Slashdot Mirror

Yes, the whole SCO issue is garbage.

Problem is - we know that, but the people who take decisions do not. And even if they *would* know *about* it, they wouldn't act on it. They aren't paid to act on *knowledge* - they are paid to act on *recommendations*.

Why? Because if they acted on their own knoweledge, and if something went wrong, they would carry the blame. If they act on a "recommendation" by a consulting firm, they can blame the consulting firm.

And that's where Gartner & Co come in. They can make "recommendations" that will affect the industry in positive and negative ways, and get away with it because that is what their business model is - professional scapegoats, if you can call it that.

It is a win-win situation for consulting firms like Gartner, Forrester and their ilk, as well as their clients. If one looks closely at their "predictions" and "recommendations" over the years, you will find a balanced mix of bombs and hits - as long as that ratio is maintained, they own the keys to the mint.

Don't believe that? Then have a look at these two "recommendations":

21 May 2003

23 July 2003

They are both by the same company, in fact by the same person (George Weiss). Yet they indicate two opposing lines of thought, to the point that Gartner clearly says in the first one:

"Gartner believes SCO made a strategic error when it chose to defend Unix on Intel over Linux, against market trends. SCO is building a new Web services framework on the upcoming Unix System V v.6, and wants to steer OpenServer, UnixWare and SCO Linux customers to an expanded Web application programming interface. To support its legal claims against the Linux industry, SCO had to withdraw its Linux distribution from the market. But SCO damaged its own credibility and cut off the one potential avenue of high growth for its framework."

Compare that to the tone of their most recent "recommendation".

The problem with this is, of course, that the PHBs may be acting on tainted information, which could cost their companies heavily.

Quick Q&A:

Q:Do they care?

A:No. They aren't paid to care.

Q:Doesn't the whole world laugh at them?

A:Yes, but they don't care, because they aren't paid to care.

Q:Aren't they afraid that their companies will suffer if they act on tianted information?

A:No. They don't own the companies - they are employed by them. If the company folds, they will move on.

Q:Shouldn't they be reading Slashdot to get the real picture?

A:$deity forbid! If they would, they might get a clue, and then slashdotters would have nothing to rant about, which would mean the end of Slashdot! ;-)

Q:Does this mean that this is the end of Linux?

A:Remember the British and their "Salt Tax" in India? Try to tax something that is free and an indespensable part of nature, and bad things happen.

Relax. Life will go on, as will Linux.

Yes, the whole SCO issue is garbage.

Problem is - we know that, but the people who take decisions do not. And even if they *would* know *about* it, they wouldn't act on it. They aren't paid to act on *knowledge* - they are paid to act on *recommendations*.

Why? Because if they acted on their own knoweledge, and if something went wrong, they would carry the blame. If they act on a "recommendation" by a consulting firm, they can blame the consulting firm.

And that's where Gartner & Co come in. They can make "recommendations" that will affect the industry in positive and negative ways, and get away with it because that is what their business model is - professional scapegoats, if you can call it that.

It is a win-win situation for consulting firms like Gartner, Forrester and their ilk, as well as their clients. If one looks closely at their "predictions" and "recommendations" over the years, you will find a balanced mix of bombs and hits - as long as that ratio is maintained, they own the keys to the mint.

Don't believe that? Then have a look at these two "recommendations":

21 May 2003

23 July 2003

They are both by the same company, in fact by the same person (George Weiss). Yet they indicate two opposing lines of thought, to the point that Gartner clearly says in the first one:

"Gartner believes SCO made a strategic error when it chose to defend Unix on Intel over Linux, against market trends. SCO is building a new Web services framework on the upcoming Unix System V v.6, and wants to steer OpenServer, UnixWare and SCO Linux customers to an expanded Web application programming interface. To support its legal claims against the Linux industry, SCO had to withdraw its Linux distribution from the market. But SCO damaged its own credibility and cut off the one potential avenue of high growth for its framework."

Compare that to the tone of their most recent "recommendation".

The problem with this is, of course, that the PHBs may be acting on tainted information, which could cost their companies heavily.

Quick Q&A:

Q:Do they care?

A:No. They aren't paid to care.

Q:Doesn't the whole world laugh at them?

A:Yes, but they don't care, because they aren't paid to care.

Q:Aren't they afraid that their companies will suffer if they act on tianted information?

A:No. They don't own the companies - they are employed by them. If the company folds, they will move on.

Q:Shouldn't they be reading Slashdot to get the real picture?

A:$deity forbid! If they would, they might get a clue, and then slashdotters would have nothing to rant about, which would mean the end of Slashdot! ;-)

Q:Does this mean that this is the end of Linux?

A:Remember the British and their "Salt Tax" in India? Try to tax something that is free and an indespensable part of nature, and bad things happen.

Relax. Life will go on, as will Linux.

I had been undecided on Gartner up until now. I mean, not all of their advice is pro-Microsoft; they seemed fairly balanced to me. But this is just too much...

From Gartner.com, recommendations as at 23 Jul:

Contact SCO to discuss its claims, compensation requirements and your potential future liability.
FUD FUD FUD + hefty helping of bad advice

Organize a review board that audits and documents all Linux installations by kernel version and server roles.
FUD FUD FUD

Delay deployments of application and database servers if they involve critical applications that must be unencumbered of IP infringement claims. You can fence off such systems from the license obligation if you have deployed Linux strictly for basic infrastructure roles (such as firewalls and simple Web servers) that do not require the 2.4 kernel or its SMP capability.
FUD FUD FUD

Determine whether Unix or Windows will provide functions equivalent to those of Linux deployments.
OMFG FUD FUD FUD

Investigate outsourcing, system integration or other relationships that transfer license issues to the third party.
valid advice, but still FUD FUD FUD

Don't ignore the problem by hoping IBM will win or settle its lawsuit (that could take a year or more). An IBM win would not prevent SCO from pursuing individual claims, which, if successful, could cost far more in penalties than buying a SCO license would. If you find SCO's case compelling and you use few instances of v.2.4, pay the license fees.
FUD FUD FUD

