point at but wouldn't the service provider be the legal entity held accountable? After all, it wouldn't be the OS kernel that is dragged into court but the applicable distribution chosen. I may be missing something here so I'm really just trying to figure out what it is.

Tony Hopkinson
Tony Hopkinson

That's lock it in a cupboard, put on a boat, sail out to the deepest bit of ocean you can find. Scuttle the ship killing you and everyone else who knows where it is. And of course cross your fingers. Most financial back ends are definitely not on windows, that's mainframe or at least mini territory. Break into my linux box to get personal finance details. Well how? Lets say that's in TonyFinance.Text, which of course is a total lie. You are going to socially engineer my admin password. Great now all you have to do is come round to my house, break in, break one of my user passwords and you are in, su, find the file, decrypt it.... Course I ain't dumb enough to give you my root password anyway. OK you are going to remotely logon as me who has access to that file. No you are not, because I told my system you can't. Tony 'BeanCounter' Hopkinson can't be accessed remotely and has no access to the internet. Now you could if you knew my root password.... Ps the user is not called BeanCounter. I can even set it up so BeanCounter can't even log on locally. Now that might sound like a ball ache switching users all the time. But this is linux, I can be logged on as many people I care to, all on one desktop, at the same time. The only mandatory connection between those sessions is me. This is why people find linux difficult, it isn't windows. To have privilege separation, you have to start with it, you can't bolt it on. Windows came from DOS, that didn't even have users. There can always be gaps, faults and even dumbasses, who set up and run as root with a blank password. They aren't there by design or default though........ If you want to say having to do all of the above is too complex or too much of a pain, that's your choice. Doesn't make it a secure one though. Oh and you could write software to set all that up, aint no one in linux land going to run it unless they can see the source though, to make sure you haven't cocked it up, or cheated. Persevere with linux, it stretched my head and I've got a mainframe background as well as windows. It's worth it though. It's not just that there a lot of windows users, it's that most of them run as admin with a blank password, and remote logon set as the defaultand then download BritneyNaked.exe and hit OK.

C-3PO
C-3PO

Well, this is turning into the usual ix vs ms battle... nobody knows until it's all worked out. Personally I don't know the inner workings of either OS enough to be sure that security is 100% on either of them, or even that one is definitely better than another. My experience with Linux is that it is difficult to do just about anything, which to me implies that there are plenty of people who know it better than me and can probably find holes much easier than I - but the question really is, why would they? Doesn't it make more sense to build exploits to home systems where I can gather financial information (How many home users run Linux, or of those who do, how many keep their personal finances on that machine?)? Doesn't it make sense that, if the majority of the money companies are using M$ I'm going to look for exploits on those systems? It's not a matter of who has the biggest market share, it's a matter of following the money... Hypothetically, Apple doesn't get a large share of hacks because it also does not operate a large portion of the financial applications...

Neon Samurai
Neon Samurai

" This works both ways. If you want to snipe at my teaching style or what goes on in my classrooms -- you'd be a lot more credible if you actually attended one. " When's your next course being held in the Toronto area?

Neon Samurai
Neon Samurai

I mention servers and you decide that means servers and clients in fortune 500 and up companies only. I don't deny bug counts in open source software but you ignore exploitable vulnerabilities versus software bugs along with patch times. It's no surprise that you've made up your mind and nothing else matters. I'm fully willing to look at the major platforms on equal ground but what further use is an exchange of information. Spin it how you like. You obviously only see what you want. Either way, I gave you your three replies and your posting history of pretentious arrogance speaks for itself.

