The government is spending a lot of money for software, but then come security. Perhaps they can add closed security to open-ended software?
VBP
Discussion on:
View:
Show:
Do you mean closed source security and open source software or something different?
Just about any level of encryption can be applied into open source software, so I don't see the problem. Plus, being open source means that security problems are found and fixed a lot quicker than most proprietary software (i.e. Microsoft). They don't fix anything until enough people scream about it to do something. 
Remember that the greatest threat to Western security at the moment is from China. More attacks and viruses and malware is coming from China then any other source (possibly then all other sources.)
And while they have access to the code from all Open Source software and can look for holes in it, they also were able to get Microsoft to give them the code for Windows.
They gave them the code! No wonder they can attack it so well.
yes Microsoft is doing a lot better then they have in the past and they are starting to be more responsible by making fixes available faster and with less bugs, but they gave them the code!
Besides Microsoft there is the issue of the counterfeit cisco router issue.
Yes there is a place for closed source but please do not tell me that closed source is any better then open source when it comes to security. Open source means more eyes on the code (good and bad) and more people to fix it if there is a problem. You can even make your own fixes if you want yours to be different them the generally used version AND in times of an economic disaster like we are now in, if the company that made your security software goes under, you get no new updates, but with open source you can patch it yourself or go out to the greater community to get updates.
Do you want to have your future depend on a company that might just not be there to help you, or do you want to have some control over your own future?
OK MS may not go broke, but hey, they are feeling the pinch already, 5000 let go and losses in Q4.
And while they have access to the code from all Open Source software and can look for holes in it, they also were able to get Microsoft to give them the code for Windows.
They gave them the code! No wonder they can attack it so well.
yes Microsoft is doing a lot better then they have in the past and they are starting to be more responsible by making fixes available faster and with less bugs, but they gave them the code!
Besides Microsoft there is the issue of the counterfeit cisco router issue.
Yes there is a place for closed source but please do not tell me that closed source is any better then open source when it comes to security. Open source means more eyes on the code (good and bad) and more people to fix it if there is a problem. You can even make your own fixes if you want yours to be different them the generally used version AND in times of an economic disaster like we are now in, if the company that made your security software goes under, you get no new updates, but with open source you can patch it yourself or go out to the greater community to get updates.
Do you want to have your future depend on a company that might just not be there to help you, or do you want to have some control over your own future?
OK MS may not go broke, but hey, they are feeling the pinch already, 5000 let go and losses in Q4.
Access to the source code only helps those who want to fix the software flaws. Programs where the source code is available are actually more secure because the researcher that finds the flaw can report the bug along with the code snippet and a patch that would correct the problem. Closed source is limited to when the owning company gets around to fixing the issue; this depends on number of developers and the amount of budget they are willing to dedicate to maintenance.
Anyone researching software for vulnerabilities is using analysis tools that work against the compiled program. Rather than taking days to read through the source code for coding errors, they use an automated process that pummels the binary until leaks and breaking points are found.
Anyone researching software for vulnerabilities is using analysis tools that work against the compiled program. Rather than taking days to read through the source code for coding errors, they use an automated process that pummels the binary until leaks and breaking points are found.
I think the poster was indicating that while no-one but MS has source for MS OS, the Chinese do, and they apparently have more source code than the U.S. gov't, by all accounts.
Exploitable flaws found by China are unlikely to be reported to MS or anyone else.
You are absolutely correct, though, IMHO.
Exploitable flaws found by China are unlikely to be reported to MS or anyone else.
You are absolutely correct, though, IMHO.
from IT professionals instead of marketing?
Any security mechanissm that relies on being closed in order to be secure, is crap security.
Any security mechanissm that relies on being closed in order to be secure, is crap security.
Both Open and Proprietary software (both OS and Apps) have appeared with security "holes". New releases have appeared with "bugs". What has history shown? Open Source has consistently shown rapid response to bug fixes and plugging holes. Proprietary software has not shown response times to be as good. Government adoption of Open Source will drive many areas to higher levels. The most important of which is education.
closed source, but not exactly the most secure package out there, huh?
Why not leave it up to each entity to decide what is right for the application. Sure, most will choose Microsoft out of habit. But alot of gov't agencies run open source apps and networks. Is it right to force that choice on them and make them go open source? Why not leave them the option to choose the right tool for the right job?
How many of us have worked for Microsoft shops that refuse to look at open source solutions. On that same token I've seen friends work for other IT shops that refuse to work with anything unless it's open source. I think we all need to be a bit more open minded, myself included.
How many of us have worked for Microsoft shops that refuse to look at open source solutions. On that same token I've seen friends work for other IT shops that refuse to work with anything unless it's open source. I think we all need to be a bit more open minded, myself included.
open source is used in European Governments, with NOvell backbone and even MS on the front end sometimes.
the only drawback I see, in a government application, is there is noone to be held responsible if they need to sue the company that developed it, and they like to sue people it seems, especiallywhen THEY f-k up themselves, its a matter of pointing fingers.
the only drawback I see, in a government application, is there is noone to be held responsible if they need to sue the company that developed it, and they like to sue people it seems, especiallywhen THEY f-k up themselves, its a matter of pointing fingers.
For any government having a scapegoat is a must. If they **** up and no one "at the grass root" can get a hold of the fresh new open source software and the implementation look bad compared to the Titanic maiden voyage who the hell are they going to sue?! They are probably saying that just to give them a level in the contracts renewal negotiations with MS and others.
if they are set up properly any fault could fall back onto the lap of IT. this would do two things:
1) ensure the IT department is deploying technology they know works (and they know they can fix)
2) prove that things can be done in house more easily and more cheaply than traditional models would indicate.