While the actions by SCO are pending, take a go-slow approach to Linux in high-value or mission-critical production systems. Instead, keep pursuing your Unix and Windows strategies.
OMFG FUD FUD FUD

Previous recommendations, 21 May:

The lawsuits against IBM and Linux users could take a year or more. Minimize Linux in complex, mission-critical systems until the merits of SCO's claims or any resulting judgments become clear.
FUD FUD FUD

If you plan large Linux deployments on the platforms of Dell Computer, Hewlett-Packard, IBM, Sun Microsystems or other major vendors, seek a comprehensive support contract, including pre-installation, configuration testing and operating system certification.
FUD FUD FUD

IS organizations, with advice from their legal departments, should perform due diligence on Linux or other open-source code (explore its source, integrity and any encumbrances) as a prerequisite to adoption in the enterprise.
FUD FUD FUD

BTW: Did anyone notice ?
Nikos Drakos - one of the Gartner consultants who is the author of that report is the writer of the famous latex2html tool.

This Gartner article seems to be warning those, that might be considering a Windows replacement, against doing it.

They seem to be saying: Be careful of the hidden costs when switching....blah, blah, blah.

This comes from the very same people that told you to ditch IIS article here Do you think these guys even considered the costs of re-writing all the ASP stuff that runs on IIS before making that recommendation?

Remember, when you combine "con" and "insult" you get "consult".

-ted

More recently, the company has been stepping up its efforts to convince potential European clients that they should steer away from Linux and towards its products. But even though Ballmer intervened in the attempt to win over the city of Munich, Linux won out.

This is very good for Linux, and I'm not trying to downplay it, but I just heard about this over at WinInformant:

Fun Fact About Those Linux PCs in Munich

And speaking about Linux stories you don't hear much from the Linux-loving mainstream press, consider the following. Remember that story about the city of Munich choosing Linux to power 14,000 desktop computers? One aspect of this story that most people don't know about is that up to 80 percent of those Linux desktops will be equipped with VMWare, a virtual machine emulator, under which they will run Windows and Windows applications. That's right, folks: The majority of those "Linux desktops" will be used to run ... Windows. I'm not a big fan of Gartner, but they've issued a report, correctly titled, "Munich's Choice Doesn't Prove Linux OK for General Desktop Use," that raises some interesting issues. First, many of the Windows desktops they're migrated are very old Windows versions like Windows 3.1, making the switch to Linux less painful (it would be equally painful to switch to XP). Gartner says the cost of switching to Linux will cost 30 million Euros, or 3 million Euros more than it would cost to switch to XP, not including any steep discounts Microsoft would have no doubt provided. And finally, because most of the Linux machines will use VMWare to run Windows anyway, Linux is really being used as a hosting environment, and not as a replacement. In other words, this isn't exactly a good business case on which other companies can base a decision to migrate to Windows desktops. And, not coincidentally, that's why we're not reading about a lot of other high-profile Linux switchers.

Yes, this is probably a biased site, but Slashdot can be sometimes, too. You can also read the Gartner article for more information. What do people think about this? Has anyone read any other articles about the VMWare situation? Do you really think this affects how Linux people should feel about the deal?

A positive outcome of this would be the complete and utter bankrupt of SCO.

I disagree. A threat to Linux is people being scared off by the lawsuit as happened to BSD (e.g. by Gartner) and I am pretty sure if SCO went bankrupt then another company could buy the remains and continue with the lawsuit.

It also contains interesting notes about due diligence to companies involved in open source development:

IS departments using Linux or other open-source code should have an internal process, possibly with advice from their legal departments, to perform due diligence (see Note 1) on the nature and origin of open-source code for possible infringement of patents. System administrators must be admonished to submit open-source code to inspection for potential violation of patents. An open-source quality assurance process should determine and approve allowable code for production systems. Such efforts may slow adoption of Linux in high-end production systems of critical applications.

(Note 1) Due Diligence Options

1. Name and reputation of source and origin of software code
2. Names of the contributors and developers
3. If outside libraries are included, the source of the code, its use and deployment
4. Checks with the Free Software Foundation on patent infringement claims
5. Negotiations for indemnification from liabilities, or support from the vendor
6. References and contacts

Well I missed this one today on slashdot:

Advise from Gartner:

The lawsuits against IBM and Linux users could take a year or more. Minimize Linux in complex, mission-critical systems until the merits of SCO's claims or any resulting judgments become clear.

SCOs Threat to Sue Linux Users Serious butRemote

The palm folks laughed but look at palms stock price now? It was $.80 a share the last time I looked! MS took over 75% of the market in less then 2 years!

According to this article from Gartner it's more like:
PalmOs: 55.2%
Windows CE (sic): 25.7%
That's as of January.

PC World has similar numbers:
PalmOS: 48.6%
Pocket PC: 30%
That's as of October.

What was your source of info again? And did you wash afterwards? ;-)

-chris

Sure it may look good on paper, but I wonder if these guys have thought about the opinion of the general public of Open Source/GNU/Linux etc.

I have been involved in the marketing (dirty word I know!) of software and hardware to non-technical people for a number of years. The consultancy group I work for numbers many of America's top blue-chip electronics and software corporations among its clients, I have over 11 years experience of marketing, and 4 years experience of software development (VB) and systems administration (NT 3.51), in addition to a marketing science qualification from one of America's top business schools - so it's safe to say that I know what I am talking about when it comes to computers and marketing.

I have been keeping an eye this forum for quite some time now, as part of my daily intelligence gathering, I find the robust exchange of views, and technical arguments make an interesting diversion from some of the other corporate bullshit I have to deal with in my working day. I also read corporate intelligence reports from the Gartner group, Forrester, the Meta group, and Olsen Online Business Intelligence Services. Slashdot has often proved to be far more accurate when it comes to the technical details,and I am often amazed at the incredible levels of intelligence and insight shown by its readership, some of whom demonstrate a knowledge of Linux and Operating systems far in advance of anyone I have ever met, even in the IS department of major corporations. For this reason, I feel I should contribute my 2c to the debate about the future direction of Linux and the whole Open Source movement in general.

