Slashdot Mirror
YA Microsoft Linux Screed
"Microsoft Windows has better security than Linux out of the box" is my favorite line -- but there are many other good ones, find them and trade them with your friends -- in the polemic
"Linux in Retail and Hospitality."
This is actually from February apparently, but c't and
LinuxToday
have called attention to it. If you don't feel like reading their .doc file (I'm still looking for a robust .doc reader that doesn't suck), the IGLU LUG comes to your rescue with
their HTML version.
This is about using Linux in point-of-sale systems, in case you were wondering what POS stands for.
"Open source" means that anyone can get a copy of the source code. Developers can find security weaknesses very easily with Linux. The same is not true with Microsoft Windows.
</Quote>
It's possible they meant to say hackers/crackers but this Freudian Slip was wonderful for me
--= Isn't it surprising how badly I spell ?
Retail environments, at least most of the ones I've dealt with, don't generally buy an off-the-shelf PC and then select their POS software. They buy a full system - and they usually buy it from a company that specializes in retail systems integration. A lot of them don't know what the underlying system is and don't care, so long as it works well and saves them money.
The vast majority of these machines are not going to be Internet-connected in any way at all, and are not readily accessible to script kiddies in the first place. Chains will use either low-speed frame relay lines or dial-up to report numbers back to HQ, not an Internet connection. They also don't need "support for all sorts of devices", just the ones that are sold with the system in the first place. I don't need half a dozen different credit card slip printers - just one good, working, reasonably priced one. And I'd buy them in bulk for each terminal. A lot of how Windows became such a blivet to begin with was by having to support everything under the sun.
I mean, that's an argument that was used against Apple for years by the Windows minions - Windows had (at least, before Office became pretty much the only alternative) dozens of available word processors and spreadsheets, and the Mac (read today as "Linux") only had (has) a handful. OK, this may be true, but how many do you need at once? I'd rather have one good word processor on my platform of choice, for instance, than a dozen crappy ones. POS systems are even more of the same - when a register is booted it generally runs nothing but that app. The distro of Linux isn't even relevant - it'll be customized to the maximum possible and stripped of anything that can increase support work.
While not exactly FUD, this whitepaper mainly fights a war that retailers don't care about. And a lot of the "main street" type businesses that might buy off-the-shelf POSware aren't going to be caring about Microsoft's message because they don't even research it far enough.
Heck, there's even thriving Mac POS vendors - there's enough room for everybody. Too bad Microsoft doesn't appear to understand it. They must be more threatened than I thought.
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
There have been few times when I wished I had moderator points more. Moderators: A post should only be judged insightful if you KNOW that it is. YHBT YHL HAND.
But so have I.
This is not a rant against the parent post, it's a troll. This is a rant against stupid moderators.
setup scripts, and do some last minute checking on up2date daemons
OK, besides the fact that up2date is a Red Hat Linux specific feature, connecting any system to the internet without looking at the services that run at startup time and applying errata/service packs is extrememly irresponsible and arrogant. Windows NT is worse than good UNIX systems in this respect, because just about everything is *on* by default, and many of those services are exploitable, or need good hard configuring not to be.
admins all use windows95 on their system at home
I don't know ANY admins that use Win95 on their home systems (or 98, or ME). At least none who have one clue what they're doing. The resemblance between Win95 and WinNT is totally superficial. There is nothing even related to administration of an NT server that you can practice on a Win95 box. Win95 doesn't have features as basic as file permissions or services. The only thing you can practice on Win95 is point and click.
I still do not know how to lock the ports below 1024 like redhat linux does
Every UNIX I know of does this by default. It's a feature of the kernel, and not something that you have to DO.
NT is quite secure but not really stable
And in the breath before, suggesting to visit Bugtraq to check the bugs in each. Look at the number of hacks per OS (I beleive that attrition.org keeps track of that sort of thing), and you will see that NT has a disproportionally large number of breakins. Although they are not the most commonly used servers, they are the most frequently hacked. Repeat after me: security is not a feature, it's a process. Your security lies not in your OS, it's in your admin.
You average linux distro out of the box will have just about every known service running (ftp http telnet, etc etc).
:)
Uhh...what's your "average" Linux distro? Mandrake 8.0 will warn you that it installs every service by default, but will allow you to opt out of this. 'Sides, if you don't want the service running, then just don't install the service to begin with.
*Nothing* is secure out of the box. This deserves repeating. *Nothing* is secure out of the box. Really. Good security requires tweaking the system -- any system -- for your particular situation. Being Open Source, Linux is definitely the most tweakable of the two choices. And if you want a truly secure system from a networking standpoint, heck, just unplug it from any unsecure networks. (this would include the Internet).
And Microsoft operating systems are very secure. Provided you follow instructions and leave the power switch on the machine in the "off" position.
My journal has hot
MS has a huge percentage of the hospitality industry. A lot of people don't realize that most hotels are franchised, owned by individuals (or companies). Hampton Inns, for example, aren't all owned by the same people. However, they have to choose whatever front office system is mandated by the franchise office, because they have to use the same back end reporting.