1) ensure the IT department is deploying technology they know works (and they know they can fix)
2) prove that things can be done in house more easily and more cheaply than traditional models would indicate.
http://news.zdnet.co.uk/security/0,1000000189,39417171,00.htm
"The US Federal Bureau of Investigation has warned of threats to the US military and critical national infrastructure caused by counterfeit Cisco products.
"The counterfeit products could open a hardware backdoor into those systems, warned the Federal Bureau of Investigation (FBI), enabling an attacker, potentially undetected by security software, to gain control of the systems"
The concern is that processors and other chips may have back-doors or other phone-home technology hidden deep in the hardware.
And hardware is the "easy" part to secure.
How could anyone ever begin to be able to deploy software that was open source for any government systems?
While proprietary code may partly rely on 'security through obscurity', the integrity of the code can be verified more easily.
Open source is great, but you're only as good as your change management process...nuf said.
"The US Federal Bureau of Investigation has warned of threats to the US military and critical national infrastructure caused by counterfeit Cisco products.
"The counterfeit products could open a hardware backdoor into those systems, warned the Federal Bureau of Investigation (FBI), enabling an attacker, potentially undetected by security software, to gain control of the systems"
The concern is that processors and other chips may have back-doors or other phone-home technology hidden deep in the hardware.
And hardware is the "easy" part to secure.
How could anyone ever begin to be able to deploy software that was open source for any government systems?
While proprietary code may partly rely on 'security through obscurity', the integrity of the code can be verified more easily.
Open source is great, but you're only as good as your change management process...nuf said.
That's why in a commercial or government application, all routing equipment should be under lock and key and any ports that can communicate with such equipment are blocked in the firewall to prevent outside access. A good port sniffer will tell what goes in and what goes out.
Especially for obsolescent systems. This includes the military.
The problem so far is not so much maliciously
created or altered hardware, but parts that are mislabled to be something else, or labled as military grade hardened parts when they are not.
The problem so far is not so much maliciously
created or altered hardware, but parts that are mislabled to be something else, or labled as military grade hardened parts when they are not.
you can have all sorts of hidden functionality in a chip and it stays hidden until a certain external 'wake up command' is sent to it.
For example, there is some speculation that some Russian defense radar equipment operated by Syria may have been compromised at the chip-level by the Israelis.
A combat aircraft, for example, many hundreds of general purpose processors to do everything from flight controls to target tracking....a compromise of something as simple as the manufacturing of a processor could have devastating consequences for a military power.
http://arstechnica.com/security/news/2008/05/pentagon-fears-manchurian-chips.ars
For example, there is some speculation that some Russian defense radar equipment operated by Syria may have been compromised at the chip-level by the Israelis.
A combat aircraft, for example, many hundreds of general purpose processors to do everything from flight controls to target tracking....a compromise of something as simple as the manufacturing of a processor could have devastating consequences for a military power.
http://arstechnica.com/security/news/2008/05/pentagon-fears-manchurian-chips.ars
With Open source, anyone and everyone can review the code. With proprietary, you are trusting the vendor. There have been a few cases of vendors inadvertently shipping code with malware attached. I don't see how open source is more or less secure in this respect. The general rule seems to me to be the same for Open or Closed in this case, evaluate the provider carefully.
(BTW I don't really have an opinion on open vs. closed source, But I am strongly for open standards (which more often than not, means open source, I suppose).)
(BTW I don't really have an opinion on open vs. closed source, But I am strongly for open standards (which more often than not, means open source, I suppose).)
the whole issue with 'trusted hardware' is that the vendor must certify that their plant is secure, their source code is un-hacked, and they have to prove that it's all been done right.
Kind of like the differnce between a bolt used on jet airplane versus one you get at the hardware store.
The one on the plane was built in a factory on a machine that meets certain criteria, and is probably inspected a dozen times before it goes on the plane.
The two bolts look alike, but they are very different because of the process that went into making them...it's about trust.
Kind of like the differnce between a bolt used on jet airplane versus one you get at the hardware store.
The one on the plane was built in a factory on a machine that meets certain criteria, and is probably inspected a dozen times before it goes on the plane.
The two bolts look alike, but they are very different because of the process that went into making them...it's about trust.
Will Microsoft increase the OS cost if the US government moves to open source? Sure it will. You answered it here:
"That was 2004. The cost of operating systems has risen."
Microsoft increased the cost of operating systems even when the US government was spending on its products. What makes you think they'll change their pricing policies because the US government turns their backs on them?
On a side note. If you think buying proprietary software somehow gives you a safety net if something goes wrong I'd recommend you review the EULA with your legal advisor.
"That was 2004. The cost of operating systems has risen."
Microsoft increased the cost of operating systems even when the US government was spending on its products. What makes you think they'll change their pricing policies because the US government turns their backs on them?
On a side note. If you think buying proprietary software somehow gives you a safety net if something goes wrong I'd recommend you review the EULA with your legal advisor.