I feel I can do my bit for the Open Source community by offering (free of charge) some of my hard-earned knowledge straight from the bloody trenches at the front-line of tech-Marketing. Normally I would be paid over $4000/day for my perspective, but Slashdot - this one's on me. You people can think of it as my small and unworthy attempt to "give something back" to the Community.

Why Linux/Open Source has an image problem in major US Corporations and what the community can do about it. Like any movment, political or religious, Open Source/Linux has its Leaders, High priests and Gurus. These high profile individuals represent the public face of the organization. Like it or not, these people are associated with the product in the eyes of the buying public. One of the first things the Linux movement must do in order to gain acceptence by middle-America and Joe-and-Jean Sixpack and their 2.4 kids, is to develop what we in the Marketing profession call a "Happy Face".

When Joe Sixpack drives past a McDonald's, he associates it with the smiling face of Ronald McDonald the clown,and quality food served quickly. When he is choosing a collect-call company, the smiling face of Al Bundy (of TV's Married with Children) springs to mind, and when he thinks of fried chicken in large capacity bucket-like containers, it is the image of the happy-go-lucky avuncular Colonel with his associations of good old Southern hospitality that sticks in his memory. (In marketing terms this is known as a "positive association". Because the image puts the consumer into a "buying-receptive" mental state).

Linux/Open Source lacks any kind of "Happy Face". Now this in itself is not a problem, were it not for the fact that Linux has several extremely high-profile advocates who are the exact opposite of "Happy Faces" in that they invite negative associations into the consumers head and put him/her into a state known by Marketers as "passive-aggressive sales-message rejection" (In layman's terms they don't

2003: Linux Desktop Myths (wonder when LWN will post something?)

So while we wait for LWN, here's my best shot:

Myth: Linux Will Be Less Expensive

Real Myth: Using free cross platform apps lowers the cost of Windows, therefore Linux offers no additional savings.

Myth: Linux Is Free

Real Myth: Microsoft includes support for licensed desktop windows. So to compare costs, you simply compare the license fees paid to Microsoft to the "enterprise support" fees paid to a company like Redhat. You can't compare "free" linux to license windows because of the support bundled with very licensed desktop windows.

Myth: Linux Means No Forced Upgrades

Real Myth: You will not be able to pay anyone else for provide support once it is no longer available from the original linux distributor, and you will not be able to support it in-house. The discontinuance of support is a "forced upgrade" as compelling (and legally binding) as a contract which requires upgrades to maintain discounted pricing.

Myth: Linux Management Is Easier

Real Myth: Users will still screw up their systems as they do with windows ('cause they'll all be running as root?)

Myth: Linux Has a Lower TCO

Real Myth: System admins can't manage linux well, because they also manage windows poorly (presumably because the two system are so similar and both similarly lacking built-in remote management)

Myth: Linux Means Longer Hardware Life

Real Myth: Older PCs require "expenditure" for [free] software upgrades at least one. Thus it would be less expensive to simply discard the hardware! (yet still "spend" for the software update). Likewise, keeping PCs longer means more different (all PC compatible) models will be present, which costs more to "support" than simply discaring those older PCs and buying new ones.

Myth: Skills Are Transferable

Real Myth: Your existing desktop support staff are old dogs who can't learn new tricks.

Sounds like the only research the Gartner Group did for this report was to call Microsoft, call RedHat, and find out what they do.

Hmmm, yes they only researched by calling Microsoft and RedHat. .... umm, perhaps not? What is your basis for that is? The overview? Since you obviously haven't read the full report, how can you say that?

They didn't even check. They didn't do a study of their own, they didn't talk to people who have done TCO studies of this [winface.com], or talk to Businesses who have already made the jump [bryanconsulting.com]. They looked at Windows, and they guessed.

Again do you KNOW they didn't do a study??? Just becuase it is not publically available you assume they didn't? The figures are only going to available to clients, since they are the ones who paid for them.

Also, from about Gartner. Gartner has 10,500 clients, 1,200 research analysts and consultants, in more than 90 locations worldwide. Fiscal 2001 revenue totaled $963 million. They have been around for 20 years. Bryan consulting started in 1999 and whilst they don't list it publicaly probably have only a about 3 consultants, if that. WinFace I have never even heard of but the website looks really professional, not! I also see little evidence they have done a 'comprehensive' Linux TCO study. Anyway, Let's do a Google link test:

sites linking to Gartner5,040!
sites linking to Bryan Consulting8!!
sites linking to WinFace.com0!!!

Call me stupid but I think most people in the IT industry are more likely to take the word of Gartner over Bryan Consulting or Winface.

And they charge $95 per copy for their uneducated guess.

The $95 is for the real report NOT this overview that you have read! Are you trolling or are you serious? I really don't know?

I'll leave you with one last thought. Admittadley, I can find no link to prove it (probably because it has been around such a long time) but when I learnt about IT I was told it was Gartner who invented the Term TCO.

People aren't applying the patches in spite of clear warnings.

Even if the patches worked, and even if it had been an old-style, slow worm, you can't patch fast enough. But it wasn't. Slammer reached saturation in 8.5 minutes. Most likely this story was a tidbit to draw fire away from the quarterly financial statement or from the DRM/Palladium stealth payload in Windows Server 2003 + Office 2003.

Sure folks may wish to run Microsoft products for ideological reasons, but there aren't any technical ones and now the market is changing. C*Os have figured out the OS X, RedHat, Mandrake, Debian, OpenBSD, etc. are much easier install and maintain than Windows Xp and far more flexible and secure -- both on the workstation and the server. Novell Netware should also be mentioned as excellent. C'mon when was the last time you heard of MS machine reaching an uptime of more than 200 days? That would be embarassingly short for QNX and Novell.

Microsoft has been to computing what Big Tobacco was to sports.

We have made a bet on Windows, and we believe that customers are getting value from the bet we made,'' said Houston, ``and we're going to continue doing what we've been doing for customers.

Is that so, Mr. Houston?