Marty R. Milette
Marty R. Milette

Neon, I wish you would make up your mind -- first, you claim FOSS 'superiority' because there are more FOSS-based web servers floating around, then when I point out that successful businesses are more likely to use Microsoft servers, you do an about-face and say, "Does popularity someone prove applicability?..." Which is it? I brought up the point about the security advisories because you, like many others, minimalize or simply ignore Linux and other FOSS product vulnerabilities -- much like the Macintosh users who claim totally immunity to malware. Dangerous assumptions at best. YOU were the one who said "*nix machines are not falling over constantly." -- insinuating that Microsoft-based machines did. I've been running Internet-facing Microsoft-based servers and working with ISPs since Windows NT 4.0 came out and have NEVER had a system "falling over constantly". I'd also suggest the the thousands of companies, governments and commercial organizations running IIS on Windows boxes who properly configure and maintain them can report the same. ANY machine can be made to fall over or be insecure when run by an incompetent system administrator -- just as easily as any machine can be made to run securely and reliably when run by someone who knows what they are doing. You are quite welcome to agree or disagree. >I don't understand why two servers side by side (Windows and Debian) >can be hit with an nmap scan and the *nix machine will tick along happily >while the Windows server's networking stack has a seasure? I'm calling bull$hit on this one. I just downloaded the latest version of NMAP and pointed it at some of the Windows 2003 servers without the slightest negative effect. I followed that up with a NESSUS scan as well. ZIP. NADA. NOTHING. I wonder why? >Are you yelling at me for not blindly accepting what teacher says? First, I wasn't 'yelling'. If I put one word in CAPS so it is emphasized -- get over it. If I put a whole sentence in CAPS then THAT would be yelling -- and I reserve that for truly special cases of dealing with a complete and total moron. So far, nobody on TR or ZDnet has graduated to that level yet. :) >How does ?hacker? equate to unaccountable.. My definition of hacker mentality is someone who gets an idea, runs to the keyboard and starts coding it. No regard for documentation, standards, interfaces to other products, user interfaces or anything else -- they just want to do something cool and be creative. That's all fine and dandy if you are talking about a hobby environment but falls flat on its face in the real world of business. With FOSS software, you have contributions from every corner of the planet. Different coding styles, different levels of 'quality', different standards in every way. It's the wild west. Who can be held accountable for that? You are right about one thing -- with an 'official' distribution like Red Hat, et. al., there will be SOME level of accountability and support -- but that is NOT FREE. Additionally, this ONLY covers you for what is on the distribution. The moment you start adding bits and pieces from all over -- your support model turns to slush. And, speaking of distributions -- which of the 400+ 'popular' distributions should an organization adopt? And what happens when each department starts demanding different distributions to service real or imagined 'unique' needs (more likely personal preferences)? How is anyone going to support that mess? >Or a PDF vulnerability opens the system up to exploits. Talk to Adobe about that one. >Or the integrated Windows firewall allows something through and onto or off the machine. Talk to the person who didn't properly configure it about that one. >As for the later bit about "samurai" and "take it like a man". >Please.. you don't know enough about me to make that judgment. This works both ways. If you want to snipe at my teaching style or what goes on in my classrooms -- you'd be a lot more credible if you actually attended one. It also doesn't help to mis-read my posts. If you're not sure about something -- just ask. I try very hard NOT to slam someone personally unless they really deserve it. As mentioned before -- don't be paranoid and assume you personally are being singled out in every line of every post. If I do, there won't be any doubt whatsoever.