I think the O.P. was correct in mentioning that this could be a real wake-up call to Micro$oft, mainly about their failed development strategies. They're so busy kissing the feet of the media industries (read RIAA and the movie industry) that they no longer hear the voice of the general public that buys the majority of their software. They're so concerned about preventing access to 'unlicensed' music and video, that the functionality and speed of their operating systems have gone down the tubes. (Case in point: The processor bandwidth required for their on the fly encryption is so intense that it's hard to do anything else while a 'licensed' movie or audio file is playing. This is mostly prevalent in Vista.) In this respect, open source has the edge, with the speed and the functionality to knock M$ in the dirt if they don't get their act together pretty quickly and deliver an OS and related software that actually justifies the customer spending hundreds or thousands of dollars for.
If the US Goverment were to adapt Open Source, that would change the landscape of standards - now government forms would no longer be in word or excel, but Open Office standards - homes would start to adapt Open Source to stay standard with their governments. That would drive MS to have to adapt and might even make them consider the cost of their software to the general user, needing to make the pricing more attractive (ie competition driving the price down). It might mean some layoffs at MS... it might mean a leaner, less bloated OS from MS... it might mean in the end, we get two very good options at very competative prices.
Maybe I'm just being optimistic, but perhaps there is a silver lining after all.
Maybe I'm just being optimistic, but perhaps there is a silver lining after all.
Unfortunately a lot of business have bet too much on the Microsoft software stack. They could be potential "clients" to get milked with increased prices.
I've heard of price drops in the student and teacher editions of certain software. Like you say this could be a result of market pressure. But I don't know if that is the case in companies for volume licenses.
I've heard of price drops in the student and teacher editions of certain software. Like you say this could be a result of market pressure. But I don't know if that is the case in companies for volume licenses.
Just like "Gap Kids" hopes lead to "Gap" adults. Get them young and branded in school so they grow up to be good little open wallets. It's not unique to software though by any means.
I've always figured that either outcome would benefit the end user. Either MS would start competing based on product quality and functions or the would loose to a platform which does provide the end user with product quality and beneficial functions. This, being in an ideal world where the software market functioned based on product quality and true market choice while respecting industry standards; so, we're both dreaming sadly.
There has been very little innovation though, in the software market - particularly the OS level. For the general web user, one product is pretty much like another - they all will type documents, they all will do e-mail, they all will surf the web... unless someone comes up with the "next killer app", there's no advantage to any OS (M$, Apple or Linux) so that basically just leaves a) price and b) support... we all have our opinions on those two points.
it's not Open Office's standard.
It's the open document standard format used by Open Office (and many many others)
It's the open document standard format used by Open Office (and many many others)
Thanks for the clarification, you are right, but realistically, have you seen a lot of other Office suites that use the "Open" standard? Really it's just MS Office and Open Office competing... the difference is, Open Office has the PR twist of saying they're open to using a standard everyone can use - in other words, M$ please use a standard we can share... don't get me wrong, that's a great thing to have, but when there are only two big players, it's more like a marketing campaign than a real benefit. Open office does a pretty descent job of openning and closing M$ files... I haven't tried doing the same the other way around though.
We need open source electronic medical record software to be provided as a collaboration with the government.
When government commits to solutions for the benefit of the whole country, not just a few companies like Microsoft and Hewlett-Packard, then it is doing the proper job of the government.
Start with open source software and end with open source healthcare software.
When government commits to solutions for the benefit of the whole country, not just a few companies like Microsoft and Hewlett-Packard, then it is doing the proper job of the government.
Start with open source software and end with open source healthcare software.
It sounds good but it is not feaseable given the security issue.
What security related concerns are you seeing in relation to the Government adopting more open source software?
I think the point about the money being shifted to the consumers is a bit moot. The tax money the government spends came from the people in the first place, unless it used 'newly printed money'(using the term loosely) which is just about as bad if not worse.
So by using open source, the gov't is spending less taxes and the cost of software being transferred to commercial software companies (and then on to the consumer) puts the burden on the people who actually BUY software.
So by using open source, the gov't is spending less taxes and the cost of software being transferred to commercial software companies (and then on to the consumer) puts the burden on the people who actually BUY software.
I prefer open source and yet I mainly use Windows. What most worries me is safe long term availability of information especially Government information.
With MSOffice the British Library was in trouble as it could not read old MS Word docs. MS provided virtual PC software to overcome the problem but this is only a bodged solution.
I think that ISO international standards should be mandated. The only one currently available is ODF as OOXML is not a properly finished specification and is not correctly implemented by anyone. Even MS has implemented ODF so complying with such a mandate is perfectly feasable. Then any competent software company can sell or give away software to read ODF documents and problems like those at the British Library would become history.
With MSOffice the British Library was in trouble as it could not read old MS Word docs. MS provided virtual PC software to overcome the problem but this is only a bodged solution.
I think that ISO international standards should be mandated. The only one currently available is ODF as OOXML is not a properly finished specification and is not correctly implemented by anyone. Even MS has implemented ODF so complying with such a mandate is perfectly feasable. Then any competent software company can sell or give away software to read ODF documents and problems like those at the British Library would become history.
Open standards, specifically open protocols and file formats, are probably more important than open source software. Thankfully the EU has been pushing for open standards, and competition, as much as anyone.
If the government of any country goes fully to open source software, there is no reason for M$ to rise his prices because this should initiate a spiral by wich any rise generates the same amount of NO consumption for M$ products destinated to the industry (not entertainments etc...).
How many hacks and infections of SendMail have you heard of, versus Outlook?
Personally, 2 former employers of mine (county governments) are partially converting to open source.
Here where I work now, we use mostly Linux servers. We might convert within a year or two to OpenOffice just for the cost savings of $10,000s.
Personally, 2 former employers of mine (county governments) are partially converting to open source.