Here's a recent market share report. The top 4 (or 5 if you count hp/compaq seperately) have 41% of the market. That's probably not specific enough to tell whether or not the really smalls play a specific role but it does say that the really bigs don't overly dominate.

Do full backups weekly, store copies offsite. Incremental backups daily, copies offsite also. If you can afford it (or can't afford any downtime), have emergency backup hardware (enough for minimal operations) in an offsite storage facility. Old hardware that would otherwise be thrown out is good for this (remember, it's for an emergency). Have a supplier who can get replacement hardware to you in a hurry (so you can get off of those old 90 MHz Pentium servers).

The most vital part of the plan, after backups, is good insurance. If the building burns to the ground Monday morning, you want to be able to call the insurer Monday Noon, and have the check in hand Tuesday morning at the latest.

These recommendations do not cover disasters such as 767s flying into the building and killing all the sysops. Earthquakes dropping the building on the same. Etc. The people are the most important part of any company and, if too many of them are lost at once, the company probably is lost too.

Unless you have really good (and expensive)insurance which can provide enough funds for you to hire new people, get them trained, and keep the company solvent while you do so.

"[Allchin] later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."

Our products just aren't engineered for security.

Back to source, closed source will no longer enjoy the market it once had (why pay for work twice, thrice, etc.?) Right now new, profitable economic models are replacing the out-moded failing models in use by Microsoft. Despite this month's multi-million dollar campaign of ads and astroturfing, with people's attention now on security and TCO, the bottom would drop out of Microsoft's market if the code were accessible, even despite illegally leveraging their desktop monopoly.

Microsoft has just fallen too far behind in technology. Microsoft dropped the ball in regards to the Internet and has frittered away the time it needed to catch up. Arguments against using Macintosh or Linux usually center on retraining issues. However, heavy retraining occurred when migrating between Win3.11, WinNT, Win2000, and - for the chumps - WinXP. So if you have to retrain anyway, then why not go with something easier to both use and maintain like Macintosh OS X or Mandrake/Redhat?

When you consider the bizarre nature of the service pack EULAs, the migration to Macintosh or Linux should be the obvious choice

Gartner has a report of the Worldwide server market for the 3Q 2002 (which grew by 3.1%). Though Apple makes up 1.2% of the server market, their sales of servers increased 273.8% (they were 0.4% 3Q 2001). Seems the XServe is making a positive impression.

CMM = "Capability Maturity Model." It's a certification like ISO9000 but it's geared toward software development.

Here is a PDF file containing CMM level descriptions and probably more than you needed to know. If you don't like PDF then just search google for "capability maturity model".

The vast majority of software companies aren't even at CMM level 2. My company (a consulting firm) has been puruing CMM level 3 for a year now, and there is a LOT involved, we've had to change a lot of processes-- among them is having a formal QA process. U.S. government generally doesn't consider anybody below CMM level 3 when looking to outsource software... at least for high profile projects.

What they conveniently fail to mention is that they loathe the idea of releasing their source code, and that is why they hate the GPL. That is my theory.

-- Caron Carlson. "Allchin: Disclosure May Endanger U.S." EWeek. 13 May 2002.

Basically, Microsoft is so far behind in the security game that they have no realistic chance of catching up. IBM and others have already found ways to

make money from Free Software and Open Source Software. Their only chance is to use DRM and DRM legislation to lock users into a subscription model of pay per use/month/quarte/year/whatever not so much for the software, but for continued access to documents encoded in one of Microsofts proprietary and undocumented formats.

public signs that they are hurting

First off they've grown through acquisition rather than innovation. That business model pretty much guarantees that they'll drop like a stone after their zenith. Additionally, their income follows a few quarters behind the hardware manufacturers which have not yet bottomed out.

Since they turned an $18 bn loss in 1998, they've been found guilty of breaking federal law, specifically by violating the Sherman Antitrust Act. On the side, they admitted to and removed at least one backdoor in their relseased binaries, and without a code audit there is no way to confirm or deny the precense or absence of more. Even if a government or large enough consortium of corporations were to pay a code audit , the existing code meets neither privacy nor security requirements needed inside the U.S. Outside the U.S., specifically in Europe, privacy standards are much higher and there is not much chance that these problems will be addressed in the near future. These are the result of design flaws not typos. Patches can't fix this, only a rewrite can.

So there's more to say regarding DRM, software subscription, further leveraging the desktop monopoly+DRM, undocumented APIs, OEM tricks, and last but not least perpetual lock-in from the MS-Word and MS-Excel file formats + DRM. So far, Germany, China, Peru, Venezuela, India, Norway, Finland, and others have expressed doubts as to the wisdom of trying such experimental technology, which of what little has been examined has been found wanting.

Also their desktop markets are saturated. In the office suite, MS-Word 2.0 for windows and MS-Word 5 for Macintosh were good enough. Folks grudgingly went along with the newer versions as long as times were good. The Windows product line has come to near its end - Win2000 is good enough and few customer have deep enough pockets nor are there enough big chumps to go for License 6.0 that sneaks in with WinXP. Macintosh OS X gives you most of the commercial desktop applications that you will need, plus you have the added stability and ease of maintenance.

In the server room, any one that can read English is sticking with one of the *NIXes.

• Death of the Browser? (on Microsoft's site) and
  
• The Return of Client/Server -- or, at Least, Rich Clients
  

But first go see how Debate foams over SOAP 1.2 in the W3C working groups for XML, SOAP and Web Services.

It seems that Roy Fielding, one of the key architects of HTTP and a member of the W3C TAG (Technical Architecture Group), which essentially defines the principles of Web architecture inside the W3C, pointed out that the SOAP specification broke universally-accepted WWW protocols and would be unlikely to succeed. At the same time Fielding and others have pointed out that Web Services can easily be implemented today including all desired security and authentication by using current WWW protocols and by judicious use of what he calls a REST Architecture, a subset of the current WWW architecture.

Microsoft's plan is unlikely to work: the members of the involved working groups have realized that failure of SOAP to be consistent with WWW will doom it to failure because of the additional complexity and lack of scalability that would entail.