Neon Samurai
Neon Samurai

? >In the server market, MS is the minority >share Assuming you are talking about web servers, you can certainly find statistics that show the COUNT of servers running FOSS is higher. ? You emphasise ?count? so I have to wonder why. When counting the number of servers wouldn't the ?COUNT? (sic) be the correct metric to compare against number of breach attempts and number of successful breaches against? Perhaps if I said ?in the web or publicly accessible server market, MS is the minority?? Is that more to your liking? ? If your business runs from mom's basement and generates enough revenue to buy a new skateboard once in a while ... ? Is this a generic example off the top of your head or are you suggesting I am but a wee nipper in my parents basement who, from time to time, earns enough to splurge 200$ for a fresh skate deck trucks? (Let's say, a Libtech fiberglass and pine deck not a 70$ department store special) No matter. ? Additionally, if you look at what real businesses use INTERNALLY, you will find a much higher percentage of Microsoft servers AND clients. ? I agree that Windows server/client setups are very popular among business installations. I support it as easily as I support other platforms along with supporting integration across platforms. I'm not sure your point on that one though. Does popularity someone prove applicability? That platform choice has a number of variables outside of howe well it is suited to the need; Lockin, politics, marketing, traditional management thinking. The don't really apply to the actual merits of the technology. Since the enterprise can get support contracts for both platform lineages equally, support doesn't apply either. As for TCO: http://jaqui-greenlees.net/files/2006-11-20-flossimpact.pdf ? Consider this: The Computer Emergency Response Team (CERT) released data showing that 16 of the 29 security advisories it released last year involved Linux or open-source products. ? You don't think that the higher announced security advisories and intentionally public approach has something to do with that? The open source software library of ?Linux or open-source products? being larger probably doesn't have anything to do with that either. I don't question CERT but I do wonder if you considered the severity and patch time of those anounced advisories. Mozilla just released 3.0.6 Firefox addressing some Java vulnerabilities; is WGA still easily disabled by malware on Windows? Maybe ActiveX vulnerabilities have been addressed already in IE7? ? >Servers are where the big money is yet *nix >machines are not falling over constantly. I'd suggest that if YOUR Microsoft-based servers are falling over constantly, then YOU are the one with the problem. ? Interesting that you make that personal. How does pointing out the lack of nix based servers being exploited and breached as easily as Windows servers equate to my having a problem keeping my Windows servers running? Are you leaving something out the the quote or reading into those two lines only what you want to see? Even so, I don't understand why two servers side by side (Windows and Debian) can be hit with an nmap scan and the *nix machine will tick along happily while the Windows server's networking stack has a seasure? If you drop the firewall rules on the *nix box, you'll get a report back on what's listening behind each port yet no network stack failure. Odd.. I guess the reports on SecurityFocus about Microsoft issued patches breacking Windows are false as is the case of future patches undoing previous patches reopening vulnerabilities as a result. ? >I think that increasing market share would >increase the number of attempts against but >not the number of successful exploits YOUR OPINION. There are plenty of others such as from Charles Kolodgy, a research director at IDC who says, "The level of a product's security is inversely proportionate to its position in the marketplace, If Linux had a 50 percent market share, you'd see more Linux vulnerabilities exposed." ? ?I think? would be a pretty clear indication that it's my opinion so why the emphasis again? Are you yelling at me for not blindly accepting what teacher says? See where your quoted text says ?more Linux vulnerabilities exposed?, that means reported which is perfectly consistant with the FOSS aproach to software improvement; vulnerabilites are discussed openly so they are known and fixed quickly. I notice that the text you chose doesn't give any indication of how quickly those reported vulnerabilities will be patched. Historically, it's still hours and days not weeks, months and years once discovered. So, the opinion stands; sure more bugs would be found (a good thing) and my opinion is that they would continued to be patched as quickly as they are now (a good thing). But, how does that disqualify the platform for enterprise use? ? Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs. Experience has shown that security through obscurity does not work. Public disclosure allows for more rapid and better solutions to security problems. In that vein, this page addresses Debian's status with respect to various known security holes, which could potentially affect Debian. ? www.debian.org/security Doesn't that benefit the end user be it home user or big business? Ok, so it's debian, you'll disqualify it for not being a fortune 500 or larger company. Redhat or Novell applicable? Let me know what you find out about Red Hat's patch time and service responses. Last I checked, the update subscriptions and service agreements stated that if they didn't have a patch or couldn't fix it remotely, they'd write a custom patch for the client. You get many custom patches from Microsoft? The last Windows unscheduled patch was followed by a second patch to correct the correction of the issue. ? This actually demonstrates the difference between the 'hacker mentality' and a professional organization who must be held accountable. ? How does ?hacker? equate to unaccountable.. or are you just focusing on the media promoted misconception of what is simply a mental state for thinking about the world? If we stick to Suse and Red Hat Enterprise distributions, are we still talking 'hacker mentality'? You don't actually understand the hacker or foss communities do you. ?a hacker is simply someone who like to write and values high quality software? Eric S Raymond ?a hacker is someone who takes a thing and uses for an interesting purpose it was not originally intended? Robert Steel Do those to opinions on the Hacker mentality somehow equate to unaccountability? Perhaps Johnny Long was unaccountable for all the security audits performed under contract? If you mean accountability in terms of someone to point fingers then your dreaming. If Windows fails and takes down your enterprise, Microsoft isn't accountable any more than Novel if Suse fails and takes down your enterprise. If you mean accountability in terms of testing patches before being applied to production systems, isn't that a business policy issue separate from the mentality of the admin that takes care of it? ? The FOSS attitude is quite the opposite -- people are hacking and patching products willy-nilly without the slightest bit of concern as to what effects those patches would or COULD potentially have on other products. ? Since we're talking enterprise, you must mean that Suse and RHE are being patched willy-nilly. You ignore the process used by distributions that would be considered for business production environments. Anyone can submit patches but the experts that maintain the source trees decide if that patch is to be applied, rewritten or if there is a better way to address the vulnerability. Your assumption that any patch submitted is automatically added to the source tree shows a gross lack of understanding. ? Microsoft views product integration as a blessing - as do their customers. In the FOSS world, so few applications communicate with or care about anything other than themselves there is a 'who cares' or 'that's your problem' attitude. ? Odd, my Windows boxes have no trouble using my Linux based CIFS servers and all under an Active Directory domain. I'd suggest that respecting standards across products is a better way to approach integration. I do see synthetic barriers to interoperability between Windows and other systems but that's an important strategy in maintaining barriers to fair competition; business 101. I do admit that the separate applications in Office easily moving data objects between each other is fantastic but that's not unique or impossible to implement in other programs. I'd much rather have a Word document format that will still be usable in three or four versions. I greatly benefit from the integration between rsync and ssh as do many companies. The integration of ssh with the rest of the system is invaluable. ? Some people actually view products that work together WITHOUT needing kludges and glue code to get them to work together and having consistent, reliable user interfaces as being 'high' quality. ? Yup, right up until an IE vulnerability opens the entire system up to criminal exploitation. Or a malicious script in a Word document opens the system up to exploits. Or a PDF vulnerability opens the system up to exploits. Or the integrated Windows firewall allows something through and onto or off the machine. If there is a problem with my browser, I can un-integrate it and use another. How many layers do you need infront of IE7 before it's safe since you can't uninstal it? If you choose to respond, see if you can do it without the dripping contempt for everything not agreeing with your own opinion. The caps are cute and all but not necessary. As for the later bit about "samurai" and "take it like a man". Please.. you don't know enough about me to make that judgment.