Here where I work now, we use mostly Linux servers. We might convert within a year or two to OpenOffice just for the cost savings of $10,000s.
The reason there are not as many hacks and virus' in Open Source is that the distribution is relatively limited. If it were to go mainstream and be as big as MS, particularly in Government offices, do you not think that hacks and virus' would increase 1000 fold?
In the server market, MS is the minority share yet it is still the most vulnerable and slowest to patch exploitable bugs. Servers are where the big money is yet *nix machines are not falling over constantly.
(I can nmap a unix/linux/bsd box and it doesn't care where the same nmap scan leaves a Windows server requiring a reboot; WTF is that?)
I think that increasing market share would increase the number of attempts against but not the number of successful exploits:
- historically, FOSS has patched faster when exploits are discovered counting in hours not days or weeks (MS last unscheduled patch release was a week and a half late).
- the patch often accompanies the bug report in FOSS
- FOSS development means peer review so developers tend to put effort into coding cleanly (a common theme "I wrote an app that does XYZ and I'll be releasing it in the next week or so as soon as I can clean up my code because it's pretty nasty right now")
- Like cryptography science, peer review also helps to discover coding flaws early though this applies more to the popular projects.
The end result is that an exploit has a very short time to live. You find something and write your payload for it then you have until someone else discovers your payload or the vulnerability; after that, it's of no use.
In contrast, MS DOS viruses are still effective against Windows because MS continues to neglect the design flaws in favor of blaming the third party software developers. It's about saving market image instead of providing safe high quality products.
(I can nmap a unix/linux/bsd box and it doesn't care where the same nmap scan leaves a Windows server requiring a reboot; WTF is that?)
I think that increasing market share would increase the number of attempts against but not the number of successful exploits:
- historically, FOSS has patched faster when exploits are discovered counting in hours not days or weeks (MS last unscheduled patch release was a week and a half late).
- the patch often accompanies the bug report in FOSS
- FOSS development means peer review so developers tend to put effort into coding cleanly (a common theme "I wrote an app that does XYZ and I'll be releasing it in the next week or so as soon as I can clean up my code because it's pretty nasty right now")
- Like cryptography science, peer review also helps to discover coding flaws early though this applies more to the popular projects.
The end result is that an exploit has a very short time to live. You find something and write your payload for it then you have until someone else discovers your payload or the vulnerability; after that, it's of no use.
In contrast, MS DOS viruses are still effective against Windows because MS continues to neglect the design flaws in favor of blaming the third party software developers. It's about saving market image instead of providing safe high quality products.
Unfortunately, you've highlighted a lot of ill-conceived falacies that often put forward as facts:
>In the server market, MS is the minority
>share
Assuming you are talking about web servers, you can certainly find statistics that show the COUNT of servers running FOSS is higher.
http://news.netcraft.com/ has these statistics.
If your business runs from mom's basement and generates enough revenue to buy a new skateboard once in a while -- perhaps yes the 'raw number' of servers may have some meaning -- however, if your organization or government department is closer to a Fortune 500 -- then these numbers are IRRELEVENT.
A quote: "According to a study done by Port80.com in August 2006 they found that ?Microsoft IIS serves 54.9% of Fortune 1000 web sites.?
If one looks at what REAL business (AND the government) runs, there is plenty of research like this:
http://www.search-this.com/2007/06/27/microsoft-iis-vs-apache-who-serves-more/
Additionally, if you look at what real businesses use INTERNALLY, you will find a much higher percentage of Microsoft servers AND clients.
WHY is this? Two words: ACTIVE DIRECTORY. Another couple of good words: Total Cost of Ownership.
>yet it is still the most vulnerable and
>slowest to patch exploitable bugs.
Again, history from the stone age. RECENT statistics show this as another falacy. Another couple of quotes:
"Consider this: The Computer Emergency Response Team (CERT) released data showing that 16 of the 29 security advisories it released last year involved Linux or open-source products."
>Servers are where the big money is yet *nix
>machines are not falling over constantly.
I'd suggest that if YOUR Microsoft-based servers are falling over constantly, then YOU are the one with the problem. PLENTY of organizations of all sizes have used Microsoft-based servers for over a decade without ANY problems.
Server stability and security is by far more of a function of the QUALITY and TRAINING of the system administrator than anything else.
Virtually all issues that have ever become a problem with Microsoft-based servers were the DIRECT result of idiot administrators not installing patches and updates WHEN THEY CAME OUT -- typically MONTHS before there was ever an exploit used in the wild.
>I think that increasing market share would
>increase the number of attempts against but
>not the number of successful exploits
YOUR OPINION. There are plenty of others such as from Charles Kolodgy, a research director at IDC who says, "The level of a product's security is inversely proportionate to its position in the marketplace, If Linux had a 50 percent market share, you'd see more Linux vulnerabilities exposed."
>historically, FOSS has patched faster
>when exploits are discovered counting
>in hours not days or weeks (MS last
>unscheduled patch release was a week
>and a half late).
This actually demonstrates the difference between the 'hacker mentality' and a professional organization who must be held accountable.
Releasing ANY patch is not something you want anyone on the planet to be able to do and have pushed or pulled to tens of thousands of machines world-wide without some SERIOUS analysis as to the consequences.
Microsoft may be accused of being slow, but they have ALREADY felt the sting of releasing patches that adversely affected products that were NOT even their own!
The FOSS attitude is quite the opposite -- people are hacking and patching products willy-nilly without the slightest bit of concern as to what effects those patches would or COULD potentially have on other products.