See also

• Paul Prescod's Home Page and especially the section "HTTP and REST" wherein he elucidates the subtleties of REST and how SOAP breaks the WWW. Prescod is one of the most vociferous and well-written supporters of the REST architectural style in the W3C working groups.
  
• A REST Tutorial for Roger Costello's brief but excellent introduction to Roy Fielding's REST and why it will be the basis for any viable Web Services architecture.
  
• Visit the REST Wiki to relax in an oasis of ideas that explains how Web Services can be implemented today in a manner
  
  • not as complex as the proprietary vendors and current and pending specifications of SOAP appear to require,
    
  • using the technology and tools you already know.

Finally, dive into the waters of the oasis and wash the SOAP off of your soul. Now pure of heart, make a pilgrimage to Tim Berners-Lee's Design Issues for the World Wide Web where you can

• re-examine the issues of the WWW,
  
• renew your commitment to doing things "the right way",
  
• revive your passion for excellence and
  
• remind yourself that indeed, sometimes "less is more."
  

I think you're wrong here, since Microsoft was always very, very good at feeling out the vibes of their customer base. The current perception in the marketplace is, that Microsofts security is beyond rotten. Since even the Gartner Group got on the bandwaggon, Microsoft seems to be scared shitless about that public perception.

The problem is the same as the sorcerers apprentice, who just can't get rid of the monsters anymore.

For years and years Microsoft has (overladden-) their products with features and bloat. They missed the internet entirely and when they realised their mistake they rushed an inherently insecure internet platform into the market and during all this time they didn't give a flying f*ck about security.

I agree, that Microsoft is an extremely arrogant company, that regards their customer base as cows to be milked and taken for a ride in every way possible.

The problem is that perception is changing and so they are frantically trying to restore trust; they can't let such glitches happen by purpose.

I think it's too late though to call the monsters back in and even worse:

It is my true conviction that any IT responsible on any level using IIS on new projects is guilty of gross negligence and incredible incompetence.

In a long-expected announcement, lead HURD developer Roland McGrath admitted, "We are no longer ... developing ... GNU Mach".

This comes as no surprise. The gartner group predicted a .8 probability that GNU would close up shop within the next 5 years, citing widescale adoption of Windows 2k, as well as competing free licenses such as BSD, artistic, and public domain.

I expect GNU CEO Richard Stalin to resign under heavy pressure within the next 2 months.

Yeah, isn't thet the guys that claimed that MS IIS5 was insecure?
Clueless bastards! My IIS has always been rock soli... bzzzrt...
*
*
*
Buffer Overflow...
This page has been hacked by the Chinese!

1. it usually takes a whole support team to install a geeks' workstation

1. Installation and maintenance requires 4-5 times the bandwidth a 'normal' OS would require

1. Linux was deliberately made completely incompatible and inoperatible with turnkey solutions like MS Exchange or MS SQL server. Investments in these products are therefore voided the minute you start rolling out Linux.

1. Applications developed in Perl or C, the languages of the linux community have proven to be slow,
2. unreliable, insecure and headaching complicated. Once developed and debugged, nobody is able to understand the code.

• All the 'geeks' wearing tux t-shirts are actually MIS support guys who are still studying for their MCSE exam.
  
• 'The screaming fast Linux machines at work' are actually refurbished workstations at a separated network segment, not allowed on the production network since every Linux (l)user seems to need nmap [insecure.org] to perform normal work-related computer operations.
  
• All the 'cool' Apache web servers are actually IIS machines with forged host headers. (yes, you can do that in IIS without recompiling anything. Heck, I lived for years without a C compiler and still do. )
  
  
• For the rare instance where a free UNIX is actually used in a production environment, management has smartened up and BSD is usually installed.

1. it usually takes a whole support team to install a geeks' workstation

1. Installation and maintenance requires 4-5 times the bandwidth a 'normal' OS would require

1. Linux was deliberately made completely incompatible and inoperatible with turnkey solutions like MS Exchange or MS SQL server. Investments in these products are therefore voided the minute you start rolling out Linux.

1. Applications developed in Perl or C, the languages of the linux community have proven to be slow,
2. unreliable, insecure and headaching complicated. Once developed and debugged, nobody is able to understand the code.

• All the 'geeks' wearing tux t-shirts are actually MIS support guys who are still studying for their MCSE exam.
  
• 'The screaming fast Linux machines at work' are actually refurbished workstations at a separated network segment, not allowed on the production network since every Linux (l)user seems to need nmap [insecure.org] to perform normal work-related computer operations.
  
• All the 'cool' Apache web servers are actually IIS machines with forged host headers. (yes, you can do that in IIS without recompiling anything. Heck, I lived for years without a C compiler and still do. )
  
  
• For the rare instance where a free UNIX is actually used in a production environment, management has smartened up and BSD is usually installed.

1. it usually takes a whole support team to install a geeks' workstation

1. Installation and maintenance requires 4-5 times the bandwidth a 'normal' OS would require

1. Linux was deliberately made completely incompatible and inoperatible with turnkey solutions like MS Exchange or MS SQL server. Investments in these products are therefore voided the minute you start rolling out Linux.

1. Applications developed in Perl or C, the languages of the linux community have proven to be slow,
2. unreliable, insecure and headaching complicated. Once developed and debugged, nobody is able to understand the code.

• All the 'geeks' wearing tux t-shirts are actually MIS support guys who are still studying for their MCSE exam.
  
• 'The screaming fast Linux machines at work' are actually refurbished workstations at a separated network segment, not allowed on the production network since every Linux (l)user seems to need nmap [insecure.org] to perform normal work-related computer operations.
  
• All the 'cool' Apache web servers are actually IIS machines with forged host headers. (yes, you can do that in IIS without recompiling anything. Heck, I lived for years without a C compiler and still do. )
  
  
• For the rare instance where a free UNIX is actually used in a production environment, management has smartened up and BSD is usually installed.

So, what are they supposed to use, a really big passwd file? OpenLDAP? Novell NDS? A big Oracle database? Why should we even care what the technology is, as long as it works?