Neon Samurai
Neon Samurai

Am I misreading the posts by suggesting that they do more to berate and alienate other TR members? Am I out of line in suggesting that the posts demonstrate the arrogant elitist IT guru stereotype?

Neon Samurai
Neon Samurai

Where I booting Dos from floppy I'd maybe take that seriously. Being a cleanly generated boot partition with risk of virus infection well mitigated; I'm just going to assume you've not ever considered the potential benefits of such a setup with a multi-OS install. If I move my boot loader to a read only CD, does it become more acceptable in your books or is it equaly amusing since I'm not using the Windows boot loader only? Did I say I used boot floppies as standard boot loaders for production systems? Nope, I said I (me, myself) use it at home due to providing benefits on my own multi-boot machine. My apologies if I was unclear, I meant to respond to the idea that Dos viruses where only effective through floppy boots or that booting from a floppy was somehow useless these days. >"In contrast, MS DOS viruses are still >effective against Windows because MS >continues to neglect the design flaws in >favor of blaming the third party software >developers." So then your point is that Chad Perin?s article on MS claiming vulnerabilities are the fault of third party programs rather than fixing the design flaw in the OS which is repeatedly exploited is bunk? It?s never happened then? I do have to wonder if you really berate your students the way you write your posts and berate the other TR members. Even in your last post you take several opportunities to insinuate that I'm an idiot and whining child; it's not just me though, your posts to others are just as saturated with arrogance and self assumed superiority. To get back to the training topic though, I'd be the most interested and attentive student in the class or in the top five. I love to learn about technology and would be very open to new information the instructor was presenting. I'd be walking out of your class and asking what other instructors and course times where available after the first day half hour you spent berating the students the way you write here. I actually wasn't asking about your instructional qualifications. I was more interested in what your basis for comparing software platforms and criticizing anyone not adhering to the Windows platform. I don't doubt you have teaching experience or Windows experience. What I doubt is that you have the equal basis of experience with other platforms from which to make a valid comparison. I also don't take it personally. Your equally hostile to anyone you respond to so it's hard to take it all that seriously and definitely not me being targeted by you. You are a stunning example of the elitist stereotype in IT. I could be wrong though; I?ve been wrong before and am open to that possibility. Let?s open that topic up for debate?