Whenever a desk clerk checks you in at a Hampton Inn, for example, they're using exactly the same system no matter which Hampton Inn it is. A lot of the franchises write their own front office systems, and MS dominates those systems:
Holiday Inn - mostly *nix
Choice Hotels (Comfort/Quality/Econo) - Windows NT
Hampton Inn - Win95/NT wkstations, *nix back end
Fairfield Inn - Win95/NT
Days Inn - Linux (woohoo!)
There's a catch with the Days Inn system, though. They really broke tradition when they picked Linux, but unfortunately, they picked a bad rollout time (just-prior-to-12/31/1999) and didn't do enough beta testing. The Y2k problem completely wiped out all hotel receivables. All your direct bill records were toast. The implementation was so bad, in fact, that the system's name of "PowerUp" turned into a nickname of "PowerDown".
The hoteliers rebelled, turning the franchise meeting into a yelling match. Nobody wanted the system, and everybody said Linux sucked. It wasn't that Linux actually sucked, of course, it was just that the program was so inherently bad.
The Windows systems, on the other hand, have been rolled out with mostly good reviews. They were deployed on killer hardware (almost everybody mandates Dell workstations) instead of cheap clones, and they got lavish training manuals and videos. It's been a case of throwing money at the problem vs. trying to cut corners, and the Linux camp came out looking rather rough.
Anyway, the next time you go to a hotel, peek your head over the front desk and take a look at what they're using to check you in. You might be surprised. (Then again, you could stay at Days Inn just to support Linux!)
What's your damage, Heather?
But then you say that POS means "Point of Sale". I always thought it meant something else.
The paper contains some valid points - and some points that are only partially valid.
.IDC and .HTX files BY DEFAULT? I don't think so. For all the 'wizard' based approach of MS stuff, I'd have thought they'd have been able to give you a few installtion options besides 'typical' and 'custom'. Follow that up with the ".printer" ISAPI filter installed by default with IIS5/Win2K and the recent exploit. BY DEFAULT, a typical installation is not secure, imo. I've no doubt they CAN be secure - I've seen some, but it often takes extra hardware and learning time. READ- it's not 'free', and translates into a higher TCO than MS would have you believe. Possibly higher than Linux. :)
Lack of drivers - this is and will continue to be a problem for Linux - and any non-Windows systems. They're specifically talking about the retail industry. Custom cash registers, scanners/bar code readers, etc. Until 'niche' device manufacturers release their hardware specs, the Linux camp will always be behind schedule. If reverse-engineering legislation was created to 'protect' device manufacturers, people might not even legally be allowed to write drivers for Linux, even if it would be a net increase in sales to the manufacturer.
Dev tools - this one is always coming along, I know, but there aren't many big name flashy dev tools for Linux. Yes, I know, they generally aren't needed, but this is a perception case which may never be won. Mid-level managers can at least *look* at MSVS, and get an idea of what's going on when they look over the shoulder of their developers. Looking at someone in vi just isn't as interesting. Again - this is perception we're talking about. Doesn't matter if I can do something in 5 minutes that takes an MSVS user 2 hours - perception will be that it's 'easier' to program for Windows, at least in most peoples' minds (generally the people who AREN'T doing the coding!)
Compatibility - I've lost track of how many cool looking apps I download from freshmeat or sourceforge that simply won't compile. I've had stock RH5.2, 6.1, Slackware, Suse, Mandrake and Caldera installs. They've ALL had problems running stuff. DEVELOPERS - either TEST your stuff on stock installs, or GIVE EXPLICIT instructions about how it was compiled. You will reduce frustration time (and possible tossing of Linux altogether) if people are at least clued in about if it's their fault or your code's fault if it doesn't compile/work right.
LESS SECURE - Windows itself may be secure, but a network app like IIS surely isn't that secure 'by default'. Installations in 1999 STILL being set to parse
Increased development costs - red herring, imo. "Since there are not large numbers of developers familiar with Linux development already, you will have to spend some extra money getting them the training they need. "
I don't think there are too many companies yet clamoring to jump into linux based on management directives. Management may approve, but the push for Linux seems to come from the ground troops - developers. This may change over time, but right now, there won't be many developers choosing/asking/begging to work on a system they don't understand. Conclusion: any company embracing linux is most likely doing so at the behest of their developers, and as such, 'increased labor/training costs' is a non-issue. They're already (at least mostly) trained, either from other projects or self-taught.
BTW - Was this a translated document? What the heck does "Microsoft is also driving better security with its customers than Linux is doing" mean?
creation science book
"I'm still looking for a robust .doc reader that doesn't suck"
Try StarOffice
~sabine
Given how many people seem to have interpreted `pos', I think I like this line:
"Retailers typically stay with their POS systems for years because of the costs that can be involved in upgrading thousands of terminal devices to a new environment." Suddenly the reason for using Windows becomes obvious...
Molf