Maybe because it doesn't work.

ever thought of that?

Unfortunately, all the Microsoft-hating government pawns around here seem to have missed the real point of the article.

This isn't just "Microsoft-Hating"
These are valid concerns...

There was a recent release by the Gartner Group that "Gartner believes that Oracle sales staff has inappropriately imposed extra licensing fees on some database customers." I guess this just furthers their case.

Okay, so your poor excuse for an example doesn't really work out. But even if you think that .NET is technologically superior to Java (which it clearly isn't, read Gartner if you don't want to take my word for it), there are other factors which should be considered when comparing the two platforms: Java is led by Sun, but is developed by a great many organizations, including IBM, Oracle, and even Apache, which represents the interests of the Open Source community. Propositions for development are opened for the developer community for comments, which means you can participate in developing the platform you use. Finally, software components that are built on top of Java (databases, messaging products, application servers, and many others) have standard APIs which are defined by the entire community, and each vendor can create an implementation of these APIs and compete with other vendors. You can see the effects of this happy coexistance in the application server markets, where you have WebLogic, IBM, Oracle, and JBoss all competing for market share. I'm not quite certain, but I'll assume you can figure out on your own what this competition does to product quality.

Compare this to the M$ world... One company, one product in each genre (COM+ as the app server, MSMQ as the messaging product), zero customer ability to change vendors, and bam!, you're locked in. If I'm not happy with IBM's MQSeries product, I can switch to another with zero code changes. I can even switch to an open source implementation if I'm so inclined. What to you do if MSMQ isn't everything you hoped it would be?

• There was a patch available months before CodeRed was even heard of, put people didn't install it, and now everyone points to CodeRed as the perfect example of MS vulnerability.

Yes! A perfect example. A perfect example of how difficult it is to keep up with the dizzying array of patches from Microsoft. Why, Microsoft can't even do it. Gartner advised customers to ditch IIS exactly because you can't patch fast enough.

Further, the Microsoft patches, available for a long time, cause other problems, and I quote:

Speaking of patches, I've read a couple of recent posts on the Bugtraq mailing list that indicate a problem might exist with the Microsoft patch listed in bulletin MS01-033. A few people have reported that after they installed the patch, their systems remain immune to Code Red infection. However, when an infected system attempts to connect to their system to infect it, several IIS services (e.g., FTP, the default Web site, the administrative Web site, and the proxy service) stop processing.

Please also be aware that what Microsoft is selling will only really sing when integrated with a bunch of other MS stuff. Not really a surprise, but when the average install bill comes to around $150k, you'll wish you knew in advance.

Note 2 - the MS solution is a mid-market one.

If you're looking at the MS solution, some reading at Forrester (Scorecard Summary: Microsoft's Content Management Server 2001) and Gartner (The Web Content Management Magic Quadrant for 2001, Web Content Management: Software Comparison Columns) will definitely be worthwhile. If you're spending $150k+ on a system, $95 for an analysis of it is fairly cheap.

Please also be aware that what Microsoft is selling will only really sing when integrated with a bunch of other MS stuff. Not really a surprise, but when the average install bill comes to around $150k, you'll wish you knew in advance.

Note 2 - the MS solution is a mid-market one.

If you're looking at the MS solution, some reading at Forrester (Scorecard Summary: Microsoft's Content Management Server 2001) and Gartner (The Web Content Management Magic Quadrant for 2001, Web Content Management: Software Comparison Columns) will definitely be worthwhile. If you're spending $150k+ on a system, $95 for an analysis of it is fairly cheap.

Gartner has a brief analysis of StarOffice's viability in the corporate work place.

They see it as a potential replacement for non-power users. I their analysis, they anticipate a retail price of $100 and licensing at $25 - $75. The key to the savings that could be made seems to be Microsoft's recent changes to volume licensing. Some firms, according to Gartner, are about to see their Office license costs double.

Gartner's iffy prediction (0.6 rating) is that Star Office will take over 10% of Microsoft's Office market unless Microsoft make significant changes to their price structure.

There has been alot of commentary on this subject. The Gartner group put out this commentary about the "Tech Wreck" coming to the SF Bay area.

They claim that a city will do well if they install a broadband communications network that connects citizens, local businesses and the global marketplace.

I think that the obvious solution to this may be Telecomutting See this link for more info

Contrary to much popular belief, a good data recovery contingency (off-site back-ups, etc...) is only half of a sound DRP. When it comes to recovering from a cataclysmic disaster of this nature - the second, and equally critical component of a well thought out DRP is an all-inclusive BCP (Business Continuation Plan)...

Without this vital aspect, companies such as Deutsche Bank (who were ravaged by the WTC disaster on 9/11), would have been down for days/weeks while attempting to relocate, rebuild and restore their data center operations...

I, for instance, work at a rather large, international fortune 500 company and we have BCP strategies that include a complete off-site location. This facility houses fail-over systems for all business critical processes including a 1.2 terabyte, mirrored SAP database that can go online within minutes notice, and a phone bank/workstations for our 50+ CSR's (customer service reps) and our global helpdesk. Even more, we frequently (twice yearly) perform non-production drills to validate the systems health and improve upon our strategies...

This is obviously a bit late for you, but I would suggest reading up on the matter a bit more thoroughly prior to redesigning your future systems and developing your next DRP...

Gartner Group is a company that claims to provide forward seeing information to companies. You would think that a requirement for this would be an unbiased evaluation of alternatives.

I am not sure how they can say things like the following and still claim to have a clear view of what is happening let alone what will happen.

"So far, Linux holds only a slight market share compared with Microsoft's offerings and represents a sensible deployment platform only in certain environments, such as entry-level and edge-of-network server implementations. For mission-critical functions, Linux still needs to catch up..."

At my work and a number of places I am aware of, mission critical applications run on Linux and typically work so well they get little visibility.

The commoditization of software built using the open source model is a large threat to Microsoft's and other closed source software companies business models. I suspect that Microsoft buys a large number of reports from Gartner Group and they are careful to say things that sound good to their customers.