Tony Hopkinson
Tony Hopkinson

Right I'll just nip off an buy that. Hadn't realised that was the recommended workstation update for Vista Business (32 bit). Oh silly ignorant me. Only 758 quid as well, a bargain!

Marty R. Milette
Marty R. Milette

Maybe it's time for an upgrade Tony? If not the systems, at least the knowledge about them. Even Windows Server 2008 Enterprise lets you run 64 GB in 32-bit mode and 2 TB in 64-bit mode. You ARE killing me -- with your jokes! :)

Tony Hopkinson
Tony Hopkinson

Unless your disk gets really full, most files systems used on linux, don't/barely need it..... Anti-virus, oh yes, you need that on OS's which are default allow. RAM, that stuffs handy, just do the upgrade. Of course I want access to all of it. Three gig, three ???? Marty, you are dying here....

Marty R. Milette
Marty R. Milette

Neon, I'm sorry, but when you or anyone else puts forth unsubstantiated, obsolete, ABM rhetoric -- better expect to get called on it. Please, don't whine about every one of my posts claiming that I'm beating on you or for simply using "too many caps". Take it like a man and take the "Samurai" part of your pseudonym seriously! Get some "spine" and hammer me back with some real evidence supporting what you say. If someone wants to call crap on a statement I make -- I only hope they have enough smarts to back it up with facts instead of just whining about it or trying to divert attention. (Been working around West Yorkshire too long perhaps? :) To be honest, I made my posts to this article fully expecting to be flamed. I figured that it was high time someone debunked "free" BS surrounding FOSS and exposed a few simple business truths that are normally ignored or minimized by the penguin fanboyz. Interestingly enough, there hasn't been anything to dispute the points -- just a few whinges about the presentation. In my books, you stepped into a very deep pile of crap when you made this statement: >"In contrast, MS DOS viruses are still >effective against Windows because MS >continues to neglect the design flaws in >favor of blaming the third party software >developers." Did you actually take a moment to read that before you posted it? WTF??? Let's take it apart: >"In contrast, MS DOS viruses are still >effective against Windows I had to laugh when you said YOU were the one still booting from a floppy. This made at least part of the statement clear. Until then, I could only have assumed that this was what you were talking about -- no other option made any sense -- but even so, it is still a falacy. Sorry if I touched a nerve on that one, but let's have a show of hands here -- How many IT professions are still building systems that boot off a floppy for any kind of serious business purpose??? The systems I'm designing at the moment don't have ANY local drives whatsoever -- the servers will boot directly from a NetApp. You may not agree, but I'd still have to say the 'get real' part was quite appropriate -- and put in a much kinder way than was actually going through my mind a the time :) I haven't even built a system that HAS a floppy drive for the last 6 or 7 years. I seem to recall that the last one I saw in production use was an OS/2 system used as part of the HVAC control system for a 300-year-old hotel. Additionally -- if someone is daft enough to boot from a floppy -- let alone an infected one -- what the heck difference does the O/S on the hard drive make if the virus kicks in BEFORE the real O/S is even touched? So you proceed to 'assign blame' for this to Microsoft???... >because MS continues to neglect the design >flaws in favor of blaming the third party >software developers." What design flaw would that be? Microsoft doesn't build the hardware and they certainly don't shove a floppy into your hand to boot from -- not for many, many, many years at least... Sorry, but I can write a boot sector virus in C, assembler or bloody binary that I thumb-in on a bank of switches with no operating system whatsoever (done it!) -- one that will toast ANY operating system on ANY hard drive -- how can you blame Microsoft for that? And who mentioned anything about third-party developers ANYWHERE in my posting or the article itself? Where did that come from? To answer your questions... >Offhand, what is your experience with non- >Windows platforms? My experience has with FOSS has honestly been crap. 14 years ago or so, I taught C programming, UNIX and Linux but over the years have observed that on EVERY project where FOSS is involved -- the amount of time and money wasted trying to get disparate FOSS products to work together has FAR outstripped the cost of any software licenses for WORKING proprietary solutions. That has been MY experience. Your experience may be different. Face it -- you can buy a hell of a lot of software licenses for the cost of ONE year of just ONE high-end Linux geek's time. For the cost of a $600 Windows Server License you can't even THINK about having a $100/hr Linux 'guru' put together (and make WORK) a 'free' system that includes the 'equivalent' of Active Directory, DNS, DHCP, IIS, .NET and all the other stuff you get right out of the box. As recently as this weekend, I asked a Linux guru to install a simple forum product on an Apache/PHP/MySQL box after I gave up after fiddling and farting around for hours trying to get it to work myself. Not surprisingly, his '5 minute' installation took all weekend and still isn't working right. Maybe I just got a 'dud' guru? Good geeks are hard to find -- especially when there are no viable certification programs to at least ensure MINIMAL competency and give some way of weeding them apart. Unfortunately, this kind of thing has not been the exception -- in my experience over dozens of projects -- it has been the rule. >Are you equally comfortable administrating >other platforms or is your experience one- >sided? In a previous post, I stated categorically that people who THINK they are experts in both platforms are really only ledgends in their own mind. They are living in delusion. I have NEVER claimed to be a FOSS guru and never will. As Clint Eastwood so aptly put, "A man's gotta know his limitations." As for myself, knowing how hard I've worked over the past 20 years wading through tens of THOUSANDS of pages of materials JUST to focus on general networking, security and the Microsoft side of the equation -- I have little tolerance and no belief in ANYONE who claims to be a master of this PLUS the FOSS environments as well. I won't say that it isn't humanly 'possible' -- but I'd be more apt to search for flying pigs. >I'd be shocked to discover that you treat >your students with the same contempt you >appear to present in any post of yours I >can remember reading. Back to paranoia 101. My credentials and experience as an instructor are well documented by hundreds of excellent course evaluations from students at all levels and from all over the world. These days, I don't get to teach very often, but can certainly recall the odd Linux 'guru' who was 'forced' to attend one of my classes by their company. One would be AMAZED by the change in attitude and humility a 5-day course can make. I've had people come up at the end of the course and apologize for being so ignorant at the start. Some of them actually went on to become quite excellent techs -- others -- well, they're asking customers whether or not they'd like a disk defragmentation while they're having their anti-virus treatment and RAM upgrade done... ;)