Microsoft views product integration as a blessing - as do their customers. In the FOSS world, so few applications communicate with or care about anything other than themselves there is a 'who cares' or 'that's your problem' attitude. Additionally, there are NO CONSEQUENCES if some patch in one product kills customizations to that product or breaks any functions related to any other applications.
>In contrast, MS DOS viruses are still >effective against Windows because MS >continues to neglect the design flaws
Are you still booting from a floppy? Please, get real.
>It's about saving market image instead of
>providing safe high quality products.
Regarding safe -- see above. High quality is in the eye or the beholder.
Some people acutally view products that work together WITHOUT needing kludges and glue code to get them to work together and having consistent, reliable user interfaces as being 'high' quality.
>In the server market, MS is the minority
>share
Assuming you are talking about web servers, you can certainly find statistics that show the COUNT of servers running FOSS is higher.
http://news.netcraft.com/ has these statistics.
If your business runs from mom's basement and generates enough revenue to buy a new skateboard once in a while -- perhaps yes the 'raw number' of servers may have some meaning -- however, if your organization or government department is closer to a Fortune 500 -- then these numbers are IRRELEVENT.
A quote: "According to a study done by Port80.com in August 2006 they found that ?Microsoft IIS serves 54.9% of Fortune 1000 web sites.?
If one looks at what REAL business (AND the government) runs, there is plenty of research like this:
http://www.search-this.com/2007/06/27/microsoft-iis-vs-apache-who-serves-more/
Additionally, if you look at what real businesses use INTERNALLY, you will find a much higher percentage of Microsoft servers AND clients.
WHY is this? Two words: ACTIVE DIRECTORY. Another couple of good words: Total Cost of Ownership.
>yet it is still the most vulnerable and
>slowest to patch exploitable bugs.
Again, history from the stone age. RECENT statistics show this as another falacy. Another couple of quotes:
"Consider this: The Computer Emergency Response Team (CERT) released data showing that 16 of the 29 security advisories it released last year involved Linux or open-source products."
>Servers are where the big money is yet *nix
>machines are not falling over constantly.
I'd suggest that if YOUR Microsoft-based servers are falling over constantly, then YOU are the one with the problem. PLENTY of organizations of all sizes have used Microsoft-based servers for over a decade without ANY problems.
Server stability and security is by far more of a function of the QUALITY and TRAINING of the system administrator than anything else.
Virtually all issues that have ever become a problem with Microsoft-based servers were the DIRECT result of idiot administrators not installing patches and updates WHEN THEY CAME OUT -- typically MONTHS before there was ever an exploit used in the wild.
>I think that increasing market share would
>increase the number of attempts against but
>not the number of successful exploits
YOUR OPINION. There are plenty of others such as from Charles Kolodgy, a research director at IDC who says, "The level of a product's security is inversely proportionate to its position in the marketplace, If Linux had a 50 percent market share, you'd see more Linux vulnerabilities exposed."
>historically, FOSS has patched faster
>when exploits are discovered counting
>in hours not days or weeks (MS last
>unscheduled patch release was a week
>and a half late).
This actually demonstrates the difference between the 'hacker mentality' and a professional organization who must be held accountable.
Releasing ANY patch is not something you want anyone on the planet to be able to do and have pushed or pulled to tens of thousands of machines world-wide without some SERIOUS analysis as to the consequences.
Microsoft may be accused of being slow, but they have ALREADY felt the sting of releasing patches that adversely affected products that were NOT even their own!
The FOSS attitude is quite the opposite -- people are hacking and patching products willy-nilly without the slightest bit of concern as to what effects those patches would or COULD potentially have on other products.
Microsoft views product integration as a blessing - as do their customers. In the FOSS world, so few applications communicate with or care about anything other than themselves there is a 'who cares' or 'that's your problem' attitude. Additionally, there are NO CONSEQUENCES if some patch in one product kills customizations to that product or breaks any functions related to any other applications.
>In contrast, MS DOS viruses are still >effective against Windows because MS >continues to neglect the design flaws
Are you still booting from a floppy? Please, get real.
>It's about saving market image instead of
>providing safe high quality products.
Regarding safe -- see above. High quality is in the eye or the beholder.
Some people acutally view products that work together WITHOUT needing kludges and glue code to get them to work together and having consistent, reliable user interfaces as being 'high' quality.
Your overuse of all caps and constant speaking down to anyone not agreeing fully with you tends to be counter productive if you are actually expecting other's to consider the points you raise. You may have some very valid points but many of the points you pose as fact are not universally so.
"Are you still booting from a floppy? Please, get real."
What value does "please, get real" add to your point or does it just serve to alienate the person you are denouncing as inferior to yourself?
And yes, I am still booting from a floppy to be honest. It separates my boot loader from my hard drive platters on a media that can be set to read-only with a physical switch (I've confirmed that my floppy respects the setting though some don't sue a physical pin to sense it these days).
Offhand, what is your experience with non-Windows platforms? I know you've been around a good long while in IT and probably have a very solid basis when discussing Windows solutions. Are you equally comfortable administrating other platforms or is your experience one-sided?
I'd be shocked to discover that you treat your students with the same contempt you appear to present in any post of yours I can remember reading. If you really want your points to be taken seriously and considered, try offering your information in a constructive manner.
"Are you still booting from a floppy? Please, get real."
What value does "please, get real" add to your point or does it just serve to alienate the person you are denouncing as inferior to yourself?