Just a guess: Gartner. Shame it ain't attributed.

Culp's plan would not have made any difference in these situations - he does not suggest that security vulnerabilities should not be talked about (in the useful manner they were in the case of the vulnerabilities behind Nimda/Code Red), and he doesn't provide a solution that would make admins listen.

Read that first paragraph again. Culp claims we (the security community) assisted the criminals who wrote and released CodeRed, Nimda, etc. How did we do this? By releasing information about the vulnerabilities in full disclosure forums? Culp would like us to associate the bad of CodeRed and Nimda with full disclosure. Fact is, MS is taking a lot of heat for these worms and is trying to make a scape goat out of full disclosure. After all, we don't expect Culp and MicroSoft to take responsibility for these "holes", do we?

However I tried to triple boot with Windows 98 so I can use a cheap video grabber card--my advice is DON'T EVEN TRY to install Win98 on this board. Mine installed fine but would not boot Win98.

Placing the heatsink/fans on the CPUs was kind of tricky. I had 2mm of clearance between my heatsink/fan of choice and the single row of capacitors on the board. If the caps didn't wiggle I wouldn't have been able to install the heatsink/fans.

I found humor on the inside cover of the manual. I was pleased to see in print that this motherboard is certified for *both* Win2k and RH 7.1. However that textual note was marked with an asterisk to the effect:

This Tyan board is fully supported by Red Hat 7.1; however Tyan is not responsible if Red Hat no longer continues to support Red Hat 7.1.

Also, a warning. If you choose to install 1 Gb or so of ECC, registered memory, then booting takes a long time. There's some kind of POST that occurs for this kind of memory that delays my boot by like 30 seconds.

Finally, I just want to say that SMP is no magic bullet. For my purposes this board is fabulous. But in fact, some applications run more slowly on a dual CPU system. For example, any given single threaded program (read: first person shooter) will take a hit, say 2-5% of its speed. Your application has to use multiple threads to take advantage of this environment. Of course you can run more processes, that's nice.

You can judge for yourself if this is a good board for you. Look at the reviews for the Tyan Thunder K7, I feel they apply to the Tiger when it comes to processor performance. You can find review for that board here and here

"According to this article Microsoft is responding to the Gartner Report which recommends that enterprises drop IIS by claiming unfair targeting due to their popularity."

According to The Register, their reaction also includes the following:

Microsoft has been stung into action by Gartner security analyst John Pescatore's conclusion that businesses should ditch IIS - the Beast's own web server - for safer alternatives.

Redmond is telling its sales channel that a rewrite of IIS is underway for version 6.0, and will introduce interim security measures along the lines of the lock-down utility, because, it says, "we also realize customers cannot wait that long." (...)

The comments are in a bulletin sent to its sales staff and resellers, and seen by The Register. (...)

I also posted this question in connection with the Gartner Group's report which recommends moving off IIS.

The article on Yahoo! appears to be a report based on--turn off JavaScript before you go--this press release from Gartner.

The press release isn't much more detailed, as it is a teaser for a Gartner symposium in October.

It does mention Amazon, but for the most part is framed as a battle between AOL and Microsoft over instant messaging clients.

Here are some relevent links:

An Opinion from OsOpinion
The Gartner Report Itself

--Volrath50

Now I know why. This guy is the opposite of the Microsoft FUD-bunnies that /. readers have grown to loathe. He's trying to scare us, for God know's what reason, into believing MS is going to take over the world. I'm guessing his intent is political in nature, maybe just a way of saying, "Hah you idiots, you voted Bush in, now Microsoft is going to take over."

He couldn't be furhur from the truth.

"The market for Windows servers grew 32 percent this year, while sales of servers running Unix grew only 14 percent."

Yeah, that's great Jon. Unix *is* a dying OS. *Linux* on the other hand was stated in that statistic to be what percent? Oh wait, you didn't include it. Not to mention including the source for that statistic, which would help those of us that have statistics saying NT isn't doing all that well.

Also, what about machines that are bought from Compaq (leader in server sales) and then formatted with a new OS? A number of times they *come* with NT.

Where will Linux be? Studies show a projected 10% growth for 2001.

So anyway, please take what Jon has to say with a grain of salt. He's got no legitimate reason for wanting to spread FUD.

Nope. I've checked both here and AT&T's site (see below) for the actual releases and I can't find anything.

:) FreeBSD is the system of choice for high performance network applications. FreeBSD will outperform other systems when running on equivalent hardware. The largest and busiest public server on the Internet, at ftp.cdrom.com, uses FreeBSD to serve more than 800GB/day of downloads. FreeBSD is used by Yahoo, USWest, Xoom.com and many others as their main server OS because of its ability to handle heavy network traffic with high performance and rock stable reliability.

:| Linux performs well for most applications, however the performance is not optimal under heavy network load. The network performance of Linux is 20-30% below the capacity of FreeBSD running on the same hardware as Linux. As long as you are not trying to squeeze the last ounce of performance out of your hardware, or performing mission critical transactions, Linux is a very good choice for a server OS.

:( Windows NT is adequate for routine desktop apps, but it is unable to handle heavy network loads. A few organizations try to make it work as an Internet server. For instance, barnesandnoble.com uses Windows-NT, as can be verifyed by the error messages that their webserver produces, such as this recent example: Error Message: [Microsoft][ODBC SQL Server Driver][SQL Server]Can't allocate space for object 'queryHistory' in database 'web' because the 'default' segment is full. For their own "Hotmail" Internet servers, Microsoft uses FreeBSD.