Tony Hopkinson
Tony Hopkinson

= market dominance? Come again. :p The truly scary bit is that was the only close to factual claim you made. You do have some valid concerns in that the differences in the open source model, would necessitate various changes for any organisation choosing to use it. Presenting them in this fashion, to anyone slightly more knowledgeable than your self about it (which to be brutally honest is very likely), is going to make you look incompetent and foolish though. A bit more study required I think.

Neon Samurai
Neon Samurai

Even Microsoft uses Linux webserver clusters in the back end though the reverse proxy may be the latest IIS. As for TCO, you've not read the 285 page EU study finding that total cost is actually lower once you start considering solutions outside of the Microsoft world. Yeah, Active Directory is nice. It'd be nicer if they made it play well with other platforms but that would reduce barriers to entry. It's also not the only LDAP solution available even if it is the popular well dress spoiled kid on the block.

Neon Samurai
Neon Samurai

Your overuse of all caps and constant speaking down to anyone not agreeing fully with you tends to be counter productive if you are actually expecting other's to consider the points you raise. You may have some very valid points but many of the points you pose as fact are not universally so. "Are you still booting from a floppy? Please, get real." What value does "please, get real" add to your point or does it just serve to alienate the person you are denouncing as inferior to yourself? And yes, I am still booting from a floppy to be honest. It separates my boot loader from my hard drive platters on a media that can be set to read-only with a physical switch (I've confirmed that my floppy respects the setting though some don't sue a physical pin to sense it these days). Offhand, what is your experience with non-Windows platforms? I know you've been around a good long while in IT and probably have a very solid basis when discussing Windows solutions. Are you equally comfortable administrating other platforms or is your experience one-sided? I'd be shocked to discover that you treat your students with the same contempt you appear to present in any post of yours I can remember reading. If you really want your points to be taken seriously and considered, try offering your information in a constructive manner.