And yes, I am still booting from a floppy to be honest. It separates my boot loader from my hard drive platters on a media that can be set to read-only with a physical switch (I've confirmed that my floppy respects the setting though some don't sue a physical pin to sense it these days).
Offhand, what is your experience with non-Windows platforms? I know you've been around a good long while in IT and probably have a very solid basis when discussing Windows solutions. Are you equally comfortable administrating other platforms or is your experience one-sided?
I'd be shocked to discover that you treat your students with the same contempt you appear to present in any post of yours I can remember reading. If you really want your points to be taken seriously and considered, try offering your information in a constructive manner.
Neon, I'm sorry, but when you or anyone else puts forth unsubstantiated, obsolete, ABM rhetoric -- better expect to get called on it.
Please, don't whine about every one of my posts claiming that I'm beating on you or for simply using "too many caps". Take it like a man and take the "Samurai" part of your pseudonym seriously! Get some "spine" and hammer me back with some real evidence supporting what you say.
If someone wants to call crap on a statement I make -- I only hope they have enough smarts to back it up with facts instead of just whining about it or trying to divert attention. (Been working around West Yorkshire too long perhaps?
To be honest, I made my posts to this article fully expecting to be flamed. I figured that it was high time someone debunked "free" BS surrounding FOSS and exposed a few simple business truths that are normally ignored or minimized by the penguin fanboyz.
Interestingly enough, there hasn't been anything to dispute the points -- just a few whinges about the presentation.
In my books, you stepped into a very deep pile of crap when you made this statement:
>"In contrast, MS DOS viruses are still
>effective against Windows because MS
>continues to neglect the design flaws in
>favor of blaming the third party software
>developers."
Did you actually take a moment to read that before you posted it? WTF??? Let's take it apart:
>"In contrast, MS DOS viruses are still
>effective against Windows
I had to laugh when you said YOU were the one still booting from a floppy. This made at least part of the statement clear.
Until then, I could only have assumed that this was what you were talking about -- no other option made any sense -- but even so, it is still a falacy.
Sorry if I touched a nerve on that one, but let's have a show of hands here -- How many IT professions are still building systems that boot off a floppy for any kind of serious business purpose???
The systems I'm designing at the moment don't have ANY local drives whatsoever -- the servers will boot directly from a NetApp.
You may not agree, but I'd still have to say the 'get real' part was quite appropriate -- and put in a much kinder way than was actually going through my mind a the time
I haven't even built a system that HAS a floppy drive for the last 6 or 7 years. I seem to recall that the last one I saw in production use was an OS/2 system used as part of the HVAC control system for a 300-year-old hotel.
Additionally -- if someone is daft enough to boot from a floppy -- let alone an infected one -- what the heck difference does the O/S on the hard drive make if the virus kicks in BEFORE the real O/S is even touched?
So you proceed to 'assign blame' for this to Microsoft???...
>because MS continues to neglect the design
>flaws in favor of blaming the third party
>software developers."
What design flaw would that be? Microsoft doesn't build the hardware and they certainly don't shove a floppy into your hand to boot from -- not for many, many, many years at least...
Sorry, but I can write a boot sector virus in C, assembler or bloody binary that I thumb-in on a bank of switches with no operating system whatsoever (done it!) -- one that will toast ANY operating system on ANY hard drive -- how can you blame Microsoft for that?
And who mentioned anything about third-party developers ANYWHERE in my posting or the article itself? Where did that come from?
To answer your questions...
>Offhand, what is your experience with non-
>Windows platforms?
My experience has with FOSS has honestly been crap. 14 years ago or so, I taught C programming, UNIX and Linux but over the years have observed that on EVERY project where FOSS is involved -- the amount of time and money wasted trying to get disparate FOSS products to work together has FAR outstripped the cost of any software licenses for WORKING proprietary solutions.
That has been MY experience. Your experience may be different.
Face it -- you can buy a hell of a lot of software licenses for the cost of ONE year of just ONE high-end Linux geek's time.
For the cost of a $600 Windows Server License you can't even THINK about having a $100/hr Linux 'guru' put together (and make WORK) a 'free' system that includes the 'equivalent' of Active Directory, DNS, DHCP, IIS, .NET and all the other stuff you get right out of the box.
As recently as this weekend, I asked a Linux guru to install a simple forum product on an Apache/PHP/MySQL box after I gave up after fiddling and farting around for hours trying to get it to work myself. Not surprisingly, his '5 minute' installation took all weekend and still isn't working right.
Maybe I just got a 'dud' guru? Good geeks are hard to find -- especially when there are no viable certification programs to at least ensure MINIMAL competency and give some way of weeding them apart.
Unfortunately, this kind of thing has not been the exception -- in my experience over dozens of projects -- it has been the rule.
>Are you equally comfortable administrating
>other platforms or is your experience one-
>sided?
In a previous post, I stated categorically that people who THINK they are experts in both platforms are really only ledgends in their own mind. They are living in delusion.
I have NEVER claimed to be a FOSS guru and never will. As Clint Eastwood so aptly put, "A man's gotta know his limitations."
As for myself, knowing how hard I've worked over the past 20 years wading through tens of THOUSANDS of pages of materials JUST to focus on general networking, security and the Microsoft side of the equation -- I have little tolerance and no belief in ANYONE who claims to be a master of this PLUS the FOSS environments as well.
I won't say that it isn't humanly 'possible' -- but I'd be more apt to search for flying pigs.