• For File and Print services, according to independent tests conducted by PC Week Labs, the Windows NT 4.0 operating system delivers 52 percent better performance on a single processor system and 110 percent better performance on a 4-way system than similarly configured single processor and 4-way Linux/SAMBA systems.
• For Web servers, the same PC Week tests showed Windows NT 4.0 with Internet Information Server 4.0 delivers 41 percent better performance on a single processor system and 125 percent better performance on a 4-way system than Linux and Apache.
• For e-commerce workloads using secure sockets (SSL), recent PC Magazine tests showed Windows NT 4.0 with Internet Information Server 4.0 delivers approximately five times the performance provided by Linux and Stronghold.
• For transaction-orientated Line of Business applications, Windows NT 4.0 has achieved a result of 40,368 tpmC at a cost of $18.46 per transaction on a Compaq 8-Way Pentium III XEON processor-based system. This industry leading price/performance result from the Transaction Processing Performance Council (TPC) clearly shows how Windows NT can deliver world-class performance for heavy duty transaction processing. It's interesting to note that there is not a single TPC result on any database running on Linux, and therefore Linux has yet to demonstrate their capabilities as a database server.
• Linux performance and scalability is architecturally limited in the 2.2 Kernel. Linux only supports 2 gigabytes (GB) of RAM on the x86 architecture,1 compared to 4 GB for Windows NT 4.0. The largest file size Linux supports is 2 GB versus 16 terabytes (TB) for Windows NT 4.0. The Linux SWAP file is limited to 128 MB. In addition, Linux does not support many of the modern operating system features that Windows NT 4.0 has pioneered such as asynchronous I/O, completion ports, and fine-grained kernel locks. These architecture constraints limit the ability of Linux to scale well past two processors.
• The Linux community continues to promise major SMP and performance improvements. They have been promising these since the development of the 2.0 Kernel in 1996. Delivering a scalable system is a complex task and it's not clear that the Linux community can solve these issues easily or quickly. As D. H. Brown Associates noted in a recent technical report,2 the Linux 2.2 Kernel remains in the early stages of providing a tuned SMP kernel.

• Windows NT 4.0 has been proven in demanding customer environments to be a reliable operating system. Customers such as Barnes and Noble, The Boeing Company, Chicago Stock Exchange, Dell Computer, Nasdaq and many others run mission-critical applications on Windows NT 4.0.
• Linux lacks a commercial quality Journaling File System. This means that in the event of a system failure (such as a power outage) data loss or corruption is possible. In any event, the system must check the integrity of the file system during system restart, a process that will likely consume an extended amount of time, especially on large volumes and may require manual intervention to reconstruct the file system.
• There are no commercially proven clustering technologies to provide High Availability for Linux. The Linux community may point to numerous projects and small companies that are aiming to deliver High Availability functionality. D. H. Brown recently noted that these offerings remain immature and largely unproven in the demanding business world.
• There are no OEMs that provide uptime guarantees for Linux, unlike Windows NT where Compaq, Data General, Hewlett-Packard, IBM, and Unisys provide 99.9 percent system-level uptime guarantees for Windows NT-based servers.

• The cost of the operating system is only a small percentage of the overall total cost of ownership (TCO). In general Windows NT has proven to have a lower cost of ownership than UNIX. Previous studies have shown that Windows NT has 37 percent lower TCO than UNIX. There is no reason to believe that Linux is significantly different than other versions of UNIX when it comes to TCO.
• The very definition of Linux as an Open Software effort means that commercial companies like Red Hat will make money by charging for services. Therefore, commercial support services for Linux will be fee-based and will likely be priced at a premium. These costs have to be factored into the total cost model.
• Linux is a UNIX-like operating system and is therefore complex to configure and manage. Existing UNIX users may find the transition to Linux easier but administrators for existing Windows®-based or Novell environments will find it more difficult to handle the complexity of Linux. This retraining will add significant costs to Linux deployments.
• Linux is a higher risk option than Windows NT. For example how many certified engineers are there for Linux? How easy is it to find skilled development and support people for Linux? Who performs end-to-end testing for Linux-based solutions? These factors and more need to be taken into account when choosing a platform for your business.

• Linux only provides access controls for files and directories. In contrast, every object in Windows NT, from files to operating system data structures, has an access control list and its use can be regulated as appropriate.
• Linux security is all-or-nothing. Administrators cannot delegate administrative privileges: a user who needs any administrative capability must be made a full administrator, which compromises best security practices. In contrast, Windows NT allows an administrator to delegate privileges at an exceptionally fine-grained level.
• Linux has not supported key security accreditation standards. Every member of the Windows NT family since Windows NT 3.5 has been evaluated at either a C2 level under the U.S. Government's evaluation process or at a C2-equivalent level under the British Government's ITSEC process. In contrast, no Linux products are listed on the U.S. Government's evaluated product list.
• Linux system administrators must spend huge amounts of time understanding the latest Linux bugs and determining what to do about them. This is made complex due to the fact that there isn't a central location for security issues to be reported and fixed. In contrast Microsoft provides a single security repository for notification and fixes of security related issues.
• Configuring Linux security requires an administrator to be an expert in the intricacies of the operating system and how components interact. Misconfigure any part of the operating system and the system could be vulnerable to attack. Windows NT security is easy to set up and administer with tools such as the Security Configuration Editor.

• Linux does not provide support for the broad range of hardware in use today; Windows NT 4.0 currently supports over 39,000 systems and devices on the Hardware Compatibility List. Linux does not support important ease-of-use technologies such as Plug and Play, USB, and Power Management
• The complexity of the Linux operating system and cumbersome nature of the existing GUIs would make retraining end-users a huge undertaking and would add significant cost
• Linux application support is very limited, meaning that customers end up having to build their own horizontal and vertical applications. A recent report from Forrester Research highlighted the fact that today 93 percent of enterprise ISVs develop applications for Windows NT, while only 13 percent develop for Linux.3

• Nasdaq
• Barnes & Noble
• Dell Computer Corp
• The Boeing Company
• Chicago Stock Exchange

• Will Linux Be Viable Competition for Windows Desktops?
  "While we do not view Linux as a serious competitor for Microsoft at the desktop, Linux will not disappear from the computing landscape through 2004."
• 1999 OS Forecast: The Linux Face-Off
  "While Linux will have important niche roles, it will not gain broad acceptance as a substitute for Unix and Windows in the enterprise in the near term."
• Red Hat's Future: Boxed In
  "We examine Red Hat's prospects for success in the Linux market and why its future success is not a foregone conclusion, despite the successful IPO."