Marty R. Milette
Marty R. Milette

Unfortunately, you've highlighted a lot of ill-conceived falacies that often put forward as facts: >In the server market, MS is the minority >share Assuming you are talking about web servers, you can certainly find statistics that show the COUNT of servers running FOSS is higher. http://news.netcraft.com/ has these statistics. If your business runs from mom's basement and generates enough revenue to buy a new skateboard once in a while -- perhaps yes the 'raw number' of servers may have some meaning -- however, if your organization or government department is closer to a Fortune 500 -- then these numbers are IRRELEVENT. A quote: "According to a study done by Port80.com in August 2006 they found that ?Microsoft IIS serves 54.9% of Fortune 1000 web sites.? If one looks at what REAL business (AND the government) runs, there is plenty of research like this: http://www.search-this.com/2007/06/27/microsoft-iis-vs-apache-who-serves-more/ Additionally, if you look at what real businesses use INTERNALLY, you will find a much higher percentage of Microsoft servers AND clients. WHY is this? Two words: ACTIVE DIRECTORY. Another couple of good words: Total Cost of Ownership. >yet it is still the most vulnerable and >slowest to patch exploitable bugs. Again, history from the stone age. RECENT statistics show this as another falacy. Another couple of quotes: "Consider this: The Computer Emergency Response Team (CERT) released data showing that 16 of the 29 security advisories it released last year involved Linux or open-source products." >Servers are where the big money is yet *nix >machines are not falling over constantly. I'd suggest that if YOUR Microsoft-based servers are falling over constantly, then YOU are the one with the problem. PLENTY of organizations of all sizes have used Microsoft-based servers for over a decade without ANY problems. Server stability and security is by far more of a function of the QUALITY and TRAINING of the system administrator than anything else. Virtually all issues that have ever become a problem with Microsoft-based servers were the DIRECT result of idiot administrators not installing patches and updates WHEN THEY CAME OUT -- typically MONTHS before there was ever an exploit used in the wild. >I think that increasing market share would >increase the number of attempts against but >not the number of successful exploits YOUR OPINION. There are plenty of others such as from Charles Kolodgy, a research director at IDC who says, "The level of a product's security is inversely proportionate to its position in the marketplace, If Linux had a 50 percent market share, you'd see more Linux vulnerabilities exposed." >historically, FOSS has patched faster >when exploits are discovered counting >in hours not days or weeks (MS last >unscheduled patch release was a week >and a half late). This actually demonstrates the difference between the 'hacker mentality' and a professional organization who must be held accountable. Releasing ANY patch is not something you want anyone on the planet to be able to do and have pushed or pulled to tens of thousands of machines world-wide without some SERIOUS analysis as to the consequences. Microsoft may be accused of being slow, but they have ALREADY felt the sting of releasing patches that adversely affected products that were NOT even their own! The FOSS attitude is quite the opposite -- people are hacking and patching products willy-nilly without the slightest bit of concern as to what effects those patches would or COULD potentially have on other products. Microsoft views product integration as a blessing - as do their customers. In the FOSS world, so few applications communicate with or care about anything other than themselves there is a 'who cares' or 'that's your problem' attitude. Additionally, there are NO CONSEQUENCES if some patch in one product kills customizations to that product or breaks any functions related to any other applications. >In contrast, MS DOS viruses are still >effective against Windows because MS >continues to neglect the design flaws Are you still booting from a floppy? Please, get real. >It's about saving market image instead of >providing safe high quality products. Regarding safe -- see above. High quality is in the eye or the beholder. Some people acutally view products that work together WITHOUT needing kludges and glue code to get them to work together and having consistent, reliable user interfaces as being 'high' quality.

Editor's Picks