>I'd be shocked to discover that you treat
>your students with the same contempt you
>appear to present in any post of yours I
>can remember reading.
Back to paranoia 101.
My credentials and experience as an instructor are well documented by hundreds of excellent course evaluations from students at all levels and from all over the world.
These days, I don't get to teach very often, but can certainly recall the odd Linux 'guru' who was 'forced' to attend one of my classes by their company.
One would be AMAZED by the change in attitude and humility a 5-day course can make. I've had people come up at the end of the course and apologize for being so ignorant at the start.
Some of them actually went on to become quite excellent techs -- others -- well, they're asking customers whether or not they'd like a disk defragmentation while they're having their anti-virus treatment and RAM upgrade done...
Please, don't whine about every one of my posts claiming that I'm beating on you or for simply using "too many caps". Take it like a man and take the "Samurai" part of your pseudonym seriously! Get some "spine" and hammer me back with some real evidence supporting what you say.
If someone wants to call crap on a statement I make -- I only hope they have enough smarts to back it up with facts instead of just whining about it or trying to divert attention. (Been working around West Yorkshire too long perhaps?
To be honest, I made my posts to this article fully expecting to be flamed. I figured that it was high time someone debunked "free" BS surrounding FOSS and exposed a few simple business truths that are normally ignored or minimized by the penguin fanboyz.
Interestingly enough, there hasn't been anything to dispute the points -- just a few whinges about the presentation.
In my books, you stepped into a very deep pile of crap when you made this statement:
>"In contrast, MS DOS viruses are still
>effective against Windows because MS
>continues to neglect the design flaws in
>favor of blaming the third party software
>developers."
Did you actually take a moment to read that before you posted it? WTF??? Let's take it apart:
>"In contrast, MS DOS viruses are still
>effective against Windows
I had to laugh when you said YOU were the one still booting from a floppy. This made at least part of the statement clear.
Until then, I could only have assumed that this was what you were talking about -- no other option made any sense -- but even so, it is still a falacy.
Sorry if I touched a nerve on that one, but let's have a show of hands here -- How many IT professions are still building systems that boot off a floppy for any kind of serious business purpose???
The systems I'm designing at the moment don't have ANY local drives whatsoever -- the servers will boot directly from a NetApp.
You may not agree, but I'd still have to say the 'get real' part was quite appropriate -- and put in a much kinder way than was actually going through my mind a the time
I haven't even built a system that HAS a floppy drive for the last 6 or 7 years. I seem to recall that the last one I saw in production use was an OS/2 system used as part of the HVAC control system for a 300-year-old hotel.
Additionally -- if someone is daft enough to boot from a floppy -- let alone an infected one -- what the heck difference does the O/S on the hard drive make if the virus kicks in BEFORE the real O/S is even touched?
So you proceed to 'assign blame' for this to Microsoft???...
>because MS continues to neglect the design
>flaws in favor of blaming the third party
>software developers."
What design flaw would that be? Microsoft doesn't build the hardware and they certainly don't shove a floppy into your hand to boot from -- not for many, many, many years at least...
Sorry, but I can write a boot sector virus in C, assembler or bloody binary that I thumb-in on a bank of switches with no operating system whatsoever (done it!) -- one that will toast ANY operating system on ANY hard drive -- how can you blame Microsoft for that?
And who mentioned anything about third-party developers ANYWHERE in my posting or the article itself? Where did that come from?
To answer your questions...
>Offhand, what is your experience with non-
>Windows platforms?
My experience has with FOSS has honestly been crap. 14 years ago or so, I taught C programming, UNIX and Linux but over the years have observed that on EVERY project where FOSS is involved -- the amount of time and money wasted trying to get disparate FOSS products to work together has FAR outstripped the cost of any software licenses for WORKING proprietary solutions.
That has been MY experience. Your experience may be different.
Face it -- you can buy a hell of a lot of software licenses for the cost of ONE year of just ONE high-end Linux geek's time.
For the cost of a $600 Windows Server License you can't even THINK about having a $100/hr Linux 'guru' put together (and make WORK) a 'free' system that includes the 'equivalent' of Active Directory, DNS, DHCP, IIS, .NET and all the other stuff you get right out of the box.
As recently as this weekend, I asked a Linux guru to install a simple forum product on an Apache/PHP/MySQL box after I gave up after fiddling and farting around for hours trying to get it to work myself. Not surprisingly, his '5 minute' installation took all weekend and still isn't working right.
Maybe I just got a 'dud' guru? Good geeks are hard to find -- especially when there are no viable certification programs to at least ensure MINIMAL competency and give some way of weeding them apart.
Unfortunately, this kind of thing has not been the exception -- in my experience over dozens of projects -- it has been the rule.
>Are you equally comfortable administrating
>other platforms or is your experience one-
>sided?
In a previous post, I stated categorically that people who THINK they are experts in both platforms are really only ledgends in their own mind. They are living in delusion.
I have NEVER claimed to be a FOSS guru and never will. As Clint Eastwood so aptly put, "A man's gotta know his limitations."
As for myself, knowing how hard I've worked over the past 20 years wading through tens of THOUSANDS of pages of materials JUST to focus on general networking, security and the Microsoft side of the equation -- I have little tolerance and no belief in ANYONE who claims to be a master of this PLUS the FOSS environments as well.
I won't say that it isn't humanly 'possible' -- but I'd be more apt to search for flying pigs.
>I'd be shocked to discover that you treat
>your students with the same contempt you
>appear to present in any post of yours I
>can remember reading.
Back to paranoia 101.
My credentials and experience as an instructor are well documented by hundreds of excellent course evaluations from students at all levels and from all over the world.
These days, I don't get to teach very often, but can certainly recall the odd Linux 'guru' who was 'forced' to attend one of my classes by their company.
One would be AMAZED by the change in attitude and humility a 5-day course can make. I've had people come up at the end of the course and apologize for being so ignorant at the start.
Some of them actually went on to become quite excellent techs -- others -- well, they're asking customers whether or not they'd like a disk defragmentation while they're having their anti-virus treatment and RAM upgrade done...
Unless your disk gets really full, most files systems used on linux, don't/barely need it.....
Anti-virus, oh yes, you need that on OS's which are default allow.
RAM, that stuffs handy, just do the upgrade. Of course I want access to all of it. Three gig, three ????
Marty, you are dying here....
Anti-virus, oh yes, you need that on OS's which are default allow.
RAM, that stuffs handy, just do the upgrade. Of course I want access to all of it. Three gig, three ????
Marty, you are dying here....
Maybe it's time for an upgrade Tony? If not the systems, at least the knowledge about them.
Even Windows Server 2008 Enterprise lets you run 64 GB in 32-bit mode and 2 TB in 64-bit mode.
You ARE killing me -- with your jokes!
Even Windows Server 2008 Enterprise lets you run 64 GB in 32-bit mode and 2 TB in 64-bit mode.
You ARE killing me -- with your jokes!
Right I'll just nip off an buy that.
Hadn't realised that was the recommended workstation update for Vista Business (32 bit).
Oh silly ignorant me.
Only 758 quid as well, a bargain!
Hadn't realised that was the recommended workstation update for Vista Business (32 bit).
Oh silly ignorant me.
Only 758 quid as well, a bargain!
Where I booting Dos from floppy I'd maybe take that seriously. Being a cleanly generated boot partition with risk of virus infection well mitigated; I'm just going to assume you've not ever considered the potential benefits of such a setup with a multi-OS install. If I move my boot loader to a read only CD, does it become more acceptable in your books or is it equaly amusing since I'm not using the Windows boot loader only?
Did I say I used boot floppies as standard boot loaders for production systems? Nope, I said I (me, myself) use it at home due to providing benefits on my own multi-boot machine. My apologies if I was unclear, I meant to respond to the idea that Dos viruses where only effective through floppy boots or that booting from a floppy was somehow useless these days.
>"In contrast, MS DOS viruses are still
>effective against Windows because MS
>continues to neglect the design flaws in
>favor of blaming the third party software
>developers."
So then your point is that Chad Perin?s article on MS claiming vulnerabilities are the fault of third party programs rather than fixing the design flaw in the OS which is repeatedly exploited is bunk? It?s never happened then?
I do have to wonder if you really berate your students the way you write your posts and berate the other TR members. Even in your last post you take several opportunities to insinuate that I'm an idiot and whining child; it's not just me though, your posts to others are just as saturated with arrogance and self assumed superiority. To get back to the training topic though, I'd be the most interested and attentive student in the class or in the top five. I love to learn about technology and would be very open to new information the instructor was presenting. I'd be walking out of your class and asking what other instructors and course times where available after the first day half hour you spent berating the students the way you write here.
I actually wasn't asking about your instructional qualifications. I was more interested in what your basis for comparing software platforms and criticizing anyone not adhering to the Windows platform. I don't doubt you have teaching experience or Windows experience. What I doubt is that you have the equal basis of experience with other platforms from which to make a valid comparison.
I also don't take it personally. Your equally hostile to anyone you respond to so it's hard to take it all that seriously and definitely not me being targeted by you.
You are a stunning example of the elitist stereotype in IT. I could be wrong though; I?ve been wrong before and am open to that possibility. Let?s open that topic up for debate?
Did I say I used boot floppies as standard boot loaders for production systems? Nope, I said I (me, myself) use it at home due to providing benefits on my own multi-boot machine. My apologies if I was unclear, I meant to respond to the idea that Dos viruses where only effective through floppy boots or that booting from a floppy was somehow useless these days.
>"In contrast, MS DOS viruses are still
>effective against Windows because MS
>continues to neglect the design flaws in
>favor of blaming the third party software
>developers."
So then your point is that Chad Perin?s article on MS claiming vulnerabilities are the fault of third party programs rather than fixing the design flaw in the OS which is repeatedly exploited is bunk? It?s never happened then?
I do have to wonder if you really berate your students the way you write your posts and berate the other TR members. Even in your last post you take several opportunities to insinuate that I'm an idiot and whining child; it's not just me though, your posts to others are just as saturated with arrogance and self assumed superiority. To get back to the training topic though, I'd be the most interested and attentive student in the class or in the top five. I love to learn about technology and would be very open to new information the instructor was presenting. I'd be walking out of your class and asking what other instructors and course times where available after the first day half hour you spent berating the students the way you write here.
I actually wasn't asking about your instructional qualifications. I was more interested in what your basis for comparing software platforms and criticizing anyone not adhering to the Windows platform. I don't doubt you have teaching experience or Windows experience. What I doubt is that you have the equal basis of experience with other platforms from which to make a valid comparison.
I also don't take it personally. Your equally hostile to anyone you respond to so it's hard to take it all that seriously and definitely not me being targeted by you.
You are a stunning example of the elitist stereotype in IT. I could be wrong though; I?ve been wrong before and am open to that possibility. Let?s open that topic up for debate?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
